Share keys not updated when group members change #20146
Labels
1. to develop
Accepted and waiting to be taken care of
25-feedback
bug
feature: encryption (server-side)
feature: sharing
I run into a critical bug when a folder is shared with a group and group members are updated afterwards.
Steps to reproduce
Note:
*nextcloud data root*/*user*/files_encryption/keys/files/*folder*/*file*/OC_DEFAULT_MODULE/
contains the keys of all group members anddata/admin/files/keys/files/*folder*/*file*
is encryptedExpected behaviour
After step 7 and 8 the key files should have been updated.
Actual behaviour
The key files are not updated and users that have been added to the group after the folder has been shared are not able to access its content. If a user is removed from the group or deleted, its key file is not cleaned up. This results in a very confusing situation, that after deleting a user and creating a new one with the exact same name, you re not able to share any files again.
This does also happen if you reset the password of a user.
Workaround
The owner of the files has to unsahre all folders and reshare them again after groups memebers have been changed. This is a really bad behavior and not practicable. It's also potential insecure that obsolete keys are not removed.
@nextcloud/encryption is it save to remove any obsolete
user.shareKey
by hand?Server configuration
Operating system: any
Web server: any
Database: any
PHP version: 7.3
Nextcloud version: 18
Updated from an older Nextcloud/ownCloud or fresh install: fresh (just for this testcase))
Where did you install Nextcloud from: source
Are you using encryption: yes
The text was updated successfully, but these errors were encountered: