Commit graph

94 commits

Author SHA1 Message Date
Morris Jobke
96a404dfb3 Remove windows config settings in tests
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-08-17 09:39:49 +02:00
Morris Jobke
ae13d011d1 Remove unneeded styles
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-07-24 11:09:14 +02:00
Lukas Reschke
bb6fe6afba
Adjust to height=120
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-24 10:18:16 +02:00
Lukas Reschke
ba1e16ea2e Revert "Set max-width of image to 100px in Outlook as well" 2017-07-24 10:14:47 +02:00
Morris Jobke
a98f57ebd0 Set max-width of image to 100px in Outlook as well
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-07-23 23:15:21 +02:00
Joas Schilling
1c0bffe87f
Fix translations
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-18 16:40:53 -05:00
Morris Jobke
1f962f9115
Update email template for lost password email
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-12 15:19:53 -05:00
Morris Jobke
ae4c2893a2
Fix unit tests
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-12 12:42:23 -05:00
Joas Schilling
1c8c62272c
Use instance name as alt-text
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-12 17:16:26 +02:00
Morris Jobke
050ce1d40b
Add addBodyButton to add a single button to email templates
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-12 17:16:26 +02:00
Morris Jobke
be9a514dff
Allow to set text versions for the plain text email
* allows different texts for HTML and text version of the email

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-11 17:50:06 -05:00
Morris Jobke
5b4adf66e5
Move OC_Defaults to OCP\Defaults
* currently there are two ways to access default values:
  OCP\Defaults or OC_Defaults (which is extended by
  OCA\Theming\ThemingDefaults)
* our code used a mixture of both of them, which made
  it hard to work on theme values
* this extended the public interface with the missing
  methods and uses them everywhere to only rely on the
  public interface

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-09 21:43:01 -05:00
Lukas Reschke
281ad406e8
Add support for theming
Add support for theming in generated emails and simplify API

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-07 12:03:47 -05:00
Morris Jobke
0560e69913
New layout for welcome email
* thanks to @espina2 for make this nice design
* the button says "Set password" if the admin didn't specified a password

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-07 12:03:32 -05:00
Julius Härtl
29ec58f1b5
Add tests for SCSSCacher
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-03-20 14:12:35 +01:00
Christoph Wurst
140555b786
always allow remembered login
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-01-11 19:20:11 +01:00
Joas Schilling
8725302307
Fix InfoParser empty tests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-16 09:25:45 +01:00
Lukas Reschke
7cb0df28e2
Prevent downgrade attacks for apps
We should verify the app versions when installing a new update, otherwise this could result in downgrade attacks when an attacker just copies the old signature.

Plus it prevents the case that in case of a bug in the appstore actually an older version gets installed.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-11 18:53:26 +01:00
Lukas Reschke
0eeef26a8e
Add tests for installer method
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-31 19:39:35 +01:00
Morris Jobke
972e560e72
Adding tests for 4 byte unicode characters
* success on SQLite and Postgres
* failure on MySQL due to the limited charset that only supports up to 3 bytes
2016-10-19 00:15:01 +02:00
Thomas Müller
c5ca71ee82
[9.2] Register commands in info.xml (#26248)
* Use DI to load console commands from the apps - class name to be defined in the info.xml

* Load commands from info.xml

* Fix unit test

* Allow Di magic for IMountManager

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-11 19:48:26 +02:00
Thomas Müller
67d3574bdf
Don't parse info.xml but reuse already cached app infos - fixes #25603 (#25968)
* Don't parse info.xml but reuse already cached app infos - fixes #25603

* Use === in InfoParser. Fixes test

* InfoParser should not depend on UrlGenerator - fixes issue with session being closed too early
2016-10-07 20:58:22 +02:00
skjnldsv
71830b285c Svgo optimization
Signed-off-by: John Molakvoæ <fremulon@protonmail.com>
2016-09-27 20:56:26 +02:00
Christoph Wurst
dfb4d426c2
Add two factor auth to core 2016-05-23 11:21:10 +02:00
Thomas Müller
71fa0a75bf
Allow declaration of background jobs in info.xml 2016-05-03 08:58:12 +02:00
Thomas Müller
54f45f95f5
Adding repair steps for install and uninstall - fixes #24306 2016-05-02 08:52:06 +02:00
Thomas Müller
2ee7d2485c
Introduce background repair steps 2016-04-26 11:56:56 +02:00
Thomas Müller
d0030aad6c
Remove deprecated HTTPHelper from InfoParser 2016-04-22 08:38:41 +02:00
Stefan Weil
02e226a6b3 tests: Fix typos (found by codespell)
Fix also a small grammar issue.

Signed-off-by: Stefan Weil <sw@weilnetz.de>
2016-04-06 15:08:27 +02:00
Morris Jobke
23c0f4ff5f Read available l10n files also from theme folder
The old behaviour was that only languages could be used for an app
that are already present in the apps/$app/l10n folder. If there is
a themed l10n that is not present in the apps default l10n folder
the language could not be used and the texts are not translated.

