Clean up single user mode

Single user mode basically disables WebDAV, OCS and cron execution. Since
we heavily rely on WebDAV and OCS also in the web UI it's basically useless.
An admin only sees a broken interface and can't even change any settings nor
sees any files. Also sharing is not possible.

As this is at least the case since Nextcloud 9 and we haven't received any
reports for this it seems that this feature is not used at all so I removed it.

The encryption commands now rely on the well tested maintenance mode.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
This commit is contained in:
Morris Jobke 2017-02-22 23:02:31 -06:00
parent 54317e80c0
commit 9533f4e5ed
No known key found for this signature in database
GPG key ID: 9CE5ED29E7FCD38A
16 changed files with 37 additions and 310 deletions

View file

@ -78,9 +78,6 @@ class MaintenancePlugin extends ServerPlugin {
* @return bool
*/
public function checkMaintenanceMode() {
if ($this->config->getSystemValue('singleuser', false)) {
throw new ServiceUnavailable('System in single user mode.');
}
if ($this->config->getSystemValue('maintenance', false)) {
throw new ServiceUnavailable('System in maintenance mode.');
}

View file

@ -48,27 +48,13 @@ class MaintenancePluginTest extends TestCase {
/**
* @expectedException \Sabre\DAV\Exception\ServiceUnavailable
* @expectedExceptionMessage System in single user mode.
*/
public function testSingleUserMode() {
$this->config
->expects($this->once())
->method('getSystemValue')
->with('singleuser', false)
->will($this->returnValue(true));
$this->maintenancePlugin->checkMaintenanceMode();
}
/**
* @expectedException \Sabre\DAV\Exception\ServiceUnavailable
* @expectedExceptionMessage System in single user mode.
* @expectedExceptionMessage System in maintenance mode.
*/
public function testMaintenanceMode() {
$this->config
->expects($this->exactly(1))
->method('getSystemValue')
->will($this->onConsecutiveCalls([false, true]));
->will($this->returnValue(true));
$this->maintenancePlugin->checkMaintenanceMode();
}

View file

@ -984,14 +984,6 @@ $CONFIG = array(
*/
'maintenance' => false,
/**
* When set to ``true``, the Nextcloud instance will be unavailable for all
* users who are not in the ``admin`` group.
*
* Defaults to ``false``
*/
'singleuser' => false,
/**
* SSL

View file

@ -54,7 +54,7 @@ class DecryptAll extends Command {
protected $wasTrashbinEnabled;
/** @var bool */
protected $wasSingleUserModeEnabled;
protected $wasMaintenanceModeEnabled;
/** @var \OC\Encryption\DecryptAll */
protected $decryptAll;
@ -83,20 +83,20 @@ class DecryptAll extends Command {
}
/**
* Set single user mode and disable the trashbin app
* Set maintenance mode and disable the trashbin app
*/
protected function forceSingleUserAndTrashbin() {
protected function forceMaintenanceAndTrashbin() {
$this->wasTrashbinEnabled = $this->appManager->isEnabledForUser('files_trashbin');
$this->wasSingleUserModeEnabled = $this->config->getSystemValue('singleuser', false);
$this->config->setSystemValue('singleuser', true);
$this->wasMaintenanceModeEnabled = $this->config->getSystemValue('maintenance', false);
$this->config->setSystemValue('maintenance', true);
$this->appManager->disableApp('files_trashbin');
}
/**
* Reset the single user mode and re-enable the trashbin app
* Reset the maintenance mode and re-enable the trashbin app
*/
protected function resetSingleUserAndTrashbin() {
$this->config->setSystemValue('singleuser', $this->wasSingleUserModeEnabled);
protected function resetMaintenanceAndTrashbin() {
$this->config->setSystemValue('maintenance', $this->wasMaintenanceModeEnabled);
if ($this->wasTrashbinEnabled) {
$this->appManager->enableApp('files_trashbin');
}
@ -147,7 +147,7 @@ class DecryptAll extends Command {
$output->writeln('');
$question = new ConfirmationQuestion('Do you really want to continue? (y/n) ', false);
if ($this->questionHelper->ask($input, $output, $question)) {
$this->forceSingleUserAndTrashbin();
$this->forceMaintenanceAndTrashbin();
$user = $input->getArgument('user');
$result = $this->decryptAll->decryptAll($input, $output, $user);
if ($result === false) {
@ -158,7 +158,7 @@ class DecryptAll extends Command {
$output->writeln('Server side encryption remains enabled');
$this->config->setAppValue('core', 'encryption_enabled', 'yes');
}
$this->resetSingleUserAndTrashbin();
$this->resetMaintenanceAndTrashbin();
} else {
$output->write('Enable server side encryption... ');
$this->config->setAppValue('core', 'encryption_enabled', 'yes');
@ -168,7 +168,7 @@ class DecryptAll extends Command {
} catch (\Exception $e) {
// enable server side encryption again if something went wrong
$this->config->setAppValue('core', 'encryption_enabled', 'yes');
$this->resetSingleUserAndTrashbin();
$this->resetMaintenanceAndTrashbin();
throw $e;
}

