Commit Graph

1556 Commits

Author SHA1 Message Date
Vincent Petry 995a825dac Make JS Webdav work again with IE9-IE10 2016-02-05 14:48:10 +01:00
Thomas Müller f9aa5d2971 Merge pull request #22133 from owncloud/add-check-for-content
Add check for content
2016-02-04 17:40:31 +01:00
Thomas Müller e22b2d8b63 Merge pull request #22130 from owncloud/fix-jsunit-filesclient
Fix jsunit filesclient
2016-02-04 16:49:58 +01:00
Lukas Reschke 5ba6148bfe Add check for content
The response may be a redirect which is always followed by jQuery. Thus leading to false positives depending on the server configuration (e.g. when it issues a 302)

To prevent that there is also a check performed on the response content.
2016-02-04 16:13:27 +01:00
Vincent Petry 23f0515771 Fix JS DAV files client unit tests
Instead of trying to mock the promise, just stub davclient.js' request
object.
2016-02-04 15:39:18 +01:00
Vincent Petry 8782004742 Small fixes in Dav files client
Remove double leading slash in path.
Add utf-8 in default content type.
2016-02-04 15:38:54 +01:00
Faruk Uzun 6ffd8f3e0d Introduce some mimetypes for richdocuments
* application/vnd.lotus-wordpro
* application/vnd.visio
* application/vnd.wordperfect
* application/msonenote
2016-02-04 13:48:21 +02:00
Roeland Jago Douma aef43816c2 host and hostname are different things
host can contain the port (host of http://example.com:1234 is
example.com:1234) while hostname never contains a port. They can however
be similar. If you navigate to http://example.com then both host and
hostname will be example.com.

* Fixed docs
* added getHostName function
2016-02-03 11:28:07 +01:00
Vincent Petry d81c00304f Fix parsing empty Webdav property nodes
Return empty string instead of undefined
2016-02-02 18:01:15 +01:00
Vincent Petry 3b581b051f Expose display name in JS side
Adds a new method `OC.getCurrentUser` to get both the user id and
display name Could be used for a future Js
2016-02-02 18:01:15 +01:00
Vincent Petry 29386eccf9 Add pagination support for comments GUI 2016-02-02 18:01:15 +01:00
Vincent Petry 22be3867f1 Allow creating tags where another one with same prefix exists
When creating a new entry, compare the full tag name and not only the
prefix.
2016-02-02 10:42:35 +01:00
Vincent Chan 59cfeae2cd changed variables to lowercase 2016-02-02 10:32:50 +01:00
Vincent Chan faf48e42b7 Move data protection check to javascript
fixes #20199
2016-02-01 18:57:58 +01:00
Thomas Müller e23cd35019 Merge pull request #21953 from owncloud/make-enable_avatars-more-robust
Make enable_avatars setting more robust
2016-02-01 14:08:40 +01:00
matthias-g 41c87531ff Update explanation of how to enable debug mode 2016-01-30 18:26:10 +01:00
Thomas Müller 45609d95d4 Merge pull request #21992 from owncloud/share-dialog-error-handling
Properly forward error messages in share dialog
2016-01-29 14:42:57 +01:00
Joas Schilling c925bfdcd6 Trim tag names to avoid problems 2016-01-28 20:41:47 +01:00
Vincent Petry df3f6fee10 Properly forward error messages in share dialog 2016-01-28 17:18:33 +01:00
Vincent Petry 7e1de0e3c2 Fix share default expiration date calculation
Now using UTC dates with moment js to accurately add the number of days
2016-01-28 15:25:34 +01:00
Vincent Petry b063ddb05b Share dialog use OCS API 2016-01-28 15:25:34 +01:00
Thomas Müller de8852a760 Merge pull request #21958 from owncloud/systemtags-style
Use boxes for system tags, shorten permission text
2016-01-28 12:54:52 +01:00
Vincent Petry 1473e156f4 Use boxes for system tags, shorten permission text
Permission text now doesn't appear when all permissions are there, or
shows as "invisible" or "not assignable", which should better cover all
use cases.

