Commit Graph

2822 Commits

Author SHA1 Message Date
Thomas Müller 7fefd4f4d9 Merge pull request #20860 from owncloud/use-user-getEMailAddress-all-over-the-place
User IUser::getEMailAddress() all over the place
2015-12-03 09:21:53 +01:00
Jenkins for ownCloud 5c178a2719 [tx-robot] updated from transifex 2015-12-03 01:55:12 -05:00
Thomas Müller eebe2b9c23 User IUser::getEMailAddress() all over the place 2015-12-02 21:25:05 +01:00
Morris Jobke 0a6db3ada6 Remove OC_Config from app management template
* add unit test for this case
2015-12-02 14:35:38 +01:00
Jenkins for ownCloud 4f4b91a9ec [tx-robot] updated from transifex 2015-12-02 02:00:28 -05:00
Lukas Reschke 4971015544 Add code integrity check
This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository.

Furthermore, there is a basic implementation to display problems with the code integrity on the update screen.

Code signing basically happens the following way:

- There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release 😉). This certificate is not intended to be used for signing directly and only is used to sign new certificates.
- Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`,  apps need to be signed with a certificate that either has a CN of `core` (shipped apps!)  or the AppID.
- The command generates a signature.json file of the following format:
```json
{
    "hashes": {
        "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d",
        "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9"
    },
    "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----",
    "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl"
}
```
`hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the  certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`.

Steps to do in other PRs, this is already a quite huge one:
- Add nag screen in case the code check fails to ensure that administrators are aware of this.
- Add code verification also to OCC upgrade and unify display code more.
- Add enforced code verification to apps shipped from the appstore with a level of "official"
- Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release
- Add some developer documentation on how devs can request their own certificate
- Check when installing ownCloud
- Add support for CRLs to allow revoking certificates

**Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature:

```
➜  master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt
Successfully signed "core"
```

Then increase the version and you should see something like the following:

![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png)

As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen.

