Skip to content

Commit 7cc3c1f

Browse files
susnuxsusnux
committed
fix(encryption): do not setup filesystem without permissions
If the current request does not have permissions for the filesystem we must not try to setup the filesystem. Signed-off-by: Ferdinand Thiessen <[email protected]>
1 parent 61418e7 commit 7cc3c1f

File tree

2 files changed

+47
-0
lines changed

2 files changed

+47
-0
lines changed

apps/encryption/lib/Listeners/UserEventsListener.php

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -21,6 +21,7 @@
2121
use OCP\IUser;
2222
use OCP\IUserManager;
2323
use OCP\IUserSession;
24+
use OCP\Lockdown\ILockdownManager;
2425
use OCP\User\Events\BeforePasswordUpdatedEvent;
2526
use OCP\User\Events\PasswordUpdatedEvent;
2627
use OCP\User\Events\UserCreatedEvent;
@@ -43,6 +44,7 @@ public function __construct(
4344
private IUserSession $userSession,
4445
private SetupManager $setupManager,
4546
private PassphraseService $passphraseService,
47+
private ILockdownManager $lockdownManager,
4648
) {
4749
}
4850

@@ -70,6 +72,11 @@ public function handle(Event $event): void {
7072
* Startup encryption backend upon user login
7173
*/
7274
private function onUserLogin(IUser $user, ?string $password): void {
75+
// Do not try to setup filesystem if the current request does not have permissions to access it
76+
if (!$this->lockdownManager->canAccessFilesystem()) {
77+
return;
78+
}
79+
7380
// ensure filesystem is loaded
7481
$this->setupManager->setupForUser($user);
7582
if ($this->util->isMasterKeyEnabled() === false) {

apps/encryption/tests/Listeners/UserEventsListenersTest.php

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@
2020
use OCP\IUser;
2121
use OCP\IUserManager;
2222
use OCP\IUserSession;
23+
use OCP\Lockdown\ILockdownManager;
2324
use OCP\User\Events\BeforePasswordUpdatedEvent;
2425
use OCP\User\Events\PasswordUpdatedEvent;
2526
use OCP\User\Events\UserCreatedEvent;
@@ -41,6 +42,7 @@ class UserEventsListenersTest extends TestCase {
4142
protected IUserManager&MockObject $userManager;
4243
protected IUserSession&MockObject $userSession;
4344
protected SetupManager&MockObject $setupManager;
45+
protected ILockdownManager&MockObject $lockdownManager;
4446
protected PassphraseService&MockObject $passphraseService;
4547

4648
protected UserEventsListener $instance;
@@ -55,6 +57,7 @@ public function setUp(): void {
5557
$this->userManager = $this->createMock(IUserManager::class);
5658
$this->userSession = $this->createMock(IUserSession::class);
5759
$this->setupManager = $this->createMock(SetupManager::class);
60+
$this->lockdownManager = $this->createMock(ILockdownManager::class);
5861
$this->passphraseService = $this->createMock(PassphraseService::class);
5962

6063
$this->instance = new UserEventsListener(
@@ -66,10 +69,14 @@ public function setUp(): void {
6669
$this->userSession,
6770
$this->setupManager,
6871
$this->passphraseService,
72+
$this->lockdownManager,
6973
);
7074
}
7175

7276
public function testLogin(): void {
77+
$this->lockdownManager->expects(self::once())
78+
->method('canAccessFilesystem')
79+
->willReturn(true);
7380
$this->userSetup->expects(self::once())
7481
->method('setupUser')
7582
->willReturn(true);
@@ -96,6 +103,9 @@ public function testLogin(): void {
96103
}
97104

98105
public function testLoginMasterKey(): void {
106+
$this->lockdownManager->expects(self::once())
107+
->method('canAccessFilesystem')
108+
->willReturn(true);
99109
$this->util->method('isMasterKeyEnabled')->willReturn(true);
100110

101111
$this->userSetup->expects(self::never())
@@ -121,6 +131,36 @@ public function testLoginMasterKey(): void {
121131
$this->instance->handle($event);
122132
}
123133

134+
public function testLoginNoFilesystemAccess(): void {
135+
$this->lockdownManager->expects(self::once())
136+
->method('canAccessFilesystem')
137+
->willReturn(false);
138+
139+
$this->userSetup->expects(self::never())
140+
->method('setupUser');
141+
142+
$this->setupManager->expects(self::never())
143+
->method('setupForUser');
144+
145+
$this->keyManager->expects(self::never())
146+
->method('init');
147+
148+
$user = $this->createMock(IUser::class);
149+
$user->expects(self::any())
150+
->method('getUID')
151+
->willReturn('testUser');
152+
153+
$event = $this->createMock(UserLoggedInEvent::class);
154+
$event->expects(self::atLeastOnce())
155+
->method('getUser')
156+
->willReturn($user);
157+
$event->expects(self::atLeastOnce())
158+
->method('getPassword')
159+
->willReturn('password');
160+
161+
$this->instance->handle($event);
162+
}
163+
124164
public function testLogout(): void {
125165
$this->session->expects(self::once())
126166
->method('clear');

0 commit comments

Comments
 (0)