Commit Graph

376 Commits

Author SHA1 Message Date
Morris Jobke e03d289b70
Use 6 months as SSL STS header threshold
* this uses 6 months (6 * 30 * 24 * 60 * 60 = 15552000)
* old value was half a year (365 / 2 * 24 * 60 * 60 = 15768000)
* fixes #23957
2016-04-13 08:47:34 +02:00
Vincent Petry 8d11c3b87b Merge pull request #23487 from owncloud/core-globalajaxerrorwhengoingaway
Detect user navigating away, don't interpret as ajax error
2016-04-01 17:03:55 +02:00
Vincent Petry 06e7856400 Adjust core unit tests for unload/reload cases 2016-03-23 10:53:40 +01:00
Thomas Müller 61c5717281 Merge pull request #23463 from owncloud/lets-consistently-use-no-referer
Consistently use rel=noreferrer
2016-03-23 09:14:54 +01:00
Thomas Müller 86581f6626 Merge pull request #22065 from owncloud/systemtags-create-same-prefix
Allow creating tags where another one with same prefix exists
2016-03-21 11:15:49 +01:00
Lukas Reschke 6ad957906e Consistently use rel=noreferrer
When linking to external entities we should consistently use rel=noreferrer
2016-03-20 15:27:20 +01:00
Lukas Reschke 2ca3c0d461 Adjust wording a bit
**Before:**
> Your PHP version (5.4.16) is no longer supported by PHP. We encourage you to upgrade your PHP version to take advantage of performance and security updates provided by PHP.

**After:**
> You are currently running PHP 5.4.0. We encourage you to upgrade your PHP version to take advantage of performance and security updates provided by the PHP Group as soon as your distribution supports it.

Fixes https://github.com/owncloud/enterprise/issues/1170
2016-03-11 17:39:35 +01:00
Vincent Petry 0091df2bc8 Improved JS L10N bundle merging + tests 2016-02-29 17:39:21 +01:00
Vincent Petry 27544144ce Fix unit tests affected by side effects
The notification tests were not restoring the clock properly, but
indirectly helped other tests pass.

Since now we're restoring the clock properly, the other tests were fixed
to still work.
2016-02-22 17:25:32 +01:00
Vincent Petry 8ea80e114a Accumulate notifications instead of blinking
This makes it possible to display multiple notifications.
If the options.type is set to "error", it will also add a close button.
2016-02-22 17:25:32 +01:00
Thomas Müller 8abdcb8085 Fix error ins source language strings
https://www.transifex.com/owncloud-org/owncloud/translate/#en_GB/core/50786279
https://www.transifex.com/owncloud-org/owncloud/translate/#en_GB/settings-1/50555028
2016-02-19 15:04:16 +01:00
Thomas Müller 7af7d18cfa Merge pull request #16783 from owncloud/handle-redirects-global
Adding global error handler for ajax calls which run into redirection…
2016-02-17 14:49:04 +01:00
Roeland Jago Douma e1fd86ccb6 Unlock sharee input field when sharing fails
Fixes #22441

When addShares fails (for whatever reason) we should unlock the sharee
input field so the user does not have to reload the page.
2016-02-17 09:21:12 +01:00
Vincent Petry b8b77709c0 Add handler for global ajax errors 2016-02-15 12:48:47 +01:00
Thomas Müller 2054dbd4c8 Merge pull request #22350 from owncloud/fix_22304
WebUI feedback when sharing
2016-02-15 10:45:42 +01:00
Roeland Jago Douma 33ef240b39 Search tags case insensitive
fixes: #22352

* Added unit tests
2016-02-14 20:41:39 +01:00
Roeland Jago Douma 92c131b481 Updated unit tests 2016-02-12 14:31:00 +01:00
Roeland Jago Douma 1301ec9351 Only show link shares for the current user
Currently we have no way to display multiple links in the UI.
So just display the link share for the current user.