For packaging stable releases this requires the following additional steps as a last action before zipping:
1. Run `./occ integrity:sign-core` once
2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
2015-12-01 11:55:20 +01:00
Thomas Müller f48ea593eb Merge pull request #20850 from owncloud/use-text-instead-of-html
Use .text instead of .html
2015-12-01 10:18:29 +01:00
Jenkins for ownCloud 8421a43df1 [tx-robot] updated from transifex 2015-12-01 01:55:07 -05:00
Lukas Reschke 3ea654d2d4 Use .text instead of .html
Makes some static source code analyzers happier.
2015-11-30 23:49:27 +01:00
Jenkins for ownCloud 5a9b892b2e [tx-robot] updated from transifex 2015-11-30 01:55:24 -05:00
Jenkins for ownCloud d305412a35 [tx-robot] updated from transifex 2015-11-28 01:55:16 -05:00
Jenkins for ownCloud 39fb320bae [tx-robot] updated from transifex 2015-11-27 01:55:14 -05:00
Jenkins for ownCloud dd18ea611b [tx-robot] updated from transifex 2015-11-26 01:55:22 -05:00
Jenkins for ownCloud 6e60c0f0c4 [tx-robot] updated from transifex 2015-11-25 01:55:37 -05:00
Jenkins for ownCloud cb69e6c201 [tx-robot] updated from transifex 2015-11-24 01:56:32 -05:00
Thomas Müller bf672d7e51 Merge pull request #20222 from owncloud/federated_sharing_auto_complete
federated sharing auto-complete, first step
2015-11-23 10:42:14 +01:00
Thomas Müller 333232f665 Merge pull request #20559 from owncloud/settings_app_to_controller
[Settings] Moved changedisplayname to usercontroller
2015-11-23 08:36:47 +01:00
Jenkins for ownCloud 56e05a90af [tx-robot] updated from transifex 2015-11-23 01:54:53 -05:00
Jenkins for ownCloud 2321cc4854 [tx-robot] updated from transifex 2015-11-22 01:54:53 -05:00
Jenkins for ownCloud eb42340fa3 [tx-robot] updated from transifex 2015-11-21 01:54:59 -05:00
Roeland Jago Douma 0265bcfdae Moved changedisplayname to usercontroller
Killed the old static route to change a users display name and moved it
to a properly testable controller.
2015-11-20 16:05:43 +01:00
Jenkins for ownCloud 764504de19 [tx-robot] updated from transifex 2015-11-20 01:55:32 -05:00
Björn Schießle 97c60fd217 change 'cronstatus' to 'status' so that it can be used in other apps too 2015-11-19 18:07:10 +01:00
Thomas Müller 4ff34daedb Merge pull request #20533 from owncloud/log-level
clarify log level setting design, fix #20514
2015-11-19 10:41:30 +01:00
Jenkins for ownCloud c10be07c1b [tx-robot] updated from transifex 2015-11-19 01:55:13 -05:00
Jan-Christoph Borchardt 9671103121 clarify log level setting design, fix #20514 2015-11-18 14:04:09 +01:00
Jenkins for ownCloud 5dd59b4bd2 [tx-robot] updated from transifex 2015-11-11 01:55:47 -05:00
Thomas Müller dd153a5625 Merge pull request #20176 from owncloud/font-style
move font back from Light to Regular for body text, fix #18954
2015-11-10 17:52:09 +01:00
Thomas Müller 0c46f75f6a Merge pull request #20436 from owncloud/checkbox
use new checkbox style for Apps mgmt settings
2015-11-10 17:47:24 +01:00
Jan-Christoph Borchardt 83c177fc1b move font back from Light to Regular for body text on normal-res screens, fix #18954 2015-11-10 16:12:42 +01:00
Jan-Christoph Borchardt e9691893b5 use new checkbox style for Apps mgmt settings 2015-11-10 14:31:34 +01:00
Thomas Müller 267d30d4f6 Fix #18072 2015-11-10 10:28:23 +01:00
Thomas Müller a5dd2df384 Merge pull request #20383 from owncloud/fix-setupchecks-messages
Properly detect setup check messages set in the HTML template
2015-11-09 11:10:41 +01:00
Jenkins for ownCloud 113f9f80f3 [tx-robot] updated from transifex 2015-11-09 01:55:05 -05:00
Jenkins for ownCloud f8637b6082 [tx-robot] updated from transifex 2015-11-08 01:55:13 -05:00
Robin McCorkell 6959d5ca22 Properly detect setup check messages set in the HTML template 2015-11-08 00:02:59 +00:00
Morris Jobke fa24d92eea Show the language code in personal settings for unknown languages
Steps to reproduce:
* having an unknown language set in oc_preferences
* browse the personal settings
* only get listed the first letter of this language in the language chooser
2015-11-06 09:48:05 +01:00
Jenkins for ownCloud f2b19333b9 [tx-robot] updated from transifex 2015-11-06 01:55:09 -05:00
Thomas Müller 475b52c93b Merge pull request #20283 from owncloud/fix-varaible-type
Fix typo in variable name
2015-11-04 11:10:48 +01:00
Thomas Müller b162761124 Merge pull request #20157 from owncloud/users-fixeveryonecount
Fix everyone count for subadmins
2015-11-04 10:28:56 +01:00
Morris Jobke cc9695ea41 Fix typo in variable name
* introduced with #20135 - c6f6a8758b

Fixes following error meessage:

{"reqId":"GliKwPFSIVn8GC2KNIHY","remoteAddr":"::1","app":"PHP","message":"Undefined variable: subAdmins at master\/settings\/users.php#76","level":0,"time":"2015-11-04T08:38:53+00:00","method":"GET","url":"\/master\/index.php\/settings\/users"}
{"reqId":"GliKwPFSIVn8GC2KNIHY","remoteAddr":"::1","app":"PHP","message":"Invalid argument supplied for foreach() at master\/settings\/users.php#76","level":0,"time":"2015-11-04T08:38:53+00:00","method":"GET","url":"\/master\/index.php\/settings\/users"}
2015-11-04 09:44:19 +01:00
Morris Jobke 18f0bafd88 fix subadmin user count for empty groups 2015-11-04 09:39:51 +01:00
Jenkins for ownCloud 7fe047425f [tx-robot] updated from transifex 2015-11-04 01:55:44 -05:00
Thomas Müller b0c456c0fc Merge pull request #20201 from owncloud/checkboxes-groups-enable
Apply new checkbox style in app settings
2015-11-03 11:19:45 +01:00
Jenkins for ownCloud 82f3590fd0 [tx-robot] updated from transifex 2015-11-03 01:58:43 -05:00
Raghu Nayyar 0a05b392ae Merge branch 'master' into checkboxes-groups-enable 2015-11-02 13:43:55 +05:30
Jenkins for ownCloud 2afc14e195 [tx-robot] updated from transifex 2015-11-02 01:55:05 -05:00
Jenkins for ownCloud 2374a0df5d [tx-robot] updated from transifex 2015-11-01 01:54:58 -04:00
Hendrik Leppelsack 7e2fe08778 new checkbox style in app settings 2015-10-31 17:07:07 +01:00
Jenkins for ownCloud d7ed353814 [tx-robot] updated from transifex 2015-10-31 01:55:07 -04:00
Jenkins for ownCloud 91b2cdc62b [tx-robot] updated from transifex 2015-10-30 01:55:52 -04:00
Vincent Petry 781bca2437 Fix everyone count for subadmins
Also moved the logic to the UsersController
2015-10-29 17:41:49 +01:00
Thomas Müller 73d9699be9 Merge pull request #20135 from owncloud/check-if-null-subadmin
Drop OC_SubAdmin and replace usages
2015-10-29 17:07:45 +01:00
Hendrik Leppelsack d2f0055af4 apply new checkbox style in users settings 2015-10-29 13:03:55 +01:00
Lukas Reschke c6f6a8758b Drop OC_SubAdmin and replace usages 2015-10-29 11:31:18 +01:00
Jenkins for ownCloud 527ef76dd6 [tx-robot] updated from transifex 2015-10-29 01:55:45 -04:00
Jörn Friedrich Dreyer 69417e3654 Initially load at least 250 users 2015-10-28 11:55:16 +01:00
Jenkins for ownCloud d74811fcc8 [tx-robot] updated from transifex 2015-10-28 01:55:29 -04:00
Jenkins for ownCloud 0875a4a18f [tx-robot] updated from transifex 2015-10-27 01:55:44 -04:00
Thomas Müller 0a9150b2da Merge pull request #19813 from owncloud/stay-on-apps-category-refresh
Improve settings/apps page
2015-10-26 23:07:06 +01:00
Joas Schilling 2849f19cfe Fix backwards and forward button 2015-10-26 17:05:31 +01:00
Joas Schilling e19c49295a Use speaking ids 2015-10-26 16:15:15 +01:00
Joas Schilling 618a08aa00 Fix backspace in search and empty content message 2015-10-26 16:15:15 +01:00
Joas Schilling f3a77c7d99 Add js tests for empty content page 2015-10-26 16:15:15 +01:00
Joas Schilling d6ca446ebc Adjust js unit tests 2015-10-26 16:15:14 +01:00
Joas Schilling 145865ade0 Display empty-content when there are no search results 2015-10-26 16:15:14 +01:00
Joas Schilling 69e4a806b7 Clear search box for now
Fix #15651
2015-10-26 16:15:14 +01:00
Joas Schilling 6532fe8e24 Allow searching by author name and app level as well 2015-10-26 16:15:14 +01:00
Joas Schilling a9a6d4c182 Stay on the same category when refreshing the page on the apps list 2015-10-26 16:15:14 +01:00
Lukas Reschke 8f09d5b67c Update license headers 2015-10-26 14:04:01 +01:00
Jenkins for ownCloud e6d64783a0 [tx-robot] updated from transifex 2015-10-26 01:55:04 -04:00
Jenkins for ownCloud eb10e3abc2 [tx-robot] updated from transifex 2015-10-25 01:55:04 -04:00
Jenkins for ownCloud ba010a5aa4 [tx-robot] updated from transifex 2015-10-24 01:55:42 -04:00
Jenkins for ownCloud a341e786dd [tx-robot] updated from transifex 2015-10-23 01:55:06 -04:00
Thomas Müller 33144a5d80 Merge pull request #19827 from owncloud/subadmin_non_static
Make OC_SubAdmin non static
2015-10-21 14:43:09 +02:00
Thomas Müller ae0f20471a Merge pull request #19923 from owncloud/apps-donotdisplaybrokenappiconininternetexplorer
Disable app icon preview in apps page for IE
2015-10-21 13:42:48 +02:00
Roeland Jago Douma 02af4269f2 Fix unit test
Now that OC_SubAdmin is just a wrapper around OC\SubAdmin some unit
tests had to be fixed because they expected different behaviour.

