a05b8b7953
Harden cookies more appropriate
...
This adds the __Host- prefix to the same-site cookies. This is a small but yet nice security hardening.
See https://googlechrome.github.io/samples/cookie-prefixes/ for the implications.
Fixes https://github.com/nextcloud/server/issues/1412
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-23 12:53:44 +01:00
df215625f1
Merge pull request #1972 from nextcloud/invalid-files-from-scanner
...
Make sure we don't scan files that can not be accessed
2016-11-22 12:55:54 +01:00
cd24010fa4
Merge pull request #2214 from nextcloud/remove-logging
...
remove old logging section
2016-11-21 17:17:02 +01:00
0048b3aa2e
update tests
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-21 15:59:08 +01:00
d001dbd259
Adjust unit tests
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-21 11:30:03 +01:00
8bf4111368
Fix changing display names for subadmins
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-21 11:30:00 +01:00
fb91bf6a5b
Add a signer class for signing
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-21 11:30:00 +01:00
a32d6e481f
fix unit tests
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-21 11:30:00 +01:00
b23a4ca96b
push public user data to the lookup server
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-21 11:29:59 +01:00
c5e61947a9
remove old test class
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-21 11:29:59 +01:00
08e6541a88
fix unit tests
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-21 11:29:58 +01:00
de1f3f05fd
allow to change display names in the user settings again
...
keep display name and email address in sync with the accounts table
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-21 11:29:54 +01:00
40b99734d3
introduce accounts table and keep it up-to-date with the data added to the personal settings
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-21 11:29:41 +01:00
558f169671
Move the validation into one place only
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-21 09:23:37 +01:00
4652d203e3
Make sure we don't scan files that can not be accessed
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-21 09:23:32 +01:00
8ec2e34576
Merge pull request #1602 from nextcloud/ignore-mod-env
...
Add system config htaccess.IgnoreFrontController for prettyURLs w/o mod_env
2016-11-18 21:42:56 +01:00
46768e71d9
Merge pull request #2076 from nextcloud/log_preview_access
...
Dispatch event on preview request
2016-11-18 20:45:29 +01:00
332eaec4c0
Merge pull request #1447 from nextcloud/password-confirmation-for-some-actions
...
Password confirmation for some actions
2016-11-18 15:42:30 +01:00
8b9ad46ba3
Merge pull request #768 from nextcloud/s3-objectstore
...
Add S3 objectstore backend
2016-11-18 14:55:07 +01:00
b2d9c20aac
Fix unit tests
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-18 12:10:51 +01:00
d3900fc0d5
Merge pull request #2177 from nextcloud/appmanager-getapppath
...
Expose getAppPath to public API
2016-11-17 22:39:34 +01:00
caacb6c261
Expose getAppPath to public API
...
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2016-11-17 19:24:24 +01:00
bba32cf4b7
Merge pull request #2163 from nextcloud/app-password-scope-warngings
...
fix warnings when updating app password
2016-11-17 17:52:23 +01:00
1614b310ef
Add system config htaccess.IgnoreFrontController for prettyURLs w/o mod_env
...
Added the system config which sets all conditions to true that query the
FrontControllerActive mod_env variable.
Signed-off-by: Felix A. Epp <work@felixepp.de>
2016-11-16 22:28:49 +01:00
74c68d8761
Add OCSControllerTests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-16 19:49:51 +01:00
d2dee32756
fix warnings when updating app password
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 19:14:36 +01:00
4ac5fdcf11
add tests for FileInfo::isMounted
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 15:30:37 +01:00
e4d1cf0f6d
add tests for http/output
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 15:30:37 +01:00
eefd059716
add amazon s3 objectstore backend
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 15:30:36 +01:00
64e896cc0d
split testing of objectstoragestorage and objectstore implementations
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 15:30:36 +01:00
e633f2f8df
add test
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 15:24:33 +01:00
e77432783b
Add test for setting up fake fs
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 15:24:32 +01:00
311531ecce
Adds tests for the AuthSettingsController
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-16 15:24:31 +01:00
59d6003f89
Adds NullCache ans NullStorage tests for Lockdown
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-16 15:24:31 +01:00
e5bc80b31d
Adds TokenProvider and Mapper tests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-16 15:24:31 +01:00
91851c37be
add tests
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 15:24:30 +01:00
4c3d18a9fc
explicit types
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 15:24:29 +01:00
a4ea20a259
cast to int
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 15:24:29 +01:00
bb65d3b03d
update tests
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 15:24:29 +01:00
8725302307
Fix InfoParser empty tests
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-16 09:25:45 +01:00
b8958ee937
Fix activity manager tests
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-16 09:25:45 +01:00
28babd319b
Merge pull request #2137 from nextcloud/make-sure-tests-run-on-phpunit-4-again
...
Add a magic wrapper to allow phpunit4 to run the code again
2016-11-15 21:48:55 +01:00
b775d935f2
Endpoint is now 11.0.0
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-15 15:10:17 +01:00
5fd428413b
Adjust previous fallbacks
...
11.0 is 11 and not 9.2 anymore
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-15 15:07:58 +01:00
e76ef9aaa8
Add a magic wrapper from hell to allow phpunit4 to run the code again
...
Remove this once phpunit 5 is the lowest supported version, by reverting:
https://github.com/nextcloud/server/pull/2137
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-15 14:49:14 +01:00
b7e13b43fb
Merge pull request #2114 from nextcloud/downstream-26498
...
make object prefix configurable
2016-11-14 17:07:00 +01:00
4a9361905d
make object prefix configurable
2016-11-14 15:10:56 +01:00
506ccdbd8d
Introduce an event for first time login based on the last login time stamp
...
Use firstLogin event to trigger creation of default calendar and default address book
Delay login of admin user after setup so that firstLogin event can properly be processed for the admin
Fixing tests ...
Skeleton files are not copied over -> only 3 cache entries are remaining
Use updateLastLoginTimestamp to properly setup lastLogin value for a test user
2016-11-14 14:50:10 +01:00
16a110e803
Merge pull request #2067 from nextcloud/fileinfo-lazy-substorages
...
only query substorages to calculate the final mtime/size/etag when we need it
2016-11-14 11:39:02 +01:00
7cb0df28e2
Prevent downgrade attacks for apps
...
We should verify the app versions when installing a new update, otherwise this could result in downgrade attacks when an attacker just copies the old signature.
Plus it prevents the case that in case of a bug in the appstore actually an older version gets installed.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-11 18:53:26 +01:00
Lukas Reschke
Roeland Jago Douma
Robin Appelman
Bjoern Schiessle
Björn Schießle
Joas Schilling
Morris Jobke
Julius Haertl
Felix Epp
Roeland Jago Douma
Jörn Friedrich Dreyer
Thomas Müller