nextcloud/lib/private/Encryption/Update.php

<?php

declare(strict_types=1);

/**
 * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
 * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
 * SPDX-License-Identifier: AGPL-3.0-only
 */

namespace OC\Encryption;

use InvalidArgumentException;
use OC\Files\View;
use OCP\Encryption\Exceptions\GenericEncryptionException;
use OCP\Files\File as OCPFile;
use OCP\Files\Folder;
use OCP\Files\NotFoundException;
use Psr\Log\LoggerInterface;

/**
 * update encrypted files, e.g. because a file was shared
 */
class Update {
	public function __construct(
		protected Util $util,
		protected Manager $encryptionManager,
		protected File $file,
		protected LoggerInterface $logger,
	) {
	}

	/**
	 * hook after file was shared
	 */
	public function postShared(OCPFile|Folder $node): void {
		$this->update($node);
	}

	/**
	 * hook after file was unshared
	 */
	public function postUnshared(OCPFile|Folder $node): void {
		$this->update($node);
	}

	/**
	 * inform encryption module that a file was restored from the trash bin,
	 * e.g. to update the encryption keys
	 */
	public function postRestore(OCPFile|Folder $node): void {
		$this->update($node);
	}

	/**
	 * inform encryption module that a file was renamed,
	 * e.g. to update the encryption keys
	 */
	public function postRename(OCPFile|Folder $source, OCPFile|Folder $target): void {
		if (dirname($source->getPath()) !== dirname($target->getPath())) {
			$this->update($target);
		}
	}

	/**
	 * get owner and path relative to data/
	 *
	 * @throws \InvalidArgumentException
	 */
	protected function getOwnerPath(OCPFile|Folder $node): string {
		$owner = $node->getOwner()?->getUID();
		if ($owner === null) {
			throw new InvalidArgumentException('No owner found for ' . $node->getId());
		}
		$view = new View('/' . $owner . '/files');
		try {
			$path = $view->getPath($node->getId());
		} catch (NotFoundException $e) {
			throw new InvalidArgumentException('No file found for ' . $node->getId(), previous:$e);
		}
		return '/' . $owner . '/files/' . $path;
	}

	/**
	 * notify encryption module about added/removed users from a file/folder
	 *
	 * @param string $path relative to data/
	 * @throws Exceptions\ModuleDoesNotExistsException
	 */
	public function update(OCPFile|Folder $node): void {
		$encryptionModule = $this->encryptionManager->getEncryptionModule();

		// if the encryption module doesn't encrypt the files on a per-user basis
		// we have nothing to do here.
		if ($encryptionModule->needDetailedAccessList() === false) {
			return;
		}

		$path = $this->getOwnerPath($node);
		// if a folder was shared, get a list of all (sub-)folders
		if ($node instanceof Folder) {
			$allFiles = $this->util->getAllFiles($path);
		} else {
			$allFiles = [$path];
		}

		foreach ($allFiles as $file) {
			$usersSharing = $this->file->getAccessList($file);
			try {
				$encryptionModule->update($file, '', $usersSharing);
			} catch (GenericEncryptionException $e) {
				// If the update of an individual file fails e.g. due to a corrupt key we should continue the operation and just log the failure
				$this->logger->error('Failed to update encryption module for ' . $file, [ 'exception' => $e ]);
			}
		}
	}
}
implement basic encryption functionallity in core to enable multiple encryption modules 2015-01-14 14:39:23 -05:00			`<?php`
chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de> 2024-05-23 03:26:56 -04:00
fix(encryption): Improve Update class and event listenening to avoid back&forth between path and Node object Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2025-02-11 10:06:33 -05:00			`declare(strict_types=1);`

implement basic encryption functionallity in core to enable multiple encryption modules 2015-01-14 14:39:23 -05:00			`/**`
chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de> 2024-05-23 03:26:56 -04:00			`* SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors`
			`* SPDX-FileCopyrightText: 2016 ownCloud, Inc.`
			`* SPDX-License-Identifier: AGPL-3.0-only`
implement basic encryption functionallity in core to enable multiple encryption modules 2015-01-14 14:39:23 -05:00			`*/`
fix(encryption): Improve Update class and event listenening to avoid back&forth between path and Node object Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2025-02-11 10:06:33 -05:00
implement basic encryption functionallity in core to enable multiple encryption modules 2015-01-14 14:39:23 -05:00			`namespace OC\Encryption;`

