Port encryption admin settings to vue

Signed-off-by: Carl Schwan <carl@carlschwan.eu>

apps/settings/appinfo/routes.php

@@ -40,7 +40,6 @@ return [
 		['name' => 'MailSettings#setMailSettings', 'url' => '/settings/admin/mailsettings', 'verb' => 'POST' , 'root' => ''],
 		['name' => 'MailSettings#storeCredentials', 'url' => '/settings/admin/mailsettings/credentials', 'verb' => 'POST' , 'root' => ''],
 		['name' => 'MailSettings#sendTestMail', 'url' => '/settings/admin/mailtest', 'verb' => 'POST' , 'root' => ''],
-		['name' => 'Encryption#startMigration', 'url' => '/settings/admin/startmigration', 'verb' => 'POST' , 'root' => ''],
 
 		['name' => 'AppSettings#listCategories', 'url' => '/settings/apps/categories', 'verb' => 'GET' , 'root' => ''],
 		['name' => 'AppSettings#viewApps', 'url' => '/settings/apps', 'verb' => 'GET' , 'root' => ''],

apps/settings/css/settings.css

@@ -1154,17 +1154,10 @@ table.grid td.date {
 
 #two-factor-auth h2,
 #shareAPI h2,
-#encryptionAPI h2,
 #mail_general_settings h2 {
   display: inline-block;
 }
 
-#encryptionAPI li {
-  list-style-type: initial;
-  margin-left: 20px;
-  padding: 5px 0;
-}
-
 .mail_settings p label:first-child {
   display: inline-block;
   width: 300px;
@@ -1270,15 +1263,6 @@ doesnotexist:-o-prefocus, .strengthify-wrapper {
   padding: 3px 0;
 }
 
-#selectEncryptionModules {
-  margin-left: 30px;
-  padding: 10px;
-}
-
-#encryptionModules {
-  padding: 10px;
-}
-
 #warning {
   color: red;
 }

apps/settings/css/settings.scss

@@ -1312,17 +1312,10 @@ table.grid td.date {
 
 #two-factor-auth h2,
 #shareAPI h2,
-#encryptionAPI h2,
 #mail_general_settings h2 {
 	display: inline-block;
 }
 
-#encryptionAPI li {
-	list-style-type: initial;
-	margin-left: 20px;
-	padding: 5px 0;
-}
-
 .mail_settings p {
 	label:first-child {
 		display: inline-block;
@@ -1449,15 +1442,6 @@ doesnotexist:-o-prefocus, .strengthify-wrapper {
 	}
 }
 
-#selectEncryptionModules {
-	margin-left: 30px;
-	padding: 10px;
-}
-
-#encryptionModules {
-	padding: 10px;
-}
-
 #warning {
 	color: red;
 }

apps/settings/lib/Settings/Admin/Security.php

@@ -68,26 +68,15 @@ class Security implements ISettings {
 			}
 		}
 
-		$this->initialState->provideInitialState(
-			'mandatory2FAState',
-			$this->mandatoryTwoFactor->getState()
-		);
+		$this->initialState->provideInitialState('mandatory2FAState', $this->mandatoryTwoFactor->getState());
+		$this->initialState->provideInitialState('two-factor-admin-doc', $this->urlGenerator->linkToDocs('admin-2fa'));
+		$this->initialState->provideInitialState('encryption-enabled', $this->manager->isEnabled());
+		$this->initialState->provideInitialState('encryption-ready', $this->manager->isReady());
+		$this->initialState->provideInitialState('external-backends-enabled', count($this->userManager->getBackends()) > 1);
+		$this->initialState->provideInitialState('encryption-modules', $encryptionModuleList);
+		$this->initialState->provideInitialState('encryption-admin-doc', $this->urlGenerator->linkToDocs('admin-encryption'));
 
-		$this->initialState->provideInitialState(
-			'two-factor-admin-doc',
-			$this->urlGenerator->linkToDocs('admin-2fa')
-		);
-
-		$parameters = [
-			// Encryption API
-			'encryptionEnabled' => $this->manager->isEnabled(),
-			'encryptionReady' => $this->manager->isReady(),
-			'externalBackendsEnabled' => count($this->userManager->getBackends()) > 1,
-			// Modules
-			'encryptionModules' => $encryptionModuleList,
-		];
-
-		return new TemplateResponse('settings', 'settings/admin/security', $parameters, '');
+		return new TemplateResponse('settings', 'settings/admin/security', [], '');
 	}
 
