Commit Graph

1431 Commits

Author SHA1 Message Date
Lukas Reschke 2515cb17be Support pretty URLs
This changeset allows ownCloud to run with pretty URLs, they will be used if mod_rewrite and mod_env are available. This means basically that the `index.php` in the URL is not shown to the user anymore.

Also the not deprecated functions to generate URLs have been modified to support this behaviour, old functions such as `filePath` will still behave as before for compatibility reasons.

Examples:
http://localhost/owncloud/index.php/s/AIDyKbxiRZWAAjP => http://localhost/owncloud/s/AIDyKbxiRZWAAjP
http://localhost/owncloud/index.php/apps/files/ => http://localhost/owncloud/apps/files/

Due to the way our CSS and JS is structured the .htaccess uses some hacks for the final result but could be worse... And I was just annoyed by all that users crying for the removal of `index.php` ;-)
2015-12-01 16:46:07 +01:00
Lukas Reschke 4971015544 Add code integrity check
This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository.

Furthermore, there is a basic implementation to display problems with the code integrity on the update screen.

Code signing basically happens the following way:

- There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release 😉). This certificate is not intended to be used for signing directly and only is used to sign new certificates.
- Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`,  apps need to be signed with a certificate that either has a CN of `core` (shipped apps!)  or the AppID.
- The command generates a signature.json file of the following format:
```json
{
    "hashes": {
        "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d",
        "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9"
    },
    "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----",
    "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl"
}
```
`hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the  certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`.

Steps to do in other PRs, this is already a quite huge one:
- Add nag screen in case the code check fails to ensure that administrators are aware of this.
- Add code verification also to OCC upgrade and unify display code more.
- Add enforced code verification to apps shipped from the appstore with a level of "official"
- Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release
- Add some developer documentation on how devs can request their own certificate
- Check when installing ownCloud
- Add support for CRLs to allow revoking certificates

**Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature:

```
➜  master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt
Successfully signed "core"
```

Then increase the version and you should see something like the following:

![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png)

As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen.

For packaging stable releases this requires the following additional steps as a last action before zipping:
1. Run `./occ integrity:sign-core` once
2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
2015-12-01 11:55:20 +01:00
Vincent Petry b1ca431852 Fix for parsing pretty printed Webdav responses
Update davclient.js + adjust IE workaround for this
2015-11-24 15:26:53 +01:00
Vincent Petry a05e40932c Now using IE8 workaround of davclient.js for all IE versions 2015-11-22 16:05:52 +01:00
Vincent Petry 7ec83fc9fb Fix OC.FileInfo to copy all properties
This makes it possible to also store custom properties passed through
the data object like tags or shareOwner.
2015-11-22 16:05:50 +01:00
Vincent Petry a1d0682ef8 Use oc:fileid property instead of oc:id 2015-11-22 16:05:51 +01:00
Thomas Müller ab1d786d87 Fix port issue - options.host already has the port attached 2015-11-22 16:05:51 +01:00
Vincent Petry dc8ce87a26 Query tags/favorite through Webdav in file list 2015-11-22 16:05:50 +01:00
Vincent Petry fa2be0750c Make files app use Webdav for most operations 2015-11-22 16:05:50 +01:00
Vincent Petry f120846e29 Added OC.Files.Client Webdav-based files client 2015-11-22 16:05:49 +01:00
Vincent Petry fb3d5c7856 Add evert's davclient.js + es6-promise + IE8 workaround
- Add davclient.js lib
- Add es6-promise required by that lib
- Wrote IE8 workaround lib/shim for davclient.js
2015-11-22 16:05:49 +01:00
Joas Schilling 78c456b895 Allow creating OCS v2 links in JS 2015-11-16 14:23:43 +01:00
Vincent Petry a2cd9708f6 Set "ie" CSS class for IE10, IE11
Fixed border in file action menu
2015-11-10 17:04:52 +01:00
Joas Schilling f04151f69b Close the user menu when clicking it again 2015-11-02 10:09:13 +01:00
Morris Jobke b32e6fbb62 [tags] remove unneeded variables 2015-10-30 10:02:15 +01:00
Thomas Müller 774d069ff0 Merge pull request #20122 from owncloud/files-consolidateiconupdate
Fix icon update to be more consistent
2015-10-29 15:40:15 +01:00
Vincent Petry 9c9158e6b7 Fix icon update to be more consistent
Makes the details bar show the same icon as in the list.
2015-10-29 12:59:51 +01:00
Tom Needham 628e4a9daf Add sharee list view js tests 2015-10-29 09:01:47 +01:00
Thomas Müller 588a668455 Merge pull request #20082 from owncloud/phil-davis-sharedialogviewspec-typos
sharedialogviewSpec.js couple of text typos
2015-10-27 20:04:05 +01:00
Thomas Müller c15b2094e5 Merge pull request #20078 from owncloud/tipsy-body
Append tipsys to body
2015-10-27 15:08:25 +01:00
Phil Davis 89ab505c7b sharedialogviewSpec.js couple of text typos
I noticed a new typo in 15ef39d5b9 and looked for others while I am here.
2015-10-27 17:11:49 +05:45
Hendrik Leppelsack 5a01dc44d6 append tipsys to body 2015-10-27 11:22:41 +01:00
Vincent Petry 0d98e5e456 [IE9] Don't send link share password placeholder
When exiting the password field in the share dialog, IE9 would
mistakenly think that the password has changed and would send the
placeholder.