Log and continue when failing to update encryption keys during for individual files Signed-off-by: Julius Härtl <jus@bitgrid.net> 2021-03-11 05:32:29 -05:00			`use InvalidArgumentException;`
Some php-cs fixes * Order the imports * No leading slash on imports * Empty line before namespace * One line per import * Empty after imports * Emmpty line at bottom of file Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> 2019-11-22 14:52:10 -05:00			`use OC\Files\View;`
Log and continue when failing to update encryption keys during for individual files Signed-off-by: Julius Härtl <jus@bitgrid.net> 2021-03-11 05:32:29 -05:00			`use OCP\Encryption\Exceptions\GenericEncryptionException;`
fix(encryption): Improve Update class and event listenening to avoid back&forth between path and Node object Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2025-02-11 10:06:33 -05:00			`use OCP\Files\File as OCPFile;`
			`use OCP\Files\Folder;`
			`use OCP\Files\NotFoundException;`
Log and continue when failing to update encryption keys during for individual files Signed-off-by: Julius Härtl <jus@bitgrid.net> 2021-03-11 05:32:29 -05:00			`use Psr\Log\LoggerInterface;`
implement basic encryption functionallity in core to enable multiple encryption modules 2015-01-14 14:39:23 -05:00
			`/**`
			`* update encrypted files, e.g. because a file was shared`
			`*/`
			`class Update {`
			`public function __construct(`
fix(encryption): Improve Update class and event listenening to avoid back&forth between path and Node object Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2025-02-11 10:06:33 -05:00			`protected Util $util,`
			`protected Manager $encryptionManager,`
			`protected File $file,`
			`protected LoggerInterface $logger,`
chore: apply changes from Nextcloud coding standards 1.1.1 Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com> 2023-11-23 04:22:34 -05:00			`) {`
implement basic encryption functionallity in core to enable multiple encryption modules 2015-01-14 14:39:23 -05:00			`}`

update share keys if a file is moved to a shared folder 2015-04-23 10:48:11 -04:00			`/**`
			`* hook after file was shared`
			`*/`
fix(encryption): Improve Update class and event listenening to avoid back&forth between path and Node object Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2025-02-11 10:06:33 -05:00			`public function postShared(OCPFile\|Folder $node): void {`
			`$this->update($node);`
implement basic encryption functionallity in core to enable multiple encryption modules 2015-01-14 14:39:23 -05:00			`}`

update share keys if a file is moved to a shared folder 2015-04-23 10:48:11 -04:00			`/**`
			`* hook after file was unshared`
			`*/`
fix(encryption): Improve Update class and event listenening to avoid back&forth between path and Node object Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2025-02-11 10:06:33 -05:00			`public function postUnshared(OCPFile\|Folder $node): void {`
			`$this->update($node);`
implement basic encryption functionallity in core to enable multiple encryption modules 2015-01-14 14:39:23 -05:00			`}`

use hooks to update encryption keys instead of the storage wrapper if a file gets renamed/restored, as long as we are in the storage wrapper the file cache isn't up-to-date 2015-05-11 04:35:42 -04:00			`/**`
			`* inform encryption module that a file was restored from the trash bin,`
			`* e.g. to update the encryption keys`
			`*/`
fix(encryption): Improve Update class and event listenening to avoid back&forth between path and Node object Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2025-02-11 10:06:33 -05:00			`public function postRestore(OCPFile\|Folder $node): void {`
			`$this->update($node);`
use hooks to update encryption keys instead of the storage wrapper if a file gets renamed/restored, as long as we are in the storage wrapper the file cache isn't up-to-date 2015-05-11 04:35:42 -04:00			`}`

			`/**`
			`* inform encryption module that a file was renamed,`
			`* e.g. to update the encryption keys`
			`*/`
fix(encryption): Improve Update class and event listenening to avoid back&forth between path and Node object Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2025-02-11 10:06:33 -05:00			`public function postRename(OCPFile\|Folder $source, OCPFile\|Folder $target): void {`
			`if (dirname($source->getPath()) !== dirname($target->getPath())) {`
			`$this->update($target);`
use hooks to update encryption keys instead of the storage wrapper if a file gets renamed/restored, as long as we are in the storage wrapper the file cache isn't up-to-date 2015-05-11 04:35:42 -04:00			`}`
			`}`

