Главная Обзор contacts
Вход
dyokunev
/
nextcloud-mephi
Следить 1
В избранное 0
Ответвить 0
Файлы Обсуждения 0 Запросы на слияние 0 Вики
Дерево: cbfee81068
Ветки Метки
nextcloud-me...
/
apps
/
files_encryption
/
hooks
/
hooks.php

hooks.php 17 KB
История Исходник

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566 
  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  * ownCloud
    5. 

  5.  *
    6. 

  6.  * @author Sam Tuke
    7. 

  7.  * @copyright 2012 Sam Tuke samtuke@owncloud.org
    8. 

  8.  *
    9. 

  9.  * This library is free software; you can redistribute it and/or
    10. 

  10.  * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
    11. 

  11.  * License as published by the Free Software Foundation; either
    12. 

  12.  * version 3 of the License, or any later version.
    13. 

  13.  *
    14. 

  14.  * This library is distributed in the hope that it will be useful,
    15. 

  15.  * but WITHOUT ANY WARRANTY; without even the implied warranty of
    16. 

  16.  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    17. 

  17.  * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
    18. 

  18.  *
    19. 

  19.  * You should have received a copy of the GNU Affero General Public
    20. 

  20.  * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
    21. 

  21.  *
    22. 

  22.  */
    23. 

  23. 

  24. namespace OCA\Encryption;
    25. 

  25. 

  26. use OC\Files\Filesystem;
    27. 

  27. 

  28. /**
    29. 

  29.  * Class for hook specific logic
    30. 

  30.  */
    31. 

  31. class Hooks {
    32. 

  32. 

  33. 	// TODO: use passphrase for encrypting private key that is separate to 
    34. 

  34. 	// the login password
    35. 

  35. 

  36. 	/**
    37. 

  37. 	 * @brief Startup encryption backend upon user login
    38. 

  38. 	 * @note This method should never be called for users using client side encryption
    39. 

  39. 	 */
    40. 

  40. 	public static function login($params) {
    41. 

  41. 		$l = new \OC_L10N('files_encryption');
    42. 

  42. 		//check if all requirements are met
    43. 

  43. 		if(!Helper::checkRequirements() || !Helper::checkConfiguration() ) {
    44. 

  44. 			$error_msg = $l->t("Missing requirements.");
    45. 

  45. 			$hint = $l->t('Please make sure that PHP 5.3.3 or newer is installed and that OpenSSL together with the PHP extension is enabled and configured properly. For now, the encryption app has been disabled.');
    46. 

  46. 			\OC_App::disable('files_encryption');
    47. 

  47. 			\OCP\Util::writeLog('Encryption library', $error_msg . ' ' . $hint, \OCP\Util::ERROR);
    48. 

  48. 			\OCP\Template::printErrorPage($error_msg, $hint);
    49. 

  49. 		}
    50. 

  50. 

  51. 		$view = new \OC_FilesystemView('/');
    52. 

  52. 

  53. 		// ensure filesystem is loaded
    54. 

  54. 		if(!\OC\Files\Filesystem::$loaded) {
    55. 

  55. 			\OC_Util::setupFS($params['uid']);
    56. 

  56. 		}
    57. 

  57. 

  58. 		$util = new Util($view, $params['uid']);
    59. 

  59. 

  60. 		// setup user, if user not ready force relogin
    61. 

  61. 		if (Helper::setupUser($util, $params['password']) === false) {
    62. 

  62. 			return false;
    63. 

  63. 		}
    64. 

  64. 

  65. 		$encryptedKey = Keymanager::getPrivateKey($view, $params['uid']);
    66. 

  66. 

  67. 		$privateKey = Crypt::decryptPrivateKey($encryptedKey, $params['password']);
    68. 

  68. 

  69. 		if ($privateKey === false) {
    70. 

  70. 			\OCP\Util::writeLog('Encryption library', 'Private key for user "' . $params['uid']
    71. 

  71. 													  . '" is not valid! Maybe the user password was changed from outside if so please change it back to gain access', \OCP\Util::ERROR);
    72. 

  72. 		}
    73. 

  73. 

  74. 		$session = new \OCA\Encryption\Session($view);
    75. 

  75. 

  76. 		$session->setPrivateKey($privateKey);
    77. 