 	/**

apps/settings/src/admin.js

@@ -18,37 +18,6 @@ window.addEventListener('DOMContentLoaded', () => {
 		$('#shareAPI p:not(#enable)').toggleClass('hidden', !this.checked)
 	})
 
-	$('#enableEncryption').change(() => {
-		$('#encryptionAPI div#EncryptionWarning').toggleClass('hidden')
-	})
-
-	$('#reallyEnableEncryption').click(() => {
-		$('#encryptionAPI div#EncryptionWarning').toggleClass('hidden')
-		$('#encryptionAPI div#EncryptionSettingsArea').toggleClass('hidden')
-		OCP.AppConfig.setValue('core', 'encryption_enabled', 'yes')
-		$('#enableEncryption').attr('disabled', 'disabled')
-	})
-
-	$('#startmigration').click((event) => {
-		$(window).on('beforeunload.encryption', (e) => {
-			return t('settings', 'Migration in progress. Please wait until the migration is finished')
-		})
-		event.preventDefault()
-		$('#startmigration').prop('disabled', true)
-		OC.msg.startAction('#startmigration_msg', t('settings', 'Migration started …'))
-		$.post(OC.generateUrl('/settings/admin/startmigration'), '', function(data) {
-			OC.msg.finishedAction('#startmigration_msg', data)
-			if (data.status === 'success') {
-				$('#encryptionAPI div#selectEncryptionModules').toggleClass('hidden')
-				$('#encryptionAPI div#migrationWarning').toggleClass('hidden')
-			} else {
-				$('#startmigration').prop('disabled', false)
-			}
-			$(window).off('beforeunload.encryption')
-
-		})
-	})
-
 	$('#shareapiExpireAfterNDays').on('input', function() {
 		this.value = this.value.replace(/\D/g, '')
 	})

