Commit graph

297 commits

Author SHA1 Message Date
Morris Jobke
e79c255cab Conditional logging
* Log condition for log level increase based on conditions. Once one of these
   conditions is met, the required log level is set to debug. This allows to
   debug specific requests, users or apps

 * Supported conditions (setting `log_condition` in `config.php`):
    - `shared_secret`: if a request parameter with the name `log_secret` is set to
                this value the condition is met
    - `users`:  if the current request is done by one of the specified users,
                this condition is met
    - `apps`:   if the log message is invoked by one of the specified apps,
                this condition is met
 * fix unit test and add app log condition test
2015-05-08 15:58:33 +02:00
Lukas Reschke
21ad4400af Reword configuration text 2015-04-20 21:08:45 +02:00
Lukas Reschke
6b31d325d6 Wording 2015-04-20 11:13:05 +02:00
Lukas Reschke
4ea205e262 Block old legacy clients
This Pull Request introduces a SabreDAV plugin that will block all older clients than 1.6.1 to connect and sync with the ownCloud instance.

This has multiple reasons:

1. Old ownCloud client versions before 1.6.0 are not properly working with sticky cookies for load balancers and thus generating sessions en masse
2. Old ownCloud client versions tend to be horrible buggy

In some cases we had in 80minutes about 10'000 sessions created by a single user. While this change set does not really "fix" the problem as 3rdparty legacy clients are affected as well, it is a good work-around and hopefully should force users to update their client
2015-04-20 11:12:17 +02:00
Michael Telatynski
8ebf9de3f8 Memcache\Redis Add DB Select Functionality 2015-04-15 21:24:38 +01:00
Lukas Reschke
ba52f6f8fc Merge pull request #15314 from owncloud/app-categories-15274
Add different trust levels to AppStore interface
2015-04-09 10:07:32 +02:00
Lukas Reschke
0cd29e00d1 Fix wording 2015-04-08 21:24:03 +02:00
Olivier Paroz
74bf9806b0 Introducing the maximum size preview
The first time we're asked to generate a preview we'll generate one of the maximum dimension indicated in the configuration and all future resizing requests will be done on that preview in order to not waste time converting the same file over and over.

One of the fixes required for #12465
2015-04-07 16:45:59 +02:00
Lukas Reschke
0816cf9142 Add experimental applications switch
Allows administrators to disable or enabled experimental applications as well as show the trust level.
2015-04-03 13:21:24 +02:00
Olivier Paroz
8ec6dfdbf8 Split image provider in one sub-class per media type 2015-04-02 10:31:24 +02:00
Lukas Reschke
5f044ebf1b Add wrapper for Guzzle 2015-03-25 16:04:41 +01:00
Morris Jobke
bd57fcb539 fix typo in config.sample.php 2015-03-18 17:08:54 +01:00
Morris Jobke
04eef93b25 Merge pull request #13648 from oparoz/sfnt-fonts-preview
Add support for font previews
2015-03-11 15:56:32 +01:00
Robin McCorkell
0e4933e6d2 Refactor \OC\Memcache\Factory
Caches divided up into two groups: distributed and local. 'Low latency' is an
alias for local caches, while the standard `create()` call tries to get
distributed caches first, then local caches.

Memcache backend is set in `config.php`, with the keys `memcache.local` and
`memcache.distributed`. If not set, `memcache.distributed` defaults to the value
of `memcache.local`.
2015-03-05 11:36:34 +00:00
Morris Jobke
f1d74e8803 Merge pull request #14651 from owncloud/add-some-headers-to-htaccess-for-my-best-friend-jenkins
Let users configure security headers in their Webserver
2015-03-04 09:36:01 +01:00
Thomas Müller
0af2ea8b28 Merge pull request #14586 from owncloud/proper-appcodechecker-docu
proper description of appcodechecker in config sample
2015-03-03 12:59:51 +01:00
Lukas Reschke
bbd5f28415 Let users configure security headers in their Webserver
Doing this in the PHP code is not the right approach for multiple reasons:

1. A bug in the PHP code prevents them from being added to the response.
2. They are only added when something is served via PHP and not in other cases (that makes for example the newest IE UXSS which is not yet patched by Microsoft exploitable on ownCloud)
3. Some headers such as the Strict-Transport-Security might require custom modifications by administrators. This was not possible before and lead to buggy situations.