  77. 

  78. 		// Check if first-run file migration has already been performed
    79. 

  79. 		$ready = false;
    80. 

  80. 		if ($util->getMigrationStatus() === Util::MIGRATION_OPEN) {
    81. 

  81. 			$ready = $util->beginMigration();
    82. 

  82. 		}
    83. 

  83. 

  84. 		// If migration not yet done
    85. 

  85. 		if ($ready) {
    86. 

  86. 

  87. 			$userView = new \OC_FilesystemView('/' . $params['uid']);
    88. 

  88. 

  89. 			// Set legacy encryption key if it exists, to support 
    90. 

  90. 			// depreciated encryption system
    91. 

  91. 			if (
    92. 

  92. 				$userView->file_exists('encryption.key')
    93. 

  93. 				&& $encLegacyKey = $userView->file_get_contents('encryption.key')
    94. 

  94. 			) {
    95. 

  95. 

  96. 				$plainLegacyKey = Crypt::legacyDecrypt($encLegacyKey, $params['password']);
    97. 

  97. 

  98. 				$session->setLegacyKey($plainLegacyKey);
    99. 

  99. 

  100. 			}
    101. 

  101. 

  102. 			// Encrypt existing user files:
    103. 

  103. 			// This serves to upgrade old versions of the encryption
    104. 

  104. 			// app (see appinfo/spec.txt)
    105. 

  105. 			if (
    106. 

  106. 				$util->encryptAll('/' . $params['uid'] . '/' . 'files', $session->getLegacyKey(), $params['password'])
    107. 

  107. 			) {
    108. 

  108. 

  109. 				\OC_Log::write(
    110. 

  110. 					'Encryption library', 'Encryption of existing files belonging to "' . $params['uid'] . '" completed'
    111. 

  111. 					, \OC_Log::INFO
    112. 

  112. 				);
    113. 

  113. 

  114. 			}
    115. 

  115. 

  116. 			// Register successful migration in DB
    117. 

  117. 			$util->finishMigration();
    118. 

  118. 

  119. 		}
    120. 

  120. 

  121. 		return true;
    122. 

  122. 

  123. 	}
    124. 

  124. 

  125. 	/**
    126. 

  126. 	 * @brief setup encryption backend upon user created
    127. 

  127. 	 * @note This method should never be called for users using client side encryption
    128. 

  128. 	 */
    129. 

  129. 	public static function postCreateUser($params) {
    130. 

  130. 		$view = new \OC_FilesystemView('/');
    131. 

  131. 

  132. 		$util = new Util($view, $params['uid']);
    133. 

  133. 

  134. 		Helper::setupUser($util, $params['password']);
    135. 

  135. 	}
    136. 

  136. 

  137. 	/**
    138. 

  138. 	 * @brief cleanup encryption backend upon user deleted
    139. 

  139. 	 * @note This method should never be called for users using client side encryption
    140. 

  140. 	 */
    141. 

  141. 	public static function postDeleteUser($params) {
    142. 

  142. 		$view = new \OC_FilesystemView('/');
    143. 

  143. 

  144. 		// cleanup public key
    145. 

  145. 		$publicKey = '/public-keys/' . $params['uid'] . '.public.key';
    146. 

  146. 

  147. 		// Disable encryption proxy to prevent recursive calls
    148. 

  148. 		$proxyStatus = \OC_FileProxy::$enabled;
    149. 

  149. 		\OC_FileProxy::$enabled = false;
    150. 

  150. 

  151. 		$view->unlink($publicKey);
    152. 

  152. 

  153. 		\OC_FileProxy::$enabled = $proxyStatus;
    154. 

  154. 	}
    155. 

  155. 

  156. 	/**
    157. 

  157. 	 * @brief If the password can't be changed within ownCloud, than update the key password in advance.
    158. 

  158. 	 */
    159. 

  159. 	public static function preSetPassphrase($params) {
    160. 

  160. 		if ( ! \OC_User::canUserChangePassword($params['uid']) ) {
    161. 

  161. 			self::setPassphrase($params);
    162. 

  162. 		}
    163. 

  163. 	}
    164. 

  164. 

  165. 	/**
    166. 

  166. 	 * @brief Change a user's encryption passphrase
    167. 

