During the wizard we currently don't have much information about the
encrypted folders. In particular we can only display their mangled names
which is far from ideal for the user to make an informed choice.
That's why in the wizard we now forbid creation of subfolders in e2ee
folders and we also don't display subfolders of e2ee folders.
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
Since the e2e oracle works only in term of absolute remote paths and
that our model x._path was relative, we need to properly convert.
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
In such cases we get a download for which _file is already the demangled
name and _encryptedFileName has the mangled information. This is
different to what we encountered so far where initially _file was
mangled and _encryptedFileName was empty. Let's deal with that case
properly.
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
Otherwise on second sync we wouldn't find anything under a mangled path
and just end up thinking said files were removed.
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
Otherwise, after a first sync all the mangled entries would be removed
from the journal. On second sync it would be fine because we'd then have
seen the unmangled names because of the local files. Unfortunately
that'd mean reuploading them for nothing or trying to mkdir again on the
server for nothing... with a chance of using differently mangled names
(although I didn't spot it, I can't exclude it never happened).
This also led to weirdly getting stuck during sync when there was more
than one sync point.
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
Yes... I still wish this would be all driven by the type system, would be
much less error-prone.
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
I wish this would be all driven by the type system instead of
error-prone string concatenation everywhere. That will be for a (much)
later refactoring hopefully.
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
It turns out this job expected an absolute remote path even in the case
of a subfolder sync point.
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
This was half broken before that commit and the previous one since some
of the categories would not be captured.
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
Otherwise it was a bit confusing and annoying for filter rules:
e.g. "nextcloud.sync.*" vs "sync.*".
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
This means adjusting PropagateDownloadEncrypted so that it knows where
the file will end (otherwise it would create temporary files in non
existant paths for instance).
In turn we have to adjust PropagateDownloadFile accordingly so that it
resolves the local folder the file will end up in.
And last we adjust PropagateLocalMkdir to resolve paths as well and
demangle as needed.
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
We give them a parent to make sure they will be destroyed when the jobs
which created them are destroyed themselves.
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
PropagateUploadEncrypted made the assumption of the folder names never
being mangled. This is not true since the previous commits so make sure
we properly deal with that using the journal db.
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
This is not only a question of performances in our case (complexity
being better on look ups). It also provides a few more services.
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
We ensure the PROPFIND Depth is infinity by explicitly specifying the
header (turns out our implementation just doesn't assume infinity
otherwise). This way we have a clear picture about *all* the folders of
the user, otherwise ClientSideEncryption couldn't be a trustable oracle
on the encryption state for any folder not on the root and all the
encryption code assumes it has a full picture of encryption.
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
We catch when a directory is inside a known encrypted folder and in such
a case we now do the following:
1) we encrypt the folder meta data (its name) properly and create it
under that mangled name on the server side
2) we mark the new folder itself as encrypted
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
It was assuming we'd encrypt only files but directory names also need to
be encrypted. We just skip the writing to temp file part in that case.
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
This way this whole logic isn't stuck into the settings dialog anymore.
Also cleaned up the unused "decrypt folder" logic.
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
This is a much better place than the GUI, this way we ensure the
propagator is always operating of up to date information. Previously if
the propagator kicked in without user interaction from startup (not
showing the settings dialog) it would have no E2E information available
whatsoever... unsurprisingly it would thus take wrong information at
every turn.
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
Since we want to move to a place where the encryption of subfolders is
always enforced it makes no sense to leave it in control of the user.
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>
Using a reference capture is a disaster waiting to happen here, if for
some reason we'd move from exec() to popup() for the menu below we'd be
getting garbage in the lambda call.
Signed-off-by: Kevin Ottens <kevin.ottens@nextcloud.com>