mirror of
https://github.com/nextcloud/desktop.git
synced 2024-10-27 15:05:19 +03:00
Forget key + cert + mnemonic on account removal
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This commit is contained in:
parent
a48a3e0acc
commit
4551bbe0e0
4 changed files with 38 additions and 7 deletions
|
@ -312,6 +312,9 @@ void AccountManager::deleteAccount(AccountState *account)
|
||||||
auto settings = ConfigFile::settingsWithGroup(QLatin1String(accountsC));
|
auto settings = ConfigFile::settingsWithGroup(QLatin1String(accountsC));
|
||||||
settings->remove(account->account()->id());
|
settings->remove(account->account()->id());
|
||||||
|
|
||||||
|
// Forget E2E keys
|
||||||
|
account->account()->e2e()->forgetSensitiveData();
|
||||||
|
|
||||||
emit accountRemoved(account);
|
emit accountRemoved(account);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -51,6 +51,12 @@ QString baseUrl(){
|
||||||
return QStringLiteral("ocs/v2.php/apps/end_to_end_encryption/api/v1/");
|
return QStringLiteral("ocs/v2.php/apps/end_to_end_encryption/api/v1/");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
namespace {
|
||||||
|
const char e2e_cert[] = "_e2e-certificate";
|
||||||
|
const char e2e_private[] = "_e2e-private";
|
||||||
|
const char e2e_mnemonic[] = "_e2e-mnemonic";
|
||||||
|
} // ns
|
||||||
|
|
||||||
namespace {
|
namespace {
|
||||||
void handleErrors(void)
|
void handleErrors(void)
|
||||||
{
|
{
|
||||||
|
@ -629,7 +635,7 @@ void ClientSideEncryption::initialize()
|
||||||
void ClientSideEncryption::fetchFromKeyChain() {
|
void ClientSideEncryption::fetchFromKeyChain() {
|
||||||
const QString kck = AbstractCredentials::keychainKey(
|
const QString kck = AbstractCredentials::keychainKey(
|
||||||
_account->url().toString(),
|
_account->url().toString(),
|
||||||
_account->credentials()->user() + "_e2e-certificate",
|
_account->credentials()->user() + e2e_cert,
|
||||||
_account->id()
|
_account->id()
|
||||||
);
|
);
|
||||||
|
|
||||||
|
@ -662,7 +668,7 @@ void ClientSideEncryption::publicKeyFetched(Job *incoming) {
|
||||||
|
|
||||||
const QString kck = AbstractCredentials::keychainKey(
|
const QString kck = AbstractCredentials::keychainKey(
|
||||||
_account->url().toString(),
|
_account->url().toString(),
|
||||||
_account->credentials()->user() + "_e2e-private",
|
_account->credentials()->user() + e2e_private,
|
||||||
_account->id()
|
_account->id()
|
||||||
);
|
);
|
||||||
|
|
||||||
|
@ -701,7 +707,7 @@ void ClientSideEncryption::privateKeyFetched(Job *incoming) {
|
||||||
|
|
||||||
const QString kck = AbstractCredentials::keychainKey(
|
const QString kck = AbstractCredentials::keychainKey(
|
||||||
_account->url().toString(),
|
_account->url().toString(),
|
||||||
_account->credentials()->user() + "_e2e-mnemonic",
|
_account->credentials()->user() + e2e_mnemonic,
|
||||||
_account->id()
|
_account->id()
|
||||||
);
|
);
|
||||||
|
|
||||||
|
@ -734,7 +740,7 @@ void ClientSideEncryption::mnemonicKeyFetched(QKeychain::Job *incoming) {
|
||||||
void ClientSideEncryption::writePrivateKey() {
|
void ClientSideEncryption::writePrivateKey() {
|
||||||
const QString kck = AbstractCredentials::keychainKey(
|
const QString kck = AbstractCredentials::keychainKey(
|
||||||
_account->url().toString(),
|
_account->url().toString(),
|
||||||
_account->credentials()->user() + "_e2e-private",
|
_account->credentials()->user() + e2e_private,
|
||||||
_account->id()
|
_account->id()
|
||||||
);
|
);
|
||||||
|
|
||||||
|
@ -752,7 +758,7 @@ void ClientSideEncryption::writePrivateKey() {
|
||||||
void ClientSideEncryption::writeCertificate() {
|
void ClientSideEncryption::writeCertificate() {
|
||||||
const QString kck = AbstractCredentials::keychainKey(
|
const QString kck = AbstractCredentials::keychainKey(
|
||||||
_account->url().toString(),
|
_account->url().toString(),
|
||||||
_account->credentials()->user() + "_e2e-certificate",
|
_account->credentials()->user() + e2e_cert,
|
||||||
_account->id()
|
_account->id()
|
||||||
);
|
);
|
||||||
|
|
||||||
|
@ -770,7 +776,7 @@ void ClientSideEncryption::writeCertificate() {
|
||||||
void ClientSideEncryption::writeMnemonic() {
|
void ClientSideEncryption::writeMnemonic() {
|
||||||
const QString kck = AbstractCredentials::keychainKey(
|
const QString kck = AbstractCredentials::keychainKey(
|
||||||
_account->url().toString(),
|
_account->url().toString(),
|
||||||
_account->credentials()->user() + "_e2e-mnemonic",
|
_account->credentials()->user() + e2e_mnemonic,
|
||||||
_account->id()
|
_account->id()
|
||||||
);
|
);
|
||||||
|
|
||||||
|
@ -785,6 +791,26 @@ void ClientSideEncryption::writeMnemonic() {
|
||||||
job->start();
|
job->start();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void ClientSideEncryption::forgetSensitiveData()
|
||||||
|
{
|
||||||
|
_privateKey = QSslKey();
|
||||||
|
_certificate = QSslCertificate();
|
||||||
|
_publicKey = QSslKey();
|
||||||
|
_mnemonic = QString();
|
||||||
|
|
||||||
|
auto startDeleteJob = [this](QString user) {
|
||||||
|
DeletePasswordJob *job = new DeletePasswordJob(Theme::instance()->appName());
|
||||||
|
job->setInsecureFallback(false);
|
||||||
|
job->setKey(AbstractCredentials::keychainKey(_account->url().toString(), user, _account->id()));
|
||||||
|
job->start();
|
||||||
|
};
|
||||||
|
|
||||||
|
auto user = _account->credentials()->user();
|
||||||
|
startDeleteJob(user + e2e_private);
|
||||||
|
startDeleteJob(user + e2e_cert);
|
||||||
|
startDeleteJob(user + e2e_mnemonic);
|
||||||
|
}
|
||||||
|
|
||||||
bool ClientSideEncryption::hasPrivateKey() const
|
bool ClientSideEncryption::hasPrivateKey() const
|
||||||
{
|
{
|
||||||
return !_privateKey.isNull();
|
return !_privateKey.isNull();
|
||||||
|
|
|
@ -43,6 +43,8 @@ public:
|
||||||
bool isFolderEncrypted(const QString& path);
|
bool isFolderEncrypted(const QString& path);
|
||||||
void setFolderEncryptedStatus(const QString& path, bool status);
|
void setFolderEncryptedStatus(const QString& path, bool status);
|
||||||
|
|
||||||
|
void forgetSensitiveData();
|
||||||
|
|
||||||
private slots:
|
private slots:
|
||||||
void folderEncryptedStatusFetched(const QMap<QString, bool> &values);
|
void folderEncryptedStatusFetched(const QMap<QString, bool> &values);
|
||||||
void folderEncryptedStatusError(int error);
|
void folderEncryptedStatusError(int error);
|
||||||
|
|
Loading…
Reference in a new issue