Commit Graph

3082 Commits

Author SHA1 Message Date
Roeland Jago Douma b98dfaccd9 Merge pull request #1920 from nextcloud/legacy-pages-should-also-receive-the-nonce
Add nonce also to legacy CSP
2016-10-26 16:41:34 +02:00
Morris Jobke cde7f535bd Merge pull request #1738 from nextcloud/comments-provide-displaynames-with-mentions
comment mentions: show displayname not uid
2016-10-26 14:02:49 +02:00
Joas Schilling c20ab0049f
Identify Chromium as Chrome
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-26 12:07:10 +02:00
Roeland Jago Douma e351ba56f1
Move browserSupportsCspV3 to CSPNonceManager
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-25 22:03:10 +02:00
Morris Jobke 89574367bc Merge pull request #1871 from nextcloud/use-csp-nonces
Use CSP nonces
2016-10-25 14:46:00 +02:00
Lukas Reschke 740ff9108b Merge pull request #1884 from nextcloud/downstream-26292
Fix logClientIn for non-existing users (#26292)
2016-10-25 11:24:13 +02:00
Joas Schilling 890f752a6b Merge pull request #1452 from nextcloud/appconfig-endpoint
Appconfig endpoint
2016-10-25 10:57:48 +02:00
Roeland Jago Douma 593d52fe91
Fix and cleanup SessionTest
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-25 09:34:27 +02:00
Vincent Petry 6d1e858aa4
Fix logClientIn for non-existing users (#26292)
The check for two factor enforcement would return true for non-existing
users. This fix makes it return false in order to be able to perform
the regular login which will then fail and return false.

This prevents throwing PasswordLoginForbidden for non-existing users.
2016-10-25 09:34:27 +02:00
Lukas Reschke 38b3ac8213
Add ContentSecurityPolicyNonceManager
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-24 16:35:31 +02:00
Thomas Müller 03ec052b4e
App dependencies are now analysed on app enable as well - not only on app install. 2016-10-24 15:59:46 +02:00
Lukas Reschke 9e6634814e
Add support for CSP nonces
CSP nonces are a feature available with CSP v2. Basically instead of saying "JS resources from the same domain are ok to be served" we now say "Ressources from everywhere are allowed as long as they add a `nonce` attribute to the script tag with the right nonce.

At the moment the nonce is basically just a `<?php p(base64_encode($_['requesttoken'])) ?>`, we have to decode the requesttoken since `:` is not an allowed value in the nonce. So if somebody does on their own include JS files (instead of using the `addScript` public API, they now must also include that attribute.)

IE does currently not implement CSP v2, thus there is a whitelist included that delivers the new CSP v2 policy to newer browsers. Check http://caniuse.com/#feat=contentsecuritypolicy2 for the current browser support list. An alternative approach would be to just add `'unsafe-inline'` as well as `'unsafe-inline'` is ignored by CSPv2 when a nonce is set. But this would make this security feature unusable at all in IE. Not worth it at the moment IMO.

Implementing this offers the following advantages:

1. **Security:** As we host resources from the same domain by design we don't have to worry about 'self' anymore being in the whitelist
2. **Performance:** We can move oc.js again to inline JS. This makes the loading way quicker as we don't have to load on every load of a new web page a blocking dynamically non-cached JavaScript file.

