Merge pull request #11696 from owncloud/addWarningToEncryptionLostPas…

…sword Warn for password reset when files_encryption is enabled
owncloud · Nov 19, 2014 · 1c8f956 · 1c8f956
2 parents dc9eaf5 + 345eb62
commit 1c8f956
Show file tree

Hide file tree

Showing 15 changed files with 388 additions and 150 deletions.
diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php
@@ -263,6 +263,19 @@ public static function setPassphrase($params) {
 		}
 	}
 
+	/**
+	 * after password reset we create a new key pair for the user
+	 *
+	 * @param array $params
+	 */
+	public static function postPasswordReset($params) {
+		$uid = $params['uid'];
+		$password = $params['password'];
+
+		$util = new Util(new \OC\Files\View(), $uid);
+		$util->replaceUserKeys($password);
+	}
+
 	/*
 	 * check if files can be encrypted to every user.
 	 */

diff --git a/apps/files_encryption/lib/helper.php b/apps/files_encryption/lib/helper.php
@@ -70,6 +70,7 @@ public static function registerFilesystemHooks() {
 		\OCP\Util::connectHook('OC_Filesystem', 'delete', 'OCA\Encryption\Hooks', 'preDelete');
 		\OCP\Util::connectHook('OC_Filesystem', 'post_umount', 'OCA\Encryption\Hooks', 'postUmount');
 		\OCP\Util::connectHook('OC_Filesystem', 'umount', 'OCA\Encryption\Hooks', 'preUmount');
+		\OCP\Util::connectHook('\OC\Core\LostPassword\Controller\LostController', 'post_passwordReset', 'OCA\Encryption\Hooks', 'postPasswordReset');
 	}
 
 	/**

diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php
@@ -124,6 +124,18 @@ public function userKeysExists() {
 		}
 	}
 
+	/**
+	 * create a new public/private key pair for the user
+	 *
+	 * @param string $password password for the private key
+	 */
+	public function replaceUserKeys($password) {
+		$this->backupAllKeys('password_reset');
+		$this->view->unlink($this->publicKeyPath);
+		$this->view->unlink($this->privateKeyPath);
+		$this->setupServerSide($password);
+	}
+
 	/**
 	 * Sets up user folders and keys for serverside encryption
 	 *

diff --git a/core/application.php b/core/application.php
@@ -10,13 +10,22 @@
 
 namespace OC\Core;
 
+use OC\AppFramework\Utility\SimpleContainer;
 use \OCP\AppFramework\App;
 use OC\Core\LostPassword\Controller\LostController;
 use OC\Core\User\UserController;
+use \OCP\Util;
 
+/**
+ * Class Application
+ *
+ * @package OC\Core
+ */
 class Application extends App {
 
-
+	/**
+	 * @param array $urlParams
+	 */
 	public function __construct(array $urlParams=array()){
 		parent::__construct('core', $urlParams);
 
@@ -25,29 +34,56 @@ public function __construct(array $urlParams=array()){
 		/**
 		 * Controllers
 		 */
-		$container->registerService('LostController', function($c) {
+		$container->registerService('LostController', function(SimpleContainer $c) {
 			return new LostController(
 				$c->query('AppName'),
 				$c->query('Request'),
-				$c->query('ServerContainer')->getURLGenerator(),
-				$c->query('ServerContainer')->getUserManager(),
-				new \OC_Defaults(),
-				$c->query('ServerContainer')->getL10N('core'),
-				$c->query('ServerContainer')->getConfig(),
-				$c->query('ServerContainer')->getUserSession(),
-				\OCP\Util::getDefaultEmailAddress('lostpassword-noreply'),
-				\OC_App::isEnabled('files_encryption')
+				$c->query('URLGenerator'),
+				$c->query('UserManager'),
+				$c->query('Defaults'),
+				$c->query('L10N'),
+				$c->query('Config'),
+				$c->query('SecureRandom'),
+				$c->query('DefaultEmailAddress'),
+				$c->query('IsEncryptionEnabled')
 			);
 		});
-		$container->registerService('UserController', function($c) {
+		$container->registerService('UserController', function(SimpleContainer $c) {
 			return new UserController(
 				$c->query('AppName'),
 				$c->query('Request'),
-				$c->query('ServerContainer')->getUserManager(),
-				new \OC_Defaults()
+				$c->query('UserManager'),
+				$c->query('Defaults')
 			);
 		});
-	}
 