Changed select2 style to use boxes in the input field.
2016-01-28 11:24:13 +01:00
Morris Jobke 1601d9235a Make enable_avatars setting more robust
* handles the setting in the same way everywhere
* fixes #21949
2016-01-27 15:17:25 +01:00
Vincent Petry 714d8c2424 Fix system tags conflict situations
Does not disrupt the UX whenever a tag or association was created
concurrently. The input field will adjust itself as if the tag was
already there in the first place.
2016-01-27 15:09:59 +01:00
Vincent Petry cfba90a78d Fix system tags proppatch with booleans
Backbone webdav adapter now converts booleans and ints to strings.

Fixed system tags to use "true" / "false" strings for booleans instead
of 1 / 0.
2016-01-27 11:09:43 +01:00
Joas Schilling 4ea0d3c05d Deprecate getFirstWeekDay() and getDateFormat() in favor of l() 2016-01-26 14:02:31 +01:00
Vincent Petry 0a1350d5ac System tags sidebar selector now respects permissions
For admins: display the namespace behind the tag name.
For users: no namespace, don't display non-assignable tags in the
dropdown, display already assigned non-assignable tags with a different
style
2016-01-25 10:45:02 +01:00
Vincent Petry d4198607ec Expose whether user is an admin through a method
Which is nicer than an obscure global variable
2016-01-25 10:07:47 +01:00
Thomas Müller 44043cb1d7 Merge pull request #21811 from owncloud/fix-unauthenticated-avatar
Show default placeholder if avatar image can't be fetched
2016-01-25 10:01:23 +01:00
Joas Schilling f108dbfa6a Move getDescriptiveTag to core 2016-01-21 15:56:25 +01:00
Morris Jobke b188de242e Show default placeholder if avatar image can't be fetched
* fixes owncloud/documents#601
* ref #14564
2016-01-20 15:18:57 +01:00
Vincent Petry ffba6d0a7e Added system tags GUI in sidebar
Added files details sidebar panel to assign/unassign/rename/delete
system tags.
2016-01-19 16:24:26 +01:00
Vincent Petry 8d41cbb97a Implement toggleselect extension for select2
To make it possible to toggle selected values inside the dropdown
2016-01-19 16:24:26 +01:00
Morris Jobke 6e096936e5 update JS humanFileSize to use KB instead of kB 2016-01-19 10:51:57 +01:00
Joas Schilling 50557b19b6 Run the command once again 2016-01-18 11:13:25 +01:00
Vincent Petry 857c316bda Backbone transport for Webdav 2016-01-16 11:28:04 +01:00
Thomas Müller b1ee51f255 Merge pull request #21630 from owncloud/add-some-security-headers-as-hardening
Add X-Download-Options and X-Permitted-Cross-Domain-Policies
2016-01-13 10:33:58 +01:00
Thomas Müller c5a200c419 Merge pull request #21653 from owncloud/update-license-headers-2016
Update license headers 2016
2016-01-13 08:29:42 +01:00
Thomas Müller 682821c71e Happy new year! 2016-01-12 15:02:18 +01:00
Thomas Müller 2493cfede9 Merge pull request #21640 from owncloud/add-config-to-disable-wellknown-check
Add config switch to disable the .well-known URL check
2016-01-12 14:46:09 +01:00
Lukas Reschke 4d0dcd3c53 Add X-Download-Options and X-Permitted-Cross-Domain-Policies
Two small security hardenings for our IE users and those with Adobe products. Aligns it more with https://github.com/twitter/secureheaders#secureheaders---
2016-01-12 10:37:16 +01:00
Morris Jobke 8b6b042ffd Add config switch to disable the .well-known URL check 2016-01-12 09:53:23 +01:00
Morris Jobke a6c7cdd75e Show the well-known URL check as info instead of error
* ref https://github.com/owncloud/core/pull/21562#issuecomment-170344549
2016-01-12 09:18:20 +01:00
Morris Jobke 0161928fc3 Add check for .well-known URL in the root of the webservers URL
* fixes #20012
2016-01-08 23:27:29 +01:00
Joas Schilling 334a6d57a3 Check the correct config for displaying the "notify by email" option 2016-01-08 14:15:06 +01:00
Roeland Jago Douma 6bd15856b2 Added js tests for the Sharee API usage 2015-12-30 10:46:19 +01:00
Roeland Jago Douma 49031e0744 Fix unit tests 2015-12-30 08:58:04 +01:00
Roeland Jago Douma f99fcd5dd6 Filter out share owner in sharee suggestion list 2015-12-30 08:58:04 +01:00
Roeland Jago Douma fa7996aa8a Web sharing uses sharee endpoint 2015-12-30 08:58:04 +01:00
Thomas Müller 9c4ab51735 Merge pull request #21364 from owncloud/bring_back_icons_filepicker
Get the icon in javascript for the filepicker
2015-12-28 10:21:58 +01:00
Roeland Jago Douma 2fc458479e [Avatars] Calculate 'sane' hue precissions
We used to get the numeric value of the entrire md5 string which is a
128bit integer. We would then devide this by the maxval of a 128bit int.

