mirror of
https://github.com/nextcloud/server.git
synced 2026-02-18 18:28:50 -05:00
fix(encryption): do not setup filesystem without permissions
If the current request does not have permissions for the filesystem we must not try to setup the filesystem. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
This commit is contained in:
Ferdinand Thiessen
parent
61418e7251
commit
7cc3c1f669
2 changed files with 47 additions and 0 deletions
|
|
@ -21,6 +21,7 @@ use OCP\EventDispatcher\IEventListener;
|
|||
use OCP\IUser;
|
||||
use OCP\IUserManager;
|
||||
use OCP\IUserSession;
|
||||
use OCP\Lockdown\ILockdownManager;
|
||||
use OCP\User\Events\BeforePasswordUpdatedEvent;
|
||||
use OCP\User\Events\PasswordUpdatedEvent;
|
||||
use OCP\User\Events\UserCreatedEvent;
|
||||
|
|
@ -43,6 +44,7 @@ class UserEventsListener implements IEventListener {
|
|||
private IUserSession $userSession,
|
||||
private SetupManager $setupManager,
|
||||
private PassphraseService $passphraseService,
|
||||
private ILockdownManager $lockdownManager,
|
||||
) {
|
||||
}
|
||||
|
||||
|
|
@ -70,6 +72,11 @@ class UserEventsListener implements IEventListener {
|
|||
* Startup encryption backend upon user login
|
||||
*/
|
||||
private function onUserLogin(IUser $user, ?string $password): void {
|
||||
// Do not try to setup filesystem if the current request does not have permissions to access it
|
||||
if (!$this->lockdownManager->canAccessFilesystem()) {
|
||||
return;
|
||||
}
|
||||
|
||||
// ensure filesystem is loaded
|
||||
$this->setupManager->setupForUser($user);
|
||||
if ($this->util->isMasterKeyEnabled() === false) {
|
||||
|
|
|
|||
|
|
@ -20,6 +20,7 @@ use OCA\Encryption\Util;
|
|||
use OCP\IUser;
|
||||
use OCP\IUserManager;
|
||||
use OCP\IUserSession;
|
||||
use OCP\Lockdown\ILockdownManager;
|
||||
use OCP\User\Events\BeforePasswordUpdatedEvent;
|
||||
use OCP\User\Events\PasswordUpdatedEvent;
|
||||
use OCP\User\Events\UserCreatedEvent;
|
||||
|
|
@ -41,6 +42,7 @@ class UserEventsListenersTest extends TestCase {
|
|||
protected IUserManager&MockObject $userManager;
|
||||
protected IUserSession&MockObject $userSession;
|
||||
protected SetupManager&MockObject $setupManager;
|
||||
protected ILockdownManager&MockObject $lockdownManager;
|
||||
protected PassphraseService&MockObject $passphraseService;
|
||||
|
||||
protected UserEventsListener $instance;
|
||||
|
|
@ -55,6 +57,7 @@ class UserEventsListenersTest extends TestCase {
|
|||
$this->userManager = $this->createMock(IUserManager::class);
|
||||
$this->userSession = $this->createMock(IUserSession::class);
|
||||
$this->setupManager = $this->createMock(SetupManager::class);
|
||||
$this->lockdownManager = $this->createMock(ILockdownManager::class);
|
||||
$this->passphraseService = $this->createMock(PassphraseService::class);
|
||||
|
||||
$this->instance = new UserEventsListener(
|
||||
|
|
@ -66,10 +69,14 @@ class UserEventsListenersTest extends TestCase {
|
|||
$this->userSession,
|
||||
$this->setupManager,
|
||||
$this->passphraseService,
|
||||
$this->lockdownManager,
|
||||
);
|
||||
}
|
||||
|
||||
public function testLogin(): void {
|
||||
$this->lockdownManager->expects(self::once())
|
||||
->method('canAccessFilesystem')
|
||||
->willReturn(true);
|
||||
$this->userSetup->expects(self::once())
|
||||
->method('setupUser')
|
||||
->willReturn(true);
|
||||
|
|
@ -96,6 +103,9 @@ class UserEventsListenersTest extends TestCase {
|
|||
}
|
||||
|
||||
public function testLoginMasterKey(): void {
|
||||
$this->lockdownManager->expects(self::once())
|
||||
->method('canAccessFilesystem')
|
||||
->willReturn(true);
|
||||
$this->util->method('isMasterKeyEnabled')->willReturn(true);
|
||||
|
||||
$this->userSetup->expects(self::never())
|
||||
|
|
@ -121,6 +131,36 @@ class UserEventsListenersTest extends TestCase {
|
|||
$this->instance->handle($event);
|
||||
}
|
||||
|
||||
public function testLoginNoFilesystemAccess(): void {
|
||||
$this->lockdownManager->expects(self::once())
|
||||
->method('canAccessFilesystem')
|
||||
->willReturn(false);
|
||||
|
||||
$this->userSetup->expects(self::never())
|
||||
->method('setupUser');
|
||||
|
||||
$this->setupManager->expects(self::never())
|
||||
->method('setupForUser');
|
||||
|
||||
$this->keyManager->expects(self::never())
|
||||
->method('init');
|
||||
|
||||
$user = $this->createMock(IUser::class);
|
||||
$user->expects(self::any())
|
||||
->method('getUID')
|
||||
->willReturn('testUser');
|
||||
|
||||
$event = $this->createMock(UserLoggedInEvent::class);
|
||||
$event->expects(self::atLeastOnce())
|
||||
->method('getUser')
|
||||
->willReturn($user);
|
||||
$event->expects(self::atLeastOnce())
|
||||
->method('getPassword')
|
||||
->willReturn('password');
|
||||
|
||||
$this->instance->handle($event);
|
||||
}
|
||||
|
||||
public function testLogout(): void {
|
||||
$this->session->expects(self::once())
|
||||
->method('clear');
|
||||
|
|
|
|||
Loading…
Reference in a new issue