View file

@ -50,7 +50,7 @@ class EncryptAll extends Command {
protected $wasTrashbinEnabled;
/** @var bool */
protected $wasSingleUserModeEnabled;
protected $wasMaintenanceModeEnabled;
/**
* @param IManager $encryptionManager
@ -72,20 +72,20 @@ class EncryptAll extends Command {
}
/**
* Set single user mode and disable the trashbin app
* Set maintenance mode and disable the trashbin app
*/
protected function forceSingleUserAndTrashbin() {
protected function forceMaintenanceAndTrashbin() {
$this->wasTrashbinEnabled = $this->appManager->isEnabledForUser('files_trashbin');
$this->wasSingleUserModeEnabled = $this->config->getSystemValue('singleuser', false);
$this->config->setSystemValue('singleuser', true);
$this->wasMaintenanceModeEnabled = $this->config->getSystemValue('maintenance', false);
$this->config->setSystemValue('maintenance', true);
$this->appManager->disableApp('files_trashbin');
}
/**
* Reset the single user mode and re-enable the trashbin app
* Reset the maintenance mode and re-enable the trashbin app
*/
protected function resetSingleUserAndTrashbin() {
$this->config->setSystemValue('singleuser', $this->wasSingleUserModeEnabled);
protected function resetMaintenanceAndTrashbin() {
$this->config->setSystemValue('maintenance', $this->wasMaintenanceModeEnabled);
if ($this->wasTrashbinEnabled) {
$this->appManager->enableApp('files_trashbin');
}
@ -116,17 +116,17 @@ class EncryptAll extends Command {
$output->writeln('');
$question = new ConfirmationQuestion('Do you really want to continue? (y/n) ', false);
if ($this->questionHelper->ask($input, $output, $question)) {
$this->forceSingleUserAndTrashbin();
$this->forceMaintenanceAndTrashbin();
try {
$defaultModule = $this->encryptionManager->getEncryptionModule();
$defaultModule->encryptAll($input, $output);
} catch (\Exception $ex) {
$this->resetSingleUserAndTrashbin();
$this->resetMaintenanceAndTrashbin();
throw $ex;
}
$this->resetSingleUserAndTrashbin();
$this->resetMaintenanceAndTrashbin();
} else {
$output->writeln('aborted');
}

View file

@ -1,79 +0,0 @@
<?php
/**
* @copyright Copyright (c) 2016, ownCloud, Inc.
*
* @author Morris Jobke <hey@morrisjobke.de>
* @author Robin Appelman <robin@icewind.nl>
*
* @license AGPL-3.0
*
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
namespace OC\Core\Command\Maintenance;
use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Input\InputOption;
use Symfony\Component\Console\Output\OutputInterface;
use OCP\IConfig;
class SingleUser extends Command {
/** @var IConfig */
protected $config;
/**
* @param IConfig $config
*/
public function __construct(IConfig $config) {
$this->config = $config;
parent::__construct();
}
protected function configure() {
$this
->setName('maintenance:singleuser')
->setDescription('set single user mode')
->addOption(
'on',
null,
InputOption::VALUE_NONE,
'enable single user mode'
)
->addOption(
'off',
null,
InputOption::VALUE_NONE,
'disable single user mode'
);
}
protected function execute(InputInterface $input, OutputInterface $output) {
if ($input->getOption('on')) {
$this->config->setSystemValue('singleuser', true);
$output->writeln('Single user mode enabled');
} elseif ($input->getOption('off')) {
$this->config->setSystemValue('singleuser', false);
$output->writeln('Single user mode disabled');
} else {
if ($this->config->getSystemValue('singleuser', false)) {
$output->writeln('Single user mode is currently enabled');
} else {
$output->writeln('Single user mode is currently disabled');
}
}
}
}

