From e29562f662d79c96ad4ca34a57c2dd3008d3685d Mon Sep 17 00:00:00 2001 From: Stephen Cuppett Date: Wed, 29 Apr 2026 11:59:33 -0400 Subject: [PATCH 1/3] refactor(encryption): Migrate appconfig keys to typed bool IAppConfig with repair step Switch all encryption config reads/writes from deprecated string-typed IConfig to bool-typed IAppConfig (getValueBool/setValueBool). Adds RetypeEncryptionConfigKeys repair step to retype existing string values to bool on upgrade. Includes lazy IAppConfig resolution in Manager and AppConfigTypeConflictException fallbacks throughout for safety during the upgrade window. Co-Authored-By: Claude Sonnet 4.6 (1M context) Signed-off-by: Stephen Cuppett --- apps/encryption/lib/Settings/Admin.php | 1 + apps/encryption/lib/Util.php | 17 +-- apps/encryption/tests/Settings/AdminTest.php | 6 +- apps/encryption/tests/UtilTest.php | 29 ++--- .../lib/Controller/AppConfigController.php | 3 +- .../Controller/AppConfigControllerTest.php | 6 ++ build/psalm-baseline.xml | 15 --- core/Command/Encryption/DecryptAll.php | 26 +++-- core/Command/Encryption/Disable.php | 20 +++- core/Command/Encryption/Enable.php | 22 +++- lib/composer/composer/autoload_classmap.php | 1 + lib/composer/composer/autoload_static.php | 1 + lib/private/Encryption/Manager.php | 15 ++- lib/private/Repair.php | 2 + .../Repair/RetypeEncryptionConfigKeys.php | 55 ++++++++++ .../Command/Encryption/DecryptAllTest.php | 6 +- tests/Core/Command/Encryption/DisableTest.php | 30 +++--- tests/Core/Command/Encryption/EnableTest.php | 51 +++++---- tests/lib/Encryption/ManagerTest.php | 14 ++- .../Repair/RetypeEncryptionConfigKeysTest.php | 101 ++++++++++++++++++ 20 files changed, 311 insertions(+), 110 deletions(-) create mode 100644 lib/private/Repair/RetypeEncryptionConfigKeys.php create mode 100644 tests/lib/Repair/RetypeEncryptionConfigKeysTest.php diff --git a/apps/encryption/lib/Settings/Admin.php b/apps/encryption/lib/Settings/Admin.php index 422d338d45e03..13cd9a4017e1a 100644 --- a/apps/encryption/lib/Settings/Admin.php +++ b/apps/encryption/lib/Settings/Admin.php @@ -53,6 +53,7 @@ public function getForm() { $crypt, $this->userSession, $this->config, + $this->appConfig, $this->userManager); // Check if an adminRecovery account is enabled for recovering files after lost pwd diff --git a/apps/encryption/lib/Util.php b/apps/encryption/lib/Util.php index ccbdcdcb242b1..bc6d50b86aa09 100644 --- a/apps/encryption/lib/Util.php +++ b/apps/encryption/lib/Util.php @@ -11,6 +11,7 @@ use OC\Files\View; use OCA\Encryption\Crypto\Crypt; use OCP\Files\Storage\IStorage; +use OCP\IAppConfig; use OCP\IConfig; use OCP\IUser; use OCP\IUserManager; @@ -25,6 +26,7 @@ public function __construct( private Crypt $crypt, IUserSession $userSession, private IConfig $config, + private IAppConfig $appConfig, private IUserManager $userManager, ) { $this->user = $userSession->isLoggedIn() ? $userSession->getUser() : false; @@ -51,13 +53,7 @@ public function isRecoveryEnabledForUser($uid) { * @return bool */ public function shouldEncryptHomeStorage() { - $encryptHomeStorage = $this->config->getAppValue( - 'encryption', - 'encryptHomeStorage', - '1' - ); - - return ($encryptHomeStorage === '1'); + return $this->appConfig->getValueBool('encryption', 'encryptHomeStorage', true); } /** @@ -66,12 +62,7 @@ public function shouldEncryptHomeStorage() { * @param bool $encryptHomeStorage */ public function setEncryptHomeStorage($encryptHomeStorage) { - $value = $encryptHomeStorage ? '1' : '0'; - $this->config->setAppValue( - 'encryption', - 'encryptHomeStorage', - $value - ); + $this->appConfig->setValueBool('encryption', 'encryptHomeStorage', (bool)$encryptHomeStorage); } /** diff --git a/apps/encryption/tests/Settings/AdminTest.php b/apps/encryption/tests/Settings/AdminTest.php index 10d2a61c5279e..f81dfe3e87115 100644 --- a/apps/encryption/tests/Settings/AdminTest.php +++ b/apps/encryption/tests/Settings/AdminTest.php @@ -62,7 +62,8 @@ public function testGetForm(): void { $this->appConfig ->method('getValueBool') ->willReturnMap([ - ['encryption', 'recoveryAdminEnabled', true] + ['encryption', 'recoveryAdminEnabled', true], + ['encryption', 'encryptHomeStorage', true, true], ]); $this->config ->method('getAppValue') @@ -70,9 +71,6 @@ public function testGetForm(): void { if ($app === 'encryption' && $key === 'recoveryAdminEnabled' && $default === '0') { return '1'; } - if ($app === 'encryption' && $key === 'encryptHomeStorage' && $default === '1') { - return '1'; - } return $default; }); diff --git a/apps/encryption/tests/UtilTest.php b/apps/encryption/tests/UtilTest.php index ed274f74ab5ca..5f42f18ab4632 100644 --- a/apps/encryption/tests/UtilTest.php +++ b/apps/encryption/tests/UtilTest.php @@ -14,6 +14,7 @@ use OCA\Encryption\Util; use OCP\Files\Mount\IMountPoint; use OCP\Files\Storage\IStorage; +use OCP\IAppConfig; use OCP\IConfig; use OCP\IUser; use OCP\IUserManager; @@ -26,6 +27,7 @@ class UtilTest extends TestCase { protected Util $instance; protected static $tempStorage = []; + protected IAppConfig&MockObject $appConfigMock; protected IConfig&MockObject $configMock; protected View&MockObject $filesMock; protected IUserManager&MockObject $userManagerMock; @@ -78,6 +80,7 @@ protected function setUp(): void { ->willReturn(true); $this->configMock = $this->createMock(IConfig::class); + $this->appConfigMock = $this->createMock(IAppConfig::class); $this->configMock->expects($this->any()) ->method('getUserValue') @@ -87,7 +90,7 @@ protected function setUp(): void { ->method('setUserValue') ->willReturnCallback([$this, 'setValueTester']); - $this->instance = new Util($this->filesMock, $cryptMock, $userSessionMock, $this->configMock, $this->userManagerMock); + $this->instance = new Util($this->filesMock, $cryptMock, $userSessionMock, $this->configMock, $this->appConfigMock, $this->userManagerMock); } /** @@ -136,13 +139,13 @@ public static function dataTestIsMasterKeyEnabled(): array { } /** - * @param string $returnValue return value from getAppValue() + * @param bool $returnValue return value from getValueBool() * @param bool $expected */ #[\PHPUnit\Framework\Attributes\DataProvider(methodName: 'dataTestShouldEncryptHomeStorage')] - public function testShouldEncryptHomeStorage($returnValue, $expected): void { - $this->configMock->expects($this->once())->method('getAppValue') - ->with('encryption', 'encryptHomeStorage', '1') + public function testShouldEncryptHomeStorage(bool $returnValue, bool $expected): void { + $this->appConfigMock->expects($this->once())->method('getValueBool') + ->with('encryption', 'encryptHomeStorage', true) ->willReturn($returnValue); $this->assertSame($expected, @@ -151,26 +154,26 @@ public function testShouldEncryptHomeStorage($returnValue, $expected): void { public static function dataTestShouldEncryptHomeStorage(): array { return [ - ['1', true], - ['0', false] + [true, true], + [false, false] ]; } /** - * @param $value - * @param $expected + * @param bool $value + * @param bool $expected */ #[\PHPUnit\Framework\Attributes\DataProvider(methodName: 'dataTestSetEncryptHomeStorage')] - public function testSetEncryptHomeStorage($value, $expected): void { - $this->configMock->expects($this->once())->method('setAppValue') + public function testSetEncryptHomeStorage(bool $value, bool $expected): void { + $this->appConfigMock->expects($this->once())->method('setValueBool') ->with('encryption', 'encryptHomeStorage', $expected); $this->instance->setEncryptHomeStorage($value); } public static function dataTestSetEncryptHomeStorage(): array { return [ - [true, '1'], - [false, '0'] + [true, true], + [false, false] ]; } diff --git a/apps/provisioning_api/lib/Controller/AppConfigController.php b/apps/provisioning_api/lib/Controller/AppConfigController.php index 0c53e3c009110..374d74ea9cd24 100644 --- a/apps/provisioning_api/lib/Controller/AppConfigController.php +++ b/apps/provisioning_api/lib/Controller/AppConfigController.php @@ -203,7 +203,8 @@ protected function verifyConfigKey(string $app, string $key, string $value) { throw new \InvalidArgumentException('The given key can not be set'); } - if ($app === 'core' && $key === 'encryption_enabled' && $value !== 'yes') { + if ($app === 'core' && $key === 'encryption_enabled' + && !in_array(strtolower(trim($value)), ['yes', '1', 'true', 'on'], true)) { throw new \InvalidArgumentException('The given key can not be set'); } diff --git a/apps/provisioning_api/tests/Controller/AppConfigControllerTest.php b/apps/provisioning_api/tests/Controller/AppConfigControllerTest.php index 55885aabf0a42..a1253411871b0 100644 --- a/apps/provisioning_api/tests/Controller/AppConfigControllerTest.php +++ b/apps/provisioning_api/tests/Controller/AppConfigControllerTest.php @@ -367,6 +367,10 @@ public static function dataVerifyConfigKey(): array { ['dav', 'public_route', ''], ['files', 'remote_route', ''], ['core', 'encryption_enabled', 'yes'], + ['core', 'encryption_enabled', '1'], + ['core', 'encryption_enabled', 'true'], + ['core', 'encryption_enabled', 'YES'], + ['core', 'encryption_enabled', 'on'], ]; } @@ -384,6 +388,8 @@ public static function dataVerifyConfigKeyThrows(): array { ['contacts', 'types', ''], ['core', 'encryption_enabled', 'no'], ['core', 'encryption_enabled', ''], + ['core', 'encryption_enabled', '0'], + ['core', 'encryption_enabled', 'false'], ['core', 'public_files', ''], ['core', 'public_dav', ''], ['core', 'remote_files', ''], diff --git a/build/psalm-baseline.xml b/build/psalm-baseline.xml index c6c6248d122ec..658e2c35d866b 100644 --- a/build/psalm-baseline.xml +++ b/build/psalm-baseline.xml @@ -1300,10 +1300,8 @@ - - @@ -3023,19 +3021,6 @@ - - - - - - - - - - - - - diff --git a/core/Command/Encryption/DecryptAll.php b/core/Command/Encryption/DecryptAll.php index 85a70b49cec24..56fd22d3b2a6b 100644 --- a/core/Command/Encryption/DecryptAll.php +++ b/core/Command/Encryption/DecryptAll.php @@ -9,6 +9,7 @@ namespace OC\Core\Command\Encryption; use OCP\App\IAppManager; +use OCP\Exceptions\AppConfigTypeConflictException; use OCP\IAppConfig; use OCP\IConfig; use Symfony\Component\Console\Command\Command; @@ -91,11 +92,16 @@ protected function execute(InputInterface $input, OutputInterface $output): int return 1; } - $originallyEnabled = $this->appConfig->getValueBool('core', 'encryption_enabled'); + try { + $originallyEnabled = $this->appConfig->getValueBool('core', 'encryption_enabled', false); + } catch (AppConfigTypeConflictException) { + $raw = $this->appConfig->getValueString('core', 'encryption_enabled', 'no'); + $originallyEnabled = in_array(strtolower(trim($raw)), ['1', 'true', 'yes', 'on'], true); + } try { if ($originallyEnabled) { $output->write('Disable server side encryption... '); - $this->appConfig->setValueBool('core', 'encryption_enabled', false); + $this->writeEncryptionEnabled(false); $output->writeln('done.'); } else { $output->writeln('Server side encryption not enabled. Nothing to do.'); @@ -123,18 +129,18 @@ protected function execute(InputInterface $input, OutputInterface $output): int $output->writeln(' aborted.'); if ($originallyEnabled) { $output->writeln('Server side encryption remains enabled'); - $this->appConfig->setValueBool('core', 'encryption_enabled', true); + $this->writeEncryptionEnabled(true); } } elseif (($uid !== '') && $originallyEnabled) { $output->writeln('Server side encryption remains enabled'); - $this->appConfig->setValueBool('core', 'encryption_enabled', true); + $this->writeEncryptionEnabled(true); } $this->resetMaintenanceAndTrashbin(); return 0; } if ($originallyEnabled) { $output->write('Enable server side encryption... '); - $this->appConfig->setValueBool('core', 'encryption_enabled', true); + $this->writeEncryptionEnabled(true); $output->writeln('done.'); } $output->writeln('aborted'); @@ -142,10 +148,18 @@ protected function execute(InputInterface $input, OutputInterface $output): int } catch (\Exception $e) { // enable server side encryption again if something went wrong if ($originallyEnabled) { - $this->appConfig->setValueBool('core', 'encryption_enabled', true); + $this->writeEncryptionEnabled(true); } $this->resetMaintenanceAndTrashbin(); throw $e; } } + + private function writeEncryptionEnabled(bool $enabled): void { + try { + $this->appConfig->setValueBool('core', 'encryption_enabled', $enabled); + } catch (AppConfigTypeConflictException) { + $this->appConfig->setValueString('core', 'encryption_enabled', $enabled ? 'yes' : 'no'); + } + } } diff --git a/core/Command/Encryption/Disable.php b/core/Command/Encryption/Disable.php index fe280daa111b4..0f69be38f1011 100644 --- a/core/Command/Encryption/Disable.php +++ b/core/Command/Encryption/Disable.php @@ -9,14 +9,15 @@ */ namespace OC\Core\Command\Encryption; -use OCP\IConfig; +use OCP\Exceptions\AppConfigTypeConflictException; +use OCP\IAppConfig; use Symfony\Component\Console\Command\Command; use Symfony\Component\Console\Input\InputInterface; use Symfony\Component\Console\Output\OutputInterface; class Disable extends Command { public function __construct( - protected IConfig $config, + protected IAppConfig $appConfig, ) { parent::__construct(); } @@ -31,10 +32,21 @@ protected function configure() { #[\Override] protected function execute(InputInterface $input, OutputInterface $output): int { - if ($this->config->getAppValue('core', 'encryption_enabled', 'no') !== 'yes') { + try { + $isEnabled = $this->appConfig->getValueBool('core', 'encryption_enabled', false); + } catch (AppConfigTypeConflictException) { + $raw = $this->appConfig->getValueString('core', 'encryption_enabled', 'no'); + $isEnabled = in_array(strtolower(trim($raw)), ['1', 'true', 'yes', 'on'], true); + } + + if (!$isEnabled) { $output->writeln('Encryption is already disabled'); } else { - $this->config->setAppValue('core', 'encryption_enabled', 'no'); + try { + $this->appConfig->setValueBool('core', 'encryption_enabled', false); + } catch (AppConfigTypeConflictException) { + $this->appConfig->setValueString('core', 'encryption_enabled', 'no'); + } $output->writeln('Encryption disabled'); } return 0; diff --git a/core/Command/Encryption/Enable.php b/core/Command/Encryption/Enable.php index 02c610250011c..66d30032f5842 100644 --- a/core/Command/Encryption/Enable.php +++ b/core/Command/Encryption/Enable.php @@ -10,14 +10,15 @@ namespace OC\Core\Command\Encryption; use OCP\Encryption\IManager; -use OCP\IConfig; +use OCP\Exceptions\AppConfigTypeConflictException; +use OCP\IAppConfig; use Symfony\Component\Console\Command\Command; use Symfony\Component\Console\Input\InputInterface; use Symfony\Component\Console\Output\OutputInterface; class Enable extends Command { public function __construct( - protected IConfig $config, + protected IAppConfig $appConfig, protected IManager $encryptionManager, ) { parent::__construct(); @@ -33,10 +34,21 @@ protected function configure() { #[\Override] protected function execute(InputInterface $input, OutputInterface $output): int { - if ($this->config->getAppValue('core', 'encryption_enabled', 'no') === 'yes') { + try { + $isEnabled = $this->appConfig->getValueBool('core', 'encryption_enabled', false); + } catch (AppConfigTypeConflictException) { + $raw = $this->appConfig->getValueString('core', 'encryption_enabled', 'no'); + $isEnabled = in_array(strtolower(trim($raw)), ['1', 'true', 'yes', 'on'], true); + } + + if ($isEnabled) { $output->writeln('Encryption is already enabled'); } else { - $this->config->setAppValue('core', 'encryption_enabled', 'yes'); + try { + $this->appConfig->setValueBool('core', 'encryption_enabled', true); + } catch (AppConfigTypeConflictException) { + $this->appConfig->setValueString('core', 'encryption_enabled', 'yes'); + } $output->writeln('Encryption enabled'); } $output->writeln(''); @@ -46,7 +58,7 @@ protected function execute(InputInterface $input, OutputInterface $output): int $output->writeln('No encryption module is loaded'); return 1; } - $defaultModule = $this->config->getAppValue('core', 'default_encryption_module'); + $defaultModule = $this->appConfig->getValueString('core', 'default_encryption_module', ''); if ($defaultModule === '') { $output->writeln('No default module is set'); return 1; diff --git a/lib/composer/composer/autoload_classmap.php b/lib/composer/composer/autoload_classmap.php index 28373a5af8597..98c8afb6d8c8c 100644 --- a/lib/composer/composer/autoload_classmap.php +++ b/lib/composer/composer/autoload_classmap.php @@ -2094,6 +2094,7 @@ 'OC\\Repair\\RepairInvalidShares' => $baseDir . '/lib/private/Repair/RepairInvalidShares.php', 'OC\\Repair\\RepairLogoDimension' => $baseDir . '/lib/private/Repair/RepairLogoDimension.php', 'OC\\Repair\\RepairMimeTypes' => $baseDir . '/lib/private/Repair/RepairMimeTypes.php', + 'OC\\Repair\\RetypeEncryptionConfigKeys' => $baseDir . '/lib/private/Repair/RetypeEncryptionConfigKeys.php', 'OC\\RichObjectStrings\\RichTextFormatter' => $baseDir . '/lib/private/RichObjectStrings/RichTextFormatter.php', 'OC\\RichObjectStrings\\Validator' => $baseDir . '/lib/private/RichObjectStrings/Validator.php', 'OC\\Route\\CachingRouter' => $baseDir . '/lib/private/Route/CachingRouter.php', diff --git a/lib/composer/composer/autoload_static.php b/lib/composer/composer/autoload_static.php index e28dc90763681..4bc245fcde81b 100644 --- a/lib/composer/composer/autoload_static.php +++ b/lib/composer/composer/autoload_static.php @@ -2135,6 +2135,7 @@ class ComposerStaticInit749170dad3f5e7f9ca158f5a9f04f6a2 'OC\\Repair\\RepairInvalidShares' => __DIR__ . '/../../..' . '/lib/private/Repair/RepairInvalidShares.php', 'OC\\Repair\\RepairLogoDimension' => __DIR__ . '/../../..' . '/lib/private/Repair/RepairLogoDimension.php', 'OC\\Repair\\RepairMimeTypes' => __DIR__ . '/../../..' . '/lib/private/Repair/RepairMimeTypes.php', + 'OC\\Repair\\RetypeEncryptionConfigKeys' => __DIR__ . '/../../..' . '/lib/private/Repair/RetypeEncryptionConfigKeys.php', 'OC\\RichObjectStrings\\RichTextFormatter' => __DIR__ . '/../../..' . '/lib/private/RichObjectStrings/RichTextFormatter.php', 'OC\\RichObjectStrings\\Validator' => __DIR__ . '/../../..' . '/lib/private/RichObjectStrings/Validator.php', 'OC\\Route\\CachingRouter' => __DIR__ . '/../../..' . '/lib/private/Route/CachingRouter.php', diff --git a/lib/private/Encryption/Manager.php b/lib/private/Encryption/Manager.php index ac27f0911b8da..f8b278d3d3b9e 100644 --- a/lib/private/Encryption/Manager.php +++ b/lib/private/Encryption/Manager.php @@ -16,10 +16,12 @@ use OC\ServiceUnavailableException; use OCP\Encryption\IEncryptionModule; use OCP\Encryption\IManager; +use OCP\Exceptions\AppConfigTypeConflictException; use OCP\Files\Mount\IMountPoint; use OCP\Files\Storage\IStorage; use OCP\IConfig; use OCP\IL10N; +use OCP\Server; use Psr\Log\LoggerInterface; class Manager implements IManager { @@ -48,8 +50,17 @@ public function isEnabled() { return false; } - $enabled = $this->config->getAppValue('core', 'encryption_enabled', 'no'); - return $enabled === 'yes'; + try { + return Server::get(\OCP\IAppConfig::class)->getValueBool('core', 'encryption_enabled', false); + } catch (AppConfigTypeConflictException) { + // Stored as VALUE_STRING from a pre-upgrade installation. + // RetypeEncryptionConfigKeys repair step will fix the type on occ upgrade. + $raw = Server::get(\OCP\IAppConfig::class)->getValueString('core', 'encryption_enabled', 'no'); + return in_array(strtolower(trim($raw)), ['1', 'true', 'yes', 'on'], true); + } catch (\Throwable) { + // DB not ready (e.g. oc_appconfig does not yet exist during install). + return false; + } } /** diff --git a/lib/private/Repair.php b/lib/private/Repair.php index 90e209cfe9085..3bc5827e4c44e 100644 --- a/lib/private/Repair.php +++ b/lib/private/Repair.php @@ -56,6 +56,7 @@ use OC\Repair\RepairInvalidShares; use OC\Repair\RepairLogoDimension; use OC\Repair\RepairMimeTypes; +use OC\Repair\RetypeEncryptionConfigKeys; use OCP\EventDispatcher\IEventDispatcher; use OCP\IConfig; use OCP\IDBConnection; @@ -157,6 +158,7 @@ public function addStep(IRepairStep|string $repairStep, bool $includeExpensive = */ public static function getRepairSteps(bool $includeExpensive = false): array { $repairSteps = [ + Server::get(RetypeEncryptionConfigKeys::class), new Collation(Server::get(IConfig::class), Server::get(LoggerInterface::class), Server::get(IDBConnection::class), false), Server::get(CleanTags::class), Server::get(RepairInvalidShares::class), diff --git a/lib/private/Repair/RetypeEncryptionConfigKeys.php b/lib/private/Repair/RetypeEncryptionConfigKeys.php new file mode 100644 index 0000000000000..48f0ce17c12c6 --- /dev/null +++ b/lib/private/Repair/RetypeEncryptionConfigKeys.php @@ -0,0 +1,55 @@ +appConfig->getValueType($app, $key); + } catch (AppConfigUnknownKeyException) { + continue; + } + + if (($type & IAppConfig::VALUE_BOOL) === IAppConfig::VALUE_BOOL) { + $output->info("$app.