Commit Graph

86 Commits

Author SHA1 Message Date
Christoph Wurst ad10485cec
when generating browser/device token, save the login name for later password checks 2016-05-24 11:49:15 +02:00
Vincent Petry 57525a02f8 Merge pull request #24703 from owncloud/personal-settings-auth-tokens
Personal settings auth tokens
2016-05-23 14:17:01 +02:00
Christoph Wurst 74277c25be
add button to invalidate browser sessions/device tokens 2016-05-23 09:11:12 +02:00
Christoph Wurst 6495534bcd
add button to add new device tokens 2016-05-23 09:11:12 +02:00
Christoph Wurst 12431aa399
list user's auth tokens on the personal settings page 2016-05-23 09:11:12 +02:00
Joas Schilling c58d174616
Move tests/settings to PSR-4 2016-05-19 11:18:25 +02:00
Joas Schilling db16dc6644
Correctly register autoloading before install.php and loading commands 2016-05-11 11:18:00 +02:00
Roeland Jago Douma 9e1d9871a8
Move OC_User_Database to \OC\User\Database 2016-05-10 19:53:36 +02:00
Roeland Jago Douma 4eebccd81f
Fix inconsistent nameing of AppFramework 2016-04-22 16:00:00 +02:00
Thomas Müller 59acc53483 Merge pull request #22551 from owncloud/make-exceptions-easier-to-debug
Throw normal exceptions instead of eating them
2016-02-23 10:23:03 +01:00
Roeland Jago Douma fe08b5e9d9 We should check for exceptions when trying to get the avatar
Fixes #22550

* Updated phpdoc of avatatmanager
* Add unit test
2016-02-22 10:14:14 +01:00
Lukas Reschke 6c96b3d07f Throw normal exceptions instead of eating them
Partially addresses https://github.com/owncloud/core/issues/22550

Replaces https://github.com/owncloud/core/pull/20185
2016-02-22 09:41:56 +01:00
Lukas Reschke 4b90429178 Add note if integrity check is disabled
Our issue template states that users should post the output of `/index.php/settings/integrity/failed`, at the moment it displays that all passes have been passed if the integrity checker has been disabled.

This is however a wrong approach considering that some distributions are gonna package Frankenstein releases and makes it harder for us to detect such issues. Thus if the integrity code checker is disabled (using the config switch)  it displays now: `Appcode checker has been disabled. Integrity cannot be verified.`

This is not displayed anywhere else in the UI except these URL used for us for debugging purposes.
2016-02-12 11:11:39 +01:00
Arthur Schiwon ef7846f7bd fix tests 2016-02-09 17:37:13 +01:00
Vincent Chan faf48e42b7 Move data protection check to javascript
fixes #20199
2016-02-01 18:57:58 +01:00
Thomas Müller aeb89947a2 Introduce IUser::setEMailAddress and add hook mechanism 2016-01-20 14:57:20 +01:00
Robin Appelman 62cf14e448 always allow autoloading encryption in unit test 2016-01-18 12:16:13 +01:00
Robin Appelman c15cab7ed6 Allow admins to add system wide root certificates 2016-01-12 12:50:59 +01:00
Roeland Jago Douma a619629ac0 Only try to load avatars in the user list if there is any 2015-12-04 14:56:49 +01:00
Thomas Müller eebe2b9c23 User IUser::getEMailAddress() all over the place 2015-12-02 21:25:05 +01:00
Morris Jobke 0a6db3ada6 Remove OC_Config from app management template
* add unit test for this case
2015-12-02 14:35:38 +01:00
Lukas Reschke 4971015544 Add code integrity check
This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository.

Furthermore, there is a basic implementation to display problems with the code integrity on the update screen.

Code signing basically happens the following way:

- There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release 😉). This certificate is not intended to be used for signing directly and only is used to sign new certificates.
- Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`,  apps need to be signed with a certificate that either has a CN of `core` (shipped apps!)  or the AppID.
- The command generates a signature.json file of the following format:
```json
{
    "hashes": {
        "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d",
        "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9"
    },
    "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----",
    "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl"
}
```
`hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the  certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`.

Steps to do in other PRs, this is already a quite huge one:
- Add nag screen in case the code check fails to ensure that administrators are aware of this.
- Add code verification also to OCC upgrade and unify display code more.
- Add enforced code verification to apps shipped from the appstore with a level of "official"
- Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release
- Add some developer documentation on how devs can request their own certificate
- Check when installing ownCloud
- Add support for CRLs to allow revoking certificates

**Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature:

```
➜  master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt
Successfully signed "core"
```

Then increase the version and you should see something like the following:

![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png)

As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen.

