Commit Graph

2801 Commits

Author SHA1 Message Date
Thomas Müller 228a75e2ec Merge pull request #21248 from owncloud/deprecated_oc_helper_linkToRoute
Replace deprecated OC_Helper::linkToRoute calls
2015-12-18 07:56:42 +01:00
Roeland Jago Douma 9fe3d2f1f8 OC_Helper::linkToRoute is deprecated
Replaced all calls to OC_Helper::linkToRoute with
OC::$server->getURLGenerator()->linkToRoute
2015-12-17 18:46:42 +01:00
Roeland Jago Douma 6248bad0f7 Add a default size to the avatar placeholders
This removed the need to do an avatar request on the "empty" row in the
user settings.
2015-12-17 16:30:23 +01:00
Thomas Müller 3818a055b9 Merge pull request #21255 from owncloud/usermanagement-show-password-error-temporary
user management: show password error temporary
2015-12-17 16:25:14 +01:00
Thomas Müller d402ac91d7 Merge pull request #21260 from owncloud/fix-undefined-l10n-var
initialize l10n instance earlier, fixes an undefined var warning foll…
2015-12-17 16:08:08 +01:00
Arthur Schiwon 0ecbfae5ff initialize l10n instance earlier, fixes an undefined var warning followed by a php error 2015-12-17 15:08:15 +01:00
Roeland Jago Douma a81836a42f Only load the big (128x128) avatar on the perosnal page
Before the code was executed on every page if a user was logged in. Now
only on the personal page. Thus saving a request on all other pages.
2015-12-17 13:55:22 +01:00
michag86 7a86f10ebc Update users.js 2015-12-17 12:43:44 +01:00
Jenkins for ownCloud a7cd8103b5 [tx-robot] updated from transifex 2015-12-17 01:55:09 -05:00
Jenkins for ownCloud 74de12c698 [tx-robot] updated from transifex 2015-12-13 01:54:51 -05:00
Thomas Müller 4f860b7e0a Merge pull request #20978 from owncloud/fix-dont-show-unsaved-values-in-usermgmt
reset mailadress/displayname on blur
2015-12-11 12:15:01 +01:00
Jenkins for ownCloud acce1638e5 [tx-robot] updated from transifex 2015-12-11 01:55:44 -05:00
Thomas Müller ae6c3c1539 Merge pull request #21123 from owncloud/remove-db-locking-performance-warning-master
Remove info about database locking performance
2015-12-10 17:24:43 +01:00
Thomas Müller 01b9f07ac8 Remove info about database locking performance 2015-12-10 16:10:45 +01:00
Jenkins for ownCloud 078ca149b5 [tx-robot] updated from transifex 2015-12-10 01:55:17 -05:00
Jenkins for ownCloud dda9525c4b [tx-robot] updated from transifex 2015-12-09 01:55:14 -05:00
Thomas Müller fe8dc0bd5e Merge pull request #21022 from owncloud/get-rid-of-by-reference
Get rid of by reference
2015-12-08 11:04:25 +01:00
Thomas Müller c88438790c Merge pull request #20979 from owncloud/settings-groups-entry
Add 'my groups' anchor to the personal page sidebar
2015-12-08 11:04:09 +01:00
Lukas Reschke 4b293dffe5 Use \OCP\Util::sanitizeHTML instead of \OC_Util::sanitizeHTML 2015-12-08 08:56:47 +01:00
Scrutinizer Auto-Fixer 453e1bf66e Scrutinizer Auto-Fixes
This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
2015-12-07 15:43:36 +00:00
Patrick Robertson 96a83a783f Add 'my groups' anchor to the personal page sidebar 2015-12-07 16:16:12 +01:00
Thomas Müller 085f3f58fa Merge pull request #20954 from owncloud/settings_user_only_load_avatar_if_available
Settings user only load avatar if available
2015-12-07 10:19:38 +01:00
Thomas Müller c9069d5711 Merge pull request #20959 from owncloud/drop-OC_App-setActiveNavigationEntry
Remove unused setActiveNavigationEntry of OC_App - it's also in OCP\App
2015-12-07 10:17:44 +01:00
michag86 cf0d163a32 reset mailadress/displayname on blur 2015-12-07 09:48:54 +01:00
Jenkins for ownCloud f0b1ba713d [tx-robot] updated from transifex 2015-12-05 01:55:14 -05:00
Morris Jobke e6d4496fc2 Remove unused setActiveNavigationEntry of OC_App - it's also in OCP\App 2015-12-04 17:23:51 +01:00
Roeland Jago Douma 8c9a3ccefc Do not request an avatar if there is none 2015-12-04 14:56:49 +01:00
Roeland Jago Douma a619629ac0 Only try to load avatars in the user list if there is any 2015-12-04 14:56:49 +01:00
Roeland Jago Douma 50d862e5d1 [Avatars] JS should not load same avatar twice
Old code first dit an ajax request to the avatar. Then a new image
object with the same src was created and since we do not cache avatars
yet :(  this resulted in 2 sequential requests to the exact same URL