$key is already typed as boolean, skipping."); + continue; + } + + $raw = strtolower(trim($this->appConfig->getValueString($app, $key, $defaultBool ? '1' : '0'))); + $bool = in_array($raw, ['1', 'true', 'yes', 'on'], true); + + $this->appConfig->deleteKey($app, $key); + $this->appConfig->setValueBool($app, $key, $bool); + $output->info("Re-typed $app.$key from string '$raw' to boolean " . ($bool ? 'true' : 'false') . '.'); + } + } +} diff --git a/tests/Core/Command/Encryption/DecryptAllTest.php b/tests/Core/Command/Encryption/DecryptAllTest.php index 009eb36eb7fe2..74ccf0563bfbc 100644 --- a/tests/Core/Command/Encryption/DecryptAllTest.php +++ b/tests/Core/Command/Encryption/DecryptAllTest.php @@ -103,7 +103,7 @@ public function testExecute($encryptionEnabled, $continue): void { $this->appConfig->expects($this->once()) ->method('getValueBool') - ->with('core', 'encryption_enabled') + ->with('core', 'encryption_enabled', false) ->willReturn($encryptionEnabled); $this->consoleInput->expects($this->any()) @@ -168,7 +168,7 @@ public function testExecuteFailure(): void { ['core', 'encryption_enabled', true, false], ]; $this->appConfig->expects($this->exactly(2)) - ->method('setValuebool') + ->method('setValueBool') ->willReturnCallback(function () use (&$calls): bool { $expected = array_shift($calls); $this->assertEquals($expected, func_get_args()); @@ -176,7 +176,7 @@ public function testExecuteFailure(): void { }); $this->appConfig->expects($this->once()) ->method('getValueBool') - ->with('core', 'encryption_enabled') + ->with('core', 'encryption_enabled', false) ->willReturn(true); $this->consoleInput->expects($this->any()) diff --git a/tests/Core/Command/Encryption/DisableTest.php b/tests/Core/Command/Encryption/DisableTest.php index 96310a6c75ba3..b2ef86c2921f2 100644 --- a/tests/Core/Command/Encryption/DisableTest.php +++ b/tests/Core/Command/Encryption/DisableTest.php @@ -9,14 +9,14 @@ namespace Tests\Core\Command\Encryption; use OC\Core\Command\Encryption\Disable; -use OCP\IConfig; +use OCP\IAppConfig; use Symfony\Component\Console\Input\InputInterface; use Symfony\Component\Console\Output\OutputInterface; use Test\TestCase; class DisableTest extends TestCase { /** @var \PHPUnit\Framework\MockObject\MockObject */ - protected $config; + protected $appConfig; /** @var \PHPUnit\Framework\MockObject\MockObject */ protected $consoleInput; /** @var \PHPUnit\Framework\MockObject\MockObject */ @@ -29,35 +29,35 @@ class DisableTest extends TestCase { protected function setUp(): void { parent::setUp(); - $config = $this->config = $this->getMockBuilder(IConfig::class) + $appConfig = $this->appConfig = $this->getMockBuilder(IAppConfig::class) ->disableOriginalConstructor() ->getMock(); $this->consoleInput = $this->getMockBuilder(InputInterface::class)->getMock(); $this->consoleOutput = $this->getMockBuilder(OutputInterface::class)->getMock(); - /** @var IConfig $config */ - $this->command = new Disable($config); + /** @var IAppConfig $appConfig */ + $this->command = new Disable($appConfig); } public static function dataDisable(): array { return [ - ['yes', true, 'Encryption disabled'], - ['no', false, 'Encryption is already disabled'], + [true, true, 'Encryption disabled'], + [false, false, 'Encryption is already disabled'], ]; } /** * - * @param string $oldStatus + * @param bool $oldStatus * @param bool $isUpdating * @param string $expectedString */ #[\PHPUnit\Framework\Attributes\DataProvider('dataDisable')] - public function testDisable($oldStatus, $isUpdating, $expectedString): void { - $this->config->expects($this->once()) - ->method('getAppValue') - ->with('core', 'encryption_enabled', $this->anything()) + public function testDisable(bool $oldStatus, bool $isUpdating, string $expectedString): void { + $this->appConfig->expects($this->once()) + ->method('getValueBool') + ->with('core', 'encryption_enabled', false) ->willReturn($oldStatus); $this->consoleOutput->expects($this->once()) @@ -65,9 +65,9 @@ public function testDisable($oldStatus, $isUpdating, $expectedString): void { ->with($this->stringContains($expectedString)); if ($isUpdating) { - $this->config->expects($this->once()) - ->method('setAppValue') - ->with('core', 'encryption_enabled', 'no'); + $this->appConfig->expects($this->once()) + ->method('setValueBool') + ->with('core', 'encryption_enabled', false); } self::invokePrivate($this->command, 'execute', [$this->consoleInput, $this->consoleOutput]); diff --git