From d7dca966a2a926be8b45ab337488143eac3ce9ba Mon Sep 17 00:00:00 2001
From: Bjoern Schiessle <schiessle@owncloud.com>
Date: Fri, 30 Aug 2013 10:17:50 +0200
Subject: [PATCH 01/43] improved error messaging, initial commit

---
 apps/files_encryption/appinfo/database.xml |  7 +++
 apps/files_encryption/appinfo/version      |  2 +-
 apps/files_encryption/files/error.php      |  2 +-
 apps/files_encryption/hooks/hooks.php      | 29 +++++++-----
 apps/files_encryption/lib/helper.php       | 44 ++++++++++++------
 apps/files_encryption/lib/stream.php       | 34 +++++++-------
 apps/files_encryption/lib/util.php         | 52 ++++++++++++++++++++++
 7 files changed, 126 insertions(+), 44 deletions(-)

diff --git a/apps/files_encryption/appinfo/database.xml b/apps/files_encryption/appinfo/database.xml
index 4587930da0..cd5434b8c2 100644
--- a/apps/files_encryption/appinfo/database.xml
+++ b/apps/files_encryption/appinfo/database.xml
@@ -34,6 +34,13 @@
 				<default>0</default>
 				<comments>Whether encryption migration has been performed</comments>
 			</field>
+			<field>
+				<name>initialized</name>
+				<type>integer</type>
+				<notnull>true</notnull>
+				<default>0</default>
+				<comments>Did the user initialized the encryption app at least once</comments>
+			</field>
 		</declaration>
 	</table>
 </database>
\ No newline at end of file
diff --git a/apps/files_encryption/appinfo/version b/apps/files_encryption/appinfo/version
index bd73f47072..2eb3c4fe4e 100644
--- a/apps/files_encryption/appinfo/version
+++ b/apps/files_encryption/appinfo/version
@@ -1 +1 @@
-0.4
+0.5
diff --git a/apps/files_encryption/files/error.php b/apps/files_encryption/files/error.php
index 2dd27257ab..7a2bb1a281 100644
--- a/apps/files_encryption/files/error.php
+++ b/apps/files_encryption/files/error.php
@@ -4,7 +4,7 @@ if (!isset($_)) { //also provide standalone error page
 
 	$l = OC_L10N::get('files_encryption');
 
-	$errorMsg = $l->t('Your private key is not valid! Likely your password was changed outside the ownCloud system (e.g. your corporate directory). You can update your private key password in your personal settings to recover access to your encrypted files.');
+	$errorMsg = $l->t('Your private key is not valid! Maybe the encryption app was re-enabled during your session. Please try to log out and log back in to initialize the encryption app. If this doesn\'t help maybe your password was changed outside the ownCloud system (e.g. your corporate directory). You can update your private key password in your personal settings to recover access to your encrypted files.');
 
 	if(isset($_GET['p']) && $_GET['p'] === '1') {
 		header('HTTP/1.0 404 ' . $errorMsg);
diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php
index de306462d7..aefb274e1c 100644
--- a/apps/files_encryption/hooks/hooks.php
+++ b/apps/files_encryption/hooks/hooks.php
@@ -70,9 +70,11 @@ class Hooks {
 		// If migration not yet done
 		if ($ready) {
 
+			$util->setInitialized(Util::ENCRYPTION_INITIALIZED);
+
 			$userView = new \OC_FilesystemView('/' . $params['uid']);
 
-			// Set legacy encryption key if it exists, to support 
+			// Set legacy encryption key if it exists, to support
 			// depreciated encryption system
 			if (
 				$userView->file_exists('encryption.key')
@@ -143,6 +145,7 @@ class Hooks {
 	 * @brief If the password can't be changed within ownCloud, than update the key password in advance.
 	 */
 	public static function preSetPassphrase($params) {
+		return true;
 		if ( ! \OC_User::canUserChangePassword($params['uid']) ) {
 			self::setPassphrase($params);
 		}
@@ -153,7 +156,7 @@ class Hooks {
 	 * @param array $params keys: uid, password
 	 */
 	public static function setPassphrase($params) {
-
+		return true;
 		// Only attempt to change passphrase if server-side encryption
 		// is in use (client-side encryption does not have access to
 		// the necessary keys)
@@ -248,7 +251,7 @@ class Hooks {
 			$params['run'] = false;
 			$params['error'] = $l->t('Following users are not set up for encryption:') . ' ' . join(', ' , $notConfigured);
 		}
-		
+
 	}
 
 	/**
@@ -259,7 +262,7 @@ class Hooks {
 		// NOTE: $params has keys:
 		// [itemType] => file
 		// itemSource -> int, filecache file ID
-		// [parent] => 
+		// [parent] =>
 		// [itemTarget] => /13
 		// shareWith -> string, uid of user being shared to
 		// fileTarget -> path of file being shared
@@ -300,13 +303,13 @@ class Hooks {
 					// NOTE: parent is folder but shared was a file!
 					// we try to rebuild the missing path
 					// some examples we face here
-					// user1 share folder1 with user2 folder1 has 
-					// the following structure 
+					// user1 share folder1 with user2 folder1 has
+					// the following structure
 					// /folder1/subfolder1/subsubfolder1/somefile.txt
 					// user2 re-share subfolder2 with user3
 					// user3 re-share somefile.txt user4
-					// so our path should be 
-					// /Shared/subfolder1/subsubfolder1/somefile.txt 
+					// so our path should be
+					// /Shared/subfolder1/subsubfolder1/somefile.txt
 					// while user3 is sharing
 
 					if ($params['itemType'] === 'file') {
@@ -537,14 +540,18 @@ class Hooks {
 	}
 
 	/**
-	 * set migration status back to '0' so that all new files get encrypted
+	 * set migration status and the init status back to '0' so that all new files get encrypted
 	 * if the app gets enabled again
 	 * @param array $params contains the app ID
 	 */
 	public static function preDisable($params) {
 		if ($params['app'] === 'files_encryption') {
-			$query = \OC_DB::prepare('UPDATE `*PREFIX*encryption` SET `migration_status`=0');
-			$query->execute();
+
+			$setMigrationStatus = \OC_DB::prepare('UPDATE `*PREFIX*encryption` SET `migration_status`=0');
+			$setMigrationStatus->execute();
+
+			$setInitStatus = \OC_DB::prepare('UPDATE `*PREFIX*encryption` SET `initialized`=0');
+			$setInitStatus->execute();
 		}
 	}
 
diff --git a/apps/files_encryption/lib/helper.php b/apps/files_encryption/lib/helper.php
index 0209a5d18b..105c5357e9 100755
--- a/apps/files_encryption/lib/helper.php
+++ b/apps/files_encryption/lib/helper.php
@@ -199,12 +199,12 @@ class Helper {
 	public static function stripUserFilesPath($path) {
 		$trimmed = ltrim($path, '/');
 		$split = explode('/', $trimmed);
-		
+
 		// it is not a file relative to data/user/files
 		if (count($split) < 3 || $split[1] !== 'files') {
 			return false;
 		}
-		
+
 		$sliced = array_slice($split, 2);
 		$relPath = implode('/', $sliced);
 
@@ -219,30 +219,46 @@ class Helper {
 	public static function getPathToRealFile($path) {
 		$trimmed = ltrim($path, '/');
 		$split = explode('/', $trimmed);
-		
+
 		if (count($split) < 3 || $split[1] !== "files_versions") {
 			return false;
 		}
-		
+
 		$sliced = array_slice($split, 2);
 		$realPath = implode('/', $sliced);
 		//remove the last .v
 		$realPath = substr($realPath, 0, strrpos($realPath, '.v'));
 
 		return $realPath;
-	}	
-	
+	}
+
 	/**
 	 * @brief redirect to a error page
 	 */
-	public static function redirectToErrorPage() {
-		$location = \OC_Helper::linkToAbsolute('apps/files_encryption/files', 'error.php');
-		$post = 0;
-		if(count($_POST) > 0) {
-			$post = 1;
+	public static function redirectToErrorPage($util) {
+
+		$l = \OC_L10N::get('files_encryption');
+
+		if ($util->getInitialized() === false) {
+			$errorMsg = $l->t('Encryption app not initialized! Maybe the encryption app was re-enabled during your session. Please try to log out and log back in to initialize the encryption app.');
+		} else {
+			$errorMsg = $l->t('Your private key is not valid! Likely your password was changed outside the ownCloud system (e.g. your corporate directory). You can update your private key password in your personal settings to recover access to your encrypted files.');
 		}
-		header('Location: ' . $location . '?p=' . $post);
-		exit();
+
+		if(count($_POST) > 0) {
+			header('HTTP/1.0 404 ' . $errorMsg);
+		}
+
+		// check if ajax request
+		if (!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
+			\OCP\JSON::error(array('data' => array('message' => $errorMsg)));
+		} else {
+			header('HTTP/1.0 404 ' . $errorMsg);
+			$tmpl = new OC_Template('files_encryption', 'invalid_private_key', 'guest');
+			$tmpl->printPage();
+		}
+
+		exit;
 	}
 
 	/**
@@ -259,7 +275,7 @@ class Helper {
 
 		return (bool) $result;
 	}
-	
+
 	/**
 	 * check some common errors if the server isn't configured properly for encryption
 	 * @return bool true if configuration seems to be OK
diff --git a/apps/files_encryption/lib/stream.php b/apps/files_encryption/lib/stream.php
index 335ea3733e..87b8dc3ee2 100644
--- a/apps/files_encryption/lib/stream.php
+++ b/apps/files_encryption/lib/stream.php
@@ -81,7 +81,7 @@ class Stream {
 	 * @return bool
 	 */
 	public function stream_open($path, $mode, $options, &$opened_path) {
-		
+
 		// assume that the file already exist before we decide it finally in getKey()
 		$this->newFile = false;
 
@@ -106,12 +106,12 @@ class Stream {
 		if ($this->relPath === false) {
 			$this->relPath = Helper::getPathToRealFile($this->rawPath);
 		}
-		
+
 		if($this->relPath === false) {
 			\OCP\Util::writeLog('Encryption library', 'failed to open file "' . $this->rawPath . '" expecting a path to user/files or to user/files_versions', \OCP\Util::ERROR);
 			return false;
 		}
-		
+
 		// Disable fileproxies so we can get the file size and open the source file without recursive encryption
 		$proxyStatus = \OC_FileProxy::$enabled;
 		\OC_FileProxy::$enabled = false;
@@ -131,7 +131,7 @@ class Stream {
 
 			if($this->privateKey === false) {
 				// if private key is not valid redirect user to a error page
-				\OCA\Encryption\Helper::redirectToErrorPage();
+				\OCA\Encryption\Helper::redirectToErrorPage($util);
 			}
 
 			$this->size = $this->rootView->filesize($this->rawPath, $mode);
@@ -272,7 +272,7 @@ class Stream {
 		} else {
 
 			$this->newFile = true;
-			
+
 			return false;
 
 		}
@@ -296,9 +296,9 @@ class Stream {
 			return strlen($data);
 		}
 
-		// Disable the file proxies so that encryption is not 
-		// automatically attempted when the file is written to disk - 
-		// we are handling that separately here and we don't want to 
+		// Disable the file proxies so that encryption is not
+		// automatically attempted when the file is written to disk -
+		// we are handling that separately here and we don't want to
 		// get into an infinite loop
 		$proxyStatus = \OC_FileProxy::$enabled;
 		\OC_FileProxy::$enabled = false;
@@ -311,7 +311,7 @@ class Stream {
 		$pointer = ftell($this->handle);
 
 		// Get / generate the keyfile for the file we're handling
-		// If we're writing a new file (not overwriting an existing 
+		// If we're writing a new file (not overwriting an existing
 		// one), save the newly generated keyfile
 		if (!$this->getKey()) {
 
@@ -319,7 +319,7 @@ class Stream {
 
 		}
 
-		// If extra data is left over from the last round, make sure it 
+		// If extra data is left over from the last round, make sure it
 		// is integrated into the next 6126 / 8192 block
 		if ($this->writeCache) {
 
@@ -344,12 +344,12 @@ class Stream {
 			if ($remainingLength < 6126) {
 
 				// Set writeCache to contents of $data
-				// The writeCache will be carried over to the 
-				// next write round, and added to the start of 
-				// $data to ensure that written blocks are 
-				// always the correct length. If there is still 
-				// data in writeCache after the writing round 
-				// has finished, then the data will be written 
+				// The writeCache will be carried over to the
+				// next write round, and added to the start of
+				// $data to ensure that written blocks are
+				// always the correct length. If there is still
+				// data in writeCache after the writing round
+				// has finished, then the data will be written
 				// to disk by $this->flush().
 				$this->writeCache = $data;
 
@@ -363,7 +363,7 @@ class Stream {
 
 				$encrypted = $this->preWriteEncrypt($chunk, $this->plainKey);
 
-				// Write the data chunk to disk. This will be 
+				// Write the data chunk to disk. This will be
 				// attended to the last data chunk if the file
 				// being handled totals more than 6126 bytes
 				fwrite($this->handle, $encrypted);
diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php
index b8d6862349..edb9564e73 100644
--- a/apps/files_encryption/lib/util.php
+++ b/apps/files_encryption/lib/util.php
@@ -37,6 +37,8 @@ class Util {
 	const MIGRATION_IN_PROGRESS = -1; // migration is running
 	const MIGRATION_OPEN = 0;         // user still needs to be migrated
 
+	const ENCRYPTION_INITIALIZED = 1;
+	const ENCRYPTION_NOT_INITIALIZED = 0;
 
 	private $view; // OC_FilesystemView object for filesystem operations
 	private $userId; // ID of the currently logged-in user
@@ -1216,6 +1218,56 @@ class Util {
 		return $return;
 	}
 
+	/**
+	 * set remember if the encryption app was already initialized or not
+	 * @param type $status
+	 */
+	public function setInitialized($status) {
+		$sql = 'UPDATE `*PREFIX*encryption` SET `initialized` = ? WHERE `uid` = ?';
+		$args = array($status, $this->userId);
+		$query = \OCP\DB::prepare($sql);
+		$query->execute($args);
+	}
+
+	/**
+	 * set remember if the encryption app was already initialized or not
+	 */
+	public function getInitialized() {
+		$sql = 'SELECT `initialized` FROM `*PREFIX*encryption` WHERE `uid` = ?';
+		$args = array($this->userId);
+		$query = \OCP\DB::prepare($sql);
+
+		$result = $query->execute($args);
+		$initializedStatus = null;
+
+		if (\OCP\DB::isError($result)) {
+			\OCP\Util::writeLog('Encryption library', \OC_DB::getErrorMessage($result), \OCP\Util::ERROR);
+		} else {
+			if ($result->numRows() > 0) {
+				$row = $result->fetchRow();
+				if (isset($row['initialized'])) {
+					$initializedStatus = (int)$row['initialized'];
+				}
+			}
+		}
+
+		// If no record is found
+		if (empty($initializedStatus)) {
+			\OCP\Util::writeLog('Encryption library', "Could not get initialized status for " . $this->userId . ", no record found", \OCP\Util::ERROR);
+			return false;
+			// If a record is found
+		} else {
+			return (bool)$initializedStatus;
+		}
+
+
+
+		$sql = 'UPDATE `*PREFIX*encryption` SET `initialized` = ? WHERE `uid` = ?';
+		$args = array($status, $this->userId);
+		$query = \OCP\DB::prepare($sql);
+		$query->execute($args);
+	}
+
 	/**
 	 * @brief close migration mode after users data has been encrypted successfully
 	 * @return boolean

From bab63c22eea058ea619de5c021d16803ba48ab8d Mon Sep 17 00:00:00 2001
From: Bjoern Schiessle <schiessle@owncloud.com>
Date: Mon, 2 Sep 2013 11:26:11 +0200
Subject: [PATCH 02/43] encryption error messages, distinguish between a
 re-enabled encryption app and a password change from outside

---
 apps/files_encryption/appinfo/database.xml    |  7 ---
 apps/files_encryption/hooks/hooks.php         |  8 +--
 apps/files_encryption/lib/helper.php          |  4 +-
 apps/files_encryption/lib/session.php         | 27 +++++++++
 apps/files_encryption/lib/stream.php          |  2 +-
 apps/files_encryption/lib/util.php            | 60 ++-----------------
 apps/files_encryption/settings-personal.php   |  5 +-
 .../templates/settings-personal.php           | 10 ++--
 settings/ajax/changepassword.php              |  2 +-
 settings/templates/personal.php               |  2 +-
 10 files changed, 48 insertions(+), 79 deletions(-)

diff --git a/apps/files_encryption/appinfo/database.xml b/apps/files_encryption/appinfo/database.xml
index cd5434b8c2..4587930da0 100644
--- a/apps/files_encryption/appinfo/database.xml
+++ b/apps/files_encryption/appinfo/database.xml
@@ -34,13 +34,6 @@
 				<default>0</default>
 				<comments>Whether encryption migration has been performed</comments>
 			</field>
-			<field>
-				<name>initialized</name>
-				<type>integer</type>
-				<notnull>true</notnull>
-				<default>0</default>
-				<comments>Did the user initialized the encryption app at least once</comments>
-			</field>
 		</declaration>
 	</table>
 </database>
\ No newline at end of file
diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php
index aefb274e1c..4c6122b7c2 100644
--- a/apps/files_encryption/hooks/hooks.php
+++ b/apps/files_encryption/hooks/hooks.php
@@ -70,8 +70,6 @@ class Hooks {
 		// If migration not yet done
 		if ($ready) {
 
-			$util->setInitialized(Util::ENCRYPTION_INITIALIZED);
-
 			$userView = new \OC_FilesystemView('/' . $params['uid']);
 
 			// Set legacy encryption key if it exists, to support
@@ -145,7 +143,6 @@ class Hooks {
 	 * @brief If the password can't be changed within ownCloud, than update the key password in advance.
 	 */
 	public static function preSetPassphrase($params) {
-		return true;
 		if ( ! \OC_User::canUserChangePassword($params['uid']) ) {
 			self::setPassphrase($params);
 		}
@@ -156,7 +153,6 @@ class Hooks {
 	 * @param array $params keys: uid, password
 	 */
 	public static function setPassphrase($params) {
-		return true;
 		// Only attempt to change passphrase if server-side encryption
 		// is in use (client-side encryption does not have access to
 		// the necessary keys)
@@ -550,8 +546,8 @@ class Hooks {
 			$setMigrationStatus = \OC_DB::prepare('UPDATE `*PREFIX*encryption` SET `migration_status`=0');
 			$setMigrationStatus->execute();
 
-			$setInitStatus = \OC_DB::prepare('UPDATE `*PREFIX*encryption` SET `initialized`=0');
-			$setInitStatus->execute();
+			$session = new \OCA\Encryption\Session(new \OC\Files\View('/'));
+			$session->setInitialized(false);
 		}
 	}
 
diff --git a/apps/files_encryption/lib/helper.php b/apps/files_encryption/lib/helper.php
index 105c5357e9..7d466b8852 100755
--- a/apps/files_encryption/lib/helper.php
+++ b/apps/files_encryption/lib/helper.php
@@ -235,11 +235,11 @@ class Helper {
 	/**
 	 * @brief redirect to a error page
 	 */
-	public static function redirectToErrorPage($util) {
+	public static function redirectToErrorPage($session) {
 
 		$l = \OC_L10N::get('files_encryption');
 
-		if ($util->getInitialized() === false) {
+		if ($session->getInitialized() === false) {
 			$errorMsg = $l->t('Encryption app not initialized! Maybe the encryption app was re-enabled during your session. Please try to log out and log back in to initialize the encryption app.');
 		} else {
 			$errorMsg = $l->t('Your private key is not valid! Likely your password was changed outside the ownCloud system (e.g. your corporate directory). You can update your private key password in your personal settings to recover access to your encrypted files.');
diff --git a/apps/files_encryption/lib/session.php b/apps/files_encryption/lib/session.php
index 1911386cd1..f5ce7083af 100644
--- a/apps/files_encryption/lib/session.php
+++ b/apps/files_encryption/lib/session.php
@@ -112,6 +112,33 @@ class Session {
 
 	}
 
+	/**
+	 * @brief Sets status if we tried to initialize the encyption app
+	 * @param bool $privateKey true=initialized false=not initialized
+	 * @return bool
+	 */
+	public function setInitialized($init) {
+
+		\OC::$session->set('encryptionInitialized', $init);
+
+		return true;
+
+	}
+
+
+	/**
+	 * @brief Gets status if we already tried to initialize the encryption app
+	 * @returns bool
+	 *
+	 */
+	public function getInitialized() {
+		if (!is_null(\OC::$session->get('encryptionInitialized'))) {
+			return \OC::$session->get('encryptionInitialized');
+		} else {
+			return false;
+		}
+	}
+
 	/**
 	 * @brief Gets user or public share private key from session
 	 * @returns string $privateKey The user's plaintext private key
diff --git a/apps/files_encryption/lib/stream.php b/apps/files_encryption/lib/stream.php
index 87b8dc3ee2..9215352aa7 100644
--- a/apps/files_encryption/lib/stream.php
+++ b/apps/files_encryption/lib/stream.php
@@ -131,7 +131,7 @@ class Stream {
 
 			if($this->privateKey === false) {
 				// if private key is not valid redirect user to a error page
-				\OCA\Encryption\Helper::redirectToErrorPage($util);
+				\OCA\Encryption\Helper::redirectToErrorPage($this->session);
 			}
 
 			$this->size = $this->rootView->filesize($this->rawPath, $mode);
diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php
index edb9564e73..17096a787f 100644
--- a/apps/files_encryption/lib/util.php
+++ b/apps/files_encryption/lib/util.php
@@ -37,9 +37,6 @@ class Util {
 	const MIGRATION_IN_PROGRESS = -1; // migration is running
 	const MIGRATION_OPEN = 0;         // user still needs to be migrated
 
-	const ENCRYPTION_INITIALIZED = 1;
-	const ENCRYPTION_NOT_INITIALIZED = 0;
-
 	private $view; // OC_FilesystemView object for filesystem operations
 	private $userId; // ID of the currently logged-in user
 	private $client; // Client side encryption mode flag
@@ -1218,56 +1215,6 @@ class Util {
 		return $return;
 	}
 
-	/**
-	 * set remember if the encryption app was already initialized or not
-	 * @param type $status
-	 */
-	public function setInitialized($status) {
-		$sql = 'UPDATE `*PREFIX*encryption` SET `initialized` = ? WHERE `uid` = ?';
-		$args = array($status, $this->userId);
-		$query = \OCP\DB::prepare($sql);
-		$query->execute($args);
-	}
-
-	/**
-	 * set remember if the encryption app was already initialized or not
-	 */
-	public function getInitialized() {
-		$sql = 'SELECT `initialized` FROM `*PREFIX*encryption` WHERE `uid` = ?';
-		$args = array($this->userId);
-		$query = \OCP\DB::prepare($sql);
-
-		$result = $query->execute($args);
-		$initializedStatus = null;
-
-		if (\OCP\DB::isError($result)) {
-			\OCP\Util::writeLog('Encryption library', \OC_DB::getErrorMessage($result), \OCP\Util::ERROR);
-		} else {
-			if ($result->numRows() > 0) {
-				$row = $result->fetchRow();
-				if (isset($row['initialized'])) {
-					$initializedStatus = (int)$row['initialized'];
-				}
-			}
-		}
-
-		// If no record is found
-		if (empty($initializedStatus)) {
-			\OCP\Util::writeLog('Encryption library', "Could not get initialized status for " . $this->userId . ", no record found", \OCP\Util::ERROR);
-			return false;
-			// If a record is found
-		} else {
-			return (bool)$initializedStatus;
-		}
-
-
-
-		$sql = 'UPDATE `*PREFIX*encryption` SET `initialized` = ? WHERE `uid` = ?';
-		$args = array($status, $this->userId);
-		$query = \OCP\DB::prepare($sql);
-		$query->execute($args);
-	}
-
 	/**
 	 * @brief close migration mode after users data has been encrypted successfully
 	 * @return boolean
@@ -1774,6 +1721,11 @@ class Util {
 	 */
 	public function initEncryption($params) {
 
+		$session = new \OCA\Encryption\Session($this->view);
+
+		// we tried to initialize the encryption app for this session
+		$session->setInitialized(true);
+
 		$encryptedKey = Keymanager::getPrivateKey($this->view, $params['uid']);
 
 		$privateKey = Crypt::decryptPrivateKey($encryptedKey, $params['password']);
@@ -1784,8 +1736,6 @@ class Util {
 			return false;
 		}
 
-		$session = new \OCA\Encryption\Session($this->view);
-
 		$session->setPrivateKey($privateKey);
 
 		return $session;
diff --git a/apps/files_encryption/settings-personal.php b/apps/files_encryption/settings-personal.php
index 589219f32a..c0c91bdf65 100644
--- a/apps/files_encryption/settings-personal.php
+++ b/apps/files_encryption/settings-personal.php
@@ -16,7 +16,9 @@ $view = new \OC_FilesystemView('/');
 $util = new \OCA\Encryption\Util($view, $user);
 $session = new \OCA\Encryption\Session($view);
 
-$privateKeySet = $session->getPrivateKey() !== false;
+$privateKeySet = $session->getPrivateKey() !== false;
+// was the key successfully initialized during log-in
+$initialized = $session->getInitialized();
 
 $recoveryAdminEnabled = OC_Appconfig::getValue('files_encryption', 'recoveryAdminEnabled');
 $recoveryEnabledForUser = $util->recoveryEnabledForUser();
@@ -31,6 +33,7 @@ if ($recoveryAdminEnabled || !$privateKeySet) {
 	$tmpl->assign('recoveryEnabled', $recoveryAdminEnabled);
 	$tmpl->assign('recoveryEnabledForUser', $recoveryEnabledForUser);
 	$tmpl->assign('privateKeySet', $privateKeySet);
+	$tmpl->assign('initialized', $initialized);
 
 	$result = $tmpl->fetchPage();
 }
diff --git a/apps/files_encryption/templates/settings-personal.php b/apps/files_encryption/templates/settings-personal.php
index 3851245320..ff04556dd5 100644
--- a/apps/files_encryption/templates/settings-personal.php
+++ b/apps/files_encryption/templates/settings-personal.php
@@ -4,7 +4,7 @@
 			<?php p( $l->t( 'Encryption' ) ); ?>
 		</legend>
 
-		<?php if ( ! $_["privateKeySet"] ): ?>
+		<?php if ( ! $_["privateKeySet"] && $_["initialized"] ): ?>
 			<p>
 				<a name="changePKPasswd" />
 				<label for="changePrivateKeyPasswd">
@@ -39,22 +39,22 @@
 		<?php endif; ?>
 
 		<br />
-		
+
 		<?php if ( $_["recoveryEnabled"] && $_["privateKeySet"] ): ?>
 			<p>
 				<label for="userEnableRecovery"><?php p( $l->t( "Enable password recovery:" ) ); ?></label>
 				<br />
 				<em><?php p( $l->t( "Enabling this option will allow you to reobtain access to your encrypted files in case of password loss" ) ); ?></em>
 				<br />
-				<input 
+				<input
 				type='radio'
 				name='userEnableRecovery'
 				value='1'
 				<?php echo ( $_["recoveryEnabledForUser"] == 1 ? 'checked="checked"' : '' ); ?> />
 				<?php p( $l->t( "Enabled" ) ); ?>
 				<br />
-				
-				<input 
+
+				<input
 				type='radio'
 				name='userEnableRecovery'
 				value='0'
diff --git a/settings/ajax/changepassword.php b/settings/ajax/changepassword.php
index 47ceb5ab87..d409904ebc 100644
--- a/settings/ajax/changepassword.php
+++ b/settings/ajax/changepassword.php
@@ -8,7 +8,7 @@ OC_JSON::checkLoggedIn();
 OC_APP::loadApps();
 