+		/**
+		 * Core class wrappers
+		 */
+		$container->registerService('IsEncryptionEnabled', function() {
+			return \OC_App::isEnabled('files_encryption');
+		});
+		$container->registerService('URLGenerator', function(SimpleContainer $c) {
+			return $c->query('ServerContainer')->getURLGenerator();
+		});
+		$container->registerService('UserManager', function(SimpleContainer $c) {
+			return $c->query('ServerContainer')->getUserManager();
+		});
+		$container->registerService('Config', function(SimpleContainer $c) {
+			return $c->query('ServerContainer')->getConfig();
+		});
+		$container->registerService('L10N', function(SimpleContainer $c) {
+			return $c->query('ServerContainer')->getL10N('core');
+		});
+		$container->registerService('SecureRandom', function(SimpleContainer $c) {
+			return $c->query('ServerContainer')->getSecureRandom();
+		});
+		$container->registerService('Defaults', function() {
+			return new \OC_Defaults;
+		});
+		$container->registerService('DefaultEmailAddress', function() {
+			return Util::getDefaultEmailAddress('lostpassword-noreply');
+		});
+	}
 
 }
diff --git a/core/css/styles.css b/core/css/styles.css
@@ -353,6 +353,12 @@ input[type="submit"].enabled {
 	filter: alpha(opacity=60);
 	opacity: .6;
 }
+/* overrides another !important statement that sets this to unreadable black */
+#body-login form .warning input[type="checkbox"]:hover+label,
+#body-login form .warning input[type="checkbox"]:focus+label,
+#body-login form .warning input[type="checkbox"]+label {
+	color: #fff !important;
+}
 
 #body-login .update h2 {
 	font-size: 20px;

diff --git a/core/js/lostpassword.js b/core/js/lostpassword.js
@@ -8,19 +8,12 @@ OC.Lostpassword = {
 			+ ('<br /><input type="checkbox" id="encrypted-continue" value="Yes" />')
 			+ '<label for="encrypted-continue">'
 			+ t('core', 'I know what I\'m doing')
-			+ '</label><br />'
-			+ '<a id="lost-password-encryption" href>'
-			+ t('core', 'Reset password')
-			+ '</a>',
+			+ '</label><br />',
 
 	resetErrorMsg : t('core', 'Password can not be changed. Please contact your administrator.'),
 
 	init : function() {
-		if ($('#lost-password-encryption').length){
-			$('#lost-password-encryption').click(OC.Lostpassword.sendLink);
-		} else {
-			$('#lost-password').click(OC.Lostpassword.sendLink);
-		}
+		$('#lost-password').click(OC.Lostpassword.sendLink);
 		$('#reset-password #submit').click(OC.Lostpassword.resetPassword);
 	},
 
@@ -32,8 +25,7 @@ OC.Lostpassword = {
 			$.post(
 					OC.generateUrl('/lostpassword/email'),
 					{
-						user : $('#user').val(),
-						proceed: $('#encrypted-continue').attr('checked') ? 'Yes' : 'No'
+						user : $('#user').val()
 					},
 					OC.Lostpassword.sendLinkDone
 			);
@@ -84,11 +76,16 @@ OC.Lostpassword = {
 			$.post(
 					$('#password').parents('form').attr('action'),
 					{
-						password : $('#password').val()
+						password : $('#password').val(),
+						proceed: $('#encrypted-continue').attr('checked') ? 'true' : 'false'
 					},
 					OC.Lostpassword.resetDone
 			);
 		}
+		if($('#encrypted-continue').attr('checked')) {
+			$('#reset-password #submit').hide();
+			$('#reset-password #float-spinner').removeClass('hidden');
+		}
 	},
 
 	resetDone : function(result){
@@ -126,7 +123,7 @@ OC.Lostpassword = {
 
 	getResetStatusNode : function (){
 		if (!$('#lost-password').length){
-			$('<p id="lost-password"></p>').insertAfter($('#submit'));
+			$('<p id="lost-password"></p>').insertBefore($('#reset-password fieldset'));
 		} else {
 			$('#lost-password').replaceWith($('<p id="lost-password"></p>'));
 		}