View file

@ -123,7 +123,6 @@ if (\OC::$server->getConfig()->getSystemValue('installed', false)) {
$application->add(new OC\Core\Command\Maintenance\Mimetype\UpdateDB(\OC::$server->getMimeTypeDetector(), \OC::$server->getMimeTypeLoader()));
$application->add(new OC\Core\Command\Maintenance\Mimetype\UpdateJS(\OC::$server->getMimeTypeDetector()));
$application->add(new OC\Core\Command\Maintenance\Mode(\OC::$server->getConfig()));
$application->add(new OC\Core\Command\Maintenance\SingleUser(\OC::$server->getConfig()));
$application->add(new OC\Core\Command\Maintenance\UpdateHtaccess());
$application->add(new OC\Core\Command\Upgrade(\OC::$server->getConfig(), \OC::$server->getLogger()));

View file

@ -50,11 +50,6 @@ try {
exit;
}
if (\OC::$server->getSystemConfig()->getValue('singleuser', false)) {
\OCP\Util::writeLog('cron', 'We are in admin only mode, skipping cron', \OCP\Util::DEBUG);
exit;
}
// load all apps to get all api routes properly setup
OC_App::loadApps();

View file

@ -286,32 +286,6 @@ class OC {
}
}
public static function checkSingleUserMode($lockIfNoUserLoggedIn = false) {
if (!\OC::$server->getSystemConfig()->getValue('singleuser', false)) {
return;
}
$user = OC_User::getUserSession()->getUser();
if ($user) {
$group = \OC::$server->getGroupManager()->get('admin');
if ($group->inGroup($user)) {
return;
}
} else {
if(!$lockIfNoUserLoggedIn) {
return;
}
}
// send http status 503
header('HTTP/1.1 503 Service Temporarily Unavailable');
header('Status: 503 Service Temporarily Unavailable');
header('Retry-After: 120');
// render error page
$template = new OC_Template('', 'singleuser.user', 'guest');
$template->printPage();
die();
}
/**
* Checks if the version requires an update and shows
* @param bool $showTemplate Whether an update screen should get shown
@ -990,7 +964,6 @@ class OC {
OC_App::loadApps(array('filesystem', 'logging'));
OC_App::loadApps();
}
self::checkSingleUserMode();
OC_Util::setupFS();
OC::$server->getRouter()->match(\OC::$server->getRequest()->getRawPathInfo());
return;

View file

@ -411,7 +411,6 @@ return array(
'OC\\Core\\Command\\Maintenance\\Mimetype\\UpdateJS' => $baseDir . '/core/Command/Maintenance/Mimetype/UpdateJS.php',
'OC\\Core\\Command\\Maintenance\\Mode' => $baseDir . '/core/Command/Maintenance/Mode.php',
'OC\\Core\\Command\\Maintenance\\Repair' => $baseDir . '/core/Command/Maintenance/Repair.php',
'OC\\Core\\Command\\Maintenance\\SingleUser' => $baseDir . '/core/Command/Maintenance/SingleUser.php',
'OC\\Core\\Command\\Maintenance\\UpdateHtaccess' => $baseDir . '/core/Command/Maintenance/UpdateHtaccess.php',
'OC\\Core\\Command\\Security\\ImportCertificate' => $baseDir . '/core/Command/Security/ImportCertificate.php',
'OC\\Core\\Command\\Security\\ListCertificates' => $baseDir . '/core/Command/Security/ListCertificates.php',

