Commit Graph

3705 Commits

Author SHA1 Message Date
Morris Jobke 6431f009de Merge pull request #3511 from nextcloud/backport-3362-stable11
[stable11] Fix cookie name (nc_token instead of oc_token)
2017-02-16 11:33:02 -06:00
Morris Jobke 48554db156
fix unit tests
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-02-16 10:29:45 -06:00
Morris Jobke 131945593e
Fix unit tests
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-02-16 13:38:54 +01:00
Lukas Reschke c025aa88d4 Merge pull request #3436 from nextcloud/stable11-increase-version
Increase version to 11.0.2 RC1
2017-02-10 14:03:49 +01:00
Lukas Reschke 592af1fff1 Merge pull request #3259 from nextcloud/add-profile-data-to-provisioning-api-stable11
Add profile data to provisioning api stable11
2017-02-10 13:00:04 +01:00
Lukas Reschke 347008f125
Increase version to 11.0.2 RC1
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-02-10 12:55:32 +01:00
Joas Schilling cf849e621b
Fix tests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-02-07 17:00:10 +01:00
Bjoern Schiessle 659320dfca
unify endpoints form core and the the provisioning api
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-01-25 14:19:41 +01:00
Joas Schilling 275db05a46 Merge pull request #2953 from nextcloud/backport-2797-sudo-password-with-ldap
[stable11] Use login name to fix password confirm with ldap users
2017-01-23 12:09:38 +01:00
Lukas Reschke 2382bf9011
Apply DOMPurify over HTML
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-01-17 11:37:16 +01:00
Morris Jobke 45c12d26ce
Fix JSUnit tests
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-01-17 11:37:06 +01:00
Joas Schilling 964d7b2389
Fix tests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-01-17 11:36:57 +01:00
Joas Schilling 78e685ce8f
Better fallback for unknown log types
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-01-10 13:01:00 +01:00
Joas Schilling acf62afe2d
Add tests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-01-10 13:00:47 +01:00
Robin Appelman daa4f393cb
dont write a certificate bundle if the shipped ca bundle is empty
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-01-09 21:11:50 +01:00
Christoph Wurst 2625b6297b
Set redirect_url on 2FA challenge page
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-01-09 10:42:23 +01:00
Joas Schilling a3d8442835
Remove warning
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-01-05 15:16:32 +01:00
Joas Schilling 1179471e41
Fix tests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-01-05 15:16:24 +01:00
Lukas Reschke 5bf56f67be
Increase version to 11.0.1
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-12-29 18:36:31 +01:00
Joas Schilling a7aa7de6c2
Add a unit test
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-12-13 13:54:18 +01:00
Lukas Reschke 32bf8ec826
Don't use cached informations for app version
When installing an app from the appstore the `\OC_App::getAppVersion` code is triggered twice:

- First when the downloader tries to compare the current version to the new version on the appstore to check if there is a newer version. This protects against downgrade attacks and is implemented in `\OC\Installer::downloadApp`.
- Second, when the app is actually installed the current version is written to the database. (`\OC\Installer::installApp`)

This fails however when the version is actually cached. Because in step 1 the cached version will be set to "0" and then be reused in the second step.

While this is probably not the cleanest version I assume this is an approach that is least invasive. Feedback and suggestions welcome :)

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-12-09 18:01:45 +01:00
Joas Schilling 924358ef96
Save the timezone on login again
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-12-08 10:45:24 +01:00
Morris Jobke 7aa510b2f0
Document updater channel & check for correct PHP version in updater
* see https://github.com/nextcloud/updater/issues/53

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-12-06 00:19:13 +01:00
Morris Jobke aac3024878 Merge pull request #2505 from nextcloud/sudo-mode-provisioning-api
Require sudo mode on the provisioning API
2016-12-05 22:29:29 +01:00
Roeland Jago Douma e368a745aa
Set last-login-check on basic auth
Else the last-login-check fails hard because the session value is not
set and thus defaults to 0.