  167. 	 * @param array $params keys: uid, password
    168. 

  168. 	 */
    169. 

  169. 	public static function setPassphrase($params) {
    170. 

  170. 

  171. 		// Only attempt to change passphrase if server-side encryption
    172. 

  172. 		// is in use (client-side encryption does not have access to
    173. 

  173. 		// the necessary keys)
    174. 

  174. 		if (Crypt::mode() === 'server') {
    175. 

  175. 

  176. 			if ($params['uid'] === \OCP\User::getUser()) {
    177. 

  177. 

  178. 				$view = new \OC_FilesystemView('/');
    179. 

  179. 

  180. 				$session = new \OCA\Encryption\Session($view);
    181. 

  181. 

  182. 				// Get existing decrypted private key
    183. 

  183. 				$privateKey = $session->getPrivateKey();
    184. 

  184. 

  185. 				// Encrypt private key with new user pwd as passphrase
    186. 

  186. 				$encryptedPrivateKey = Crypt::symmetricEncryptFileContent($privateKey, $params['password']);
    187. 

  187. 

  188. 				// Save private key
    189. 

  189. 				Keymanager::setPrivateKey($encryptedPrivateKey);
    190. 

  190. 

  191. 				// NOTE: Session does not need to be updated as the
    192. 

  192. 				// private key has not changed, only the passphrase
    193. 

  193. 				// used to decrypt it has changed
    194. 

  194. 

  195. 

  196. 			} else { // admin changed the password for a different user, create new keys and reencrypt file keys
    197. 

  197. 

  198. 				$user = $params['uid'];
    199. 

  199. 				$recoveryPassword = $params['recoveryPassword'];
    200. 

  200. 				$newUserPassword = $params['password'];
    201. 

  201. 

  202. 				$view = new \OC_FilesystemView('/');
    203. 

  203. 

  204. 				// make sure that the users home is mounted
    205. 

  205. 				\OC\Files\Filesystem::initMountPoints($user);
    206. 

  206. 

  207. 				$keypair = Crypt::createKeypair();
    208. 

  208. 

  209. 				// Disable encryption proxy to prevent recursive calls
    210. 

  210. 				$proxyStatus = \OC_FileProxy::$enabled;
    211. 

  211. 				\OC_FileProxy::$enabled = false;
    212. 

  212. 

  213. 				// Save public key
    214. 

  214. 				$view->file_put_contents('/public-keys/' . $user . '.public.key', $keypair['publicKey']);
    215. 

  215. 

  216. 				// Encrypt private key empty passphrase
    217. 

  217. 				$encryptedPrivateKey = Crypt::symmetricEncryptFileContent($keypair['privateKey'], $newUserPassword);
    218. 

  218. 

  219. 				// Save private key
    220. 

  220. 				$view->file_put_contents(
    221. 

  221. 					'/' . $user . '/files_encryption/' . $user . '.private.key', $encryptedPrivateKey);
    222. 

  222. 

  223. 				if ($recoveryPassword) { // if recovery key is set we can re-encrypt the key files
    224. 

  224. 					$util = new Util($view, $user);
    225. 

  225. 					$util->recoverUsersFiles($recoveryPassword);
    226. 

  226. 				}
    227. 

  227. 

  228. 				\OC_FileProxy::$enabled = $proxyStatus;
    229. 

  229. 			}
    230. 

  230. 		}
    231. 

  231. 	}
    232. 

  232. 

  233. 	/*
    234. 

  234. 	 * @brief check if files can be encrypted to every user.
    235. 

  235. 	 */
    236. 

  236. 	/**
    237. 

  237. 	 * @param $params
    238. 

  238. 	 */
    239. 

  239. 	public static function preShared($params) {
    240. 

  240. 

  241. 		$l = new \OC_L10N('files_encryption');
    242. 

  242. 		$users = array();
    243. 

  243. 		$view = new \OC\Files\View('/public-keys/');
    244. 

  244. 

  245. 		switch ($params['shareType']) {
    246. 

  246. 			case \OCP\Share::SHARE_TYPE_USER:
    247. 

  247. 				$users[] = $params['shareWith'];
    248. 

  248. 				break;
    249. 