a/tests/Core/Command/Encryption/EnableTest.php b/tests/Core/Command/Encryption/EnableTest.php index 234984b1c0954..2acc1458e81aa 100644 --- a/tests/Core/Command/Encryption/EnableTest.php +++ b/tests/Core/Command/Encryption/EnableTest.php @@ -10,14 +10,14 @@ use OC\Core\Command\Encryption\Enable; use OCP\Encryption\IManager; -use OCP\IConfig; +use OCP\IAppConfig; use Symfony\Component\Console\Input\InputInterface; use Symfony\Component\Console\Output\OutputInterface; use Test\TestCase; class EnableTest extends TestCase { /** @var \PHPUnit\Framework\MockObject\MockObject */ - protected $config; + protected $appConfig; /** @var \PHPUnit\Framework\MockObject\MockObject */ protected $manager; /** @var \PHPUnit\Framework\MockObject\MockObject */ @@ -32,7 +32,7 @@ class EnableTest extends TestCase { protected function setUp(): void { parent::setUp(); - $config = $this->config = $this->getMockBuilder(IConfig::class) + $appConfig = $this->appConfig = $this->getMockBuilder(IAppConfig::class) ->disableOriginalConstructor() ->getMock(); $manager = $this->manager = $this->getMockBuilder(IManager::class) @@ -41,47 +41,44 @@ protected function setUp(): void { $this->consoleInput = $this->getMockBuilder(InputInterface::class)->getMock(); $this->consoleOutput = $this->getMockBuilder(OutputInterface::class)->getMock(); - /** @var \OCP\IConfig $config */ + /** @var \OCP\IAppConfig $appConfig */ /** @var \OCP\Encryption\IManager $manager */ - $this->command = new Enable($config, $manager); + $this->command = new Enable($appConfig, $manager); } public static function dataEnable(): array { return [ - ['no', '', [], true, 'Encryption enabled', 'No encryption module is loaded'], - ['yes', '', [], false, 'Encryption is already enabled', 'No encryption module is loaded'], - ['no', '', ['OC_TEST_MODULE' => []], true, 'Encryption enabled', 'No default module is set'], - ['no', 'OC_NO_MODULE', ['OC_TEST_MODULE' => []], true, 'Encryption enabled', 'The current default module does not exist: OC_NO_MODULE'], - ['no', 'OC_TEST_MODULE', ['OC_TEST_MODULE' => []], true, 'Encryption enabled', 'Default module: OC_TEST_MODULE'], + [false, '', [], true, 'Encryption enabled', 'No encryption module is loaded'], + [true, '', [], false, 'Encryption is already enabled', 'No encryption module is loaded'], + [false, '', ['OC_TEST_MODULE' => []], true, 'Encryption enabled', 'No default module is set'], + [false, 'OC_NO_MODULE', ['OC_TEST_MODULE' => []], true, 'Encryption enabled', 'The current default module does not exist: OC_NO_MODULE'], + [false, 'OC_TEST_MODULE', ['OC_TEST_MODULE' => []], true, 'Encryption enabled', 'Default module: OC_TEST_MODULE'], ]; } #[\PHPUnit\Framework\Attributes\DataProvider('dataEnable')] - public function testEnable(string $oldStatus, ?string $defaultModule, array $availableModules, bool $isUpdating, string $expectedString, string $expectedDefaultModuleString): void { + public function testEnable(bool $oldStatus, ?string $defaultModule, array $availableModules, bool $isUpdating, string $expectedString, string $expectedDefaultModuleString): void { if ($isUpdating) { - $this->config->expects($this->once()) - ->method('setAppValue') - ->with('core', 'encryption_enabled', 'yes'); + $this->appConfig->expects($this->once()) + ->method('setValueBool') + ->with('core', 'encryption_enabled', true); } $this->manager->expects($this->atLeastOnce()) ->method('getEncryptionModules') ->willReturn($availableModules); - if (empty($availableModules)) { - $this->config->expects($this->once()) - ->method('getAppValue') - ->willReturnMap([ - ['core', 'encryption_enabled', 'no', $oldStatus], - ]); - } else { - $this->config->expects($this->exactly(2)) - ->method('getAppValue') - ->willReturnMap([ - ['core', 'encryption_enabled', 'no', $oldStatus], - ['core', 'default_encryption_module', '', $defaultModule], - ]); + $this->appConfig->expects($this->once()) + ->method('getValueBool') + ->with('core', 'encryption_enabled', false) + ->willReturn($oldStatus); + + if (!empty($availableModules)) { + $this->appConfig->expects($this->once()) + ->method('getValueString') + ->with('core', 'default_encryption_module', '') + ->willReturn((string)$defaultModule); } $calls = [ diff --git a/tests/lib/Encryption/ManagerTest.php b/tests/lib/Encryption/ManagerTest.php index 5f3d1987dc3dc..2b414f0c64f91 100644 --- a/tests/lib/Encryption/ManagerTest.php +++ b/tests/lib/Encryption/ManagerTest.php @@ -14,8 +14,10 @@ use OC\Files\View; use OC\Memcache\ArrayCache; use OCP\Encryption\IEncryptionModule; +use OCP\IAppConfig; use OCP\IConfig; use OCP\IL10N; +use OCP\Server; use Psr\Log\LoggerInterface; use Test\TestCase; @@ -73,10 +75,18 @@ public function testManagerIsDisabledIfDisabledButModules(): void { $this->assertFalse($this->manager->isEnabled()); } + /** + * @group DB + */ public function testManagerIsEnabled(): void { + $appConfig = Server::get(IAppConfig::class); + $appConfig->setValueBool('core', 'encryption_enabled', true); + $this->config->expects($this->any())->method('getSystemValueBool')->willReturn(true); - $this->config->expects($this->any())->method('getAppValue')->willReturn('yes'); - $this->assertTrue($this->manager->isEnabled()); + $result = $this->manager->isEnabled(); + + $appConfig->deleteKey('core', 'encryption_enabled'); + $this->assertTrue($result); } public function testModuleRegistration() { diff --git a/tests/lib/Repair/RetypeEncryptionConfigKeysTest.php b/tests/lib/Repair/RetypeEncryptionConfigKeysTest.php new file mode 100644 index 0000000000000..48bea2cb97739 --- /dev/null +++ b/tests/lib/Repair/RetypeEncryptionConfigKeysTest.php @@ -0,0 +1,101 @@ +appConfig = Server::get(IAppConfig::class); + $this->output = $this->createMock(IOutput::class); + $this->repair = new RetypeEncryptionConfigKeys($this->appConfig); + // Clean slate in case previous test runs or occ invocations left residue + $this->appConfig->deleteKey('core', 'encryption_enabled'); + $this->appConfig->deleteKey('encryption', 'encryptHomeStorage'); + } + + protected function tearDown(): void { + $this->appConfig->deleteKey('core', 'encryption_enabled'); + $this->appConfig->deleteKey('encryption', 'encryptHomeStorage'); + parent::tearDown(); + } + + public function testAbsentKeyIsNoOp(): void { + $this->output->expects($this->never())->method('info'); + $this->repair->run($this->output); + // No exception, no write + $this->assertTrue(true); + } + + public static function dataStringValues(): array { + return [ + ['yes', true], + ['no', false], + ['1', true], + ['0', false], + ['true', true], + ['false', false], + ['on', true], + ['YES', true], + ]; + } + + /** + * @dataProvider dataStringValues + */ + public function testEncryptionEnabledIsRetypedFromString(string $raw, bool $expected): void { + $this->appConfig->setValueString('core', 'encryption_enabled', $raw); + + $this->repair->run($this->output); + + $this->assertSame(IAppConfig::VALUE_BOOL, $this->appConfig->getValueType('core', 'encryption_enabled')); + $this->assertSame($expected, $this->appConfig->getValueBool('core', 'encryption_enabled', !$expected)); + } + + /** + * @dataProvider dataStringValues + */ + public function testEncryptHomeStorageIsRetypedFromString(string $raw, bool $expected): void { + $this->appConfig->setValueString('encryption', 'encryptHomeStorage', $raw); + + $this->repair->run($this->output); + + $this->assertSame(IAppConfig::VALUE_BOOL, $this->appConfig->getValueType('encryption', 'encryptHomeStorage')); + $this->assertSame($expected, $this->appConfig->getValueBool('encryption', 'encryptHomeStorage', !$expected)); + } + + public function testAlreadyBoolIsNoOp(): void { + $this->appConfig->setValueBool('core', 'encryption_enabled', true); + $this->appConfig->setValueBool('encryption', 'encryptHomeStorage', false); + + // Should log "already typed" messages but not re-write + $this->output->expects($this->exactly(2)) + ->method('info') + ->with($this->stringContains('already typed')); + + $this->repair->run($this->output); + + $this->assertTrue($this->appConfig->getValueBool('core', 'encryption_enabled', false)); + $this->assertFalse($this->appConfig->getValueBool('encryption', 'encryptHomeStorage', true)); + } +} From 3dadd9f3223a88272f696e3295685298d8ea3ed3 Mon Sep 17 00:00:00 2001 From: Stephen Cuppett Date: Thu, 30 Apr 2026 07:09:50 -0400 Subject: [PATCH 2/3] fix(encryption): Assume boolValue for commands Signed-off-by: Stephen Cuppett --- core/Command/Encryption/DecryptAll.php | 26 ++++++-------------------- core/Command/Encryption/Disable.php | 15 ++------------- core/Command/Encryption/Enable.php | 15 ++------------- 3 files changed, 10 insertions(+), 46 deletions(-) diff --git a/core/Command/Encryption/DecryptAll.php b/core/Command/Encryption/DecryptAll.php index 56fd22d3b2a6b..1fd15e9cba476 100644 --- a/core/Command/Encryption/DecryptAll.php +++ b/core/Command/Encryption/DecryptAll.php @@ -9,7 +9,6 @@ namespace OC\Core\Command\Encryption; use OCP\App\IAppManager; -use OCP\Exceptions\AppConfigTypeConflictException; use OCP\IAppConfig; use OCP\IConfig; use Symfony\Component\Console\Command\Command; @@ -92,16 +91,11 @@ protected function execute(InputInterface $input, OutputInterface $output): int return 1; } - try { - $originallyEnabled = $this->appConfig->getValueBool('core', 'encryption_enabled', false); - } catch (AppConfigTypeConflictException) { - $raw = $this->appConfig->getValueString('core', 'encryption_enabled', 'no'); - $originallyEnabled = in_array(strtolower(trim($raw)), ['1', 'true', 'yes', 'on'], true); - } + $originallyEnabled = $this->appConfig->getValueBool('core', 'encryption_enabled', false); try { if ($originallyEnabled) { $output->write('Disable server side encryption... '); - $this->writeEncryptionEnabled(false); + $this->appConfig->setValueBool('core', 'encryption_enabled', false); $output->writeln('done.'); } else { $output->writeln('Server side encryption not enabled. Nothing to do.'); @@ -129,18 +123,18 @@ protected function execute(InputInterface $input, OutputInterface $output): int $output->writeln(' aborted.'); if ($originallyEnabled) { $output->writeln('Server side encryption remains enabled'); - $this->writeEncryptionEnabled(true); + $this->appConfig->setValueBool('core', 'encryption_enabled', true); } } elseif (($uid !