 $username = isset($_POST['username']) ? $_POST['username'] : OC_User::getUser();
-$password = isset($_POST['personal-password']) ? $_POST['personal-password'] : null;
+$password = isset($_POST['password']) ? $_POST['password'] : null;
 $oldPassword = isset($_POST['oldpassword']) ? $_POST['oldpassword'] : '';
 $recoveryPassword = isset($_POST['recoveryPassword']) ? $_POST['recoveryPassword'] : null;
 
diff --git a/settings/templates/personal.php b/settings/templates/personal.php
index 63e1258b95..bad88142da 100644
--- a/settings/templates/personal.php
+++ b/settings/templates/personal.php
@@ -40,7 +40,7 @@ if($_['passwordChangeSupported']) {
 		<div id="passwordchanged"><?php echo $l->t('Your password was changed');?></div>
 		<div id="passworderror"><?php echo $l->t('Unable to change your password');?></div>
 		<input type="password" id="pass1" name="oldpassword" placeholder="<?php echo $l->t('Current password');?>" />
-		<input type="password" id="pass2" name="personal-password"
+		<input type="password" id="pass2" name="password"
 			placeholder="<?php echo $l->t('New password');?>" data-typetoggle="#personal-show" />
 		<input type="checkbox" id="personal-show" name="show" /><label for="personal-show"></label>
 		<input id="passwordbutton" type="submit" value="<?php echo $l->t('Change password');?>" />

From 5e508f1ccbd3b83ed11f7eab35fea43e1583caf3 Mon Sep 17 00:00:00 2001
From: Bjoern Schiessle <schiessle@owncloud.com>
Date: Mon, 2 Sep 2013 11:34:28 +0200
Subject: [PATCH 03/43] improved documentation of the methods

---
 apps/files_encryption/lib/session.php       | 3 +++
 apps/files_encryption/settings-personal.php | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/apps/files_encryption/lib/session.php b/apps/files_encryption/lib/session.php
index f5ce7083af..648e6e9ab0 100644
--- a/apps/files_encryption/lib/session.php
+++ b/apps/files_encryption/lib/session.php
@@ -116,6 +116,8 @@ class Session {
 	 * @brief Sets status if we tried to initialize the encyption app
 	 * @param bool $privateKey true=initialized false=not initialized
 	 * @return bool
+	 * 
+	 * @note this doesn not indicate of the init was successful, we just remeber the try!
 	 */
 	public function setInitialized($init) {
 
@@ -130,6 +132,7 @@ class Session {
 	 * @brief Gets status if we already tried to initialize the encryption app
 	 * @returns bool
 	 *
+	 * @note this doesn not indicate of the init was successful, we just remeber the try!
 	 */
 	public function getInitialized() {
 		if (!is_null(\OC::$session->get('encryptionInitialized'))) {
diff --git a/apps/files_encryption/settings-personal.php b/apps/files_encryption/settings-personal.php
index c0c91bdf65..ffcb99602e 100644
--- a/apps/files_encryption/settings-personal.php
+++ b/apps/files_encryption/settings-personal.php
@@ -17,7 +17,7 @@ $util = new \OCA\Encryption\Util($view, $user);
 $session = new \OCA\Encryption\Session($view);
 
 $privateKeySet = $session->getPrivateKey() !== false;
-// was the key successfully initialized during log-in
+// did we tried to initialize the keys for this session?
 $initialized = $session->getInitialized();
 
 $recoveryAdminEnabled = OC_Appconfig::getValue('files_encryption', 'recoveryAdminEnabled');

From 6572ca811fc56c71b4efc970668741630acbd63c Mon Sep 17 00:00:00 2001
From: Bjoern Schiessle <schiessle@owncloud.com>
Date: Mon, 2 Sep 2013 11:36:20 +0200
Subject: [PATCH 04/43] error.php no longer needed

---
 apps/files_encryption/files/error.php | 23 -----------------------
 1 file changed, 23 deletions(-)
 delete mode 100644 apps/files_encryption/files/error.php

diff --git a/apps/files_encryption/files/error.php b/apps/files_encryption/files/error.php
deleted file mode 100644
index 7a2bb1a281..0000000000
--- a/apps/files_encryption/files/error.php
+++ /dev/null
@@ -1,23 +0,0 @@
-<?php
-if (!isset($_)) { //also provide standalone error page
-	require_once __DIR__ . '/../../../lib/base.php';
-
-	$l = OC_L10N::get('files_encryption');
-
-	$errorMsg = $l->t('Your private key is not valid! Maybe the encryption app was re-enabled during your session. Please try to log out and log back in to initialize the encryption app. If this doesn\'t help maybe your password was changed outside the ownCloud system (e.g. your corporate directory). You can update your private key password in your personal settings to recover access to your encrypted files.');
-
-	if(isset($_GET['p']) && $_GET['p'] === '1') {
-		header('HTTP/1.0 404 ' . $errorMsg);
-	}
-
-	// check if ajax request
-	if(!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
-		\OCP\JSON::error(array('data' => array('message' => $errorMsg)));
-	} else {
-		header('HTTP/1.0 404 ' . $errorMsg);
-		$tmpl = new OC_Template('files_encryption', 'invalid_private_key', 'guest');
-		$tmpl->printPage();
-	}
-
-	exit;
-}

From 69b1625f0e368e65771fef473f4b4d4a13456354 Mon Sep 17 00:00:00 2001
From: Bjoern Schiessle <schiessle@owncloud.com>
Date: Fri, 6 Sep 2013 12:27:25 +0200
Subject: [PATCH 05/43] re-added error.php

---
 apps/files_encryption/files/error.php | 33 +++++++++++++++++++++++++++
 1 file changed, 33 insertions(+)
 create mode 100644 apps/files_encryption/files/error.php

diff --git a/apps/files_encryption/files/error.php b/apps/files_encryption/files/error.php
new file mode 100644
index 0000000000..ac0c026916
--- /dev/null
+++ b/apps/files_encryption/files/error.php
@@ -0,0 +1,33 @@
+<?php
+
+if (!isset($_)) { //also provide standalone error page
+	require_once __DIR__ . '/../../../lib/base.php';
+
+	$l = OC_L10N::get('files_encryption');
+
+	if (isset($_GET['i']) && $_GET['i'] === '0') {
+		$errorMsg = $l->t('Encryption app not initialized! Maybe the encryption app was re-enabled during your session. Please try to log out and log back in to initialize the encryption app.');
+		$init = '0';
+	} else {
+		$errorMsg = $l->t('Your private key is not valid! Likely your password was changed outside the ownCloud system (e.g. your corporate directory). You can update your private key password in your personal settings to recover access to your encrypted files.');
+		$init = '1';
+	}
+
+	if (isset($_GET['p']) && $_GET['p'] === '1') {
+		header('HTTP/1.0 404 ' . $errorMsg);
+	}
+
+// check if ajax request
+	if (!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
+		\OCP\JSON::error(array('data' => array('message' => $errorMsg)));
+	} else {
+		header('HTTP/1.0 404 ' . $errorMsg);
+		$tmpl = new OC_Template('files_encryption', 'invalid_private_key', 'guest');
+		$tmpl->assign('message', $errorMsg);
+		$tmpl->assign('init', $init);
+		$tmpl->printPage();
+	}
+
+	exit;
+}
+

From fb462e83ccde5c46565c23545c5eb894acbd6fd3 Mon Sep 17 00:00:00 2001
From: Bjoern Schiessle <schiessle@owncloud.com>
Date: Fri, 6 Sep 2013 12:27:40 +0200
Subject: [PATCH 06/43] no longer enforce log out, but provide useful
 errors/warnings instead

---
 apps/files/index.php                          |  7 ++++-
 apps/files/js/files.js                        |  9 +++++++
 apps/files/templates/index.php                |  1 +
 .../ajax/updatePrivateKeyPassword.php         |  1 +
 apps/files_encryption/appinfo/app.php         | 17 ------------
 apps/files_encryption/hooks/hooks.php         |  2 +-
 apps/files_encryption/lib/helper.php          | 27 +++++--------------
 apps/files_encryption/lib/session.php         | 15 +++++++----
 apps/files_encryption/lib/stream.php          |  2 +-
 apps/files_encryption/lib/util.php            |  3 ++-
 .../templates/invalid_private_key.php         |  6 +++--
 11 files changed, 42 insertions(+), 48 deletions(-)

diff --git a/apps/files/index.php b/apps/files/index.php
index f1e120c872..b81ba2bdde 100644
--- a/apps/files/index.php
+++ b/apps/files/index.php
@@ -124,8 +124,12 @@ if ($needUpgrade) {
 	$storageInfo=OC_Helper::getStorageInfo($dir);
 	$maxUploadFilesize=OCP\Util::maxUploadFilesize($dir);
 	$publicUploadEnabled = \OC_Appconfig::getValue('core', 'shareapi_allow_public_upload', 'yes');
+	// if the encryption app is disabled, than everything is fine
+	$encryptionInitStatus = \OCA\Encryption\Session::INIT_SUCCESSFUL;
 	if (OC_App::isEnabled('files_encryption')) {
 		$publicUploadEnabled = 'no';
+		$session = new \OCA\Encryption\Session(new \OC\Files\View('/'));
+		$encryptionInitStatus = $session->getInitialized();
 	}
 
 	$trashEnabled = \OCP\App::isEnabled('files_trashbin');
@@ -133,7 +137,7 @@ if ($needUpgrade) {
 	if ($trashEnabled) {
 		$trashEmpty = \OCA\Files_Trashbin\Trashbin::isEmpty($user);
 	}
-	
+
 	OCP\Util::addscript('files', 'fileactions');
 	OCP\Util::addscript('files', 'files');
 	OCP\Util::addscript('files', 'keyboardshortcuts');
@@ -153,5 +157,6 @@ if ($needUpgrade) {
 	$tmpl->assign('isPublic', false);
 	$tmpl->assign('publicUploadEnabled', $publicUploadEnabled);
 	$tmpl->assign("encryptedFiles", \OCP\Util::encryptedFiles());
+	$tmpl->assign("encryptionInitStatus", $encryptionInitStatus);
 	$tmpl->printPage();
 }
diff --git a/apps/files/js/files.js b/apps/files/js/files.js
index d729077ea7..63c3544b53 100644
--- a/apps/files/js/files.js
+++ b/apps/files/js/files.js
@@ -90,6 +90,15 @@ Files={
 		}
 
 		var encryptedFiles = $('#encryptedFiles').val();
+		var initStatus = $('#encryptionInitStatus').val();
+		if (initStatus === '0') { // enc not initialized, but should be
+			OC.Notification.show(t('files_encryption', 'Encryption App is enabled but your keys are not initialized, please log-out and log-in again'));
+			return;
+		}
+		if (initStatus === '1') { // encryption tried to init but failed
+			OC.Notification.show(t('files_encryption', 'Your private key is not valid! Likely your password was changed outside the ownCloud system (e.g. your corporate directory). You can update your private key password in your personal settings to recover access to your encrypted files.'));
+			return;
+		}
 		if (encryptedFiles === '1') {
 			OC.Notification.show(t('files_encryption', 'Encryption was disabled but your files are still encrypted. Please go to your personal settings to decrypt your files.'));
 			return;
diff --git a/apps/files/templates/index.php b/apps/files/templates/index.php
index 24cb8c2fe5..e17273e47b 100644
--- a/apps/files/templates/index.php
+++ b/apps/files/templates/index.php
@@ -123,3 +123,4 @@
 <input type="hidden" name="allowZipDownload" id="allowZipDownload" value="<?php p($_['allowZipDownload']); ?>" />
 <input type="hidden" name="usedSpacePercent" id="usedSpacePercent" value="<?php p($_['usedSpacePercent']); ?>" />
 <input type="hidden" name="encryptedFiles" id="encryptedFiles" value="<?php $_['encryptedFiles'] ? p('1') : p('0'); ?>" />
+<input type="hidden" name="encryptedFiles" id="encryptionInitStatus" value="<?php p($_['encryptionInitStatus']) ?>" />
\ No newline at end of file
diff --git a/apps/files_encryption/ajax/updatePrivateKeyPassword.php b/apps/files_encryption/ajax/updatePrivateKeyPassword.php
index 1e6644da57..29c72952ae 100644
--- a/apps/files_encryption/ajax/updatePrivateKeyPassword.php
+++ b/apps/files_encryption/ajax/updatePrivateKeyPassword.php
@@ -48,6 +48,7 @@ if ($decryptedKey) {
 
 // success or failure
 if ($return) {
+	$session->setInitialized(\OCA\Encryption\Session::INIT_SUCCESSFUL);
 	\OCP\JSON::success(array('data' => array('message' => $l->t('Private key password successfully updated.'))));
 } else {
 	\OCP\JSON::error(array('data' => array('message' => $l->t('Could not update the private key password. Maybe the old password was not correct.'))));
diff --git a/apps/files_encryption/appinfo/app.php b/apps/files_encryption/appinfo/app.php
index 90a9984e27..cd26cd10cd 100644
--- a/apps/files_encryption/appinfo/app.php
+++ b/apps/files_encryption/appinfo/app.php
@@ -41,23 +41,6 @@ if (!OC_Config::getValue('maintenance', false)) {
 		if($sessionReady) {
 			$session = new \OCA\Encryption\Session($view);
 		}
-
-		$user = \OCP\USER::getUser();
-		// check if user has a private key
-		if ($sessionReady === false
-			|| (!$view->file_exists('/' . $user . '/files_encryption/' . $user . '.private.key')
-				&& OCA\Encryption\Crypt::mode() === 'server')
-		) {
-
-			// Force the user to log-in again if the encryption key isn't unlocked
-			// (happens when a user is logged in before the encryption app is
-			// enabled)
-			OCP\User::logout();
-
-			header("Location: " . OC::$WEBROOT . '/');
-
-			exit();
-		}
 	}
 } else {
 	// logout user if we are in maintenance to force re-login
diff --git a/apps/files_encryption/hooks/hooks.php b/apps/files_encryption/hooks/hooks.php
index 4c6122b7c2..c945deeea0 100644
--- a/apps/files_encryption/hooks/hooks.php
+++ b/apps/files_encryption/hooks/hooks.php
@@ -547,7 +547,7 @@ class Hooks {
 			$setMigrationStatus->execute();
 
 			$session = new \OCA\Encryption\Session(new \OC\Files\View('/'));
-			$session->setInitialized(false);
+			$session->setInitialized(\OCA\Encryption\Session::NOT_INITIALIZED);
 		}
 	}
 
diff --git a/apps/files_encryption/lib/helper.php b/apps/files_encryption/lib/helper.php
index 7d466b8852..048473ce84 100755
--- a/apps/files_encryption/lib/helper.php
+++ b/apps/files_encryption/lib/helper.php
@@ -237,28 +237,15 @@ class Helper {
 	 */
 	public static function redirectToErrorPage($session) {
 
-		$l = \OC_L10N::get('files_encryption');
-
-		if ($session->getInitialized() === false) {
-			$errorMsg = $l->t('Encryption app not initialized! Maybe the encryption app was re-enabled during your session. Please try to log out and log back in to initialize the encryption app.');
-		} else {
-			$errorMsg = $l->t('Your private key is not valid! Likely your password was changed outside the ownCloud system (e.g. your corporate directory). You can update your private key password in your personal settings to recover access to your encrypted files.');
-		}
+		$init = $session->getInitialized();
 
+		$location = \OC_Helper::linkToAbsolute('apps/files_encryption/files', 'error.php');
+		$post = 0;
 		if(count($_POST) > 0) {
-			header('HTTP/1.0 404 ' . $errorMsg);
-		}
-
-		// check if ajax request
-		if (!empty($_SERVER['HTTP_X_REQUESTED_WITH']) && strtolower($_SERVER['HTTP_X_REQUESTED_WITH']) == 'xmlhttprequest') {
-			\OCP\JSON::error(array('data' => array('message' => $errorMsg)));
-		} else {
-			header('HTTP/1.0 404 ' . $errorMsg);
-			$tmpl = new OC_Template('files_encryption', 'invalid_private_key', 'guest');
-			$tmpl->printPage();
-		}
-
-		exit;
+			$post = 1;
+			}
+			header('Location: ' . $location . '?p=' . $post . '&i=' . $init);
+			exit();
 	}
 
 	/**
diff --git a/apps/files_encryption/lib/session.php b/apps/files_encryption/lib/session.php
index 648e6e9ab0..25f2198181 100644
--- a/apps/files_encryption/lib/session.php
+++ b/apps/files_encryption/lib/session.php
@@ -30,6 +30,11 @@ class Session {
 
 	private $view;
 
+	const NOT_INITIALIZED = '0';
+	const INIT_EXECUTED = '1';
+	const INIT_SUCCESSFUL = '2';
+
+
 	/**
 	 * @brief if session is started, check if ownCloud key pair is set up, if not create it
 	 * @param \OC_FilesystemView $view
@@ -113,10 +118,10 @@ class Session {
 	}
 
 	/**
-	 * @brief Sets status if we tried to initialize the encyption app
-	 * @param bool $privateKey true=initialized false=not initialized
+	 * @brief Sets status of encryption app
+	 * @param string $init  INIT_SUCCESSFUL, INIT_EXECUTED, NOT_INOITIALIZED
 	 * @return bool
-	 * 
+	 *
 	 * @note this doesn not indicate of the init was successful, we just remeber the try!
 	 */
 	public function setInitialized($init) {
@@ -130,7 +135,7 @@ class Session {
 
 	/**
 	 * @brief Gets status if we already tried to initialize the encryption app
-	 * @returns bool
+	 * @returns init status INIT_SUCCESSFUL, INIT_EXECUTED, NOT_INOITIALIZED
 	 *
 	 * @note this doesn not indicate of the init was successful, we just remeber the try!
 	 */
@@ -138,7 +143,7 @@ class Session {
 		if (!is_null(\OC::$session->get('encryptionInitialized'))) {
 			return \OC::$session->get('encryptionInitialized');
 		} else {
-			return false;
+			return self::NOT_INITIALIZED;
 		}
 	}
 
diff --git a/apps/files_encryption/lib/stream.php b/apps/files_encryption/lib/stream.php
index 9215352aa7..c6db10ce40 100644
--- a/apps/files_encryption/lib/stream.php
+++ b/apps/files_encryption/lib/stream.php
@@ -128,7 +128,7 @@ class Stream {
 			$this->unencryptedSize = 0;
 
 		} else {
-
+\OCA\Encryption\Helper::redirectToErrorPage($this->session);
 			if($this->privateKey === false) {
 				// if private key is not valid redirect user to a error page
 				\OCA\Encryption\Helper::redirectToErrorPage($this->session);
diff --git a/apps/files_encryption/lib/util.php b/apps/files_encryption/lib/util.php
index 17096a787f..7a19f95464 100644
--- a/apps/files_encryption/lib/util.php
+++ b/apps/files_encryption/lib/util.php
@@ -1724,7 +1724,7 @@ class Util {
 		$session = new \OCA\Encryption\Session($this->view);
 
 		// we tried to initialize the encryption app for this session
-		$session->setInitialized(true);
+		$session->setInitialized(\OCA\Encryption\Session::INIT_EXECUTED);
 
 		$encryptedKey = Keymanager::getPrivateKey($this->view, $params['uid']);
 
@@ -1737,6 +1737,7 @@ class Util {
 		}
 
 		$session->setPrivateKey($privateKey);
+		$session->setInitialized(\OCA\Encryption\Session::INIT_SUCCESSFUL);
 
 		return $session;
 	}
diff --git a/apps/files_encryption/templates/invalid_private_key.php b/apps/files_encryption/templates/invalid_private_key.php
index 5c086d6514..9af65f831b 100644
--- a/apps/files_encryption/templates/invalid_private_key.php
+++ b/apps/files_encryption/templates/invalid_private_key.php
@@ -2,9 +2,11 @@
 	<li class='error'>
 		<?php $location = \OC_Helper::linkToRoute( "settings_personal" ).'#changePKPasswd' ?>
 
-		<?php p($l->t('Your private key is not valid! Maybe the your password was changed from outside.')); ?>
+		<?php p($_['message']); ?>
 		<br/>
-		<?php p($l->t('You can unlock your private key in your ')); ?> <a href="<?php echo $location?>"><?php p($l->t('personal settings')); ?>.</a>
+		<?php if($_['init']): ?>
+			<?php>p($l->t('Go directly to your ')); ?> <a href="<?php echo $location?>"><?php p($l->t('personal settings')); ?>.</a>
+		<?php endif; ?>
 		<br/>
 	</li>
 </ul>

From 1558cb860c2fb26fdde14fce2a16acbb29d12b3e Mon Sep 17 00:00:00 2001
From: Bjoern Schiessle <schiessle@owncloud.com>
Date: Fri, 6 Sep 2013 13:16:48 +0200
Subject: [PATCH 07/43] remove test code

---
 apps/files_encryption/lib/stream.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/files_encryption/lib/stream.php b/apps/files_encryption/lib/stream.php
index c6db10ce40..9215352aa7 100644
--- a/apps/files_encryption/lib/stream.php
+++ b/apps/files_encryption/lib/stream.php
@@ -128,7 +128,7 @@ class Stream {
 			$this->unencryptedSize = 0;
 
 		} else {
-\OCA\Encryption\Helper::redirectToErrorPage($this->session);
+
 			if($this->privateKey === false) {
 				// if private key is not valid redirect user to a error page
 				\OCA\Encryption\Helper::redirectToErrorPage($this->session);

From 5fb0e257a4e7b16024389261cfe924f53deb69ae Mon Sep 17 00:00:00 2001
From: Bjoern Schiessle <schiessle@owncloud.com>
Date: Wed, 18 Sep 2013 16:03:53 +0200
Subject: [PATCH 08/43] let user repeat the recovery key password to prevent
 typos

---
 apps/files_encryption/js/settings-admin.js    | 36 ++++++++++---------
 .../templates/settings-admin.php              | 28 +++++++++------
 2 files changed, 37 insertions(+), 27 deletions(-)

diff --git a/apps/files_encryption/js/settings-admin.js b/apps/files_encryption/js/settings-admin.js
index 6647c621e7..82fdb51708 100644
--- a/apps/files_encryption/js/settings-admin.js
+++ b/apps/files_encryption/js/settings-admin.js
@@ -1,6 +1,6 @@
 /**
- * Copyright (c) 2013, Sam Tuke <samtuke@owncloud.com>, Robin Appelman 
- * <icewind1991@gmail.com>
+ * Copyright (c) 2013, Sam Tuke <samtuke@owncloud.com>, Robin Appelman
+ * <icewind1991@gmail.com>, Bjoern Schiessle <schiessle@owncloud.com>
  * This file is licensed under the Affero General Public License version 3 or later.
  * See the COPYING-README file.
  */
@@ -31,22 +31,23 @@ $(document).ready(function(){
 	// Trigger ajax on recoveryAdmin status change
 	var enabledStatus = $('#adminEnableRecovery').val();
 
-	$('input:password[name="recoveryPassword"]').keyup(function(event) {
-		var recoveryPassword = $( '#recoveryPassword' ).val();
+	$('input:password[name="encryptionRecoveryPassword"]').keyup(function(event) {
+		var recoveryPassword = $( '#encryptionRecoveryPassword' ).val();
+		var recoveryPasswordRepeated = $( '#repeatEncryptionRecoveryPassword' ).val();
 		var checkedButton = $('input:radio[name="adminEnableRecovery"]:checked').val();
 		var uncheckedValue = (1+parseInt(checkedButton)) % 2;
-		if (recoveryPassword != '' ) {
+		if (recoveryPassword !== '' &&  recoveryPassword === recoveryPasswordRepeated) {
 			$('input:radio[name="adminEnableRecovery"][value="'+uncheckedValue.toString()+'"]').removeAttr("disabled");
 		} else {
 			$('input:radio[name="adminEnableRecovery"][value="'+uncheckedValue.toString()+'"]').attr("disabled", "true");
 		}
 	});
 
-	$( 'input:radio[name="adminEnableRecovery"]' ).change( 
+	$( 'input:radio[name="adminEnableRecovery"]' ).change(
 		function() {
 			var recoveryStatus = $( this ).val();
 			var oldStatus = (1+parseInt(recoveryStatus)) % 2;
-			var recoveryPassword = $( '#recoveryPassword' ).val();
+			var recoveryPassword = $( '#encryptionRecoveryPassword' ).val();
 			$.post(
 				OC.filePath( 'files_encryption', 'ajax', 'adminrecovery.php' )
 				, { adminEnableRecovery: recoveryStatus, recoveryPassword: recoveryPassword }
@@ -57,11 +58,10 @@ $(document).ready(function(){
 					} else {
 						OC.Notification.hide();
 						if (recoveryStatus === "0") {
-							$('button:button[name="submitChangeRecoveryKey"]').attr("disabled", "true");
-							$('input:password[name="changeRecoveryPassword"]').attr("disabled", "true");
-							$('input:password[name="changeRecoveryPassword"]').val("");
+							$('p[name="changeRecoveryPasswordBlock"]').attr("class", "hidden");
 						} else {
-							$('input:password[name="changeRecoveryPassword"]').removeAttr("disabled");
+							$('input:password[name="changeRecoveryPassword"]').val("");
+							$('p[name="changeRecoveryPasswordBlock"]').removeAttr("class");
 						}
 					}
 				}
@@ -72,9 +72,11 @@ $(document).ready(function(){
 	// change recovery password
 
 	$('input:password[name="changeRecoveryPassword"]').keyup(function(event) {
-		var oldRecoveryPassword = $('input:password[id="oldRecoveryPassword"]').val();
-		var newRecoveryPassword = $('input:password[id="newRecoveryPassword"]').val();
-		if (newRecoveryPassword != '' && oldRecoveryPassword != '' ) {
+		var oldRecoveryPassword = $('#oldEncryptionRecoveryPassword').val();
+		var newRecoveryPassword = $('#newEncryptionRecoveryPassword').val();
+		var newRecoveryPasswordRepeated = $('#repeatedNewEncryptionRecoveryPassword').val();
+		console.log("new: " + newRecoveryPassword + " - repeated: " + newRecoveryPasswordRepeated);
+		if (newRecoveryPassword !== '' && oldRecoveryPassword !== '' && newRecoveryPassword === newRecoveryPasswordRepeated) {
 			$('button:button[name="submitChangeRecoveryKey"]').removeAttr("disabled");
 		} else {
 			$('button:button[name="submitChangeRecoveryKey"]').attr("disabled", "true");
@@ -83,8 +85,8 @@ $(document).ready(function(){
 