For packaging stable releases this requires the following additional steps as a last action before zipping:
1. Run `./occ integrity:sign-core` once
2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
2015-12-01 11:55:20 +01:00
Roeland Jago Douma 0265bcfdae Moved changedisplayname to usercontroller
Killed the old static route to change a users display name and moved it
to a properly testable controller.
2015-11-20 16:05:43 +01:00
Vincent Petry 781bca2437 Fix everyone count for subadmins
Also moved the logic to the UsersController
2015-10-29 17:41:49 +01:00
Lukas Reschke c6f6a8758b Drop OC_SubAdmin and replace usages 2015-10-29 11:31:18 +01:00
Joas Schilling e19c49295a Use speaking ids 2015-10-26 16:15:15 +01:00
Joas Schilling a9a6d4c182 Stay on the same category when refreshing the page on the apps list 2015-10-26 16:15:14 +01:00
Roeland Jago Douma 02af4269f2 Fix unit test
Now that OC_SubAdmin is just a wrapper around OC\SubAdmin some unit
tests had to be fixed because they expected different behaviour.

Eventually they should move to properly mocked instances of OC\SubAdmin
of course
2015-10-21 11:41:25 +02:00
Lukas Reschke 12181aa6de Don't perform checks for outdated TLS libs when no internet connection
This change makes the check return a positive result when:

- The instance has been configured to not use the internet
AND/OR
- S2S AND the appstore is disabled
2015-10-08 18:26:03 +02:00
Morris Jobke b519965408 [admin] check for correct PHP memcached module 2015-10-06 08:51:47 +02:00
Lukas Reschke 36ce254ffd Move dummy backend to Tests namespace 2015-09-22 11:01:11 +02:00
Morris Jobke c86cac6a2b use config.php value instead of version string 2015-09-02 08:16:27 +02:00
Morris Jobke 15da671349 [test] more tests for UserController::setMailAddress
* fixes #12885
2015-08-17 11:53:03 +02:00
Robin McCorkell 2579999373 Add setup check for reverse proxy header configuration 2015-08-10 23:28:16 +01:00
Thomas Müller 9650f3ecbe Merge pull request #17919 from rullzer/php_supported_check
Display warning in security & setup warnings if php version is EOL
2015-08-10 23:03:35 +02:00
Bjoern Schiessle dc5e89e624 also block certificate management in the back-end if external storages are disabled for the user 2015-08-04 18:33:19 +02:00
Roeland Jago Douma 72ba67815e Display warning in security & setup warnings if php version is EOL 2015-07-29 10:07:01 +02:00
Robin McCorkell 6d54d2fad7 Merge pull request #17912 from owncloud/detect-old-openssl-versions
Detect old NSS and OpenSSL versions
2015-07-28 21:26:44 +01:00
Lukas Reschke 7f6c5e456b Add unit tests 2015-07-28 16:32:11 +02:00
Lukas Reschke 0d515de13e Detect old NSS and OpenSSL versions
This will detect old NSS and OpenSSL versions and show appropriate errors in the admin interface.

Fixes https://github.com/owncloud/core/issues/17901
2015-07-28 15:32:19 +02:00
Joas Schilling 171f86ca2e Only sort by group name when LDAP is involved 2015-06-16 11:10:00 +02:00
Thomas Müller f051b7381b Merge pull request #16402 from owncloud/issue-15956-slow-group-usercount
Sort user groups by group name and hide the user count
2015-06-08 12:11:22 +02:00
Joas Schilling d3e3a84cae Move the helpful method to the TestCase class 2015-06-03 12:33:29 +02:00
Lukas Reschke bc6d17ed74 Add check for availability of /dev/urandom
Without /dev/urandom being available to read the medium RNG will rely only on the following components on a Linux system:

1. MicroTime: microtime() . memory_get_usage() as seed and then a garbage collected microtime for loop
2. MTRand: chr((mt_rand() ^ mt_rand()) % 256)
3. Rand: chr((rand() ^ rand()) % 256)
4. UniqId: Plain uniqid()

An adversary with the possibility to predict the seed used by the PHP process may thus be able to predict future tokens which is an unwanted behaviour.

One should note that this behaviour is documented in our documentation to ensure that users get aware of this even without reading our documentation this will add a post setup check to the administrative interface.

Thanks to David Black from d1b.org for bringing this again to our attention.
2015-05-26 14:16:07 +02:00
Joas Schilling d683752b37 Sort user groups by group name and hide the user count 2015-05-18 12:55:19 +02:00
Thomas Müller 257ee205bb Merge pull request #15978 from owncloud/feature/fix-encryption-tooltips
[enc2]fixing recovery tooltip
2015-05-15 22:39:17 +02:00
Clark Tomlinson 9727386d8b fixing test 2015-05-11 09:38:23 -04:00
Joas Schilling d36d14366b Add test for setEmailAddress 2015-05-05 13:53:00 +02:00
Lukas Reschke 9bc48451b9 Adjust tests and statuscode 2015-04-20 13:00:02 +02:00
Lukas Reschke 20a6073a9f Migrate personal certificate handling into AppFramework controllers
Also added unit-tests and better error-handling
2015-04-20 12:58:58 +02:00