This change helps user to switch between master keys

[sharidas]

and user specific keys.

Signed-off-by: Sujith H sharidasan@owncloud.com

Description

This change helps us to make master key as default for encryption instead of default configuration we had.

Related Issue

fixes #26847

Motivation and Context

How Has This Been Tested?

Testing yet to be done. This has only UI change.

Screenshots (if appropriate):

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• My code follows the code style of this project.
• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have read the CONTRIBUTING document.
• I have added tests to cover my changes.
• All new and existing tests passed.

[mention-bot]

@sharidas, thanks for your PR! By analyzing the history of the files in this pull request, we identified @DeepDiver1975, @PVince81 and @tomneedham to be potential reviewers.

[sharidas]

I would like to know if the UI part looks ok?

[sharidas]

@felixheidecke Any suggestion?

[felixheidecke]

@sharidas Could you provide a few screenshots? Would be the fastest way to get feedback ;-)

[PVince81]

always use strict equality ===.

please setup jshint/jslint, it will show you warnings for this

[PVince81]

this code is difficult to read

I suggest to have only a single method, like "onChange" which then toggles the options based on the conditions.
For example:

$('#encryptionAPI').toggleClass(!userSpecificEncryption, 'hidden')

This way you only need a single row instead of having it appear three times in different functions

[PVince81]

remove logging

[PVince81]

the function OC.AppConfig.setValue() does an ajax call, so if you reload the page directly after that there is a slight risk of race condition in which the value isn't completely saved. Usually when reloading the page the browser will abort all ajax connections.

only reload the page once the ajax call finished

[PVince81]

text translation missing, please recheck all the texts and make sure you're using the translation function

[sharidas]

@PVince81 I have updated the patch set with the changes mentioned below:

1. Replaced the drop texts with the translation function
2. Used ajaxStop function after the setValue's used.
3. Removed console.log which was there in the code.
4. Used === for equality check.
5. Wrote a single function which gets called for the onChange event of the drop down selection.
6. Tried adding some comments, to make the code readable.

Let me know if the code looks better, else I can refactor again.

[sharidas]

@felixheidecke Below are the screenshots:
a) The initial page when user clicks on the encryption ( after encryption app is enabled and user re-logins back to the UI)

b) The drop down select has 3 options. Of them default is what user sees in encryption page, unless user selects any of the other two and configures.
c) The second option in the drop down is : "Master Key". When user selects that from the drop down the following page appears on screen:

c a) When master key is selected the user is asked with a warning message. This warning message helps user understand that once selected it cannot be reverted.
c b ) If user clicks "Enable Selection" of master key, then the page reloads and you see a screen as shown below:

d) If user selects the 3rd option which is: "User-specific key" this is how the screen appears

d a) Once the user clicks "Enable server-side encryption" the screen appears as shown below:

d b) Once the user clicks "Enable encryption" this is how the screen appears:

d c) After entering the pasword for recovery key the screen appears as shown below:

e) Once the selection of master key or user specific key is made I have made a provision to disable the select ( drop down).
Let me know if the screenshot helps you :)

[PVince81]

No, this will break in some cases.

Not only this code is doing ajax calls. There are background processes like the notifications app, the heartbeat, etc that will trigger ajax calls.

A better approach is to use promises:

• adjust setValue and other methods to return the result of $.post or other ajax calls
• use $.when(call1, call2, call3).then(function() { ... }) to find out when all the three calls have finished.

[PVince81]

The flow is wrong, "Enable server-side encryption" must always be the first entry.
Then after that the selection of encryption type.

Also, remember that this checkbox "Enable server-side encryption" is about enabling the encryption subsystem/engine in core, not enabling a specific module.

The code with the encryption type selection needs to be part of the "Default encryption module" app (aka plugin). Keep in mind that other developers can write their own "Custom encryption module" (aka plugin) in which case the new dropdown is not relevant at all.

The encryption module code is in the "apps/encryption" folder. Please move the dropdown logic there.

[PVince81]

Flow as follows:

1. Admin enables the app "default encryption module"
2. Admin goes to admin page
3. Admin clicks "Enable server-side encryption" then "Enable encryption"
4. Admin scrolls down to the "Encryption" section (let's rename it to "Default encryption module")
5. Admin selects encryption type (which is the only visible item at this stage)
6. If admin picked "user-keys": now display all old fields
   • if admin picked "master-key": no further fields

The dropdown needs a button "Select this mode".
Once clicked, the dropdown must disappear and be replaced with a label: "Encryption type: xyz" which cannot be changed any more.

