ask user for passwords when switching from client to server side encryption

13 years ago · 5a261b5b8f
parent a7cbc9e713
commit 5a261b5b8f
4 changed files with 50 additions and 12 deletions
--- a/apps/files_encryption/ajax/mode.php
+++ b/apps/files_encryption/ajax/mode.php
@ -7,11 +7,22 @@

 //TODO: Handle switch between client and server side encryption

+use OCA_Encryption\Keymanager;
+
 OCP\JSON::checkAppEnabled('files_encryption');
 OCP\JSON::checkLoggedIn();
 OCP\JSON::callCheck();

 $mode = $_POST['mode'];
+$changePasswd = false;
+$passwdChanged = false;
+
+if ( isset($_POST['newpasswd']) && isset($_POST['oldpasswd']) ) {
+	$oldpasswd = $_POST['oldpasswd'];
+	$newpasswd = $_POST['newpasswd'];
+	$changePasswd = true;
+	$passwdChanged = Keymanager::changePasswd($oldpasswd, $newpasswd);
+}

 $query = \OC_DB::prepare( "SELECT mode FROM *PREFIX*encryption WHERE uid = ?" );
 $result = $query->execute(array(\OCP\User::getUser()));
@ -21,4 +32,8 @@ if ($result->fetchRow()){
 } else {
 	$query = OC_DB::prepare( 'INSERT INTO *PREFIX*encryption ( mode, uid ) VALUES( ?, ? )' );
 }
-$query->execute(array($mode, \OCP\User::getUser()));
+if ( (!$changePasswd || $passwdChanged) && $query->execute(array($mode, \OCP\User::getUser())) ) {
+	OCP\JSON::success();
+} else {
+	OCP\JSON::error();
+}
--- a/apps/files_encryption/js/settings-personal.js
+++ b/apps/files_encryption/js/settings-personal.js
@ -6,16 +6,33 @@

 $(document).ready(function(){
 	$('input[name=encryption_mode]').change(function(){
+		var prevmode = document.getElementById('prev_encryption_mode').value
 		var  client=$('input[value="client"]:checked').val()
 			 ,server=$('input[value="server"]:checked').val()
 			 ,user=$('input[value="user"]:checked').val()
 			 ,none=$('input[value="none"]:checked').val()
-		if (client)
-			var encmode= 'client';
-		else if (server)
-			var encmode = 'server';
-		else
-			var encmode = 'none';	
-		$.post(OC.filePath('files_encryption', 'ajax', 'mode.php'), { mode: encmode });
+		if (client) {
+			$.post(OC.filePath('files_encryption', 'ajax', 'mode.php'), { mode: 'client' });
+			if (prevmode == 'server') {
+				OC.dialogs.info(t('encryption', 'Please go to your owncloud client and change your encryption password to complete the conversion'), t('encryption', 'switched to client side encryption'));
+			}
+		} else if (server) {
+			if (prevmode == 'client') {
+		    OC.dialogs.form([{text:'login password', name:'newpasswd', type:'password'},{text:'Encryption password used on the client', name:'oldpasswd', type:'password'}],t('encryption', 'Please enter your passwords'), function(data) {
+		   		$.post(OC.filePath('files_encryption', 'ajax', 'mode.php'), { mode: 'server', newpasswd: data[0].value, oldpasswd: data[1].value }, function(result) {
+		   			if (result.status != 'success') {
+		   				console.log("change selection back to " + prevmode+'_encryption');
+		   				document.getElementById(prevmode+'_encryption').checked = true;
+		   			} else {
+		   			}
+		   			
+		   		});
+		    });
+			} else {
+				$.post(OC.filePath('files_encryption', 'ajax', 'mode.php'), { mode: 'server' });
+			}
+		} else {
+			$.post(OC.filePath('files_encryption', 'ajax', 'mode.php'), { mode: 'none' });
+		}
 	})
 })
--- a/apps/files_encryption/lib/keymanager.php
+++ b/apps/files_encryption/lib/keymanager.php
@ -199,4 +199,10 @@ class Keymanager {
 		return $result;
 	}
 	
+	public static function changePasswd($oldpasswd, $newpasswd) {
+		//TODO change password of private key
+		error_log("password changed from '$oldpasswd' to '$newpasswd'");
+		return true;
+	}
+	
 }
--- a/apps/files_encryption/templates/settings-personal.php
+++ b/apps/files_encryption/templates/settings-personal.php
@ -4,10 +4,10 @@
 <strong>Choose encryption mode:</strong>

 <p>
-	<input type="radio" name="encryption_mode" value="client" style="width:20px;" <?php if ($_['encryption_mode'] == 'client') echo "checked='checked'"?>/> Client side encryption (most secure but makes it impossible to access your data from the web interface)<br />
-	<input type="radio" name="encryption_mode" value="server" style="width:20px;" <?php if ($_['encryption_mode'] == 'server') echo "checked='checked'"?> /> Server side encryption (allows you to access your files from the web interface and the desktop client)<br />
-	<input type="radio" name="encryption_mode" value="none" style="width:20px;" <?php if ($_['encryption_mode'] == 'none') echo "checked='checked'"?>/> None (no encryption at all)<br/>
+	<input type="hidden" name="prev_encryption_mode" id="prev_encryption_mode" value="<?php echo $_['encryption_mode']; ?>">
+	<input type="radio" name="encryption_mode" value="client" id='client_encryption' style="width:20px;" <?php if ($_['encryption_mode'] == 'client') echo "checked='checked'"?>/> Client side encryption (most secure but makes it impossible to access your data from the web interface)<br />
+	<input type="radio" name="encryption_mode" value="server" id='server_encryption' style="width:20px;" <?php if ($_['encryption_mode'] == 'server') echo "checked='checked'"?> /> Server side encryption (allows you to access your files from the web interface and the desktop client)<br />
+	<input type="radio" name="encryption_mode" value="none" id='none_encryption' style="width:20px;" <?php if ($_['encryption_mode'] == 'none') echo "checked='checked'"?>/> None (no encryption at all)<br/>
 	</p>	
 	</fieldset>
 </form>
-