implement basic encryption functionallity in core to enable multiple encryption modules 2015-01-14 14:39:23 -05:00			`/**`
fix(encryption): Improve Update class and event listenening to avoid back&forth between path and Node object Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2025-02-11 10:06:33 -05:00			`* get owner and path relative to data/`
implement basic encryption functionallity in core to enable multiple encryption modules 2015-01-14 14:39:23 -05:00			`*`
fix(psalm): Fix @throws annotations Signed-off-by: provokateurin <kate@provokateurin.de> 2024-09-17 11:18:30 -04:00			`* @throws \InvalidArgumentException`
implement basic encryption functionallity in core to enable multiple encryption modules 2015-01-14 14:39:23 -05:00			`*/`
fix(encryption): Improve Update class and event listenening to avoid back&forth between path and Node object Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2025-02-11 10:06:33 -05:00			`protected function getOwnerPath(OCPFile\|Folder $node): string {`
			`$owner = $node->getOwner()?->getUID();`
			`if ($owner === null) {`
			`throw new InvalidArgumentException('No owner found for ' . $node->getId());`
			`}`
update share keys if a file is moved to a shared folder 2015-04-23 10:48:11 -04:00			`$view = new View('/' . $owner . '/files');`
fix(encryption): Improve Update class and event listenening to avoid back&forth between path and Node object Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2025-02-11 10:06:33 -05:00			`try {`
			`$path = $view->getPath($node->getId());`
			`} catch (NotFoundException $e) {`
			`throw new InvalidArgumentException('No file found for ' . $node->getId(), previous:$e);`
update share keys if a file is moved to a shared folder 2015-04-23 10:48:11 -04:00			`}`
fix(encryption): Improve Update class and event listenening to avoid back&forth between path and Node object Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2025-02-11 10:06:33 -05:00			`return '/' . $owner . '/files/' . $path;`
update share keys if a file is moved to a shared folder 2015-04-23 10:48:11 -04:00			`}`
implement basic encryption functionallity in core to enable multiple encryption modules 2015-01-14 14:39:23 -05:00
update share keys if a file is moved to a shared folder 2015-04-23 10:48:11 -04:00			`/**`
			`* notify encryption module about added/removed users from a file/folder`
			`*`
			`* @param string $path relative to data/`
			`* @throws Exceptions\ModuleDoesNotExistsException`
			`*/`
fix(encryption): Improve Update class and event listenening to avoid back&forth between path and Node object Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2025-02-11 10:06:33 -05:00			`public function update(OCPFile\|Folder $node): void {`
only collect detailed access list if it is really needed Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org> 2017-05-30 05:59:49 -04:00			`$encryptionModule = $this->encryptionManager->getEncryptionModule();`

			`// if the encryption module doesn't encrypt the files on a per-user basis`
			`// we have nothing to do here.`
			`if ($encryptionModule->needDetailedAccessList() === false) {`
			`return;`
			`}`

fix(encryption): Improve Update class and event listenening to avoid back&forth between path and Node object Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2025-02-11 10:06:33 -05:00			`$path = $this->getOwnerPath($node);`
Finally fixing encryption with public share 2015-04-01 07:59:29 -04:00			`// if a folder was shared, get a list of all (sub-)folders`
fix(encryption): Improve Update class and event listenening to avoid back&forth between path and Node object Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2025-02-11 10:06:33 -05:00			`if ($node instanceof Folder) {`
update share keys if a file is moved to a shared folder 2015-04-23 10:48:11 -04:00			`$allFiles = $this->util->getAllFiles($path);`
Finally fixing encryption with public share 2015-04-01 07:59:29 -04:00			`} else {`
Use the short array syntax, everywhere Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> 2020-03-26 04:30:18 -04:00			`$allFiles = [$path];`
Finally fixing encryption with public share 2015-04-01 07:59:29 -04:00			`}`
implement basic encryption functionallity in core to enable multiple encryption modules 2015-01-14 14:39:23 -05:00
update share keys if a file is moved to a shared folder 2015-04-23 10:48:11 -04:00			`foreach ($allFiles as $file) {`
			`$usersSharing = $this->file->getAccessList($file);`
Log and continue when failing to update encryption keys during for individual files Signed-off-by: Julius Härtl <jus@bitgrid.net> 2021-03-11 05:32:29 -05:00			`try {`
fix(encryption): Do not depend upon user in session unless really necessary Should fix a bunch of stuff when encryption listener is triggered by events from occ commands or background jobs Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2025-08-07 12:08:42 -04:00			`$encryptionModule->update($file, '', $usersSharing);`
Log and continue when failing to update encryption keys during for individual files Signed-off-by: Julius Härtl <jus@bitgrid.net> 2021-03-11 05:32:29 -05:00			`} catch (GenericEncryptionException $e) {`
			`// If the update of an individual file fails e.g. due to a corrupt key we should continue the operation and just log the failure`
fix(encryption): Do not depend upon user in session unless really necessary Should fix a bunch of stuff when encryption listener is triggered by events from occ commands or background jobs Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com> 2025-08-07 12:08:42 -04:00			`$this->logger->error('Failed to update encryption module for ' . $file, [ 'exception' => $e ]);`
Log and continue when failing to update encryption keys during for individual files Signed-off-by: Julius Härtl <jus@bitgrid.net> 2021-03-11 05:32:29 -05:00			`}`
Finally fixing encryption with public share 2015-04-01 07:59:29 -04:00			`}`
implement basic encryption functionallity in core to enable multiple encryption modules 2015-01-14 14:39:23 -05:00			`}`
Finally fixing encryption with public share 2015-04-01 07:59:29 -04:00			`}`