Commit Graph

28671 Commits

Author SHA1 Message Date
Thomas Müller c35a450cb1 Merge pull request #20896 from owncloud/reduce-oc_config-usage
Reduce OC_Config usage in lib/
2015-12-02 15:44:25 +01:00
Morris Jobke baecfc4080 Reduce OC_Config usage in lib/
* replaced by proper public interfaces
2015-12-02 14:49:40 +01:00
Thomas Müller 7f8744f576 Merge pull request #20895 from owncloud/reduce-legacy-footprint-apps-management
Remove OC_Config from app management template
2015-12-02 14:49:20 +01:00
Morris Jobke 0a6db3ada6 Remove OC_Config from app management template
* add unit test for this case
2015-12-02 14:35:38 +01:00
Thomas Müller 8d218bf3ef Merge pull request #20875 from owncloud/remove-changepropagator
remove old propagation logic
2015-12-02 13:03:31 +01:00
Morris Jobke 891f4f6d9c Merge pull request #20891 from owncloud/check-for-cli
Execute only for web and not for CLI
2015-12-02 12:56:15 +01:00
Lukas Reschke 4d9af08f12 Execute only for web and not for CLI 2015-12-02 11:49:33 +01:00
Lukas Reschke 361093fb7b Merge pull request #20889 from owncloud/fix-logout-for-bjoern
Ensure trailing slash in URIs
2015-12-02 11:41:00 +01:00
Lukas Reschke 09d9e430d8 Add a trailing slash to generated URLs 2015-12-02 11:27:07 +01:00
Lukas Reschke 125b7e7512 Ensure that ownCloud is always accessed with a trailing slash 2015-12-02 11:26:41 +01:00
Thomas Müller d4abbb10d3 Merge pull request #20884 from owncloud/fix_20713
Respect disabled incoming federated shares
2015-12-02 10:56:59 +01:00
Thomas Müller 812a390f32 Merge pull request #20879 from owncloud/check-if-rewrite-base-is-set-if-rewrite-is-active
Check if rewrite base is set if rewrite is active
2015-12-02 10:56:44 +01:00
Morris Jobke 65b4d97a2a fix indentation 2015-12-02 10:51:52 +01:00
Thomas Müller 438d0be844 Merge pull request #20867 from owncloud/add-quota-behat-test
Add quota behat test
2015-12-02 10:13:15 +01:00
Thomas Müller c46ea30248 Merge pull request #20865 from owncloud/post-delete-meta
Add metadata to post delete hooks
2015-12-02 10:12:54 +01:00
Thomas Müller f840d8dee7 Merge pull request #20874 from owncloud/allow-di-mimetypedetector
Allow DI for OCP\Files\IMimeTypeDetector
2015-12-02 10:12:35 +01:00
Thomas Müller 0bd0212731 Merge pull request #20877 from owncloud/fix-empty-expirationDate
Check the expiration date for null
2015-12-02 10:12:16 +01:00
Roeland Jago Douma 1e19661daa [Sharing] Respect disabled incoming federated shares
Only fetch the incoming federated shares if incoming shares are actually
enabled.

Fixes #20713
2015-12-02 09:00:21 +01:00
Jenkins for ownCloud 4f4b91a9ec [tx-robot] updated from transifex 2015-12-02 02:00:28 -05:00
Roeland Douma 9baa96a5ae Merge pull request #20883 from owncloud/avatar_di
DI in avatar code
2015-12-02 07:48:35 +01:00
Roeland Jago Douma b00db2c933 DI in avatar code
* DI in avatar code
* Use the node API
* More unit tests
* Unit tests no longer require DB
2015-12-01 22:15:43 +01:00
Lukas Reschke 6a067b1ec9 Set RewriteBase to / if OC::WEBROOT is not set 2015-12-01 22:03:25 +01:00
Lukas Reschke a936107c5c Append PATH_INFO to ensure that file can be loaded on update 2015-12-01 20:15:45 +01:00
Lukas Reschke f87dca95f1 Disable MultiView + DirectorySlash
Required for routes that might otherwise collide with existing folders on the system
2015-12-01 19:57:03 +01:00
Lukas Reschke 002e719789 Set "SetEnv" within base `.htaccess` file
mod_rewrite as used by the front controller may require a `RewriteBase` in case the installation is done using an alias. Since we cannot enforce a writable `.htaccess` file this will move the `front_controller_active` environment variable into the main .htaccess file. If administrators decide to have this one not writable they can still enable this feature by setting the `front_controller_active` environment variable within the Apache config.
2015-12-01 19:06:48 +01:00
Morris Jobke 3061e5d2fc Check the expiration date for null
* null is always less than any value -> expirationDate gets null
  which is "no date set"
* ref https://github.com/owncloud/core/issues/20590#issuecomment-158393075
2015-12-01 17:43:05 +01:00
Lukas Reschke 8931ba4a0d Merge pull request #14081 from owncloud/use-pretty-urls
Support pretty URLs
2015-12-01 17:17:48 +01:00
Robin Appelman 62cc316c6a remove old propagation logic 2015-12-01 16:50:20 +01:00
Joas Schilling 44852ce324 Allow DI for OCP\Files\IMimeTypeDetector 2015-12-01 16:49:20 +01:00
Lukas Reschke 2515cb17be Support pretty URLs
This changeset allows ownCloud to run with pretty URLs, they will be used if mod_rewrite and mod_env are available. This means basically that the `index.php` in the URL is not shown to the user anymore.

