From 31876926ac7c261d368bf6fd83e399a2f4b6597e Mon Sep 17 00:00:00 2001
From: Claudio Cambra <claudio.cambra@nextcloud.com>
Date: Tue, 15 Nov 2022 17:25:13 +0100
Subject: [PATCH 1/2] Only request mnemonic when user explicitly wants to
 enable E2EE

Signed-off-by: Claudio Cambra <claudio.cambra@nextcloud.com>
---
 src/gui/accountsettings.cpp          |  2 ++
 src/libsync/account.cpp              | 10 ++++++++++
 src/libsync/account.h                |  4 ++++
 src/libsync/clientsideencryption.cpp |  6 ++++++
 4 files changed, 22 insertions(+)

diff --git a/src/gui/accountsettings.cpp b/src/gui/accountsettings.cpp
index 8b53d785f..2b417699a 100644
--- a/src/gui/accountsettings.cpp
+++ b/src/gui/accountsettings.cpp
@@ -258,6 +258,7 @@ void AccountSettings::slotE2eEncryptionGenerateKeys()
 {
     connect(_accountState->account()->e2e(), &ClientSideEncryption::initializationFinished, this, &AccountSettings::slotE2eEncryptionInitializationFinished);
     _accountState->account()->setE2eEncryptionKeysGenerationAllowed(true);
+    _accountState->account()->setAskUserForMnemonic(true);
     _accountState->account()->e2e()->initialize(_accountState->account());
 }
 
@@ -271,6 +272,7 @@ void AccountSettings::slotE2eEncryptionInitializationFinished(bool isNewMnemonic
             displayMnemonic(_accountState->account()->e2e()->_mnemonic);
         }
     }
+    _accountState->account()->setAskUserForMnemonic(false);
 }
 
 void AccountSettings::slotEncryptFolderFinished(int status)
diff --git a/src/libsync/account.cpp b/src/libsync/account.cpp
index a881745a5..1349580ad 100644
--- a/src/libsync/account.cpp
+++ b/src/libsync/account.cpp
@@ -966,4 +966,14 @@ void Account::setE2eEncryptionKeysGenerationAllowed(bool allowed)
     return _e2eEncryptionKeysGenerationAllowed;
 }
 
+bool Account::askUserForMnemonic() const
+{
+    return _e2eAskUserForMnemonic;
+}
+
+void Account::setAskUserForMnemonic(const bool ask)
+{
+    _e2eAskUserForMnemonic = ask;
+}
+
 } // namespace OCC
diff --git a/src/libsync/account.h b/src/libsync/account.h
index 713f32886..5eac9c667 100644
--- a/src/libsync/account.h
+++ b/src/libsync/account.h
@@ -314,10 +314,13 @@ public:
     void setE2eEncryptionKeysGenerationAllowed(bool allowed);
     [[nodiscard]] bool e2eEncryptionKeysGenerationAllowed() const;
 
+    [[nodiscard]] bool askUserForMnemonic() const;
+
 public slots:
     /// Used when forgetting credentials
     void clearQNAMCache();
     void slotHandleSslErrors(QNetworkReply *, QList<QSslError>);
+    void setAskUserForMnemonic(const bool ask);
 
 signals:
     /// Emitted whenever there's network activity
@@ -370,6 +373,7 @@ private:
     bool _trustCertificates = false;
 
     bool _e2eEncryptionKeysGenerationAllowed = false;
+    bool _e2eAskUserForMnemonic = false;
 
     QWeakPointer<Account> _sharedThis;
     QString _id;
diff --git a/src/libsync/clientsideencryption.cpp b/src/libsync/clientsideencryption.cpp
index 401f00f9f..f3b0af87b 100644
--- a/src/libsync/clientsideencryption.cpp
+++ b/src/libsync/clientsideencryption.cpp
@@ -1248,6 +1248,12 @@ void ClientSideEncryption::encryptPrivateKey(const AccountPtr &account)
 }
 
 void ClientSideEncryption::decryptPrivateKey(const AccountPtr &account, const QByteArray &key) {
+    if (!account->askUserForMnemonic()) {
+        qCDebug(lcCse) << "Not allowed to ask user for mnemonic";
+        emit initializationFinished();
+        return;
+    }
+
     QString msg = tr("Please enter your end-to-end encryption passphrase:<br>"
                      "<br>"
                      "Username: %2<br>"

From 3b6064390cf0dd80aabb41fc39a023a05f7d7bc8 Mon Sep 17 00:00:00 2001
From: Claudio Cambra <claudio.cambra@nextcloud.com>
Date: Tue, 29 Nov 2022 11:53:35 +0100
Subject: [PATCH 2/2] Register askUserForMneominc in property system

Signed-off-by: Claudio Cambra <claudio.cambra@nextcloud.com>
---
 src/libsync/account.cpp | 1 +
 src/libsync/account.h   | 2 ++
 2 files changed, 3 insertions(+)

diff --git a/src/libsync/account.cpp b/src/libsync/account.cpp
index 1349580ad..8c5244eed 100644
--- a/src/libsync/account.cpp
+++ b/src/libsync/account.cpp
@@ -974,6 +974,7 @@ bool Account::askUserForMnemonic() const
 void Account::setAskUserForMnemonic(const bool ask)
 {
     _e2eAskUserForMnemonic = ask;
+    emit askUserForMnemonicChanged();
 }
 
 } // namespace OCC
diff --git a/src/libsync/account.h b/src/libsync/account.h
index 5eac9c667..b752fff13 100644
--- a/src/libsync/account.h
+++ b/src/libsync/account.h
@@ -86,6 +86,7 @@ class OWNCLOUDSYNC_EXPORT Account : public QObject
     Q_PROPERTY(QString prettyName READ prettyName NOTIFY prettyNameChanged)
     Q_PROPERTY(QUrl url MEMBER _url)
     Q_PROPERTY(bool e2eEncryptionKeysGenerationAllowed MEMBER _e2eEncryptionKeysGenerationAllowed)
+    Q_PROPERTY(bool askUserForMnemonic READ askUserForMnemonic WRITE setAskUserForMnemonic NOTIFY askUserForMnemonicChanged)
 
 public:
     static AccountPtr create();
@@ -343,6 +344,7 @@ signals:
     void accountChangedAvatar();
     void accountChangedDisplayName();
     void prettyNameChanged();
+    void askUserForMnemonicChanged();
 
     /// Used in RemoteWipe
     void appPasswordRetrieved(QString);