If you want to toy with CSP see also https://csp-evaluator.withgoogle.com/

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-24 12:27:50 +02:00
Roeland Jago Douma ab91fa2660 Merge pull request #1820 from nextcloud/4byte-filenames
Allow 4byte unicode filenames on supported platforms
2016-10-24 10:38:25 +02:00
Roeland Jago Douma 7998689bc9
Added method to DB and fix test
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-24 09:45:04 +02:00
Roeland Jago Douma eaf152efeb
Fix DateTime comparisson
Datetime now returns microseconds. But if the database doesn't store
those comparing them for equality most likely fails.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-21 13:43:39 +02:00
Joas Schilling 0b1fb180a5
Make AppConfig part of the public API
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-21 09:09:23 +02:00
Morris Jobke 2799b0a821 Merge pull request #1835 from nextcloud/downstream-24948
Move OC\Files\Storage\Shared to the right namespace
2016-10-20 23:48:15 +02:00
Vincent Petry 9e9fef46d9
Get rid of very old oc:// stream wrapper (#26381) 2016-10-20 20:46:30 +02:00
Morris Jobke c7ba73e6f4 Merge pull request #1824 from nextcloud/downstream-26423
Ensure $commands being an array
2016-10-20 20:43:26 +02:00
Vincent Petry fca8bd44ab
Fix shared storage namespace in DecryptAll class 2016-10-20 20:36:50 +02:00
Joas Schilling 246bb9f33d
Move OC\Files\Storage\Shared to the right namespace 2016-10-20 20:27:44 +02:00
Thomas Müller ef842ef20a
Ensure $commands being an array - fixes #26073 2016-10-20 15:40:27 +02:00
Morris Jobke 7836a8d8c7
use short array syntax
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-10-20 15:40:22 +02:00
Joas Schilling 9f2d9895a5
Restore all services when a tests failed/finished for better testcase isolation
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-20 15:19:41 +02:00
Joas Schilling 122edcd0c1
Make sure all tests use the TestCase method to overwrite services
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-20 15:19:41 +02:00
Arthur Schiwon e5ce61b174
add missing methods to test fake manager
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2016-10-20 14:32:32 +02:00
Joas Schilling b35d2fd8f2
Allow rich object subjects for Notifications
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-20 12:14:59 +02:00
Joas Schilling 2098648850
Add Rich Object Definitions and a validator
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-20 12:14:51 +02:00
Arthur Schiwon 5d98ab83e9
resolve displayname via manager and registerable resolvers
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2016-10-19 00:34:00 +02:00
Arthur Schiwon fea3e20a80
move mention extraction to (I)Comment and report mentions via DAV
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2016-10-19 00:33:55 +02:00
Joas Schilling 303e073724
Do not skip when mysql uses utf8mb4
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-19 00:15:01 +02:00
Joas Schilling 43b7b143f4
Fix test of repair step
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-19 00:15:01 +02:00
Joas Schilling 17a2723948
Fix the test
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-19 00:15:01 +02:00
Morris Jobke 296a3274cf
only disable unicode test on mysql 2016-10-19 00:15:01 +02:00
Morris Jobke 972e560e72
Adding tests for 4 byte unicode characters
* success on SQLite and Postgres
* failure on MySQL due to the limited charset that only supports up to 3 bytes
2016-10-19 00:15:01 +02:00
Morris Jobke 96f8f209b9 Merge pull request #1449 from nextcloud/comments-user-mention
Notifications for simple @-mentioning in comments
2016-10-17 09:30:47 +02:00
Lukas Reschke 62e19dfa80 Merge pull request #1441 from nextcloud/getby-id-less-queries
optimize Folder::getById to use less queries
2016-10-14 15:18:23 +02:00
Christoph Wurst 53eb0f7f42 Merge pull request #1037 from nextcloud/no-double-token-update
dont update the auth token twice
2016-10-14 14:53:17 +02:00
Arthur Schiwon 1bcd2ca8e3
emit pre-update event for comments
* notifications can be cleaned up, no polluted DB
* updating comments will re-notify users or remove notifications, depending on the message

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2016-10-12 18:06:22 +02:00
Robin Appelman 0d842e0550
optimize Folder::getById to use less queries
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-10-12 16:12:28 +02:00
Roeland Jago Douma 7eba1d806b
Add tests for commands in info.xml
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-11 19:48:31 +02:00
Thomas Müller b1641cc113
Fix QueryBuilderTests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-11 12:30:46 +02:00
Robin Appelman 90db361827
Add test to ensure token times are updated
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-10-11 11:06:24 +02:00
Robin Appelman 25ed6714c7
dont update the auth token twice
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-10-11 11:05:25 +02:00
Roeland Jago Douma 3c173378e8
Fix typehint
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-10 22:13:51 +02:00
Thomas Müller 2806a4bca7
Cleanup test case
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-10 22:13:47 +02:00
Christoph Wurst a0cb809342 Merge pull request #1660 from nextcloud/add-notification-icon-to-api
Add an icon to the notification API
2016-10-10 09:32:34 +02:00
Morris Jobke 195fc041da Merge pull request #1663 from nextcloud/dont-reparse-info-xml
Dont reparse info xml + cache AppInfo XML
2016-10-10 09:22:43 +02:00
Christoph Wurst ce9e33bd3c Merge pull request #1656 from nextcloud/appinfo-check-class-existance
Make sure all the jobs, command, provides and migrations are valid
2016-10-10 09:04:27 +02:00
Lukas Reschke 0245dd7221
Simplify isSubDirectory check
Shaves off another 9ms per request as can be seen at https://blackfire.io/profiles/compare/dd54cef3-e58d-4a22-b8f4-c7c4b70697be/graph

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-07 21:56:43 +02:00
Lukas Reschke 0c2b17c80f
Cache AppInfo in Memory Cache if configured
This saves around 20ms on a bare-bone instance, on bigger ones more (depending on the number of installed apps).