  249. 			case \OCP\Share::SHARE_TYPE_GROUP:
    250. 

  250. 				$users = \OC_Group::usersInGroup($params['shareWith']);
    251. 

  251. 				break;
    252. 

  252. 		}
    253. 

  253. 

  254. 		$notConfigured = array();
    255. 

  255. 		foreach ($users as $user) {
    256. 

  256. 			if (!$view->file_exists($user . '.public.key')) {
    257. 

  257. 				$notConfigured[] = $user;
    258. 

  258. 			}
    259. 

  259. 		}
    260. 

  260. 

  261. 		if (count($notConfigured) > 0) {
    262. 

  262. 			$params['run'] = false;
    263. 

  263. 			$params['error'] = $l->t('Following users are not set up for encryption:') . ' ' . join(', ' , $notConfigured);
    264. 

  264. 		}
    265. 

  265. 		
    266. 

  266. 	}
    267. 

  267. 

  268. 	/**
    269. 

  269. 	 * @brief
    270. 

  270. 	 */
    271. 

  271. 	public static function postShared($params) {
    272. 

  272. 

  273. 		// NOTE: $params has keys:
    274. 

  274. 		// [itemType] => file
    275. 

  275. 		// itemSource -> int, filecache file ID
    276. 

  276. 		// [parent] => 
    277. 

  277. 		// [itemTarget] => /13
    278. 

  278. 		// shareWith -> string, uid of user being shared to
    279. 

  279. 		// fileTarget -> path of file being shared
    280. 

  280. 		// uidOwner -> owner of the original file being shared
    281. 

  281. 		// [shareType] => 0
    282. 

  282. 		// [shareWith] => test1
    283. 

  283. 		// [uidOwner] => admin
    284. 

  284. 		// [permissions] => 17
    285. 

  285. 		// [fileSource] => 13
    286. 

  286. 		// [fileTarget] => /test8
    287. 

  287. 		// [id] => 10
    288. 

  288. 		// [token] =>
    289. 

  289. 		// [run] => whether emitting script should continue to run
    290. 

  290. 		// TODO: Should other kinds of item be encrypted too?
    291. 

  291. 

  292. 		if ($params['itemType'] === 'file' || $params['itemType'] === 'folder') {
    293. 

  293. 

  294. 			$view = new \OC_FilesystemView('/');
    295. 

  295. 			$session = new \OCA\Encryption\Session($view);
    296. 

  296. 			$userId = \OCP\User::getUser();
    297. 

  297. 			$util = new Util($view, $userId);
    298. 

  298. 			$path = $util->fileIdToPath($params['itemSource']);
    299. 

  299. 

  300. 			$share = $util->getParentFromShare($params['id']);
    301. 

  301. 			//if parent is set, then this is a re-share action
    302. 

  302. 			if ($share['parent'] !== null) {
    303. 

  303. 

  304. 				// get the parent from current share
    305. 

  305. 				$parent = $util->getShareParent($params['parent']);
    306. 

  306. 

  307. 				// if parent is file the it is an 1:1 share
    308. 

  308. 				if ($parent['item_type'] === 'file') {
    309. 

  309. 

  310. 					// prefix path with Shared
    311. 

  311. 					$path = '/Shared' . $parent['file_target'];
    312. 

  312. 				} else {
    313. 

  313. 

  314. 					// NOTE: parent is folder but shared was a file!
    315. 

  315. 					// we try to rebuild the missing path
    316. 

  316. 					// some examples we face here
    317. 

  317. 					// user1 share folder1 with user2 folder1 has 
    318. 

  318. 					// the following structure 
    319. 

  319. 					// /folder1/subfolder1/subsubfolder1/somefile.txt
    320. 

  320. 					// user2 re-share subfolder2 with user3
    321. 

  321. 					// user3 re-share somefile.txt user4
    322. 

  322. 					// so our path should be 
    323. 

  323. 					// /Shared/subfolder1/subsubfolder1/somefile.txt 
    324. 

  324. 					// while user3 is sharing
    325. 

  325. 

  326. 					if ($params['itemType'] === 'file') {
    327. 

  327. 						// get target path
    328. 

  328. 						$targetPath = $util->fileIdToPath($params['fileSource']);
    329. 

