Commit Graph

109 Commits

Author SHA1 Message Date
Joas Schilling c6a69ba925
Remove the upload and memory setting
* Remove unneeded private method phpFileSize()
* Bump autoloader
* Remove setUploadLimit tests
* Remove integrity check hacks for upload limit

Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-03-04 12:14:22 +01:00
Morris Jobke 92b5743bf4
Remove unused php5 config from .htaccess
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-03-04 11:24:10 +01:00
Daniel Kesselberg df3d5e8509
two item => two items
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-02-25 14:52:14 +01:00
Daniel Kesselberg 36c51bc4f1
Parse multiple navigation items
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-02-22 15:57:14 +01:00
Michael Weimann 2a8118e459
Switch guest avatars to PNG
Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
2019-02-07 14:23:16 +01:00
Michael Weimann bf1253cb49
Implement guest avatar endpoint
Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
2019-02-07 14:23:16 +01:00
Maxence Lange 6642efa7f4 adding .well-known/webfinger
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2018-10-10 13:01:23 +02:00
Michael Weimann a45ec3d324
Refactors the scss svg functions
Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
2018-10-02 08:37:55 +02:00
Sebastian Steinmetz 8a7bc3fb03 Testcase for HEIC image (similar to the ImageTest)
Signed-off-by: Sebastian Steinmetz <me@sebastiansteinmetz.ch>
2018-08-11 01:22:57 +02:00
Julius Härtl 1213a7c6a2
Fix email template tests
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-07-19 11:43:16 +02:00
Robin Appelman 46d0d0cda1
fix appinfo parsing when a single localized option is provided
Signed-off-by: Robin Appelman <robin@icewind.nl>
2018-04-17 11:14:03 +02:00
Morris Jobke cce4c285db
Fix email buttons for white theme
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-12-11 14:33:54 +01:00
Morris Jobke a0aef6ab1b
Fix welcome text for better grammar in themed instances
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-09 09:27:38 +01:00
Joas Schilling 6292f665d7
Allow multiple settings and sections per app
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-10-05 11:34:03 +02:00
Leon Klingele 8e46e6b827
Improve text: 'you have now' -> 'you now have'
Signed-off-by: Leon Klingele <leon@struktur.de>
2017-09-08 13:47:11 +02:00
Morris Jobke 96a404dfb3 Remove windows config settings in tests
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-08-17 09:39:49 +02:00
Morris Jobke ae13d011d1 Remove unneeded styles
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-07-24 11:09:14 +02:00
Lukas Reschke bb6fe6afba
Adjust to height=120
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-24 10:18:16 +02:00
Lukas Reschke ba1e16ea2e Revert "Set max-width of image to 100px in Outlook as well" 2017-07-24 10:14:47 +02:00
Morris Jobke a98f57ebd0 Set max-width of image to 100px in Outlook as well
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-07-23 23:15:21 +02:00
Joas Schilling 1c0bffe87f
Fix translations
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-18 16:40:53 -05:00
Morris Jobke 1f962f9115
Update email template for lost password email
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-12 15:19:53 -05:00
Morris Jobke ae4c2893a2
Fix unit tests
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-12 12:42:23 -05:00
Joas Schilling 1c8c62272c
Use instance name as alt-text
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-12 17:16:26 +02:00
Morris Jobke 050ce1d40b
Add addBodyButton to add a single button to email templates
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-12 17:16:26 +02:00
Morris Jobke be9a514dff
Allow to set text versions for the plain text email
* allows different texts for HTML and text version of the email

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-11 17:50:06 -05:00
Morris Jobke 5b4adf66e5
Move OC_Defaults to OCP\Defaults
* currently there are two ways to access default values:
  OCP\Defaults or OC_Defaults (which is extended by
  OCA\Theming\ThemingDefaults)
* our code used a mixture of both of them, which made
  it hard to work on theme values
* this extended the public interface with the missing
  methods and uses them everywhere to only rely on the
  public interface

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-09 21:43:01 -05:00
Lukas Reschke 281ad406e8
Add support for theming
Add support for theming in generated emails and simplify API

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-07 12:03:47 -05:00
Morris Jobke 0560e69913
New layout for welcome email
* thanks to @espina2 for make this nice design
* the button says "Set password" if the admin didn't specified a password

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-07 12:03:32 -05:00
Julius Härtl 29ec58f1b5
Add tests for SCSSCacher
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-03-20 14:12:35 +01:00
Christoph Wurst 140555b786
always allow remembered login
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-01-11 19:20:11 +01:00
Joas Schilling 8725302307
Fix InfoParser empty tests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-16 09:25:45 +01:00
Lukas Reschke 7cb0df28e2
Prevent downgrade attacks for apps
We should verify the app versions when installing a new update, otherwise this could result in downgrade attacks when an attacker just copies the old signature.