apps/settings/src/components/Encryption.vue

@@ -0,0 +1,209 @@
+<!--
+	- @copyright 2022 Carl Schwan <carl@carlschwan.eu>
+	-
+	- @author Carl Schwan <carl@carlschwan.eu>
+	-
+	- @license GNU AGPL version 3 or any later version
+	-
+	- This program is free software: you can redistribute it and/or modify
+	- it under the terms of the GNU Affero General Public License as
+	- published by the Free Software Foundation, either version 3 of the
+	- License, or (at your option) any later version.
+	-
+	- This program is distributed in the hope that it will be useful,
+	- but WITHOUT ANY WARRANTY; without even the implied warranty of
+	- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+	- GNU Affero General Public License for more details.
+	-
+	- You should have received a copy of the GNU Affero General Public License
+	- along with this program. If not, see <http://www.gnu.org/licenses/>.
+	-
+-->
+
+<template>
+	<SettingsSection :title="t('settings', 'Server-side encryption')"
+		:description="t('settings', 'Server-side encryption makes it possible to encrypt files which are uploaded to this server. This comes with limitations like a performance penalty, so enable this only if needed.')"
+		:doc-url="encryptionAdminDoc">
+		<CheckboxRadioSwitch :checked="encryptionEnabled || shouldDisplayWarning"
+			:disabled="encryptionEnabled"
+			type="switch"
+			@update:checked="displayWarning">
+			{{ t('settings', 'Enable server-side encryption') }}
+		</CheckboxRadioSwitch>
+
+		<div v-if="shouldDisplayWarning && !encryptionEnabled" class="notecard warning" role="alert">
+			<p>{{ t('settings', 'Please read carefully before activating server-side encryption:') }}</p>
+			<ul>
+				<li>{{ t('settings', 'Once encryption is enabled, all files uploaded to the server from that point forward will be encrypted at rest on the server. It will only be possible to disable encryption at a later date if the active encryption module supports that function, and all pre-conditions (e.g. setting a recover key) are met.') }}</li>
+				<li>{{ t('settings', 'Encryption alone does not guarantee security of the system. Please see documentation for more information about how the encryption app works, and the supported use cases.') }}</li>
+				<li>{{ t('settings', 'Be aware that encryption always increases the file size.') }}</li>
+				<li>{{ t('settings', 'It is always good to create regular backups of your data, in case of encryption make sure to backup the encryption keys along with your data.') }}</li>
+			</ul>
+
+			<p class="margin-bottom">
+				{{ t('settings', 'This is the final warning: Do you really want to enable encryption?') }}
+			</p>
+			<Button type="primary"
+				@click="enableEncryption()">
+				{{ t('settings', "Enable encryption") }}
+			</Button>
+		</div>
+
+		<div v-if="encryptionEnabled">
+			<div v-if="encryptionReady">
+				<p v-if="encryptionModules.length === 0">
+					{{ t('settings', 'No encryption module loaded, please enable an encryption module in the app menu.') }}
+				</p>
+				<template v-else>
+					<h3>{{ t('settings', 'Select default encryption module:') }}</h3>
+					<fieldset>
+						<CheckboxRadioSwitch v-for="(module, id) in encryptionModules"
+							:key="id"
+							:checked.sync="defaultCheckedModule"
+							:value="id"
+							type="radio"
+							name="default_encryption_module"
+							@update:checked="checkDefaultModule">
+							{{ module.displayName }}
+						</CheckboxRadioSwitch>
+					</fieldset>
+				</template>
+			</div>
+
+			<div v-else-if="externalBackendsEnabled" v-html="migrationMessage" />
+		</div>
+	</SettingsSection>
+</template>
+
+<script>
+import axios from '@nextcloud/axios'
+import CheckboxRadioSwitch from '@nextcloud/vue/dist/Components/CheckboxRadioSwitch'
+import Button from '@nextcloud/vue/dist/Components/Button'
+import SettingsSection from '@nextcloud/vue/dist/Components/SettingsSection'
+import { loadState } from '@nextcloud/initial-state'
+import { getLoggerBuilder } from '@nextcloud/logger'
+
+import { generateOcsUrl } from '@nextcloud/router'
+import confirmPassword from '@nextcloud/password-confirmation'
+import { showError } from '@nextcloud/dialogs'
+
+const logger = getLoggerBuilder()
+	.setApp('settings')
+	.detectUser()
+	.build()
+
+export default {
+	name: 'Encryption',
+	components: {
+		CheckboxRadioSwitch,
+		SettingsSection,
+		Button,
+	},
+	data() {
+		const encryptionModules = loadState('settings', 'encryption-modules')
+		return {
+			encryptionReady: loadState('settings', 'encryption-ready'),
+			encryptionEnabled: loadState('settings', 'encryption-enabled'),
+			externalBackendsEnabled: loadState('settings', 'external-backends-enabled'),
+			encryptionAdminDoc: loadState('settings', 'encryption-admin-doc'),
+			encryptionModules,
+			shouldDisplayWarning: false,
+			migrating: false,
+			defaultCheckedModule: Object.entries(encryptionModules).find((module) => module[1].default)[0],
+		}
+	},
+	computed: {
+		migrationMessage() {
+			return t('settings', 'You need to migrate your encryption keys from the old encryption (ownCloud <= 8.0) to the new one. Please enable the "Default encryption module" and run {command}', {
+				command: '"occ encryption:migrate"',
+			})
+		},
+	},
+	methods: {
+		displayWarning() {
+			if (!this.encryptionEnabled) {
+				this.shouldDisplayWarning = !this.shouldDisplayWarning
+			} else {
+				this.encryptionEnabled = false
+				this.shouldDisplayWarning = false
+			}
+		},
+		async update(key, value) {
+			await confirmPassword()
+
+			const url = generateOcsUrl('/apps/provisioning_api/api/v1/config/apps/{appId}/{key}', {
+				appId: 'core',
+				key,
+			})
+
+			const stringValue = value ? 'yes' : 'no'
+			try {
+				const { data } = await axios.post(url, {
+					value: stringValue,
+				})
+				this.handleResponse({
+					status: data.ocs?.meta?.status,
+				})
+			} catch (e) {
+				this.handleResponse({
+					errorMessage: t('settings', 'Unable to update server side encryption config'),
+					error: e,
+				})
+			}
+		},
+		async checkDefaultModule() {
+			await this.update('default_encryption_module', this.defaultCheckedModule)
+		},
+		async enableEncryption() {
+			this.encryptionEnabled = true
+			await this.update('encryption_enabled', true)
+		},
+		async handleResponse({ status, errorMessage, error }) {
+			if (status !== 'ok') {
+				showError(errorMessage)
+				logger.error(errorMessage, { error })
+			}
+		},
+	},
+}
+</script>
+
+<style lang="scss" scoped>
+
+.notecard.success {
+	--note-background: rgba(var(--color-success-rgb), 0.2);
+	--note-theme: var(--color-success);
+}
+
+.notecard.error {
+	--note-background: rgba(var(--color-error-rgb), 0.2);
+	--note-theme: var(--color-error);
+}
+
+.notecard.warning {
+	--note-background: rgba(var(--color-warning-rgb), 0.2);
+	--note-theme: var(--color-warning);
+}
+
+#body-settings .notecard {
+	color: var(--color-text-light);
+	background-color: var(--note-background);
+	border: 1px solid var(--color-border);
+	border-left: 4px solid var(--note-theme);
+	border-radius: var(--border-radius);
+	box-shadow: rgba(43, 42, 51, 0.05) 0px 1px 2px 0px;
+	margin: 1rem 0;
+	margin-top: 1rem;
+	padding: 1rem;
+}
+
+li {
+	list-style-type: initial;
+	margin-left: 1rem;
+	padding: 0.25rem 0;
+}
+
+.margin-bottom {
+	margin-bottom: 0.75rem;
+}
+</style>