 
 	$('button:button[name="submitChangeRecoveryKey"]').click(function() {
-		var oldRecoveryPassword = $('input:password[id="oldRecoveryPassword"]').val();
-		var newRecoveryPassword = $('input:password[id="newRecoveryPassword"]').val();
+		var oldRecoveryPassword = $('#oldEncryptionRecoveryPassword').val();
+		var newRecoveryPassword = $('#newEncryptionRecoveryPassword').val();
 		OC.msg.startSaving('#encryption .msg');
 		$.post(
 		OC.filePath( 'files_encryption', 'ajax', 'changeRecoveryPassword.php' )
@@ -98,5 +100,5 @@ $(document).ready(function(){
 			}
 		);
 	});
-	
+
 });
diff --git a/apps/files_encryption/templates/settings-admin.php b/apps/files_encryption/templates/settings-admin.php
index f5f7582c2a..3a6adc09f4 100644
--- a/apps/files_encryption/templates/settings-admin.php
+++ b/apps/files_encryption/templates/settings-admin.php
@@ -10,14 +10,17 @@
 			<?php p($l->t("Enable recovery key (allow to recover users files in case of password loss):")); ?>
 			<br/>
 			<br/>
-			<input type="password" name="recoveryPassword" id="recoveryPassword"/>
+			<input type="password" name="encryptionRecoveryPassword" id="encryptionRecoveryPassword"/>
 			<label for="recoveryPassword"><?php p($l->t("Recovery key password")); ?></label>
 			<br/>
+			<input type="password" name="encryptionRecoveryPassword" id="repeatEncryptionRecoveryPassword"/>
+			<label for="repeatEncryptionRecoveryPassword"><?php p($l->t("Repeat Recovery key password")); ?></label>
+			<br/>
 			<input
 				type='radio'
 				name='adminEnableRecovery'
 				value='1'
-				<?php echo($_["recoveryEnabled"] == 1 ? 'checked="checked"' : 'disabled'); ?> />
+				<?php echo($_["recoveryEnabled"] === '1' ? 'checked="checked"' : 'disabled'); ?> />
 			<?php p($l->t("Enabled")); ?>
 			<br/>
 
@@ -25,27 +28,32 @@
 				type='radio'
 				name='adminEnableRecovery'
 				value='0'
-				<?php echo($_["recoveryEnabled"] == 0 ? 'checked="checked"' : 'disabled'); ?> />
+				<?php echo($_["recoveryEnabled"] === '0' ? 'checked="checked"' : 'disabled'); ?> />
 			<?php p($l->t("Disabled")); ?>
 		</p>
 		<br/><br/>
 
-		<p>
+		<p name="changeRecoveryPasswordBlock" <?php if ($_['recoveryEnabled'] === '0') print_unescaped('class="hidden"');?>>
 			<strong><?php p($l->t("Change recovery key password:")); ?></strong>
 			<br/><br/>
 			<input
 				type="password"
 				name="changeRecoveryPassword"
-				id="oldRecoveryPassword"
-				<?php echo($_["recoveryEnabled"] == 0 ? 'disabled' : ''); ?> />
-			<label for="oldRecoveryPassword"><?php p($l->t("Old Recovery key password")); ?></label>
+				id="oldEncryptionRecoveryPassword"
+			<label for="oldEncryptionRecoveryPassword"><?php p($l->t("Old Recovery key password")); ?></label>
+			<br/>
 			<br/>
 			<input
 				type="password"
 				name="changeRecoveryPassword"
-				id="newRecoveryPassword"
-				<?php echo($_["recoveryEnabled"] == 0 ? 'disabled' : ''); ?> />
-			<label for="newRecoveryPassword"><?php p($l->t("New Recovery key password")); ?></label>
+				id="newEncryptionRecoveryPassword"
+			<label for="newEncryptionRecoveryPassword"><?php p($l->t("New Recovery key password")); ?></label>
+			<br/>
+			<input
+				type="password"
+				name="changeRecoveryPassword"
+				id="repeatedNewEncryptionRecoveryPassword"
+			<label for="repeatEncryptionRecoveryPassword"><?php p($l->t("Repeat New Recovery key password")); ?></label>
 			<br/>
 			<button
 				type="button"

From 4edd8b8303c5b416e4522f59bc705206842afdf4 Mon Sep 17 00:00:00 2001
From: Bjoern Schiessle <schiessle@owncloud.com>
Date: Wed, 18 Sep 2013 16:08:29 +0200
Subject: [PATCH 09/43] remove debug output

---
 apps/files_encryption/js/settings-admin.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/files_encryption/js/settings-admin.js b/apps/files_encryption/js/settings-admin.js
index 82fdb51708..7e22623d1c 100644
--- a/apps/files_encryption/js/settings-admin.js
+++ b/apps/files_encryption/js/settings-admin.js
@@ -75,7 +75,7 @@ $(document).ready(function(){
 		var oldRecoveryPassword = $('#oldEncryptionRecoveryPassword').val();
 		var newRecoveryPassword = $('#newEncryptionRecoveryPassword').val();
 		var newRecoveryPasswordRepeated = $('#repeatedNewEncryptionRecoveryPassword').val();
-		console.log("new: " + newRecoveryPassword + " - repeated: " + newRecoveryPasswordRepeated);
+
 		if (newRecoveryPassword !== '' && oldRecoveryPassword !== '' && newRecoveryPassword === newRecoveryPasswordRepeated) {
 			$('button:button[name="submitChangeRecoveryKey"]').removeAttr("disabled");
 		} else {

From bc3b14739647d583518e702ff1213e219a98f135 Mon Sep 17 00:00:00 2001
From: Bjoern Schiessle <schiessle@owncloud.com>
Date: Thu, 19 Sep 2013 10:13:21 +0200
Subject: [PATCH 10/43] remove spaces

---
 apps/files_encryption/js/settings-admin.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/files_encryption/js/settings-admin.js b/apps/files_encryption/js/settings-admin.js
index 7e22623d1c..e6f9875b3b 100644
--- a/apps/files_encryption/js/settings-admin.js
+++ b/apps/files_encryption/js/settings-admin.js
@@ -36,7 +36,7 @@ $(document).ready(function(){
 		var recoveryPasswordRepeated = $( '#repeatEncryptionRecoveryPassword' ).val();
 		var checkedButton = $('input:radio[name="adminEnableRecovery"]:checked').val();
 		var uncheckedValue = (1+parseInt(checkedButton)) % 2;
-		if (recoveryPassword !== '' &&  recoveryPassword === recoveryPasswordRepeated) {
+		if (recoveryPassword !== '' && recoveryPassword === recoveryPasswordRepeated) {
 			$('input:radio[name="adminEnableRecovery"][value="'+uncheckedValue.toString()+'"]').removeAttr("disabled");
 		} else {
 			$('input:radio[name="adminEnableRecovery"][value="'+uncheckedValue.toString()+'"]').attr("disabled", "true");

From 54965ce065ba7447cee2f4f60fe1babcc7371214 Mon Sep 17 00:00:00 2001
From: Bjoern Schiessle <schiessle@owncloud.com>
Date: Mon, 23 Sep 2013 10:40:23 +0200
Subject: [PATCH 11/43] revert changes to 3rdparty submodule

---
 3rdparty | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/3rdparty b/3rdparty
index dc87ea6302..98fdc3a4e2 160000
--- a/3rdparty
+++ b/3rdparty
@@ -1 +1 @@
-Subproject commit dc87ea630287f27502eba825fbb19fcc33c34c86
+Subproject commit 98fdc3a4e2f56f7d231470418222162dbf95f46a

From 1a020e0696b5b2876044f419c7f02525b0bb9942 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Sun, 18 Aug 2013 13:33:59 +0200
Subject: [PATCH 12/43] Resolve merge conflict

---
 apps/user_ldap/lib/connection.php | 23 ++++++++++++-----------
 1 file changed, 12 insertions(+), 11 deletions(-)

diff --git a/apps/user_ldap/lib/connection.php b/apps/user_ldap/lib/connection.php
index e5d9b4d5b4..4213927466 100644
--- a/apps/user_ldap/lib/connection.php
+++ b/apps/user_ldap/lib/connection.php
@@ -23,7 +23,7 @@
 
 namespace OCA\user_ldap\lib;
 
-class Connection {
+class Connection extends BackendBase {
 	private $ldapConnectionRes = null;
 	private $configPrefix;
 	private $configID;
@@ -78,6 +78,7 @@ class Connection {
 	 * @param $configID a string with the value for the appid column (appconfig table) or null for on-the-fly connections
 	 */
 	public function __construct($configPrefix = '', $configID = 'user_ldap') {
+		parent::__construct();
 		$this->configPrefix = $configPrefix;
 		$this->configID = $configID;
 		$memcache = new \OC\Memcache\Factory();
@@ -86,13 +87,13 @@ class Connection {
 		} else {
 			$this->cache = \OC_Cache::getGlobalCache();
 		}
-		$this->config['hasPagedResultSupport'] = (function_exists('ldap_control_paged_result')
-			&& function_exists('ldap_control_paged_result_response'));
+		$this->config['hasPagedResultSupport'] =
+			$this->ldap->hasPagedResultSupport();
 	}
 
 	public function __destruct() {
 		if(!$this->dontDestruct && is_resource($this->ldapConnectionRes)) {
-			@ldap_unbind($this->ldapConnectionRes);
+			@$this->ldap->unbind($this->ldapConnectionRes);
 		};
 	}
 
@@ -603,7 +604,7 @@ class Connection {
 			return false;
 		}
 		if(!$this->ldapConnectionRes) {
-			if(!function_exists('ldap_connect')) {
+			if(!$this->ldap->areLDAPFunctionsAvailable()) {
 				$phpLDAPinstalled = false;
 				\OCP\Util::writeLog('user_ldap',
 					'function ldap_connect is not available. Make sure that the PHP ldap module is installed.',
@@ -653,11 +654,11 @@ class Connection {
 			//ldap_connect ignores port paramater when URLs are passed
 			$host .= ':' . $port;
 		}
-		$this->ldapConnectionRes = ldap_connect($host, $port);
-		if(ldap_set_option($this->ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) {
-			if(ldap_set_option($this->ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) {
+		$this->ldapConnectionRes = $this->ldap->connect($host, $port);
+		if($this->ldap->set_option($this->ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) {
+			if($this->ldap->set_option($this->ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) {
 				if($this->config['ldapTLS']) {
-					ldap_start_tls($this->ldapConnectionRes);
+					$this->ldap->start_tls($this->ldapConnectionRes);
 				}
 			}
 		}
@@ -681,10 +682,10 @@ class Connection {
 		if(!is_resource($cr)) {
 			return false;
 		}
-		$ldapLogin = @ldap_bind($cr, $this->config['ldapAgentName'], $this->config['ldapAgentPassword']);
+		$ldapLogin = @$this->ldap->bind($cr, $this->config['ldapAgentName'], $this->config['ldapAgentPassword']);
 		if(!$ldapLogin) {
 			\OCP\Util::writeLog('user_ldap',
-				'Bind failed: ' . ldap_errno($cr) . ': ' . ldap_error($cr),
+				'Bind failed: ' . $this->ldap->errno($cr) . ': ' . $this->ldap->error($cr),
 				\OCP\Util::ERROR);
 			$this->ldapConnectionRes = null;
 			return false;

From d34fbf3a8647806779d908b599068b9000d0c4e4 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Wed, 12 Jun 2013 02:08:02 +0200
Subject: [PATCH 13/43] LDAP: move PHP LDAP functions calls to an LDAP Wrapper
 for better isolation and mock testing

---
 apps/user_ldap/lib/access.php      | 22 ++++----
 apps/user_ldap/lib/backendbase.php | 50 +++++++++++++++++
 apps/user_ldap/lib/ldap.php        | 86 ++++++++++++++++++++++++++++++
 3 files changed, 147 insertions(+), 11 deletions(-)
 create mode 100644 apps/user_ldap/lib/backendbase.php
 create mode 100644 apps/user_ldap/lib/ldap.php

diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php
index 52aa39012f..d09571a8a6 100644
--- a/apps/user_ldap/lib/access.php
+++ b/apps/user_ldap/lib/access.php
@@ -23,7 +23,7 @@
 
 namespace OCA\user_ldap\lib;
 
-abstract class Access {
+abstract class Access extends BackendBase {
 	protected $connection;
 	//never ever check this var directly, always use getPagedSearchResultState
 	protected $pagedSearchedSuccessful;
@@ -60,7 +60,7 @@ abstract class Access {
 			return false;
 		}
 		$dn = $this->DNasBaseParameter($dn);
-		$rr = @ldap_read($cr, $dn, $filter, array($attr));
+		$rr = @$this->ldap->read($cr, $dn, $filter, array($attr));
 		if(!is_resource($rr)) {
 			if(!empty($attr)) {
 				//do not throw this message on userExists check, irritates
@@ -73,13 +73,13 @@ abstract class Access {
 			\OCP\Util::writeLog('user_ldap', 'readAttribute: '.$dn.' found', \OCP\Util::DEBUG);
 			return array();
 		}
-		$er = ldap_first_entry($cr, $rr);
+		$er = $this->ldap->first_entry($cr, $rr);
 		if(!is_resource($er)) {
 			//did not match the filter, return false
 			return false;
 		}
 		//LDAP attributes are not case sensitive
-		$result = \OCP\Util::mb_array_change_key_case(ldap_get_attributes($cr, $er), MB_CASE_LOWER, 'UTF-8');
+		$result = \OCP\Util::mb_array_change_key_case($this->ldap->get_attributes($cr, $er), MB_CASE_LOWER, 'UTF-8');
 		$attr = mb_strtolower($attr, 'UTF-8');
 
 		if(isset($result[$attr]) && $result[$attr]['count'] > 0) {
@@ -664,11 +664,11 @@ abstract class Access {
 		$pagedSearchOK = $this->initPagedSearch($filter, $base, $attr, $limit, $offset);
 
 		$linkResources = array_pad(array(), count($base), $link_resource);
-		$sr = ldap_search($linkResources, $base, $filter, $attr);
-		$error = ldap_errno($link_resource);
+		$sr = $this->ldap->search($linkResources, $base, $filter, $attr);
+		$error = $this->ldap->errno($link_resource);
 		if(!is_array($sr) || $error !== 0) {
 			\OCP\Util::writeLog('user_ldap',
-				'Error when searching: '.ldap_error($link_resource).' code '.ldap_errno($link_resource),
+				'Error when searching: '.$this->ldap->error($link_resource).' code '.$this->ldap->errno($link_resource),
 				\OCP\Util::ERROR);
 			\OCP\Util::writeLog('user_ldap', 'Attempt for Paging?  '.print_r($pagedSearchOK, true), \OCP\Util::ERROR);
 			return array();
@@ -677,19 +677,19 @@ abstract class Access {
 		// Do the server-side sorting
 		foreach(array_reverse($attr) as $sortAttr){
 			foreach($sr as $searchResource) {
-				ldap_sort($link_resource, $searchResource, $sortAttr);
+				$this->ldap->sort($link_resource, $searchResource, $sortAttr);
 			}
 		}
 
 		$findings = array();
 		foreach($sr as $key => $res) {
-		    $findings = array_merge($findings, ldap_get_entries($link_resource, $res ));
+		    $findings = array_merge($findings, $this->ldap->get_entries($link_resource, $res ));
 		}
 		if($pagedSearchOK) {
 			\OCP\Util::writeLog('user_ldap', 'Paged search successful', \OCP\Util::INFO);
 			foreach($sr as $key => $res) {
 				$cookie = null;
-				if(ldap_control_paged_result_response($link_resource, $res, $cookie)) {
+				if($this->ldap->control_paged_result_response($link_resource, $res, $cookie)) {
 					\OCP\Util::writeLog('user_ldap', 'Set paged search cookie', \OCP\Util::INFO);
 					$this->setPagedResultCookie($base[$key], $filter, $limit, $offset, $cookie);
 				}
@@ -1103,7 +1103,7 @@ abstract class Access {
 					if($offset > 0) {
 						\OCP\Util::writeLog('user_ldap', 'Cookie '.$cookie, \OCP\Util::INFO);
 					}
-					$pagedSearchOK = ldap_control_paged_result($this->connection->getConnectionResource(),
+					$pagedSearchOK = $this->ldap->control_paged_result($this->connection->getConnectionResource(),
 						$limit, false, $cookie);
 					if(!$pagedSearchOK) {
 						return false;
diff --git a/apps/user_ldap/lib/backendbase.php b/apps/user_ldap/lib/backendbase.php
new file mode 100644
index 0000000000..7ed079b341
--- /dev/null
+++ b/apps/user_ldap/lib/backendbase.php
@@ -0,0 +1,50 @@
+<?php
+
+/**
+ * ownCloud – LDAP BackendBase
+ *
+ * @author Arthur Schiwon
+ * @copyright 2013 Arthur Schiwon blizzz@owncloud.com
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\user_ldap\lib;
+
+abstract class BackendBase {
+	protected $ldap;
+
+	public function __construct() {
+		$this->ldap = new LDAP();
+	}
+
+	/**
+	 * @brief sets the LDAP Wrapper to be used
+	 *
+	 * @param $ldapWrapper an instance of the Wrapper
+	 * @return true on success, otherwise false
+	 *
+	 * The LDAP Wrapper must implement the PHP LDAP functions, which are used
+	 * in the LDAP backend
+	 */
+	public function setLDAPWrapper($ldapWrapper) {
+		if(is_object($ldapWrapper)) {
+			unset($this->ldap);
+			$this->ldap = $ldapWrapper;
+			return true;
+		}
+		return false;
+	}
+}
\ No newline at end of file
diff --git a/apps/user_ldap/lib/ldap.php b/apps/user_ldap/lib/ldap.php
new file mode 100644
index 0000000000..86c57c37d8
--- /dev/null
+++ b/apps/user_ldap/lib/ldap.php
@@ -0,0 +1,86 @@
+<?php
+
+/**
+ * ownCloud – LDAP Wrapper
+ *
+ * @author Arthur Schiwon
+ * @copyright 2013 Arthur Schiwon blizzz@owncloud.com
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\user_ldap\lib;
+
+class LDAP {
+	protected $curFunc = '';
+	protected $curArgs = array();
+
+	//Simple wrapper for the ldap functions
+	public function __call($name, $arguments) {
+		$func = 'ldap_' . $name;
+		if(function_exists($func)) {
+			$this->preFunctionCall($func, $arguments);
+			$result = call_user_func_array($func, $arguments);
+			$this->postFunctionCall();
+			return $result;
+		}
+	}
+
+	public function control_paged_result_response($linkResource, $resultResource, &$cookie) {
+		$this->preFunctionCall('ldap_control_paged_result_response',
+			array($linkResource, $resultResource, $cookie));
+		$result = ldap_control_paged_result_response(
+			$linkResource, $resultResource, $cookie);
+		$this->postFunctionCall();
+
+		return $result;
+	}
+
+	public function areLDAPFunctionsAvailable() {
+		return function_exists('ldap_connect');
+	}
+
+	public function hasPagedResultSupport() {
+		$hasSupport = function_exists('ldap_control_paged_result')
+			&& function_exists('ldap_control_paged_result_response');
+		return $hasSupport;
+	}
+
+	private function preFunctionCall($functionName, $args) {
+		$this->curFunc = $functionName;
+		$this->curArgs = $args;
+	}
+
+	private function postFunctionCall() {
+		if(is_resource($this->curArgs[0])) {
+			$errorCode = ldap_errno($this->curArgs[0]);
+			$errorMsg  = ldap_error($this->curArgs[0]);
+			if($errorCode !== 0) {
+				if($this->curFunc === 'ldap_sort' && $errorCode === -4) {
+					//You can safely ignore that decoding error.
+					//… says https://bugs.php.net/bug.php?id=18023
+				} else if($this->curFunc === 'ldap_get_entries' && $errorCode === -4) {
+				} else if ($errorCode === 32) {
+					//for now
+				} else {
+					throw new \Exception('LDAP error '.$errorMsg.' (' .$errorCode.') after calling '.$this->curFunc.' with arguments '.print_r($this->curArgs, true));
+				}
+			}
+		}
+
+		$this->curFunc = '';
+		$this->curArgs = array();
+	}
+}
\ No newline at end of file

From 52454e39b7e04869f2cb3253d6978bbef5ece7fc Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Tue, 20 Aug 2013 12:39:24 +0200
Subject: [PATCH 14/43] LDAP: move is_resource check to ldap wrapper to make it
 mockable

---
 apps/user_ldap/lib/access.php     |  8 ++++----
 apps/user_ldap/lib/connection.php |  9 +++++----
 apps/user_ldap/lib/ldap.php       | 10 ++++++++++
 3 files changed, 19 insertions(+), 8 deletions(-)

diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php
index d09571a8a6..6cdeff3667 100644
--- a/apps/user_ldap/lib/access.php
+++ b/apps/user_ldap/lib/access.php
@@ -54,14 +54,14 @@ abstract class Access extends BackendBase {
 			return false;
 		}
 		$cr = $this->connection->getConnectionResource();
-		if(!is_resource($cr)) {
+		if(!$this->ldap->isResource($cr)) {
 			//LDAP not available
 			\OCP\Util::writeLog('user_ldap', 'LDAP resource not available.', \OCP\Util::DEBUG);
 			return false;
 		}
 		$dn = $this->DNasBaseParameter($dn);
 		$rr = @$this->ldap->read($cr, $dn, $filter, array($attr));
-		if(!is_resource($rr)) {
+		if(!$this->ldap->isResource($rr)) {
 			if(!empty($attr)) {
 				//do not throw this message on userExists check, irritates
 				\OCP\Util::writeLog('user_ldap', 'readAttribute failed for DN '.$dn, \OCP\Util::DEBUG);
@@ -74,7 +74,7 @@ abstract class Access extends BackendBase {
 			return array();
 		}
 		$er = $this->ldap->first_entry($cr, $rr);
-		if(!is_resource($er)) {
+		if(!$this->ldap->isResource($er)) {
 			//did not match the filter, return false
 			return false;
 		}
@@ -653,7 +653,7 @@ abstract class Access extends BackendBase {
 
 		// See if we have a resource, in case not cancel with message
 		$link_resource = $this->connection->getConnectionResource();
-		if(!is_resource($link_resource)) {
+		if(!$this->ldap->isResource($link_resource)) {
 			// Seems like we didn't find any resource.
 			// Return an empty array just like before.
 			\OCP\Util::writeLog('user_ldap', 'Could not search, because resource is missing.', \OCP\Util::DEBUG);
diff --git a/apps/user_ldap/lib/connection.php b/apps/user_ldap/lib/connection.php
index 4213927466..6a0d00405c 100644
--- a/apps/user_ldap/lib/connection.php
+++ b/apps/user_ldap/lib/connection.php
@@ -92,7 +92,8 @@ class Connection extends BackendBase {
 	}
 
 	public function __destruct() {
-		if(!$this->dontDestruct && is_resource($this->ldapConnectionRes)) {
+		if(!$this->dontDestruct &&
+			$this->ldap->isResource($this->ldapConnectionRes)) {
 			@$this->ldap->unbind($this->ldapConnectionRes);
 		};
 	}
@@ -149,7 +150,7 @@ class Connection extends BackendBase {
 	public function getConnectionResource() {
 		if(!$this->ldapConnectionRes) {
 			$this->init();
-		} else if(!is_resource($this->ldapConnectionRes)) {
+		} else if(!$this->ldap->isResource($this->ldapConnectionRes)) {
 			$this->ldapConnectionRes = null;
 			$this->establishConnection();
 		}
@@ -624,7 +625,7 @@ class Connection extends BackendBase {
 			if(!$this->config['ldapOverrideMainServer'] && !$this->getFromCache('overrideMainServer')) {
 				$this->doConnect($this->config['ldapHost'], $this->config['ldapPort']);
 				$bindStatus = $this->bind();
-				$error = is_resource($this->ldapConnectionRes) ? ldap_errno($this->ldapConnectionRes) : -1;
+				$error = $this->ldap->isResource($this->ldapConnectionRes) ? ldap_errno($this->ldapConnectionRes) : -1;
 			} else {
 				$bindStatus = false;
 				$error = null;
@@ -679,7 +680,7 @@ class Connection extends BackendBase {
 		$getConnectionResourceAttempt = true;
 		$cr = $this->getConnectionResource();
 		$getConnectionResourceAttempt = false;
-		if(!is_resource($cr)) {
+		if(!$this->ldap->isResource($cr)) {
 			return false;
 		}
 		$ldapLogin = @$this->ldap->bind($cr, $this->config['ldapAgentName'], $this->config['ldapAgentPassword']);
diff --git a/apps/user_ldap/lib/ldap.php b/apps/user_ldap/lib/ldap.php
index 86c57c37d8..1de901aec1 100644
--- a/apps/user_ldap/lib/ldap.php
+++ b/apps/user_ldap/lib/ldap.php
@@ -58,6 +58,16 @@ class LDAP {
 		return $hasSupport;
 	}
 
+	/**
+	 * Checks whether the submitted parameter is a resource
+	 *
+	 * @param $resource the resource variable to check
+	 * @return true if it is a resource, false otherwise
+	 */
+	public function isResource($resource) {
+		return is_resource($resource);
+	}
+
 	private function preFunctionCall($functionName, $args) {
 		$this->curFunc = $functionName;
 		$this->curArgs = $args;

From 6e850e0bee24f1fcea6c59e074d576bee1ec3e5b Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Tue, 20 Aug 2013 14:23:49 +0200
Subject: [PATCH 15/43] LDAP: establish wrapper interface to allow proper
 mocking

---
 apps/user_ldap/lib/access.php       |  13 +-
 apps/user_ldap/lib/connection.php   |   6 +-
 apps/user_ldap/lib/ildapwrapper.php | 179 ++++++++++++++++++++++++++++
 apps/user_ldap/lib/ldap.php         | 141 ++++++++++++++++------
 4 files changed, 293 insertions(+), 46 deletions(-)
 create mode 100644 apps/user_ldap/lib/ildapwrapper.php

diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php
index 6cdeff3667..4b7920b716 100644
--- a/apps/user_ldap/lib/access.php
+++ b/apps/user_ldap/lib/access.php
@@ -73,13 +73,13 @@ abstract class Access extends BackendBase {
 			\OCP\Util::writeLog('user_ldap', 'readAttribute: '.$dn.' found', \OCP\Util::DEBUG);
 			return array();
 		}
-		$er = $this->ldap->first_entry($cr, $rr);
+		$er = $this->ldap->firstEntry($cr, $rr);
 		if(!$this->ldap->isResource($er)) {
 			//did not match the filter, return false
 			return false;
 		}
 		//LDAP attributes are not case sensitive
-		$result = \OCP\Util::mb_array_change_key_case($this->ldap->get_attributes($cr, $er), MB_CASE_LOWER, 'UTF-8');
+		$result = \OCP\Util::mb_array_change_key_case($this->ldap->getAttributes($cr, $er), MB_CASE_LOWER, 'UTF-8');
 		$attr = mb_strtolower($attr, 'UTF-8');
 
 		if(isset($result[$attr]) && $result[$attr]['count'] > 0) {
@@ -683,13 +683,13 @@ abstract class Access extends BackendBase {
 
