Change to re-create masterkeys #6
Conversation
lib/Command/RecreateMasterKey.php
Outdated
| } | ||
|
|
||
| protected function execute(InputInterface $input, OutputInterface $output) { | ||
| if ($this->util->isMasterKeyEnabled()) { |
There was a problem hiding this comment.
I think we should add a warning here before starting and asking whether to proceed "Y/N". Please check how warnings are displayed for the other encryption commands. Also add a "-y" option to answer yes automatically.
Considering that this will decrypt a whole instance and might take days, we better inform the admin in advance before starting.
cc @tomneedham
lib/Command/RecreateMasterKey.php
Outdated
| $progress->finish(); | ||
| $output->writeln("\nEncryption completed successfully\n"); | ||
| } else { | ||
| $output->writeln("Master key is not enabled. Kindly enable it\n"); |
There was a problem hiding this comment.
please remove the "Kindly" bit. The instance might be in "user key" mode
lib/Command/RecreateMasterKey.php
Outdated
| } | ||
|
|
||
| public function encryptAllUsersFiles(ProgressBar $progress) { | ||
| $userNo = 1; |
lib/Command/RecreateMasterKey.php
Outdated
| } | ||
| } | ||
|
|
||
| public function encryptUsersFiles($uid, ProgressBar $progress) { |
There was a problem hiding this comment.
is there any code from the occ encrypt-all command we could reuse ?
lib/Command/RecreateMasterKey.php
Outdated
| protected $appConfig; | ||
|
|
||
| /** @var IConfig */ | ||
| protected $IConfig; |
There was a problem hiding this comment.
local attributes must start with a lower case and be camel case.
| } | ||
| } | ||
|
|
||
| if (empty($this->failed)) { |
There was a problem hiding this comment.
show error in case of failure ? an admin might want to ctrl+c when seeing this in real-time
| protected $appConfig; | ||
|
|
||
| /** @var IConfig | \PHPUnit_Framework_MockObject_MockObject */ | ||
| protected $IConfig; |
There was a problem hiding this comment.
see my comment on attribute casing above
a69526c to
cc7bbcb
Compare
| $this->keyManager, $this->util, $this->config, | ||
| $this->mailer, $this->l, $this->questionHelper, | ||
| $this->secureRandom); | ||
| $this->encryptAll->encryptAll($input, $output); |
There was a problem hiding this comment.
We call encryptAll here. Reusing old code.
There was a problem hiding this comment.
Since we use encrypt all. Let me also see if we can reuse decrypt all.
There was a problem hiding this comment.
My mistake, its better to stick on with the decrypt implemented here. The final output of a decryptall is again encrypted. Which is not the result we want.
There was a problem hiding this comment.
can you add a comment to clarify this, in case future developers wonder about the same question ?
a19ae76 to
5ebdd9e
Compare
|
|
||
| protected function encryptAllUsers(InputInterface $input, OutputInterface $output) { | ||
| /* | ||
| * We are reusing the encryptAll code but not the decryptAll. The reason being |
There was a problem hiding this comment.
Added doc which says why we are not using decryptAll and re-using encryptAll. This should help future devs understand why we used this approach.
|
Testing done as follows:
Testing done with external storage:
|
afe97a5 to
71f182d
Compare
|
|
71f182d to
775a4d0
Compare
3749e30 to
fd11f85
Compare
This change brings a new command to re-create masterkey Signed-off-by: Sujith H <sharidasan@owncloud.com>
fd11f85 to
2b1eb3e
Compare
|
Closing this PR. We have #12 to track. |
This change brings a new command to re-create
masterkey
Signed-off-by: Sujith H sharidasan@owncloud.com