Now if you set the displayname it will first set the placeholder and
then load the avatar in the background. Only once this time!
2015-12-04 10:42:11 +01:00
Thomas Müller 7fefd4f4d9 Merge pull request #20860 from owncloud/use-user-getEMailAddress-all-over-the-place
User IUser::getEMailAddress() all over the place
2015-12-03 09:21:53 +01:00
Jenkins for ownCloud 5c178a2719 [tx-robot] updated from transifex 2015-12-03 01:55:12 -05:00
Thomas Müller eebe2b9c23 User IUser::getEMailAddress() all over the place 2015-12-02 21:25:05 +01:00
Morris Jobke 0a6db3ada6 Remove OC_Config from app management template
* add unit test for this case
2015-12-02 14:35:38 +01:00
Jenkins for ownCloud 4f4b91a9ec [tx-robot] updated from transifex 2015-12-02 02:00:28 -05:00
Lukas Reschke 4971015544 Add code integrity check
This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository.

Furthermore, there is a basic implementation to display problems with the code integrity on the update screen.

Code signing basically happens the following way:

- There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release 😉). This certificate is not intended to be used for signing directly and only is used to sign new certificates.
- Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`,  apps need to be signed with a certificate that either has a CN of `core` (shipped apps!)  or the AppID.
- The command generates a signature.json file of the following format:
```json
{
    "hashes": {
        "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d",
        "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9"
    },
    "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----",
    "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl"
}
```
`hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the  certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`.

Steps to do in other PRs, this is already a quite huge one:
- Add nag screen in case the code check fails to ensure that administrators are aware of this.
- Add code verification also to OCC upgrade and unify display code more.
- Add enforced code verification to apps shipped from the appstore with a level of "official"
- Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release
- Add some developer documentation on how devs can request their own certificate
- Check when installing ownCloud
- Add support for CRLs to allow revoking certificates

**Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature:

```
➜  master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt
Successfully signed "core"
```

Then increase the version and you should see something like the following:

![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png)

As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen.

For packaging stable releases this requires the following additional steps as a last action before zipping:
1. Run `./occ integrity:sign-core` once
2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
2015-12-01 11:55:20 +01:00
Thomas Müller f48ea593eb Merge pull request #20850 from owncloud/use-text-instead-of-html
Use .text instead of .html
2015-12-01 10:18:29 +01:00
Jenkins for ownCloud 8421a43df1 [tx-robot] updated from transifex 2015-12-01 01:55:07 -05:00
Lukas Reschke 3ea654d2d4 Use .text instead of .html
Makes some static source code analyzers happier.
2015-11-30 23:49:27 +01:00
Jenkins for ownCloud 5a9b892b2e [tx-robot] updated from transifex 2015-11-30 01:55:24 -05:00
Jenkins for ownCloud d305412a35 [tx-robot] updated from transifex 2015-11-28 01:55:16 -05:00
Jenkins for ownCloud 39fb320bae [tx-robot] updated from transifex 2015-11-27 01:55:14 -05:00
Jenkins for ownCloud dd18ea611b [tx-robot] updated from transifex 2015-11-26 01:55:22 -05:00
Jenkins for ownCloud 6e60c0f0c4 [tx-robot] updated from transifex 2015-11-25 01:55:37 -05:00
Jenkins for ownCloud cb69e6c201 [tx-robot] updated from transifex 2015-11-24 01:56:32 -05:00
Thomas Müller bf672d7e51 Merge pull request #20222 from owncloud/federated_sharing_auto_complete
federated sharing auto-complete, first step
2015-11-23 10:42:14 +01:00
Thomas Müller 333232f665 Merge pull request #20559 from owncloud/settings_app_to_controller
[Settings] Moved changedisplayname to usercontroller
2015-11-23 08:36:47 +01:00
Jenkins for ownCloud 56e05a90af [tx-robot] updated from transifex 2015-11-23 01:54:53 -05:00
Jenkins for ownCloud 2321cc4854 [tx-robot] updated from transifex 2015-11-22 01:54:53 -05:00
Jenkins for ownCloud eb42340fa3 [tx-robot] updated from transifex 2015-11-21 01:54:59 -05:00
Roeland Jago Douma 0265bcfdae Moved changedisplayname to usercontroller
Killed the old static route to change a users display name and moved it
to a properly testable controller.
2015-11-20 16:05:43 +01:00