 		$findings = array();
 		foreach($sr as $key => $res) {
-		    $findings = array_merge($findings, $this->ldap->get_entries($link_resource, $res ));
+		    $findings = array_merge($findings, $this->ldap->getEntries($link_resource, $res ));
 		}
 		if($pagedSearchOK) {
 			\OCP\Util::writeLog('user_ldap', 'Paged search successful', \OCP\Util::INFO);
 			foreach($sr as $key => $res) {
 				$cookie = null;
-				if($this->ldap->control_paged_result_response($link_resource, $res, $cookie)) {
+				if($this->ldap->controlPagedResultResponse($link_resource, $res, $cookie)) {
 					\OCP\Util::writeLog('user_ldap', 'Set paged search cookie', \OCP\Util::INFO);
 					$this->setPagedResultCookie($base[$key], $filter, $limit, $offset, $cookie);
 				}
@@ -1103,8 +1103,9 @@ abstract class Access extends BackendBase {
 					if($offset > 0) {
 						\OCP\Util::writeLog('user_ldap', 'Cookie '.$cookie, \OCP\Util::INFO);
 					}
-					$pagedSearchOK = $this->ldap->control_paged_result($this->connection->getConnectionResource(),
-						$limit, false, $cookie);
+					$pagedSearchOK = $this->ldap->controlPagedResult(
+						$this->connection->getConnectionResource(), $limit,
+						false, $cookie);
 					if(!$pagedSearchOK) {
 						return false;
 					}
diff --git a/apps/user_ldap/lib/connection.php b/apps/user_ldap/lib/connection.php
index 6a0d00405c..6850169f2d 100644
--- a/apps/user_ldap/lib/connection.php
+++ b/apps/user_ldap/lib/connection.php
@@ -656,10 +656,10 @@ class Connection extends BackendBase {
 			$host .= ':' . $port;
 		}
 		$this->ldapConnectionRes = $this->ldap->connect($host, $port);
-		if($this->ldap->set_option($this->ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) {
-			if($this->ldap->set_option($this->ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) {
+		if($this->ldap->setOption($this->ldapConnectionRes, LDAP_OPT_PROTOCOL_VERSION, 3)) {
+			if($this->ldap->setOption($this->ldapConnectionRes, LDAP_OPT_REFERRALS, 0)) {
 				if($this->config['ldapTLS']) {
-					$this->ldap->start_tls($this->ldapConnectionRes);
+					$this->ldap->startTls($this->ldapConnectionRes);
 				}
 			}
 		}
diff --git a/apps/user_ldap/lib/ildapwrapper.php b/apps/user_ldap/lib/ildapwrapper.php
new file mode 100644
index 0000000000..56f5cfb4a2
--- /dev/null
+++ b/apps/user_ldap/lib/ildapwrapper.php
@@ -0,0 +1,179 @@
+<?php
+
+/**
+ * ownCloud – LDAP Wrapper Interface
+ *
+ * @author Arthur Schiwon
+ * @copyright 2013 Arthur Schiwon blizzz@owncloud.com
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\user_ldap\lib;
+
+interface ILDAPWrapper {
+
+	//LDAP functions in use
+
+	/**
+	 * @brief Bind to LDAP directory
+	 * @param $link LDAP link resource
+	 * @param $dn an RDN to log in with
+	 * @param $password the password
+	 * @return true on success, false otherwise
+	 *
+	 * with $dn and $password as null a anonymous bind is attempted.
+	 */
+	public function bind($link, $dn, $password);
+
+	/**
+	 * @brief connect to an LDAP server
+	 * @param $host The host to connect to
+	 * @param $port The port to connect to
+	 * @return a link resource on success, otherwise false
+	 */
+	public function connect($host, $port);
+
+	/**
+	 * @brief Send LDAP pagination control
+	 * @param $link LDAP link resource
+	 * @param $pagesize number of results per page
+	 * @param $isCritical Indicates whether the pagination is critical of not.
+	 * @param $cookie structure sent by LDAP server
+	 * @return true on success, false otherwise
+	 */
+	public function controlPagedResult($link, $pagesize, $isCritical, $cookie);
+
+	/**
+	 * @brief Retrieve the LDAP pagination cookie
+	 * @param $link LDAP link resource
+	 * @param $result LDAP result resource
+	 * @param $cookie structure sent by LDAP server
+	 *
+	 * Corresponds to ldap_control_paged_result_response
+	 */
+	public function controlPagedResultResponse($link, $result, &$cookie);
+
+	/**
+	 * @brief Return the LDAP error number of the last LDAP command
+	 * @param $link LDAP link resource
+	 * @return error message as string
+	 */
+	public function errno($link);
+
+	/**
+	 * @brief Return the LDAP error message of the last LDAP command
+	 * @param $link LDAP link resource
+	 * @return error code as integer
+	 */
+	public function error($link);
+
+	/**
+	 * @brief Return first result id
+	 * @param $link LDAP link resource
+	 * @param $result LDAP result resource
+	 * @return an LDAP search result resource
+	 * */
+	public function firstEntry($link, $result);
+
+	/**
+	 * @brief Get attributes from a search result entry
+	 * @param $link LDAP link resource
+	 * @param $result LDAP result resource
+	 * @return array containing the results, false on error
+	 * */
+	public function getAttributes($link, $result);
+
+	/**
+	 * @brief Get all result entries
+	 * @param $link LDAP link resource
+	 * @param $result LDAP result resource
+	 * @return array containing the results, false on error
+	 */
+	public function getEntries($link, $result);
+
+	/**
+	 * @brief Read an entry
+	 * @param $link LDAP link resource
+	 * @param $baseDN The DN of the entry to read from
+	 * @param $filter An LDAP filter
+	 * @param $attr array of the attributes to read
+	 * @return an LDAP search result resource
+	 */
+	public function read($link, $baseDN, $filter, $attr);
+
+	/**
+	 * @brief Search LDAP tree
+	 * @param $link LDAP link resource
+	 * @param $baseDN The DN of the entry to read from
+	 * @param $filter An LDAP filter
+	 * @param $attr array of the attributes to read
+	 * @return an LDAP search result resource, false on error
+	 */
+	public function search($link, $baseDN, $filter, $attr);
+
+	/**
+	 * @brief Sets the value of the specified option to be $value
+	 * @param $link LDAP link resource
+	 * @param $option a defined LDAP Server option
+	 * @param $value the new value for the option
+	 * @return true on success, false otherwise
+	 */
+	public function setOption($link, $option, $value);
+
+	/**
+	 * @brief establish Start TLS
+	 * @param $link LDAP link resource
+	 * @return true on success, false otherwise
+	 */
+	public function startTls($link);
+
+	/**
+	 * @brief Sort the result of a LDAP search
+	 * @param $link LDAP link resource
+	 * @param $result LDAP result resource
+	 * @param $sortfilter attribute to use a key in sort
+	 */
+	public function sort($link, $result, $sortfilter);
+
+	/**
+	 * @brief Unbind from LDAP directory
+	 * @param $link LDAP link resource
+	 * @return true on success, false otherwise
+	 */
+	public function unbind($link);
+
+	//additional required methods in owncloud
+
+	/**
+	 * @brief Checks whether the server supports LDAP
+	 * @return true if it the case, false otherwise
+	 * */
+	public function areLDAPFunctionsAvailable();
+
+	/**
+	 * @brief Checks whether PHP supports LDAP Paged Results
+	 * @return true if it the case, false otherwise
+	 * */
+	public function hasPagedResultSupport();
+
+	/**
+	 * @brief Checks whether the submitted parameter is a resource
+	 * @param $resource the resource variable to check
+	 * @return true if it is a resource, false otherwise
+	 */
+	public function isResource($resource);
+
+}
\ No newline at end of file
diff --git a/apps/user_ldap/lib/ldap.php b/apps/user_ldap/lib/ldap.php
index 1de901aec1..0f082147b1 100644
--- a/apps/user_ldap/lib/ldap.php
+++ b/apps/user_ldap/lib/ldap.php
@@ -23,13 +23,107 @@
 
 namespace OCA\user_ldap\lib;
 
-class LDAP {
+class LDAP implements ILDAPWrapper {
 	protected $curFunc = '';
 	protected $curArgs = array();
 
-	//Simple wrapper for the ldap functions
-	public function __call($name, $arguments) {
-		$func = 'ldap_' . $name;
+	public function bind($link, $dn, $password) {
+		return $this->invokeLDAPMethod('bind', $link, $dn, $password);
+	}
+
+	public function connect($host, $port) {
+		return $this->invokeLDAPMethod('connect', $host, $port);
+	}
+
+	public function controlPagedResultResponse($link, $result, &$cookie) {
+		$this->preFunctionCall('ldap_control_paged_result_response',
+			array($link, $result, $cookie));
+		$result = ldap_control_paged_result_response($link, $result, $cookie);
+		$this->postFunctionCall();
+
+		return $result;
+	}
+
+	public function controlPagedResult($link, $pagesize, $isCritical, $cookie) {
+		return $this->invokeLDAPMethod('control_paged_result', $link, $pagesize,
+										$isCritical, $cookie);
+	}
+
+	public function errno($link) {
+		return $this->invokeLDAPMethod('errno', $link);
+	}
+
+	public function error($link) {
+		return $this->invokeLDAPMethod('error', $link);
+	}
+
+	public function firstEntry($link, $result) {
+		return $this->invokeLDAPMethod('first_entry', $link, $result);
+	}
+
+	public function getAttributes($link, $result) {
+		return $this->invokeLDAPMethod('get_attributes', $link, $result);
+	}
+
+	public function getEntries($link, $result) {
+		return $this->invokeLDAPMethod('get_entries', $link, $result);
+	}
+
+	public function read($link, $baseDN, $filter, $attr) {
+		return $this->invokeLDAPMethod('read', $link, $baseDN, $filter, $attr);
+	}
+
+	public function search($link, $baseDN, $filter, $attr) {
+		return $this->invokeLDAPMethod('search', $link, $baseDN,
+										$filter, $attr);
+	}
+
+	public function setOption($link, $option, $value) {
+		$this->invokeLDAPMethod('set_option', $link, $option, $value);
+	}
+
+	public function sort($link, $result, $sortfilter) {
+		return $this->invokeLDAPMethod('sort', $link, $result, $sortfilter);
+	}
+
+	public function startTls($link) {
+		return $this->invokeLDAPMethod('start_tls', $link);
+	}
+
+	public function unbind($link) {
+		return $this->invokeLDAPMethod('unbind', $link);
+	}
+
+	/**
+	 * @brief Checks whether the server supports LDAP
+	 * @return true if it the case, false otherwise
+	 * */
+	public function areLDAPFunctionsAvailable() {
+		return function_exists('ldap_connect');
+	}
+
+	/**
+	 * @brief Checks whether PHP supports LDAP Paged Results
+	 * @return true if it the case, false otherwise
+	 * */
+	public function hasPagedResultSupport() {
+		$hasSupport = function_exists('ldap_control_paged_result')
+			&& function_exists('ldap_control_paged_result_response');
+		return $hasSupport;
+	}
+
+	/**
+	 * @brief Checks whether the submitted parameter is a resource
+	 * @param $resource the resource variable to check
+	 * @return true if it is a resource, false otherwise
+	 */
+	public function isResource($resource) {
+		return is_resource($resource);
+	}
+
+	private function invokeLDAPMethod() {
+		$arguments = func_get_args();
+		$func = 'ldap_' . array_shift($arguments);
 		if(function_exists($func)) {
 			$this->preFunctionCall($func, $arguments);
 			$result = call_user_func_array($func, $arguments);
@@ -38,54 +132,27 @@ class LDAP {
 		}
 	}
 
-	public function control_paged_result_response($linkResource, $resultResource, &$cookie) {
-		$this->preFunctionCall('ldap_control_paged_result_response',
-			array($linkResource, $resultResource, $cookie));
-		$result = ldap_control_paged_result_response(
-			$linkResource, $resultResource, $cookie);
-		$this->postFunctionCall();
-
-		return $result;
-	}
-
-	public function areLDAPFunctionsAvailable() {
-		return function_exists('ldap_connect');
-	}
-
-	public function hasPagedResultSupport() {
-		$hasSupport = function_exists('ldap_control_paged_result')
-			&& function_exists('ldap_control_paged_result_response');
-		return $hasSupport;
-	}
-
-	/**
-	 * Checks whether the submitted parameter is a resource
-	 *
-	 * @param $resource the resource variable to check
-	 * @return true if it is a resource, false otherwise
-	 */
-	public function isResource($resource) {
-		return is_resource($resource);
-	}
-
 	private function preFunctionCall($functionName, $args) {
 		$this->curFunc = $functionName;
 		$this->curArgs = $args;
 	}
 
 	private function postFunctionCall() {
-		if(is_resource($this->curArgs[0])) {
+		if($this->isResource($this->curArgs[0])) {
 			$errorCode = ldap_errno($this->curArgs[0]);
 			$errorMsg  = ldap_error($this->curArgs[0]);
 			if($errorCode !== 0) {
 				if($this->curFunc === 'ldap_sort' && $errorCode === -4) {
 					//You can safely ignore that decoding error.
 					//… says https://bugs.php.net/bug.php?id=18023
-				} else if($this->curFunc === 'ldap_get_entries' && $errorCode === -4) {
+				} else if($this->curFunc === 'ldap_get_entries'
+						  && $errorCode === -4) {
 				} else if ($errorCode === 32) {
 					//for now
 				} else {
-					throw new \Exception('LDAP error '.$errorMsg.' (' .$errorCode.') after calling '.$this->curFunc.' with arguments '.print_r($this->curArgs, true));
+					throw new \Exception('LDAP error '.$errorMsg.' (' .
+						$errorCode.') after calling '.$this->curFunc.
+						' with arguments '.print_r($this->curArgs, true));
 				}
 			}
 		}

From 5090ca3eb472b4d6b14aa6d7034cb6fc6f688649 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Wed, 21 Aug 2013 23:59:39 +0200
Subject: [PATCH 16/43] LDAP: add phpdoc

---
 apps/user_ldap/lib/ildapwrapper.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/apps/user_ldap/lib/ildapwrapper.php b/apps/user_ldap/lib/ildapwrapper.php
index 56f5cfb4a2..be35cebe94 100644
--- a/apps/user_ldap/lib/ildapwrapper.php
+++ b/apps/user_ldap/lib/ildapwrapper.php
@@ -61,6 +61,7 @@ interface ILDAPWrapper {
 	 * @param $link LDAP link resource
 	 * @param $result LDAP result resource
 	 * @param $cookie structure sent by LDAP server
+	 * @return true on success, false otherwise
 	 *
 	 * Corresponds to ldap_control_paged_result_response
 	 */

From b9cd22cf7845e6192206c2f997123ba3a0bb098e Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Fri, 6 Sep 2013 19:31:41 +0200
Subject: [PATCH 17/43] LDAP: use wrapper,  not direct function call

---
 apps/user_ldap/lib/connection.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/user_ldap/lib/connection.php b/apps/user_ldap/lib/connection.php
index 6850169f2d..dd627a4e1b 100644
--- a/apps/user_ldap/lib/connection.php
+++ b/apps/user_ldap/lib/connection.php
@@ -625,7 +625,7 @@ class Connection extends BackendBase {
 			if(!$this->config['ldapOverrideMainServer'] && !$this->getFromCache('overrideMainServer')) {
 				$this->doConnect($this->config['ldapHost'], $this->config['ldapPort']);
 				$bindStatus = $this->bind();
-				$error = $this->ldap->isResource($this->ldapConnectionRes) ? ldap_errno($this->ldapConnectionRes) : -1;
+				$error = $this->ldap->isResource($this->ldapConnectionRes) ? $this->ldap->errno($this->ldapConnectionRes) : -1;
 			} else {
 				$bindStatus = false;
 				$error = null;

From f04aa1af5d53759dfc838057a5289106489c4a25 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Fri, 6 Sep 2013 20:52:26 +0200
Subject: [PATCH 18/43] LDAP: don't check var type when you can specify the
 type in the parameter list

---
 apps/user_ldap/lib/backendbase.php | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/apps/user_ldap/lib/backendbase.php b/apps/user_ldap/lib/backendbase.php
index 7ed079b341..5ed73a0a5b 100644
--- a/apps/user_ldap/lib/backendbase.php
+++ b/apps/user_ldap/lib/backendbase.php
@@ -39,12 +39,8 @@ abstract class BackendBase {
 	 * The LDAP Wrapper must implement the PHP LDAP functions, which are used
 	 * in the LDAP backend
 	 */
-	public function setLDAPWrapper($ldapWrapper) {
-		if(is_object($ldapWrapper)) {
-			unset($this->ldap);
-			$this->ldap = $ldapWrapper;
-			return true;
-		}
-		return false;
+	public function setLDAPWrapper(ILDAPWrapper $ldapWrapper) {
+		$this->ldap = $ldapWrapper;
+		return true;
 	}
 }
\ No newline at end of file

From b9cc2ad660fb7a43f2b0a12e1290527fcebb995a Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Mon, 9 Sep 2013 23:19:05 +0200
Subject: [PATCH 19/43] Whitespaces

---
 apps/user_ldap/user_ldap.php | 2 --
 1 file changed, 2 deletions(-)

diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php
index 850ca0df99..ab3b57001b 100644
--- a/apps/user_ldap/user_ldap.php
+++ b/apps/user_ldap/user_ldap.php
@@ -144,14 +144,12 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
 		if($this->connection->isCached('userExists'.$uid)) {
 			return $this->connection->getFromCache('userExists'.$uid);
 		}
-
 		//getting dn, if false the user does not exist. If dn, he may be mapped only, requires more checking.
 		$dn = $this->username2dn($uid);
 		if(!$dn) {
 			$this->connection->writeToCache('userExists'.$uid, false);
 			return false;
 		}
-
 		//check if user really still exists by reading its entry
 		if(!is_array($this->readAttribute($dn, ''))) {
 			$this->connection->writeToCache('userExists'.$uid, false);

From d4f92494a23747af545d7ebb70eaf3e417f46eaa Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Tue, 10 Sep 2013 17:11:02 +0200
Subject: [PATCH 20/43] LDAP: make Access be a dependency to the user and group
 backend instead of inheriting it.

---
 apps/user_ldap/ajax/getConfiguration.php      |   3 +-
 apps/user_ldap/ajax/setConfiguration.php      |   3 +-
 apps/user_ldap/ajax/testConfiguration.php     |   3 +-
 apps/user_ldap/appinfo/app.php                |  14 +-
 apps/user_ldap/group_ldap.php                 | 129 +++++++++---------
 apps/user_ldap/group_proxy.php                |  10 +-
 apps/user_ldap/lib/access.php                 |   7 +-
 apps/user_ldap/lib/backendutility.php         |  38 ++++++
 apps/user_ldap/lib/connection.php             |  22 +--
 apps/user_ldap/lib/jobs.php                   |  11 +-
 apps/user_ldap/lib/ldap.php                   |   2 +
 .../lib/{backendbase.php => ldaputility.php}  |  20 +--
 apps/user_ldap/lib/proxy.php                  |  27 ++--
 apps/user_ldap/settings.php                   |   7 +-
 apps/user_ldap/user_ldap.php                  |  94 +++++++------
 apps/user_ldap/user_proxy.php                 |  10 +-
 16 files changed, 226 insertions(+), 174 deletions(-)
 create mode 100644 apps/user_ldap/lib/backendutility.php
 rename apps/user_ldap/lib/{backendbase.php => ldaputility.php} (65%)

diff --git a/apps/user_ldap/ajax/getConfiguration.php b/apps/user_ldap/ajax/getConfiguration.php
index baca588976..fc51b459a2 100644
--- a/apps/user_ldap/ajax/getConfiguration.php
+++ b/apps/user_ldap/ajax/getConfiguration.php
@@ -27,5 +27,6 @@ OCP\JSON::checkAppEnabled('user_ldap');
 OCP\JSON::callCheck();
 
 $prefix = $_POST['ldap_serverconfig_chooser'];
-$connection = new \OCA\user_ldap\lib\Connection($prefix);
+$ldapWrapper = new OCA\user_ldap\lib\LDAP();
+$connection = new \OCA\user_ldap\lib\Connection($ldapWrapper, $prefix);
 OCP\JSON::success(array('configuration' => $connection->getConfiguration()));
diff --git a/apps/user_ldap/ajax/setConfiguration.php b/apps/user_ldap/ajax/setConfiguration.php
index d850bda247..94de8835fb 100644
--- a/apps/user_ldap/ajax/setConfiguration.php
+++ b/apps/user_ldap/ajax/setConfiguration.php
@@ -27,7 +27,8 @@ OCP\JSON::checkAppEnabled('user_ldap');
 OCP\JSON::callCheck();
 
 $prefix = $_POST['ldap_serverconfig_chooser'];
-$connection = new \OCA\user_ldap\lib\Connection($prefix);
+$ldapWrapper = new OCA\user_ldap\lib\LDAP();
+$connection = new \OCA\user_ldap\lib\Connection($ldapWrapper, $prefix);
 $connection->setConfiguration($_POST);
 $connection->saveConfiguration();
 OCP\JSON::success();
diff --git a/apps/user_ldap/ajax/testConfiguration.php b/apps/user_ldap/ajax/testConfiguration.php
index 7ce1258a79..0b8e4ccfe2 100644
--- a/apps/user_ldap/ajax/testConfiguration.php
+++ b/apps/user_ldap/ajax/testConfiguration.php
@@ -28,7 +28,8 @@ OCP\JSON::callCheck();
 
 $l=OC_L10N::get('user_ldap');
 
-$connection = new \OCA\user_ldap\lib\Connection('', null);
+$ldapWrapper = new OCA\user_ldap\lib\LDAP();
+$connection = new \OCA\user_ldap\lib\Connection($ldapWrapper, '', null);
 if($connection->setConfiguration($_POST)) {
 	//Configuration is okay
 	if($connection->bind()) {
diff --git a/apps/user_ldap/appinfo/app.php b/apps/user_ldap/appinfo/app.php
index 593e846bc0..9d6327181a 100644
--- a/apps/user_ldap/appinfo/app.php
+++ b/apps/user_ldap/appinfo/app.php
@@ -24,15 +24,15 @@
 OCP\App::registerAdmin('user_ldap', 'settings');
 
 $configPrefixes = OCA\user_ldap\lib\Helper::getServerConfigurationPrefixes(true);
+$ldapWrapper = new OCA\user_ldap\lib\LDAP();
 if(count($configPrefixes) === 1) {
-	$connector = new OCA\user_ldap\lib\Connection($configPrefixes[0]);
-	$userBackend  = new OCA\user_ldap\USER_LDAP();
-	$userBackend->setConnector($connector);
-	$groupBackend = new OCA\user_ldap\GROUP_LDAP();
-	$groupBackend->setConnector($connector);
+	$connector = new OCA\user_ldap\lib\Connection($ldapWrapper, $configPrefixes[0]);
+	$ldapAccess = new OCA\user_ldap\lib\Access($connector, $ldapWrapper);
+	$userBackend  = new OCA\user_ldap\USER_LDAP($ldapAccess);
+	$groupBackend = new OCA\user_ldap\GROUP_LDAP($ldapAccess);
 } else {
-	$userBackend  = new OCA\user_ldap\User_Proxy($configPrefixes);
-	$groupBackend  = new OCA\user_ldap\Group_Proxy($configPrefixes);
+	$userBackend  = new OCA\user_ldap\User_Proxy($configPrefixes, $ldapWrapper);
+	$groupBackend  = new OCA\user_ldap\Group_Proxy($configPrefixes, $ldapWrapper);
 }
 
 if(count($configPrefixes) > 0) {
diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php
index 04ff392f92..80b988594d 100644
--- a/apps/user_ldap/group_ldap.php
+++ b/apps/user_ldap/group_ldap.php
@@ -23,13 +23,16 @@
 
 namespace OCA\user_ldap;
 
-class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
+use OCA\user_ldap\lib\Access;
+use OCA\user_ldap\lib\BackendUtility;
+
+class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface {
 	protected $enabled = false;
 
-	public function setConnector(lib\Connection &$connection) {
-		parent::setConnector($connection);
-		$filter = $this->connection->ldapGroupFilter;
-		$gassoc = $this->connection->ldapGroupMemberAssocAttr;
+	public function __construct(Access $access) {
+		parent::__construct($access);
+		$filter = $this->access->connection->ldapGroupFilter;
+		$gassoc = $this->access->connection->ldapGroupMemberAssocAttr;
 		if(!empty($filter) && !empty($gassoc)) {
 			$this->enabled = true;
 		}
@@ -47,30 +50,30 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
 		if(!$this->enabled) {
 			return false;
 		}
-		if($this->connection->isCached('inGroup'.$uid.':'.$gid)) {
-			return $this->connection->getFromCache('inGroup'.$uid.':'.$gid);
+		if($this->access->connection->isCached('inGroup'.$uid.':'.$gid)) {
+			return $this->access->connection->getFromCache('inGroup'.$uid.':'.$gid);
 		}
-		$dn_user = $this->username2dn($uid);
-		$dn_group = $this->groupname2dn($gid);
+		$dn_user = $this->access->username2dn($uid);
+		$dn_group = $this->access->groupname2dn($gid);
 		// just in case
 		if(!$dn_group || !$dn_user) {
-			$this->connection->writeToCache('inGroup'.$uid.':'.$gid, false);
+			$this->access->connection->writeToCache('inGroup'.$uid.':'.$gid, false);
 			return false;
 		}
 		//usually, LDAP attributes are said to be case insensitive. But there are exceptions of course.
-		$members = $this->readAttribute($dn_group, $this->connection->ldapGroupMemberAssocAttr);
+		$members = $this->access->readAttribute($dn_group, $this->access->connection->ldapGroupMemberAssocAttr);
 		if(!$members) {
-			$this->connection->writeToCache('inGroup'.$uid.':'.$gid, false);
+			$this->access->connection->writeToCache('inGroup'.$uid.':'.$gid, false);
 			return false;
 		}
 
 		//extra work if we don't get back user DNs
 		//TODO: this can be done with one LDAP query
-		if(strtolower($this->connection->ldapGroupMemberAssocAttr) === 'memberuid') {
+		if(strtolower($this->access->connection->ldapGroupMemberAssocAttr) === 'memberuid') {
 			$dns = array();
 			foreach($members as $mid) {
-				$filter = str_replace('%uid', $mid, $this->connection->ldapLoginFilter);
-				$ldap_users = $this->fetchListOfUsers($filter, 'dn');
+				$filter = str_replace('%uid', $mid, $this->access->connection->ldapLoginFilter);
+				$ldap_users = $this->access->fetchListOfUsers($filter, 'dn');
 				if(count($ldap_users) < 1) {
 					continue;
 				}
@@ -80,7 +83,7 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
 		}
 
 		$isInGroup = in_array($dn_user, $members);
-		$this->connection->writeToCache('inGroup'.$uid.':'.$gid, $isInGroup);
+		$this->access->connection->writeToCache('inGroup'.$uid.':'.$gid, $isInGroup);
 
 		return $isInGroup;
 	}
@@ -98,35 +101,35 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
 			return array();
 		}
 		$cacheKey = 'getUserGroups'.$uid;
-		if($this->connection->isCached($cacheKey)) {
-			return $this->connection->getFromCache($cacheKey);
+		if($this->access->connection->isCached($cacheKey)) {
+			return $this->access->connection->getFromCache($cacheKey);
 		}
-		$userDN = $this->username2dn($uid);
+		$userDN = $this->access->username2dn($uid);
 		if(!$userDN) {
-			$this->connection->writeToCache($cacheKey, array());
+			$this->access->connection->writeToCache($cacheKey, array());
 			return array();
 		}
 
 		//uniqueMember takes DN, memberuid the uid, so we need to distinguish
-		if((strtolower($this->connection->ldapGroupMemberAssocAttr) === 'uniquemember')
-			|| (strtolower($this->connection->ldapGroupMemberAssocAttr) === 'member')
+		if((strtolower($this->access->connection->ldapGroupMemberAssocAttr) === 'uniquemember')
+			|| (strtolower($this->access->connection->ldapGroupMemberAssocAttr) === 'member')
 		) {
 			$uid = $userDN;
-		} else if(strtolower($this->connection->ldapGroupMemberAssocAttr) === 'memberuid') {
-			$result = $this->readAttribute($userDN, 'uid');
+		} else if(strtolower($this->access->connection->ldapGroupMemberAssocAttr) === 'memberuid') {
+			$result = $this->access->readAttribute($userDN, 'uid');
 			$uid = $result[0];
 		} else {
 			// just in case
 			$uid = $userDN;
 		}
 