apps/settings/src/main-admin-security.js

@@ -26,6 +26,7 @@ import { loadState } from '@nextcloud/initial-state'
 import Vue from 'vue'
 
 import AdminTwoFactor from './components/AdminTwoFactor.vue'
+import Encryption from './components/Encryption.vue'
 import store from './store/admin-security'
 
 // eslint-disable-next-line camelcase
@@ -45,3 +46,6 @@ const View = Vue.extend(AdminTwoFactor)
 new View({
 	store,
 }).$mount('#two-factor-auth-settings')
+
+const EncryptionView = Vue.extend(Encryption)
+new EncryptionView().$mount('#vue-admin-encryption')

apps/settings/templates/settings/admin/security.php

@@ -1,6 +1,7 @@
 <?php
 /**
  * @copyright Copyright (c) 2016 Arthur Schiwon <blizzz@arthur-schiwon.de>
+ * @copyright 2022 Carl Schwan <carl@carlschwan.eu>
  *
  * @author Arthur Schiwon <blizzz@arthur-schiwon.de>
  *
@@ -21,83 +22,9 @@
  *
  */
 
-/** @var \OCP\IL10N $l */
-/** @var array $_ */
-
-script('settings', 'vue-settings-admin-security');
-
+\OCP\Util::addScript('settings', 'vue-settings-admin-security');
 ?>
 
 <div id="two-factor-auth-settings"></div>
 
-<div class="section" id='encryptionAPI'>
-	<h2><?php p($l->t('Server-side encryption')); ?></h2>
-	<a target="_blank" rel="noreferrer noopener" class="icon-info"
-	   title="<?php p($l->t('Open documentation'));?>"
-	   href="<?php p(link_to_docs('admin-encryption')); ?>"></a>
-	<p class="settings-hint"><?php p($l->t('Server-side encryption makes it possible to encrypt files which are uploaded to this server. This comes with limitations like a performance penalty, so enable this only if needed.')); ?></p>
-	<p id="enable">
-		<input type="checkbox"
-			   id="enableEncryption" class="checkbox"
-			   value="1" <?php if ($_['encryptionEnabled']) {
-	print_unescaped('checked="checked" disabled="disabled"');
-} ?> />
-		<label
-			for="enableEncryption"><?php p($l->t('Enable server-side encryption')); ?> <span id="startmigration_msg" class="msg"></span> </label><br/>
-	</p>
-
-	<div id="EncryptionWarning" class="warning hidden">
-		<p><?php p($l->t('Please read carefully before activating server-side encryption: ')); ?></p>
-		<ul>
-			<li><?php p($l->t('Once encryption is enabled, all files uploaded to the server from that point forward will be encrypted at rest on the server. It will only be possible to disable encryption at a later date if the active encryption module supports that function, and all pre-conditions (e.g. setting a recover key) are met.')); ?></li>
-			<li><?php p($l->t('Encryption alone does not guarantee security of the system. Please see documentation for more information about how the encryption app works, and the supported use cases.')); ?></li>
-			<li><?php p($l->t('Be aware that encryption always increases the file size.')); ?></li>
-			<li><?php p($l->t('It is always good to create regular backups of your data, in case of encryption make sure to backup the encryption keys along with your data.')); ?></li>
-		</ul>
-
-		<p><?php p($l->t('This is the final warning: Do you really want to enable encryption?')) ?> <input type="button"
-																										   id="reallyEnableEncryption"
-																										   value="<?php p($l->t("Enable encryption")); ?>" /></p>
-	</div>
-
-	<div id="EncryptionSettingsArea" class="<?php if (!$_['encryptionEnabled']) {
-	p('hidden');
-} ?>">
-		<div id='selectEncryptionModules' class="<?php if (!$_['encryptionReady']) {
-	p('hidden');
-} ?>">
-			<?php
-			if (empty($_['encryptionModules'])) {
-				p($l->t('No encryption module loaded, please enable an encryption module in the app menu.'));
-			} else { ?>
-				<h3><?php p($l->t('Select default encryption module:')) ?></h3>
-				<fieldset id='encryptionModules'>
-					<?php foreach ($_['encryptionModules'] as $id => $module): ?>
-						<input type="radio" id="<?php p($id) ?>" class="radio"
-							   name="default_encryption_module"
-							   value="<?php p($id) ?>"
-							<?php if ($module['default']) {
-				p('checked');
-			} ?>>
-						<label
-							for="<?php p($id) ?>"><?php p($module['displayName']) ?></label>
-						<br/>
-					<?php endforeach; ?>
-				</fieldset>
-			<?php } ?>
-		</div>
-		<div id="migrationWarning" class="<?php if ($_['encryptionReady']) {
-				p('hidden');
-			} ?>">
-			<?php
-			if ($_['encryptionReady'] === false && $_['externalBackendsEnabled'] === true) {
-				p($l->t('You need to migrate your encryption keys from the old encryption (ownCloud <= 8.0) to the new one. Please enable the "Default encryption module" and run \'occ encryption:migrate\''));
-			} elseif ($_['encryptionReady'] === false && $_['externalBackendsEnabled'] === false) {
-				p($l->t('You need to migrate your encryption keys from the old encryption (ownCloud <= 8.0) to the new one.')); ?>
-				<input type="submit" name="startmigration" id="startmigration"
-					   value="<?php p($l->t('Start migration')); ?>"/>
-			<?php
-			} ?>
-		</div>
-	</div>
-</div>
+<div id="vue-admin-encryption"></div>