View file

@ -441,7 +441,6 @@ class ComposerStaticInit53792487c5a8370acc0b06b1a864ff4c
'OC\\Core\\Command\\Maintenance\\Mimetype\\UpdateJS' => __DIR__ . '/../../..' . '/core/Command/Maintenance/Mimetype/UpdateJS.php',
'OC\\Core\\Command\\Maintenance\\Mode' => __DIR__ . '/../../..' . '/core/Command/Maintenance/Mode.php',
'OC\\Core\\Command\\Maintenance\\Repair' => __DIR__ . '/../../..' . '/core/Command/Maintenance/Repair.php',
'OC\\Core\\Command\\Maintenance\\SingleUser' => __DIR__ . '/../../..' . '/core/Command/Maintenance/SingleUser.php',
'OC\\Core\\Command\\Maintenance\\UpdateHtaccess' => __DIR__ . '/../../..' . '/core/Command/Maintenance/UpdateHtaccess.php',
'OC\\Core\\Command\\Security\\ImportCertificate' => __DIR__ . '/../../..' . '/core/Command/Security/ImportCertificate.php',
'OC\\Core\\Command\\Security\\ListCertificates' => __DIR__ . '/../../..' . '/core/Command/Security/ListCertificates.php',

View file

@ -32,8 +32,7 @@
require_once __DIR__ . '/../lib/base.php';
if (\OCP\Util::needUpgrade()
|| \OC::$server->getSystemConfig()->getValue('maintenance', false)
|| \OC::$server->getSystemConfig()->getValue('singleuser', false)) {
|| \OC::$server->getSystemConfig()->getValue('maintenance', false)) {
// since the behavior of apps or remotes are unpredictable during
// an upgrade, return a 503 directly
OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE);

View file

@ -39,7 +39,6 @@ try {
}
OC::checkMaintenanceMode();
OC::checkSingleUserMode(true);
$request = \OC::$server->getRequest();
$pathInfo = $request->getPathInfo();

View file

@ -77,7 +77,7 @@ class DecryptAllTest extends TestCase {
$this->config->expects($this->any())
->method('getSystemValue')
->with('singleuser', false)
->with('maintenance', false)
->willReturn(false);
$this->appManager->expects($this->any())
->method('isEnabledForUser')
@ -85,12 +85,12 @@ class DecryptAllTest extends TestCase {
}
public function testSingleUserAndTrashbin() {
public function testMaintenanceAndTrashbin() {
// on construct we enable single-user-mode and disable the trash bin
$this->config->expects($this->at(1))
->method('setSystemValue')
->with('singleuser', true);
->with('maintenance', true);
$this->appManager->expects($this->once())
->method('disableApp')
->with('files_trashbin');
@ -98,7 +98,7 @@ class DecryptAllTest extends TestCase {
// on destruct wi disable single-user-mode again and enable the trash bin
$this->config->expects($this->at(2))
->method('setSystemValue')
->with('singleuser', false);
->with('maintenance', false);
$this->appManager->expects($this->once())
->method('enableApp')
->with('files_trashbin');
@ -110,16 +110,16 @@ class DecryptAllTest extends TestCase {
$this->decryptAll,
$this->questionHelper
);
$this->invokePrivate($instance, 'forceSingleUserAndTrashbin');
$this->invokePrivate($instance, 'forceMaintenanceAndTrashbin');
$this->assertTrue(
$this->invokePrivate($instance, 'wasTrashbinEnabled')
);
$this->assertFalse(
$this->invokePrivate($instance, 'wasSingleUserModeEnabled')
$this->invokePrivate($instance, 'wasMaintenanceModeEnabled')
);
$this->invokePrivate($instance, 'resetSingleUserAndTrashbin');
$this->invokePrivate($instance, 'resetMaintenanceAndTrashbin');
}
/**

