Commit Graph

3685 Commits

Author SHA1 Message Date
Lukas Reschke 32bf8ec826
Don't use cached informations for app version
When installing an app from the appstore the `\OC_App::getAppVersion` code is triggered twice:

- First when the downloader tries to compare the current version to the new version on the appstore to check if there is a newer version. This protects against downgrade attacks and is implemented in `\OC\Installer::downloadApp`.
- Second, when the app is actually installed the current version is written to the database. (`\OC\Installer::installApp`)

This fails however when the version is actually cached. Because in step 1 the cached version will be set to "0" and then be reused in the second step.

While this is probably not the cleanest version I assume this is an approach that is least invasive. Feedback and suggestions welcome :)

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-12-09 18:01:45 +01:00
Joas Schilling 924358ef96
Save the timezone on login again
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-12-08 10:45:24 +01:00
Morris Jobke 7aa510b2f0
Document updater channel & check for correct PHP version in updater
* see https://github.com/nextcloud/updater/issues/53

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-12-06 00:19:13 +01:00
Morris Jobke aac3024878 Merge pull request #2505 from nextcloud/sudo-mode-provisioning-api
Require sudo mode on the provisioning API
2016-12-05 22:29:29 +01:00
Roeland Jago Douma e368a745aa
Set last-login-check on basic auth
Else the last-login-check fails hard because the session value is not
set and thus defaults to 0.

* Started with tests

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-12-05 20:57:15 +01:00
Christoph Wurst 0478db6506 Merge pull request #2484 from nextcloud/fix-wrong-update-of-email-address
make sure that we only update the email address if it really changed
2016-12-05 17:14:23 +01:00
Morris Jobke 1253d1008a Merge pull request #2411 from nextcloud/fix-encryption-home-storage
check if the file should really be encrypted before we update the file cache
2016-12-05 15:38:12 +01:00
Bjoern Schiessle f25ad2e404
make sure that we only update the email address if it really changed
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-12-02 18:07:08 +01:00
Robin Appelman 1a379b0fdc
update test
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-12-02 18:04:21 +01:00
Lukas Reschke 2ca29f709b
Add tests
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-12-01 18:52:32 +01:00
Morris Jobke 01a62dee30
Language
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-11-30 15:20:04 +01:00
Morris Jobke 62ec31eb7b Merge pull request #2152 from nextcloud/preview_cleanupjob
Adds background job to cleanup all previews.
2016-11-30 10:39:21 +01:00
Bjoern Schiessle 0f8fe77b3a
check if the file should really be encrypted before we update the file cache
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-29 20:34:45 +01:00
Morris Jobke d86b29b42b Merge pull request #2066 from nextcloud/fix-redirect-double-encoding
do not double encode the redirect url
2016-11-29 17:21:43 +01:00
Lukas Reschke 3950ce9223 Merge pull request #2351 from nextcloud/remember-session-default
do not remember session tokens by default
2016-11-28 14:05:04 +01:00
Lukas Reschke 0cc771ce19 Merge pull request #2353 from nextcloud/renew-session-token-remember
copy remember-me value when renewing a session token
2016-11-28 14:04:13 +01:00
Christoph Wurst 6543182d13 fix parameter order
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-11-28 10:00:53 +01:00
Christoph Wurst ad610ae772 Merge pull request #2327 from nextcloud/exclude-pre-releases
Exclude pre-release versions as per SemVer
2016-11-28 09:55:24 +01:00
Christoph Wurst 2183a1f3e6 copy remember-me value when renewing a session token
On renew, a session token is duplicated. For some reason we did
not copy over the remember-me attribute value. Hence, the new token
was deleted too early in the background job and remember-me did
not work properly.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-11-27 14:19:57 +01:00
Christoph Wurst 9b808c4014 do not remember session tokens by default
We have to respect the value of the remember-me checkbox. Due to an error
in the source code the default value for the session token was to remember
it.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-11-27 14:03:28 +01:00
Morris Jobke 64fb0fb3dd Merge pull request #2276 from nextcloud/update-email-address
Update email address
2016-11-25 11:40:20 +01:00
Lukas Reschke 29402e2c0a
Exclude pre-release versions as per SemVer
As SemVer can be used apps could define a release like "10.0.0-alpha". This is something that we don't support at the moment in the server and we should filter all prereleases.