This pull request moves those headers out of the PHP code and adds a security check to the admin settings performed via JS.
2015-03-02 19:07:46 +01:00
Morris Jobke
8cf61c09c8 fix link for Preview documentation 2015-03-02 10:45:22 +01:00
Morris Jobke
297285249a fix line breaks in config.sample.php 2015-03-02 10:44:18 +01:00
Morris Jobke
7452d0434a proper description of appcodechecker in config sample 2015-02-27 20:02:07 +01:00
Olivier Paroz
f49805eea5 Add support for font previews 2015-02-24 22:00:54 +01:00
Bernhard Posselt
5b506ab518 use flock instead of just checking if there is a file to prevent deadlocks when the process crashed or the unlink wasnt done
move cron.lock into top directory to prevent external storage issues

use tmp directory lock file

use new config interface

incorporate #13770

add dots
2015-02-24 15:41:20 +01:00
Lukas Reschke
b20174bdad Allow AppFramework applications to specify a custom CSP header
This change allows AppFramework applications to specify a custom CSP header for example when the default policy is too strict. Furthermore this allows us to partially migrate away from CSS and allowed eval() in our JavaScript components.

Legacy ownCloud components will still use the previous policy. Application developers can use this as following in their controllers:
```php
$response = new TemplateResponse('activity', 'list', []);
$cspHelper = new ContentSecurityPolicyHelper();
$cspHelper->addAllowedScriptDomain('www.owncloud.org');
$response->addHeader('Content-Security-Policy', $cspHelper->getPolicy());
return $response;
```

Fixes https://github.com/owncloud/core/issues/11857 which is a pre-requisite for https://github.com/owncloud/core/issues/13458 and https://github.com/owncloud/core/issues/11925
2015-02-16 11:00:41 +01:00
RealRancor
840ad708d6 Removed anchor in config.sample.php 2015-02-12 22:00:24 +01:00
RealRancor
c5c632f8ff Add hint for troubleshooting MS Word previews 2015-02-10 22:35:16 +01:00
RealRancor
04d6f3e1fb external user app: Add note to enable it first 2015-02-07 14:01:38 +01:00
Lukas Reschke
20199dd168 Reference module with .c
Fixes https://github.com/owncloud/core/issues/13657
2015-01-28 13:15:32 +01:00
Thomas Müller
5776bfec05 Merge pull request #13449 from owncloud/image_preview_limit
add config-option for an image's maximum filesize when generating previews
2015-01-22 23:02:38 +01:00
Georg Ehrke
3af8bde949 add config-option for an image's maximum filesize when generating previews 2015-01-22 20:21:37 +01:00
Georg Ehrke
374ddbff55 show animated gifs on public sharing page 2015-01-19 16:20:06 +01:00
Carla Schroder
2a5cbd7eca Note in config.sample.php that certain previews are not available in ms windows 2015-01-15 11:07:14 +01:00
Lukas Reschke
a5099b01f9 Merge pull request #12984 from owncloud/ldap-user-cleanup-master
Ldap user cleanup master
2015-01-09 10:47:02 +01:00
Adam Williamson
bb79aac78a allow css/js asset directory to be relocated (#13053)
This allows the directory where CSS/JS asset collections are
written to be changed, in case SERVERROOT is not writeable. Note
it does *not* allow the expected URL to be changed: whatever
directory is used, the server must be configured to serve it
at WEBROOT/assets. It may be possible to add another config
parameter to allow the admin to specify a custom asset URL,
but I thought I'd keep the first implementation simple.
2015-01-05 15:24:23 -08:00
Arthur Schiwon
4fa39250e7 LDAP User Cleanup: Port from stable7 without further adjustements
LDAP User Cleanup

background job for user clean up

adjust user backend for clean up

register background job

remove dead code

dependency injection

make Helper non-static for proper testing

check whether it is OK to run clean up job. Do not forget to pass arguments.

use correct method to get the config from server

methods can be private, proper indirect testing is given

no automatic user deletion

make limit readable for test purposes

make method less complex

add first tests

let preferences accept limit and offset for getUsersForValue

DI via constructor does not work for background jobs

after detecting, now we have retrieving deleted users and their details

we need this method to be public for now

finalize export method, add missing getter

clean up namespaces and get rid of unnecessary files

helper is not static anymore

cleanup according to scrutinizer

add cli tool to show deleted users

uses are necessary after recent namespace change

also remove user from mappings table on deletion

add occ command to delete users

fix use statement

improve output

big fixes / improvements

PHP doc

return true in userExists early for cleaning up deleted users

bump version

control state and interval with one config.php setting, now ldapUserCleanupInterval. 0 will disable it. enabled by default.