== '') && $originallyEnabled) { $output->writeln('Server side encryption remains enabled'); - $this->writeEncryptionEnabled(true); + $this->appConfig->setValueBool('core', 'encryption_enabled', true); } $this->resetMaintenanceAndTrashbin(); return 0; } if ($originallyEnabled) { $output->write('Enable server side encryption... '); - $this->writeEncryptionEnabled(true); + $this->appConfig->setValueBool('core', 'encryption_enabled', true); $output->writeln('done.'); } $output->writeln('aborted'); @@ -148,18 +142,10 @@ protected function execute(InputInterface $input, OutputInterface $output): int } catch (\Exception $e) { // enable server side encryption again if something went wrong if ($originallyEnabled) { - $this->writeEncryptionEnabled(true); + $this->appConfig->setValueBool('core', 'encryption_enabled', true); } $this->resetMaintenanceAndTrashbin(); throw $e; } } - - private function writeEncryptionEnabled(bool $enabled): void { - try { - $this->appConfig->setValueBool('core', 'encryption_enabled', $enabled); - } catch (AppConfigTypeConflictException) { - $this->appConfig->setValueString('core', 'encryption_enabled', $enabled ? 'yes' : 'no'); - } - } } diff --git a/core/Command/Encryption/Disable.php b/core/Command/Encryption/Disable.php index 0f69be38f1011..a50960a4b0488 100644 --- a/core/Command/Encryption/Disable.php +++ b/core/Command/Encryption/Disable.php @@ -9,7 +9,6 @@ */ namespace OC\Core\Command\Encryption; -use OCP\Exceptions\AppConfigTypeConflictException; use OCP\IAppConfig; use Symfony\Component\Console\Command\Command; use Symfony\Component\Console\Input\InputInterface; @@ -32,21 +31,11 @@ protected function configure() { #[\Override] protected function execute(InputInterface $input, OutputInterface $output): int { - try { - $isEnabled = $this->appConfig->getValueBool('core', 'encryption_enabled', false); - } catch (AppConfigTypeConflictException) { - $raw = $this->appConfig->getValueString('core', 'encryption_enabled', 'no'); - $isEnabled = in_array(strtolower(trim($raw)), ['1', 'true', 'yes', 'on'], true); - } - + $isEnabled = $this->appConfig->getValueBool('core', 'encryption_enabled', false); if (!$isEnabled) { $output->writeln('Encryption is already disabled'); } else { - try { - $this->appConfig->setValueBool('core', 'encryption_enabled', false); - } catch (AppConfigTypeConflictException) { - $this->appConfig->setValueString('core', 'encryption_enabled', 'no'); - } + $this->appConfig->setValueBool('core', 'encryption_enabled', false); $output->writeln('Encryption disabled'); } return 0; diff --git a/core/Command/Encryption/Enable.php b/core/Command/Encryption/Enable.php index 66d30032f5842..7df3851b5c4c3 100644 --- a/core/Command/Encryption/Enable.php +++ b/core/Command/Encryption/Enable.php @@ -10,7 +10,6 @@ namespace OC\Core\Command\Encryption; use OCP\Encryption\IManager; -use OCP\Exceptions\AppConfigTypeConflictException; use OCP\IAppConfig; use Symfony\Component\Console\Command\Command; use Symfony\Component\Console\Input\InputInterface; @@ -34,21 +33,11 @@ protected function configure() { #[\Override] protected function execute(InputInterface $input, OutputInterface $output): int { - try { - $isEnabled = $this->appConfig->getValueBool('core', 'encryption_enabled', false); - } catch (AppConfigTypeConflictException) { - $raw = $this->appConfig->getValueString('core', 'encryption_enabled', 'no'); - $isEnabled = in_array(strtolower(trim($raw)), ['1', 'true', 'yes', 'on'], true); - } - + $isEnabled = $this->appConfig->getValueBool('core', 'encryption_enabled', false); if ($isEnabled) { $output->writeln('Encryption is already enabled'); } else { - try { - $this->appConfig->setValueBool('core', 'encryption_enabled', true); - } catch (AppConfigTypeConflictException) { - $this->appConfig->setValueString('core', 'encryption_enabled', 'yes'); - } + $this->appConfig->setValueBool('core', 'encryption_enabled', true); $output->writeln('Encryption enabled'); } $output->writeln(''); From 5b4afa53a139b99a4e6b66d227e5b5c0bcbedbf4 Mon Sep 17 00:00:00 2001 From: Stephen Cuppett Date: Thu, 30 Apr 2026 19:08:35 -0400 Subject: [PATCH 3/3] fix(encryption): Missed explicit typing Apply suggestion from @artonge Co-authored-by: Louis Signed-off-by: Stephen Cuppett --- apps/encryption/lib/Util.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/encryption/lib/Util.php b/apps/encryption/lib/Util.php index bc6d50b86aa09..58163085f8227 100644 --- a/apps/encryption/lib/Util.php +++ b/apps/encryption/lib/Util.php @@ -61,8 +61,8 @@ public function shouldEncryptHomeStorage() { * * @param bool $encryptHomeStorage */ - public function setEncryptHomeStorage($encryptHomeStorage) { - $this->appConfig->setValueBool('encryption', 'encryptHomeStorage', (bool)$encryptHomeStorage); + public function setEncryptHomeStorage(bool $encryptHomeStorage) { + $this->appConfig->setValueBool('encryption', 'encryptHomeStorage', $encryptHomeStorage); } /**