Fixes #22275
2016-02-10 16:00:55 +01:00
Vincent Petry e378a757ff Add system tags filter section for files app 2016-02-09 10:59:29 +01:00
Vincent Petry 23f0515771 Fix JS DAV files client unit tests
Instead of trying to mock the promise, just stub davclient.js' request
object.
2016-02-04 15:39:18 +01:00
Vincent Petry 22be3867f1 Allow creating tags where another one with same prefix exists
When creating a new entry, compare the full tag name and not only the
prefix.
2016-02-02 10:42:35 +01:00
Vincent Chan faf48e42b7 Move data protection check to javascript
fixes #20199
2016-02-01 18:57:58 +01:00
Vincent Petry df3f6fee10 Properly forward error messages in share dialog 2016-01-28 17:18:33 +01:00
Vincent Petry 7e1de0e3c2 Fix share default expiration date calculation
Now using UTC dates with moment js to accurately add the number of days
2016-01-28 15:25:34 +01:00
Vincent Petry b063ddb05b Share dialog use OCS API 2016-01-28 15:25:34 +01:00
Thomas Müller de8852a760 Merge pull request #21958 from owncloud/systemtags-style
Use boxes for system tags, shorten permission text
2016-01-28 12:54:52 +01:00
Vincent Petry 1473e156f4 Use boxes for system tags, shorten permission text
Permission text now doesn't appear when all permissions are there, or
shows as "invisible" or "not assignable", which should better cover all
use cases.

Changed select2 style to use boxes in the input field.
2016-01-28 11:24:13 +01:00
Vincent Petry 714d8c2424 Fix system tags conflict situations
Does not disrupt the UX whenever a tag or association was created
concurrently. The input field will adjust itself as if the tag was
already there in the first place.
2016-01-27 15:09:59 +01:00
Vincent Petry cfba90a78d Fix system tags proppatch with booleans
Backbone webdav adapter now converts booleans and ints to strings.

Fixed system tags to use "true" / "false" strings for booleans instead
of 1 / 0.
2016-01-27 11:09:43 +01:00
Vincent Petry 0a1350d5ac System tags sidebar selector now respects permissions
For admins: display the namespace behind the tag name.
For users: no namespace, don't display non-assignable tags in the
dropdown, display already assigned non-assignable tags with a different
style
2016-01-25 10:45:02 +01:00
Joas Schilling f108dbfa6a Move getDescriptiveTag to core 2016-01-21 15:56:25 +01:00
Vincent Petry ffba6d0a7e Added system tags GUI in sidebar
Added files details sidebar panel to assign/unassign/rename/delete
system tags.
2016-01-19 16:24:26 +01:00
Morris Jobke 6e096936e5 update JS humanFileSize to use KB instead of kB 2016-01-19 10:51:57 +01:00
Vincent Petry 857c316bda Backbone transport for Webdav 2016-01-16 11:28:04 +01:00
Thomas Müller b1ee51f255 Merge pull request #21630 from owncloud/add-some-security-headers-as-hardening
Add X-Download-Options and X-Permitted-Cross-Domain-Policies
2016-01-13 10:33:58 +01:00
Thomas Müller 2493cfede9 Merge pull request #21640 from owncloud/add-config-to-disable-wellknown-check
Add config switch to disable the .well-known URL check
2016-01-12 14:46:09 +01:00
Lukas Reschke 4d0dcd3c53 Add X-Download-Options and X-Permitted-Cross-Domain-Policies
Two small security hardenings for our IE users and those with Adobe products. Aligns it more with https://github.com/twitter/secureheaders#secureheaders---
2016-01-12 10:37:16 +01:00
Morris Jobke 8b6b042ffd Add config switch to disable the .well-known URL check 2016-01-12 09:53:23 +01:00
Morris Jobke a6c7cdd75e Show the well-known URL check as info instead of error
* ref https://github.com/owncloud/core/pull/21562#issuecomment-170344549
2016-01-12 09:18:20 +01:00
Morris Jobke 0161928fc3 Add check for .well-known URL in the root of the webservers URL
* fixes #20012
2016-01-08 23:27:29 +01:00
Joas Schilling 334a6d57a3 Check the correct config for displaying the "notify by email" option 2016-01-08 14:15:06 +01:00
Roeland Jago Douma 6bd15856b2 Added js tests for the Sharee API usage 2015-12-30 10:46:19 +01:00
Roeland Jago Douma 49031e0744 Fix unit tests 2015-12-30 08:58:04 +01:00
Lukas Reschke cebeb0e052 Fix unit tests
Fixes https://github.com/owncloud/core/issues/21345
2015-12-23 09:11:22 +01:00
Vincent Petry 181ba7b4e1 Fix files UI mtime parsing from webdav 2015-12-16 17:44:16 +01:00
Vincent Petry 6735005be0 Fix duplicate bogus share field when link sharing is not allowed
Whenever link share is not allowed, it was outputting a bogus sharing
field which name would conflict with the regular sharing field.

