-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix can change password check in case of encryption is enabled #13172
Conversation
$noUserSpecificEncryptionKeys = true; | ||
$isEncryptionModuleLoaded = false; | ||
} | ||
|
||
// If masterKey enabled, then you can change password. This is to avoid data loss! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Are the comments still accurate?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
more or less yes, but let me update the comment and add some more details
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
done 🙂
This makes it easier for people to disable encryption completely and be able to change passwords again as a admin. Also for example, if they just enabled the "default encryption module" app by accident but never really turned on server side encryption. Of course this carries one (small) risk: |
I will move this check to a separate function so that we can write some tests for it... done ✔️ |
b57253d
to
8bf65b2
Compare
Admin should _not_ be able to change password when: - if an encryption module is loaded and it uses per-user keys - if encryption is enabled but no encryption modules are loaded Admin should be able to change the password when: - no encryption module is loaded and encryption is disabled - encryption module is loaded but it doesn't require per user keys Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
8bf65b2
to
4b3308b
Compare
/backport to stable15 |
/backport to stable14 |
backport to stable15 in #13349 |
backport to stable14 in #13350 |
Does not work for me. I updated from 13.0.8 to 14.0.5 after this was merged and the issue is still there. In 13.0.8 I have the master key enabled and as admin I can change the user's password. In 14.0.5 the field for master key is gone. |
Is it possible this came back with 15.0.7? I have not touched my encryption settings for years and now with 15.0.7 (maybe started with 15.0.x) I suddenly get the warning/error I cannot change passwords: ./occ encryption:status
|
I've got a more disturbing question but related. occ encryption:status
how can i fix this? I was asked do change a users password soon. |
So, how can i fix this? |
Admin should not be able to change password when:
Admin should be able to change the password when:
fix #11212