Only request mnemonic when user explicitly wants to enable E2EE

Signed-off-by: Claudio Cambra <claudio.cambra@nextcloud.com>

diff --git a/src/gui/accountsettings.cpp b/src/gui/accountsettings.cpp
index 8b53d785fde31688a12bd06a5bf16c1958dc739a..2b417699ad6652a5d9d5d375c3c04a46dfef88ed 100644 (file)
--- a/src/gui/accountsettings.cpp
+++ b/src/gui/accountsettings.cpp
@@ -258,6 +258,7 @@ void AccountSettings::slotE2eEncryptionGenerateKeys()
 {
     connect(_accountState->account()->e2e(), &ClientSideEncryption::initializationFinished, this, &AccountSettings::slotE2eEncryptionInitializationFinished);
     _accountState->account()->setE2eEncryptionKeysGenerationAllowed(true);
+    _accountState->account()->setAskUserForMnemonic(true);
     _accountState->account()->e2e()->initialize(_accountState->account());
 }
 
@@ -271,6 +272,7 @@ void AccountSettings::slotE2eEncryptionInitializationFinished(bool isNewMnemonic
             displayMnemonic(_accountState->account()->e2e()->_mnemonic);
         }
     }
+    _accountState->account()->setAskUserForMnemonic(false);
 }
 
 void AccountSettings::slotEncryptFolderFinished(int status)

diff --git a/src/libsync/account.cpp b/src/libsync/account.cpp
index a881745a574abf855865a17f6f56fb6ba32065e7..1349580ad4c7d342f122573dfff670eb32c7a6a8 100644 (file)
--- a/src/libsync/account.cpp
+++ b/src/libsync/account.cpp
@@ -966,4 +966,14 @@ void Account::setE2eEncryptionKeysGenerationAllowed(bool allowed)
     return _e2eEncryptionKeysGenerationAllowed;
 }
 
+bool Account::askUserForMnemonic() const
+{
+    return _e2eAskUserForMnemonic;
+}
+
+void Account::setAskUserForMnemonic(const bool ask)
+{
+    _e2eAskUserForMnemonic = ask;
+}
+
 } // namespace OCC

diff --git a/src/libsync/account.h b/src/libsync/account.h
index 713f32886bc783df3c6c260a5ab92433bb535bb4..5eac9c6675da098f9cfb252750cd3ba44c81d979 100644 (file)
--- a/src/libsync/account.h
+++ b/src/libsync/account.h
@@ -314,10 +314,13 @@ public:
     void setE2eEncryptionKeysGenerationAllowed(bool allowed);
     [[nodiscard]] bool e2eEncryptionKeysGenerationAllowed() const;
 
+    [[nodiscard]] bool askUserForMnemonic() const;
+
 public slots:
     /// Used when forgetting credentials
     void clearQNAMCache();
     void slotHandleSslErrors(QNetworkReply *, QList<QSslError>);
+    void setAskUserForMnemonic(const bool ask);
 
 signals:
     /// Emitted whenever there's network activity
@@ -370,6 +373,7 @@ private:
     bool _trustCertificates = false;
 
     bool _e2eEncryptionKeysGenerationAllowed = false;
+    bool _e2eAskUserForMnemonic = false;
 
     QWeakPointer<Account> _sharedThis;
     QString _id;

diff --git a/src/libsync/clientsideencryption.cpp b/src/libsync/clientsideencryption.cpp
index 401f00f9f63d22ec46de7ac9097427b75b7197be..f3b0af87b9c2dada9e13e2fb6a6d28a0aada30ef 100644 (file)
--- a/src/libsync/clientsideencryption.cpp
+++ b/src/libsync/clientsideencryption.cpp
@@ -1248,6 +1248,12 @@ void ClientSideEncryption::encryptPrivateKey(const AccountPtr &account)
 }
 
 void ClientSideEncryption::decryptPrivateKey(const AccountPtr &account, const QByteArray &key) {
+    if (!account->askUserForMnemonic()) {
+        qCDebug(lcCse) << "Not allowed to ask user for mnemonic";
+        emit initializationFinished();
+        return;
+    }
+
     QString msg = tr("Please enter your end-to-end encryption passphrase:<br>"
                      "<br>"
                      "Username: %2<br>"