let user update private key password in case it was changed from outside, e.g. external auth back-ends

13 years ago · b5820af3cc
parent b02f4dc62c
commit b5820af3cc
4 changed files with 118 additions and 0 deletions
--- a/apps/files_encryption/ajax/updatePrivateKeyPassword.php
+++ b/apps/files_encryption/ajax/updatePrivateKeyPassword.php
@ -0,0 +1,54 @@
+<?php
+
+/**
+ * Copyright (c) 2013, Bjoern Schiessle <schiessle@owncloud.com>
+ * This file is licensed under the Affero General Public License version 3 or later.
+ * See the COPYING-README file.
+ *
+ * @brief Script to change recovery key password
+ *
+ */
+
+use OCA\Encryption;
+
+\OCP\JSON::checkLoggedIn();
+\OCP\JSON::checkAppEnabled('files_encryption');
+\OCP\JSON::callCheck();
+
+$l = OC_L10N::get('core');
+
+$return = false;
+
+$oldPassword = $_POST['oldPassword'];
+$newPassword = $_POST['newPassword'];
+
+$view = new \OC\Files\View('/');
+$session = new \OCA\Encryption\Session($view);
+$user = \OCP\User::getUser();
+
+$proxyStatus = \OC_FileProxy::$enabled;
+\OC_FileProxy::$enabled = false;
+
+$keyPath = '/' . $user . '/files_encryption/'.$user.'.private.key';
+
+$encryptedKey = $view->file_get_contents($keyPath);
+$decryptedKey = \OCA\Encryption\Crypt::decryptPrivateKey($encryptedKey, $oldPassword);
+
+if ($decryptedKey) {
+
+	$encryptedKey = \OCA\Encryption\Crypt::symmetricEncryptFileContent($decryptedKey, $newPassword);
+	$view->file_put_contents($keyPath, $encryptedKey);
+
+	$session->getPrivateKey($decryptedKey);
+
+	$return = true;
+}
+
+\OC_FileProxy::$enabled = $proxyStatus;
+
+// success or failure
+if ($return) {
+	\OCP\JSON::success(array('data' => array('message' => $l->t('Private key password successfully updated.'))));
+} else {
+	\OCP\JSON::error(array('data' => array('message' => $l->t('Could not update the private key password. Maybe the old password was not correct.'))));
+}
--- a/apps/files_encryption/js/settings-personal.js
+++ b/apps/files_encryption/js/settings-personal.js
@ -57,4 +57,34 @@ $(document).ready(function(){
 		}
 		
 	);
+
+	// update private key password
+
+	$('input:password[name="changePrivateKeyPassword"]').keyup(function(event) {
+		var oldPrivateKeyPassword = $('input:password[id="oldPrivateKeyPassword"]').val();
+		var newPrivateKeyPassword = $('input:password[id="newPrivateKeyPassword"]').val();
+		if (newPrivateKeyPassword != '' && oldPrivateKeyPassword != '' ) {
+			$('button:button[name="submitChangePrivateKeyPassword"]').removeAttr("disabled");
+		} else {
+			$('button:button[name="submitChangePrivateKeyPassword"]').attr("disabled", "true");
+		}
+	});
+
+	$('button:button[name="submitChangePrivateKeyPassword"]').click(function() {
+		var oldPrivateKeyPassword = $('input:password[id="oldPrivateKeyPassword"]').val();
+		var newPrivateKeyPassword = $('input:password[id="newPrivateKeyPassword"]').val();
+		OC.msg.startSaving('#encryption .msg');
+		$.post(
+		OC.filePath( 'files_encryption', 'ajax', 'updatePrivateKeyPassword.php' )
+			, { oldPassword: oldPrivateKeyPassword, newPassword: newPrivateKeyPassword }
+			,  function( data ) {
+				if (data.status == "error") {
+					OC.msg.finishedSaving('#encryption .msg', data);
+				} else {
+					OC.msg.finishedSaving('#encryption .msg', data);
+				}
+			}
+		);
+	});
+
 });
--- a/apps/files_encryption/settings-personal.php
+++ b/apps/files_encryption/settings-personal.php
@ -14,6 +14,9 @@ $tmpl = new OCP\Template('files_encryption', 'settings-personal');
 $user = \OCP\USER::getUser();
 $view = new \OC_FilesystemView('/');
 $util = new \OCA\Encryption\Util($view, $user);
+$session = new \OCA\Encryption\Session($view);
+
+$privateKeySet = ($session->getPrivateKey() !== false) ? true : false;

 $recoveryAdminEnabled = OC_Appconfig::getValue('files_encryption', 'recoveryAdminEnabled');
 $recoveryEnabledForUser = $util->recoveryEnabledForUser();
@ -23,6 +26,7 @@ $recoveryEnabledForUser = $util->recoveryEnabledForUser();

 $tmpl->assign('recoveryEnabled', $recoveryAdminEnabled);
 $tmpl->assign('recoveryEnabledForUser', $recoveryEnabledForUser);
+$tmpl->assign("privateKeySet" , $privateKeySet);

 return $tmpl->fetchPage();

--- a/apps/files_encryption/templates/settings-personal.php
+++ b/apps/files_encryption/templates/settings-personal.php
@ -3,6 +3,35 @@
 		<legend>
 			<?php p( $l->t( 'Encryption' ) ); ?>
 		</legend>
+
+		<?php if ( ! $_["privateKeySet"] ): ?>
+			<p>
+				<label for="changePrivateKeyPasswd"><?php p( $l->t( "Your private key password no longer match your log-in password:" ) ); ?></label>
+				<br />
+				<em><?php p( $l->t( "Set your old private key password to your current log-in password." ) ); ?></em>
+				<br />
+				<input
+					type="password"
+					name="changePrivateKeyPassword"
+					id="oldPrivateKeyPassword" />
+				<label for="oldPrivateKeyPassword"><?php p($l->t( "Old log-in password" )); ?></label>
+				<br />
+				<input
+					type="password"
+					name="changePrivateKeyPassword"
+					id="newPrivateKeyPassword" />
+				<label for="newRecoveryPassword"><?php p($l->t( "Current log-in password" )); ?></label>
+				<br />
+				<button
+					type="button"
+					name="submitChangePrivateKeyPassword"
+					disabled><?php p($l->t( "Update Private Key Password" )); ?>
+				</button>
+				<span class="msg"></span>
+			</p>
+		<?php endif; ?>
+
+		<br />
 		
 		<?php if ( $_["recoveryEnabled"] ): ?>
 			<p>
@ -28,6 +57,7 @@
 				<div id="recoveryEnabledError"><?php p( $l->t( 'Could not update file recovery' ) ); ?></div>
 			</p>
 		<?php endif; ?>
+
 		<br />
 	</fieldset>
 </form>