Prevent running FixEncryptedVersion without master key

Return an error when running occ encryption:fix-encrypted-version
when master key encryption is not enabled.

Signed-off-by: Vincent Petry <[email protected]>

apps/encryption/lib/Command/FixEncryptedVersion.php

@@ -24,6 +24,7 @@
 
 use OC\Files\View;
 use OC\HintException;
+use OCA\Encryption\Util;
 use OCP\Files\IRootFolder;
 use OCP\IConfig;
 use OCP\ILogger;
@@ -46,14 +47,25 @@ class FixEncryptedVersion extends Command {
 	/** @var IUserManager  */
 	private $userManager;
 
+	/** @var Util */
+	private $util;
+
 	/** @var View  */
 	private $view;
 
-	public function __construct(IConfig $config, ILogger $logger, IRootFolder $rootFolder, IUserManager $userManager, View $view) {
+	public function __construct(
+		IConfig $config,
+		ILogger $logger,
+		IRootFolder $rootFolder,
+		IUserManager $userManager,
+		Util $util,
+		View $view
+	) {
 		$this->config = $config;
 		$this->logger = $logger;
 		$this->rootFolder = $rootFolder;
 		$this->userManager = $userManager;
+		$this->util = $util;
 		$this->view = $view;
 		parent::__construct();
 	}
@@ -89,6 +101,11 @@ protected function execute(InputInterface $input, OutputInterface $output): int
 			return 1;
 		}
 
+		if (!$this->util->isMasterKeyEnabled()) {
+			$output->writeln("<error>Repairing only works with master key encryption.</error>\n");
+			return 1;
+		}
+
 		$user = (string)$input->getArgument('user');
 		$pathToWalk = "/$user/files";
 

apps/encryption/tests/Command/FixEncryptedVersionTest.php

@@ -23,6 +23,7 @@
 
 use OC\Files\View;
 use OCA\Encryption\Command\FixEncryptedVersion;
+use OCA\Encryption\Util;
 use Symfony\Component\Console\Tester\CommandTester;
 use Test\TestCase;
 use Test\Traits\EncryptionTrait;
@@ -48,11 +49,17 @@ class FixEncryptedVersionTest extends TestCase {
 	/** @var CommandTester */
 	private $commandTester;
 
+	/** @var Util|\PHPUnit\Framework\MockObject\MockObject */
+	protected $util;
+
 	public function setUp(): void {
 		parent::setUp();
 
 		\OC::$server->getConfig()->setAppValue('encryption', 'useMasterKey', '1');
 
+		$this->util = $this->getMockBuilder(Util::class)
+			->disableOriginalConstructor()->getMock();
+
 		$this->userId = $this->getUniqueId('user_');
 
 		$this->createUser($this->userId, 'foo12345678');
@@ -66,6 +73,7 @@ public function setUp(): void {
 			\OC::$server->getLogger(),
 			\OC::$server->getRootFolder(),
 			\OC::$server->getUserManager(),
+			$this->util,
 			new View('/')
 		);
 		$this->commandTester = new CommandTester($this->fixEncryptedVersion);
@@ -80,6 +88,9 @@ public function setUp(): void {
 	 * but greater than zero
 	 */
 	public function testEncryptedVersionLessThanOriginalValue() {
+		$this->util->expects($this->once())->method('isMasterKeyEnabled')
+			->willReturn(true);
+
 		$view = new View("/" . $this->userId . "/files");
 
 		$view->touch('hello.txt');
@@ -145,6 +156,9 @@ public function testEncryptedVersionLessThanOriginalValue() {
 	 * but greater than zero
 	 */
 	public function testEncryptedVersionGreaterThanOriginalValue() {
+		$this->util->expects($this->once())->method('isMasterKeyEnabled')
+			->willReturn(true);
+
 		$view = new View("/" . $this->userId . "/files");
 
 		$view->touch('hello.txt');
@@ -201,6 +215,9 @@ public function testEncryptedVersionGreaterThanOriginalValue() {
 	}
 
 	public function testVersionIsRestoredToOriginalIfNoFixIsFound() {
+		$this->util->expects($this->once())->method('isMasterKeyEnabled')
+			->willReturn(true);
+
 		$view = new View("/" . $this->userId . "/files");
 
 		$view->touch('bar.txt');
@@ -231,6 +248,9 @@ public function testVersionIsRestoredToOriginalIfNoFixIsFound() {
 	 * Test commands with a file path
 	 */
 	public function testExecuteWithFilePathOption() {
+		$this->util->expects($this->once())->method('isMasterKeyEnabled')
+			->willReturn(true);
+
 		$view = new View("/" . $this->userId . "/files");
 
 		$view->touch('hello.txt');
@@ -252,6 +272,9 @@ public function testExecuteWithFilePathOption() {
 	 * Test commands with a directory path
 	 */
 	public function testExecuteWithDirectoryPathOption() {
+		$this->util->expects($this->once())->method('isMasterKeyEnabled')
+			->willReturn(true);
+
 		$view = new View("/" . $this->userId . "/files");
 
 		$view->mkdir('sub');
@@ -274,6 +297,9 @@ public function testExecuteWithDirectoryPathOption() {
 	 * Test commands with a directory path
 	 */
 	public function testExecuteWithNoUser() {
+		$this->util->expects($this->once())->method('isMasterKeyEnabled')
+			->willReturn(true);
+
 		$this->commandTester->execute([
 			'user' => null,
 			'--path' => "/"
@@ -288,6 +314,9 @@ public function testExecuteWithNoUser() {
 	 * Test commands with a directory path
 	 */
 	public function testExecuteWithNonExistentPath() {
+		$this->util->expects($this->once())->method('isMasterKeyEnabled')
+			->willReturn(true);
+
 		$this->commandTester->execute([
 			'user' => $this->userId,
 			'--path' => '/non-exist'
@@ -297,4 +326,21 @@ public function testExecuteWithNonExistentPath() {
 
 		$this->assertStringContainsString('Please provide a valid path.', $output);
 	}
+
+	/**
+	 * Test commands without master key
+	 */
+	public function testExecuteWithNoMasterKey() {
+		\OC::$server->getConfig()->setAppValue('encryption', 'useMasterKey', '0');
+		$this->util->expects($this->once())->method('isMasterKeyEnabled')
+			->willReturn(false);
+
+		$this->commandTester->execute([
+			'user' => $this->userId,
+		]);
+
+		$output = $this->commandTester->getDisplay();
+
+		$this->assertStringContainsString('only works with master key', $output);
+	}
 }