fix(encryption): Do not register user key related event listeners

when master key is enabled. Also added a safeguard in PassphraseService. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
5 months ago · f6365e76a1
2 changed files with 23 additions and 8 deletions
--- a/apps/encryption/lib/AppInfo/Application.php
+++ b/apps/encryption/lib/AppInfo/Application.php
@ -72,7 +72,12 @@ class Application extends App implements IBootstrap {
 		}
 	}

-	public function registerEventListeners(IConfig $config, IEventDispatcher $eventDispatcher, IManager $encryptionManager): void {
+	public function registerEventListeners(
+		IConfig $config,
+		IEventDispatcher $eventDispatcher,
+		IManager $encryptionManager,
+		Util $util,
+	): void {
 		if (!$encryptionManager->isEnabled()) {
 			return;
 		}
@ -84,18 +89,23 @@ class Application extends App implements IBootstrap {
 		}

 		// No maintenance so register all events
-		$eventDispatcher->addServiceListener(UserCreatedEvent::class, UserEventsListener::class);
-		$eventDispatcher->addServiceListener(UserDeletedEvent::class, UserEventsListener::class);
-		$eventDispatcher->addServiceListener(BeforePasswordUpdatedEvent::class, UserEventsListener::class);
-		$eventDispatcher->addServiceListener(PasswordUpdatedEvent::class, UserEventsListener::class);
-		$eventDispatcher->addServiceListener(BeforePasswordResetEvent::class, UserEventsListener::class);
-		$eventDispatcher->addServiceListener(PasswordResetEvent::class, UserEventsListener::class);
 		$eventDispatcher->addServiceListener(UserLoggedInEvent::class, UserEventsListener::class);
 		$eventDispatcher->addServiceListener(UserLoggedInWithCookieEvent::class, UserEventsListener::class);
 		$eventDispatcher->addServiceListener(UserLoggedOutEvent::class, UserEventsListener::class);
+		if (!$util->isMasterKeyEnabled()) {
+			// Only make sense if no master key is used
+			$eventDispatcher->addServiceListener(UserCreatedEvent::class, UserEventsListener::class);
+			$eventDispatcher->addServiceListener(UserDeletedEvent::class, UserEventsListener::class);
+			$eventDispatcher->addServiceListener(BeforePasswordUpdatedEvent::class, UserEventsListener::class);
+			$eventDispatcher->addServiceListener(PasswordUpdatedEvent::class, UserEventsListener::class);
+			$eventDispatcher->addServiceListener(BeforePasswordResetEvent::class, UserEventsListener::class);
+			$eventDispatcher->addServiceListener(PasswordResetEvent::class, UserEventsListener::class);
+		}
 	}

-	public function registerEncryptionModule(IManager $encryptionManager) {
+	public function registerEncryptionModule(
+		IManager $encryptionManager,
+	) {
 		$container = $this->getContainer();

 		$encryptionManager->registerEncryptionModule(
--- a/apps/encryption/lib/Services/PassphraseService.php
+++ b/apps/encryption/lib/Services/PassphraseService.php
@ -55,6 +55,11 @@ class PassphraseService {
 			return true;
 		}

+		if ($this->util->isMasterKeyEnabled()) {
+			$this->logger->error('setPassphraseForUser should never be called when master key is enabled');
+			return true;
+		}
+
 		// Check user exists on backend
 		$user = $this->userManager->get($userId);
 		if ($user === null) {