This fix makes sure that the bogus sharing field with "Resharing not
allowed" message only appears when triggered by removed share
permissions.
2015-12-07 16:53:56 +01:00
Lukas Reschke 4971015544 Add code integrity check
This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository.

Furthermore, there is a basic implementation to display problems with the code integrity on the update screen.

Code signing basically happens the following way:

- There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release 😉). This certificate is not intended to be used for signing directly and only is used to sign new certificates.
- Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`,  apps need to be signed with a certificate that either has a CN of `core` (shipped apps!)  or the AppID.
- The command generates a signature.json file of the following format:
```json
{
    "hashes": {
        "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d",
        "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9"
    },
    "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----",
    "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl"
}
```
`hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the  certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`.

Steps to do in other PRs, this is already a quite huge one:
- Add nag screen in case the code check fails to ensure that administrators are aware of this.
- Add code verification also to OCC upgrade and unify display code more.
- Add enforced code verification to apps shipped from the appstore with a level of "official"
- Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release
- Add some developer documentation on how devs can request their own certificate
- Check when installing ownCloud
- Add support for CRLs to allow revoking certificates

**Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature:

```
➜  master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt
Successfully signed "core"
```

Then increase the version and you should see something like the following:

![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png)

As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen.

For packaging stable releases this requires the following additional steps as a last action before zipping:
1. Run `./occ integrity:sign-core` once
2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
2015-12-01 11:55:20 +01:00
Vincent Petry a1d0682ef8 Use oc:fileid property instead of oc:id 2015-11-22 16:05:51 +01:00
Thomas Müller ab1d786d87 Fix port issue - options.host already has the port attached 2015-11-22 16:05:51 +01:00
Vincent Petry f120846e29 Added OC.Files.Client Webdav-based files client 2015-11-22 16:05:49 +01:00
Joas Schilling f04151f69b Close the user menu when clicking it again 2015-11-02 10:09:13 +01:00
Thomas Müller 774d069ff0 Merge pull request #20122 from owncloud/files-consolidateiconupdate
Fix icon update to be more consistent
2015-10-29 15:40:15 +01:00
Vincent Petry 9c9158e6b7 Fix icon update to be more consistent
Makes the details bar show the same icon as in the list.
2015-10-29 12:59:51 +01:00
Tom Needham 628e4a9daf Add sharee list view js tests 2015-10-29 09:01:47 +01:00
Phil Davis 89ab505c7b sharedialogviewSpec.js couple of text typos
I noticed a new typo in 15ef39d5b9 and looked for others while I am here.
2015-10-27 17:11:49 +05:45
Vincent Petry c64fb46fbf Fix share link focus on click
Clicking on the link share must focus and select it
2015-10-26 12:49:52 +01:00
Roeland Jago Douma 9071e756a1 Fix for broken ajax/share.php endpoint
Even more code mess :(
All tests pass again. But I'm really not happy with this endpoint.
2015-10-23 09:24:03 +02:00
Tom Needham e3ae453ee5 Fix line lengths in share dialog unit tests 2015-10-21 13:30:42 +00:00
Tom Needham 8a6d22d751 Add JS tests for share autocompletion handling 2015-10-21 12:46:08 +00:00
Tom Needham 2ca5b1aa1f Add test for remote share info tooltop 2015-10-21 10:00:29 +00:00
Vincent Petry 3af2ad0cd9 Fix DOM element ids in share dialog
- Rely on class names instead of global ids
- When global ids are needed for label+checkbox, append the view id
  (cid) to the element's id

This fixes the checkboxes when multiple sidebars exist in the DOM.
2015-10-16 10:54:45 +02:00
Roeland Jago Douma 08600a7ed5 Add unit tests for sending e-mail for link shares 2015-10-08 16:39:25 +02:00
Morris Jobke b519965408 [admin] check for correct PHP memcached module 2015-10-06 08:51:47 +02:00
Thomas Müller ea72d90617 Merge pull request #19553 from owncloud/properly_format_date_shareview
Use DD-MM-YYYY consistently in share sidebar
2015-10-05 22:02:12 +02:00
Roeland Jago Douma 8c459a895d Do not remove linkshare if there is none
If the password is enforced we can't create a link share right away but
just show the password field. Untoggling the link sharing should not try
to remove the share.

