Merge pull request #27512 from owncloud/encryption-task-26847

This change helps user to switch between master keys
owncloud · May 8, 2017 · 4e5211b · 4e5211b
2 parents 04f2ff4 + 263adeb
commit 4e5211b
Show file tree

Hide file tree

Showing 11 changed files with 410 additions and 108 deletions.
diff --git a/apps/encryption/appinfo/info.xml b/apps/encryption/appinfo/info.xml
@@ -28,7 +28,7 @@
 		<owncloud min-version="10.0" max-version="10.0" />
 	</dependencies>
 	<commands>
-		<command>OCA\Encryption\Command\EnableMasterKey</command>
+		<command>OCA\Encryption\Command\SelectEncryptionType</command>
 		<command>OCA\Encryption\Command\MigrateKeys</command>
 	</commands>
 	<settings>

diff --git a/apps/encryption/js/settings-admin.js b/apps/encryption/js/settings-admin.js
@@ -8,7 +8,78 @@
  */
 
 $(document).ready(function () {
-
+
+	/*
+	 * Do the action based on the selection of encryption type
+	 * @param {string} encryptionType the type of encryption selection. (eg: masterkey or customkey)
+	 * @param {string} state the state after relogin to the server which is always static. Before relogin its undefined and post relogin "static" is the state.
+	 */
+	function encryptionTypeSelection(encryptionType, state=undefined) {
+		if (encryptionType === "masterkey") {
+			//If user selects "Master Key" from the drop down
+			$("#select-mode").removeClass("hidden");
+
+			if(state === "static") {
+				$("#select-mode, #keyTypeId").addClass("hidden");
+				$("#encryptHomeStorage, #encryptionSetRecoveryKey").addClass("hidden");
+				if($("#encryptionType").val().length === 0) {
+					$("#encryptionType").text("Encryption type: Master Key");
+				}
+			}
+		} else if (encryptionType === "customkey") {
+			//If user selects "User-specific key" from the drop down
+			$("#select-mode").removeClass("hidden");
+
+			if(state === "static") {
+				$("#keyTypeId, #select-mode").addClass("hidden");
+
+				$("#encryptHomeStorageSetting, #encryptionSetRecoveryKey").removeClass("hidden");
+
+			}
+		} else {
+			//If user selects "Please select an encryption option" from the drop down
+			$("#select-mode").addClass("hidden");
+		}
+
+	}
+
+	$("#encryptionType").css({pointerEvents: "none"});
+
+	encryptionTypeSelection($("#keyTypeId :selected").val(), "static");
+
+	if($("#masterKeyVal").attr("data-master-key") === "") {
+		if($("#userSpecificKey").attr("data-user-specific-key") !== "") {
+			encryptionTypeSelection("customkey", "static");
+		}
+	}
+
+	$("#keyTypeId").change(function (element) {
+		encryptionTypeSelection($("#keyTypeId :selected").val());
+	});
+
+	$("#select-mode").click(function () {
+		//Action to be taken when "Select this mode" button is selected.
+		var $loadSpinner = $('#encryptionKeySelection').find('div.hidden').first();
+		$loadSpinner.toggleClass('hidden',false);
+		$loadSpinner.toggleClass('loading',true);
+		if($("#keyTypeId :selected").val() === "masterkey") {
+			var masterAjaxObj = OC.AppConfig.setValue('encryption', 'useMasterKey', '1');
+			$.when(masterAjaxObj).done(function (masterKeyObj) {
+				$loadSpinner.toggleClass('hidden');
+				location.reload();
+			});
+		} else if($("#keyTypeId :selected").val() === "customkey") {
+			if($("#encryptionType").val().length === 0) {
+				$("#encryptionType").text("Encryption type: User Specific Key");
+			}
+			var userSpecificAjaxObj = OC.AppConfig.setValue("encryption", "userSpecificKey", '1');
+			$.when(userSpecificAjaxObj).done(function (userSpecificAjaxObj) {
+				$loadSpinner.toggleClass('hidden');
+				location.reload();
+			});
+		}
+	});
+
 	$('input:button[name="enableRecoveryKey"]').click(function () {
 
 		var recoveryStatus = $(this).attr('status');