improve doc

rename cli method to be consistent with  others

introduce ldapUserCleanupInterval in sample config

don't show last login as unix epoche start when no  login happend

less log output

consistent namespace for OfflineUser

rename GarbageCollector to DeletedUsersIndex and move it to user subdir

fix unit tests

add tests for deleteUser

more test adjustements

Conflicts:
	apps/user_ldap/ajax/clearMappings.php
	apps/user_ldap/appinfo/app.php
	apps/user_ldap/lib/access.php
	apps/user_ldap/lib/helper.php
	apps/user_ldap/tests/helper.php
	core/register_command.php
	lib/private/preferences.php
	lib/private/user.php

add ldap:check-user to check user existance on the fly

Conflicts:
	apps/user_ldap/lib/helper.php

forgotten file

PHPdoc fixes, no code change

and don't forget to adjust tests
2014-12-19 19:47:54 +01:00
Jörn Friedrich Dreyer
363e9667ec Add Redis cache implementation, prefer over memcached, tests & config sample 2014-12-10 12:24:20 +01:00
Lukas Reschke
726626b439 Officially deprecated passwordsalt
Hopefully this prevents people from using it in the future.
2014-12-03 15:02:33 +01:00
Morris Jobke
98b28c68a3 add proper description what database is supported by CE and EE 2014-12-03 08:52:59 +01:00
Thomas Müller
e9029f94cb Merge pull request #12310 from kampka/master
Implement a logger to log to error_log
2014-12-02 09:19:12 +01:00
Christian Kampka
553ce946d3 Implement a logger to log to error_log 2014-12-01 21:20:57 +01:00
Thomas Müller
0769556989 Merge pull request #12419 from owncloud/read-only-config
Allow read-only configuration
2014-12-01 16:37:29 +01:00
Lukas Reschke
18b6fc9332 Adjust sample config 2014-11-28 16:58:09 +01:00
Vincent Petry
154628daf4 Merge pull request #12432 from owncloud/nosqlite
Add notes that SQLite is CE only
2014-11-28 10:19:15 +01:00
Carla Schroder
06041e3323 added comment that App Store is disabled for EE 2014-11-25 16:31:02 -08:00
Morris Jobke
e9696a8c9a Merge pull request #12420 from owncloud/sqlite-wal-2
adding new config parameter for sqlite to specify the journal mode
2014-11-26 00:47:22 +01:00
Carla Schroder
770eea7b56 Markup corrections 2014-11-25 15:01:05 -08:00
Carla Schroder
a9ad77fc29 Add notes that SQLite is CE only 2014-11-25 14:57:17 -08:00
Thomas Müller
a6c088a1ef adding new config parameter for sqlite to specify the journal mode 2014-11-25 16:29:06 +01:00
Lukas Reschke
fc116f563f Allow read-only configuration
Workaround required for IIS setups running ownCloud to prevent dataloss.

Long-term solution would be to move some configuration settings to the database
2014-11-25 16:26:47 +01:00
Olivier Paroz
93a6cc17a5 The class name is Movie NOT Movies 2014-11-25 11:35:38 +01:00
Lukas Reschke
d0a30b0e55 Ignore port for trusted domains
This lead to a lot of confusion in the past and did not really offer any value. Let's remove the port check therefore. (it's anyways not really a part of the domain)

Fixes https://github.com/owncloud/core/issues/12150 and https://github.com/owncloud/core/issues/12123 and also a problem reported by @DeepDiver1975.

Conflicts:
	lib/private/request.php
2014-11-18 12:36:03 +01:00
Thomas Müller
4c1244f50c Merge pull request #11917 from owncloud/fix-11909
Add checkbox to enforce SSL for subdomains
2014-11-11 20:37:50 +01:00
Lukas Reschke
24ca2d858f Add OCP\Security\IHasher
Public interface for hashing which also works with legacy ownCloud hashes and supports updating the legacy hash via a passed reference.