Plus it prevents the case that in case of a bug in the appstore actually an older version gets installed.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-11 18:53:26 +01:00
Lukas Reschke 0eeef26a8e
Add tests for installer method
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-31 19:39:35 +01:00
Morris Jobke 972e560e72
Adding tests for 4 byte unicode characters
* success on SQLite and Postgres
* failure on MySQL due to the limited charset that only supports up to 3 bytes
2016-10-19 00:15:01 +02:00
Thomas Müller c5ca71ee82
[9.2] Register commands in info.xml (#26248)
* Use DI to load console commands from the apps - class name to be defined in the info.xml

* Load commands from info.xml

* Fix unit test

* Allow Di magic for IMountManager

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-11 19:48:26 +02:00
Thomas Müller 67d3574bdf
Don't parse info.xml but reuse already cached app infos - fixes #25603 (#25968)
* Don't parse info.xml but reuse already cached app infos - fixes #25603

* Use === in InfoParser. Fixes test

* InfoParser should not depend on UrlGenerator - fixes issue with session being closed too early
2016-10-07 20:58:22 +02:00
skjnldsv 71830b285c Svgo optimization
Signed-off-by: John Molakvoæ <fremulon@protonmail.com>
2016-09-27 20:56:26 +02:00
Christoph Wurst dfb4d426c2
Add two factor auth to core 2016-05-23 11:21:10 +02:00
Thomas Müller 71fa0a75bf
Allow declaration of background jobs in info.xml 2016-05-03 08:58:12 +02:00
Thomas Müller 54f45f95f5
Adding repair steps for install and uninstall - fixes #24306 2016-05-02 08:52:06 +02:00
Thomas Müller 2ee7d2485c
Introduce background repair steps 2016-04-26 11:56:56 +02:00
Thomas Müller d0030aad6c
Remove deprecated HTTPHelper from InfoParser 2016-04-22 08:38:41 +02:00
Stefan Weil 02e226a6b3 tests: Fix typos (found by codespell)
Fix also a small grammar issue.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
2016-04-06 15:08:27 +02:00
Morris Jobke 23c0f4ff5f Read available l10n files also from theme folder
The old behaviour was that only languages could be used for an app
that are already present in the apps/$app/l10n folder. If there is
a themed l10n that is not present in the apps default l10n folder
the language could not be used and the texts are not translated.

With this change this is possible and also the l10n files are
loaded even if the default l10n doesn't contain the l10n file.
2016-03-17 16:15:37 +01:00
Lukas Reschke 5278bfe0e4 Add support for custom values in integrity checker 2016-03-15 10:41:17 +01:00
Thomas Müller 8b165c5ed5 No longer evaluate appinfo/version 2016-02-10 17:24:14 +01:00
Lukas Reschke bc62aa1ef5 Exclude .htaccess modifications from code checker
After the initial installation ownCloud will write some content into the .htaccess file such as the 404 or 403 directives. This adds a magic marker into the .htaccess file and only the content above this marker will be compared in the integrity checker.
2016-01-22 11:51:54 +01:00
Lukas Reschke 4971015544 Add code integrity check
This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository.

Furthermore, there is a basic implementation to display problems with the code integrity on the update screen.

Code signing basically happens the following way:

- There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release 😉). This certificate is not intended to be used for signing directly and only is used to sign new certificates.
- Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`,  apps need to be signed with a certificate that either has a CN of `core` (shipped apps!)  or the AppID.
- The command generates a signature.json file of the following format:
```json
{
    "hashes": {
        "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d",
        "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9"
    },
    "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----",
    "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl"
}
```
`hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the  certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`.

Steps to do in other PRs, this is already a quite huge one:
- Add nag screen in case the code check fails to ensure that administrators are aware of this.
- Add code verification also to OCC upgrade and unify display code more.
- Add enforced code verification to apps shipped from the appstore with a level of "official"
- Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release
- Add some developer documentation on how devs can request their own certificate
- Check when installing ownCloud
- Add support for CRLs to allow revoking certificates

**Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature:

```
➜  master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt
Successfully signed "core"
```

Then increase the version and you should see something like the following:

![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png)

As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen.

For packaging stable releases this requires the following additional steps as a last action before zipping:
1. Run `./occ integrity:sign-core` once
2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
2015-12-01 11:55:20 +01:00
Joas Schilling d904a09a04 The constant is now deprecated 2015-10-14 15:29:38 +02:00