add admin setting enableEmergencyAccess

Author: mindmonk

backend/src/main/java/org/cryptomator/hub/api/AuditLogResource.java

@@ -128,7 +128,7 @@ static AuditEventDto fromEntity(AuditEvent entity) {
 				case VaultMemberUpdatedEvent evt -> new VaultMemberUpdatedEventDto(evt.getId(), evt.getTimestamp(), VaultMemberUpdatedEvent.TYPE, evt.getUpdatedBy(), evt.getVaultId(), evt.getAuthorityId(), evt.getRole());
 				case VaultOwnershipClaimedEvent evt -> new VaultOwnershipClaimedEventDto(evt.getId(), evt.getTimestamp(), VaultOwnershipClaimedEvent.TYPE, evt.getClaimedBy(), evt.getVaultId());
 				case EmergencyAccessSetupEvent evt -> new EmergencyAccessSetupEventDto(evt.getId(), evt.getTimestamp(), EmergencyAccessSetupEvent.TYPE, evt.getVaultId() ,evt.getOwnerId(), evt.getSettings(), evt.getIpAddress());
-				case EmergencyAccessSettingsUpdatedEvent evt -> new EmergencyAccessSettingsUpdatedEventDto(evt.getId(), evt.getTimestamp(), EmergencyAccessSettingsUpdatedEvent.TYPE, evt.getAdminId(), evt.getCouncilMemberIds(), evt.getRequiredKeyShares(), evt.getMinMembers(),  evt.isAllowChoosingCouncil());
+				case EmergencyAccessSettingsUpdatedEvent evt -> new EmergencyAccessSettingsUpdatedEventDto(evt.getId(), evt.getTimestamp(), EmergencyAccessSettingsUpdatedEvent.TYPE, evt.getAdminId(), evt.isEmergencyAcessEnabled(), evt.getCouncilMemberIds(), evt.getRequiredKeyShares(), evt.getMinMembers(),  evt.isAllowChoosingCouncil());
 				case EmergencyAccessRecoveryStartedEvent evt -> new EmergencyAccessRecoveryStartedEventDto(evt.getId(), evt.getTimestamp(), EmergencyAccessRecoveryStartedEvent.TYPE, evt.getVaultId(), evt.getProcessId(), evt.getCouncilMemberId(), evt.getProcessType(), evt.getDetails());
 				case EmergencyAccessRecoveryApprovedEvent evt -> new EmergencyAccessRecoveryApprovedEventDto(evt.getId(), evt.getTimestamp(), EmergencyAccessRecoveryApprovedEvent.TYPE, evt.getProcessId(), evt.getCouncilMemberId(), evt.getIpAddress());
 				case EmergencyAccessRecoveryCompletedEvent evt -> new EmergencyAccessRecoveryCompletedEventDto(evt.getId(), evt.getTimestamp(), EmergencyAccessRecoveryCompletedEvent.TYPE, evt.getProcessId(), evt.getCouncilMemberId(), evt.getIpAddress());
@@ -197,7 +197,7 @@ record EmergencyAccessSetupEventDto(long id, Instant timestamp, String type, @Js
 										@JsonProperty("ipAddress") String ipAddress) implements AuditEventDto {
 	}
 
-	record EmergencyAccessSettingsUpdatedEventDto(long id, Instant timestamp, String type, @JsonProperty("adminId") String adminId, @JsonProperty("councilMemberIds") String councilMemberIds,
+	record EmergencyAccessSettingsUpdatedEventDto(long id, Instant timestamp, String type, @JsonProperty("adminId") String adminId,@JsonProperty("enableEmergencyAccess") boolean enableEmergencyAccess, @JsonProperty("councilMemberIds") String councilMemberIds,
 												  @JsonProperty("requiredKeyShares") int requiredKeyShares, @JsonProperty("minMembers") int minMembers, @JsonProperty("allowChoosingCouncil") boolean allowChoosingCouncil) implements AuditEventDto {
 	}
 