Eventually they should move to properly mocked instances of OC\SubAdmin
of course
2015-10-21 11:41:25 +02:00
Vincent Petry 89e3860e1a Disable app icon preview in apps page for IE
All IE versions are not able to properly upscale SVG icons unless the
said SVG files contain a "viewBox" attribute, which is not always the
case. Also we cannot guarantee that all third party apps will have this
attribute in their icons.

So for now, app icons will not be displayed in IE instead of broken
ones.
2015-10-21 10:50:06 +02:00
Thomas Müller 26836d4c17 Merge pull request #19909 from owncloud/fix-memcached-warning
Fix memcached/memcache module check
2015-10-21 09:50:28 +02:00
Jenkins for ownCloud 74f41349b7 [tx-robot] updated from transifex 2015-10-21 01:56:16 -04:00
Robin McCorkell 03dd1386da Fix memcached/memcache module check 2015-10-20 21:45:27 +01:00
Jenkins for ownCloud 008082ebad [tx-robot] updated from transifex 2015-10-19 01:55:02 -04:00
Jenkins for ownCloud 8d25528c49 [tx-robot] updated from transifex 2015-10-18 01:55:07 -04:00
Jenkins for ownCloud c378456137 [tx-robot] updated from transifex 2015-10-17 01:55:34 -04:00
Jenkins for ownCloud 7224e99ccd [tx-robot] updated from transifex 2015-10-16 01:55:03 -04:00
Jenkins for ownCloud 5bee7007dd [tx-robot] updated from transifex 2015-10-15 01:55:32 -04:00
Thomas Müller df1313d025 Merge pull request #19625 from owncloud/passwordchange-hidestrengthify
Properly hide strengthify after password change
2015-10-14 12:52:07 +02:00
Thomas Müller 4b8632325a Merge pull request #19627 from owncloud/users-deletebeforecreate
Delete last undoable user before user creation
2015-10-14 12:51:51 +02:00
Hendrik Leppelsack bf722d93df apply new checkbox style to admin settings 2015-10-14 12:14:49 +02:00
Jenkins for ownCloud f9dd750ed7 [tx-robot] updated from transifex 2015-10-14 01:55:36 -04:00
Jenkins for ownCloud 1f146d678c [tx-robot] updated from transifex 2015-10-13 01:55:06 -04:00
Jenkins for ownCloud e16ac12f5a [tx-robot] updated from transifex 2015-10-12 01:54:59 -04:00
Jenkins for ownCloud d29d018cc7 [tx-robot] updated from transifex 2015-10-11 01:54:58 -04:00
Jenkins for ownCloud 188acd5e4e [tx-robot] updated from transifex 2015-10-10 01:55:32 -04:00
Jörn Friedrich Dreyer 5b1706e8d8 Merge pull request #19585 from owncloud/enc_improve_introduction
improved initial explanation/warning if the admin enabled encryptrion
2015-10-09 15:57:44 +02:00
Vincent Petry 14591d9df7 Use injected request 2015-10-09 11:19:06 +02:00
Morris Jobke bf579a153f fix IE8 user agent detection 2015-10-09 11:19:06 +02:00
Vincent Petry c7aef6c368 Fix uploading avatar and root certs in IE8 2015-10-09 11:19:05 +02:00
Jenkins for ownCloud 5cb83937fa [tx-robot] updated from transifex 2015-10-09 01:55:02 -04:00
Lukas Reschke 12181aa6de Don't perform checks for outdated TLS libs when no internet connection
This change makes the check return a positive result when:

- The instance has been configured to not use the internet
AND/OR
- S2S AND the appstore is disabled
2015-10-08 18:26:03 +02:00