From 06d5feaa63e2cfc0706dcfcfc8092c9cf5256208 Mon Sep 17 00:00:00 2001 From: Laurent Cozic Date: Tue, 12 Jul 2022 11:28:48 +0100 Subject: [PATCH] All: Fixes #6645: Do not encrypt non-owned note if it was not shared encrypted --- packages/lib/models/BaseItem.ts | 2 +- packages/lib/models/Resource.ts | 2 +- packages/lib/models/utils/itemCanBeEncrypted.ts | 13 +++++++++++-- packages/lib/services/share/ShareService.test.ts | 1 + 4 files changed, 14 insertions(+), 4 deletions(-) diff --git a/packages/lib/models/BaseItem.ts b/packages/lib/models/BaseItem.ts index 52401b56b..24eeb6550 100644 --- a/packages/lib/models/BaseItem.ts +++ b/packages/lib/models/BaseItem.ts @@ -418,7 +418,7 @@ export default class BaseItem extends BaseModel { const share = item.share_id ? await this.shareService().shareById(item.share_id) : null; const serialized = await ItemClass.serialize(item, shownKeys); - if (!getEncryptionEnabled() || !ItemClass.encryptionSupported() || !itemCanBeEncrypted(item)) { + if (!getEncryptionEnabled() || !ItemClass.encryptionSupported() || !itemCanBeEncrypted(item, share)) { // Normally not possible since itemsThatNeedSync should only return decrypted items if (item.encryption_applied) throw new JoplinError('Item is encrypted but encryption is currently disabled', 'cannotSyncEncrypted'); return serialized; diff --git a/packages/lib/models/Resource.ts b/packages/lib/models/Resource.ts index 5cd523bb9..d3028313c 100644 --- a/packages/lib/models/Resource.ts +++ b/packages/lib/models/Resource.ts @@ -207,7 +207,7 @@ export default class Resource extends BaseItem { const share = resource.share_id ? await this.shareService().shareById(resource.share_id) : null; - if (!getEncryptionEnabled() || !itemCanBeEncrypted(resource as any)) { + if (!getEncryptionEnabled() || !itemCanBeEncrypted(resource as any, share)) { // Normally not possible since itemsThatNeedSync should only return decrypted items if (resource.encryption_blob_encrypted) throw new Error('Trying to access encrypted resource but encryption is currently disabled'); return { path: plainTextPath, resource: resource }; diff --git a/packages/lib/models/utils/itemCanBeEncrypted.ts b/packages/lib/models/utils/itemCanBeEncrypted.ts index 28acd4790..3b5829eac 100644 --- a/packages/lib/models/utils/itemCanBeEncrypted.ts +++ b/packages/lib/models/utils/itemCanBeEncrypted.ts @@ -1,5 +1,14 @@ import { BaseItemEntity } from '../../services/database/types'; +import { StateShare } from '../../services/share/reducer'; -export default function(resource: BaseItemEntity): boolean { - return !resource.is_shared; +export default function(item: BaseItemEntity, share: StateShare): boolean { + // Note has been published - currently we don't encrypt + if (item.is_shared) return false; + + // Item has been shared with user, but sharee is not encrypting his notes, + // so we shouldn't encrypt it either. Otherwise sharee will not be able to + // view the note anymore. https://github.com/laurent22/joplin/issues/6645 + if (item.share_id && (!share || !share.master_key_id)) return false; + + return true; } diff --git a/packages/lib/services/share/ShareService.test.ts b/packages/lib/services/share/ShareService.test.ts index 53fd99e2a..0985ff2dc 100644 --- a/packages/lib/services/share/ShareService.test.ts +++ b/packages/lib/services/share/ShareService.test.ts @@ -140,6 +140,7 @@ describe('ShareService', function() { expect(await MasterKey.count()).toBe(1); let { folder, note, resource } = await testShareFolder(shareService); + await Folder.updateAllShareIds(resourceService()); // The share service should automatically create a new encryption key // specifically for that shared folder