Add a flag to ingore signature check#106
Conversation
|
6cdfa35 to
fd82f2b
Compare
Codecov Report
@@ Coverage Diff @@
## master #106 +/- ##
============================================
- Coverage 64.28% 64.14% -0.15%
- Complexity 598 599 +1
============================================
Files 33 33
Lines 2212 2217 +5
============================================
Hits 1422 1422
- Misses 790 795 +5
Continue to review full report at Codecov.
|
Codecov Report
@@ Coverage Diff @@
## master #106 +/- ##
============================================
- Coverage 64.28% 64.14% -0.15%
- Complexity 598 599 +1
============================================
Files 33 33
Lines 2212 2217 +5
============================================
Hits 1422 1422
- Misses 790 795 +5
Continue to review full report at Codecov.
|
fd82f2b to
dc36b8c
Compare
PVince81
left a comment
There was a problem hiding this comment.
👎
This should be an internal flag to be used only by transfer ownership temporarily.
If we expose this in the DB, there is a risk that someone will decide to disable this on purpose and compromise encryption security.
Also the occ transfer ownership command would likely overwrite whatever an admin (if they discovered this and disabled it) with its own values.
not Read data from the event to decide if signature check should be disabled or not. Signed-off-by: Sujith H <sharidasan@owncloud.com>
dc36b8c to
aaa53e7
Compare
|
Updated this PR, and below is how this PR works:
The transfer ownership command would read the events data to figure out if the file copy needs to be done second time ( or say retry ), and then the second listener to the event in the Crypt would read and updates the variable ( if required ) and the decision to enable/disable signature check happens. |
| * @throws DecryptionFailedException | ||
| */ | ||
| public function symmetricDecryptFileContent($keyFileContents, $passPhrase, $cipher = self::DEFAULT_CIPHER, $version = 0, $position = 0) { | ||
| $this->eventDispatcher->addListener('files.aftersignaturemismatch', function (GenericEvent $event) { |
There was a problem hiding this comment.
let's just use a static attribute... we already have this kind of dirty practice in the decrypt all command.
There was a problem hiding this comment.
hmm now thinking this is not possible because of the encryption module abstraction.
There was a problem hiding this comment.
idea would be if there was a way to inject generic flags or configs into the encryption module
in your first attempt you used the oc_appconfig table for that, which was a bit too global.
There was a problem hiding this comment.
The whole problem is here with the code flow
transfer commnad <----> Encryption Wrapper <-----> Crypt
The transfer needs to output the files which are problematic and then come back for a retry in the encryption wrapper to copy the file again and crypt should know that this time no signature check.
Even I was not fully satisfied with the event logic.
Will see what can be done here..
|
Closing this PR on behalf of #115 |
Add a flag to ignore the signature check for
encrypted files.
Signed-off-by: Sujith H sharidasan@owncloud.com