  329. 						$targetPathSplit = array_reverse(explode('/', $targetPath));
    330. 

  330. 

  331. 						// init values
    332. 

  332. 						$path = '';
    333. 

  333. 						$sharedPart = ltrim($parent['file_target'], '/');
    334. 

  334. 

  335. 						// rebuild path
    336. 

  336. 						foreach ($targetPathSplit as $pathPart) {
    337. 

  337. 							if ($pathPart !== $sharedPart) {
    338. 

  338. 								$path = '/' . $pathPart . $path;
    339. 

  339. 							} else {
    340. 

  340. 								break;
    341. 

  341. 							}
    342. 

  342. 						}
    343. 

  343. 						// prefix path with Shared
    344. 

  344. 						$path = '/Shared' . $parent['file_target'] . $path;
    345. 

  345. 					} else {
    346. 

  346. 						// prefix path with Shared
    347. 

  347. 						$path = '/Shared' . $parent['file_target'] . $params['fileTarget'];
    348. 

  348. 					}
    349. 

  349. 				}
    350. 

  350. 			}
    351. 

  351. 

  352. 			$sharingEnabled = \OCP\Share::isEnabled();
    353. 

  353. 

  354. 			// get the path including mount point only if not a shared folder
    355. 

  355. 			if (strncmp($path, '/Shared', strlen('/Shared') !== 0)) {
    356. 

  356. 				// get path including the the storage mount point
    357. 

  357. 				$path = $util->getPathWithMountPoint($params['itemSource']);
    358. 

  358. 			}
    359. 

  359. 

  360. 			// if a folder was shared, get a list of all (sub-)folders
    361. 

  361. 			if ($params['itemType'] === 'folder') {
    362. 

  362. 				$allFiles = $util->getAllFiles($path);
    363. 

  363. 			} else {
    364. 

  364. 				$allFiles = array($path);
    365. 

  365. 			}
    366. 

  366. 

  367. 			foreach ($allFiles as $path) {
    368. 

  368. 				$usersSharing = $util->getSharingUsersArray($sharingEnabled, $path);
    369. 

  369. 				$util->setSharedFileKeyfiles($session, $usersSharing, $path);
    370. 

  370. 			}
    371. 

  371. 		}
    372. 

  372. 	}
    373. 

  373. 

  374. 	/**
    375. 

  375. 	 * @brief
    376. 

  376. 	 */
    377. 

  377. 	public static function postUnshare($params) {
    378. 

  378. 

  379. 		// NOTE: $params has keys:
    380. 

  380. 		// [itemType] => file
    381. 

  381. 		// [itemSource] => 13
    382. 

  382. 		// [shareType] => 0
    383. 

  383. 		// [shareWith] => test1
    384. 

  384. 		// [itemParent] =>
    385. 

  385. 

  386. 		if ($params['itemType'] === 'file' || $params['itemType'] === 'folder') {
    387. 

  387. 

  388. 			$view = new \OC_FilesystemView('/');
    389. 

  389. 			$userId = \OCP\User::getUser();
    390. 

  390. 			$util = new Util($view, $userId);
    391. 

  391. 			$path = $util->fileIdToPath($params['itemSource']);
    392. 

  392. 

  393. 			// check if this is a re-share
    394. 

  394. 			if ($params['itemParent']) {
    395. 

  395. 

  396. 				// get the parent from current share
    397. 

  397. 				$parent = $util->getShareParent($params['itemParent']);
    398. 

  398. 

  399. 				// get target path
    400. 

  400. 				$targetPath = $util->fileIdToPath($params['itemSource']);
    401. 

  401. 				$targetPathSplit = array_reverse(explode('/', $targetPath));
    402. 

  402. 

  403. 				// init values
    404. 

  404. 				$path = '';
    405. 

  405. 				$sharedPart = ltrim($parent['file_target'], '/');
    406. 

  406. 

  407. 				// rebuild path
    408. 

  408. 				foreach ($targetPathSplit as $pathPart) {
    409. 

  409. 					if ($pathPart !== $sharedPart) {
    410. 

  410. 						$path = '/' . $pathPart . $path;
    411. 

  411. 					} else {
    412. 

  412. 						break;
    413. 

  413. 					}
    414. 

  414. 				}
    415. 

  415. 

