Merge pull request #56167 from nextcloud/fix/fix-encryption-with-user-keys

fix(encryption): Fix user key support with basic auth

Author: come-nc

apps/encryption/lib/KeyManager.php

@@ -23,7 +23,6 @@ class KeyManager {
 	private string $recoveryKeyId;
 	private string $publicShareKeyId;
 	private string $masterKeyId;
-	private ?string $keyUid;
 	private string $publicKeyId = 'publicKey';
 	private string $privateKeyId = 'privateKey';
 	private string $shareKeyId = 'shareKey';
@@ -33,7 +32,7 @@ public function __construct(
 		private IStorage $keyStorage,
 		private Crypt $crypt,
 		private IConfig $config,
-		IUserSession $userSession,
+		private IUserSession $userSession,
 		private Session $session,
 		private LoggerInterface $logger,
 		private Util $util,
@@ -61,8 +60,6 @@ public function __construct(
 			$this->masterKeyId = 'master_' . substr(md5((string)time()), 0, 8);
 			$this->config->setAppValue('encryption', 'masterKeyId', $this->masterKeyId);
 		}
-
-		$this->keyUid = $userSession->isLoggedIn() ? $userSession->getUser()?->getUID() : null;
 	}
 
 	/**
@@ -352,7 +349,7 @@ public function getPrivateKey($userId) {
 	 * @param ?bool $useLegacyFileKey null means try both
 	 */
 	public function getFileKey(string $path, ?bool $useLegacyFileKey, bool $useDecryptAll = false): string {
-		$publicAccess = ($this->keyUid === null);
+		$publicAccess = !$this->userSession->isLoggedIn();
 		$encryptedFileKey = '';
 		if ($useLegacyFileKey ?? true) {
 			$encryptedFileKey = $this->keyStorage->getFileKey($path, $this->fileKeyId, Encryption::ID);
@@ -381,7 +378,7 @@ public function getFileKey(string $path, ?bool $useLegacyFileKey, bool $useDecry
 			$privateKey = $this->keyStorage->getSystemUserKey($this->publicShareKeyId . '.' . $this->privateKeyId, Encryption::ID);
 			$privateKey = $this->crypt->decryptPrivateKey($privateKey);
 		} else {
-			$uid = $this->keyUid;
+			$uid = $this->userSession->getUser()?->getUID();
 			$shareKey = $this->getShareKey($path, $uid);
 			$privateKey = $this->session->getPrivateKey();
 		}

apps/encryption/tests/KeyManagerTest.php

@@ -22,6 +22,7 @@
 use OCP\Files\Cache\ICache;
 use OCP\Files\Storage\IStorage as FilesIStorage;
 use OCP\IConfig;
+use OCP\IUser;
 use OCP\IUserSession;
 use OCP\Lock\ILockingProvider;
 use OCP\Lock\LockedException;
@@ -356,6 +357,9 @@ public static function dataTestGetFileKey(): array {
 	public function testGetFileKey(?string $uid, bool $isMasterKeyEnabled, string $privateKey, string $encryptedFileKey, string $expected): void {
 		$path = '/foo.txt';
 
+		$this->userMock->expects(self::once())
+			->method('isLoggedIn')
+			->willReturn($uid !== null);
 		if ($isMasterKeyEnabled) {
 			$expectedUid = 'masterKeyId';
 			$this->configMock->expects($this->any())->method('getSystemValue')->with('secret')
@@ -364,10 +368,16 @@ public function testGetFileKey(?string $uid, bool $isMasterKeyEnabled, string $p
 			$expectedUid = 'systemKeyId';
 		} else {
 			$expectedUid = $uid;
+			$userObjectMock = $this->createMock(IUser::class);
+			$userObjectMock->expects(self::once())
+				->method('getUID')
+				->willReturn($uid);
+			$this->userMock->expects(self::once())
+				->method('getUser')
+				->willReturn($userObjectMock);
 		}
 
 		$this->invokePrivate($this->instance, 'masterKeyId', ['masterKeyId']);
-		$this->invokePrivate($this->instance, 'keyUid', [$uid]);
 
 		$this->keyStorageMock->expects($this->exactly(2))
 			->method('getFileKey')