* Added unit test
2015-10-05 21:12:27 +02:00
Roeland Jago Douma 96deeca34d Use DD-MM-YYYY consistently in share sidebar
We used to display the response from the server. Which is in non ISO8601
format. Now this is weird since the datepickers shows us 'DD-MM-YYYY'
once a date is chosen.

Now use momentJS to properly format the date.

* Unit tests updated
2015-10-04 11:38:29 +02:00
Thomas Müller d7a923671f Merge pull request #19305 from owncloud/share-hasusershares
Fix ShareItemModel.hasUserShares to only check shares of current item
2015-09-24 14:57:23 +02:00
Vincent Petry 76e30d0df7 Expiration date was always a string 2015-09-24 12:21:19 +02:00
Vincent Petry 0db9b28f3f Fix ShareItemModel.hasUserShares to only check shares of current item
The shares array is based on what the server returns and can contain
share info for parent folders.

hasUserShares is now fixed to ignore parent folders and only checks for
shares on the current item.
2015-09-23 14:41:13 +02:00
Vincent Petry 6ea27e2b03 Fix parsing int attributes from share.php response
Sometimes the attributes returned by share.php are integers but packaged
as strings.

This fix makes sure that such attributes are parsed as integers
2015-09-23 12:16:47 +02:00
Thomas Müller 08ae1e8183 Merge pull request #19008 from owncloud/jquery_avatar_tests
JS tests for jquery.avatar
2015-09-18 17:31:18 +02:00
Vincent Petry 02d68d0613 Removed obsolete tests 2015-09-16 07:23:29 +02:00
Vincent Petry f439c07ba9 Fix allow reshare for owner when sharing with self through group 2015-09-16 07:23:29 +02:00
Vincent Petry 996639f4fb More unit tests for share dialog 2015-09-16 07:23:29 +02:00
Vincent Petry 886f1ed660 Update JS unit tests for share dialog (WIP) 2015-09-16 07:23:29 +02:00
Roeland Jago Douma 1601e8acfe Added js tests for jquery.avatar
* Ceil avatar request size
2015-09-14 10:17:24 +02:00
Vincent Petry a808837ec9 Add apps unit test 2015-08-30 17:14:57 +02:00
Morris Jobke 202af1e322 fix unit tests 2015-08-26 11:39:22 +02:00
Roeland Jago Douma 8eefc5c4e1 Move remaining setupchecks to new fomat 2015-08-18 14:42:57 +02:00
Jan-Christoph Borchardt 12eec397e3 Merge pull request #17975 from owncloud/settings_admin_warning_levels
Settings admin warning levels
2015-08-18 13:38:08 +02:00
Robin McCorkell 2579999373 Add setup check for reverse proxy header configuration 2015-08-10 23:28:16 +01:00
Thomas Müller 9650f3ecbe Merge pull request #17919 from rullzer/php_supported_check
Display warning in security & setup warnings if php version is EOL
2015-08-10 23:03:35 +02:00
Roeland Jago Douma 8bde72c4bd All setup messages are now properly types 2015-07-30 09:57:08 +02:00
Roeland Jago Douma 5d15051da4 Allow setupchecks to specify a warning level 2015-07-30 09:57:08 +02:00
Roeland Jago Douma 72ba67815e Display warning in security & setup warnings if php version is EOL 2015-07-29 10:07:01 +02:00
Morris Jobke 5a0d410488 tests for _parseTime with hex and empty strings 2015-07-28 14:20:55 +02:00
Morris Jobke ebfbb97e66 Fix parsing of sharetime as string
In some cases the ajax/share.php will return the share time as string.
If this is the case it would get parsed completely wrong and cause the
share dropdown to not work anymore. This change will properly cast the
string to an interger and also fallback if this is not possible.
2015-07-28 08:56:15 +02:00
Vincent Petry 1b7d42c569 Fix OC.joinPaths with empty arguments
When empty arguments are given, the leading or trailing slash was not
detected properly.
2015-07-13 10:57:52 +02:00
Vincent Petry fbc03b43b9 More tests for joinPaths 2015-07-10 15:31:58 +02:00
Vincent Petry 119e27166e Add OC.joinPaths for convenient path joining 2015-07-10 13:02:28 +02:00
Roeland Jago Douma c8145cdbd6 Javascript mimetype icon resolver
This makes it possible to retrieve the icon for mimetypes in javascript.
It makes no additional queries to the server to retrieve the mimetype.

