Commit Graph

2814 Commits

Author SHA1 Message Date
Lukas Reschke 88c7face07 Inject OCSClient
Fixes https://github.com/owncloud/core/issues/21451
2016-01-06 11:40:22 +01:00
Jenkins for ownCloud c77917f48c [tx-robot] updated from transifex 2016-01-06 01:55:16 -05:00
Jenkins for ownCloud 157bb50a39 [tx-robot] updated from transifex 2016-01-04 01:55:05 -05:00
Jenkins for ownCloud 6ca2da7d5c [tx-robot] updated from transifex 2016-01-02 01:54:46 -05:00
Jenkins for ownCloud dfec9f0c8a [tx-robot] updated from transifex 2016-01-01 01:55:10 -05:00
Jenkins for ownCloud 970495a067 [tx-robot] updated from transifex 2015-12-31 01:55:16 -05:00
Jenkins for ownCloud 45c41e2b2c [tx-robot] updated from transifex 2015-12-30 01:55:47 -05:00
Jan-Christoph Borchardt 6e60b6ee7c shorten quota usage wording, fix overflow on mobile, fix #21129 2015-12-28 18:42:48 +01:00
Jenkins for ownCloud 89584716f8 [tx-robot] updated from transifex 2015-12-28 01:55:10 -05:00
Morris Jobke ed98cdf532 Use OCP\Util::getVersion instead of the internal private implementation 2015-12-18 15:26:54 +01:00
Morris Jobke e42f262d85 properly use OCP\Util instead of OC_Helper 2015-12-18 11:46:21 +01:00
Thomas Müller 551e553bf4 Merge pull request #21264 from owncloud/deprecated_oc_user_methods
Cleanup OC_User deprecated methods
2015-12-18 10:15:18 +01:00
Thomas Müller 228a75e2ec Merge pull request #21248 from owncloud/deprecated_oc_helper_linkToRoute
Replace deprecated OC_Helper::linkToRoute calls
2015-12-18 07:56:42 +01:00
Roeland Jago Douma 9fe3d2f1f8 OC_Helper::linkToRoute is deprecated
Replaced all calls to OC_Helper::linkToRoute with
OC::$server->getURLGenerator()->linkToRoute
2015-12-17 18:46:42 +01:00
Roeland Jago Douma 6248bad0f7 Add a default size to the avatar placeholders
This removed the need to do an avatar request on the "empty" row in the
user settings.
2015-12-17 16:30:23 +01:00
Thomas Müller 3818a055b9 Merge pull request #21255 from owncloud/usermanagement-show-password-error-temporary
user management: show password error temporary
2015-12-17 16:25:14 +01:00
Roeland Jago Douma 7e44ea5da0 Remove deprecated function OC_User::getManager
Private deprecated function => removed
Replaced all instances with suggested replacement
2015-12-17 16:18:34 +01:00
Thomas Müller d402ac91d7 Merge pull request #21260 from owncloud/fix-undefined-l10n-var
initialize l10n instance earlier, fixes an undefined var warning foll…
2015-12-17 16:08:08 +01:00
Arthur Schiwon 0ecbfae5ff initialize l10n instance earlier, fixes an undefined var warning followed by a php error 2015-12-17 15:08:15 +01:00
Roeland Jago Douma a81836a42f Only load the big (128x128) avatar on the perosnal page
Before the code was executed on every page if a user was logged in. Now
only on the personal page. Thus saving a request on all other pages.
2015-12-17 13:55:22 +01:00
michag86 7a86f10ebc Update users.js 2015-12-17 12:43:44 +01:00
Jenkins for ownCloud a7cd8103b5 [tx-robot] updated from transifex 2015-12-17 01:55:09 -05:00
Jenkins for ownCloud 74de12c698 [tx-robot] updated from transifex 2015-12-13 01:54:51 -05:00
Thomas Müller 4f860b7e0a Merge pull request #20978 from owncloud/fix-dont-show-unsaved-values-in-usermgmt
reset mailadress/displayname on blur
2015-12-11 12:15:01 +01:00
Jenkins for ownCloud acce1638e5 [tx-robot] updated from transifex 2015-12-11 01:55:44 -05:00
Thomas Müller ae6c3c1539 Merge pull request #21123 from owncloud/remove-db-locking-performance-warning-master
Remove info about database locking performance
2015-12-10 17:24:43 +01:00
Thomas Müller 01b9f07ac8 Remove info about database locking performance 2015-12-10 16:10:45 +01:00
Jenkins for ownCloud 078ca149b5 [tx-robot] updated from transifex 2015-12-10 01:55:17 -05:00
Jenkins for ownCloud dda9525c4b [tx-robot] updated from transifex 2015-12-09 01:55:14 -05:00
Thomas Müller fe8dc0bd5e Merge pull request #21022 from owncloud/get-rid-of-by-reference
Get rid of by reference
2015-12-08 11:04:25 +01:00
Thomas Müller c88438790c Merge pull request #20979 from owncloud/settings-groups-entry
Add 'my groups' anchor to the personal page sidebar
2015-12-08 11:04:09 +01:00
Lukas Reschke 4b293dffe5 Use \OCP\Util::sanitizeHTML instead of \OC_Util::sanitizeHTML 2015-12-08 08:56:47 +01:00
Scrutinizer Auto-Fixer 453e1bf66e Scrutinizer Auto-Fixes
This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
2015-12-07 15:43:36 +00:00
Patrick Robertson 96a83a783f Add 'my groups' anchor to the personal page sidebar 2015-12-07 16:16:12 +01:00
Thomas Müller 085f3f58fa Merge pull request #20954 from owncloud/settings_user_only_load_avatar_if_available
Settings user only load avatar if available
2015-12-07 10:19:38 +01:00
Thomas Müller c9069d5711 Merge pull request #20959 from owncloud/drop-OC_App-setActiveNavigationEntry
Remove unused setActiveNavigationEntry of OC_App - it's also in OCP\App
2015-12-07 10:17:44 +01:00
michag86 cf0d163a32 reset mailadress/displayname on blur 2015-12-07 09:48:54 +01:00
Jenkins for ownCloud f0b1ba713d [tx-robot] updated from transifex 2015-12-05 01:55:14 -05:00
Morris Jobke e6d4496fc2 Remove unused setActiveNavigationEntry of OC_App - it's also in OCP\App 2015-12-04 17:23:51 +01:00
Roeland Jago Douma 8c9a3ccefc Do not request an avatar if there is none 2015-12-04 14:56:49 +01:00
Roeland Jago Douma a619629ac0 Only try to load avatars in the user list if there is any 2015-12-04 14:56:49 +01:00
Roeland Jago Douma 50d862e5d1 [Avatars] JS should not load same avatar twice
Old code first dit an ajax request to the avatar. Then a new image
object with the same src was created and since we do not cache avatars
yet :(  this resulted in 2 sequential requests to the exact same URL

