Commit Graph

188 Commits

Author SHA1 Message Date
Morris Jobke e03d289b70
Use 6 months as SSL STS header threshold
* this uses 6 months (6 * 30 * 24 * 60 * 60 = 15552000)
* old value was half a year (365 / 2 * 24 * 60 * 60 = 15768000)
* fixes #23957
2016-04-13 08:47:34 +02:00
Vincent Petry 8d11c3b87b Merge pull request #23487 from owncloud/core-globalajaxerrorwhengoingaway
Detect user navigating away, don't interpret as ajax error
2016-04-01 17:03:55 +02:00
Vincent Petry 06e7856400 Adjust core unit tests for unload/reload cases 2016-03-23 10:53:40 +01:00
Thomas Müller 61c5717281 Merge pull request #23463 from owncloud/lets-consistently-use-no-referer
Consistently use rel=noreferrer
2016-03-23 09:14:54 +01:00
Thomas Müller 86581f6626 Merge pull request #22065 from owncloud/systemtags-create-same-prefix
Allow creating tags where another one with same prefix exists
2016-03-21 11:15:49 +01:00
Lukas Reschke 6ad957906e Consistently use rel=noreferrer
When linking to external entities we should consistently use rel=noreferrer
2016-03-20 15:27:20 +01:00
Lukas Reschke 2ca3c0d461 Adjust wording a bit
**Before:**
> Your PHP version (5.4.16) is no longer supported by PHP. We encourage you to upgrade your PHP version to take advantage of performance and security updates provided by PHP.

**After:**
> You are currently running PHP 5.4.0. We encourage you to upgrade your PHP version to take advantage of performance and security updates provided by the PHP Group as soon as your distribution supports it.

Fixes https://github.com/owncloud/enterprise/issues/1170
2016-03-11 17:39:35 +01:00
Vincent Petry 0091df2bc8 Improved JS L10N bundle merging + tests 2016-02-29 17:39:21 +01:00
Vincent Petry 27544144ce Fix unit tests affected by side effects
The notification tests were not restoring the clock properly, but
indirectly helped other tests pass.

Since now we're restoring the clock properly, the other tests were fixed
to still work.
2016-02-22 17:25:32 +01:00
Vincent Petry 8ea80e114a Accumulate notifications instead of blinking
This makes it possible to display multiple notifications.
If the options.type is set to "error", it will also add a close button.
2016-02-22 17:25:32 +01:00
Thomas Müller 8abdcb8085 Fix error ins source language strings
https://www.transifex.com/owncloud-org/owncloud/translate/#en_GB/core/50786279
https://www.transifex.com/owncloud-org/owncloud/translate/#en_GB/settings-1/50555028
2016-02-19 15:04:16 +01:00
Thomas Müller 7af7d18cfa Merge pull request #16783 from owncloud/handle-redirects-global
Adding global error handler for ajax calls which run into redirection…
2016-02-17 14:49:04 +01:00
Roeland Jago Douma e1fd86ccb6 Unlock sharee input field when sharing fails
Fixes #22441

When addShares fails (for whatever reason) we should unlock the sharee
input field so the user does not have to reload the page.
2016-02-17 09:21:12 +01:00
Vincent Petry b8b77709c0 Add handler for global ajax errors 2016-02-15 12:48:47 +01:00
Thomas Müller 2054dbd4c8 Merge pull request #22350 from owncloud/fix_22304
WebUI feedback when sharing
2016-02-15 10:45:42 +01:00
Roeland Jago Douma 33ef240b39 Search tags case insensitive
fixes: #22352

* Added unit tests
2016-02-14 20:41:39 +01:00
Roeland Jago Douma 92c131b481 Updated unit tests 2016-02-12 14:31:00 +01:00
Roeland Jago Douma 1301ec9351 Only show link shares for the current user
Currently we have no way to display multiple links in the UI.
So just display the link share for the current user.

Fixes #22275
2016-02-10 16:00:55 +01:00
Vincent Petry e378a757ff Add system tags filter section for files app 2016-02-09 10:59:29 +01:00
Vincent Petry 23f0515771 Fix JS DAV files client unit tests
Instead of trying to mock the promise, just stub davclient.js' request
object.
2016-02-04 15:39:18 +01:00
Vincent Petry 22be3867f1 Allow creating tags where another one with same prefix exists
When creating a new entry, compare the full tag name and not only the
prefix.
2016-02-02 10:42:35 +01:00
Vincent Chan faf48e42b7 Move data protection check to javascript
fixes #20199
2016-02-01 18:57:58 +01:00
Vincent Petry df3f6fee10 Properly forward error messages in share dialog 2016-01-28 17:18:33 +01:00
Vincent Petry 7e1de0e3c2 Fix share default expiration date calculation
Now using UTC dates with moment js to accurately add the number of days
2016-01-28 15:25:34 +01:00
Vincent Petry b063ddb05b Share dialog use OCS API 2016-01-28 15:25:34 +01:00
Thomas Müller de8852a760 Merge pull request #21958 from owncloud/systemtags-style
Use boxes for system tags, shorten permission text
2016-01-28 12:54:52 +01:00
Vincent Petry 1473e156f4 Use boxes for system tags, shorten permission text
Permission text now doesn't appear when all permissions are there, or
shows as "invisible" or "not assignable", which should better cover all
use cases.

