-
-
Notifications
You must be signed in to change notification settings - Fork 4.7k
fix(settings): Clarify peculiarities of enabling encryption #50424
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
Show all changes
2 commits
Select commit
Hold shift + click to select a range
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file was deleted.
Oops, something went wrong.
197 changes: 197 additions & 0 deletions
197
apps/settings/src/components/Encryption/EncryptionSettings.vue
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,197 @@ | ||
| <!-- | ||
| - SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors | ||
| - SPDX-License-Identifier: AGPL-3.0-or-later | ||
| --> | ||
|
|
||
| <script setup lang="ts"> | ||
| import type { OCSResponse } from '@nextcloud/typings/ocs' | ||
| import { showError, spawnDialog } from '@nextcloud/dialogs' | ||
| import { loadState } from '@nextcloud/initial-state' | ||
| import { t } from '@nextcloud/l10n' | ||
| import { confirmPassword } from '@nextcloud/password-confirmation' | ||
| import { generateOcsUrl } from '@nextcloud/router' | ||
| import { ref } from 'vue' | ||
| import { textExistingFilesNotEncrypted } from './sharedTexts.ts' | ||
|
|
||
| import axios from '@nextcloud/axios' | ||
| import logger from '../../logger.ts' | ||
|
|
||
| import NcCheckboxRadioSwitch from '@nextcloud/vue/dist/Components/NcCheckboxRadioSwitch.js' | ||
| import NcNoteCard from '@nextcloud/vue/dist/Components/NcNoteCard.js' | ||
| import NcSettingsSection from '@nextcloud/vue/dist/Components/NcSettingsSection.js' | ||
| import EncryptionWarningDialog from './EncryptionWarningDialog.vue' | ||
|
|
||
| interface EncryptionModule { | ||
| default?: boolean | ||
| displayName: string | ||
| } | ||
|
|
||
| const allEncryptionModules = loadState<never[]|Record<string, EncryptionModule>>('settings', 'encryption-modules') | ||
| /** Available encryption modules on the backend */ | ||
| const encryptionModules = Array.isArray(allEncryptionModules) ? [] : Object.entries(allEncryptionModules).map(([id, module]) => ({ ...module, id })) | ||
| /** ID of the default encryption module */ | ||
| const defaultCheckedModule = encryptionModules.find((module) => module.default)?.id | ||
|
|
||
| /** Is the server side encryptio ready to be enabled */ | ||
| const encryptionReady = loadState<boolean>('settings', 'encryption-ready') | ||
| /** Are external backends enabled (legacy ownCloud stuff) */ | ||
| const externalBackendsEnabled = loadState<boolean>('settings', 'external-backends-enabled') | ||
| /** URL to the admin docs */ | ||
| const encryptionAdminDoc = loadState<string>('settings', 'encryption-admin-doc') | ||
|
|
||
| /** Is the encryption enabled */ | ||
| const encryptionEnabled = ref(loadState<boolean>('settings', 'encryption-enabled')) | ||
|
|
||
| /** Loading state while enabling encryption (e.g. because the confirmation dialog is open) */ | ||
| const loadingEncryptionState = ref(false) | ||
|
|
||
| /** | ||
| * Open the encryption-enabling warning (spawns a dialog) | ||
| * @param enabled The enabled state of encryption | ||
| */ | ||
| function displayWarning(enabled: boolean) { | ||
| if (loadingEncryptionState.value || enabled === false) { | ||
| return | ||
| } | ||
|
|
||
| loadingEncryptionState.value = true | ||
| spawnDialog(EncryptionWarningDialog, {}, async (confirmed) => { | ||
| try { | ||
| if (confirmed) { | ||
| await enableEncryption() | ||
| } | ||
| } finally { | ||
| loadingEncryptionState.value = false | ||
| } | ||
| }) | ||
| } | ||
|
|
||
| /** | ||
| * Update an encryption setting on the backend | ||
| * @param key The setting to update | ||
| * @param value The new value | ||
| */ | ||
| async function update(key: string, value: string) { | ||
| await confirmPassword() | ||
|
|
||
| const url = generateOcsUrl('/apps/provisioning_api/api/v1/config/apps/{appId}/{key}', { | ||
| appId: 'core', | ||
| key, | ||
| }) | ||
|
|
||
| try { | ||
| const { data } = await axios.post<OCSResponse>(url, { | ||
