mirror of
https://github.com/nextcloud/server.git
synced 2026-04-20 22:00:39 -04:00
[wip] make encryption work with public gallery sharing
This commit is contained in:
Bjoern Schiessle
parent
30b8f4ec8e
commit
c5cb4206f5
5 changed files with 65 additions and 56 deletions
|
|
@ -225,10 +225,7 @@ class Helper {
|
|||
* @return bool
|
||||
*/
|
||||
public static function isPublicAccess() {
|
||||
if (\OCP\USER::getUser() === false
|
||||
|| (isset($_GET['service']) && $_GET['service'] == 'files'
|
||||
&& isset($_GET['t']))
|
||||
) {
|
||||
if (\OCP\USER::getUser() === false) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
|
|
@ -255,6 +252,35 @@ class Helper {
|
|||
return $relPath;
|
||||
}
|
||||
|
||||
public static function getUser($path) {
|
||||
|
||||
$user = \OCP\User::getUser();
|
||||
|
||||
// if we are logged in, than we return the userid
|
||||
if ($user) {
|
||||
return $user;
|
||||
}
|
||||
|
||||
// if no user is logged in we try to access a publically shared files.
|
||||
// In this case we need to try to get the user from the path
|
||||
|
||||
$trimmed = ltrim($path, '/');
|
||||
$split = explode('/', $trimmed);
|
||||
|
||||
// it is not a file relative to data/user/files
|
||||
if (count($split) < 2 || $split[1] !== 'files') {
|
||||
return false;
|
||||
}
|
||||
|
||||
$user = $split[0];
|
||||
|
||||
if (\OCP\User::userExists($user)) {
|
||||
return $user;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief get path to the correspondig file in data/user/files if path points
|
||||
* to a version or to a file in cache
|
||||
|
|
|
|||
|
|
@ -172,16 +172,14 @@ class Keymanager {
|
|||
/**
|
||||
* @brief retrieve keyfile for an encrypted file
|
||||
* @param \OC_FilesystemView $view
|
||||
* @param $userId
|
||||
* @param \OCA\Encryption\Util $util
|
||||
* @param $filePath
|
||||
* @internal param \OCA\Encryption\file $string name
|
||||
* @return string file key or false
|
||||
* @note The keyfile returned is asymmetrically encrypted. Decryption
|
||||
* of the keyfile must be performed by client code
|
||||
*/
|
||||
public static function getFileKey(\OC_FilesystemView $view, $userId, $filePath) {
|
||||
|
||||
$util = new Util($view, \OCP\User::getUser());
|
||||
public static function getFileKey(\OC_FilesystemView $view, $util, $filePath) {
|
||||
|
||||
list($owner, $filename) = $util->getUidAndFilename($filePath);
|
||||
$filename = Helper::stripPartialFileExtension($filename);
|
||||
|
|
@ -364,21 +362,19 @@ class Keymanager {
|
|||
* @brief retrieve shareKey for an encrypted file
|
||||
* @param \OC_FilesystemView $view
|
||||
* @param string $userId
|
||||
* @param \OCA\Encryption\Util $util
|
||||
* @param string $filePath
|
||||
* @internal param \OCA\Encryption\file $string name
|
||||
* @return string file key or false
|
||||
* @note The sharekey returned is encrypted. Decryption
|
||||
* of the keyfile must be performed by client code
|
||||
*/
|
||||
public static function getShareKey(\OC_FilesystemView $view, $userId, $filePath) {
|
||||
public static function getShareKey(\OC_FilesystemView $view, $userId, $util, $filePath) {
|
||||
|
||||
// try reusing key file if part file
|
||||
$proxyStatus = \OC_FileProxy::$enabled;
|
||||
\OC_FileProxy::$enabled = false;
|
||||
|
||||
//here we need the currently logged in user, while userId can be a different user
|
||||
$util = new Util($view, \OCP\User::getUser());
