Commit Graph

4885 Commits

Author SHA1 Message Date
Thomas Müller 9c550a07ed OC.FilePath has still a valid use case when generating paths to static files what for generateUrl cannot be used for - closes #15604 2015-12-07 12:23:42 +01:00
Thomas Müller cd6bc79c40 Merge pull request #20530 from owncloud/icons-more
add icons for disabled checkbox, radio button, error and colored checkmark
2015-12-07 10:22:49 +01:00
Thomas Müller 30bd915c0e Merge pull request #20480 from owncloud/css-prefixes
CSS prefixes
2015-12-07 10:21:35 +01:00
Thomas Müller f3d49a89fe Merge pull request #11131 from owncloud/use-phpini-wrapper
Replacing ini_get instances with inigetwrapper usages
2015-12-07 10:20:59 +01:00
Jenkins for ownCloud 884946276e [tx-robot] updated from transifex 2015-12-07 01:54:35 -05:00
Jenkins for ownCloud f0b1ba713d [tx-robot] updated from transifex 2015-12-05 01:55:14 -05:00
Roeland Jago Douma 50d862e5d1 [Avatars] JS should not load same avatar twice
Old code first dit an ajax request to the avatar. Then a new image
object with the same src was created and since we do not cache avatars
yet :(  this resulted in 2 sequential requests to the exact same URL

Now if you set the displayname it will first set the placeholder and
then load the avatar in the background. Only once this time!
2015-12-04 10:42:11 +01:00
Jenkins for ownCloud a2848af625 [tx-robot] updated from transifex 2015-12-04 01:56:31 -05:00
Thomas Müller 7fefd4f4d9 Merge pull request #20860 from owncloud/use-user-getEMailAddress-all-over-the-place
User IUser::getEMailAddress() all over the place
2015-12-03 09:21:53 +01:00
Jenkins for ownCloud 5c178a2719 [tx-robot] updated from transifex 2015-12-03 01:55:12 -05:00
Thomas Müller eebe2b9c23 User IUser::getEMailAddress() all over the place 2015-12-02 21:25:05 +01:00
Lukas Reschke 2515cb17be Support pretty URLs
This changeset allows ownCloud to run with pretty URLs, they will be used if mod_rewrite and mod_env are available. This means basically that the `index.php` in the URL is not shown to the user anymore.

Also the not deprecated functions to generate URLs have been modified to support this behaviour, old functions such as `filePath` will still behave as before for compatibility reasons.

Examples:
http://localhost/owncloud/index.php/s/AIDyKbxiRZWAAjP => http://localhost/owncloud/s/AIDyKbxiRZWAAjP
http://localhost/owncloud/index.php/apps/files/ => http://localhost/owncloud/apps/files/

Due to the way our CSS and JS is structured the .htaccess uses some hacks for the final result but could be worse... And I was just annoyed by all that users crying for the removal of `index.php` ;-)
2015-12-01 16:46:07 +01:00
Lukas Reschke 4971015544 Add code integrity check
This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository.

Furthermore, there is a basic implementation to display problems with the code integrity on the update screen.

Code signing basically happens the following way:

- There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release 😉). This certificate is not intended to be used for signing directly and only is used to sign new certificates.
- Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`,  apps need to be signed with a certificate that either has a CN of `core` (shipped apps!)  or the AppID.
- The command generates a signature.json file of the following format:
```json
{
    "hashes": {
        "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d",
        "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9"
    },
    "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----",
    "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl"
}
```
`hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the  certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`.

Steps to do in other PRs, this is already a quite huge one:
- Add nag screen in case the code check fails to ensure that administrators are aware of this.
- Add code verification also to OCC upgrade and unify display code more.
- Add enforced code verification to apps shipped from the appstore with a level of "official"
- Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release
- Add some developer documentation on how devs can request their own certificate
- Check when installing ownCloud
- Add support for CRLs to allow revoking certificates

**Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature:

```
➜  master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt
Successfully signed "core"
```

Then increase the version and you should see something like the following:

![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png)

As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen.

For packaging stable releases this requires the following additional steps as a last action before zipping:
1. Run `./occ integrity:sign-core` once
2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
2015-12-01 11:55:20 +01:00
Jenkins for ownCloud 8421a43df1 [tx-robot] updated from transifex 2015-12-01 01:55:07 -05:00
Morris Jobke 42272de3a6 update bootstrap from 3.3.5 to 3.3.6 2015-11-30 14:12:57 +01:00
Morris Jobke d8aa44d458 update backbone.js from 1.2.1 to 1.2.3 2015-11-30 14:12:48 +01:00
Lukas Reschke f3e9106864 Don't trust update server
In case the update server may deliver malicious content this would allow an adversary to inject arbitrary HTML into the response. So very bad stuff.