* config/mimetypealiases.json added
* mimetype.js: this is where the logic resides to convert from mimetype
  to icon url
* mimetypelist.js: generated file with a list of mimetype mapping (aliases)
  and the list of icon files
* ./occ maintenance:mimetypesjs : new command for occ to gernerate
  mimetypes.js
* unit tests updated and still work
* javascript tests added
* theming support
* folder of the theme is now present in javascript (OC.theme.folder)
2015-07-06 16:32:10 +02:00
Lukas Reschke eec8d776b7 Align recommended settings
This aligns the recommended setting with the max-age of `15768000` as described in our documentation. Furthermore it fixes some logical problems with the code, unit tests has been added as well.

Fixes https://github.com/owncloud/core/issues/16673
2015-06-15 10:39:25 +02:00
Roeland Jago Douma bf491183c1 Properly format remote recipients
* A list of recipients can now be properly formatted with remote shares.
Before the shares where simply shown in full in the "Shared with others"
section.
* Unit tests updated and added
2015-05-27 16:22:34 +02:00
Thomas Müller 07c6e523b1 Merge pull request #16565 from owncloud/add-urandom-check
Add check for availability of /dev/urandom
2015-05-26 16:53:11 +02:00
Lukas Reschke bc6d17ed74 Add check for availability of /dev/urandom
Without /dev/urandom being available to read the medium RNG will rely only on the following components on a Linux system:

1. MicroTime: microtime() . memory_get_usage() as seed and then a garbage collected microtime for loop
2. MTRand: chr((mt_rand() ^ mt_rand()) % 256)
3. Rand: chr((rand() ^ rand()) % 256)
4. UniqId: Plain uniqid()

An adversary with the possibility to predict the seed used by the PHP process may thus be able to predict future tokens which is an unwanted behaviour.

One should note that this behaviour is documented in our documentation to ensure that users get aware of this even without reading our documentation this will add a post setup check to the administrative interface.

Thanks to David Black from d1b.org for bringing this again to our attention.
2015-05-26 14:16:07 +02:00
Roeland Jago Douma 914c74ea9b Unit tests for #16511
Make sure that password is updated on focusout of the password field or
on pressing enter in the password field.
2015-05-22 15:09:21 +02:00
Vincent Petry d15471abd4 Merge pull request #15738 from rullzer/fix_15611
Fix to make sure expiration date is properly set
2015-05-18 11:26:12 +02:00
Roeland Jago Douma b090a32d23 Reset share dialog values so we start out clean
* Unit test
2015-05-18 10:08:09 +02:00
Roeland Jago Douma efd6fec57d Fix to make sure expiration date is properly set
This did not happen correctly when the password was enforced since a
different code path was taken.

* moved generation of the default date string to separate function
* added unit test
2015-05-18 09:35:47 +02:00
Vincent Petry 93cf51389a Added unit test for reshare by share owner 2015-04-29 10:34:37 +02:00
Roeland Jago Douma b971029652 Added unit tests 2015-04-17 09:38:09 +02:00
Joas Schilling 81ec1c8a1a Remove hardcoded link to performance docs 2015-04-07 12:25:30 +02:00
Lukas Reschke 65202d2a18 Add check for activated local memcache
Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it.

Fixes https://github.com/owncloud/core/issues/14956
2015-03-28 13:59:22 +01:00
Lukas Reschke 9d1ce53cb1 Add some generic default headers as well via PHP 2015-03-26 22:32:57 +01:00
Jan-Christoph Borchardt d1db727d1f mock up missing elements in the tests 2015-03-26 17:13:50 +01:00
Morris Jobke f507601e25 Merge pull request #14582 from rullzer/avatar_fixes
Avatars in share dialog fixes
2015-03-04 10:30:09 +01:00
Roeland Jago Douma c9272be0b9 Avatars in share dialog fixes
* Avatar for "xxxx share with you..." to the left
* Avatars for groups and remote shares (use default placeholder)
* Modified and added unit tests
* Use the same css for all the avatars in the dropdown
2015-03-03 20:57:50 +01:00
Vincent Petry b4cfc79b5a Added missing done() calls for async tests 2015-03-03 13:59:03 +01:00
Lukas Reschke bbd5f28415 Let users configure security headers in their Webserver
Doing this in the PHP code is not the right approach for multiple reasons:

1. A bug in the PHP code prevents them from being added to the response.
2. They are only added when something is served via PHP and not in other cases (that makes for example the newest IE UXSS which is not yet patched by Microsoft exploitable on ownCloud)
3. Some headers such as the Strict-Transport-Security might require custom modifications by administrators. This was not possible before and lead to buggy situations.