With this change this is possible and also the l10n files are
loaded even if the default l10n doesn't contain the l10n file.
2016-03-17 16:15:37 +01:00
Lukas Reschke
5278bfe0e4 Add support for custom values in integrity checker 2016-03-15 10:41:17 +01:00
Thomas Müller
8b165c5ed5 No longer evaluate appinfo/version 2016-02-10 17:24:14 +01:00
Lukas Reschke
bc62aa1ef5 Exclude .htaccess modifications from code checker
After the initial installation ownCloud will write some content into the .htaccess file such as the 404 or 403 directives. This adds a magic marker into the .htaccess file and only the content above this marker will be compared in the integrity checker.
2016-01-22 11:51:54 +01:00
Lukas Reschke
4971015544 Add code integrity check
This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository.

Furthermore, there is a basic implementation to display problems with the code integrity on the update screen.

Code signing basically happens the following way:

- There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release 😉). This certificate is not intended to be used for signing directly and only is used to sign new certificates.
- Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`,  apps need to be signed with a certificate that either has a CN of `core` (shipped apps!)  or the AppID.
- The command generates a signature.json file of the following format:
```json
{
    "hashes": {
        "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d",
        "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9"
    },
    "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----",
    "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl"
}
```
`hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the  certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`.

Steps to do in other PRs, this is already a quite huge one:
- Add nag screen in case the code check fails to ensure that administrators are aware of this.
- Add code verification also to OCC upgrade and unify display code more.
- Add enforced code verification to apps shipped from the appstore with a level of "official"
- Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release
- Add some developer documentation on how devs can request their own certificate
- Check when installing ownCloud
- Add support for CRLs to allow revoking certificates

**Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature:

```
➜  master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt
Successfully signed "core"
```

Then increase the version and you should see something like the following:

![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png)

As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen.

For packaging stable releases this requires the following additional steps as a last action before zipping:
1. Run `./occ integrity:sign-core` once
2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
2015-12-01 11:55:20 +01:00
Joas Schilling
d904a09a04 The constant is now deprecated 2015-10-14 15:29:38 +02:00
Lukas Reschke
ab87274930 Use certificates that expire in 10 years
🙊 🙊 🙊
2015-08-27 22:23:08 +02:00
Robin McCorkell
aac84f732d Unit test OC_Files::setUploadLimit()
There was also a bug with checking the upper limit on the passed upload
size. PHP does funny things with integer vs float comparisons, so our
check didn't work. Now the check is much simpler, and ensures the value
is sane.
2015-07-20 15:03:09 +01:00
Joas Schilling
eb1c437941 Check for methods as good as possible 2015-07-17 12:34:56 +02:00
Joas Schilling
2783a78070 Allow checking for functions 2015-07-17 12:34:56 +02:00
Joas Schilling
f228a3dc28 Add support for deprecated constants 2015-07-17 12:34:56 +02:00
Joas Schilling
d2fc1b2302 Correctly handle use statements 2015-07-17 12:34:56 +02:00
Olivier Paroz
71d65cb713 Fix max preview, some resizing and caching issues and force preview providers to resize their previews properly
* introduces a method in OC_Image which doesn't stretch images when trying to make them fit in a box
* adds the method to all key providers so that they can do their job, as expected by the Preview class
* improves the caching mechanism of Preview in order to reduce I/O and to avoid filling the available disk space
* fixes some long standing issues
* **contains mostly tests**
2015-06-06 16:25:04 +02:00
Jan-Christoph Borchardt
4e93d9e3a2 remove logo-wide from tests 2015-05-21 22:40:26 +02:00
Morris Jobke
493844eda4 add positive tests for operator in code checker 2015-05-05 13:09:12 +02:00
Thomas Müller
aae098c24a Check usage of != and == - refs #16054 2015-05-05 12:59:33 +02:00
Vincent Petry
76dad297ff Fix encryption feof to not return too early
This is because stream_read will pre-cache the next block which causes
feof($this->source) to return true prematurely. So we cannot rely on it.

Fixed encryption stream wrapper unit tests to actually simulate 6k/8k
blocks to make sure we cover the matching logic.

Added two data files with 8192 and 8193 bytes.
2015-04-20 18:32:40 +02:00
Lukas Reschke
74a9fc29b4 Merge pull request #14399 from owncloud/ignore-empty-plurals
Ignore empty plurals just like with singulars
2015-03-26 20:15:33 +01:00
Thomas Müller
b966a4eb17 Adding unit test which shows insertIfNotExists to fall apart in certain situations 2015-03-09 22:37:49 +01:00
Joas Schilling
ae60108692 Revert "Correctly fallback to english, if the plural case is not translated"
This reverts commit cbad5c998b.
2015-02-20 11:51:36 +01:00
Thomas Müller
d74662df7d implement php code checker to detect usage of not allowed private APIs - including console command to check local code to be used by developers 2015-02-10 11:51:24 +01:00