search

owncloud / core

:cloud: ownCloud web server core (Files, DAV, etc.)
https://owncloud.com
GNU Affero General Public License v3.0
8.35k stars 2.06k forks source link

Decrypt-all should skip users who never logged in #29722

Closed PVince81 closed 6 years ago

PVince81 commented 6 years ago

Steps

  1. Login as admin
  2. Create a user "user1"
  3. Enable user-key encryption
  4. Login as admin again. (do NOT login as user1 so they don't receive a key)
  5. Log out
  6. Run occ decrypt-all and enter the passwords of the individual users when asked

Actual result

Decrypt-all attempts to decrypt for user1 but fails with PrivateKeyMissingException.

Expected result

Only iterate over users who have logged in at least once. If we do find a user with a private key missing who has already logged in, log a warning with this detail and skip the user.

Version

ownCloud 10.0.4RC1

This is mostly a usability issue, as the admin would need to rerun the command again. Maybe they'd even need to run the command for each user individually to be able to skip.

@sharidas @tomneedham @pako81

PVince81 commented 6 years ago

Note that LDAP users never get a encryption key until they log in the first time.

With DB users created by admin, they usually receive a key directly at creation time, given that encryption is already enabled at creation time.

sharidas commented 6 years ago

The console log from the master branch:

sujith@sujith-Inspiron-5567 ~/test/owncloud $ ./occ encryption:decrypt-all
Cannot load Xdebug - it was already loaded
Disable server side encryption... done.

You are about to start to decrypt all files stored in your ownCloud.
It will depend on the encryption module and your setup if this is possible.
Depending on the number and size of your files this can take some time
Please make sure that no user access his files during this process!

Do you really want to continue? (y/n) y
prepare encryption modules...
 done.

 Fetch list of users... finished 
 [============================]

 starting to decrypt files... 
 [->--------------------------]
Prepare "Default encryption module"

You can only decrypt the users files if you know
the users password or if he activated the recovery key.

Do you want to use the user: admin login password to decrypt all files? (y/n) y
 decrypt files for user admin (1 of 2): /admin/files/welcome.txt 
 [-->-------------------------]
Prepare "Default encryption module"

You can only decrypt the users files if you know
the users password or if he activated the recovery key.

Do you want to use the user: user1 login password to decrypt all files? (y/n) y
 starting to decrypt files... finished 
 [============================]

all files could be decrypted successfully!
sujith@sujith-Inspiron-5567 ~/test/owncloud $

Can we close this issue?

tomneedham commented 6 years ago

https://github.com/owncloud/core/pull/29415

ownclouders commented 6 years ago

Hey, this issue has been closed because the label status/STALE is set and there were no updates for 7 days. Feel free to reopen this issue if you deem it appropriate.

(This is an automated comment from GitMate.io.)

PVince81 commented 6 years ago

https://github.com/owncloud/core/pull/29415 is merged

lock[bot] commented 5 years ago

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.