backend/src/main/java/org/cryptomator/hub/api/SettingsResource.java

@@ -61,34 +61,41 @@ public Response put(@NotNull @Valid SettingsDto dto) {
 		var oldRequiredEmergencyKeyShares = settings.getDefaultRequiredEmergencyKeyShares();
 		var oldMinMembers = settings.getDefaultMinMembers();
 		var oldAllowChoosingEmergencyCouncil = settings.isAllowChoosingEmergencyCouncil();
+		var oldEmergencyAccessEnabled = settings.isEmergencyAcessEnabled();
 		settings.setWotMaxDepth(dto.wotMaxDepth);
 		settings.setWotIdVerifyLen(dto.wotIdVerifyLen);
 		settings.setDefaultRequiredEmergencyKeyShares(dto.defaultRequiredEmergencyKeyShares);
 		settings.setDefaultMinMembers(dto.defaultMinMembers);
 		settings.setAllowChoosingEmergencyCouncil(dto.allowChoosingEmergencyCouncil);
 		settings.setEmergencyCouncilMemberIds(dto.emergencyCouncilMemberIds);
+		settings.setEmergencyAcessEnabled(dto.enableEmergencyAccess);
 		settingsRepo.persist(settings);
 		if (oldWotMaxDepth != dto.wotMaxDepth || oldWotIdVerifyLen != dto.wotIdVerifyLen) {
 			eventLogger.logWotSettingUpdated(jwt.getSubject(), dto.wotIdVerifyLen, dto.wotMaxDepth);
 		}
-		if (!oldEmergencyCouncilMemberIds.containsAll(dto.emergencyCouncilMemberIds) || !dto.emergencyCouncilMemberIds.containsAll(oldEmergencyCouncilMemberIds)
-		|| oldRequiredEmergencyKeyShares != dto.defaultRequiredEmergencyKeyShares || oldAllowChoosingEmergencyCouncil != dto.allowChoosingEmergencyCouncil || oldMinMembers != dto.defaultMinMembers) {
+		if (!oldEmergencyCouncilMemberIds.containsAll(dto.emergencyCouncilMemberIds) 
+			|| !dto.emergencyCouncilMemberIds.containsAll(oldEmergencyCouncilMemberIds)
+			|| oldRequiredEmergencyKeyShares != dto.defaultRequiredEmergencyKeyShares 
+			|| oldAllowChoosingEmergencyCouncil != dto.allowChoosingEmergencyCouncil 
+			|| oldMinMembers != dto.defaultMinMembers 
+			|| oldEmergencyAccessEnabled != dto.enableEmergencyAccess) {
 			var councilMemberIds = "[\"" + String.join("\", \"", dto.emergencyCouncilMemberIds) + "\"]";
-			eventLogger.logEmergencyAccessSettingsUpdated(jwt.getSubject(), councilMemberIds, dto.defaultRequiredEmergencyKeyShares, dto.defaultMinMembers, dto.allowChoosingEmergencyCouncil);
+			eventLogger.logEmergencyAccessSettingsUpdated(jwt.getSubject(), dto.enableEmergencyAccess, councilMemberIds, dto.defaultRequiredEmergencyKeyShares, dto.defaultMinMembers, dto.allowChoosingEmergencyCouncil);
 		}
 		return Response.status(Response.Status.NO_CONTENT).build();
 	}
 
 	public record SettingsDto(@JsonProperty("hubId") String hubId,
 							  @JsonProperty("wotMaxDepth") @Min(0) @Max(9) int wotMaxDepth,
 							  @JsonProperty("wotIdVerifyLen") @Min(0) int wotIdVerifyLen,
+							  @JsonProperty("enableEmergencyAccess") boolean enableEmergencyAccess,
 							  @JsonProperty("defaultRequiredEmergencyKeyShares") @Min(0) int defaultRequiredEmergencyKeyShares,
 							  @JsonProperty("defaultMinMembers") @Min(0) int defaultMinMembers,
 							  @JsonProperty("allowChoosingEmergencyCouncil") boolean allowChoosingEmergencyCouncil,
 							  @JsonProperty("emergencyCouncilMemberIds") Set<String> emergencyCouncilMemberIds) {
 
 		public static SettingsDto fromEntity(Settings entity) {
-			return new SettingsDto(entity.getHubId(), entity.getWotMaxDepth(), entity.getWotIdVerifyLen(), entity.getDefaultRequiredEmergencyKeyShares(), entity.getDefaultMinMembers(), entity.isAllowChoosingEmergencyCouncil(), entity.getEmergencyCouncilMemberIds());
+			return new SettingsDto(entity.getHubId(), entity.getWotMaxDepth(), entity.getWotIdVerifyLen(), entity.isEmergencyAcessEnabled(), entity.getDefaultRequiredEmergencyKeyShares(), entity.getDefaultMinMembers(), entity.isAllowChoosingEmergencyCouncil(), entity.getEmergencyCouncilMemberIds());
 		}
 