  416. 				// prefix path with Shared
    417. 

  417. 				$path = '/Shared' . $parent['file_target'] . $path;
    418. 

  418. 			}
    419. 

  419. 

  420. 			// for group shares get a list of the group members
    421. 

  421. 			if ($params['shareType'] === \OCP\Share::SHARE_TYPE_GROUP) {
    422. 

  422. 				$userIds = \OC_Group::usersInGroup($params['shareWith']);
    423. 

  423. 			} else {
    424. 

  424. 				if ($params['shareType'] === \OCP\Share::SHARE_TYPE_LINK) {
    425. 

  425. 					$userIds = array($util->getPublicShareKeyId());
    426. 

  426. 				} else {
    427. 

  427. 					$userIds = array($params['shareWith']);
    428. 

  428. 				}
    429. 

  429. 			}
    430. 

  430. 

  431. 			// get the path including mount point only if not a shared folder
    432. 

  432. 			if (strncmp($path, '/Shared', strlen('/Shared') !== 0)) {
    433. 

  433. 				// get path including the the storage mount point
    434. 

  434. 				$path = $util->getPathWithMountPoint($params['itemSource']);
    435. 

  435. 			}
    436. 

  436. 

  437. 			// if we unshare a folder we need a list of all (sub-)files
    438. 

  438. 			if ($params['itemType'] === 'folder') {
    439. 

  439. 				$allFiles = $util->getAllFiles($path);
    440. 

  440. 			} else {
    441. 

  441. 				$allFiles = array($path);
    442. 

  442. 			}
    443. 

  443. 

  444. 			foreach ($allFiles as $path) {
    445. 

  445. 

  446. 				// check if the user still has access to the file, otherwise delete share key
    447. 

  447. 				$sharingUsers = $util->getSharingUsersArray(true, $path);
    448. 

  448. 

  449. 				// Unshare every user who no longer has access to the file
    450. 

  450. 				$delUsers = array_diff($userIds, $sharingUsers);
    451. 

  451. 

  452. 				// delete share key
    453. 

  453. 				Keymanager::delShareKey($view, $delUsers, $path);
    454. 

  454. 			}
    455. 

  455. 

  456. 		}
    457. 

  457. 	}
    458. 

  458. 

  459. 	/**
    460. 

  460. 	 * @brief after a file is renamed, rename its keyfile and share-keys also fix the file size and fix also the sharing
    461. 

  461. 	 * @param array with oldpath and newpath
    462. 

  462. 	 *
    463. 

  463. 	 * This function is connected to the rename signal of OC_Filesystem and adjust the name and location
    464. 

  464. 	 * of the stored versions along the actual file
    465. 

  465. 	 */
    466. 

  466. 	public static function postRename($params) {
    467. 

  467. 		// Disable encryption proxy to prevent recursive calls
    468. 

  468. 		$proxyStatus = \OC_FileProxy::$enabled;
    469. 

  469. 		\OC_FileProxy::$enabled = false;
    470. 

  470. 

  471. 		$view = new \OC_FilesystemView('/');
    472. 

  472. 		$session = new \OCA\Encryption\Session($view);
    473. 

  473. 		$userId = \OCP\User::getUser();
    474. 

  474. 		$util = new Util($view, $userId);
    475. 

  475. 

  476. 		// Format paths to be relative to user files dir
    477. 

  477. 		if ($util->isSystemWideMountPoint($params['oldpath'])) {
    478. 

  478. 			$baseDir = 'files_encryption/';
    479. 

  479. 			$oldKeyfilePath = $baseDir . 'keyfiles/' . $params['oldpath'];
    480. 

  480. 		} else {
    481. 

  481. 			$baseDir = $userId . '/' . 'files_encryption/';
    482. 

  482. 			$oldKeyfilePath = $baseDir . 'keyfiles/' . $params['oldpath'];
    483. 

  483. 		}
    484. 

  484. 

  485. 		if ($util->isSystemWideMountPoint($params['newpath'])) {
    486. 

  486. 			$newKeyfilePath =  $baseDir . 'keyfiles/' . $params['newpath'];
    487. 

  487. 		} else {
    488. 

  488. 			$newKeyfilePath = $baseDir . 'keyfiles/' . $params['newpath'];
    489. 