* Started with tests

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-12-05 20:57:15 +01:00
Christoph Wurst 0478db6506 Merge pull request #2484 from nextcloud/fix-wrong-update-of-email-address
make sure that we only update the email address if it really changed
2016-12-05 17:14:23 +01:00
Morris Jobke 1253d1008a Merge pull request #2411 from nextcloud/fix-encryption-home-storage
check if the file should really be encrypted before we update the file cache
2016-12-05 15:38:12 +01:00
Bjoern Schiessle f25ad2e404
make sure that we only update the email address if it really changed
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-12-02 18:07:08 +01:00
Robin Appelman 1a379b0fdc
update test
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-12-02 18:04:21 +01:00
Lukas Reschke 2ca29f709b
Add tests
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-12-01 18:52:32 +01:00
Morris Jobke 01a62dee30
Language
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-11-30 15:20:04 +01:00
Morris Jobke 62ec31eb7b Merge pull request #2152 from nextcloud/preview_cleanupjob
Adds background job to cleanup all previews.
2016-11-30 10:39:21 +01:00
Bjoern Schiessle 0f8fe77b3a
check if the file should really be encrypted before we update the file cache
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-29 20:34:45 +01:00
Morris Jobke d86b29b42b Merge pull request #2066 from nextcloud/fix-redirect-double-encoding
do not double encode the redirect url
2016-11-29 17:21:43 +01:00
Lukas Reschke 3950ce9223 Merge pull request #2351 from nextcloud/remember-session-default
do not remember session tokens by default
2016-11-28 14:05:04 +01:00
Lukas Reschke 0cc771ce19 Merge pull request #2353 from nextcloud/renew-session-token-remember
copy remember-me value when renewing a session token
2016-11-28 14:04:13 +01:00
Christoph Wurst 6543182d13 fix parameter order
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-11-28 10:00:53 +01:00
Christoph Wurst ad610ae772 Merge pull request #2327 from nextcloud/exclude-pre-releases
Exclude pre-release versions as per SemVer
2016-11-28 09:55:24 +01:00
Christoph Wurst 2183a1f3e6 copy remember-me value when renewing a session token
On renew, a session token is duplicated. For some reason we did
not copy over the remember-me attribute value. Hence, the new token
was deleted too early in the background job and remember-me did
not work properly.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-11-27 14:19:57 +01:00
Christoph Wurst 9b808c4014 do not remember session tokens by default
We have to respect the value of the remember-me checkbox. Due to an error
in the source code the default value for the session token was to remember
it.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-11-27 14:03:28 +01:00
Morris Jobke 64fb0fb3dd Merge pull request #2276 from nextcloud/update-email-address
Update email address
2016-11-25 11:40:20 +01:00
Lukas Reschke 29402e2c0a
Exclude pre-release versions as per SemVer
As SemVer can be used apps could define a release like "10.0.0-alpha". This is something that we don't support at the moment in the server and we should filter all prereleases.

Ref https://github.com/nextcloud/server/pull/2307#issuecomment-262911588

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-25 11:32:46 +01:00
Bjoern Schiessle 0de685c562
bring back setEmailAddress for the user management
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-25 10:26:48 +01:00
Bjoern Schiessle 3fc75073b8
update accounts table if email address or display name changes from outside
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-25 10:26:47 +01:00
Roeland Jago Douma 72f9920a58
Add Identityproof tests
* Add tests for Key
* Add tests for Manager
* Add tests for Signer
* Removed URLGenerator from Signer

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-24 21:50:19 +01:00
Lukas Reschke 6a4c0cf237
Loop for newest version in appstore response
The current implementation when fetching apps from the appstore is to assume that the first element is the newest version, this is now always applicable and leads to the fact that for some apps (e.g. nextant) the newest version is not delivered. This can be easily tested by comparing the version of the downloaded Nextant version.

This change will loop over all releases delivered by the appstore and chooses the newest compatible one. While not the cleanest solution, it does its job.

Most of the code are actually unit tests. Whereas I have copied the whole original response from the appstore and also have performed the transformation. So that's why the diff looks so huge.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-24 14:29:57 +01:00
Bjoern Schiessle 546989959c
update email address correctly
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-23 20:19:31 +01:00
Lukas Reschke a05b8b7953
Harden cookies more appropriate
This adds the __Host- prefix to the same-site cookies. This is a small but yet nice security hardening.

See https://googlechrome.github.io/samples/cookie-prefixes/ for the implications.

Fixes https://github.com/nextcloud/server/issues/1412

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-23 12:53:44 +01:00
Roeland Jago Douma df215625f1 Merge pull request #1972 from nextcloud/invalid-files-from-scanner
Make sure we don't scan files that can not be accessed
2016-11-22 12:55:54 +01:00
Robin Appelman cd24010fa4 Merge pull request #2214 from nextcloud/remove-logging
remove old logging section
2016-11-21 17:17:02 +01:00