This fix prevents changing the password whenever the placeholder is set
as value.
2015-10-26 17:45:21 +01:00
Thomas Müller 23e51c37cf Merge pull request #20049 from owncloud/make-author-file-complete
Generate author file by license.php build script
2015-10-26 17:14:06 +01:00
Lukas Reschke 8f09d5b67c Update license headers 2015-10-26 14:04:01 +01:00
Vincent Petry c64fb46fbf Fix share link focus on click
Clicking on the link share must focus and select it
2015-10-26 12:49:52 +01:00
Roeland Jago Douma 9071e756a1 Fix for broken ajax/share.php endpoint
Even more code mess :(
All tests pass again. But I'm really not happy with this endpoint.
2015-10-23 09:24:03 +02:00
Thomas Müller 4f5ff9c105 Ensure the password is only hashed in case it's changed on the client - fixes #19950 2015-10-22 17:32:40 +02:00
Thomas Müller 56fdb0ac93 Merge pull request #19935 from owncloud/issue-19916-settings-menu-hide-on-file-action
Use the normal OC.menu JS for handling the Settings menu
2015-10-22 10:42:02 +02:00
Thomas Müller 15ef39d5b9 Merge pull request #19952 from owncloud/share-dialogue-tests
Add JS tests for share dialog
2015-10-22 09:23:05 +02:00
Tom Needham e3ae453ee5 Fix line lengths in share dialog unit tests 2015-10-21 13:30:42 +00:00
Tom Needham 8a6d22d751 Add JS tests for share autocompletion handling 2015-10-21 12:46:08 +00:00
Joas Schilling a0437591db Use the normal OC.menu JS for handling the Settings menu 2015-10-21 13:59:30 +02:00
Tom Needham 2ca5b1aa1f Add test for remote share info tooltop 2015-10-21 10:00:29 +00:00
Vincent Petry 89e3860e1a Disable app icon preview in apps page for IE
All IE versions are not able to properly upscale SVG icons unless the
said SVG files contain a "viewBox" attribute, which is not always the
case. Also we cannot guarantee that all third party apps will have this
attribute in their icons.

So for now, app icons will not be displayed in IE instead of broken
ones.
2015-10-21 10:50:06 +02:00
Vincent Petry 1e64968ff7 Allow leaving update page when errors occurred 2015-10-20 13:29:44 +02:00
Vincent Petry 06ddd40886 Prevent leaving the DB update page while in progress 2015-10-20 13:28:48 +02:00
Christoph Wurst 9778094a25 fix filepicker loading spinner 2015-10-19 23:43:12 +02:00
Vincent Petry 90e34e26bd Fix spinner positions in share tab
Also fix missing spinner when removing link share
2015-10-16 15:54:27 +02:00
Vincent Petry 3af2ad0cd9 Fix DOM element ids in share dialog
- Rely on class names instead of global ids
- When global ids are needed for label+checkbox, append the view id
  (cid) to the element's id

This fixes the checkboxes when multiple sidebars exist in the DOM.
2015-10-16 10:54:45 +02:00
Thomas Müller 8d5aff9db5 Merge pull request #19631 from owncloud/share-emailsenterror
Fix share email sending feedback
2015-10-14 12:51:32 +02:00
Thomas Müller a83e003ae3 Merge pull request #19645 from owncloud/file-conflict-disablecontinue
Disable "Continue" button in conflict dialog when no selection
2015-10-14 12:39:37 +02:00
Thomas Müller f34b97bc98 Merge pull request #19699 from owncloud/hutchic-issue-18241-reload-page-link
refs #18241 Make the 'please reload this page' a clickable link
2015-10-14 12:39:19 +02:00
Morris Jobke 2f9f963616 [update] show default error message if empty message 2015-10-14 09:41:47 +02:00
Colin Hutchinson f49c1039c4 refs #18241 Make the 'please reload this page' a clickable link 2015-10-10 14:14:01 -04:00
Vincent Petry c7aef6c368 Fix uploading avatar and root certs in IE8 2015-10-09 11:19:05 +02:00
Morris Jobke 3c005bc020 Check .conflicts for checkboxes 2015-10-08 17:13:28 +02:00
Roeland Jago Douma 08600a7ed5 Add unit tests for sending e-mail for link shares 2015-10-08 16:39:25 +02:00
Vincent Petry 4bf19d4472 Fix share email sending feedback
Redisplay email address after failure
2015-10-08 16:39:12 +02:00
Vincent Petry cba1aae073 Disable "Continue" button in conflict dialog when no selection 2015-10-08 12:27:33 +02:00