[sharidas]

@PVince81 Thanks for the review comments. I have updated the PR and below are the changes made in the updated PR:

1. Made the work flow as follows:
   After enabling the encryption app and after re-login, admin when navigates to "encryption" page
   a) "Encryption" has been renamed to "Default encryption module"
   b) Once user selects either of the options: "Master Key" or "User-specific Key", a "select this mode" button appears
   c) Once the button is clicked based on the respective mode, the drop down and the button is not visible to the user. And a label appers "Encryption: master key" if master was selected or "Encryption: User specific key" if user specific key was selected.
   d) If user had opted for the master key then page reload happens
   e) The logic for the user specific key remains the same.

Let me know how the current PR looks?

[PVince81]

• BUG: Getting this message after "enable encryption" then "enable default encryption module app":
  "Encryption App is enabled but your keys are not initialized, please log-out and log-in again"

This message shouldn't appear until an encryption type has been selected, because this message is only relevant for user-key mode encryption.

• TODO: change the button text to "Permanently select this mode"
• BUG: do not display anything under the dropdown until a mode is selected. So selecting "user-key" should not show anything either. Once the selection is made, the dropdown disappears forever and the rest of the form can appear.

[PVince81]

Enabling the modes worked fine, nice!

[PVince81]

note: a way to prevent reading these values with ajax would be to append them into the template on the PHP side then read them out with JS.

[PVince81]

this cannot work properly, you didn't adjust OC.AppConfig.setValue to actually return the ajax object

[PVince81]

well, the two "setValue" calls do work, but the final callback to reload the page is never called

[sharidas]

@PVince81 I have updated the PR for review by making the changes as follows:

1. Fixed bug : Getting this message after "enable encryption" then "enable default encryption module app": "Encryption App is enabled but your keys are not initialized, please log-out and log-in again"
2. Changed button text to "Permanently select this mode"
3. Once the user clicks the "Permanently select this mode", the rest of the form is displayed and the drop down is not displayed for ever.
4. For the getValue thing, I have moved the call to the PHP template and the JS code reads from there.
5. I have made adjustments to call the 2 setValue and passed the promise objects to when. I did a verification using firebug. When page reload is called, the setValues are seen to be completed their job. Verified in the network response section of firebug.

Hope the updated PR looks fine.

[sharidas]

Encryption Key: Master Key

• TEST: Upload a file and verify its encrypted using cat command.
• TEST: Create a file and verify its encrypted using cat command.
• TEST: Modify the existing file, i.e, welcome.txt. Verified that file is encrypted after modification using cat command.

Encryption Key: User-specific keys

• TEST: Upload a file and verify its encrypted using cat command.
• TEST: Create a file and verify its encrypted using cat command.
• TEST: Modify the existing file, i.e, welcome.txt. Verified that file is encrypted after modification using cat command.
• TEST: Verified that after creating recovery password, the user password can be updated by applying the admin recovery password in UI.

Command line:

Encryption Key : User-specific keys ( ./occ encryption:select-encryption-type user-keys or ./occ encryption:select-encryption-type user-keys -y )

• TEST: Upload a file and verify its encrypted using cat command.
• TEST: Create a file and verify its encrypted using cat command.
• TEST: Modify the existing file, i.e, welcome.txt. Verified that file is encrypted after modification using cat command.
• TEST: Verified that after creating recovery password, the user password can be updated by applying the admin recovery password in UI.

Encryption Key : Master key ( ./occ encryption:select-encryption-type masterkey or ./occ encryption:select-encryption-type masterkey -y )

• TEST: Upload a file and verify its encrypted using cat command.
• TEST: Create a file and verify its encrypted using cat command.
• TEST: Modify the existing file, i.e, welcome.txt. Verified that file is encrypted after modification using cat command.

[PVince81]

• add spinner while encryption is being enabled. It took a few seconds to enable master key and it makes the UI look broken (check how other spinners are displayed for example in the share panel, there's a CSS class for it)
• the text "Encryption: master key" that appears after going to that page again after enabling, the text must not display a hand cursor as it's not clickable

Otherwise this looked good in my quick local tests.

[sharidas]

Does this spinner look ok?

[PVince81]

Argh, global ids again ? What if another section also has a spinenr called "loadSpinner" ?

Please use class names instead.
The only id that's acceptable here is the parent element #encryptionKeySelection, so use a selector like #encryptionKeySelection .loading when toggling or something.

And when toggling please force the value to "true" as you might not know what its previous state is.

[sharidas]

This looks better, right? I have tested the same.

[PVince81]

Did you test it ?

The spinner only shortly appears at the very right of the row and disappears very quickly.

Also looking at the code it looks like it sets the class on the whole container, which looks wrong.
The spinner should have its own div element.

[sharidas]

Made the modification by having the div for spinner. And now atleast the spinner doesn't vanish quickly.

[PVince81]

Looks good now 👍

[lock]

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.