See https://blackfire.io/profiles/compare/fc326ad3-100d-49b8-8ea9-8343240f53f3/graph

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-07 21:29:23 +02:00
Thomas Müller 67d3574bdf
Don't parse info.xml but reuse already cached app infos - fixes #25603 (#25968)
* Don't parse info.xml but reuse already cached app infos - fixes #25603

* Use === in InfoParser. Fixes test

* InfoParser should not depend on UrlGenerator - fixes issue with session being closed too early
2016-10-07 20:58:22 +02:00
Arthur Schiwon e1073cf442
Notificacations for simple @-mentioning in comments
(WIP) notify user when mentioned in comments

Fix doc, and create absolute URL for as notification link.

PSR-4 compatibility changes

also move notification creation to comments app

Do not notify yourself

unit test for controller and application

smaller fixes

- translatable app name
- remove doubles in mention array
- micro perf optimization
- display name: special label for deleted users, keep user id for users that could not be fetched from userManager

Comment Notification-Listener Unit Test

fix email adresses

remove notification when triggering comment was deleted

add and adjust tests

add missing @license tags

simplify NotificationsController registration

appinfo simplification, php docs

make string easier to translate

adjust test

replace dispatcher-based listeners with a registration method and interface

safer to not pass optional data parameter to setSubject for marking as processed. ID and mention suffices

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

update comment

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2016-10-07 17:11:19 +02:00
Joas Schilling c77933ca22
Add an icon to the notification API
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-07 17:00:24 +02:00
Joas Schilling c02a50a432
Make sure all the jobs, command, provides and migrations are valid
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-07 14:25:18 +02:00
Vincent Petry 626daabb56
Prefilter inaccessible shares in DefaultShareProvider::getSharedWith()
The DefaultShareProvider now does a DB-level check to find out whether
file_source is accessible at all (deleted file) or whether it's in the
trashbin of a home storage.

One small corner case where the home storage id is in md5 form cannot
be covered properly with this approach.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-06 13:57:58 +02:00
Lukas Reschke ea9b1cc340 Merge pull request #1306 from nextcloud/simplefs
Introducing AppData
2016-10-06 09:25:15 +02:00
Lukas Reschke a1f5364d7f
Generate coverage for quick DB tests
This adds the "QUICKDB" group which excludes some tests that abuse unit tests as integration tests as displayed in https://github.com/nextcloud/server/issues/1626

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-05 13:55:44 +02:00
Roeland Jago Douma 7512683ea9
Fix avatar tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-05 11:00:17 +02:00
Roeland Jago Douma 6807cb684f
avatar to appdata
* Fix AvatarTest

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-05 11:00:16 +02:00
Roeland Jago Douma ac38a3a654
Add Tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-05 11:00:16 +02:00
Christoph Wurst f27b7fa8d1
Do not use underscores in PSR4 namespaces of the backup codes app
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-10-03 21:47:33 +02:00
Lukas Reschke bf0371429c
Remove database requirement from test
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-03 14:15:18 +02:00
Lukas Reschke 341cd0ef61 Merge pull request #1582 from nextcloud/make-comments-100-tested
Add test for setTopmostParentId and getTopmostParentId
2016-09-30 01:04:29 +02:00
Lukas Reschke d5f39164a1
Add test for setTopmostParentId and getTopmostParentId
This wasn't tested before as proven by the coverage data.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-09-29 22:43:48 +02:00
Joas Schilling 4d1acfd4ef
Only trigger postDelete hooks when the user was deleted...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-09-29 15:40:53 +02:00
Joas Schilling f6ff60f4cb
Make sure that comments, notifications and preferences are deleted
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-09-29 15:40:53 +02:00
Morris Jobke 19f94ac5f9 Merge pull request #1549 from nextcloud/kill-update-simulation
Kill update simulation
2016-09-28 16:29:09 +02:00
Lukas Reschke c4d263199c Merge pull request #1521 from nextcloud/fix-mimetypedetect-hiddenfolder
Fix mimetype detection inside hidden folders (#26138)
2016-09-27 18:52:48 +02:00
Vincent Petry da0cea404d
Kill update simulation
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-09-27 18:43:53 +02:00
Joas Schilling 615b69677e
Use the same URL everywhere
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-09-27 14:52:22 +02:00
Joas Schilling 6f955defe4
Return the autoupdater value from the server
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-09-27 14:38:10 +02:00
Vincent Petry 9b4de310bd
Fix mimetype detection inside hidden folders (#26138)
Downstreaming of https://github.com/owncloud/core/pull/26138