This pull request moves those headers out of the PHP code and adds a security check to the admin settings performed via JS.
2015-03-02 19:07:46 +01:00
Lukas Reschke 92b5517229 Use custom attribute instead of the div identifier
Otherwise problems arrive when a username contains characters such as an `@`

Fixes https://github.com/owncloud/user_shibboleth/issues/38
2015-02-27 17:38:59 +01:00
Lukas Reschke 27c1409be5 Encode parameters in `OC.generateUrl` by itself
This function is often used in a wrong and potential dangerous way... Thus we should escape the URL per default and offer developers to disable the automatic escaping via an option parameter if they really want that behaviour.

Might break some things, however, those things are then easy to fix and we really have a ton of bugs caused by this...

Fixes https://github.com/owncloud/core/issues/14228
2015-02-17 14:41:06 +01:00
Vincent Petry e8f16db49d Merge pull request #13866 from rullzer/avatar_share_dialog
Avatars in share dialog
2015-02-17 10:17:36 +01:00
Roeland Jago Douma 9a6da8e6e2 Extended avatar unit tests 2015-02-13 12:57:24 +01:00
Roeland Jago Douma ecb7d44775 Small unit test rewrite 2015-02-12 17:05:59 +01:00
Roeland Jago Douma e952687dcd Added unit test 2015-02-12 16:50:14 +01:00
Thomas Müller ccc1f09627 generate valid human readable text for 0 - fixed #9342 2015-01-29 17:27:28 +01:00
Joas Schilling 3f8e850dc6 Indicate that the share owner is remote in the filelist 2015-01-27 12:32:32 +01:00
Vincent Petry c897a14d56 Fix reshare permission issue
The actual share permissions sent to the server on reshare are now based
on possiblePermissions + permissions inherited from parent share
2015-01-09 15:19:53 +01:00
Morris Jobke 8e1904386f Add timeout for notifications
* options for timeout in seconds and if it contains HTML
* if timeout is 0 it will show the message permanently
* removes the notification after a given (default: 5 seconds) timeframe
* based on work by @brantje
* provide JS unit tests for notifications
2015-01-08 13:06:45 +01:00
Morris Jobke bfdf0db7c0 Autoescape of placeholders in t() and p() - for JS
* add disableEscape parameter to disable this functionality
* drop usage of escapeHTML() that is now done inside t()
* add unit test for escaped and not escaped placeholder
* proper JSDoc
2015-01-07 12:56:32 +01:00
Morris Jobke 29e1c3a898 Merge pull request #12795 from owncloud/files-layoutchanges
Move file thumbnail element into the label tag
2014-12-13 09:00:43 +01:00
Robin Appelman 3bf0922b13 Merge pull request #12527 from owncloud/js-pluginsystem
Simple Plugin system for Javascript
2014-12-12 11:43:31 +01:00
Vincent Petry 81e9d43e23 Move file thumbnail into the label element 2014-12-11 18:21:25 +01:00
Joas Schilling 539c0aeb04 Add an option to disallow sending sharing emails to non-owncloud users
Fix #10836
2014-12-09 11:32:39 +01:00
Vincent Petry c02ef69521 Simple Plugin system for Javascript 2014-12-01 16:20:44 +01:00
Vincent Petry ffe57d89e4 Fix l10n promises 2014-11-19 17:02:17 +01:00
Vincent Petry 152da9796b Added function to load translations from JS
For apps that support async translation loading, a new function
OC.L10N.load() can be used to asynchronously load the translations
for a given app.
2014-11-18 12:20:01 +01:00
Vincent Petry ec1a73fab9 Added OC.L10N namespace with translation functions
Added addTranslations and fixed de.js file

Fixed de.js to use OC.L10N.register() and use to correct expected
format.