|
||||
|
||||
list($owner, $filename) = $util->getUidAndFilename($filePath);
|
||||
$filename = Helper::stripPartialFileExtension($filename);
|
||||
// in case of system wide mount points the keys are stored directly in the data directory
|
||||
|
|
|
|||
|
|
@ -260,7 +260,8 @@ class Proxy extends \OC_FileProxy {
|
|||
|
||||
$view = new \OC_FilesystemView('');
|
||||
|
||||
$util = new Util($view, \OCP\USER::getUser());
|
||||
$userId = Helper::getUser($path);
|
||||
$util = new Util($view, $userId);
|
||||
|
||||
// If file is already encrypted, decrypt using crypto protocol
|
||||
if (
|
||||
|
|
@ -323,7 +324,7 @@ class Proxy extends \OC_FileProxy {
|
|||
|
||||
$view = new \OC_FilesystemView('/');
|
||||
|
||||
$userId = \OCP\User::getUser();
|
||||
$userId = Helper::getUser($path);
|
||||
$util = new Util($view, $userId);
|
||||
|
||||
// if encryption is no longer enabled or if the files aren't migrated yet
|
||||
|
|
@ -398,7 +399,7 @@ class Proxy extends \OC_FileProxy {
|
|||
|
||||
$view = new \OC_FilesystemView('/');
|
||||
$session = new \OCA\Encryption\Session($view);
|
||||
$userId = \OCP\User::getUser();
|
||||
$userId = Helper::getUser($path);
|
||||
$util = new Util($view, $userId);
|
||||
|
||||
// split the path parts
|
||||
|
|
|
|||
|
|
@ -250,12 +250,14 @@ class Stream {
|
|||
|
||||
// Fetch and decrypt keyfile
|
||||
// Fetch existing keyfile
|
||||
$this->encKeyfile = Keymanager::getFileKey($this->rootView, $this->userId, $this->relPath);
|
||||
$userId = Helper::getUser($this->rawPath);
|
||||
$util = new \OCA\Encryption\Util($this->rootView, $userId);
|
||||
$this->encKeyfile = Keymanager::getFileKey($this->rootView, $util, $this->relPath);
|
||||
|
||||
// If a keyfile already exists
|
||||
if ($this->encKeyfile) {
|
||||
|
||||
$shareKey = Keymanager::getShareKey($this->rootView, $this->userId, $this->relPath);
|
||||
$shareKey = Keymanager::getShareKey($this->rootView, $this->userId, $util, $this->relPath);
|
||||
|
||||
// if there is no valid private key return false
|
||||
if ($this->privateKey === false) {
|
||||
|
|
|
|||
|
|
@ -38,7 +38,8 @@ class Util {
|
|||
const MIGRATION_OPEN = 0; // user still needs to be migrated
|
||||
|
||||
private $view; // OC_FilesystemView object for filesystem operations
|
||||
private $userId; // ID of the currently logged-in user
|
||||
private $userId; // ID of the user we use to encrypt/decrypt files
|
||||
private $ownerId; // ID of the user who accesses the file/folder
|
||||
private $client; // Client side encryption mode flag
|
||||
private $publicKeyDir; // Dir containing all public user keys
|
||||
private $encryptionDir; // Dir containing user's files_encryption
|
||||
|
|
@ -58,51 +59,34 @@ class Util {
|
|||
public function __construct(\OC_FilesystemView $view, $userId, $client = false) {
|
||||
|
||||
$this->view = $view;
|
||||
$this->userId = $userId;
|
||||
$this->client = $client;
|
||||
$this->isPublic = false;
|
||||
|
||||
$this->publicShareKeyId = \OC_Appconfig::getValue('files_encryption', 'publicShareKeyId');
|
||||
$this->recoveryKeyId = \OC_Appconfig::getValue('files_encryption', 'recoveryKeyId');
|
||||
|
||||
// if we are anonymous/public
|
||||
$this->userDir = '/' . $userId;
|
||||
$this->fileFolderName = 'files';
|
||||
$this->userFilesDir =
|
||||
'/' . $userId . '/' . $this->fileFolderName; // TODO: Does this need to be user configurable?