 	}

backend/src/main/java/org/cryptomator/hub/entities/Settings.java

@@ -38,6 +38,9 @@ public class Settings {
 	@Column(name = "wot_id_verify_len", nullable = false)
 	private int wotIdVerifyLen;
 
+	@Column(name = "enable_emergency_access", nullable = false)
+	private boolean enableEmergencyAccess;
+
 	@Column(name = "default_required_emergency_key_shares", nullable = false)
 	private int defaultRequiredEmergencyKeyShares;
 
@@ -95,6 +98,14 @@ public void setWotIdVerifyLen(int wotIdVerifyLen) {
 		this.wotIdVerifyLen = wotIdVerifyLen;
 	}
 
+	public boolean isEmergencyAcessEnabled() {
+		return enableEmergencyAccess;
+	}
+
+	public void setEmergencyAcessEnabled(boolean enableEmergencyAccess) {
+		this.enableEmergencyAccess = enableEmergencyAccess;
+	}
+
 	public int getDefaultRequiredEmergencyKeyShares() {
 		return defaultRequiredEmergencyKeyShares;
 	}
@@ -136,6 +147,7 @@ public String toString() {
 				", licenseKey='" + licenseKey + '\'' +
 				", wotMaxDepth='" + wotMaxDepth + '\'' +
 				", wotIdVerifyLen='" + wotIdVerifyLen + '\'' +
+				", enableEmergencyAccess=" + enableEmergencyAccess + '\'' +
 				", defaultRequiredEmergencyKeyShares=" + defaultRequiredEmergencyKeyShares +
 				", defaultMinMembers=" + defaultMinMembers +
 				", allowChoosingEmergencyCouncil=" + allowChoosingEmergencyCouncil +
@@ -153,6 +165,7 @@ public boolean equals(Object o) {
 				&& Objects.equals(licenseKey, settings.licenseKey)
 				&& Objects.equals(wotMaxDepth, settings.wotMaxDepth)
 				&& Objects.equals(wotIdVerifyLen, settings.wotIdVerifyLen)
+				&& enableEmergencyAccess == settings.enableEmergencyAccess
 				&& defaultRequiredEmergencyKeyShares == settings.defaultRequiredEmergencyKeyShares
 				&& defaultMinMembers == settings.defaultMinMembers
 				&& allowChoosingEmergencyCouncil == settings.allowChoosingEmergencyCouncil
@@ -161,7 +174,7 @@ public boolean equals(Object o) {
 
 	@Override
 	public int hashCode() {
-		return Objects.hash(id, hubId, licenseKey, wotMaxDepth, wotIdVerifyLen, defaultRequiredEmergencyKeyShares, defaultMinMembers, allowChoosingEmergencyCouncil, emergencyCouncilMemberIds);
+		return Objects.hash(id, hubId, licenseKey, wotMaxDepth, wotIdVerifyLen, enableEmergencyAccess, defaultRequiredEmergencyKeyShares, defaultMinMembers, allowChoosingEmergencyCouncil, emergencyCouncilMemberIds);
 	}
 
 	@ApplicationScoped

backend/src/main/java/org/cryptomator/hub/entities/events/EmergencyAccessSettingsUpdatedEvent.java

@@ -17,6 +17,9 @@ public class EmergencyAccessSettingsUpdatedEvent extends AuditEvent {
 	@Column(name = "admin_id", nullable = false)
 	private String adminId;
 
+	@Column(name = "enable_emergency_access", nullable = false)
+	private boolean enableEmergencyAccess;
+
 	@Column(name = "council_member_ids", nullable = false)
 	private String councilMemberIds;
 
@@ -37,6 +40,14 @@ public void setAdminId(String adminId) {
 		this.adminId = adminId;
 	}
 
+	public boolean isEmergencyAcessEnabled() {
+		return enableEmergencyAccess;
+	}
+
+	public void setEmergencyAcessEnabled(boolean enableEmergencyAccess) {
+		this.enableEmergencyAccess = enableEmergencyAccess;
+	}
+
 	public String getCouncilMemberIds() {
 		return councilMemberIds;
 	}

backend/src/main/java/org/cryptomator/hub/entities/events/EventLogger.java

@@ -155,14 +155,15 @@ public void logEmergencyAccessSetup(UUID vaultId, String ownerId, String setting
 		auditEventRepository.persist(event);
 	}
 