Added JS unit tests for OC.L10N class

Include translations JS script for all apps
2014-10-29 10:09:12 +01:00
Lukas Reschke d2743e6ad6 Merge pull request #7254 from owncloud/core-sortalgo
Fixed JS sort comparator to be consistent between JS and PHP
2014-09-16 17:29:03 +02:00
Thomas Müller fd92fc7c47 Merge pull request #9753 from owncloud/filepath-css
Remove special case for css in OC.filePath
2014-09-09 13:59:19 +02:00
Lukas Reschke e3c99a8505 Add beforeeach and aftereach 2014-09-09 13:08:50 +02:00
Lukas Reschke cabd70148f Add unittest for filePath 2014-09-09 12:05:19 +02:00
kondou 2a4c51389c Use a route instead of s.php and convert tokens asap 2014-09-04 15:23:55 +02:00
Clark Tomlinson ba0e65753b Init vars with a value if none is provided 2014-08-28 13:53:45 -04:00
Vincent Petry 98d06094e7 Fix share dropdown when links are not allowed
When links are not allowed, the email field does not exist and
autocomplete returns null. This causes Javascript errors.

The fix prevents entering the bogus block when links aren't allowed, as
it doesn't make sense to enter it in such cases anyway.
2014-08-21 13:49:02 +02:00
Vincent Petry 607ea636be Fixed folder icon update routine when share owner exists
Whenever a folder has a "data-share-owner" attribute, the icon is now
properly updated to a shared folder icon.
2014-08-15 16:19:50 +02:00
Vincent Petry f2001a48a4 Fixed sort algo for additional cases 2014-08-11 13:28:53 +02:00
Vincent Petry 173059f6d0 Fixed file list sorting
Now using a natural sort algorithm that is more consistent between JS
and PHP (although not perfect in some corner cases)

- added OC.Util.naturalSortComparator that uses the same algo that was
  used for the user list
- changed user list and files list to use OC.Util.naturalSortComparator
- removed toLowerCase() and changed the comparator to use
  String.localeCompare()
- added unit tests
- added OC_NaturalSort that is used by OCP\Util::naturalSortCompare()
2014-08-11 13:28:53 +02:00
Bjoern Schiessle 76ab097ee2 update unit test, min date should be always today + 1 2014-08-08 13:58:56 +02:00
Vincent Petry 4fea521102 Fix enforced share expiration date to be based on share time 2014-07-21 15:01:20 +02:00
Thomas Müller 7159d6118e reduce share action text to the user name only 2014-07-14 21:11:50 +02:00
Vincent Petry 5e4835f9e9 Improved remote share owner display
The parts of the remote share owner name is now split between user name,
domain name and root so they can be formatted / displayed differently.

The user name + domain name are displayed in the tooltip.
2014-07-03 14:15:25 +02:00
Vincent Petry d9d816bd98 Unit tests for share dropdown with nested link share 2014-06-27 18:21:02 +02:00
Vincent Petry 6a0f5cfc61 Added unit tests for heartbeat interval min/max values 2014-06-12 18:42:09 +02:00
Thomas Müller 1c20c72efe Merge pull request #8620 from owncloud/design-navigation-two
Toggle app navigation not only on mobile, but on desktop as well
2014-06-05 10:53:22 +02:00
Morris Jobke e186871996 fix unit test template 2014-06-05 09:46:19 +02:00
Morris Jobke e3cbcadbd8 fix first failing test 2014-06-05 00:40:15 +02:00
Morris Jobke ca43fba513 Merge pull request #8791 from owncloud/share-overview-sharewithstatus
Update share action text to display owner/recipients
2014-06-04 17:04:30 +02:00
Vincent Petry 52d9e313d1 Remove obsoleted code to trigger navigation menu
Now that the navigation menu is always togglable, the media query
dependent code can be removed.
2014-06-04 14:38:24 +02:00
Vincent Petry 07f1b263c9 Use recipient display names when updating shares in the UI
Since OC.Share didn't have any array containing the list of shares for
the current file, OC.Share.currentShares has been introduced to contain
the full share item structure instead of the reduced one
OC.Share.itemShares.