Also the not deprecated functions to generate URLs have been modified to support this behaviour, old functions such as `filePath` will still behave as before for compatibility reasons.

Examples:
http://localhost/owncloud/index.php/s/AIDyKbxiRZWAAjP => http://localhost/owncloud/s/AIDyKbxiRZWAAjP
http://localhost/owncloud/index.php/apps/files/ => http://localhost/owncloud/apps/files/

Due to the way our CSS and JS is structured the .htaccess uses some hacks for the final result but could be worse... And I was just annoyed by all that users crying for the removal of `index.php` ;-)
2015-12-01 16:46:07 +01:00
Thomas Müller 74e8c25a5b Merge pull request #20285 from owncloud/add-integrity-checker
Add code integrity checker foundation
2015-12-01 15:27:50 +01:00
Thomas Müller 27da63886f Merge pull request #20710 from owncloud/files_external_config_command
Add command to get and set config for external mounts
2015-12-01 15:27:32 +01:00
Morris Jobke 6baed0c998 fix code style 2015-12-01 14:51:33 +01:00
Morris Jobke e86c847df5 add parameter to call single behat tests 2015-12-01 14:51:33 +01:00
Morris Jobke 83432b3c25 add behat tests for 0 quota upload failure 2015-12-01 14:51:32 +01:00
Thomas Müller d5fe052838 Merge pull request #20868 from owncloud/revert-20842-fix-date-time-column
Revert "Fix column width of mtime column"
2015-12-01 14:30:44 +01:00
Thomas Müller 490e01e383 Merge pull request #20861 from owncloud/systemtags-better-exceptions-docs
Fix the docs of the exceptions and remove hardcoded language from the…
2015-12-01 14:23:00 +01:00
Robin Appelman 1347e3332b return non 0 status code in case of missing mount 2015-12-01 13:47:56 +01:00
Robin Appelman 2dd0066b0e Add command to set mount options for external storages 2015-12-01 13:47:32 +01:00
Robin Appelman d5ffbc9401 Add command to get and set config for external mounts 2015-12-01 13:47:32 +01:00
Morris Jobke 0655f3d102 Revert "Fix column width of mtime column" 2015-12-01 13:45:30 +01:00
Robin Appelman 0d63e95a5d Add metadata to post delete hooks 2015-12-01 13:22:58 +01:00
Thomas Müller cce053f7e9 Merge pull request #20859 from owncloud/autotest-coverage
Make autotest.sh able to output proper coverage again
2015-12-01 12:55:14 +01:00
Joas Schilling 1761fdd9ee Fix the docs of the exceptions and remove hardcoded language from the message 2015-12-01 12:32:50 +01:00
Roeland Jago Douma b4302a49be Make autotest.sh able to output proper coverage again
The usage of single quotes make sure that a string is used verbatim in
bash. And no variables are subsituted.
2015-12-01 12:03:27 +01:00
Lukas Reschke 4971015544 Add code integrity check
This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository.

Furthermore, there is a basic implementation to display problems with the code integrity on the update screen.

Code signing basically happens the following way:

- There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release 😉). This certificate is not intended to be used for signing directly and only is used to sign new certificates.
- Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`,  apps need to be signed with a certificate that either has a CN of `core` (shipped apps!)  or the AppID.
- The command generates a signature.json file of the following format:
```json
{
    "hashes": {
        "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d",
        "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9"
    },
    "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----",
    "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl"
}
```
`hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the  certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`.

Steps to do in other PRs, this is already a quite huge one:
- Add nag screen in case the code check fails to ensure that administrators are aware of this.
- Add code verification also to OCC upgrade and unify display code more.
- Add enforced code verification to apps shipped from the appstore with a level of "official"
- Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release
- Add some developer documentation on how devs can request their own certificate
- Check when installing ownCloud
- Add support for CRLs to allow revoking certificates

**Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature:

```
➜  master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt
Successfully signed "core"
```

Then increase the version and you should see something like the following:

![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png)

As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen.

For packaging stable releases this requires the following additional steps as a last action before zipping:
1. Run `./occ integrity:sign-core` once
2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
2015-12-01 11:55:20 +01:00
Thomas Müller 36660734a6 Merge pull request #20855 from owncloud/output-log-integration-tests
tail the server log and exit with the exit code of behat
2015-12-01 10:21:25 +01:00
Thomas Müller f48ea593eb Merge pull request #20850 from owncloud/use-text-instead-of-html
Use .text instead of .html
2015-12-01 10:18:29 +01:00
Thomas Müller f1bbc9a962 Merge pull request #20853 from owncloud/php-parser-1.4.1
[3rdparty] Bump php-parser
2015-12-01 10:17:17 +01:00
Thomas Müller 21e063a9e7 tail the server log and exit with the exit code of behat 2015-12-01 10:16:46 +01:00