There is no need for such huge computations. As we just require a value
between 0 and 255. Thus using two 16 bit values is more than enough to
get the precision we need. By just taking the MSB we get nearly
identical results.
2015-12-24 10:50:12 +01:00
Roeland Jago Douma 9be43e10af Since the server no longer calculates the icon
The server no longer calculates the icon. So we have the js side do it
for us.
2015-12-24 08:59:32 +01:00
Lukas Reschke cebeb0e052 Fix unit tests
Fixes https://github.com/owncloud/core/issues/21345
2015-12-23 09:11:22 +01:00
Renaud Fortier 83899a5fa1 add _blank to href 2015-12-21 13:28:32 -05:00
Morris Jobke ed98cdf532 Use OCP\Util::getVersion instead of the internal private implementation 2015-12-18 15:26:54 +01:00
Roeland Jago Douma c64e827f00 Since avatar.js is now essentially empty remove it 2015-12-17 16:32:18 +01:00
Roeland Jago Douma 6248bad0f7 Add a default size to the avatar placeholders
This removed the need to do an avatar request on the "empty" row in the
user settings.
2015-12-17 16:30:23 +01:00
Thomas Müller 3bcaaa6c3a Merge pull request #21259 from owncloud/load_big_avatar_only_personal
Only load the big (128x128) avatar on the perosnal page
2015-12-17 16:07:50 +01:00
Thomas Müller 1285b78086 Merge pull request #21200 from owncloud/files-authorizationheader
Use Authorization headers for public webdav in web UI
2015-12-17 15:30:13 +01:00
Roeland Jago Douma a81836a42f Only load the big (128x128) avatar on the perosnal page
Before the code was executed on every page if a user was logged in. Now
only on the personal page. Thus saving a request on all other pages.
2015-12-17 13:55:22 +01:00
Vincent Petry 181ba7b4e1 Fix files UI mtime parsing from webdav 2015-12-16 17:44:16 +01:00
Vincent Petry ab9849e72f Use Authorization headers for public webdav instead of URL
Instead of prepending the token as username in the URL, use the
Authorization header instead. This is because IE9 considers this a
cross-domain call and refuses to do it in the first place.
2015-12-14 17:42:13 +01:00
Roeland Jago Douma e8d5eb65c6 Files can't have create permissions
Fixes #20839
2015-12-11 22:28:26 +01:00
Thomas Müller d6276faff6 Merge pull request #21014 from owncloud/share-unsharelinkpapercut
Fix unshare link click element
2015-12-08 08:39:33 +01:00
Thomas Müller b15d77c934 Merge pull request #21015 from owncloud/update-redirecttocorrectpage
Redirect to correct URL after updating
2015-12-07 19:55:45 +01:00
Thomas Müller 4100263bd6 Merge pull request #20996 from owncloud/issue-12215-remove-password-reset-when-not-possible
Issue 12215 remove password reset when not possible
2015-12-07 19:55:26 +01:00
Vincent Petry 69ab047f89 Redirect to correct URL after updating
Now requires a trailing slash to make sure we don't land on the
forbidden page.
2015-12-07 18:08:00 +01:00
Vincent Petry 5567b6cee2 Fix unshare link click element
When clicking on the unshare link (trash icon), the correct link element
needs to be used instead of whatever child was clicked. Then, that
element might contain a visible loading icon.