-		$filter = $this->combineFilterWithAnd(array(
-			$this->connection->ldapGroupFilter,
-			$this->connection->ldapGroupMemberAssocAttr.'='.$uid
+		$filter = $this->access->combineFilterWithAnd(array(
+			$this->access->connection->ldapGroupFilter,
+			$this->access->connection->ldapGroupMemberAssocAttr.'='.$uid
 		));
-		$groups = $this->fetchListOfGroups($filter, array($this->connection->ldapGroupDisplayName, 'dn'));
-		$groups = array_unique($this->ownCloudGroupNames($groups), SORT_LOCALE_STRING);
-		$this->connection->writeToCache($cacheKey, $groups);
+		$groups = $this->access->fetchListOfGroups($filter, array($this->access->connection->ldapGroupDisplayName, 'dn'));
+		$groups = array_unique($this->access->ownCloudGroupNames($groups), SORT_LOCALE_STRING);
+		$this->access->connection->writeToCache($cacheKey, $groups);
 
 		return $groups;
 	}
@@ -144,70 +147,70 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
 		}
 		$cachekey = 'usersInGroup-'.$gid.'-'.$search.'-'.$limit.'-'.$offset;
 		// check for cache of the exact query
-		$groupUsers = $this->connection->getFromCache($cachekey);
+		$groupUsers = $this->access->connection->getFromCache($cachekey);
 		if(!is_null($groupUsers)) {
 			return $groupUsers;
 		}
 
 		// check for cache of the query without limit and offset
-		$groupUsers = $this->connection->getFromCache('usersInGroup-'.$gid.'-'.$search);
+		$groupUsers = $this->access->connection->getFromCache('usersInGroup-'.$gid.'-'.$search);
 		if(!is_null($groupUsers)) {
 			$groupUsers = array_slice($groupUsers, $offset, $limit);
-			$this->connection->writeToCache($cachekey, $groupUsers);
+			$this->access->connection->writeToCache($cachekey, $groupUsers);
 			return $groupUsers;
 		}
 
 		if($limit === -1) {
 			$limit = null;
 		}
-		$groupDN = $this->groupname2dn($gid);
+		$groupDN = $this->access->groupname2dn($gid);
 		if(!$groupDN) {
 			// group couldn't be found, return empty resultset
-			$this->connection->writeToCache($cachekey, array());
+			$this->access->connection->writeToCache($cachekey, array());
 			return array();
 		}
 
-		$members = $this->readAttribute($groupDN, $this->connection->ldapGroupMemberAssocAttr);
+		$members = $this->access->readAttribute($groupDN, $this->access->connection->ldapGroupMemberAssocAttr);
 		if(!$members) {
 			//in case users could not be retrieved, return empty resultset
-			$this->connection->writeToCache($cachekey, array());
+			$this->access->connection->writeToCache($cachekey, array());
 			return array();
 		}
 
 		$groupUsers = array();
-		$isMemberUid = (strtolower($this->connection->ldapGroupMemberAssocAttr) === 'memberuid');
+		$isMemberUid = (strtolower($this->access->connection->ldapGroupMemberAssocAttr) === 'memberuid');
 		foreach($members as $member) {
 			if($isMemberUid) {
 				//we got uids, need to get their DNs to 'tranlsate' them to usernames
-				$filter = $this->combineFilterWithAnd(array(
+				$filter = $this->access->combineFilterWithAnd(array(
 					\OCP\Util::mb_str_replace('%uid', $member,
-						$this->connection->ldapLoginFilter, 'UTF-8'),
-					$this->getFilterPartForUserSearch($search)
+						$this->access->connection->ldapLoginFilter, 'UTF-8'),
+					$this->access->getFilterPartForUserSearch($search)
 				));
-				$ldap_users = $this->fetchListOfUsers($filter, 'dn');
+				$ldap_users = $this->access->fetchListOfUsers($filter, 'dn');
 				if(count($ldap_users) < 1) {
 					continue;
 				}
-				$groupUsers[] = $this->dn2username($ldap_users[0]);
+				$groupUsers[] = $this->access->dn2username($ldap_users[0]);
 			} else {
 				//we got DNs, check if we need to filter by search or we can give back all of them
 				if(!empty($search)) {
-					if(!$this->readAttribute($member,
-						$this->connection->ldapUserDisplayName,
-						$this->getFilterPartForUserSearch($search))) {
+					if(!$this->access->readAttribute($member,
+						$this->access->connection->ldapUserDisplayName,
+						$this->access->getFilterPartForUserSearch($search))) {
 						continue;
 					}
 				}
 				// dn2username will also check if the users belong to the allowed base
-				if($ocname = $this->dn2username($member)) {
+				if($ocname = $this->access->dn2username($member)) {
 					$groupUsers[] = $ocname;
 				}
 			}
 		}
 		natsort($groupUsers);
-		$this->connection->writeToCache('usersInGroup-'.$gid.'-'.$search, $groupUsers);
+		$this->access->connection->writeToCache('usersInGroup-'.$gid.'-'.$search, $groupUsers);
 		$groupUsers = array_slice($groupUsers, $offset, $limit);
-		$this->connection->writeToCache($cachekey, $groupUsers);
+		$this->access->connection->writeToCache($cachekey, $groupUsers);
 
 		return $groupUsers;
 	}
@@ -245,7 +248,7 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
 
 		//Check cache before driving unnecessary searches
 		\OCP\Util::writeLog('user_ldap', 'getGroups '.$cachekey, \OCP\Util::DEBUG);
-		$ldap_groups = $this->connection->getFromCache($cachekey);
+		$ldap_groups = $this->access->connection->getFromCache($cachekey);
 		if(!is_null($ldap_groups)) {
 			return $ldap_groups;
 		}
@@ -255,16 +258,16 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
 		if($limit <= 0) {
 			$limit = null;
 		}
-		$filter = $this->combineFilterWithAnd(array(
-			$this->connection->ldapGroupFilter,
-			$this->getFilterPartForGroupSearch($search)
+		$filter = $this->access->combineFilterWithAnd(array(
+			$this->access->connection->ldapGroupFilter,
+			$this->access->getFilterPartForGroupSearch($search)
 		));
 		\OCP\Util::writeLog('user_ldap', 'getGroups Filter '.$filter, \OCP\Util::DEBUG);
-		$ldap_groups = $this->fetchListOfGroups($filter, array($this->connection->ldapGroupDisplayName, 'dn'),
+		$ldap_groups = $this->access->fetchListOfGroups($filter, array($this->access->connection->ldapGroupDisplayName, 'dn'),
 			$limit, $offset);
-		$ldap_groups = $this->ownCloudGroupNames($ldap_groups);
+		$ldap_groups = $this->access->ownCloudGroupNames($ldap_groups);
 
-		$this->connection->writeToCache($cachekey, $ldap_groups);
+		$this->access->connection->writeToCache($cachekey, $ldap_groups);
 		return $ldap_groups;
 	}
 
@@ -278,25 +281,25 @@ class GROUP_LDAP extends lib\Access implements \OCP\GroupInterface {
 	 * @return bool
 	 */
 	public function groupExists($gid) {
-		if($this->connection->isCached('groupExists'.$gid)) {
-			return $this->connection->getFromCache('groupExists'.$gid);
+		if($this->access->connection->isCached('groupExists'.$gid)) {
+			return $this->access->connection->getFromCache('groupExists'.$gid);
 		}
 
 		//getting dn, if false the group does not exist. If dn, it may be mapped only, requires more checking.
-		$dn = $this->groupname2dn($gid);
+		$dn = $this->access->groupname2dn($gid);
 		if(!$dn) {
-			$this->connection->writeToCache('groupExists'.$gid, false);
+			$this->access->connection->writeToCache('groupExists'.$gid, false);
 			return false;
 		}
 
 		//if group really still exists, we will be able to read its objectclass
-		$objcs = $this->readAttribute($dn, 'objectclass');
+		$objcs = $this->access->readAttribute($dn, 'objectclass');
 		if(!$objcs || empty($objcs)) {
-			$this->connection->writeToCache('groupExists'.$gid, false);
+			$this->access->connection->writeToCache('groupExists'.$gid, false);
 			return false;
 		}
 
-		$this->connection->writeToCache('groupExists'.$gid, true);
+		$this->access->connection->writeToCache('groupExists'.$gid, true);
 		return true;
 	}
 
diff --git a/apps/user_ldap/group_proxy.php b/apps/user_ldap/group_proxy.php
index eb6f176c58..78a616854c 100644
--- a/apps/user_ldap/group_proxy.php
+++ b/apps/user_ldap/group_proxy.php
@@ -23,6 +23,8 @@
 
 namespace OCA\user_ldap;
 
+use OCA\user_ldap\lib\ILDAPWrapper;
+
 class Group_Proxy extends lib\Proxy implements \OCP\GroupInterface {
 	private $backends = array();
 	private $refBackend = null;
@@ -31,12 +33,10 @@ class Group_Proxy extends lib\Proxy implements \OCP\GroupInterface {
 	 * @brief Constructor
 	 * @param $serverConfigPrefixes array containing the config Prefixes
 	 */
-	public function __construct($serverConfigPrefixes) {
-		parent::__construct();
+	public function __construct($serverConfigPrefixes, ILDAPWrapper $ldap) {
+		parent::__construct($ldap);
 		foreach($serverConfigPrefixes as $configPrefix) {
-		    $this->backends[$configPrefix] = new \OCA\user_ldap\GROUP_LDAP();
-		    $connector = $this->getConnector($configPrefix);
-			$this->backends[$configPrefix]->setConnector($connector);
+		    $this->backends[$configPrefix] = new \OCA\user_ldap\GROUP_LDAP($this->getAccess($configPrefix));
 			if(is_null($this->refBackend)) {
 				$this->refBackend = &$this->backends[$configPrefix];
 			}
diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php
index 4b7920b716..3d791755ab 100644
--- a/apps/user_ldap/lib/access.php
+++ b/apps/user_ldap/lib/access.php
@@ -23,12 +23,13 @@
 
 namespace OCA\user_ldap\lib;
 
-abstract class Access extends BackendBase {
-	protected $connection;
+class Access extends LDAPUtility {
+	public $connection;
 	//never ever check this var directly, always use getPagedSearchResultState
 	protected $pagedSearchedSuccessful;
 
-	public function setConnector(Connection &$connection) {
+	public function __construct(Connection $connection, ILDAPWrapper $ldap) {
+		parent::__construct($ldap);
 		$this->connection = $connection;
 	}
 
diff --git a/apps/user_ldap/lib/backendutility.php b/apps/user_ldap/lib/backendutility.php
new file mode 100644
index 0000000000..f279b1e997
--- /dev/null
+++ b/apps/user_ldap/lib/backendutility.php
@@ -0,0 +1,38 @@
+<?php
+
+/**
+ * ownCloud – LDAP BackendUtility
+ *
+ * @author Arthur Schiwon
+ * @copyright 2013 Arthur Schiwon blizzz@owncloud.com
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+ * License as published by the Free Software Foundation; either
+ * version 3 of the License, or any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public
+ * License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+namespace OCA\user_ldap\lib;
+
+use OCA\user_ldap\lib\Access;
+
+abstract class BackendUtility {
+	protected $access;
+
+	/**
+	 * @brief constructor, make sure the subclasses call this one!
+	 * @param $access an instance of Access for LDAP interaction
+	 */
+	public function __construct(Access $access) {
+		$this->access = $access;
+	}
+}
\ No newline at end of file
diff --git a/apps/user_ldap/lib/connection.php b/apps/user_ldap/lib/connection.php
index dd627a4e1b..0bf13a1937 100644
--- a/apps/user_ldap/lib/connection.php
+++ b/apps/user_ldap/lib/connection.php
@@ -23,7 +23,7 @@
 
 namespace OCA\user_ldap\lib;
 
-class Connection extends BackendBase {
+class Connection extends LDAPUtility {
 	private $ldapConnectionRes = null;
 	private $configPrefix;
 	private $configID;
@@ -60,7 +60,7 @@ class Connection extends BackendBase {
 		'ldapQuotaDefault' => null,
 		'ldapEmailAttribute' => null,
 		'ldapCacheTTL' => null,
-		'ldapUuidAttribute' => null,
+		'ldapUuidAttribute' => 'auto',
 		'ldapOverrideUuidAttribute' => null,
 		'ldapOverrideMainServer' => false,
 		'ldapConfigurationActive' => false,
@@ -77,8 +77,8 @@ class Connection extends BackendBase {
 	 * @param $configPrefix a string with the prefix for the configkey column (appconfig table)
 	 * @param $configID a string with the value for the appid column (appconfig table) or null for on-the-fly connections
 	 */
-	public function __construct($configPrefix = '', $configID = 'user_ldap') {
-		parent::__construct();
+	public function __construct(ILDAPWrapper $ldap, $configPrefix = '', $configID = 'user_ldap') {
+		parent::__construct($ldap);
 		$this->configPrefix = $configPrefix;
 		$this->configID = $configID;
 		$memcache = new \OC\Memcache\Factory();
@@ -363,6 +363,14 @@ class Connection extends BackendBase {
 					&& $params[$parameter] === 'homeFolderNamingRule'))
 				&& !empty($value)) {
 				$value = 'attr:'.$value;
+			} else if (strpos($parameter, 'ldapBase') !== false
+				|| (isset($params[$parameter])
+					&& strpos($params[$parameter], 'ldapBase') !== false)) {
+				$this->readBase($params[$parameter], $value);
+				if(is_array($setParameters)) {
+					$setParameters[] = $parameter;
+				}
+				continue;
 			}
 		    if(isset($this->config[$parameter])) {
 				$this->config[$parameter] = $value;
@@ -433,10 +441,6 @@ class Connection extends BackendBase {
 					$config[$dbKey] = '';
 				}
 				continue;
-			} else if((strpos($classKey, 'ldapBase') !== false)
-					|| (strpos($classKey, 'ldapAttributes') !== false)) {
-				$config[$dbKey] = implode("\n", $this->config[$classKey]);
-				continue;
 			}
 			$config[$dbKey] = $this->config[$classKey];
 		}
@@ -553,7 +557,7 @@ class Connection extends BackendBase {
 	 * @returns an associative array with the default values. Keys are correspond
 	 * to config-value entries in the database table
 	 */
-	public function getDefaults() {
+	static public function getDefaults() {
 		return array(
 			'ldap_host'                         => '',
 			'ldap_port'                         => '389',
diff --git a/apps/user_ldap/lib/jobs.php b/apps/user_ldap/lib/jobs.php
index 6b7666d4ca..2f90da3bfb 100644
--- a/apps/user_ldap/lib/jobs.php
+++ b/apps/user_ldap/lib/jobs.php
@@ -139,13 +139,14 @@ class Jobs extends \OC\BackgroundJob\TimedJob {
 			return self::$groupBE;
 		}
 		$configPrefixes = Helper::getServerConfigurationPrefixes(true);
-		if(count($configPrefixes) == 1) {
+		$ldapWrapper = new OCA\user_ldap\lib\LDAP();
+		if(count($configPrefixes) === 1) {
 			//avoid the proxy when there is only one LDAP server configured
-			$connector = new Connection($configPrefixes[0]);
-			self::$groupBE = new \OCA\user_ldap\GROUP_LDAP();
-			self::$groupBE->setConnector($connector);
+			$connector = new OCA\user_ldap\lib\Connection($ldapWrapper, $configPrefixes[0]);
+			$ldapAccess = new OCA\user_ldap\lib\Access($connector, $ldapWrapper);
+			self::$groupBE = new OCA\user_ldap\GROUP_LDAP($ldapAccess);
 		} else {
-			self::$groupBE = new \OCA\user_ldap\Group_Proxy($configPrefixes);
+			self::$groupBE = new \OCA\user_ldap\Group_Proxy($configPrefixes, $ldapWrapper);
 		}
 
 		return self::$groupBE;
diff --git a/apps/user_ldap/lib/ldap.php b/apps/user_ldap/lib/ldap.php
index 0f082147b1..ee2e336cc9 100644
--- a/apps/user_ldap/lib/ldap.php
+++ b/apps/user_ldap/lib/ldap.php
@@ -149,6 +149,8 @@ class LDAP implements ILDAPWrapper {
 						  && $errorCode === -4) {
 				} else if ($errorCode === 32) {
 					//for now
+				} else if ($errorCode === 10) {
+					//referrals, we switch them off, but then there is AD :)
 				} else {
 					throw new \Exception('LDAP error '.$errorMsg.' (' .
 						$errorCode.') after calling '.$this->curFunc.
diff --git a/apps/user_ldap/lib/backendbase.php b/apps/user_ldap/lib/ldaputility.php
similarity index 65%
rename from apps/user_ldap/lib/backendbase.php
rename to apps/user_ldap/lib/ldaputility.php
index 5ed73a0a5b..975df7d1de 100644
--- a/apps/user_ldap/lib/backendbase.php
+++ b/apps/user_ldap/lib/ldaputility.php
@@ -1,7 +1,7 @@
 <?php
 
 /**
- * ownCloud – LDAP BackendBase
+ * ownCloud – LDAP LDAPUtility
  *
  * @author Arthur Schiwon
  * @copyright 2013 Arthur Schiwon blizzz@owncloud.com
@@ -23,24 +23,14 @@
 
 namespace OCA\user_ldap\lib;
 
-abstract class BackendBase {
+abstract class LDAPUtility {
 	protected $ldap;
 
-	public function __construct() {
-		$this->ldap = new LDAP();
-	}
-
 	/**
-	 * @brief sets the LDAP Wrapper to be used
-	 *
-	 * @param $ldapWrapper an instance of the Wrapper
-	 * @return true on success, otherwise false
-	 *
-	 * The LDAP Wrapper must implement the PHP LDAP functions, which are used
-	 * in the LDAP backend
+	 * @brief constructor, make sure the subclasses call this one!
+	 * @param $ldapWrapper an instance of an ILDAPWrapper
 	 */
-	public function setLDAPWrapper(ILDAPWrapper $ldapWrapper) {
+	public function __construct(ILDAPWrapper $ldapWrapper) {
 		$this->ldap = $ldapWrapper;
-		return true;
 	}
 }
\ No newline at end of file
diff --git a/apps/user_ldap/lib/proxy.php b/apps/user_ldap/lib/proxy.php
index ae3e3be736..c74b357bdd 100644
--- a/apps/user_ldap/lib/proxy.php
+++ b/apps/user_ldap/lib/proxy.php
@@ -23,26 +23,27 @@
 
 namespace OCA\user_ldap\lib;
 
-abstract class Proxy {
-	static private $connectors = array();
+use OCA\user_ldap\lib\Access;
 
-	public function __construct() {
+abstract class Proxy {
+	static private $accesses = array();
+	private $ldap = null;
+
+	public function __construct(ILDAPWrapper $ldap) {
+		$this->ldap = $ldap;
 		$this->cache = \OC_Cache::getGlobalCache();
 	}
 
-	private function addConnector($configPrefix) {
-		self::$connectors[$configPrefix] = new \OCA\user_ldap\lib\Connection($configPrefix);
+	private function addAccess($configPrefix) {
+		$connector = new Connection($this->ldap, $configPrefix);
+		self::$accesses[$configPrefix] = new Access($connector, $this->ldap);
 	}
 
-	protected function getConnector($configPrefix) {
-		if(!isset(self::$connectors[$configPrefix])) {
-			$this->addConnector($configPrefix);
+	protected function getAccess($configPrefix) {
+		if(!isset(self::$accesses[$configPrefix])) {
+			$this->addAccess($configPrefix);
 		}
-		return self::$connectors[$configPrefix];
-	}
-
-	protected function getConnectors() {
-		return self::$connectors;
+		return self::$accesses[$configPrefix];
 	}
 
 	protected function getUserCacheKey($uid) {
diff --git a/apps/user_ldap/settings.php b/apps/user_ldap/settings.php
index 7169192a18..b7070f2318 100644
--- a/apps/user_ldap/settings.php
+++ b/apps/user_ldap/settings.php
@@ -49,14 +49,9 @@ $tmpl->assign('serverConfigurationPrefixes', $prefixes);
 $tmpl->assign('serverConfigurationHosts', $hosts);
 
 // assign default values
-if(!isset($ldap)) {
-	$ldap = new \OCA\user_ldap\lib\Connection();
-}
-$defaults = $ldap->getDefaults();
+$defaults = \OCA\user_ldap\lib\Connection::getDefaults();
 foreach($defaults as $key => $default) {
     $tmpl->assign($key.'_default', $default);
 }
 
-// $tmpl->assign();
-
 return $tmpl->fetchPage();
diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php
index ab3b57001b..f2e99d4579 100644
--- a/apps/user_ldap/user_ldap.php
+++ b/apps/user_ldap/user_ldap.php
@@ -25,37 +25,46 @@
 
 namespace OCA\user_ldap;
 
-class USER_LDAP extends lib\Access implements \OCP\UserInterface {
+use OCA\user_ldap\lib\ILDAPWrapper;
+use OCA\user_ldap\lib\BackendUtility;
+
+class USER_LDAP extends BackendUtility implements \OCP\UserInterface {
 
 	private function updateQuota($dn) {
 		$quota = null;
-		$quotaDefault = $this->connection->ldapQuotaDefault;
-		$quotaAttribute = $this->connection->ldapQuotaAttribute;
+		$quotaDefault = $this->access->connection->ldapQuotaDefault;
+		$quotaAttribute = $this->access->connection->ldapQuotaAttribute;
 		if(!empty($quotaDefault)) {
 			$quota = $quotaDefault;
 		}
 		if(!empty($quotaAttribute)) {
-			$aQuota = $this->readAttribute($dn, $quotaAttribute);
+			$aQuota = $this->access->readAttribute($dn, $quotaAttribute);
 
 			if($aQuota && (count($aQuota) > 0)) {
 				$quota = $aQuota[0];
 			}
 		}
 		if(!is_null($quota)) {
-			\OCP\Config::setUserValue($this->dn2username($dn), 'files', 'quota', \OCP\Util::computerFileSize($quota));
+			\OCP\Config::setUserValue(	$this->access->dn2username($dn),
+										'files',
+										'quota',
+										\OCP\Util::computerFileSize($quota));
 		}
 	}
 
 	private function updateEmail($dn) {
 		$email = null;
-		$emailAttribute = $this->connection->ldapEmailAttribute;
+		$emailAttribute = $this->access->connection->ldapEmailAttribute;
 		if(!empty($emailAttribute)) {
-			$aEmail = $this->readAttribute($dn, $emailAttribute);
+			$aEmail = $this->access->readAttribute($dn, $emailAttribute);
 			if($aEmail && (count($aEmail) > 0)) {
 				$email = $aEmail[0];
 			}
 			if(!is_null($email)) {
-				\OCP\Config::setUserValue($this->dn2username($dn), 'settings', 'email', $email);
+				\OCP\Config::setUserValue(	$this->access->dn2username($dn),
+											'settings',
+											'email',
+											$email);
 			}
 		}
 	}
@@ -70,15 +79,15 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
 	 */
 	public function checkPassword($uid, $password) {
 		//find out dn of the user name
-		$filter = \OCP\Util::mb_str_replace('%uid', $uid, $this->connection->ldapLoginFilter, 'UTF-8');
-		$ldap_users = $this->fetchListOfUsers($filter, 'dn');
+		$filter = \OCP\Util::mb_str_replace('%uid', $uid, $this->access->connection->ldapLoginFilter, 'UTF-8');
+		$ldap_users = $this->access->fetchListOfUsers($filter, 'dn');
 		if(count($ldap_users) < 1) {
 			return false;
 		}
 		$dn = $ldap_users[0];
 
 		//do we have a username for him/her?
-		$ocname = $this->dn2username($dn);
+		$ocname = $this->access->dn2username($dn);
 
 		if($ocname) {
 			//update some settings, if necessary
@@ -86,7 +95,7 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
 			$this->updateEmail($dn);
 
 			//are the credentials OK?
-			if(!$this->areCredentialsValid($dn, $password)) {
+			if(!$this->access->areCredentialsValid($dn, $password)) {
 				return false;
 			}
 
@@ -107,7 +116,7 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
 		$cachekey = 'getUsers-'.$search.'-'.$limit.'-'.$offset;
 
 		//check if users are cached, if so return
-		$ldap_users = $this->connection->getFromCache($cachekey);
+		$ldap_users = $this->access->connection->getFromCache($cachekey);
 		if(!is_null($ldap_users)) {
 			return $ldap_users;
 		}
@@ -117,21 +126,23 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
 		if($limit <= 0) {
 			$limit = null;
 		}
-		$filter = $this->combineFilterWithAnd(array(
-			$this->connection->ldapUserFilter,
-			$this->getFilterPartForUserSearch($search)
+		$filter = $this->access->combineFilterWithAnd(array(
+			$this->access->connection->ldapUserFilter,
+			$this->access->getFilterPartForUserSearch($search)
 		));
 
 		\OCP\Util::writeLog('user_ldap',
 			'getUsers: Options: search '.$search.' limit '.$limit.' offset '.$offset.' Filter: '.$filter,
 			\OCP\Util::DEBUG);
 		//do the search and translate results to owncloud names
-		$ldap_users = $this->fetchListOfUsers($filter, array($this->connection->ldapUserDisplayName, 'dn'),
+		$ldap_users = $this->access->fetchListOfUsers(
+			$filter,
+			array($this->access->connection->ldapUserDisplayName, 'dn'),
 			$limit, $offset);
-		$ldap_users = $this->ownCloudUserNames($ldap_users);
+		$ldap_users = $this->access->ownCloudUserNames($ldap_users);
 		\OCP\Util::writeLog('user_ldap', 'getUsers: '.count($ldap_users). ' Users found', \OCP\Util::DEBUG);
 
-		$this->connection->writeToCache($cachekey, $ldap_users);
+		$this->access->connection->writeToCache($cachekey, $ldap_users);
 		return $ldap_users;
 	}
 
@@ -141,22 +152,24 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
 	 * @return boolean
 	 */
 	public function userExists($uid) {
-		if($this->connection->isCached('userExists'.$uid)) {
-			return $this->connection->getFromCache('userExists'.$uid);
+		if($this->access->connection->isCached('userExists'.$uid)) {
+			return $this->access->connection->getFromCache('userExists'.$uid);
 		}
 		//getting dn, if false the user does not exist. If dn, he may be mapped only, requires more checking.
-		$dn = $this->username2dn($uid);
+		$dn = $this->access->username2dn($uid);
 		if(!$dn) {
-			$this->connection->writeToCache('userExists'.$uid, false);
+			\OCP\Util::writeLog('user_ldap', 'No DN found for '.$uid.' on '.$this->access->connection->ldapHost, \OCP\Util::DEBUG);
+			$this->access->connection->writeToCache('userExists'.$uid, false);
 			return false;
 		}
 		//check if user really still exists by reading its entry
-		if(!is_array($this->readAttribute($dn, ''))) {
-			$this->connection->writeToCache('userExists'.$uid, false);
+		if(!is_array($this->access->readAttribute($dn, ''))) {
+			\OCP\Util::writeLog('user_ldap', 'LDAP says no user '.$dn, \OCP\Util::DEBUG);
+			$this->access->connection->writeToCache('userExists'.$uid, false);
 			return false;
 		}
 
-		$this->connection->writeToCache('userExists'.$uid, true);
+		$this->access->connection->writeToCache('userExists'.$uid, true);
 		$this->updateQuota($dn);
 		return true;
 	}
@@ -184,12 +197,13 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
 		}
 
