Dont decrypt shared files

[DeepDiver1975]

fixes #25599

THX @schiessle

@wipeoutdude mind testing? THX

[mention-bot]

@DeepDiver1975, thanks for your PR! By analyzing the annotation information on this pull request, we identified @schiessle, @nickvergessen and @chriseqipe to be potential reviewers

[wipeoutdude]

@DeepDiver1975 - I will have a go at testing it at the next opportunity I have and feedback the results.

[VicDeo]

no way...
Am I doing something wrong?

1. Install OC from master
2. Enable default encryption module
3. Enable serverside encryption and set a recovery key
4. Create a user 'P'
5. Relogin
6. Login as P
7. Share welcome.txt with P
8. php occ encr:encrypt-all
9. php occ encr:decrypt-all

Files for following users couldn't be decrypted, 
maybe the user is not set up in a way that supports this operation: 
    D
    P

deo@jah-mobile:~/public_html/oc-tmp> cat data/owncloud.log 

{"reqId":"PJGCahQhbUHGI4GyUTPs","remoteAddr":"","app":"PHP","message":"fclose() expects parameter 1 to be resource, string given at \/home\/deo\/public_html\/oc-tmp\/lib\/private\/Files\/Storage\/Wrapper\/Encryption.php#748","level":3,"time":"2016-08-08T13:25:32+00:00","method":"--","url":"--","user":"--"}
{"reqId":"PJGCahQhbUHGI4GyUTPs","remoteAddr":"","app":"PHP","message":"fclose() expects parameter 1 to be resource, string given at \/home\/deo\/public_html\/oc-tmp\/lib\/private\/Files\/Storage\/Wrapper\/Encryption.php#749","level":3,"time":"2016-08-08T13:25:32+00:00","method":"--","url":"--","user":"--"}
{"reqId":"PJGCahQhbUHGI4GyUTPs","remoteAddr":"","app":"PHP","message":"stream_wrapper_register(): Protocol ocencryption:\/\/ is already defined. at \/home\/deo\/public_html\/oc-tmp\/lib\/private\/Files\/Stream\/Encryption.php#195","level":3,"time":"2016-08-08T13:25:32+00:00","method":"--","url":"--","user":"--"}
{"reqId":"PJGCahQhbUHGI4GyUTPs","remoteAddr":"","app":"PHP","message":"fclose() expects parameter 1 to be resource, string given at \/home\/deo\/public_html\/oc-tmp\/lib\/private\/Files\/Storage\/Wrapper\/Encryption.php#748","level":3,"time":"2016-08-08T13:25:32+00:00","method":"--","url":"--","user":"--"}
{"reqId":"PJGCahQhbUHGI4GyUTPs","remoteAddr":"","app":"PHP","message":"fclose() expects parameter 1 to be resource, string given at \/home\/deo\/public_html\/oc-tmp\/lib\/private\/Files\/Storage\/Wrapper\/Encryption.php#749","level":3,"time":"2016-08-08T13:25:32+00:00","method":"--","url":"--","user":"--"}

[PVince81]

now thinking of it, what would happen with global external storages ? @schiessle

[DeepDiver1975]

no idea - we better test this ....

[PVince81]

@VicDeo weird stuff you're getting. Maybe you found a bug ?

I simply used the user's login password for decryption with new files, no "encrypt-all" and this PR worked fine as it left the shared files alone 👍

[PVince81]

@VicDeo please retry

[VicDeo]

@PVince81 I already tried over 6 times. Is anything changed here?

[PVince81]

@VicDeo nothing changed, I just hoped you mistyped your steps.
Does it work if you use the user's login password instead and skip "encrypt-all" but use a file that got encrypted through upload ?

I'll also try with your exact steps.

[PVince81]

@VicDeo can't reproduce the issue with your steps. As they are missing some slight details, here are mine with details:

1. Setup OC on this branch (from git without extra apps)
2. Enable default encryption module in apps page
3. Enable encryption in admin page
4. Create a user "test"
5. Log out, log in again as admin
6. Set a recovery password in admin page
7. Login as "test"
8. Go to personal page and opt-in with "enable recovery key" (this piece was missing in your steps)
9. Login as "admin"
10. Share "welcome.txt" (the non-encrypted skeleton file) with user "test"
11. Logout
12. On the CLI, run ./occ encryption:encrypt-all, say "y" to continue
13. On the CLI, run ./occ encryption:decrypt-all, say "y" to continue and enter recovery password

± % sudo -uwwwrun ./occ encryption:decrypt-all
The process control (PCNTL) extensions are required in case you want to interrupt long running commands - see http://php.net/manual/en/book.pcntl.php
Disable server side encryption... done.


You are about to start to decrypt all files stored in your ownCloud.
It will depend on the encryption module and your setup if this is possible.
Depending on the number and size of your files this can take some time
Please make sure that no user access his files during this process!

Do you really want to continue? (y/n) y
prepare encryption modules...

Prepare "Default encryption module"

You can only decrypt the files of all users if the
recovery key is enabled by the admin and activated by the users.

Please enter the recovery key password: 
 done.

 Fetch list of users... finished 
 [============================]

 starting to decrypt files... finished                           
 [============================]                                  


Files for following users couldn't be decrypted, 
maybe the user is not set up in a way that supports this operation: 
    admin

@VicDeo can you check whether your steps are exactly the same or have differences ?
Also, please run your steps directly on master to find out whether the issue you see is related to this PR or another issue.

Thanks.

[VicDeo]

@PVince81 confirmed.
Both admin and test user should have Enable password recovery set to enabled

[PVince81]

@VicDeo ah... in my case I only enabled recovery for the test user, not admin

[VicDeo]

👍
maybe it worth to check the user settings..

Files for following users couldn't be decrypted, 
maybe the user is not set up in a way that supports this operation: 
    D

Files for following users couldn't be decrypted: 
    D - password recovery disabled

or something like this....

[PVince81]

Rebased for CI.

[PVince81]

Failing test unrelated. Raised as #25830 as it fails randomly.

[PVince81]

stable9.1: #25831
stable9: #25832

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.