| value, | ||
| }) | ||
| if (data.ocs.meta.status !== 'ok') { | ||
| throw new Error('Unsuccessful OCS response', { cause: data.ocs }) | ||
| } | ||
| } catch (error) { | ||
| showError(t('settings', 'Unable to update server side encryption config')) | ||
| logger.error('Unable to update server side encryption config', { error }) | ||
| return false | ||
| } | ||
| return true | ||
| } | ||
|
|
||
| /** | ||
| * Choose the default encryption module | ||
| */ | ||
| async function checkDefaultModule(): Promise<void> { | ||
| if (defaultCheckedModule) { | ||
| await update('default_encryption_module', defaultCheckedModule) | ||
| } | ||
| } | ||
|
|
||
| /** | ||
| * Enable encryption - sends an async POST request | ||
| */ | ||
| async function enableEncryption(): Promise<void> { | ||
| encryptionEnabled.value = await update('encryption_enabled', 'yes') | ||
| } | ||
| </script> | ||
|
|
||
| <template> | ||
| <NcSettingsSection :name="t('settings', 'Server-side encryption')" | ||
| :description="t('settings', 'Server-side encryption makes it possible to encrypt files which are uploaded to this server. This comes with limitations like a performance penalty, so enable this only if needed.')" | ||
| :doc-url="encryptionAdminDoc"> | ||
| <NcNoteCard v-if="encryptionEnabled" type="info"> | ||
| <p> | ||
| {{ textExistingFilesNotEncrypted }} | ||
| {{ t('settings', 'To encrypt all existing files run this OCC command:') }} | ||
| </p> | ||
| <code> | ||
| <pre>occ encryption:encrypt-all</pre> | ||
| </code> | ||
| </NcNoteCard> | ||
|
|
||
| <NcCheckboxRadioSwitch :class="{ disabled: encryptionEnabled }" | ||
| :checked="encryptionEnabled" | ||
| :aria-disabled="encryptionEnabled ? 'true' : undefined" | ||
| :aria-describedby="encryptionEnabled ? 'server-side-encryption-disable-hint' : undefined" | ||
| :loading="loadingEncryptionState" | ||
| type="switch" | ||
| @update:checked="displayWarning"> | ||
| {{ t('settings', 'Enable server-side encryption') }} | ||
| </NcCheckboxRadioSwitch> | ||
| <p v-if="encryptionEnabled" id="server-side-encryption-disable-hint" class="disable-hint"> | ||
| {{ t('settings', 'Disabling server side encryption is only possible using OCC, please refer to the documentation.') }} | ||
| </p> | ||
|
|
||
| <NcNoteCard v-if="encryptionModules.length === 0" | ||
| type="warning" | ||
| :text="t('settings', 'No encryption module loaded, please enable an encryption module in the app menu.')" /> | ||
|
|
||
| <template v-else-if="encryptionEnabled"> | ||
| <div v-if="encryptionReady && encryptionModules.length > 0"> | ||
| <h3>{{ t('settings', 'Select default encryption module:') }}</h3> | ||
| <fieldset> | ||
| <NcCheckboxRadioSwitch v-for="module in encryptionModules" | ||
| :key="module.id" | ||
| :checked.sync="defaultCheckedModule" | ||
| :value="module.id" | ||
| type="radio" | ||
| name="default_encryption_module" | ||
| @update:checked="checkDefaultModule"> | ||
| {{ module.displayName }} | ||
| </NcCheckboxRadioSwitch> | ||
| </fieldset> | ||
| </div> | ||
|
|
||
| <div v-else-if="externalBackendsEnabled"> | ||
| {{ | ||
| t( | ||
| 'settings', | ||
| 'You need to migrate your encryption keys from the old encryption (ownCloud <= 8.0) to the new one. Please enable the "Default encryption module" and run {command}', | ||
| { command: '"occ encryption:migrate"' }, | ||
| ) | ||
| }} | ||
| </div> | ||
| </template> | ||
| </NcSettingsSection> | ||
| </template> | ||
|
|
||
| <style scoped> | ||
| code { | ||
| background-color: var(--color-background-dark); | ||
| color: var(--color-main-text); | ||
|
|
||
| display: block; | ||
| margin-block-start: 0.5rem; | ||
| padding: .25lh .5lh; | ||
| width: fit-content; | ||
| } | ||
|
|
||
| .disabled { | ||
| opacity: .75; | ||
| } | ||
|
|
||
| .disabled :deep(*) { | ||
| cursor: not-allowed !important; | ||
| } | ||
|
|
||
| .disable-hint { | ||
| color: var(--color-text-maxcontrast); | ||
| padding-inline-start: 10px; | ||
| } | ||
| </style> | ||
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.