diff --git a/apps/encryption/lib/Command/EnableMasterKey.php b/apps/encryption/lib/Command/EnableMasterKey.php
diff --git a/apps/encryption/lib/Command/SelectEncryptionType.php b/apps/encryption/lib/Command/SelectEncryptionType.php
@@ -0,0 +1,126 @@
+<?php
+/**
+* @author Björn Schießle <[email protected]>
+*
+* @copyright Copyright (c) 2017, ownCloud GmbH
+* @license AGPL-3.0
+*
+* This code is free software: you can redistribute it and/or modify
+* it under the terms of the GNU Affero General Public License, version 3,
+* as published by the Free Software Foundation.
+*
+* This program is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+* GNU Affero General Public License for more details.
+*
+* You should have received a copy of the GNU Affero General Public License, version 3,
+* along with this program.  If not, see <http://www.gnu.org/licenses/>
+*
+*/
+
+
+namespace OCA\Encryption\Command;
+
+use OCA\Encryption\Util;
+use OCP\IConfig;
+use Symfony\Component\Console\Command\Command;
+use Symfony\Component\Console\Helper\QuestionHelper;
+use Symfony\Component\Console\Input\InputArgument;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+use Symfony\Component\Console\Question\ConfirmationQuestion;
+use Symfony\Component\Console\Input\InputOption;
+
+class SelectEncryptionType extends Command {
+
+	/** @var Util */
+	protected $util;
+
+	/** @var IConfig */
+	protected $config;
+
+	/** @var  QuestionHelper */
+	protected $questionHelper;
+
+	/**
+	 * @param Util $util
+	 * @param IConfig $config
+	 * @param QuestionHelper $questionHelper
+	 */
+	public function __construct(Util $util,
+								IConfig $config,
+								QuestionHelper $questionHelper) {
+
+		$this->util = $util;
+		$this->config = $config;
+		$this->questionHelper = $questionHelper;
+		parent::__construct();
+	}
+
+	protected function configure() {
+		parent::configure();
+
+		$this
+			->setName('encryption:select-encryption-type')
+			->setDescription('Select the encryption type. The encryption types available are: masterkey and user-keys. There is also no way to disable it again.')
+			->addArgument(
+					'encryption-type',
+				InputArgument::REQUIRED,
+				'Encryption type can be either: masterkey | user-keys'
+			)
+		;
+
+		$this->addOption(
+			'yes',
+			'y',
+			InputOption::VALUE_NONE,
+			'Answer yes to all questions'
+		);
+	}
+
+	protected function execute(InputInterface $input, OutputInterface $output) {
+		if($this->config->getAppValue('core', 'encryption_enabled', 'no') === 'no') {
+			$output->writeln('Kindly enable encryption to select the encryption type.');
+			return 1;
+		}
+
+		$encryptionType = $input->getArgument('encryption-type');
+		$yes = $input->getOption('yes');
+
+		$masterKeyNotEnabled = (!$this->util->isMasterKeyEnabled());
+		$userKeysNotEnabled = ($this->config->getAppValue('encryption','userSpecificKey', '') === '');
+		$freshInstallation = ($masterKeyNotEnabled && $userKeysNotEnabled);
+
+		if(!$freshInstallation) {
+			if(!$masterKeyNotEnabled) {
+				$output->writeln("Master key already enabled");
+			} else {
+				$output->writeln("User keys already enabled");
+			}
+			return 1;
+		}
+
+		if($encryptionType === "masterkey") {
+			$question = new ConfirmationQuestion(
+				'Warning: Only available for fresh installations with no existing encrypted data! '
+				. 'There is also no way to disable it again. Do you want to continue? (y/n) ', false);
+			if ($yes || $this->questionHelper->ask($input, $output, $question)) {
+				$this->config->setAppValue('encryption', 'useMasterKey', '1');
+				$output->writeln('Master key successfully enabled.');
+			}
+		} elseif ($encryptionType === "user-keys") {
+			$question = new ConfirmationQuestion(
+				'Warning: Only available for fresh installations with no existing encrypted data! '
+				. 'There is also no way to disable it again. Do you want to continue? (y/n) ', false);
+			if ($yes || $this->questionHelper->ask($input, $output, $question)) {
+				$this->config->setAppValue('encryption', 'userSpecificKey', '1');
+				$output->writeln('User key successfully enabled.');
+			}
+		} else {
+			$output->writeln("The option provided for encryption-type " . $encryptionType . " is not valid. The available options are: 'masterkey' or 'user-keys'");
+		}
+
+	}
+}
+
diff --git a/apps/encryption/lib/Session.php b/apps/encryption/lib/Session.php
@@ -60,7 +60,10 @@ public function setStatus($status) {
 	public function getStatus() {
 		$status = $this->session->get('encryptionInitialized');
 		if (is_null($status)) {
-			$status = self::NOT_INITIALIZED;
+			if(\OC::$server->getAppConfig()->getValue('encryption', 'useMasterKey', '0') !== '0'
+			  or \OC::$server->getAppConfig()->getValue('encryption', 'userSpecificKey', '') !== '') {
+				$status = self::NOT_INITIALIZED;
+			}
 		}
 
