create new encryption keys on password reset and backup the old one

[schiessle]

Some improvements how password reset is handled:
We backup the users private/public key and create new one (that's the most common use case)

fix #2907
fix #427
fix #2908

[mention-bot]

@schiessle, thanks for your PR! By analyzing the history of the files in this pull request, we identified @nickvergessen, @LukasReschke and @rullzer to be potential reviewers.

[schiessle]

@GitHubUser4234 this also solves the logging issue, discussed here #2563

[GitHubUser4234]

Thanks @schiessle for remembering the issue :) Would be glad if you could also join the discussion at #2920, thanks a lot!

[schiessle]

reviews needed... cc @LukasReschke @nickvergessen @nextcloud/encryption

@zecke @boldandbusted maybe you can also test if this fixes your issues mentioned above... Thanks!

[nickvergessen]

Is this needed? I don't think so, because otherwise the core would not be loaded at all...

[schiessle]

removed

[nickvergessen]

unknown type(o)

[schiessle]

fixed

[nickvergessen]

Other then the typos works

[codecov-io]

Current coverage is 53.90% (diff: 77.77%)

Merging #2918 into master will increase coverage by 46.55%

@@            master      #2918   diff @@
=========================================
  Files         1302       1302            
  Lines        79394      80059     +665   
  Methods       7900       7904       +4   
  Messages         0          0            
  Branches      1245       1245            
=========================================
+ Hits          5841      43158   +37317   
+ Misses       73553      36901   -36652   
  Partials         0          0            

Diff Coverage	File Path
••••••• 72%	apps/encryption/lib/Hooks/UserHooks.php
•••••••• 81%	lib/private/Encryption/Keys/Storage.php
•••••••••• 100%	apps/encryption/lib/KeyManager.php
•••••••••• 100%	core/Controller/LostController.php

Powered by Codecov. Last update 40239de...fcda3a2

[schiessle]

Only one more review needed... Who wants to click the "merge" button and close three issues at once? 😉

[schiessle]

Would be awesome to get a second review... @icewind1991 @LukasReschke @MorrisJobke

[MorrisJobke]

When setup encryption, set a recovery password, activate the recovery feature for the user, upload an image and then recover the password old files can't be accessed anymore. I got following error:

{
	"reqId":"IwsR7e2dw5j2Jro6EGF3",
	"remoteAddr":"::1",
	"app":"webdav",
	"message": {
		"Message":"HTTP\/1.1 503 Encryption not ready: multikeydecrypt with share key failed:error:0407109F:rsa routines:RSA_padding_check_PKCS1_type_2:pkcs decoding error",
		"Exception":"Sabre\\DAV\\Exception\\ServiceUnavailable",
		"Code":0,
		"Trace":"
			#0 3rdparty\/sabre\/dav\/lib\/DAV\/CorePlugin.php(85): OCA\\DAV\\Connector\\Sabre\\File->get()
			#1 [internal function]: Sabre\\DAV\\CorePlugin->httpGet(Object(Sabre\\HTTP\\Request), Object(Sabre\\HTTP\\Response))
			#2 3rdparty\/sabre\/event\/lib\/EventEmitterTrait.php(105): call_user_func_array(Array, Array)
			#3 3rdparty\/sabre\/dav\/lib\/DAV\/Server.php(479): Sabre\\Event\\EventEmitter->emit('method:GET', Array)
			#4 3rdparty\/sabre\/dav\/lib\/DAV\/Server.php(254): Sabre\\DAV\\Server->invokeMethod(Object(Sabre\\HTTP\\Request), Object(Sabre\\HTTP\\Response))
			#5 apps\/dav\/appinfo\/v1\/webdav.php(60): Sabre\\DAV\\Server->exec()
			#6 remote.php(165): require_once('\/Users\/morrisjo...')
			#7 {main}",
		"File":"apps\/dav\/lib\/Connector\/Sabre\/File.php",
		"Line":312,
		"User":"def"
	},
	"level":4,
	"time":"2017-01-13T10:09:49+00:00",
	"method":"GET",
	"url":"/server/remote.php/webdav/2016-06-01%20Avatar.jpg?downloadStartSecret=jzot8om95lwu8by8ui35wmi",
	"user":"def",
	"version":"12.0.0.12"
}

[nickvergessen]

Yeah, that is expected and unchanged. The difference is you can at least create new files now.

[MorrisJobke]

Yeah, that is expected and unchanged. The difference is you can at least create new files now.

Ah okay - this worked fine.