 		$cacheKey = 'getHome'.$uid;
-		if($this->connection->isCached($cacheKey)) {
-			return $this->connection->getFromCache($cacheKey);
+		if($this->access->connection->isCached($cacheKey)) {
+			return $this->access->connection->getFromCache($cacheKey);
 		}
-		if(strpos($this->connection->homeFolderNamingRule, 'attr:') === 0) {
-			$attr = substr($this->connection->homeFolderNamingRule, strlen('attr:'));
-			$homedir = $this->readAttribute($this->username2dn($uid), $attr);
+		if(strpos($this->access->connection->homeFolderNamingRule, 'attr:') === 0) {
+			$attr = substr($this->access->connection->homeFolderNamingRule, strlen('attr:'));
+			$homedir = $this->access->readAttribute(
+						$this->access->username2dn($uid), $attr);
 			if($homedir && isset($homedir[0])) {
 				$path = $homedir[0];
 				//if attribute's value is an absolute path take this, otherwise append it to data dir
@@ -204,13 +218,13 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
 					$homedir = \OCP\Config::getSystemValue('datadirectory',
 						\OC::$SERVERROOT.'/data' ) . '/' . $homedir[0];
 				}
-				$this->connection->writeToCache($cacheKey, $homedir);
+				$this->access->connection->writeToCache($cacheKey, $homedir);
 				return $homedir;
 			}
 		}
 
 		//false will apply default behaviour as defined and done by OC_User
-		$this->connection->writeToCache($cacheKey, false);
+		$this->access->connection->writeToCache($cacheKey, false);
 		return false;
 	}
 
@@ -225,16 +239,16 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
 		}
 
 		$cacheKey = 'getDisplayName'.$uid;
-		if(!is_null($displayName = $this->connection->getFromCache($cacheKey))) {
+		if(!is_null($displayName = $this->access->connection->getFromCache($cacheKey))) {
 			return $displayName;
 		}
 
-		$displayName = $this->readAttribute(
-			$this->username2dn($uid),
-			$this->connection->ldapUserDisplayName);
+		$displayName = $this->access->readAttribute(
+			$this->access->username2dn($uid),
+			$this->access->connection->ldapUserDisplayName);
 
 		if($displayName && (count($displayName) > 0)) {
-			$this->connection->writeToCache($cacheKey, $displayName[0]);
+			$this->access->connection->writeToCache($cacheKey, $displayName[0]);
 			return $displayName[0];
 		}
 
@@ -249,7 +263,7 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
 	 */
 	public function getDisplayNames($search = '', $limit = null, $offset = null) {
 		$cacheKey = 'getDisplayNames-'.$search.'-'.$limit.'-'.$offset;
-		if(!is_null($displayNames = $this->connection->getFromCache($cacheKey))) {
+		if(!is_null($displayNames = $this->access->connection->getFromCache($cacheKey))) {
 			return $displayNames;
 		}
 
@@ -258,7 +272,7 @@ class USER_LDAP extends lib\Access implements \OCP\UserInterface {
 		foreach ($users as $user) {
 			$displayNames[$user] = $this->getDisplayName($user);
 		}
-		$this->connection->writeToCache($cacheKey, $displayNames);
+		$this->access->connection->writeToCache($cacheKey, $displayNames);
 		return $displayNames;
 	}
 
diff --git a/apps/user_ldap/user_proxy.php b/apps/user_ldap/user_proxy.php
index 0722d8871a..c7b469c822 100644
--- a/apps/user_ldap/user_proxy.php
+++ b/apps/user_ldap/user_proxy.php
@@ -23,6 +23,8 @@
 
 namespace OCA\user_ldap;
 
+use OCA\user_ldap\lib\ILDAPWrapper;
+
 class User_Proxy extends lib\Proxy implements \OCP\UserInterface {
 	private $backends = array();
 	private $refBackend = null;
@@ -31,12 +33,10 @@ class User_Proxy extends lib\Proxy implements \OCP\UserInterface {
 	 * @brief Constructor
 	 * @param $serverConfigPrefixes array containing the config Prefixes
 	 */
-	public function __construct($serverConfigPrefixes) {
-		parent::__construct();
+	public function __construct($serverConfigPrefixes, ILDAPWrapper $ldap) {
+		parent::__construct($ldap);
 		foreach($serverConfigPrefixes as $configPrefix) {
-		    $this->backends[$configPrefix] = new \OCA\user_ldap\USER_LDAP();
-		    $connector = $this->getConnector($configPrefix);
-			$this->backends[$configPrefix]->setConnector($connector);
+		    $this->backends[$configPrefix] = new \OCA\user_ldap\USER_LDAP($this->getAccess($configPrefix));
 			if(is_null($this->refBackend)) {
 				$this->refBackend = &$this->backends[$configPrefix];
 			}

From bb162b1f94c3966457e8b08191cd85620478c940 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Tue, 10 Sep 2013 17:39:29 +0200
Subject: [PATCH 21/43] LDAP: get rid of some PHP Warnings

---
 apps/user_ldap/lib/connection.php | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/apps/user_ldap/lib/connection.php b/apps/user_ldap/lib/connection.php
index 0bf13a1937..053ec7e235 100644
--- a/apps/user_ldap/lib/connection.php
+++ b/apps/user_ldap/lib/connection.php
@@ -396,7 +396,7 @@ class Connection extends LDAPUtility {
 	public function saveConfiguration() {
 		$trans = array_flip($this->getConfigTranslationArray());
 		foreach($this->config as $key => $value) {
-			\OCP\Util::writeLog('user_ldap', 'LDAP: storing key '.$key.' value '.$value, \OCP\Util::DEBUG);
+			\OCP\Util::writeLog('user_ldap', 'LDAP: storing key '.$key.' value '.print_r($value, true), \OCP\Util::DEBUG);
 			switch ($key) {
 				case 'ldapAgentPassword':
 					$value = base64_encode($value);
@@ -441,6 +441,11 @@ class Connection extends LDAPUtility {
 					$config[$dbKey] = '';
 				}
 				continue;
+			} else if((strpos($classKey, 'ldapBase') !== false
+						|| strpos($classKey, 'ldapAttributes') !== false)
+						&& is_array($this->config[$classKey])) {
+				$config[$dbKey] = implode("\n", $this->config[$classKey]);
+				continue;
 			}
 			$config[$dbKey] = $this->config[$classKey];
 		}

From 84f522f406d2bec8dff5acb0c7defc54b8e7d79a Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Wed, 11 Sep 2013 18:51:45 +0200
Subject: [PATCH 22/43] LDAP: simple tests for the user backend

---
 apps/user_ldap/tests/user_ldap_direct.php | 313 ++++++++++++++++++++++
 1 file changed, 313 insertions(+)
 create mode 100644 apps/user_ldap/tests/user_ldap_direct.php

diff --git a/apps/user_ldap/tests/user_ldap_direct.php b/apps/user_ldap/tests/user_ldap_direct.php
new file mode 100644
index 0000000000..ab0563f12d
--- /dev/null
+++ b/apps/user_ldap/tests/user_ldap_direct.php
@@ -0,0 +1,313 @@
+<?php
+/**
+* ownCloud
+*
+* @author Arthur Schiwon
+* @copyright 2013 Arthur Schiwon blizzz@owncloud.com
+*
+* This library is free software; you can redistribute it and/or
+* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
+* License as published by the Free Software Foundation; either
+* version 3 of the License, or any later version.
+*
+* This library is distributed in the hope that it will be useful,
+* but WITHOUT ANY WARRANTY; without even the implied warranty of
+* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
+*
+* You should have received a copy of the GNU Affero General Public
+* License along with this library.  If not, see <http://www.gnu.org/licenses/>.
+*
+*/
+
+namespace OCA\user_ldap\tests;
+
+use \OCA\user_ldap\USER_LDAP as UserLDAP;
+use \OCA\user_ldap\lib\Access;
+use \OCA\user_ldap\lib\Connection;
+use \OCA\user_ldap\lib\ILDAPWrapper;
+
+class Test_User_Ldap_Direct extends \PHPUnit_Framework_TestCase {
+	protected $backend;
+
+	public function setUp() {
+		\OC_User::clearBackends();
+		\OC_Group::clearBackends();
+	}
+
+	private function getAccessMock() {
+		static $conMethods;
+		static $accMethods;
+
+		if(is_null($conMethods) || is_null($accMethods)) {
+			$conMethods = get_class_methods('\OCA\user_ldap\lib\Connection');
+			$accMethods = get_class_methods('\OCA\user_ldap\lib\Access');
+		}
+		$lw  = $this->getMock('\OCA\user_ldap\lib\ILDAPWrapper');
+		$connector = $this->getMock('\OCA\user_ldap\lib\Connection',
+									$conMethods,
+									array($lw, null, null));
+		$access = $this->getMock('\OCA\user_ldap\lib\Access',
+								 $accMethods,
+								 array($connector, $lw));
+
+		return $access;
+	}
+
+	private function prepareMockForUserExists(&$access) {
+		$access->expects($this->any())
+			   ->method('username2dn')
+			   ->will($this->returnCallback(function($uid) {
+					switch ($uid) {
+						case 'gunslinger':
+							return 'dnOfRoland';
+							break;
+						case 'formerUser':
+							return 'dnOfFormerUser';
+							break;
+						case 'newyorker':
+							return 'dnOfNewYorker';
+							break;
+						case 'ladyofshadows':
+							return 'dnOfLadyOfShadows';
+							break;
+						defautl:
+							return false;
+					}
+			   }));
+
+
+	}
+
+	public function testCheckPassword() {
+		$access = $this->getAccessMock();
+		$backend = new UserLDAP($access);
+		\OC_User::useBackend($backend);
+
+		$access->connection->expects($this->any())
+			   ->method('__get')
+			   ->will($this->returnCallback(function($name) {
+					if($name === 'ldapLoginFilter') {
+						return '%uid';
+					}
+					return null;
+			   }));
+
+		$access->expects($this->any())
+			   ->method('fetchListOfUsers')
+			   ->will($this->returnCallback(function($filter) {
+					if($filter === 'roland') {
+						return array('dnOfRoland');
+					}
+					return array();
+			   }));
+
+		$access->expects($this->any())
+			   ->method('dn2username')
+			   ->with($this->equalTo('dnOfRoland'))
+			   ->will($this->returnValue('gunslinger'));
+
+		$access->expects($this->any())
+			   ->method('areCredentialsValid')
+			   ->will($this->returnCallback(function($dn, $pwd) {
+					if($pwd === 'dt19') {
+						return true;
+					}
+					return false;
+			   }));
+
+		$result = $backend->checkPassword('roland', 'dt19');
+		$this->assertEquals('gunslinger', $result);
+
+		$result = $backend->checkPassword('roland', 'wrong');
+		$this->assertFalse($result);
+
+		$result = $backend->checkPassword('mallory', 'evil');
+		$this->assertFalse($result);
+	}
+
+	public function testGetUsers() {
+		$access = $this->getAccessMock();
+		$backend = new UserLDAP($access);
+
+		$access->expects($this->any())
+			   ->method('getFilterPartForUserSearch')
+			   ->will($this->returnCallback(function($search) {
+					return $search;
+			   }));
+
+		$access->expects($this->any())
+			   ->method('combineFilterWithAnd')
+			   ->will($this->returnCallback(function($param) {
+					return $param[1];
+			   }));
+
+		$access->expects($this->any())
+			   ->method('fetchListOfUsers')
+			   ->will($this->returnCallback(function($search, $a, $l, $o) {
+					$users = array('gunslinger', 'newyorker', 'ladyofshadows');
+					if(empty($search)) {
+						$result = $users;
+					} else {
+						$result = array();
+						foreach($users as $user) {
+							if(stripos($user,  $search) !== false) {
+								$result[] = $user;
+							}
+						}
+					}
+					if(!is_null($l) || !is_null($o)) {
+						$result = array_slice($result, $o, $l);
+					}
+					return $result;
+			   }));
+
+		$access->expects($this->any())
+			   ->method('ownCloudUserNames')
+			   ->will($this->returnArgument(0));
+
+		$result = $backend->getUsers();
+		$this->assertEquals(3, count($result));
+
+		$result = $backend->getUsers('', 1, 2);
+		$this->assertEquals(1, count($result));
+
+		$result = $backend->getUsers('', 2, 1);
+		$this->assertEquals(2, count($result));
+
+		$result = $backend->getUsers('yo');
+		$this->assertEquals(2, count($result));
+
+		$result = $backend->getUsers('nix');
+		$this->assertEquals(0, count($result));
+	}
+
+	public function testUserExists() {
+		$access = $this->getAccessMock();
+		$backend = new UserLDAP($access);
+		$this->prepareMockForUserExists($access);
+
+		$access->expects($this->any())
+			   ->method('readAttribute')
+			   ->will($this->returnCallback(function($dn) {
+					if($dn === 'dnOfRoland') {
+						return array();
+					}
+					return false;
+			   }));
+
+		//test for existing user
+		$result = $backend->userExists('gunslinger');
+		$this->assertTrue($result);
+
+		//test for deleted user
+		$result = $backend->userExists('formerUser');
+		$this->assertFalse($result);
+
+		//test for never-existing user
+		$result = $backend->userExists('mallory');
+		$this->assertFalse($result);
+	}
+
+	public function testDeleteUser() {
+		$access = $this->getAccessMock();
+		$backend = new UserLDAP($access);
+
+		//we do not support deleting users at all
+		$result = $backend->deleteUser('gunslinger');
+		$this->assertFalse($result);
+	}
+
+	public function testGetHome() {
+		$access = $this->getAccessMock();
+		$backend = new UserLDAP($access);
+		$this->prepareMockForUserExists($access);
+
+		$access->connection->expects($this->any())
+			   ->method('__get')
+			   ->will($this->returnCallback(function($name) {
+					if($name === 'homeFolderNamingRule') {
+						return 'attr:testAttribute';
+					}
+					return null;
+			   }));
+
+		$access->expects($this->any())
+			   ->method('readAttribute')
+			   ->will($this->returnCallback(function($dn, $attr) {
+					switch ($dn) {
+						case 'dnOfRoland':
+							if($attr === 'testAttribute') {
+								return array('/tmp/rolandshome/');
+							}
+							return array();
+							break;
+						case 'dnOfLadyOfShadows':
+							if($attr === 'testAttribute') {
+								return array('susannah/');
+							}
+							return array();
+							break;
+						default:
+							return false;
+				   }
+			   }));
+
+		//absolut path
+		$result = $backend->getHome('gunslinger');
+		$this->assertEquals('/tmp/rolandshome/', $result);
+
+		//datadir-relativ path
+		$result = $backend->getHome('ladyofshadows');
+		$datadir = \OCP\Config::getSystemValue('datadirectory',
+											   \OC::$SERVERROOT.'/data');
+		$this->assertEquals($datadir.'/susannah/', $result);
+
+		//no path at all – triggers OC default behaviour
+		$result = $backend->getHome('newyorker');
+		$this->assertFalse($result);
+	}
+
+	public function testGetDisplayName() {
+		$access = $this->getAccessMock();
+		$backend = new UserLDAP($access);
+		$this->prepareMockForUserExists($access);
+
+		$access->connection->expects($this->any())
+			   ->method('__get')
+			   ->will($this->returnCallback(function($name) {
+					if($name === 'ldapUserDisplayName') {
+						return 'displayname';
+					}
+					return null;
+			   }));
+
+		$access->expects($this->any())
+			   ->method('readAttribute')
+			   ->will($this->returnCallback(function($dn, $attr) {
+					switch ($dn) {
+						case 'dnOfRoland':
+							if($attr === 'displayname') {
+								return array('Roland Deschain');
+							}
+							return array();
+							break;
+
+						default:
+							return false;
+				   }
+			   }));
+
+		//with displayName
+		$result = $backend->getDisplayName('gunslinger');
+		$this->assertEquals('Roland Deschain', $result);
+
+		//empty displayname retrieved
+		$result = $backend->getDisplayName('newyorker');
+		$this->assertEquals(null, $result);
+	}
+
+	//no test for getDisplayNames, because it just invokes getUsers and
+	//getDisplayName
+
+}
\ No newline at end of file

From 81cf4a22efb4dd7303a3aa3451e29992562b19f0 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Wed, 11 Sep 2013 19:42:08 +0200
Subject: [PATCH 23/43] LDAP: coding style

---
 apps/user_ldap/group_ldap.php         | 18 ++++++++++++------
 apps/user_ldap/group_proxy.php        |  3 ++-
 apps/user_ldap/lib/access.php         |  6 ++++--
 apps/user_ldap/lib/backendutility.php |  2 +-
 apps/user_ldap/lib/connection.php     | 10 +++++++---
 apps/user_ldap/lib/ildapwrapper.php   |  2 +-
 apps/user_ldap/lib/ldaputility.php    |  2 +-
 apps/user_ldap/user_ldap.php          |  6 ++++--
 apps/user_ldap/user_proxy.php         |  3 ++-
 9 files changed, 34 insertions(+), 18 deletions(-)

diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php
index 80b988594d..32e2cec596 100644
--- a/apps/user_ldap/group_ldap.php
+++ b/apps/user_ldap/group_ldap.php
@@ -61,7 +61,8 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface {
 			return false;
 		}
 		//usually, LDAP attributes are said to be case insensitive. But there are exceptions of course.
-		$members = $this->access->readAttribute($dn_group, $this->access->connection->ldapGroupMemberAssocAttr);
+		$members = $this->access->readAttribute($dn_group,
+						$this->access->connection->ldapGroupMemberAssocAttr);
 		if(!$members) {
 			$this->access->connection->writeToCache('inGroup'.$uid.':'.$gid, false);
 			return false;
@@ -127,7 +128,8 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface {
 			$this->access->connection->ldapGroupFilter,
 			$this->access->connection->ldapGroupMemberAssocAttr.'='.$uid
 		));
-		$groups = $this->access->fetchListOfGroups($filter, array($this->access->connection->ldapGroupDisplayName, 'dn'));
+		$groups = $this->access->fetchListOfGroups($filter,
+				array($this->access->connection->ldapGroupDisplayName, 'dn'));
 		$groups = array_unique($this->access->ownCloudGroupNames($groups), SORT_LOCALE_STRING);
 		$this->access->connection->writeToCache($cacheKey, $groups);
 
@@ -170,7 +172,8 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface {
 			return array();
 		}
 
-		$members = $this->access->readAttribute($groupDN, $this->access->connection->ldapGroupMemberAssocAttr);
+		$members = $this->access->readAttribute($groupDN,
+						$this->access->connection->ldapGroupMemberAssocAttr);
 		if(!$members) {
 			//in case users could not be retrieved, return empty resultset
 			$this->access->connection->writeToCache($cachekey, array());
@@ -263,8 +266,10 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface {
 			$this->access->getFilterPartForGroupSearch($search)
 		));
 		\OCP\Util::writeLog('user_ldap', 'getGroups Filter '.$filter, \OCP\Util::DEBUG);
-		$ldap_groups = $this->access->fetchListOfGroups($filter, array($this->access->connection->ldapGroupDisplayName, 'dn'),
-			$limit, $offset);
+		$ldap_groups = $this->access->fetchListOfGroups($filter,
+				array($this->access->connection->ldapGroupDisplayName, 'dn'),
+				$limit,
+				$offset);
 		$ldap_groups = $this->access->ownCloudGroupNames($ldap_groups);
 
 		$this->access->connection->writeToCache($cachekey, $ldap_groups);
@@ -285,7 +290,8 @@ class GROUP_LDAP extends BackendUtility implements \OCP\GroupInterface {
 			return $this->access->connection->getFromCache('groupExists'.$gid);
 		}
 
-		//getting dn, if false the group does not exist. If dn, it may be mapped only, requires more checking.
+		//getting dn, if false the group does not exist. If dn, it may be mapped
+		//only, requires more checking.
 		$dn = $this->access->groupname2dn($gid);
 		if(!$dn) {
 			$this->access->connection->writeToCache('groupExists'.$gid, false);
diff --git a/apps/user_ldap/group_proxy.php b/apps/user_ldap/group_proxy.php
index 78a616854c..acc563c953 100644
--- a/apps/user_ldap/group_proxy.php
+++ b/apps/user_ldap/group_proxy.php
@@ -36,7 +36,8 @@ class Group_Proxy extends lib\Proxy implements \OCP\GroupInterface {
 	public function __construct($serverConfigPrefixes, ILDAPWrapper $ldap) {
 		parent::__construct($ldap);
 		foreach($serverConfigPrefixes as $configPrefix) {
-		    $this->backends[$configPrefix] = new \OCA\user_ldap\GROUP_LDAP($this->getAccess($configPrefix));
+		    $this->backends[$configPrefix] =
+				new \OCA\user_ldap\GROUP_LDAP($this->getAccess($configPrefix));
 			if(is_null($this->refBackend)) {
 				$this->refBackend = &$this->backends[$configPrefix];
 			}
diff --git a/apps/user_ldap/lib/access.php b/apps/user_ldap/lib/access.php
index 3d791755ab..fdf9c24612 100644
--- a/apps/user_ldap/lib/access.php
+++ b/apps/user_ldap/lib/access.php
@@ -80,7 +80,8 @@ class Access extends LDAPUtility {
 			return false;
 		}
 		//LDAP attributes are not case sensitive
-		$result = \OCP\Util::mb_array_change_key_case($this->ldap->getAttributes($cr, $er), MB_CASE_LOWER, 'UTF-8');
+		$result = \OCP\Util::mb_array_change_key_case(
+				$this->ldap->getAttributes($cr, $er), MB_CASE_LOWER, 'UTF-8');
 		$attr = mb_strtolower($attr, 'UTF-8');
 
 		if(isset($result[$attr]) && $result[$attr]['count'] > 0) {
@@ -669,7 +670,8 @@ class Access extends LDAPUtility {
 		$error = $this->ldap->errno($link_resource);
 		if(!is_array($sr) || $error !== 0) {
 			\OCP\Util::writeLog('user_ldap',
-				'Error when searching: '.$this->ldap->error($link_resource).' code '.$this->ldap->errno($link_resource),
+				'Error when searching: '.$this->ldap->error($link_resource).
+					' code '.$this->ldap->errno($link_resource),
 				\OCP\Util::ERROR);
 			\OCP\Util::writeLog('user_ldap', 'Attempt for Paging?  '.print_r($pagedSearchOK, true), \OCP\Util::ERROR);
 			return array();
diff --git a/apps/user_ldap/lib/backendutility.php b/apps/user_ldap/lib/backendutility.php
index f279b1e997..815757a1a1 100644
--- a/apps/user_ldap/lib/backendutility.php
+++ b/apps/user_ldap/lib/backendutility.php
@@ -35,4 +35,4 @@ abstract class BackendUtility {
 	public function __construct(Access $access) {
 		$this->access = $access;
 	}
-}
\ No newline at end of file
+}
diff --git a/apps/user_ldap/lib/connection.php b/apps/user_ldap/lib/connection.php
index 053ec7e235..a53022c27b 100644
--- a/apps/user_ldap/lib/connection.php
+++ b/apps/user_ldap/lib/connection.php
@@ -396,7 +396,8 @@ class Connection extends LDAPUtility {
 	public function saveConfiguration() {
 		$trans = array_flip($this->getConfigTranslationArray());
 		foreach($this->config as $key => $value) {
-			\OCP\Util::writeLog('user_ldap', 'LDAP: storing key '.$key.' value '.print_r($value, true), \OCP\Util::DEBUG);
+			\OCP\Util::writeLog('user_ldap', 'LDAP: storing key '.$key.
+				' value '.print_r($value, true), \OCP\Util::DEBUG);
 			switch ($key) {
 				case 'ldapAgentPassword':
 					$value = base64_encode($value);
@@ -634,7 +635,8 @@ class Connection extends LDAPUtility {
 			if(!$this->config['ldapOverrideMainServer'] && !$this->getFromCache('overrideMainServer')) {
 				$this->doConnect($this->config['ldapHost'], $this->config['ldapPort']);
 				$bindStatus = $this->bind();
-				$error = $this->ldap->isResource($this->ldapConnectionRes) ? $this->ldap->errno($this->ldapConnectionRes) : -1;
+				$error = $this->ldap->isResource($this->ldapConnectionRes) ?
+							$this->ldap->errno($this->ldapConnectionRes) : -1;
 			} else {
 				$bindStatus = false;
 				$error = null;
@@ -692,7 +694,9 @@ class Connection extends LDAPUtility {
 		if(!$this->ldap->isResource($cr)) {
 			return false;
 		}
-		$ldapLogin = @$this->ldap->bind($cr, $this->config['ldapAgentName'], $this->config['ldapAgentPassword']);
+		$ldapLogin = @$this->ldap->bind($cr,
+										$this->config['ldapAgentName'],
+										$this->config['ldapAgentPassword']);
 		if(!$ldapLogin) {
 			\OCP\Util::writeLog('user_ldap',
 				'Bind failed: ' . $this->ldap->errno($cr) . ': ' . $this->ldap->error($cr),
diff --git a/apps/user_ldap/lib/ildapwrapper.php b/apps/user_ldap/lib/ildapwrapper.php
index be35cebe94..9e6bd56ef2 100644
--- a/apps/user_ldap/lib/ildapwrapper.php
+++ b/apps/user_ldap/lib/ildapwrapper.php
@@ -177,4 +177,4 @@ interface ILDAPWrapper {
 	 */
 	public function isResource($resource);
 
-}
\ No newline at end of file
+}
diff --git a/apps/user_ldap/lib/ldaputility.php b/apps/user_ldap/lib/ldaputility.php
index 975df7d1de..7fffd9c88d 100644
--- a/apps/user_ldap/lib/ldaputility.php
+++ b/apps/user_ldap/lib/ldaputility.php
@@ -33,4 +33,4 @@ abstract class LDAPUtility {
 	public function __construct(ILDAPWrapper $ldapWrapper) {
 		$this->ldap = $ldapWrapper;
 	}
-}
\ No newline at end of file
+}
diff --git a/apps/user_ldap/user_ldap.php b/apps/user_ldap/user_ldap.php
index f2e99d4579..6f52bbdf23 100644
--- a/apps/user_ldap/user_ldap.php
+++ b/apps/user_ldap/user_ldap.php
@@ -79,7 +79,8 @@ class USER_LDAP extends BackendUtility implements \OCP\UserInterface {
 	 */
 	public function checkPassword($uid, $password) {
 		//find out dn of the user name
-		$filter = \OCP\Util::mb_str_replace('%uid', $uid, $this->access->connection->ldapLoginFilter, 'UTF-8');
+		$filter = \OCP\Util::mb_str_replace(
+			'%uid', $uid, $this->access->connection->ldapLoginFilter, 'UTF-8');
 		$ldap_users = $this->access->fetchListOfUsers($filter, 'dn');
 		if(count($ldap_users) < 1) {
 			return false;
@@ -158,7 +159,8 @@ class USER_LDAP extends BackendUtility implements \OCP\UserInterface {
 		//getting dn, if false the user does not exist. If dn, he may be mapped only, requires more checking.
 		$dn = $this->access->username2dn($uid);
 		if(!$dn) {
-			\OCP\Util::writeLog('user_ldap', 'No DN found for '.$uid.' on '.$this->access->connection->ldapHost, \OCP\Util::DEBUG);
+			\OCP\Util::writeLog('user_ldap', 'No DN found for '.$uid.' on '.
+				$this->access->connection->ldapHost, \OCP\Util::DEBUG);
 			$this->access->connection->writeToCache('userExists'.$uid, false);
 			return false;
 		}
diff --git a/apps/user_ldap/user_proxy.php b/apps/user_ldap/user_proxy.php
index c7b469c822..092fdbf7c7 100644
--- a/apps/user_ldap/user_proxy.php
+++ b/apps/user_ldap/user_proxy.php
@@ -36,7 +36,8 @@ class User_Proxy extends lib\Proxy implements \OCP\UserInterface {
 	public function __construct($serverConfigPrefixes, ILDAPWrapper $ldap) {
 		parent::__construct($ldap);
 		foreach($serverConfigPrefixes as $configPrefix) {
-		    $this->backends[$configPrefix] = new \OCA\user_ldap\USER_LDAP($this->getAccess($configPrefix));
+		    $this->backends[$configPrefix] =
+				new \OCA\user_ldap\USER_LDAP($this->getAccess($configPrefix));
 			if(is_null($this->refBackend)) {
 				$this->refBackend = &$this->backends[$configPrefix];
 			}