 		return $status;

diff --git a/apps/encryption/templates/settings-admin.php b/apps/encryption/templates/settings-admin.php
@@ -5,19 +5,46 @@
 style('encryption', 'settings-admin');
 ?>
 <form id="ocDefaultEncryptionModule" class="sub-section">
-	<h2 class="app-name"><?php p($l->t('Encryption')); ?></h2>
-	<?php if(!$_["initStatus"]): ?>
+	<h2 class="app-name"><?php p($l->t('Default encryption module')); ?></h2>
+	<?php if(!$_["initStatus"] and (\OC::$server->getAppConfig()->getValue('encryption', 'useMasterKey', '0') !== '0'
+		or \OC::$server->getAppConfig()->getValue('encryption', 'encryptHomeStorage', '') !== '')): ?>
 		<?php p($l->t("Encryption App is enabled but your keys are not initialized, please log-out and log-in again")); ?>
 	<?php else: ?>
-		<p id="encryptHomeStorageSetting">
+		<label id="encryptionType">
+			<?php
+			$masterKey = \OC::$server->getAppConfig()->getValue('encryption', 'useMasterKey', '0');
+			$userSpecificKey = \OC::$server->getAppConfig()->getValue('encryption', 'userSpecificKey', '');
+			if($masterKey !== '0') {
+				p($l->t("Encryption type: Master Key"));
+			} else {
+				if($userSpecificKey !== "") {
+					p($l->t("Encryption type: User Specific Key"));
+				}
+			}
+			?>
+		</label>
+		<span id="encryptionKeySelection">
+			<select id="keyTypeId" name="keyType">
+				<option value="nokey"><?php p($l->t("Please select an encryption option"))?></option>
+				<option value="masterkey" <?php \OC::$server->getAppConfig()->getValue('encryption', 'useMasterKey', '0') !== '0' ? print_unescaped('selected="selected"') : print_unescaped(''); ?>><?php p($l->t("Master Key"))?></option>
+				<option value="customkey"><?php p($l->t("User-specific key"))?></option>
+			</select>
+			<button id="select-mode" type="button" class="hidden"><?php p($l->t("Permanently select this mode"));?></button>
+			<div style="display:inline-block;margin-left: 20px;" class="hidden"></div>
+			<div id="masterKeyVal" data-master-key="<?php echo \OC::$server->getAppConfig()->getValue("encryption", "useMasterKey", "");?>"></div>
+			<div id="userSpecificKey" data-user-specific-key="<?php echo \OC::$server->getAppConfig()->getValue("encryption", "userSpecificKey", "");?>"></div>
+		</span>
+		<br />
+
+		<p id="encryptHomeStorageSetting" class="hidden">
 			<input type="checkbox" class="checkbox" name="encrypt_home_storage" id="encryptHomeStorage"
 				   value="1" <?php if ($_['encryptHomeStorage']) print_unescaped('checked="checked"'); ?> />
 			<label for="encryptHomeStorage"><?php p($l->t('Encrypt the home storage'));?></label></br>
 			<em><?php p( $l->t( "Enabling this option encrypts all files stored on the main storage, otherwise only files on external storage will be encrypted" ) ); ?></em>
 		</p>
 		<br />
 		<?php if($_['masterKeyEnabled'] === false): ?>
-			<p id="encryptionSetRecoveryKey">
+			<p id="encryptionSetRecoveryKey" class="hidden">
 				<?php $_["recoveryEnabled"] === '0' ?  p($l->t("Enable recovery key")) : p($l->t("Disable recovery key")); ?>
 				<span class="msg"></span>
 				<br/>