Allow server-side encryption

Close #175. Close #99. Squashed commit of the following: commit 7c5e11dded8aff22b77bb3d01233350f86af04f4 Author: Varun Patil <varunpatil@ucla.edu> Date: Mon Nov 21 02:12:34 2022 -0800 Fix lint commit b421a6d61c1143aac38d954bee032f582b71b492 Merge: 9e91d1d 019cdd3 Author: Varun Patil <varunpatil@ucla.edu> Date: Mon Nov 21 02:11:37 2022 -0800 Merge branch 'eltos-patch-99' of https://github.com/eltos/memories into eltos-eltos-patch-99 commit 019cdd31f2 Author: eltos <eltos@outlook.de> Date: Sat Nov 19 18:32:36 2022 +0100 Check for e2e encryption before indexing commit 5078d986da Author: eltos <eltos@outlook.de> Date: Sat Nov 19 18:28:57 2022 +0100 Check for e2e encryption when changing exif data commit 1167365f7e Merge: d465400 e210c32 Author: Philipp Niedermayer <eltos@outlook.de> Date: Sat Nov 19 15:52:58 2022 +0100 Merge branch 'pulsejet:master' into eltos-patch-99 commit d465400969 Author: Philipp Niedermayer <eltos@outlook.de> Date: Mon Nov 7 22:21:20 2022 +0100 Allow server-side encryption See https://github.com/pulsejet/memories/issues/99
2022-11-21 02:13:43 -08:00 · 2022-11-21 02:13:43 -08:00 · cf4ae6a84a
parent 9e91d1d435
commit cf4ae6a84a
4 changed files with 28 additions and 2 deletions
--- a/lib/Command/Index.php
+++ b/lib/Command/Index.php
@ -178,8 +178,9 @@ class Index extends Command
        // Time measurement
        $startTime = microtime(true);

-        if ($this->encryptionManager->isEnabled()) {
-            error_log('FATAL: Encryption is enabled. Aborted.');
+        if (\OCA\Memories\Util::isEncryptionEnabled($this->encryptionManager)) {
+            // Can work with server-side but not with e2e encryption, see https://github.com/pulsejet/memories/issues/99
+            error_log('FATAL: Only server-side encryption (OC_DEFAULT_MODULE) is supported, but another encryption module is enabled. Aborted.');

            return 1;
        }
--- a/lib/Controller/ApiBase.php
+++ b/lib/Controller/ApiBase.php
@ -32,6 +32,7 @@ use OCP\App\IAppManager;
 use OCP\AppFramework\Controller;
 use OCP\AppFramework\Http;
 use OCP\AppFramework\Http\JSONResponse;
+use OCP\Encryption\IManager;
 use OCP\Files\File;
 use OCP\Files\Folder;
 use OCP\Files\IRootFolder;
@ -48,6 +49,7 @@ class ApiBase extends Controller
    protected IUserSession $userSession;
    protected IRootFolder $rootFolder;
    protected IAppManager $appManager;
+    protected IManager $encryptionManager;
    protected TimelineQuery $timelineQuery;
    protected TimelineWrite $timelineWrite;
    protected IShareManager $shareManager;
@ -60,6 +62,7 @@ class ApiBase extends Controller
        IDBConnection $connection,
        IRootFolder $rootFolder,
        IAppManager $appManager,
+        IManager $encryptionManager,
        IShareManager $shareManager,
        IPreview $preview
    ) {
@ -70,6 +73,7 @@ class ApiBase extends Controller
        $this->connection = $connection;
        $this->rootFolder = $rootFolder;
        $this->appManager = $appManager;
+        $this->encryptionManager = $encryptionManager;
        $this->shareManager = $shareManager;
        $this->previewManager = $preview;
        $this->timelineQuery = new TimelineQuery($connection);
--- a/lib/Controller/ImageController.php
+++ b/lib/Controller/ImageController.php
@ -75,6 +75,11 @@ class ImageController extends ApiBase
            return new JSONResponse([], Http::STATUS_FORBIDDEN);
        }

+        // Check for end-to-end encryption
+        if (\OCA\Memories\Util::isEncryptionEnabled($this->encryptionManager)) {
+            return new JSONResponse(['message' => 'Cannot change encrypted file'], Http::STATUS_PRECONDITION_FAILED);
+        }
+
        // Get original file from body
        $exif = $this->request->getParam('raw');
        $path = $file->getStorage()->getLocalFile($file->getInternalPath());
--- a/lib/Util.php
+++ b/lib/Util.php
@ -105,4 +105,20 @@ class Util

        return true;
    }
+
+    /**
+     * Check if any encryption is enabled that we can not cope with
+     * such as end-to-end encryption.
+     *
+     * @param mixed $encryptionManager
+     */
+    public static function isEncryptionEnabled(&$encryptionManager): bool
+    {
+        if ($encryptionManager->isEnabled()) {
+            // Server-side encryption (OC_DEFAULT_MODULE) is okay, others like e2e are not
+            return 'OC_DEFAULT_MODULE' !== $encryptionManager->getDefaultEncryptionModuleId();
+        }
+
+        return false;
+    }
 }