This fixes the spinner detection and also prevents a full page reload in
case the spinner was visible.
2015-12-07 17:58:17 +01:00
Vincent Petry 6735005be0 Fix duplicate bogus share field when link sharing is not allowed
Whenever link share is not allowed, it was outputting a bogus sharing
field which name would conflict with the regular sharing field.

This fix makes sure that the bogus sharing field with "Resharing not
allowed" message only appears when triggered by removed share
permissions.
2015-12-07 16:53:56 +01:00
Joas Schilling 87bc02c6cd Allow specifying a custom reset-password-url 2015-12-07 15:41:40 +01:00
Thomas Müller 9c550a07ed OC.FilePath has still a valid use case when generating paths to static files what for generateUrl cannot be used for - closes #15604 2015-12-07 12:23:42 +01:00
Thomas Müller f3d49a89fe Merge pull request #11131 from owncloud/use-phpini-wrapper
Replacing ini_get instances with inigetwrapper usages
2015-12-07 10:20:59 +01:00
Roeland Jago Douma 50d862e5d1 [Avatars] JS should not load same avatar twice
Old code first dit an ajax request to the avatar. Then a new image
object with the same src was created and since we do not cache avatars
yet :(  this resulted in 2 sequential requests to the exact same URL

Now if you set the displayname it will first set the placeholder and
then load the avatar in the background. Only once this time!
2015-12-04 10:42:11 +01:00
Lukas Reschke 2515cb17be Support pretty URLs
This changeset allows ownCloud to run with pretty URLs, they will be used if mod_rewrite and mod_env are available. This means basically that the `index.php` in the URL is not shown to the user anymore.

Also the not deprecated functions to generate URLs have been modified to support this behaviour, old functions such as `filePath` will still behave as before for compatibility reasons.

Examples:
http://localhost/owncloud/index.php/s/AIDyKbxiRZWAAjP => http://localhost/owncloud/s/AIDyKbxiRZWAAjP
http://localhost/owncloud/index.php/apps/files/ => http://localhost/owncloud/apps/files/

Due to the way our CSS and JS is structured the .htaccess uses some hacks for the final result but could be worse... And I was just annoyed by all that users crying for the removal of `index.php` ;-)
2015-12-01 16:46:07 +01:00
Lukas Reschke 4971015544 Add code integrity check
This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository.

Furthermore, there is a basic implementation to display problems with the code integrity on the update screen.

Code signing basically happens the following way:

- There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release 😉). This certificate is not intended to be used for signing directly and only is used to sign new certificates.
- Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`,  apps need to be signed with a certificate that either has a CN of `core` (shipped apps!)  or the AppID.
- The command generates a signature.json file of the following format:
```json
{
    "hashes": {
        "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d",
        "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9"
    },
    "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----",
    "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl"
}
```
`hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the  certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`.

Steps to do in other PRs, this is already a quite huge one:
- Add nag screen in case the code check fails to ensure that administrators are aware of this.
- Add code verification also to OCC upgrade and unify display code more.
- Add enforced code verification to apps shipped from the appstore with a level of "official"
- Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release
- Add some developer documentation on how devs can request their own certificate
- Check when installing ownCloud
- Add support for CRLs to allow revoking certificates

**Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature:

```
➜  master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt
Successfully signed "core"
```

Then increase the version and you should see something like the following:

![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png)

As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen.