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-09-26 11:31:03 +02:00
Roeland Jago Douma 6dace7f6ad
Add tests 2016-09-15 13:11:36 +02:00
Morris Jobke e39e1bdf4e Merge pull request #1395 from nextcloud/issue-369-htaccess-max-sizes
Make sure memory limit is > post size and upload filesize
2016-09-13 22:39:08 +02:00
Joas Schilling a3c8534b7b
Make sure memory limit is > post size and upload filesize 2016-09-13 16:50:36 +02:00
Joas Schilling db710e0b03
Make tests work with 4.8 at least 2016-09-13 16:31:33 +02:00
Roeland Jago Douma 368f407698
Fix getMock UtilTest 2016-09-13 09:09:53 +02:00
Roeland Jago Douma d616984879
Fix getMock User 2016-09-13 09:09:53 +02:00
Roeland Jago Douma 478b86e5e5
Fix getMock UrlGeneratortest 2016-09-13 09:09:53 +02:00
Roeland Jago Douma 2f36bbecb8
Fix getMock TagTest 2016-09-13 09:09:53 +02:00
Roeland Jago Douma 1d166d645b
Fix getMock ManagerTest 2016-09-13 09:09:53 +02:00
Roeland Jago Douma 7bc2d178ca
Fix getMock CertificateMangerTest 2016-09-13 09:09:53 +02:00
Roeland Jago Douma 5aad530e6c
Fix getMock RepairUnmergedSharesTest 2016-09-13 09:09:53 +02:00
Roeland Jago Douma cd5183dccc
Fix getMock DBLockingProviderTest 2016-09-13 09:09:53 +02:00
Roeland Jago Douma dcf8091d69
Fix getMock HelperStorageTest 2016-09-13 09:09:53 +02:00
Roeland Jago Douma 31532ecf13
Fix getMock ViewTest 2016-09-13 09:09:52 +02:00
Roeland Jago Douma 5069b74f8b
Fix getMock scannertest 2016-09-13 09:09:52 +02:00
Roeland Jago Douma d277053f22
Fix getMock QuotaTest 2016-09-13 09:09:52 +02:00
Roeland Jago Douma fe15dccb45
Fix getMock FolderTests 2016-09-13 09:09:52 +02:00
Roeland Jago Douma d77982c03f
Fix getMock UserMountcacheTest 2016-09-13 09:09:52 +02:00
Roeland Jago Douma 4b8d474ec5
Fix getMock Cache 2016-09-13 09:09:52 +02:00
Roeland Jago Douma 3782edf49c
Fix getMock DecryptAllTest 2016-09-13 09:09:52 +02:00
Roeland Jago Douma 16e88a7ebf
Fix getMock ManagerTest 2016-09-13 09:09:52 +02:00
Roeland Jago Douma 77779d678f
Fix getMock FileCacheTest 2016-09-13 09:09:52 +02:00
Roeland Jago Douma c4ef825ceb
Fix getMock JobListTest 2016-09-13 09:09:52 +02:00
Roeland Jago Douma 9404c04512
Fix getMock AppTests 2016-09-13 09:09:50 +02:00
Thomas Müller 6eba111e09
Fix failing preview unit tests (#26039) 2016-09-12 16:46:39 +02:00
Morris Jobke c16aefcff5 Merge pull request #1317 from nextcloud/add-sharing-disclaimer
Adding a optional disclaimer to the anonymous upload page
2016-09-08 21:18:28 +02:00
Morris Jobke 5ac26d12f0 Merge pull request #1247 from nextcloud/storage-id-global-cache
more efficient querying of numeric storage ids
2016-09-08 21:09:14 +02:00