diff --git a/lib/Command/Index.php b/lib/Command/Index.php index 4613a970..1196e77a 100644 --- a/lib/Command/Index.php +++ b/lib/Command/Index.php @@ -178,8 +178,9 @@ class Index extends Command // Time measurement $startTime = microtime(true); - if ($this->encryptionManager->isEnabled()) { - error_log('FATAL: Encryption is enabled. Aborted.'); + if (\OCA\Memories\Util::isEncryptionEnabled($this->encryptionManager)) { + // Can work with server-side but not with e2e encryption, see https://github.com/pulsejet/memories/issues/99 + error_log('FATAL: Only server-side encryption (OC_DEFAULT_MODULE) is supported, but another encryption module is enabled. Aborted.'); return 1; } diff --git a/lib/Controller/ApiBase.php b/lib/Controller/ApiBase.php index a7ea2319..7a882d30 100644 --- a/lib/Controller/ApiBase.php +++ b/lib/Controller/ApiBase.php @@ -32,6 +32,7 @@ use OCP\App\IAppManager; use OCP\AppFramework\Controller; use OCP\AppFramework\Http; use OCP\AppFramework\Http\JSONResponse; +use OCP\Encryption\IManager; use OCP\Files\File; use OCP\Files\Folder; use OCP\Files\IRootFolder; @@ -48,6 +49,7 @@ class ApiBase extends Controller protected IUserSession $userSession; protected IRootFolder $rootFolder; protected IAppManager $appManager; + protected IManager $encryptionManager; protected TimelineQuery $timelineQuery; protected TimelineWrite $timelineWrite; protected IShareManager $shareManager; @@ -60,6 +62,7 @@ class ApiBase extends Controller IDBConnection $connection, IRootFolder $rootFolder, IAppManager $appManager, + IManager $encryptionManager, IShareManager $shareManager, IPreview $preview ) { @@ -70,6 +73,7 @@ class ApiBase extends Controller $this->connection = $connection; $this->rootFolder = $rootFolder; $this->appManager = $appManager; + $this->encryptionManager = $encryptionManager; $this->shareManager = $shareManager; $this->previewManager = $preview; $this->timelineQuery = new TimelineQuery($connection); diff --git a/lib/Controller/ImageController.php b/lib/Controller/ImageController.php index c6cb40bf..03d3606d 100644 --- a/lib/Controller/ImageController.php +++ b/lib/Controller/ImageController.php @@ -75,6 +75,11 @@ class ImageController extends ApiBase return new JSONResponse([], Http::STATUS_FORBIDDEN); } + // Check for end-to-end encryption + if (\OCA\Memories\Util::isEncryptionEnabled($this->encryptionManager)) { + return new JSONResponse(['message' => 'Cannot change encrypted file'], Http::STATUS_PRECONDITION_FAILED); + } + // Get original file from body $exif = $this->request->getParam('raw'); $path = $file->getStorage()->getLocalFile($file->getInternalPath()); diff --git a/lib/Util.php b/lib/Util.php index 2ddd9cb6..9d7e1e1a 100644 --- a/lib/Util.php +++ b/lib/Util.php @@ -105,4 +105,20 @@ class Util return true; } + + /** + * Check if any encryption is enabled that we can not cope with + * such as end-to-end encryption. + * + * @param mixed $encryptionManager + */ + public static function isEncryptionEnabled(&$encryptionManager): bool + { + if ($encryptionManager->isEnabled()) { + // Server-side encryption (OC_DEFAULT_MODULE) is okay, others like e2e are not + return 'OC_DEFAULT_MODULE' !== $encryptionManager->getDefaultEncryptionModuleId(); + } + + return false; + } }