View file

@ -88,13 +88,13 @@ class EncryptAllTest extends TestCase {
$this->appManager->expects($this->once())->method('disableApp')->with('files_trashbin');
// enable single user mode to avoid that other user login during encryption
// destructor should disable the single user mode again
$this->config->expects($this->once())->method('getSystemValue')->with('singleuser', false)->willReturn(false);
$this->config->expects($this->at(1))->method('setSystemValue')->with('singleuser', true);
$this->config->expects($this->at(2))->method('setSystemValue')->with('singleuser', false);
$this->config->expects($this->once())->method('getSystemValue')->with('maintenance', false)->willReturn(false);
$this->config->expects($this->at(1))->method('setSystemValue')->with('maintenance', true);
$this->config->expects($this->at(2))->method('setSystemValue')->with('maintenance', false);
$instance = new EncryptAll($this->encryptionManager, $this->appManager, $this->config, $this->questionHelper);
$this->invokePrivate($instance, 'forceSingleUserAndTrashbin');
$this->invokePrivate($instance, 'resetSingleUserAndTrashbin');
$this->invokePrivate($instance, 'forceMaintenanceAndTrashbin');
$this->invokePrivate($instance, 'resetMaintenanceAndTrashbin');
}
/**

View file

@ -1,132 +0,0 @@
<?php
/**
* @author Morris Jobke <hey@morrisjobke.de>
*
* @copyright Copyright (c) 2015, ownCloud, Inc.
* @license AGPL-3.0
*
* This code is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License, version 3,
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License, version 3,
* along with this program. If not, see <http://www.gnu.org/licenses/>
*
*/
namespace Tests\Core\Command\Maintenance;
use OC\Core\Command\Maintenance\SingleUser;
use OCP\IConfig;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Output\OutputInterface;
use Test\TestCase;
class SingleUserTest extends TestCase {
/** @var \PHPUnit_Framework_MockObject_MockObject */
protected $config;
/** @var \PHPUnit_Framework_MockObject_MockObject */
protected $consoleInput;
/** @var \PHPUnit_Framework_MockObject_MockObject */
protected $consoleOutput;
/** @var \Symfony\Component\Console\Command\Command */
protected $command;
protected function setUp() {
parent::setUp();
$config = $this->config = $this->getMockBuilder(IConfig::class)
->disableOriginalConstructor()
->getMock();
$this->consoleInput = $this->getMockBuilder(InputInterface::class)->getMock();
$this->consoleOutput = $this->getMockBuilder(OutputInterface::class)->getMock();
/** @var \OCP\IConfig $config */
$this->command = new SingleUser($config);
}
public function testChangeStateToOn() {
$this->consoleInput->expects($this->once())
->method('getOption')
->with('on')
->willReturn(true);
$this->config->expects($this->once())
->method('setSystemValue')
->with('singleuser', true);
$this->consoleOutput->expects($this->once())
->method('writeln')
->with('Single user mode enabled');
self::invokePrivate($this->command, 'execute', [$this->consoleInput, $this->consoleOutput]);
}
public function testChangeStateToOff() {
$this->consoleInput->expects($this->at(0))
->method('getOption')
->with('on')
->willReturn(false);
$this->consoleInput->expects($this->at(1))
->method('getOption')
->with('off')
->willReturn(true);
$this->config->expects($this->once())
->method('setSystemValue')
->with('singleuser', false);
$this->consoleOutput->expects($this->once())
->method('writeln')
->with('Single user mode disabled');
self::invokePrivate($this->command, 'execute', [$this->consoleInput, $this->consoleOutput]);
}
public function stateData() {
return [
[ true, 'Single user mode is currently enabled' ],
[ false, 'Single user mode is currently disabled' ],
];
}
/**
* @dataProvider stateData
*
* @param $state
* @param $expectedOutput
*/
public function testState($state, $expectedOutput) {
$this->consoleInput->expects($this->at(0))
->method('getOption')
->with('on')
->willReturn(false);
$this->consoleInput->expects($this->at(1))
->method('getOption')
->with('off')
->willReturn(false);
$this->config->expects($this->once())
->method('getSystemValue')
->with('singleuser', false)
->willReturn($state);
$this->consoleOutput->expects($this->once())
->method('writeln')
->with($expectedOutput);
self::invokePrivate($this->command, 'execute', [$this->consoleInput, $this->consoleOutput]);
}
}