apps/settings/tests/Settings/Admin/SecurityTest.php

@@ -99,12 +99,7 @@ class SecurityTest extends TestCase {
 		$expected = new TemplateResponse(
 			'settings',
 			'settings/admin/security',
-			[
-				'encryptionEnabled' => $enabled,
-				'encryptionReady' => $enabled,
-				'externalBackendsEnabled' => false,
-				'encryptionModules' => []
-			],
+			[],
 			''
 		);
 		$this->assertEquals($expected, $this->admin->getForm());
@@ -134,12 +129,7 @@ class SecurityTest extends TestCase {
 		$expected = new TemplateResponse(
 			'settings',
 			'settings/admin/security',
-			[
-				'encryptionEnabled' => $enabled,
-				'encryptionReady' => $enabled,
-				'externalBackendsEnabled' => true,
-				'encryptionModules' => []
-			],
+			[ ],
 			''
 		);
 		$this->assertEquals($expected, $this->admin->getForm());

apps/theming/css/default.css

@@ -25,10 +25,13 @@
   --color-text-light: #222222;
   --color-text-lighter: #767676;
   --color-error: #e9322d;
+  --color-error-rgb: 233,50,45;
   --color-error-hover: #ed5a56;
   --color-warning: #eca700;
+  --color-warning-rgb: 236,167,0;
   --color-warning-hover: #efb832;
   --color-success: #46ba61;
+  --color-success-rgb: 70,186,97;
   --color-success-hover: #6ac780;
   --color-loading-light: #cccccc;
   --color-loading-dark: #444444;

apps/theming/lib/Themes/DefaultTheme.php

@@ -132,10 +132,13 @@ class DefaultTheme implements ITheme {
 
 			// info/warning/success feedback colours
 			'--color-error' => '#e9322d',
+			'--color-error-rgb' => join(',', $this->util->hexToRGB('#e9322d')),
 			'--color-error-hover' => $this->util->mix('#e9322d', $colorMainBackground, 60),
 			'--color-warning' => '#eca700',
+			'--color-warning-rgb' => join(',', $this->util->hexToRGB('#eca700')),
 			'--color-warning-hover' => $this->util->mix('#eca700', $colorMainBackground, 60),
 			'--color-success' => '#46ba61',
+			'--color-success-rgb' => join(',', $this->util->hexToRGB('#46ba61')),
 			'--color-success-hover' => $this->util->mix('#46ba61', $colorMainBackground, 60),
 
 			// used for the icon loading animation