The event "sharesChanged" is now passing OC.Share.currentShares, which
itself includes the display name to be displayed for the recipients in
the action icon.
2014-06-04 10:37:04 +02:00
Morris Jobke 5add56b6ca Merge pull request #7485 from owncloud/scrutinizer_fix_1_kondou
Scrutinizer cleanup
2014-06-03 07:44:52 +02:00
Frank Karlitschek f12a5248a3 Merge pull request #8820 from owncloud/design-details
Design details
2014-06-02 21:26:43 +02:00
kondou 9bc3f3cf30 Scrutinizer cleanup 2014-06-02 21:09:41 +02:00
Morris Jobke fbe42a771f fix unit tests after introduction of animations - adds delays for click trigger 2014-06-02 18:09:41 +02:00
Vincent Petry 0944565f60 More unit tests and fixes for share 2014-06-02 18:08:56 +02:00
Morris Jobke dd8b7b7af8 Merge pull request #8613 from owncloud/filesize-alignment
Improve aligment of file size
2014-06-02 17:37:53 +02:00
Morris Jobke 5d457dafc1 display "<1 kB" for really small files
* added parameters for humanFileSize to trigger that behaviour
* add unit tests for that
2014-06-02 15:33:09 +02:00
Morris Jobke 27c8c87e94 Merge pull request #8187 from owncloud/escape-more-character
Also encode > and '
2014-06-02 10:59:47 +02:00
Lukas Reschke 603b6c13b4 Fix typo 2014-05-31 21:11:29 +02:00
Lukas Reschke 360a79b8f4 Add unit tests for escapeHTML 2014-05-28 22:14:05 +02:00
Vincent Petry 627eba5348 Added ground work for OC.Share unit tests 2014-05-13 11:15:06 +02:00
Vincent Petry 9f62059efa Fix file summary to use the whole file list
- moved the summary code into a new class FileSummary
- FileSummary is calculated only once, then updated with add/remove
- added new OC.Util namespace for JS utility functions
2014-04-28 14:49:39 +02:00
Vincent Petry f84d66a24f Moved SVGSupport call to use OC.Util.SVGSupport() 2014-04-09 15:23:09 +02:00
Vincent Petry a4eafca77f Moved code to replace svg with png to OC.Util
- Moved code that replaces the "svg" extension for the given file to
core as OC.Util.replaceSVGIcon.
- Added unit test for OC.Util.replaceSVGIcon
- Moved "replaceSVG" to OC.Util.replaceSVG and deprecated the global
"replaceSVG" function.
- Added alias for SVGSupport() as OC.Util.hasSVGSupport() (for now)
2014-04-04 11:34:26 +02:00
Vincent Petry 268206cec5 Fixed parseQueryString to handle empty values and plus signs
- now correctly parse query strings with '+' signs
- empty values are now parsed either as null or empty string
- added unit test for parseQueryString()
2014-04-01 23:02:34 +02:00
Vincent Petry cc6c152984 Fixed matchMedia usage to make unit tests work in PhantomJS
PhantomJS has a bug that makes it impossible to properly stub
window.matchMedia. This fix adds a wrapper as OC._matchMedia
that is used for unit tests
2014-03-18 15:52:06 +01:00
Vincent Petry fe04106e0f Add/remove main menu action when switching between desktop/mobile mode 2014-03-18 13:10:13 +01:00
Morris Jobke 5f0a22586f Merge pull request #7579 from owncloud/introduce-generateUrl-master
Introduce OC.generateUrl() in master
2014-03-06 15:07:28 +01:00
Thomas Müller b46517f012 adding js unit tests for OC.generateUrl() 2014-03-06 00:26:57 +01:00
Thomas Müller 33b798c3d6 fixing js unit tests 2014-03-05 01:10:39 +01:00
Vincent Petry 3d88b10f20 Merge pull request #7067 from owncloud/core-sessionheartbeatconfig
Core sessionheartbeatconfig
2014-02-05 10:03:36 +01:00
Thomas Müller ced80c6f27 Merge pull request #6969 from owncloud/tests-morecoverage
Fixed unit test scripts + coverage
2014-02-04 12:21:13 -08:00
Vincent Petry e75f7e58e9 Added unit tests for session_keepalive / heartbeat 2014-02-04 13:56:41 +01:00
Vincent Petry 63cca35baa Added core unit tests for basename and dirname
Note that it doesn't work 100% like the PHP functions so the tests
have TODO comments to fix those core functions eventually.
2014-01-30 13:22:16 +01:00
Vincent Petry 41b6d4b702 Added OC.buidQueryString() utility function
Makes it possible to create query strings by passing a JavaScript hash
map and automatically encodes the keys and values.
2014-01-24 12:44:31 +01:00
Vincent Petry 350214c609 Added Javascript unit tests
- added karma utility to run jasmine unit tests
- added Sinon library (for stubs/mocks/fakeserver)
- added a few unit tests for core and files
- added autotest-js.sh script
2014-01-16 17:12:29 +01:00