Commit Graph

3655 Commits

Author SHA1 Message Date
Lukas Reschke a05b8b7953
Harden cookies more appropriate
This adds the __Host- prefix to the same-site cookies. This is a small but yet nice security hardening.

See https://googlechrome.github.io/samples/cookie-prefixes/ for the implications.

Fixes https://github.com/nextcloud/server/issues/1412

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-23 12:53:44 +01:00
Roeland Jago Douma df215625f1 Merge pull request #1972 from nextcloud/invalid-files-from-scanner
Make sure we don't scan files that can not be accessed
2016-11-22 12:55:54 +01:00
Robin Appelman cd24010fa4 Merge pull request #2214 from nextcloud/remove-logging
remove old logging section
2016-11-21 17:17:02 +01:00
Robin Appelman 0048b3aa2e
update tests
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-21 15:59:08 +01:00
Lukas Reschke d001dbd259
Adjust unit tests
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-21 11:30:03 +01:00
Lukas Reschke 8bf4111368
Fix changing display names for subadmins
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-21 11:30:00 +01:00
Lukas Reschke fb91bf6a5b
Add a signer class for signing
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-21 11:30:00 +01:00
Bjoern Schiessle a32d6e481f
fix unit tests
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-21 11:30:00 +01:00
Bjoern Schiessle b23a4ca96b
push public user data to the lookup server
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-21 11:29:59 +01:00
Bjoern Schiessle c5e61947a9
remove old test class
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-21 11:29:59 +01:00
Bjoern Schiessle 08e6541a88
fix unit tests
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-21 11:29:58 +01:00
Björn Schießle de1f3f05fd
allow to change display names in the user settings again
keep display name and email address in sync with the accounts table

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-21 11:29:54 +01:00
Björn Schießle 40b99734d3
introduce accounts table and keep it up-to-date with the data added to the personal settings
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-21 11:29:41 +01:00
Joas Schilling 558f169671
Move the validation into one place only
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-21 09:23:37 +01:00
Joas Schilling 4652d203e3
Make sure we don't scan files that can not be accessed
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-21 09:23:32 +01:00
Lukas Reschke 8ec2e34576 Merge pull request #1602 from nextcloud/ignore-mod-env
Add system config htaccess.IgnoreFrontController for prettyURLs w/o mod_env
2016-11-18 21:42:56 +01:00
Morris Jobke 46768e71d9 Merge pull request #2076 from nextcloud/log_preview_access
Dispatch event on preview request
2016-11-18 20:45:29 +01:00
Morris Jobke 332eaec4c0 Merge pull request #1447 from nextcloud/password-confirmation-for-some-actions
Password confirmation for some actions
2016-11-18 15:42:30 +01:00
Robin Appelman 8b9ad46ba3 Merge pull request #768 from nextcloud/s3-objectstore
Add S3 objectstore backend
2016-11-18 14:55:07 +01:00
Joas Schilling b2d9c20aac
Fix unit tests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-18 12:10:51 +01:00
Morris Jobke d3900fc0d5 Merge pull request #2177 from nextcloud/appmanager-getapppath
Expose getAppPath to public API
2016-11-17 22:39:34 +01:00
Julius Haertl caacb6c261
Expose getAppPath to public API
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2016-11-17 19:24:24 +01:00
Morris Jobke bba32cf4b7 Merge pull request #2163 from nextcloud/app-password-scope-warngings
fix warnings when updating app password
2016-11-17 17:52:23 +01:00
Felix Epp 1614b310ef Add system config htaccess.IgnoreFrontController for prettyURLs w/o mod_env
Added the system config which sets all conditions to true that query the
FrontControllerActive mod_env variable.

Signed-off-by: Felix A. Epp <work@felixepp.de>
2016-11-16 22:28:49 +01:00
Roeland Jago Douma 74c68d8761
Add OCSControllerTests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-16 19:49:51 +01:00
Robin Appelman d2dee32756
fix warnings when updating app password
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 19:14:36 +01:00
Robin Appelman 4ac5fdcf11
add tests for FileInfo::isMounted
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 15:30:37 +01:00
Robin Appelman e4d1cf0f6d
add tests for http/output
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 15:30:37 +01:00
Robin Appelman eefd059716
add amazon s3 objectstore backend
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 15:30:36 +01:00
Robin Appelman 64e896cc0d
split testing of objectstoragestorage and objectstore implementations
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 15:30:36 +01:00
Robin Appelman e633f2f8df
add test
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 15:24:33 +01:00
Robin Appelman e77432783b
Add test for setting up fake fs
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 15:24:32 +01:00
Roeland Jago Douma 311531ecce
Adds tests for the AuthSettingsController
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-16 15:24:31 +01:00
Roeland Jago Douma 59d6003f89
Adds NullCache ans NullStorage tests for Lockdown
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-16 15:24:31 +01:00
Roeland Jago Douma e5bc80b31d
Adds TokenProvider and Mapper tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-16 15:24:31 +01:00
Robin Appelman 91851c37be
add tests
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 15:24:30 +01:00
Robin Appelman 4c3d18a9fc
explicit types
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 15:24:29 +01:00
Robin Appelman a4ea20a259
cast to int
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 15:24:29 +01:00
Robin Appelman bb65d3b03d
update tests
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 15:24:29 +01:00
Joas Schilling 8725302307
Fix InfoParser empty tests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-16 09:25:45 +01:00
Joas Schilling b8958ee937
Fix activity manager tests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-16 09:25:45 +01:00
Roeland Jago Douma 28babd319b Merge pull request #2137 from nextcloud/make-sure-tests-run-on-phpunit-4-again
Add a magic wrapper to allow phpunit4 to run the code again
2016-11-15 21:48:55 +01:00
Lukas Reschke b775d935f2
Endpoint is now 11.0.0
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-15 15:10:17 +01:00
Lukas Reschke 5fd428413b
Adjust previous fallbacks
11.0 is 11 and not 9.2 anymore

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-15 15:07:58 +01:00
Joas Schilling e76ef9aaa8
Add a magic wrapper from hell to allow phpunit4 to run the code again
Remove this once phpunit 5 is the lowest supported version, by reverting:
https://github.com/nextcloud/server/pull/2137

Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-15 14:49:14 +01:00
Roeland Jago Douma b7e13b43fb Merge pull request #2114 from nextcloud/downstream-26498
make object prefix configurable
2016-11-14 17:07:00 +01:00
Jörn Friedrich Dreyer 4a9361905d
make object prefix configurable 2016-11-14 15:10:56 +01:00
Thomas Müller 506ccdbd8d
Introduce an event for first time login based on the last login time stamp
Use firstLogin event to trigger creation of default calendar and default address book

Delay login of admin user after setup so that firstLogin event can properly be processed for the admin

Fixing tests ...

Skeleton files are not copied over -> only 3 cache entries are remaining

Use updateLastLoginTimestamp to properly setup lastLogin value for a test user
2016-11-14 14:50:10 +01:00
Morris Jobke 16a110e803 Merge pull request #2067 from nextcloud/fileinfo-lazy-substorages
only query substorages to calculate the final mtime/size/etag when we need it
2016-11-14 11:39:02 +01:00
Lukas Reschke 7cb0df28e2
Prevent downgrade attacks for apps
We should verify the app versions when installing a new update, otherwise this could result in downgrade attacks when an attacker just copies the old signature.

Plus it prevents the case that in case of a bug in the appstore actually an older version gets installed.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-11 18:53:26 +01:00