Ref https://github.com/nextcloud/server/pull/2307#issuecomment-262911588

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-25 11:32:46 +01:00
Bjoern Schiessle 0de685c562
bring back setEmailAddress for the user management
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-25 10:26:48 +01:00
Bjoern Schiessle 3fc75073b8
update accounts table if email address or display name changes from outside
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-25 10:26:47 +01:00
Roeland Jago Douma 72f9920a58
Add Identityproof tests
* Add tests for Key
* Add tests for Manager
* Add tests for Signer
* Removed URLGenerator from Signer

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-24 21:50:19 +01:00
Lukas Reschke 6a4c0cf237
Loop for newest version in appstore response
The current implementation when fetching apps from the appstore is to assume that the first element is the newest version, this is now always applicable and leads to the fact that for some apps (e.g. nextant) the newest version is not delivered. This can be easily tested by comparing the version of the downloaded Nextant version.

This change will loop over all releases delivered by the appstore and chooses the newest compatible one. While not the cleanest solution, it does its job.

Most of the code are actually unit tests. Whereas I have copied the whole original response from the appstore and also have performed the transformation. So that's why the diff looks so huge.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-24 14:29:57 +01:00
Bjoern Schiessle 546989959c
update email address correctly
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-23 20:19:31 +01:00
Lukas Reschke a05b8b7953
Harden cookies more appropriate
This adds the __Host- prefix to the same-site cookies. This is a small but yet nice security hardening.

See https://googlechrome.github.io/samples/cookie-prefixes/ for the implications.

Fixes https://github.com/nextcloud/server/issues/1412

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-23 12:53:44 +01:00
Roeland Jago Douma df215625f1 Merge pull request #1972 from nextcloud/invalid-files-from-scanner
Make sure we don't scan files that can not be accessed
2016-11-22 12:55:54 +01:00
Robin Appelman cd24010fa4 Merge pull request #2214 from nextcloud/remove-logging
remove old logging section
2016-11-21 17:17:02 +01:00
Robin Appelman 0048b3aa2e
update tests
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-21 15:59:08 +01:00
Lukas Reschke d001dbd259
Adjust unit tests
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-21 11:30:03 +01:00
Lukas Reschke 8bf4111368
Fix changing display names for subadmins
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-21 11:30:00 +01:00
Lukas Reschke fb91bf6a5b
Add a signer class for signing
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-21 11:30:00 +01:00
Bjoern Schiessle a32d6e481f
fix unit tests
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-21 11:30:00 +01:00
Bjoern Schiessle b23a4ca96b
push public user data to the lookup server
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-21 11:29:59 +01:00
Bjoern Schiessle c5e61947a9
remove old test class
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-21 11:29:59 +01:00
Bjoern Schiessle 08e6541a88
fix unit tests
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-21 11:29:58 +01:00
Björn Schießle de1f3f05fd
allow to change display names in the user settings again
keep display name and email address in sync with the accounts table

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-21 11:29:54 +01:00
Björn Schießle 40b99734d3
introduce accounts table and keep it up-to-date with the data added to the personal settings
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-21 11:29:41 +01:00
Joas Schilling 558f169671
Move the validation into one place only
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-21 09:23:37 +01:00
Joas Schilling 4652d203e3
Make sure we don't scan files that can not be accessed
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-21 09:23:32 +01:00
Roeland Jago Douma 78a318d388
Add test if repair step is already done
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-19 20:26:53 +01:00
Roeland Jago Douma ccb05dbb17
Adds background job to cleanup all previews.
* A repair step that inserts a background job for each user
* Each background job will delete for 15 seconds if it takes longer we
reschedule. This is done so instances that don't use the system cron
won't time out.
* Added tests

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-19 20:14:44 +01:00
Lukas Reschke 8ec2e34576 Merge pull request #1602 from nextcloud/ignore-mod-env
Add system config htaccess.IgnoreFrontController for prettyURLs w/o mod_env
2016-11-18 21:42:56 +01:00
Morris Jobke 46768e71d9 Merge pull request #2076 from nextcloud/log_preview_access
Dispatch event on preview request
2016-11-18 20:45:29 +01:00
Morris Jobke 332eaec4c0 Merge pull request #1447 from nextcloud/password-confirmation-for-some-actions
Password confirmation for some actions
2016-11-18 15:42:30 +01:00
Robin Appelman 8b9ad46ba3 Merge pull request #768 from nextcloud/s3-objectstore
Add S3 objectstore backend
2016-11-18 14:55:07 +01:00
Joas Schilling b2d9c20aac
Fix unit tests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-18 12:10:51 +01:00
Morris Jobke d3900fc0d5 Merge pull request #2177 from nextcloud/appmanager-getapppath
Expose getAppPath to public API
2016-11-17 22:39:34 +01:00