From 4d99e87efd0e064893af42bd34fc0da7913ccd13 Mon Sep 17 00:00:00 2001 From: Edward Ly Date: Wed, 22 Oct 2025 07:42:13 -0700 Subject: [PATCH] feat(encryption): Support running decrypt-all when encryption is already disabled MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This was an arbitrary limitation since the first thing the command does is disabling encryption anyway, it makes little sence to force the admin to enable encryption first. Signed-off-by: Côme Chilliet Signed-off-by: Edward Ly --- core/Command/Encryption/DecryptAll.php | 33 ++++++++++++++++---------- 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/core/Command/Encryption/DecryptAll.php b/core/Command/Encryption/DecryptAll.php index 92e2ba787e20c..f3133fa33e829 100644 --- a/core/Command/Encryption/DecryptAll.php +++ b/core/Command/Encryption/DecryptAll.php @@ -5,10 +5,11 @@ * SPDX-FileCopyrightText: 2016 ownCloud, Inc. * SPDX-License-Identifier: AGPL-3.0-only */ + namespace OC\Core\Command\Encryption; use OCP\App\IAppManager; -use OCP\Encryption\IManager; +use OCP\IAppConfig; use OCP\IConfig; use Symfony\Component\Console\Command\Command; use Symfony\Component\Console\Helper\QuestionHelper; @@ -22,9 +23,9 @@ class DecryptAll extends Command { protected bool $wasMaintenanceModeEnabled = false; public function __construct( - protected IManager $encryptionManager, protected IAppManager $appManager, protected IConfig $config, + protected IAppConfig $appConfig, protected \OC\Encryption\DecryptAll $decryptAll, protected QuestionHelper $questionHelper, ) { @@ -88,14 +89,14 @@ protected function execute(InputInterface $input, OutputInterface $output): int return 1; } + $originallyEnabled = $this->appConfig->getValueBool('core', 'encryption_enabled'); try { - if ($this->encryptionManager->isEnabled() === true) { + if ($originallyEnabled) { $output->write('Disable server side encryption... '); - $this->config->setAppValue('core', 'encryption_enabled', 'no'); + $this->appConfig->setValueBool('core', 'encryption_enabled', false); $output->writeln('done.'); } else { $output->writeln('Server side encryption not enabled. Nothing to do.'); - return 0; } $uid = $input->getArgument('user'); @@ -118,23 +119,29 @@ protected function execute(InputInterface $input, OutputInterface $output): int $result = $this->decryptAll->decryptAll($input, $output, $user); if ($result === false) { $output->writeln(' aborted.'); + if ($originallyEnabled) { + $output->writeln('Server side encryption remains enabled'); + $this->appConfig->setValueBool('core', 'encryption_enabled', true); + } + } elseif (($uid !== '') && $originallyEnabled) { $output->writeln('Server side encryption remains enabled'); - $this->config->setAppValue('core', 'encryption_enabled', 'yes'); - } elseif ($uid !== '') { - $output->writeln('Server side encryption remains enabled'); - $this->config->setAppValue('core', 'encryption_enabled', 'yes'); + $this->appConfig->setValueBool('core', 'encryption_enabled', true); } $this->resetMaintenanceAndTrashbin(); return 0; } - $output->write('Enable server side encryption... '); - $this->config->setAppValue('core', 'encryption_enabled', 'yes'); - $output->writeln('done.'); + if ($originallyEnabled) { + $output->write('Enable server side encryption... '); + $this->appConfig->setValueBool('core', 'encryption_enabled', true); + $output->writeln('done.'); + } $output->writeln('aborted'); return 1; } catch (\Exception $e) { // enable server side encryption again if something went wrong - $this->config->setAppValue('core', 'encryption_enabled', 'yes'); + if ($originallyEnabled) { + $this->appConfig->setValueBool('core', 'encryption_enabled', true); + } $this->resetMaintenanceAndTrashbin(); throw $e; }