Allow server-side encryption

Close #175. Close #99. Squashed commit of the following: commit 7c5e11dded8aff22b77bb3d01233350f86af04f4 Author: Varun Patil <varunpatil@ucla.edu> Date: Mon Nov 21 02:12:34 2022 -0800 Fix lint commit b421a6d61c1143aac38d954bee032f582b71b492 Merge: 9e91d1d 019cdd3 Author: Varun Patil <varunpatil@ucla.edu> Date: Mon Nov 21 02:11:37 2022 -0800 Merge branch 'eltos-patch-99' of https://github.com/eltos/memories into eltos-eltos-patch-99 commit 019cdd3 Author: eltos <eltos@outlook.de> Date: Sat Nov 19 18:32:36 2022 +0100 Check for e2e encryption before indexing commit 5078d98 Author: eltos <eltos@outlook.de> Date: Sat Nov 19 18:28:57 2022 +0100 Check for e2e encryption when changing exif data commit 1167365 Merge: d465400 e210c32 Author: Philipp Niedermayer <eltos@outlook.de> Date: Sat Nov 19 15:52:58 2022 +0100 Merge branch 'pulsejet:master' into eltos-patch-99 commit d465400 Author: Philipp Niedermayer <eltos@outlook.de> Date: Mon Nov 7 22:21:20 2022 +0100 Allow server-side encryption See #99
pulsejet · Nov 21, 2022 · cf4ae6a · cf4ae6a
1 parent 9e91d1d
commit cf4ae6a
Show file tree

Hide file tree

Showing 4 changed files with 28 additions and 2 deletions.
diff --git a/lib/Command/Index.php b/lib/Command/Index.php
@@ -178,8 +178,9 @@ protected function executeWithOpts(OutputInterface $output, bool &$refresh): int
         // Time measurement
         $startTime = microtime(true);
 
-        if ($this->encryptionManager->isEnabled()) {
-            error_log('FATAL: Encryption is enabled. Aborted.');
+        if (\OCA\Memories\Util::isEncryptionEnabled($this->encryptionManager)) {
+            // Can work with server-side but not with e2e encryption, see https://github.com/pulsejet/memories/issues/99
+            error_log('FATAL: Only server-side encryption (OC_DEFAULT_MODULE) is supported, but another encryption module is enabled. Aborted.');
 
             return 1;
         }

diff --git a/lib/Controller/ApiBase.php b/lib/Controller/ApiBase.php
@@ -32,6 +32,7 @@
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\JSONResponse;
+use OCP\Encryption\IManager;
 use OCP\Files\File;
 use OCP\Files\Folder;
 use OCP\Files\IRootFolder;
@@ -48,6 +49,7 @@ class ApiBase extends Controller
     protected IUserSession $userSession;
     protected IRootFolder $rootFolder;
     protected IAppManager $appManager;
+    protected IManager $encryptionManager;
     protected TimelineQuery $timelineQuery;
     protected TimelineWrite $timelineWrite;
     protected IShareManager $shareManager;
@@ -60,6 +62,7 @@ public function __construct(
         IDBConnection $connection,
         IRootFolder $rootFolder,
         IAppManager $appManager,
+        IManager $encryptionManager,
         IShareManager $shareManager,
         IPreview $preview
     ) {
@@ -70,6 +73,7 @@ public function __construct(
         $this->connection = $connection;
         $this->rootFolder = $rootFolder;
         $this->appManager = $appManager;
+        $this->encryptionManager = $encryptionManager;
         $this->shareManager = $shareManager;
         $this->previewManager = $preview;
         $this->timelineQuery = new TimelineQuery($connection);

diff --git a/lib/Controller/ImageController.php b/lib/Controller/ImageController.php
@@ -75,6 +75,11 @@ public function setExif(string $id): JSONResponse
             return new JSONResponse([], Http::STATUS_FORBIDDEN);
         }
 
+        // Check for end-to-end encryption
+        if (\OCA\Memories\Util::isEncryptionEnabled($this->encryptionManager)) {
+            return new JSONResponse(['message' => 'Cannot change encrypted file'], Http::STATUS_PRECONDITION_FAILED);
+        }
+
         // Get original file from body
         $exif = $this->request->getParam('raw');
         $path = $file->getStorage()->getLocalFile($file->getInternalPath());

diff --git a/lib/Util.php b/lib/Util.php
@@ -105,4 +105,20 @@ public static function isLinkSharingEnabled(&$config): bool
 
         return true;
     }
+
+    /**
+     * Check if any encryption is enabled that we can not cope with
+     * such as end-to-end encryption.
+     *
+     * @param mixed $encryptionManager
+     */
+    public static function isEncryptionEnabled(&$encryptionManager): bool
+    {
+        if ($encryptionManager->isEnabled()) {
+            // Server-side encryption (OC_DEFAULT_MODULE) is okay, others like e2e are not
+            return 'OC_DEFAULT_MODULE' !== $encryptionManager->getDefaultEncryptionModuleId();
+        }
+
+        return false;
+    }
 }