For packaging stable releases this requires the following additional steps as a last action before zipping:
1. Run `./occ integrity:sign-core` once
2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
2015-12-01 11:55:20 +01:00
Vincent Petry b1ca431852 Fix for parsing pretty printed Webdav responses
Update davclient.js + adjust IE workaround for this
2015-11-24 15:26:53 +01:00
Clark Tomlinson 9caf4ffbfc Replacing ini_get instances with inigetwrapper usages 2015-11-23 14:12:31 +01:00
Vincent Petry a05e40932c Now using IE8 workaround of davclient.js for all IE versions 2015-11-22 16:05:52 +01:00
Vincent Petry 7ec83fc9fb Fix OC.FileInfo to copy all properties
This makes it possible to also store custom properties passed through
the data object like tags or shareOwner.
2015-11-22 16:05:50 +01:00
Vincent Petry a1d0682ef8 Use oc:fileid property instead of oc:id 2015-11-22 16:05:51 +01:00
Thomas Müller ab1d786d87 Fix port issue - options.host already has the port attached 2015-11-22 16:05:51 +01:00
Vincent Petry dc8ce87a26 Query tags/favorite through Webdav in file list 2015-11-22 16:05:50 +01:00
Vincent Petry fa2be0750c Make files app use Webdav for most operations 2015-11-22 16:05:50 +01:00
Vincent Petry f120846e29 Added OC.Files.Client Webdav-based files client 2015-11-22 16:05:49 +01:00
Vincent Petry fb3d5c7856 Add evert's davclient.js + es6-promise + IE8 workaround
- Add davclient.js lib
- Add es6-promise required by that lib
- Wrote IE8 workaround lib/shim for davclient.js
2015-11-22 16:05:49 +01:00
Joas Schilling 78c456b895 Allow creating OCS v2 links in JS 2015-11-16 14:23:43 +01:00
Vincent Petry a2cd9708f6 Set "ie" CSS class for IE10, IE11
Fixed border in file action menu
2015-11-10 17:04:52 +01:00
Joas Schilling f04151f69b Close the user menu when clicking it again 2015-11-02 10:09:13 +01:00
Morris Jobke b32e6fbb62 [tags] remove unneeded variables 2015-10-30 10:02:15 +01:00
Thomas Müller 774d069ff0 Merge pull request #20122 from owncloud/files-consolidateiconupdate
Fix icon update to be more consistent
2015-10-29 15:40:15 +01:00
Vincent Petry 9c9158e6b7 Fix icon update to be more consistent
Makes the details bar show the same icon as in the list.
2015-10-29 12:59:51 +01:00
Tom Needham 628e4a9daf Add sharee list view js tests 2015-10-29 09:01:47 +01:00
Thomas Müller 588a668455 Merge pull request #20082 from owncloud/phil-davis-sharedialogviewspec-typos
sharedialogviewSpec.js couple of text typos
2015-10-27 20:04:05 +01:00
Thomas Müller c15b2094e5 Merge pull request #20078 from owncloud/tipsy-body
Append tipsys to body
2015-10-27 15:08:25 +01:00
Phil Davis 89ab505c7b sharedialogviewSpec.js couple of text typos
I noticed a new typo in 15ef39d5b9 and looked for others while I am here.
2015-10-27 17:11:49 +05:45
Hendrik Leppelsack 5a01dc44d6 append tipsys to body 2015-10-27 11:22:41 +01:00
Vincent Petry 0d98e5e456 [IE9] Don't send link share password placeholder
When exiting the password field in the share dialog, IE9 would
mistakenly think that the password has changed and would send the
placeholder.

This fix prevents changing the password whenever the placeholder is set
as value.
2015-10-26 17:45:21 +01:00
Thomas Müller 23e51c37cf Merge pull request #20049 from owncloud/make-author-file-complete
Generate author file by license.php build script
2015-10-26 17:14:06 +01:00
Lukas Reschke 8f09d5b67c Update license headers 2015-10-26 14:04:01 +01:00