  489. 		}
    490. 

  490. 

  491. 		// add key ext if this is not an folder
    492. 

  492. 		if (!$view->is_dir($oldKeyfilePath)) {
    493. 

  493. 			$oldKeyfilePath .= '.key';
    494. 

  494. 			$newKeyfilePath .= '.key';
    495. 

  495. 

  496. 			// handle share-keys
    497. 

  497. 			$localKeyPath = $view->getLocalFile($baseDir . 'share-keys/' . $params['oldpath']);
    498. 

  498. 			$escapedPath = Helper::escapeGlobPattern($localKeyPath);
    499. 

  499. 			$matches = glob($escapedPath . '*.shareKey');
    500. 

  500. 			foreach ($matches as $src) {
    501. 

  501. 				$dst = \OC\Files\Filesystem::normalizePath(str_replace($params['oldpath'], $params['newpath'], $src));
    502. 

  502. 

  503. 				// create destination folder if not exists
    504. 

  504. 				if (!file_exists(dirname($dst))) {
    505. 

  505. 					mkdir(dirname($dst), 0750, true);
    506. 

  506. 				}
    507. 

  507. 

  508. 				rename($src, $dst);
    509. 

  509. 			}
    510. 

  510. 

  511. 		} else {
    512. 

  512. 			// handle share-keys folders
    513. 

  513. 			$oldShareKeyfilePath = $baseDir . 'share-keys/' . $params['oldpath'];
    514. 

  514. 			$newShareKeyfilePath = $baseDir . 'share-keys/' . $params['newpath'];
    515. 

  515. 

  516. 			// create destination folder if not exists
    517. 

  517. 			if (!$view->file_exists(dirname($newShareKeyfilePath))) {
    518. 

  518. 				$view->mkdir(dirname($newShareKeyfilePath), 0750, true);
    519. 

  519. 			}
    520. 

  520. 

  521. 			$view->rename($oldShareKeyfilePath, $newShareKeyfilePath);
    522. 

  522. 		}
    523. 

  523. 

  524. 		// Rename keyfile so it isn't orphaned
    525. 

  525. 		if ($view->file_exists($oldKeyfilePath)) {
    526. 

  526. 

  527. 			// create destination folder if not exists
    528. 

  528. 			if (!$view->file_exists(dirname($newKeyfilePath))) {
    529. 

  529. 				$view->mkdir(dirname($newKeyfilePath), 0750, true);
    530. 

  530. 			}
    531. 

  531. 

  532. 			$view->rename($oldKeyfilePath, $newKeyfilePath);
    533. 

  533. 		}
    534. 

  534. 

  535. 		// build the path to the file
    536. 

  536. 		$newPath = '/' . $userId . '/files' . $params['newpath'];
    537. 

  537. 		$newPathRelative = $params['newpath'];
    538. 

  538. 

  539. 		if ($util->fixFileSize($newPath)) {
    540. 

  540. 			// get sharing app state
    541. 

  541. 			$sharingEnabled = \OCP\Share::isEnabled();
    542. 

  542. 

  543. 			// get users
    544. 

  544. 			$usersSharing = $util->getSharingUsersArray($sharingEnabled, $newPathRelative);
    545. 

  545. 

  546. 			// update sharing-keys
    547. 

  547. 			$util->setSharedFileKeyfiles($session, $usersSharing, $newPathRelative);
    548. 

  548. 		}
    549. 

  549. 

  550. 		\OC_FileProxy::$enabled = $proxyStatus;
    551. 

  551. 	}
    552. 

  552. 

  553. 	/**
    554. 

  554. 	 * set migration status back to '0' so that all new files get encrypted
    555. 

  555. 	 * if the app gets enabled again
    556. 

  556. 	 * @param array $params contains the app ID
    557. 

  557. 	 */
    558. 

  558. 	public static function preDisable($params) {
    559. 

  559. 		if ($params['app'] === 'files_encryption') {
    560. 

  560. 			$query = \OC_DB::prepare('UPDATE `*PREFIX*encryption` SET `migration_status`=0');
    561. 

  561. 			$query->execute();
    562. 

  562. 		}
    563. 

  563. 	}
    564. 

  564. 

  565. }
    566. 

  566.