From a1aff3e8a1b956e0e42ceca2b6c7b6233b195432 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Fri, 13 Sep 2013 19:27:07 +0200
Subject: [PATCH 24/43] LDAP: don't throw exceptions in the wrapper, errors are
 handled in the code. nevertheless, log unexpected errors

---
 apps/user_ldap/lib/ldap.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/apps/user_ldap/lib/ldap.php b/apps/user_ldap/lib/ldap.php
index ee2e336cc9..b63e969912 100644
--- a/apps/user_ldap/lib/ldap.php
+++ b/apps/user_ldap/lib/ldap.php
@@ -152,9 +152,11 @@ class LDAP implements ILDAPWrapper {
 				} else if ($errorCode === 10) {
 					//referrals, we switch them off, but then there is AD :)
 				} else {
-					throw new \Exception('LDAP error '.$errorMsg.' (' .
-						$errorCode.') after calling '.$this->curFunc.
-						' with arguments '.print_r($this->curArgs, true));
+					\OCP\Util::writeLog('user_ldap',
+										'LDAP error '.$errorMsg.' (' .
+											$errorCode.') after calling '.
+											$this->curFunc,
+										\OCP\Util::DEBUG);
 				}
 			}
 		}

From 2cebd8b92e35232b50fe8c9083b718e895ad3211 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Wed, 25 Sep 2013 22:14:02 +0200
Subject: [PATCH 25/43] added user_ldap tests via public api calls

---
 apps/user_ldap/tests/user_ldap_direct.php | 126 +++++++++++++++++++---
 1 file changed, 112 insertions(+), 14 deletions(-)

diff --git a/apps/user_ldap/tests/user_ldap_direct.php b/apps/user_ldap/tests/user_ldap_direct.php
index ab0563f12d..6b9b8b3e18 100644
--- a/apps/user_ldap/tests/user_ldap_direct.php
+++ b/apps/user_ldap/tests/user_ldap_direct.php
@@ -75,15 +75,14 @@ class Test_User_Ldap_Direct extends \PHPUnit_Framework_TestCase {
 							return false;
 					}
 			   }));
-
-
 	}
 
-	public function testCheckPassword() {
-		$access = $this->getAccessMock();
-		$backend = new UserLDAP($access);
-		\OC_User::useBackend($backend);
-
+	/**
+	 * @brief Prepares the Access mock for checkPassword tests
+	 * @param $access mock of \OCA\user_ldap\lib\Access
+	 * @return void
+	 */
+	private function prepareAccessForCheckPassword(&$access) {
 		$access->connection->expects($this->any())
 			   ->method('__get')
 			   ->will($this->returnCallback(function($name) {
@@ -115,6 +114,13 @@ class Test_User_Ldap_Direct extends \PHPUnit_Framework_TestCase {
 					}
 					return false;
 			   }));
+	}
+
+	public function testCheckPassword() {
+		$access = $this->getAccessMock();
+		$this->prepareAccessForCheckPassword($access);
+		$backend = new UserLDAP($access);
+		\OC_User::useBackend($backend);
 
 		$result = $backend->checkPassword('roland', 'dt19');
 		$this->assertEquals('gunslinger', $result);
@@ -126,10 +132,28 @@ class Test_User_Ldap_Direct extends \PHPUnit_Framework_TestCase {
 		$this->assertFalse($result);
 	}
 
-	public function testGetUsers() {
+	public function testCheckPasswordPublicAPI() {
 		$access = $this->getAccessMock();
+		$this->prepareAccessForCheckPassword($access);
 		$backend = new UserLDAP($access);
+		\OC_User::useBackend($backend);
 
+		$result = \OCP\User::checkPassword('roland', 'dt19');
+		$this->assertEquals('gunslinger', $result);
+
+		$result = \OCP\User::checkPassword('roland', 'wrong');
+		$this->assertFalse($result);
+
+		$result = \OCP\User::checkPassword('mallory', 'evil');
+		$this->assertFalse($result);
+	}
+
+	/**
+	 * @brief Prepares the Access mock for getUsers tests
+	 * @param $access mock of \OCA\user_ldap\lib\Access
+	 * @return void
+	 */
+	private function prepareAccessForGetUsers(&$access) {
 		$access->expects($this->any())
 			   ->method('getFilterPartForUserSearch')
 			   ->will($this->returnCallback(function($search) {
@@ -165,6 +189,12 @@ class Test_User_Ldap_Direct extends \PHPUnit_Framework_TestCase {
 		$access->expects($this->any())
 			   ->method('ownCloudUserNames')
 			   ->will($this->returnArgument(0));
+	}
+
+	public function testGetUsers() {
+		$access = $this->getAccessMock();
+		$this->prepareAccessForGetUsers($access);
+		$backend = new UserLDAP($access);
 
 		$result = $backend->getUsers();
 		$this->assertEquals(3, count($result));
@@ -182,6 +212,28 @@ class Test_User_Ldap_Direct extends \PHPUnit_Framework_TestCase {
 		$this->assertEquals(0, count($result));
 	}
 
+	public function testGetUsersViaAPI() {
+		$access = $this->getAccessMock();
+		$this->prepareAccessForGetUsers($access);
+		$backend = new UserLDAP($access);
+		\OC_User::useBackend($backend);
+
+		$result = \OCP\User::getUsers();
+		$this->assertEquals(3, count($result));
+
+		$result = \OCP\User::getUsers('', 1, 2);
+		$this->assertEquals(1, count($result));
+
+		$result = \OCP\User::getUsers('', 2, 1);
+		$this->assertEquals(2, count($result));
+
+		$result = \OCP\User::getUsers('yo');
+		$this->assertEquals(2, count($result));
+
+		$result = \OCP\User::getUsers('nix');
+		$this->assertEquals(0, count($result));
+	}
+
 	public function testUserExists() {
 		$access = $this->getAccessMock();
 		$backend = new UserLDAP($access);
@@ -209,6 +261,34 @@ class Test_User_Ldap_Direct extends \PHPUnit_Framework_TestCase {
 		$this->assertFalse($result);
 	}
 
+	public function testUserExistsPublicAPI() {
+		$access = $this->getAccessMock();
+		$backend = new UserLDAP($access);
+		$this->prepareMockForUserExists($access);
+		\OC_User::useBackend($backend);
+
+		$access->expects($this->any())
+			   ->method('readAttribute')
+			   ->will($this->returnCallback(function($dn) {
+					if($dn === 'dnOfRoland') {
+						return array();
+					}
+					return false;
+			   }));
+
+		//test for existing user
+		$result = \OCP\User::userExists('gunslinger');
+		$this->assertTrue($result);
+
+		//test for deleted user
+		$result = \OCP\User::userExists('formerUser');
+		$this->assertFalse($result);
+
+		//test for never-existing user
+		$result = \OCP\User::userExists('mallory');
+		$this->assertFalse($result);
+	}
+
 	public function testDeleteUser() {
 		$access = $this->getAccessMock();
 		$backend = new UserLDAP($access);
@@ -268,11 +348,7 @@ class Test_User_Ldap_Direct extends \PHPUnit_Framework_TestCase {
 		$this->assertFalse($result);
 	}
 
-	public function testGetDisplayName() {
-		$access = $this->getAccessMock();
-		$backend = new UserLDAP($access);
-		$this->prepareMockForUserExists($access);
-
+	private function prepareAccessForGetDisplayName(&$access) {
 		$access->connection->expects($this->any())
 			   ->method('__get')
 			   ->will($this->returnCallback(function($name) {
@@ -297,6 +373,13 @@ class Test_User_Ldap_Direct extends \PHPUnit_Framework_TestCase {
 							return false;
 				   }
 			   }));
+	}
+
+	public function testGetDisplayName() {
+		$access = $this->getAccessMock();
+		$this->prepareAccessForGetDisplayName($access);
+		$backend = new UserLDAP($access);
+		$this->prepareMockForUserExists($access);
 
 		//with displayName
 		$result = $backend->getDisplayName('gunslinger');
@@ -307,7 +390,22 @@ class Test_User_Ldap_Direct extends \PHPUnit_Framework_TestCase {
 		$this->assertEquals(null, $result);
 	}
 
+	public function testGetDisplayNamePublicAPI() {
+		$access = $this->getAccessMock();
+		$this->prepareAccessForGetDisplayName($access);
+		$backend = new UserLDAP($access);
+		$this->prepareMockForUserExists($access);
+		\OC_User::useBackend($backend);
+
+		//with displayName
+		$result = \OCP\User::getDisplayName('gunslinger');
+		$this->assertEquals('Roland Deschain', $result);
+
+		//empty displayname retrieved
+		$result = \OCP\User::getDisplayName('newyorker');
+		$this->assertEquals('newyorker', $result);
+	}
+
 	//no test for getDisplayNames, because it just invokes getUsers and
 	//getDisplayName
-
 }
\ No newline at end of file

From 05ee6606f10d7b6e7b0c5558aa28c6c8c6380923 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Wed, 25 Sep 2013 22:14:35 +0200
Subject: [PATCH 26/43] give test file a proper name

---
 apps/user_ldap/tests/{user_ldap_direct.php => user_ldap.php} | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename apps/user_ldap/tests/{user_ldap_direct.php => user_ldap.php} (100%)

diff --git a/apps/user_ldap/tests/user_ldap_direct.php b/apps/user_ldap/tests/user_ldap.php
similarity index 100%
rename from apps/user_ldap/tests/user_ldap_direct.php
rename to apps/user_ldap/tests/user_ldap.php

From 3e1bdd8a041886319daea4ad7867d1994724b311 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Wed, 25 Sep 2013 22:16:07 +0200
Subject: [PATCH 27/43] remove outdated (thus failing) and anyway insufficient
 group tests - for now

---
 apps/user_ldap/tests/group_ldap.php | 46 -----------------------------
 1 file changed, 46 deletions(-)
 delete mode 100644 apps/user_ldap/tests/group_ldap.php

diff --git a/apps/user_ldap/tests/group_ldap.php b/apps/user_ldap/tests/group_ldap.php
deleted file mode 100644
index ae635597b7..0000000000
--- a/apps/user_ldap/tests/group_ldap.php
+++ /dev/null
@@ -1,46 +0,0 @@
-<?php
-/**
-* ownCloud
-*
-* @author Arthur Schiwon
-* @copyright 2012 Arthur Schiwon blizzz@owncloud.com
-*
-* This library is free software; you can redistribute it and/or
-* modify it under the terms of the GNU AFFERO GENERAL PUBLIC LICENSE
-* License as published by the Free Software Foundation; either
-* version 3 of the License, or any later version.
-*
-* This library is distributed in the hope that it will be useful,
-* but WITHOUT ANY WARRANTY; without even the implied warranty of
-* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-* GNU AFFERO GENERAL PUBLIC LICENSE for more details.
-*
-* You should have received a copy of the GNU Affero General Public
-* License along with this library.  If not, see <http://www.gnu.org/licenses/>.
-*
-*/
-
-class Test_Group_Ldap extends PHPUnit_Framework_TestCase {
-	function setUp() {
-		OC_Group::clearBackends();
-	}
-
-	function testSingleBackend() {
-		OC_Group::useBackend(new OCA\user_ldap\GROUP_LDAP());
-		$group_ldap = new OCA\user_ldap\GROUP_LDAP();
-
-		$this->assertIsA(OC_Group::getGroups(), gettype(array()));
-		$this->assertIsA($group_ldap->getGroups(), gettype(array()));
-
-		$this->assertFalse(OC_Group::inGroup('john', 'dosers'), gettype(false));
-		$this->assertFalse($group_ldap->inGroup('john', 'dosers'), gettype(false));
-		//TODO: check also for expected true result. This backend won't be able to do any modifications, maybe use a dummy for this.
-
-		$this->assertIsA(OC_Group::getUserGroups('john doe'), gettype(array()));
-		$this->assertIsA($group_ldap->getUserGroups('john doe'), gettype(array()));
-
-		$this->assertIsA(OC_Group::usersInGroup('campers'), gettype(array()));
-		$this->assertIsA($group_ldap->usersInGroup('campers'), gettype(array()));
-	}
-
-}

From 0f5fed5409f364ae0c5cd41dc7163101383fdb1f Mon Sep 17 00:00:00 2001
From: Morris Jobke <morris.jobke@gmail.com>
Date: Fri, 27 Sep 2013 17:02:57 +0200
Subject: [PATCH 28/43] fix license header line breaks

---
 apps/files_encryption/js/settings-admin.js | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/apps/files_encryption/js/settings-admin.js b/apps/files_encryption/js/settings-admin.js
index e6f9875b3b..3d73ea1982 100644
--- a/apps/files_encryption/js/settings-admin.js
+++ b/apps/files_encryption/js/settings-admin.js
@@ -1,6 +1,8 @@
 /**
- * Copyright (c) 2013, Sam Tuke <samtuke@owncloud.com>, Robin Appelman
- * <icewind1991@gmail.com>, Bjoern Schiessle <schiessle@owncloud.com>
+ * Copyright (c) 2013
+ *  Sam Tuke <samtuke@owncloud.com>
+ *  Robin Appelman <icewind1991@gmail.com>
+ *  Bjoern Schiessle <schiessle@owncloud.com>
  * This file is licensed under the Affero General Public License version 3 or later.
  * See the COPYING-README file.
  */

From 67d4b77e8e3bab2fe555ef589f5047c9325974e8 Mon Sep 17 00:00:00 2001
From: Bjoern Schiessle <schiessle@owncloud.com>
Date: Mon, 30 Sep 2013 15:11:01 +0200
Subject: [PATCH 29/43] revert changes in personal template

---
 settings/templates/personal.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/settings/templates/personal.php b/settings/templates/personal.php
index e2a4dff82d..d2ca8154f1 100644
--- a/settings/templates/personal.php
+++ b/settings/templates/personal.php
@@ -40,7 +40,7 @@ if($_['passwordChangeSupported']) {
 		<div id="passwordchanged"><?php echo $l->t('Your password was changed');?></div>
 		<div id="passworderror"><?php echo $l->t('Unable to change your password');?></div>
 		<input type="password" id="pass1" name="oldpassword" placeholder="<?php echo $l->t('Current password');?>" />
-		<input type="password" id="pass2" name="password"
+		<input type="password" id="pass2" name="personal-password"
 			placeholder="<?php echo $l->t('New password');?>" data-typetoggle="#personal-show" />
 		<input type="checkbox" id="personal-show" name="show" /><label for="personal-show"></label>
 		<input id="passwordbutton" type="submit" value="<?php echo $l->t('Change password');?>" />

From 5501dd623e206e2de40558aa8e7e1c5c7b93d6e8 Mon Sep 17 00:00:00 2001
From: Morris Jobke <morris.jobke@gmail.com>
Date: Thu, 3 Oct 2013 12:22:25 +0200
Subject: [PATCH 30/43] add/remove specific CSS class - not all classes

---
 apps/files_encryption/js/settings-admin.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/files_encryption/js/settings-admin.js b/apps/files_encryption/js/settings-admin.js
index 3d73ea1982..c2140a6f1e 100644
--- a/apps/files_encryption/js/settings-admin.js
+++ b/apps/files_encryption/js/settings-admin.js
@@ -60,10 +60,10 @@ $(document).ready(function(){
 					} else {
 						OC.Notification.hide();
 						if (recoveryStatus === "0") {
-							$('p[name="changeRecoveryPasswordBlock"]').attr("class", "hidden");
+							$('p[name="changeRecoveryPasswordBlock"]').addClass("hidden");
 						} else {
 							$('input:password[name="changeRecoveryPassword"]').val("");
-							$('p[name="changeRecoveryPasswordBlock"]').removeAttr("class");
+							$('p[name="changeRecoveryPasswordBlock"]').removeClass("hidden");
 						}
 					}
 				}

From 9cf25c8048c56050594d39b9a37be60e2e37bb54 Mon Sep 17 00:00:00 2001
From: Vincent Petry <pvince81@owncloud.com>
Date: Thu, 3 Oct 2013 12:53:13 +0200
Subject: [PATCH 31/43] Added backup for config.php in autotest.sh script

The script now checks for config.php existance and backs it up before
running the test, then restores it back at the end. This avoids the
situation where devs lose their manually edited config if they forgot to
back it up before running the unit tests.

The script now also checks for config.php permissions beforehand to
avoid displaying an annoying HTML page output in the console with an
error message.
---
 autotest.sh | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/autotest.sh b/autotest.sh
index 83f184fa9c..3831e18124 100755
--- a/autotest.sh
+++ b/autotest.sh
@@ -12,6 +12,16 @@ DATABASEUSER=oc_autotest$EXECUTOR_NUMBER
 ADMINLOGIN=admin$EXECUTOR_NUMBER
 BASEDIR=$PWD
 
+if ! [ -w config -a -w config/config.php ]; then
+	echo "Please enable write permissions on config and config/config.php" >&2
+	exit 1
+fi
+
+# Back up existing (dev) config if one exists
+if [ -f config/config.php ]; then
+	mv config/config.php config/config-autotest-backup.php
+fi
+
 # use tmpfs for datadir - should speedup unit test execution
 if [ -d /dev/shm ]; then
   DATADIR=/dev/shm/data-autotest$EXECUTOR_NUMBER
@@ -158,6 +168,13 @@ else
 	execute_tests $1 $2 $3
 fi
 
+cd $BASEDIR
+
+# Restore existing config
+if [ -f config/config-autotest-backup.php ]; then
+	mv config/config-autotest-backup.php config/config.php
+fi
+
 #
 # NOTES on mysql:
 #  - CREATE DATABASE oc_autotest;

From 13218ec689ec373a68bce4b04cf63ce9e3886e16 Mon Sep 17 00:00:00 2001
From: Jan-Christoph Borchardt <hey@jancborchardt.net>
Date: Thu, 3 Oct 2013 17:08:29 +0300
Subject: [PATCH 32/43] remove duplicate upload CSS from files.css

---
 apps/files/css/files.css | 35 -----------------------------------
 1 file changed, 35 deletions(-)

diff --git a/apps/files/css/files.css b/apps/files/css/files.css
index 1508f8ac49..f09e51e70c 100644
--- a/apps/files/css/files.css
+++ b/apps/files/css/files.css
@@ -32,41 +32,6 @@
 
 #trash { margin: 0 1em; z-index:1010; float: right; }
 
-#upload {
-	height:27px; padding:0; margin-left:0.2em; overflow:hidden;
-}
-#upload a {
-	position:relative; display:block; width:100%; height:27px;
-	cursor:pointer; z-index:10;
-	background-image:url('%webroot%/core/img/actions/upload.svg');
-	background-repeat:no-repeat;
-	background-position:7px 6px;
-	opacity:0.65;
-}
-.file_upload_target { display:none; }
-.file_upload_form { display:inline; float:left; margin:0; padding:0; cursor:pointer; overflow:visible; }
-#file_upload_start {
-	left:0; top:0; width:28px; height:27px; padding:0;
-	font-size:1em;
-	-ms-filter:"progid:DXImageTransform.Microsoft.Alpha(Opacity=0)"; filter:alpha(opacity=0); opacity:0;
-	z-index:20; position:relative; cursor:pointer; overflow:hidden;
-}
-
-#uploadprogresswrapper {
-	position: relative;
-	display: inline;
-}
-#uploadprogressbar {
-	position:relative;
-	float: left;
-	margin-left: 12px;
-	width: 130px;
-	height: 26px;
-	display:inline-block;
-}
-#uploadprogressbar + stop {
-	font-size: 13px;
-}
 
 
 /* FILE TABLE */

From e40afbebc64547219e88dc0045d6a04cd06e76f8 Mon Sep 17 00:00:00 2001
From: Frank Karlitschek <frank@owncloud.org>
Date: Thu, 3 Oct 2013 23:22:11 +0200
Subject: [PATCH 33/43] make it possible to prepopulate a new user gome with a
 skeleton

---
 core/skeleton/.gitignore |  4 ++++
 lib/private/util.php     | 32 ++++++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+)
 create mode 100644 core/skeleton/.gitignore

diff --git a/core/skeleton/.gitignore b/core/skeleton/.gitignore
new file mode 100644
index 0000000000..5e7d2734cf
--- /dev/null
+++ b/core/skeleton/.gitignore
@@ -0,0 +1,4 @@
+# Ignore everything in this directory
+*
+# Except this file
+!.gitignore
diff --git a/lib/private/util.php b/lib/private/util.php
index 1cbb19eaec..004e82d7d2 100755
--- a/lib/private/util.php
+++ b/lib/private/util.php
@@ -68,6 +68,7 @@ class OC_Util {
 			$userDirectory = $userRoot . '/files';
 			if( !is_dir( $userDirectory )) {
 				mkdir( $userDirectory, 0755, true );
+				OC_Util::copySkeleton($userDirectory);
 			}
 			//jail the user into his "home" directory
 			\OC\Files\Filesystem::init($user, $userDir);
@@ -92,6 +93,37 @@ class OC_Util {
 		}
 	}
 
+	/**
+	 * @brief copies the user skeleton files into the fresh userr home files
+	 * @param string $userDirectory
+	 * @return void
+	 */
+	public static function copySkeleton($userDirectory) {
+		error_log('skeleton init '.$userDirectory);
+		OC_Util::copyr(\OC::$SERVERROOT.'/core/skeleton' , $userDirectory);
+	}
+
+	/**
+	 * @brief copies a directory recursively
+	 * @param string $source
+	 * @param string $target
+	 * @return void
+	 */
+	function copyr($source,$target) {
+		$dir = opendir($source);
+		@mkdir($target);
+		while(false !== ( $file = readdir($dir)) ) {
+			if (( $file != '.' ) && ( $file != '..' )) {
+				if ( is_dir($source . '/' . $file) ) {
+					OC_Util::copyr($source . '/' . $file , $target . '/' . $file);
+				} else {
+					copy($source . '/' . $file,$target . '/' . $file);
+				}
+			}
+		}
+		closedir($dir);
+	}
+
 	/**
 	 * @return void
 	 */

From b0ff10a5365ebaec2741c8095493c0eff836c439 Mon Sep 17 00:00:00 2001
From: kondou <kondou@ts.unde.re>
Date: Fri, 4 Oct 2013 02:27:53 +0200
Subject: [PATCH 34/43] Hide defaultavatar in #header and don't darken proper
 avatars in #header

---
 core/css/styles.css      |  4 ++++
 core/js/avatar.js        |  2 +-
 core/js/jquery.avatar.js | 20 +++++++++++++++-----
 settings/js/personal.js  | 12 ++++++++----
 4 files changed, 28 insertions(+), 10 deletions(-)

diff --git a/core/css/styles.css b/core/css/styles.css
index 06b61f0fa6..49a2bdaadb 100644
--- a/core/css/styles.css
+++ b/core/css/styles.css
@@ -43,6 +43,10 @@ body { background:#fefefe; font:normal .8em/1.6em "Helvetica Neue",Helvetica,Ari
 	display: inline-block;
 }
 
+#header .avatardiv img {
+	opacity: 1;
+}
+
 /* INPUTS */
 input[type="text"], input[type="password"], input[type="search"], input[type="number"], input[type="email"], input[type="url"],
 textarea, select,
diff --git a/core/js/avatar.js b/core/js/avatar.js
index 57e6daa093..c54c406876 100644
--- a/core/js/avatar.js
+++ b/core/js/avatar.js
@@ -1,6 +1,6 @@
 $(document).ready(function(){
 	if (OC.currentUser) {
-		$('#header .avatardiv').avatar(OC.currentUser, 32);
+		$('#header .avatardiv').avatar(OC.currentUser, 32, undefined, true);
 		// Personal settings
 		$('#avatar .avatardiv').avatar(OC.currentUser, 128);
 	}
diff --git a/core/js/jquery.avatar.js b/core/js/jquery.avatar.js
index 88a4c25d1e..0006810172 100644
--- a/core/js/jquery.avatar.js
+++ b/core/js/jquery.avatar.js
@@ -15,7 +15,7 @@
  * You may use this on any <div></div>
  * Here I'm using <div class="avatardiv"></div> as an example.
  *
- * There are 4 ways to call this:
+ * There are 5 ways to call this:
  *
  * 1. $('.avatardiv').avatar('jdoe', 128);
  * This will make the div to jdoe's fitting avatar, with a size of 128px.
@@ -34,10 +34,15 @@
  * 4. $('.avatardiv').avatar('jdoe', 128, true);
  * This will behave like the first example, except it will also append random
  * hashes to the custom avatar images, to force image reloading in IE8.
+ *
+ * 5. $('.avatardiv').avatar('jdoe', 128, undefined, true);
+ * This will behave like the first example, but it will hide the avatardiv, if
+ * it will display the default placeholder. undefined is the ie8fix from
+ * example 4 and can be either true, or false/undefined, to be ignored.
  */
 
 (function ($) {
-	$.fn.avatar = function(user, size, ie8fix) {
+	$.fn.avatar = function(user, size, ie8fix, hidedefault) {
 		if (typeof(size) === 'undefined') {
 			if (this.height() > 0) {
 				size = this.height();
@@ -69,12 +74,17 @@
 			var url = OC.Router.generate('core_avatar_get', {user: user, size: size})+'?requesttoken='+oc_requesttoken;
 			$.get(url, function(result) {
 				if (typeof(result) === 'object') {
-					if (result.data && result.data.displayname) {
-						$div.placeholder(user, result.data.displayname);
+					if (!hidedefault) {
+						if (result.data && result.data.displayname) {
+							$div.placeholder(user, result.data.displayname);
+						} else {
+							$div.placeholder(user);
+						}
 					} else {
-						$div.placeholder(user);
+						$div.hide();
 					}
 				} else {
+					$div.show();
 					if (ie8fix === true) {
 						$div.html('<img src="'+url+'#'+Math.floor(Math.random()*1000)+'">');
 					} else {
diff --git a/settings/js/personal.js b/settings/js/personal.js
index a923b47573..3fdc2907c4 100644
--- a/settings/js/personal.js
+++ b/settings/js/personal.js
@@ -45,12 +45,16 @@ function changeDisplayName(){
     }
 }
 
-function updateAvatar () {
+function updateAvatar (hidedefault) {
 	$headerdiv = $('#header .avatardiv');
 	$displaydiv = $('#displayavatar .avatardiv');
 
-	$headerdiv.css({'background-color': ''});
-	$headerdiv.avatar(OC.currentUser, 32, true);
+	if(hidedefault) {
+		$headerdiv.hide();
+	} else {
+		$headerdiv.css({'background-color': ''});
+		$headerdiv.avatar(OC.currentUser, 32, true);
+	}
 	$displaydiv.css({'background-color': ''});
 	$displaydiv.avatar(OC.currentUser, 128, true);
 }
@@ -232,7 +236,7 @@ $(document).ready(function(){
 			type:	'DELETE',
 			url:	OC.Router.generate('core_avatar_delete'),
 			success: function(msg) {
-				updateAvatar();
+				updateAvatar(true);
 			}
 		});
 	});