Now if you set the displayname it will first set the placeholder and
then load the avatar in the background. Only once this time!
2015-12-04 10:42:11 +01:00
Thomas Müller 7fefd4f4d9 Merge pull request #20860 from owncloud/use-user-getEMailAddress-all-over-the-place
User IUser::getEMailAddress() all over the place
2015-12-03 09:21:53 +01:00
Jenkins for ownCloud 5c178a2719 [tx-robot] updated from transifex 2015-12-03 01:55:12 -05:00
Thomas Müller eebe2b9c23 User IUser::getEMailAddress() all over the place 2015-12-02 21:25:05 +01:00
Morris Jobke 0a6db3ada6 Remove OC_Config from app management template
* add unit test for this case
2015-12-02 14:35:38 +01:00
Jenkins for ownCloud 4f4b91a9ec [tx-robot] updated from transifex 2015-12-02 02:00:28 -05:00
Lukas Reschke 4971015544 Add code integrity check
This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository.

Furthermore, there is a basic implementation to display problems with the code integrity on the update screen.

Code signing basically happens the following way:

- There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release 😉). This certificate is not intended to be used for signing directly and only is used to sign new certificates.
- Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`,  apps need to be signed with a certificate that either has a CN of `core` (shipped apps!)  or the AppID.
- The command generates a signature.json file of the following format:
```json
{
    "hashes": {
        "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d",
        "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9"
    },
    "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----",
    "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl"
}
```
`hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the  certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`.

Steps to do in other PRs, this is already a quite huge one:
- Add nag screen in case the code check fails to ensure that administrators are aware of this.
- Add code verification also to OCC upgrade and unify display code more.
- Add enforced code verification to apps shipped from the appstore with a level of "official"
- Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release
- Add some developer documentation on how devs can request their own certificate
- Check when installing ownCloud
- Add support for CRLs to allow revoking certificates

**Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature:

```
➜  master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt
Successfully signed "core"
```

Then increase the version and you should see something like the following:

![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png)

As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen.

For packaging stable releases this requires the following additional steps as a last action before zipping:
1. Run `./occ integrity:sign-core` once
2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
2015-12-01 11:55:20 +01:00
Thomas Müller f48ea593eb Merge pull request #20850 from owncloud/use-text-instead-of-html
Use .text instead of .html
2015-12-01 10:18:29 +01:00
Jenkins for ownCloud 8421a43df1 [tx-robot] updated from transifex 2015-12-01 01:55:07 -05:00