зеркало из https://github.com/nextcloud/server.git
change key password when user switches from client to server side encryption.
make use of the keymanager class in changekeypasscode()
This commit is contained in:
Bjoern Schiessle
Родитель
5a261b5b8f
Коммит
800942ece7
|
|
@ -32,6 +32,7 @@ if ($result->fetchRow()){
|
|||
} else {
|
||||
$query = OC_DB::prepare( 'INSERT INTO *PREFIX*encryption ( mode, uid ) VALUES( ?, ? )' );
|
||||
}
|
||||
|
||||
if ( (!$changePasswd || $passwdChanged) && $query->execute(array($mode, \OCP\User::getUser())) ) {
|
||||
OCP\JSON::success();
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -18,14 +18,12 @@ $(document).ready(function(){
|
|||
}
|
||||
} else if (server) {
|
||||
if (prevmode == 'client') {
|
||||
OC.dialogs.form([{text:'login password', name:'newpasswd', type:'password'},{text:'Encryption password used on the client', name:'oldpasswd', type:'password'}],t('encryption', 'Please enter your passwords'), function(data) {
|
||||
OC.dialogs.form([{text:'login password', name:'newpasswd', type:'password'},{text:'Encryption password used on the client', name:'oldpasswd', type:'password'}],t('encryption', 'Change encryption password to login password'), function(data) {
|
||||
$.post(OC.filePath('files_encryption', 'ajax', 'mode.php'), { mode: 'server', newpasswd: data[0].value, oldpasswd: data[1].value }, function(result) {
|
||||
if (result.status != 'success') {
|
||||
console.log("change selection back to " + prevmode+'_encryption');
|
||||
document.getElementById(prevmode+'_encryption').checked = true;
|
||||
} else {
|
||||
OC.dialogs.alert(t('encryption', 'Please check your passwords and try again'), t('encryption', 'Could not change encryption password to login password'))
|
||||
}
|
||||
|
||||
});
|
||||
});
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -412,21 +412,23 @@ class Crypt {
|
|||
}
|
||||
|
||||
public static function changekeypasscode($oldPassword, $newPassword) {
|
||||
if(OCP\User::isLoggedIn()){
|
||||
$username=OCP\USER::getUser();
|
||||
$view=new OC_FilesystemView('/'.$username);
|
||||
if(\OCP\User::isLoggedIn()){
|
||||
$username = \OCP\USER::getUser();
|
||||
$view = new \OC_FilesystemView('/'.$username);
|
||||
|
||||
// read old key
|
||||
$key=$view->file_get_contents('/encryption.key');
|
||||
$key = Keymanager::getPrivateKey();
|
||||
|
||||
// decrypt key with old passcode
|
||||
$key=OC_Crypt::decrypt($key, $oldPassword);
|
||||
if ( ($key = self::decrypt($key, $oldPassword)) ) {
|
||||
// encrypt again with new passcode
|
||||
$key = self::encrypt($key, $newPassword);
|
||||
|
||||
// encrypt again with new passcode
|
||||
$key=OC_Crypt::encrypt($key, $newPassword);
|
||||
|
||||
// store the new key
|
||||
$view->file_put_contents('/encryption.key', $key );
|
||||
// store the new key
|
||||
return Keymanager::setPrivateKey($key);
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -200,9 +200,12 @@ class Keymanager {
|
|||
}
|
||||
|
||||
public static function changePasswd($oldpasswd, $newpasswd) {
|
||||
//TODO change password of private key
|
||||
error_log("password changed from '$oldpasswd' to '$newpasswd'");
|
||||
return true;
|
||||
if ( \OCP\User::checkPassword(\OCP\User::getUser(), $newpasswd) ) {
|
||||
return Crypt::changekeypasscode($oldpasswd, $newpasswd);
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
Загрузка…
Ссылка в новой задаче