From c335169f6de619ba05685cc1de5cbd1163c18321 Mon Sep 17 00:00:00 2001
From: Jan-Christoph Borchardt <hey@jancborchardt.net>
Date: Fri, 4 Oct 2013 08:41:16 +0300
Subject: [PATCH 35/43] increase height of controls bar and elements to more
 clickable 44px

---
 apps/files/css/files.css      |  59 ++++++++++++++++++++++++----------
 apps/files/css/upload.css     |  55 ++++++++++++++++++++++---------
 core/css/styles.css           |  58 +++++++++++++++++++++++++++------
 core/img/breadcrumb-start.png | Bin 311 -> 0 bytes
 core/img/breadcrumb-start.svg |   6 ----
 core/img/breadcrumb.png       | Bin 320 -> 594 bytes
 core/img/breadcrumb.svg       |  16 ++++++---
 settings/css/settings.css     |  27 +++++++++++++---
 8 files changed, 164 insertions(+), 57 deletions(-)
 delete mode 100644 core/img/breadcrumb-start.png
 delete mode 100644 core/img/breadcrumb-start.svg

diff --git a/apps/files/css/files.css b/apps/files/css/files.css
index f09e51e70c..138b15db04 100644
--- a/apps/files/css/files.css
+++ b/apps/files/css/files.css
@@ -7,14 +7,34 @@
 .actions input, .actions button, .actions .button { margin:0; float:left; }
 .actions .button a { color: #555; }
 .actions .button a:hover, .actions .button a:active { color: #333; }
-#new {
-	height:17px;  margin:0 0 0 1em; z-index:1010; float:left;
+#new, #trash {
+	z-index: 1010;
+	float: left;
+	padding: 0 !important; /* override default control bar button padding */
+}
+#trash {
+	margin: 0 1em;
+	float: right;
+}
+#new>a, #trash>a {
+	padding: 14px 10px;
+	position: relative;
+	top: 7px;
+}
+#new.active {
+	border-bottom-left-radius: 0;
+	border-bottom-right-radius: 0;
+	border-bottom: none;
 }
-#new.active { border-bottom-left-radius:0; border-bottom-right-radius:0; border-bottom:none; }
-#new>a { padding:.5em 1.2em .3em; }
 #new>ul {
-	display:none; position:fixed; min-width:7em; z-index:10;
-	padding:.5em; padding-bottom:0; margin-top:.075em; margin-left:-.5em;
+	display: none;
+	position: fixed;
+	min-width: 7em;
+	z-index: 10;
+	padding: .5em;
+	padding-bottom: 0;
+	margin-top: 14px;
+	margin-left: -1px;
 	text-align:left;
 	background: #f8f8f8;
 	border: 1px solid #ddd;
@@ -25,18 +45,16 @@
 #new>ul>li { height:36px; margin:.3em; padding-left:3em; padding-bottom:0.1em;
 		background-repeat:no-repeat; cursor:pointer; }
 #new>ul>li>p { cursor:pointer; padding-top: 7px; padding-bottom: 7px;}
-#new>ul>li>form>input {
-	padding: 5px;
-	margin: 2px 0;
-}
-
-#trash { margin: 0 1em; z-index:1010; float: right; }
 
 
 
 /* FILE TABLE */
 
-#filestable { position: relative; top:37px; width:100%; }
+#filestable {
+	position: relative;
+	top: 44px;
+	width: 100%;
+}
 #filestable tbody tr { background-color:#fff; height:2.5em; }
 #filestable tbody tr:hover, tbody tr:active {
 	background-color: rgb(240,240,240);
@@ -90,9 +108,18 @@ table th#headerDate, table td.date {
 
 /* Multiselect bar */
 #filestable.multiselect {
-	top: 88px;
+	top: 95px;
+}
+table.multiselect thead {
+	position: fixed;
+	top: 89px;
+	z-index: 1;
+	-moz-box-sizing: border-box;
+	box-sizing: border-box;
+	left: 0;
+	padding-left: 80px;
+	width: 100%;
 }
-table.multiselect thead { position:fixed; top:82px; z-index:1; -moz-box-sizing: border-box; box-sizing: border-box; left: 0; padding-left: 80px; width:100%; }
 
 table.multiselect thead th {
 	background-color: rgba(210,210,210,.7);
@@ -293,8 +320,6 @@ a.action>img { max-height:16px; max-width:16px; vertical-align:text-bottom; }
 
 #scanning-message{ top:40%; left:40%; position:absolute; display:none; }
 
-div.crumb a{ padding:0.9em 0 0.7em 0; color:#555; }
-
 table.dragshadow {
 	width:auto;
 }
diff --git a/apps/files/css/upload.css b/apps/files/css/upload.css
index 2d11e41ba8..ef04356909 100644
--- a/apps/files/css/upload.css
+++ b/apps/files/css/upload.css
@@ -1,38 +1,63 @@
-
 #upload {
-	height:27px; padding:0; margin-left:0.2em; overflow:hidden;
+	-moz-box-sizing: border-box;
+	-webkit-box-sizing: border-box;
+	box-sizing: border-box;
+	height: 36px;
+	width: 39px;
+	padding: 0 !important; /* override default control bar button padding */
+	margin-left: .2em;
+	overflow: hidden;
 	vertical-align: top;
 }
 #upload a {
-	position:relative; display:block; width:100%; height:27px;
-	cursor:pointer; z-index:10;
-	background-image:url('%webroot%/core/img/actions/upload.svg');
-	background-repeat:no-repeat;
-	background-position:7px 6px;
-	opacity:0.65;
+	position: relative;
+	display: block;
+	width: 100%;
+	height: 44px;
+	width: 44px;
+	margin: -5px -3px;
+	cursor: pointer;
+	z-index: 10;
+	background-image: url('%webroot%/core/img/actions/upload.svg');
+	background-repeat: no-repeat;
+	background-position: center;
+	opacity: .65;
 }
 .file_upload_target { display:none; }
 .file_upload_form { display:inline; float:left; margin:0; padding:0; cursor:pointer; overflow:visible; }
 #file_upload_start {
-	float: left;
-	left:0; top:0; width:28px; height:27px; padding:0;
-	font-size:1em;
+	position: relative;
+	left: 0;
+	top: 0;
+	width: 44px;
+	height: 44px;
+	margin: -5px -3px;
+	padding: 0;
+	font-size: 1em;
 	-ms-filter:"progid:DXImageTransform.Microsoft.Alpha(Opacity=0)"; filter:alpha(opacity=0); opacity:0;
-	z-index:20; position:relative; cursor:pointer; overflow:hidden;
+	z-index: 20;
+	cursor: pointer;
+	overflow: hidden;
 }
 
 #uploadprogresswrapper {
+	-moz-box-sizing: border-box;
+	-webkit-box-sizing: border-box;
+	box-sizing: border-box;
 	display: inline-block;
 	vertical-align: top;
-	margin:0.3em;
-	height: 29px;
+	height: 36px;
+	box-sizing: border-box;
+}
+#uploadprogresswrapper > input[type='button'] {
+	height: 36px;
 }
 #uploadprogressbar {
 	position:relative;
 	float: left;
 	margin-left: 12px;
 	width: 130px;
-	height: 26px;
+	height: 36px;
 	display:inline-block;
 }
 #uploadprogressbar + stop {
diff --git a/core/css/styles.css b/core/css/styles.css
index 06b61f0fa6..72cb7994ea 100644
--- a/core/css/styles.css
+++ b/core/css/styles.css
@@ -152,22 +152,37 @@ input[type="submit"].enabled { background:#66f866; border:1px solid #5e5; -moz-b
 
 /* CONTENT ------------------------------------------------------------------ */
 #controls {
+	-moz-box-sizing: border-box;
+	-webkit-box-sizing: border-box;
+	box-sizing: border-box;
 	position: fixed;
-	height: 36px;
+	height: 44px;
 	width: 100%;
-	padding: 0 75px 0 6px;
+	padding-right: 75px;
 	margin: 0;
 	background: #eee;
 	border-bottom: 1px solid #e7e7e7;
 	z-index: 50;
-	-moz-box-sizing: border-box; box-sizing: border-box;
 }
-#controls .button {
+#controls .button,
+#controls button,
+#controls input[type='submit'],
+#controls input[type='text'],
+#controls input[type='password'],
+#controls select {
+	-moz-box-sizing: border-box;
+	-webkit-box-sizing: border-box;
+	box-sizing: border-box;
 	display: inline-block;
+	height: 36px;
+	padding: 7px 10px
 }
 
 #content { position:relative; height:100%; width:100%; }
-#content .hascontrols { position: relative; top: 2.9em; }
+#content .hascontrols {
+	position: relative;
+	top: 45px;
+}
 #content-wrapper {
 	position:absolute; height:100%; width:100%; padding-top:3.5em; padding-left:80px;
 	-moz-box-sizing:border-box; box-sizing:border-box;
@@ -746,15 +761,38 @@ span.ui-icon {float: left; margin: 3px 7px 30px 0;}
 .arrow.left { left:-13px; bottom:1.2em; -webkit-transform:rotate(270deg); -moz-transform:rotate(270deg); -o-transform:rotate(270deg); -ms-transform:rotate(270deg); transform:rotate(270deg); }
 .arrow.up { top:-8px; right:2em; }
 .arrow.down { -webkit-transform:rotate(180deg); -moz-transform:rotate(180deg); -o-transform:rotate(180deg); -ms-transform:rotate(180deg); transform:rotate(180deg); }
-.help-includes {overflow: hidden; width: 100%; height: 100%; -moz-box-sizing: border-box;	box-sizing: border-box;	padding-top: 2.8em; }
+.help-includes {
+	overflow: hidden;
+	width: 100%;
+	height: 100%;
+	-moz-box-sizing: border-box;
+	box-sizing: border-box;
+	padding-top: 44px;
+}
 .help-iframe {width: 100%; height: 100%; margin: 0;padding: 0; border: 0; overflow: auto;}
 
 
 /* ---- BREADCRUMB ---- */
-div.crumb { float:left; display:block; background:url('../img/breadcrumb.svg') no-repeat right 0; padding:.75em 1.5em 0 1em; height:2.9em;  -moz-box-sizing:border-box; box-sizing:border-box; }
-div.crumb:first-child { padding:10px 20px 10px 5px; }
-div.crumb.last { font-weight:bold; background:none; padding-right:10px; }
-div.crumb a{ padding: 0.9em 0 0.7em 0; }
+div.crumb {
+	float: left;
+	display: block;
+	background: url('../img/breadcrumb.svg') no-repeat right center;
+	height: 44px;
+}
+div.crumb a {
+	position: relative;
+	top: 12px;
+	padding: 14px 24px 14px 17px;
+	color: #555;
+}
+div.crumb:first-child a {
+	position: relative;
+	top: 13px;
+}
+div.crumb.last {
+	font-weight: bold;
+	margin-right: 10px;
+}
 
 /* some feedback for hover/tap on breadcrumbs */
 div.crumb:hover,
diff --git a/core/img/breadcrumb-start.png b/core/img/breadcrumb-start.png
deleted file mode 100644
index b0df5f44037637c322fb4eb867f90c18c6e8f613..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 311
zcmeAS@N?(olHy`uVBq!ia0vp^+(4|t!3HGb!wwt;QY^(zo*^7SP{WbZ0pxQQctjQh
z)n5l;MkkHg6+l7B64!{5;QX|b^2DN4hVt@qz0ADq;^f4FRK5J7^x5xhq=1UHc)B=-
zSe#DYQT~43{r~^}OLiRODSv;j_QRW-#(GJj|Jfgv1&REx`tYDpZDZGe=DYjmXB-XS
zHFVKtdnEq-{e5wTFhdT1Ro9R43TBEx=6p6UBf-@YEt@?8|Hw&LJvySr_VDNujeqsO
zzvZ$o61~5(`1!4w#_18AK|DuAf#O_W*4S+9ay)m_L-?qQ<>IDaj_zJdbe4HKomy1&
zNL@49cWGUqLy4lZ*GJc&gE##C9-1>Hi-}>r7Ee;wzKIGz_cM69`njxgN@xNA+1PfO

diff --git a/core/img/breadcrumb-start.svg b/core/img/breadcrumb-start.svg
deleted file mode 100644
index 7f36231cdf..0000000000
--- a/core/img/breadcrumb-start.svg
+++ /dev/null
@@ -1,6 +0,0 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<svg xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns="http://www.w3.org/2000/svg" height="36" width="11" version="1.1" xmlns:cc="http://creativecommons.org/ns#" xmlns:dc="http://purl.org/dc/elements/1.1/">
- <g transform="translate(0 -1016.4)">
-  <path d="m0 0 11 18-11 18z" transform="translate(0 1016.4)" fill="#ddd"/>
- </g>
-</svg>
diff --git a/core/img/breadcrumb.png b/core/img/breadcrumb.png
index 84992be0d9350d7a94455cfe46dcea2fcc669e64..7e9593a36bf9a2fc123ee6237fdfc88c022df0a6 100644
GIT binary patch
delta 530
zcmV+t0`2|40@4H_iBL{Q4GJ0x0000DNk~Le0000E0000i2nGNE097oB?2#c%e*w=)
zL_t(YiIvpPi%oGD$MKh8vS4A&#$wddC``&9z(T@85o_5D67r+OD3r$dwICZQ*|4%e
zlRv;l$&bx_$}DVHTd<JDwYcZjb>^IV&Uxx|>UsK{_qXTsIbXeAZ?V_wo$B}dx;zuO
zkGafTr$bFd#9Ms8rB1@)eI6$=e{*9eVMKhvbKLAoge%yWnL9cOBjN|{;!am0+`?35
z9_S>Dh~JpQd}dB|A;J^<!R$EUihjSpteKg6@C;KC@v|*aL@eT?F`=jw7Ih9M>q1d0
zjEK*8p(YgLh;SMEt3okW7!lubPemx2h%k>$<xn&VBjOjXDutpA5gy~Of00mB2B4}k
zb1$AMLeZ8eBHrMWA{4EO1$74RFx{G1uCBrbJcx*ItJ*4x<!r;j*2K(QX>dDS8~$c(
zk9rJ~cr<J@ZZ$L4VhOVm@p9O2L%fKuqaql)oXp&SGuT<4H4$&%RYbfm4{C{-xfO>o
zT{Ry^ysa?1YFJ4uuE!Z1XsY|_GGdk4ZI5~stBsglRsRJbGuIfHeZ1^j6Y&C;nna8&
zCo|XMEOs@C%Eaq<U1fGHF*CQ|2sXD7jS?5|u+HpCVrK5fc7u4et_hshV0Kmg13d}9
U>rcoRmjD0&07*qoM6N<$g3WyM!T<mO

delta 254
zcmV<a00IBf1i%6ziBL{Q4GJ0x0000DNk~Le0000B0000a2nGNE0AE(X#gQRQe*nEn
zL_t(I%dOSB5yCJKMNtKgT>?$G59q@bLLsIBDu5~=Isr5y5;@_g-5COBcQy9jr{{tb
zwzbyMdkQ98F?8WtYr%p!3U6@7*oE7`0f#6&w$nFVxDCu$qVUi*Gj-uMu*Eq9w}Hzi
zQQzQ?qQ0&P$5&Cm;5Sh}^}dSgRKX)2tEg@)v0p_+-~l&GB@%k<aQ-ixdX4Z0rdAi0
zlF}UxQYxb1@Q1He>cWPrAXPHq`brgJxN=ivp7~8Y0l0IbQRgL7!~g&Q07*qoM6N<$
Eg3ps@`Tzg`

diff --git a/core/img/breadcrumb.svg b/core/img/breadcrumb.svg
index 05a216e50a..f0b5c9218d 100644
--- a/core/img/breadcrumb.svg
+++ b/core/img/breadcrumb.svg
@@ -1,6 +1,12 @@
-<?xml version="1.0" encoding="UTF-8" standalone="no"?>
-<svg xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns="http://www.w3.org/2000/svg" height="36" width="11" version="1.1" xmlns:cc="http://creativecommons.org/ns#" xmlns:dc="http://purl.org/dc/elements/1.1/">
- <g transform="translate(0 -1016.4)">
-  <path d="m0.5 0 10 18-10 18 10-18z" transform="translate(0 1016.4)" stroke="#ddd" stroke-linecap="round" stroke-miterlimit="31.2" stroke-width="0.9" fill="#ddd"/>
- </g>
+<svg xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns="http://www.w3.org/2000/svg" height="44" width="14" version="1.1" xmlns:cc="http://creativecommons.org/ns#" xmlns:dc="http://purl.org/dc/elements/1.1/">
+ <metadata>
+  <rdf:RDF>
+   <cc:Work rdf:about="">
+    <dc:format>image/svg+xml</dc:format>
+    <dc:type rdf:resource="http://purl.org/dc/dcmitype/StillImage"/>
+    <dc:title/>
+   </cc:Work>
+  </rdf:RDF>
+ </metadata>
+ <path d="M0.54879,0.047777,12.744,22,0.54879,43.951,12.744,22z" stroke="#d7d7d7" stroke-linecap="round" stroke-miterlimit="31.20000076000000178" stroke-width="1.09758711000000009" fill="#F00"/>
 </svg>
diff --git a/settings/css/settings.css b/settings/css/settings.css
index 57a43180a4..0afdd9edbf 100644
--- a/settings/css/settings.css
+++ b/settings/css/settings.css
@@ -47,18 +47,37 @@ tr:hover>td.remove>a { float:right; }
 li.selected { background-color:#ddd; }
 table:not(.nostyle) { width:100%; }
 #rightcontent { padding-left: 1em; }
-div.quota { float:right; display:block; position:absolute; right:25em; top:-1px; }
+div.quota {
+	float: right;
+	display: block;
+	position: absolute;
+	right: 216px;
+	top: 0;
+}
 div.quota-select-wrapper { position: relative; }
 div.recoveryPassword { left:50em; display:block; position:absolute; top:-1px; }
 input#recoveryPassword {width:15em;}
 select.quota { position:absolute; left:0; top:0; width:10em; }
 select.quota-user { position:relative; left:0; top:0; width:10em; }
-div.quota>span { position:absolute; right:0; white-space:nowrap; top:.7em; color:#888; text-shadow:0 1px 0 #fff; }
+div.quota>span {
+	position: absolute;
+	right: 0;
+	white-space: nowrap;
+	top: 12px;
+	color: #888;
+	text-shadow: 0 1px 0 #fff;
+}
 select.quota.active { background: #fff; }
 
 /* positioning fixes */
-#newuser { position:relative; top:-3px; }
-#newuser .multiselect { top:1px; }
+#newuser .multiselect {
+	min-width: 150px !important;
+}
+#newuser .multiselect,
+#newusergroups + input[type='submit'] {
+	position: relative;
+	top: 1px;
+}
 #headerGroups, #headerSubAdmins, #headerQuota { padding-left:18px; }
 
 .ie8 table.hascontrols{border-collapse:collapse;width: 100%;}

From 6d954366950c57a8d999a652a7c1b22b95659ee3 Mon Sep 17 00:00:00 2001
From: Frank Karlitschek <frank@owncloud.org>
Date: Fri, 4 Oct 2013 09:24:07 +0200
Subject: [PATCH 36/43] add public static

---
 lib/private/util.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/private/util.php b/lib/private/util.php
index 004e82d7d2..d5c44795e1 100755
--- a/lib/private/util.php
+++ b/lib/private/util.php
@@ -109,7 +109,7 @@ class OC_Util {
 	 * @param string $target
 	 * @return void
 	 */
-	function copyr($source,$target) {
+	public static function copyr($source,$target) {
 		$dir = opendir($source);
 		@mkdir($target);
 		while(false !== ( $file = readdir($dir)) ) {

From f0a98cc92374f62a1fdd884c206424242427c8c5 Mon Sep 17 00:00:00 2001
From: Frank Karlitschek <frank@owncloud.org>
Date: Fri, 4 Oct 2013 09:25:54 +0200
Subject: [PATCH 37/43] fix typo

---
 lib/private/util.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/private/util.php b/lib/private/util.php
index d5c44795e1..d0b0fbfc80 100755
--- a/lib/private/util.php
+++ b/lib/private/util.php
@@ -94,7 +94,7 @@ class OC_Util {
 	}
 
 	/**
-	 * @brief copies the user skeleton files into the fresh userr home files
+	 * @brief copies the user skeleton files into the fresh user home files
 	 * @param string $userDirectory
 	 * @return void
 	 */

From e49ee47e7b9cd6bc03851281d270885b9fd2d70c Mon Sep 17 00:00:00 2001
From: Frank Karlitschek <frank@owncloud.org>
Date: Fri, 4 Oct 2013 09:28:46 +0200
Subject: [PATCH 38/43] use Filesystem::isIgnoredDir

---
 lib/private/util.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/private/util.php b/lib/private/util.php
index d0b0fbfc80..cb33e3597a 100755
--- a/lib/private/util.php
+++ b/lib/private/util.php
@@ -113,7 +113,7 @@ class OC_Util {
 		$dir = opendir($source);
 		@mkdir($target);
 		while(false !== ( $file = readdir($dir)) ) {
-			if (( $file != '.' ) && ( $file != '..' )) {
+			if ( !\OC\Files\Filesystem::isIgnoredDir($file) ) {
 				if ( is_dir($source . '/' . $file) ) {
 					OC_Util::copyr($source . '/' . $file , $target . '/' . $file);
 				} else {

From 47666796a73e28097be03d9de8a333907c69e5cc Mon Sep 17 00:00:00 2001
From: Frank Karlitschek <frank@owncloud.org>
Date: Fri, 4 Oct 2013 09:42:38 +0200
Subject: [PATCH 39/43] ups. remove debug

---
 lib/private/util.php | 2 --
 1 file changed, 2 deletions(-)

diff --git a/lib/private/util.php b/lib/private/util.php
index cb33e3597a..a4e9d07147 100755
--- a/lib/private/util.php
+++ b/lib/private/util.php
@@ -96,10 +96,8 @@ class OC_Util {
 	/**
 	 * @brief copies the user skeleton files into the fresh user home files
 	 * @param string $userDirectory
-	 * @return void
 	 */
 	public static function copySkeleton($userDirectory) {
-		error_log('skeleton init '.$userDirectory);
 		OC_Util::copyr(\OC::$SERVERROOT.'/core/skeleton' , $userDirectory);
 	}
 

From 566d826a9e6f47d893c3afd724974c72b6a3758c Mon Sep 17 00:00:00 2001
From: Frank Karlitschek <frank@owncloud.org>
Date: Fri, 4 Oct 2013 10:21:33 +0200
Subject: [PATCH 40/43] add a real examplefile instead of an .gitignore which
 is a bit stupid here

---
 core/skeleton/.gitignore  | 4 ----
 core/skeleton/welcome.txt | 5 +++++
 2 files changed, 5 insertions(+), 4 deletions(-)
 delete mode 100644 core/skeleton/.gitignore
 create mode 100644 core/skeleton/welcome.txt

diff --git a/core/skeleton/.gitignore b/core/skeleton/.gitignore
deleted file mode 100644
index 5e7d2734cf..0000000000
--- a/core/skeleton/.gitignore
+++ /dev/null
@@ -1,4 +0,0 @@
-# Ignore everything in this directory
-*
-# Except this file
-!.gitignore
diff --git a/core/skeleton/welcome.txt b/core/skeleton/welcome.txt
new file mode 100644
index 0000000000..c86eaf91bb
--- /dev/null
+++ b/core/skeleton/welcome.txt
@@ -0,0 +1,5 @@
+Welcome to your ownCloud account!
+
+This is just an example file for developers and git users. 
+The packaged and released versions will come with better examples.
+

From 47f59d2e421ab38dbf0625d6dfd9c2f21fa11ec1 Mon Sep 17 00:00:00 2001
From: Bjoern Schiessle <schiessle@owncloud.com>
Date: Fri, 4 Oct 2013 10:37:58 +0200
Subject: [PATCH 41/43] we don't know \OCA\Encryption\Session if the encryption
 app is not enabled, so we have to set the status manually

---
 apps/files/index.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/apps/files/index.php b/apps/files/index.php
index ecd539dbed..42eac209b2 100644
--- a/apps/files/index.php
+++ b/apps/files/index.php
@@ -104,8 +104,8 @@ if ($needUpgrade) {
 	$storageInfo=OC_Helper::getStorageInfo($dir);
 	$maxUploadFilesize=OCP\Util::maxUploadFilesize($dir);
 	$publicUploadEnabled = \OC_Appconfig::getValue('core', 'shareapi_allow_public_upload', 'yes');
-	// if the encryption app is disabled, than everything is fine
-	$encryptionInitStatus = \OCA\Encryption\Session::INIT_SUCCESSFUL;
+	// if the encryption app is disabled, than everything is fine (INIT_SUCCESSFUL status code)
+	$encryptionInitStatus = 2;
 	if (OC_App::isEnabled('files_encryption')) {
 		$publicUploadEnabled = 'no';
 		$session = new \OCA\Encryption\Session(new \OC\Files\View('/'));

From b7c3af11bf22f3d8cfb227f1eca134940dc26469 Mon Sep 17 00:00:00 2001
From: Bjoern Schiessle <schiessle@owncloud.com>
Date: Fri, 4 Oct 2013 10:46:55 +0200
Subject: [PATCH 42/43] fix hidden fieled name

---
 apps/files/templates/index.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/files/templates/index.php b/apps/files/templates/index.php
index fac540939e..75984b075d 100644
--- a/apps/files/templates/index.php
+++ b/apps/files/templates/index.php
@@ -116,4 +116,4 @@
 <input type="hidden" name="allowZipDownload" id="allowZipDownload" value="<?php p($_['allowZipDownload']); ?>" />
 <input type="hidden" name="usedSpacePercent" id="usedSpacePercent" value="<?php p($_['usedSpacePercent']); ?>" />
 <input type="hidden" name="encryptedFiles" id="encryptedFiles" value="<?php $_['encryptedFiles'] ? p('1') : p('0'); ?>" />
-<input type="hidden" name="encryptedFiles" id="encryptionInitStatus" value="<?php p($_['encryptionInitStatus']) ?>" />
+<input type="hidden" name="encryptedInitStatus" id="encryptionInitStatus" value="<?php p($_['encryptionInitStatus']) ?>" />

From 9d2595a7c59048fc6ed3777a888e03d43a8f03f9 Mon Sep 17 00:00:00 2001
From: Vincent Petry <pvince81@owncloud.com>
Date: Fri, 4 Oct 2013 11:11:24 +0200
Subject: [PATCH 43/43] Shortened notification message that was too long

The message for invalid private key was too long and didn't fit in the
notification box. This fix reduces the message to fit properly by
removing the extra information.
---
 apps/files/js/files.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/files/js/files.js b/apps/files/js/files.js
index 55ee89e17a..899bc6469e 100644
--- a/apps/files/js/files.js
+++ b/apps/files/js/files.js
@@ -69,7 +69,7 @@ Files={
 			return;
 		}
 		if (initStatus === '1') { // encryption tried to init but failed
-			OC.Notification.show(t('files_encryption', 'Your private key is not valid! Likely your password was changed outside the ownCloud system (e.g. your corporate directory). You can update your private key password in your personal settings to recover access to your encrypted files.'));
+			OC.Notification.showHtml(t('files_encryption', 'Invalid private key for Encryption App. Please update your private key password in your personal settings to recover access to your encrypted files.'));
 			return;
 		}
 		if (encryptedFiles === '1') {