|
||||
$this->publicKeyDir = '/' . 'public-keys';
|
||||
$this->encryptionDir = '/' . $this->userId . '/' . 'files_encryption';
|
||||
$this->keyfilesPath = $this->encryptionDir . '/' . 'keyfiles';
|
||||
$this->shareKeysPath = $this->encryptionDir . '/' . 'share-keys';
|
||||
$this->publicKeyPath =
|
||||
$this->publicKeyDir . '/' . $userId . '.public.key'; // e.g. data/public-keys/admin.public.key
|
||||
$this->privateKeyPath =
|
||||
$this->encryptionDir . '/' . $userId . '.private.key'; // e.g. data/admin/admin.private.key
|
||||
// make sure that the owners home is mounted
|
||||
\OC\Files\Filesystem::initMountPoints($userId);
|
||||
|
||||
if (\OCA\Encryption\Helper::isPublicAccess()) {
|
||||
$this->userId = $this->publicShareKeyId;
|
||||
|
||||
// only handle for files_sharing app
|
||||
if (isset($GLOBALS['app']) && $GLOBALS['app'] === 'files_sharing') {
|
||||
$this->userDir = '/' . $GLOBALS['fileOwner'];
|
||||
$this->fileFolderName = 'files';
|
||||
$this->userFilesDir = '/' . $GLOBALS['fileOwner'] . '/'
|
||||
. $this->fileFolderName; // TODO: Does this need to be user configurable?
|
||||
$this->publicKeyDir = '/' . 'public-keys';
|
||||
$this->encryptionDir = '/' . $GLOBALS['fileOwner'] . '/' . 'files_encryption';
|
||||
$this->keyfilesPath = $this->encryptionDir . '/' . 'keyfiles';
|
||||
$this->shareKeysPath = $this->encryptionDir . '/' . 'share-keys';
|
||||
$this->publicKeyPath =
|
||||
$this->publicKeyDir . '/' . $this->userId . '.public.key'; // e.g. data/public-keys/admin.public.key
|
||||
$this->privateKeyPath =
|
||||
'/owncloud_private_key/' . $this->userId . '.private.key'; // e.g. data/admin/admin.private.key
|
||||
$this->isPublic = true;
|
||||
// make sure that the owners home is mounted
|
||||
\OC\Files\Filesystem::initMountPoints($GLOBALS['fileOwner']);
|
||||
}
|
||||
|
||||
$this->ownerId = $userId;
|
||||
$this->isPublic = true;
|
||||
} else {
|
||||
$this->userDir = '/' . $this->userId;
|
||||
$this->fileFolderName = 'files';
|
||||
$this->userFilesDir =
|
||||
'/' . $this->userId . '/' . $this->fileFolderName; // TODO: Does this need to be user configurable?
|
||||
$this->publicKeyDir = '/' . 'public-keys';
|
||||
$this->encryptionDir = '/' . $this->userId . '/' . 'files_encryption';
|
||||
$this->keyfilesPath = $this->encryptionDir . '/' . 'keyfiles';
|
||||
$this->shareKeysPath = $this->encryptionDir . '/' . 'share-keys';
|
||||
$this->publicKeyPath =
|
||||
$this->publicKeyDir . '/' . $this->userId . '.public.key'; // e.g. data/public-keys/admin.public.key
|
||||
$this->privateKeyPath =
|
||||
$this->encryptionDir . '/' . $this->userId . '.private.key'; // e.g. data/admin/admin.private.key
|
||||
// make sure that the owners home is mounted
|
||||
\OC\Files\Filesystem::initMountPoints($this->userId);
|
||||
$this->userId = $userId;
|
||||
$this->ownerId = $userId;
|
||||
$this->isPublic = false;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -1338,7 +1322,7 @@ class Util {
|
|||
// handle public access
|
||||
if ($this->isPublic) {
|
||||
$filename = $path;
|
||||
$fileOwnerUid = $GLOBALS['fileOwner'];
|
||||
$fileOwnerUid = $this->ownerId;
|
||||
|
||||
return array(
|
||||
$fileOwnerUid,
|
||||
|
|
|
|||
Loading…
Reference in a new issue