From 5078d986da292ef8e8363241817c9789c6aceb32 Mon Sep 17 00:00:00 2001
From: eltos <eltos@outlook.de>
Date: Sat, 19 Nov 2022 18:28:57 +0100
Subject: [PATCH] Check for e2e encryption when changing exif data

---
 lib/Controller/ApiBase.php         |  4 ++++
 lib/Controller/ImageController.php |  5 +++++
 lib/Util.php                       | 13 +++++++++++++
 3 files changed, 22 insertions(+)

diff --git a/lib/Controller/ApiBase.php b/lib/Controller/ApiBase.php
index a7ea2319..7a882d30 100644
--- a/lib/Controller/ApiBase.php
+++ b/lib/Controller/ApiBase.php
@@ -32,6 +32,7 @@ use OCP\App\IAppManager;
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\JSONResponse;
+use OCP\Encryption\IManager;
 use OCP\Files\File;
 use OCP\Files\Folder;
 use OCP\Files\IRootFolder;
@@ -48,6 +49,7 @@ class ApiBase extends Controller
     protected IUserSession $userSession;
     protected IRootFolder $rootFolder;
     protected IAppManager $appManager;
+    protected IManager $encryptionManager;
     protected TimelineQuery $timelineQuery;
     protected TimelineWrite $timelineWrite;
     protected IShareManager $shareManager;
@@ -60,6 +62,7 @@ class ApiBase extends Controller
         IDBConnection $connection,
         IRootFolder $rootFolder,
         IAppManager $appManager,
+        IManager $encryptionManager,
         IShareManager $shareManager,
         IPreview $preview
     ) {
@@ -70,6 +73,7 @@ class ApiBase extends Controller
         $this->connection = $connection;
         $this->rootFolder = $rootFolder;
         $this->appManager = $appManager;
+        $this->encryptionManager = $encryptionManager;
         $this->shareManager = $shareManager;
         $this->previewManager = $preview;
         $this->timelineQuery = new TimelineQuery($connection);
diff --git a/lib/Controller/ImageController.php b/lib/Controller/ImageController.php
index c6cb40bf..1a088181 100644
--- a/lib/Controller/ImageController.php
+++ b/lib/Controller/ImageController.php
@@ -75,6 +75,11 @@ class ImageController extends ApiBase
             return new JSONResponse([], Http::STATUS_FORBIDDEN);
         }
 
+        // Check for end-to-end encryption
+        if (\OCA\Memories\Util::isEncryptionEnabled($this->encryptionManager)){
+            return new JSONResponse(['message' => 'Cannot change encrypted file'], Http::STATUS_PRECONDITION_FAILED);
+        }
+
         // Get original file from body
         $exif = $this->request->getParam('raw');
         $path = $file->getStorage()->getLocalFile($file->getInternalPath());
diff --git a/lib/Util.php b/lib/Util.php
index 2ddd9cb6..8bed7192 100644
--- a/lib/Util.php
+++ b/lib/Util.php
@@ -105,4 +105,17 @@ class Util
 
         return true;
     }
+
+    /**
+     * Check if any encryption is enabled that we can not cope with
+     * such as end-to-end encryption
+     */
+    public static function isEncryptionEnabled(&$encryptionManager): bool
+    {
+        if ($encryptionManager->isEnabled()){
+            // Server-side encryption (OC_DEFAULT_MODULE) is okay, others like e2e are not
+            return $encryptionManager->getDefaultEncryptionModuleId() != 'OC_DEFAULT_MODULE';
+        }
+        return false;
+    }
 }