Changed select2 style to use boxes in the input field.
2016-01-28 11:24:13 +01:00
Vincent Petry 714d8c2424 Fix system tags conflict situations
Does not disrupt the UX whenever a tag or association was created
concurrently. The input field will adjust itself as if the tag was
already there in the first place.
2016-01-27 15:09:59 +01:00
Vincent Petry cfba90a78d Fix system tags proppatch with booleans
Backbone webdav adapter now converts booleans and ints to strings.

Fixed system tags to use "true" / "false" strings for booleans instead
of 1 / 0.
2016-01-27 11:09:43 +01:00
Vincent Petry 0a1350d5ac System tags sidebar selector now respects permissions
For admins: display the namespace behind the tag name.
For users: no namespace, don't display non-assignable tags in the
dropdown, display already assigned non-assignable tags with a different
style
2016-01-25 10:45:02 +01:00
Joas Schilling f108dbfa6a Move getDescriptiveTag to core 2016-01-21 15:56:25 +01:00
Vincent Petry ffba6d0a7e Added system tags GUI in sidebar
Added files details sidebar panel to assign/unassign/rename/delete
system tags.
2016-01-19 16:24:26 +01:00
Morris Jobke 6e096936e5 update JS humanFileSize to use KB instead of kB 2016-01-19 10:51:57 +01:00
Vincent Petry 857c316bda Backbone transport for Webdav 2016-01-16 11:28:04 +01:00
Thomas Müller b1ee51f255 Merge pull request #21630 from owncloud/add-some-security-headers-as-hardening
Add X-Download-Options and X-Permitted-Cross-Domain-Policies
2016-01-13 10:33:58 +01:00
Thomas Müller 2493cfede9 Merge pull request #21640 from owncloud/add-config-to-disable-wellknown-check
Add config switch to disable the .well-known URL check
2016-01-12 14:46:09 +01:00
Lukas Reschke 4d0dcd3c53 Add X-Download-Options and X-Permitted-Cross-Domain-Policies
Two small security hardenings for our IE users and those with Adobe products. Aligns it more with https://github.com/twitter/secureheaders#secureheaders---
2016-01-12 10:37:16 +01:00
Morris Jobke 8b6b042ffd Add config switch to disable the .well-known URL check 2016-01-12 09:53:23 +01:00
Morris Jobke a6c7cdd75e Show the well-known URL check as info instead of error
* ref https://github.com/owncloud/core/pull/21562#issuecomment-170344549
2016-01-12 09:18:20 +01:00
Morris Jobke 0161928fc3 Add check for .well-known URL in the root of the webservers URL
* fixes #20012
2016-01-08 23:27:29 +01:00
Joas Schilling 334a6d57a3 Check the correct config for displaying the "notify by email" option 2016-01-08 14:15:06 +01:00
Roeland Jago Douma 6bd15856b2 Added js tests for the Sharee API usage 2015-12-30 10:46:19 +01:00
Roeland Jago Douma 49031e0744 Fix unit tests 2015-12-30 08:58:04 +01:00
Lukas Reschke cebeb0e052 Fix unit tests
Fixes https://github.com/owncloud/core/issues/21345
2015-12-23 09:11:22 +01:00
Vincent Petry 181ba7b4e1 Fix files UI mtime parsing from webdav 2015-12-16 17:44:16 +01:00
Vincent Petry 6735005be0 Fix duplicate bogus share field when link sharing is not allowed
Whenever link share is not allowed, it was outputting a bogus sharing
field which name would conflict with the regular sharing field.

This fix makes sure that the bogus sharing field with "Resharing not
allowed" message only appears when triggered by removed share
permissions.
2015-12-07 16:53:56 +01:00
Lukas Reschke 4971015544 Add code integrity check
This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository.

Furthermore, there is a basic implementation to display problems with the code integrity on the update screen.

Code signing basically happens the following way:

- There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release 😉). This certificate is not intended to be used for signing directly and only is used to sign new certificates.
- Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`,  apps need to be signed with a certificate that either has a CN of `core` (shipped apps!)  or the AppID.
- The command generates a signature.json file of the following format:
```json
{
    "hashes": {
        "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d",
        "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9"
    },
    "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----",
    "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl"
}
```
`hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the  certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`.

Steps to do in other PRs, this is already a quite huge one:
- Add nag screen in case the code check fails to ensure that administrators are aware of this.
- Add code verification also to OCC upgrade and unify display code more.
- Add enforced code verification to apps shipped from the appstore with a level of "official"
- Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release
- Add some developer documentation on how devs can request their own certificate
- Check when installing ownCloud
- Add support for CRLs to allow revoking certificates

**Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature:

```
➜  master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt
Successfully signed "core"
```

Then increase the version and you should see something like the following:

![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png)

As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen.

For packaging stable releases this requires the following additional steps as a last action before zipping:
1. Run `./occ integrity:sign-core` once
2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
2015-12-01 11:55:20 +01:00
Vincent Petry a1d0682ef8 Use oc:fileid property instead of oc:id 2015-11-22 16:05:51 +01:00
Thomas Müller ab1d786d87 Fix port issue - options.host already has the port attached 2015-11-22 16:05:51 +01:00
Vincent Petry f120846e29 Added OC.Files.Client Webdav-based files client 2015-11-22 16:05:49 +01:00