-	public void logEmergencyAccessSettingsUpdated(String adminId, String councilMemberIds, int requiredKeyShares, int minMembers,  boolean allowChoosingCouncil) {
+	public void logEmergencyAccessSettingsUpdated(String adminId, boolean enableEmergencyAccess, String councilMemberIds, int requiredKeyShares, int minMembers,  boolean allowChoosingCouncil) {
 		var event = new EmergencyAccessSettingsUpdatedEvent();
 		event.setTimestamp(Instant.now());
 		event.setAdminId(adminId);
 		event.setCouncilMemberIds(councilMemberIds);
 		event.setRequiredKeyShares(requiredKeyShares);
 		event.setMinMembers(minMembers);
 		event.setAllowChoosingCouncil(allowChoosingCouncil);
+		event.setEmergencyAcessEnabled(enableEmergencyAccess);
 		auditEventRepository.persist(event);
 	}
 

backend/src/main/resources/org/cryptomator/hub/flyway/V23__Emergency_Access.sql

@@ -1,6 +1,7 @@
 ALTER TABLE "settings" ADD "default_required_emergency_key_shares" INTEGER NOT NULL DEFAULT 2;
 ALTER TABLE "settings" ADD "default_min_members" INTEGER NOT NULL DEFAULT 3;
 ALTER TABLE "settings" ADD "allow_choosing_emergency_council" BOOLEAN NOT NULL DEFAULT TRUE;
+ALTER TABLE "settings" ADD "enable_emergency_access" BOOLEAN NOT NULL DEFAULT FALSE;
 
 ALTER TABLE "vault" ADD "requried_emergency_key_shares" INTEGER NOT NULL DEFAULT 0;
 
@@ -56,6 +57,7 @@ CREATE TABLE "audit_event_emergaccess_settings_updated"
 (
 	"id"                     BIGINT NOT NULL,
 	"admin_id"               VARCHAR(255) COLLATE "C" NOT NULL,
+	"enable_emergency_access" 	BOOLEAN NOT NULL,
 	"council_member_ids"     TEXT NOT NULL,
 	"required_key_shares"    INTEGER NOT NULL,
 	"min_members"			 INTEGER NOT NULL,

backend/src/test/resources/org/cryptomator/hub/flyway/V9999__Test_Data.sql

@@ -7,7 +7,8 @@ SET "hub_id" = '42',
 	"license_key"  = 'eyJhbGciOiJFUzUxMiJ9.eyJqdGkiOiI0MiIsImlhdCI6MTY0ODA0OTM2MCwiaXNzIjoiU2t5bWF0aWMiLCJhdWQiOiJDcnlwdG9tYXRvciBIdWIiLCJzdWIiOiJodWJAY3J5cHRvbWF0b3Iub3JnIiwic2VhdHMiOjUsImV4cCI6MjUzNDAyMjE0NDAwLCJyZWZyZXNoVXJsIjoiaHR0cDovL2xvY2FsaG9zdDo4Nzg3L2h1Yi9zdWJzY3JpcHRpb24_aHViX2lkPTQyIn0.AKyoZ0WQ8xhs8vPymWPHCsc6ch6pZpfxBcrF5QjVLSQVnYz2s5QF3nnkwn4AGR7V14TuhkJMZLUZxMdQAYLyL95sAV2Fu0E4-e1v3IVKlNKtze89eqYvEs6Ak9jWjtecOgPWNWjz2itI4MfJBDmbFtTnehOtqRqUdsDoC9NFik2C7tHm',
 	"default_required_emergency_key_shares" = 2,
     "default_min_members" = 3,
-	"allow_choosing_emergency_council" = FALSE
+	"allow_choosing_emergency_council" = FALSE,
+    "enable_emergency_access" = FALSE
 WHERE "id" = 0;
 
 INSERT INTO "authority" ("id", "type", "name")

frontend/src/common/auditlog.ts

@@ -125,6 +125,7 @@ export type AuditEventEmergencyAccessSetupDto = AuditEventDtoBase & {
 export type AuditEventEmergencyAccessSettingsChangedDto = AuditEventDtoBase & {
   type: 'EMERGENCY_ACCESS_SETTINGS_UPDATED',
   adminId: string;
+  enableEmergencyAccess: boolean;
   councilMemberIds: string;
   requiredKeyShares: number;
   minMembers: number;

frontend/src/common/backend.ts

@@ -141,7 +141,8 @@ export type SettingsDto = {
   defaultRequiredEmergencyKeyShares: number,
   defaultMinMembers: number,
   allowChoosingEmergencyCouncil: boolean,
-  emergencyCouncilMemberIds: string[]
+  emergencyCouncilMemberIds: string[],
+  enableEmergencyAccess: boolean
 }
 
 export type RecoveryProcessSetNewOwner = {