While signing the response would be better and something we can also do in the future (considering the code signing work), this is already a good first start.
2015-11-28 12:21:53 +01:00
Jenkins for ownCloud d305412a35 [tx-robot] updated from transifex 2015-11-28 01:55:16 -05:00
Joas Schilling 67a83d8fd6 Add Workflow app to shipped list 2015-11-27 14:26:39 +01:00
Jenkins for ownCloud 39fb320bae [tx-robot] updated from transifex 2015-11-27 01:55:14 -05:00
Jenkins for ownCloud dd18ea611b [tx-robot] updated from transifex 2015-11-26 01:55:22 -05:00
Thomas Müller 906aea4252 Merge pull request #19212 from owncloud/search-shortcut
Add Ctrl+F shortcut for the search bar
2015-11-25 20:02:13 +01:00
Jan-Christoph Borchardt cd88854369 update page: fix heading whitespace and unbold less important sections 2015-11-25 13:16:00 +01:00
Jan-Christoph Borchardt 50780e451b fix error page button text when label too long 2015-11-25 13:08:05 +01:00
Vincent Petry b1ca431852 Fix for parsing pretty printed Webdav responses
Update davclient.js + adjust IE workaround for this
2015-11-24 15:26:53 +01:00
Hendrik Leppelsack f1b0bf0696 add search fallback to browser 2015-11-24 15:01:20 +01:00
Jenkins for ownCloud cb69e6c201 [tx-robot] updated from transifex 2015-11-24 01:56:32 -05:00
Clark Tomlinson 9caf4ffbfc Replacing ini_get instances with inigetwrapper usages 2015-11-23 14:12:31 +01:00
Thomas Müller bf672d7e51 Merge pull request #20222 from owncloud/federated_sharing_auto_complete
federated sharing auto-complete, first step
2015-11-23 10:42:14 +01:00
Thomas Müller 43391f8f47 Merge pull request #20623 from owncloud/app-list-enhancements
Add cmdline key to show shipped/non-shipped apps only
2015-11-23 10:07:52 +01:00
Thomas Müller 79bbda994b Merge pull request #16902 from owncloud/jsocclient
Web UI uses Webdav instead of ajax/* calls
2015-11-23 09:38:01 +01:00
Victor Dubiniuk 8d9353a640 Add cmdline key to show shipped/non-shipped apps only 2015-11-23 09:06:35 +01:00
Hendrik Leppelsack b2d2b52eea remove unneeded css prefixes 2015-11-23 09:03:54 +01:00
Jenkins for ownCloud 56e05a90af [tx-robot] updated from transifex 2015-11-23 01:54:53 -05:00
Vincent Petry a05e40932c Now using IE8 workaround of davclient.js for all IE versions 2015-11-22 16:05:52 +01:00
Vincent Petry fd40b06639 Patch for davclient.js for Firefox 2015-11-22 16:05:51 +01:00
Vincent Petry 7ec83fc9fb Fix OC.FileInfo to copy all properties
This makes it possible to also store custom properties passed through
the data object like tags or shareOwner.
2015-11-22 16:05:50 +01:00
Vincent Petry e8661a6b56 Update davclient.js 2015-11-22 16:05:52 +01:00
Vincent Petry a1d0682ef8 Use oc:fileid property instead of oc:id 2015-11-22 16:05:51 +01:00
Thomas Müller ab1d786d87 Fix port issue - options.host already has the port attached 2015-11-22 16:05:51 +01:00
Vincent Petry dc8ce87a26 Query tags/favorite through Webdav in file list 2015-11-22 16:05:50 +01:00
Vincent Petry fa2be0750c Make files app use Webdav for most operations 2015-11-22 16:05:50 +01:00
Vincent Petry f120846e29 Added OC.Files.Client Webdav-based files client 2015-11-22 16:05:49 +01:00
Vincent Petry fb3d5c7856 Add evert's davclient.js + es6-promise + IE8 workaround
- Add davclient.js lib
- Add es6-promise required by that lib
- Wrote IE8 workaround lib/shim for davclient.js
2015-11-22 16:05:49 +01:00
Jenkins for ownCloud 2321cc4854 [tx-robot] updated from transifex 2015-11-22 01:54:53 -05:00
Jenkins for ownCloud eb42340fa3 [tx-robot] updated from transifex 2015-11-21 01:54:59 -05:00
Jan-Christoph Borchardt 68a3a3ed6a add new icon rules to icons.css 2015-11-20 14:43:23 +01:00
Jan-Christoph Borchardt c4a100f535 add icons for checked+disabled checkbox and radio 2015-11-20 14:43:23 +01:00
Jan-Christoph Borchardt cebf0037ea compress action icons 2015-11-20 14:43:23 +01:00
Jan-Christoph Borchardt b6e8a6e64f add icons for disabled checkbox, radio button, error and colored checkmark 2015-11-20 14:43:23 +01:00