Follow-up of https://github.com/owncloud/core/pull/10219#issuecomment-61624662
Requires https://github.com/owncloud/3rdparty/pull/136
2014-11-06 15:16:14 +01:00
Morris Jobke
6f0c814164 fix config.sample.php linebreak 2014-11-04 09:23:38 +01:00
Lukas Reschke
e73ccbd4ca Migrate "setsecurity.php" to the AppFramework
Add switch to enforce SSL for subdomains

Add unit tests

Add test for boolean values

Camel-case

Fix ugly JS
2014-11-03 16:53:03 +01:00
Lukas Reschke
b3f881748d Allow any outgoing XHR connections
Quickfix for https://github.com/owncloud/core/issues/11064
2014-10-30 00:00:40 +01:00
Morris Jobke
e8703f648d fix style of generated documentation 2014-10-29 20:38:59 +01:00
Lukas Reschke
d6380a5395 Merge pull request #11786 from owncloud/MakeSupportedDBsConfigurable
Make supported DBs configurable within config.php
2014-10-27 22:24:16 +01:00
Lukas Reschke
233c49f4b9 Make supported DBs configurable within config.php
This commit will make the supported DBs for installation configurable within config.php. By default the following databases are tested: "sqlite", "mysql", "pgsql". The reason behind this is that there might be instances where we want to prevent SQLite to be used by mistake.

To test this play around with the new configuration parameter "supportedDatabases".
2014-10-27 21:39:34 +01:00
Jörn Friedrich Dreyer
de72aff2c1 add driver options to config samples 2014-10-27 14:43:31 +01:00
Lukas Reschke
2d2a4741ce Make files non executable
There is not much sense in having these files marked executable, we should avoid that.
2014-10-24 11:14:51 +02:00
Morris Jobke
72c2ee9f9c fix the RST syntax of config.sample.php 2014-10-17 00:57:35 +02:00
Morris Jobke
dd74744039 read config.sample.php options and whitespace fixes 2014-10-17 00:35:51 +02:00
Lukas Reschke
df5b98afa8 Merge pull request #11521 from owncloud/configsamplephp
small corrections to config.sample.php
2014-10-16 15:54:36 +02:00
Carla Schroder
887d6155b8 commented out instanceid and passwordsalt 2014-10-14 16:57:45 -07:00
Carla Schroder
a8a0bcaffc some small tweaks 2014-10-14 10:00:20 -07:00
Joas Schilling
0407bc0978 Set overwritemailurl* configs on setup
Correctly use overwritemailurl value when generating absolute urls in CLI

Fix #11500

Rename the config to *cli

Add overwrite.cli.url to the sample config

Revert separator fix, fixes unit test
2014-10-14 05:07:09 +02:00
Carla Schroder
6775c9ed32 small corrections to config.sample.php 2014-10-10 09:42:58 -07:00
Morris Jobke
090bf44ab6 Additional changes to config.sample.php and typo fixes 2014-10-09 19:23:03 +02:00
Morris Jobke
7238cb601c apply @carlaschroder's changes from owncloud/documentation#594 2014-10-09 19:23:03 +02:00
Morris Jobke
c60bda54c5 Fixes in config.sample.php
* owncloud -> ownCloud
* add default value
* proper comment style
* fix line wrapping and minor typo
* remove duplication
* add Vincents proposals
2014-10-08 21:36:37 +02:00
Morris Jobke
7f328e8b16 re-arrange the config options and sort them in a semantical way 2014-10-08 21:36:37 +02:00
Morris Jobke
8ed883bc33 unify style of config.sample.php
* use ' instead of " for config option
* place default parameters where useful into sample
* use proper comment block
* limit line size to 80 characters
2014-10-08 21:36:37 +02:00
Olivier Paroz
b0000800e1 New generic class for Imagemagick conversions 2014-10-04 17:50:12 +02:00
Dan Bartram
0d76a211a9 Clear up confusion of log_rotate_size config value
Remove the second comment which could be confused with suggesting an invalid value: `// 100 MiB`.

To keep the easily readable example value, it has been moved into the comment header for the config item.
2014-09-27 14:53:56 +01:00
Lukas Reschke
cb002c1f6b Clarify possible preview providers for type Office
a
2014-09-24 21:21:39 +02:00
Lukas Reschke
4c39139bd2 Merge pull request #11242 from owncloud/fix-10284
Use non-empty defaults for preview cmd line
2014-09-23 10:13:03 +02:00
Victor Dubiniuk
7d22f4b634 Use non-empty defaults 2014-09-22 23:27:41 +03:00
Lukas Reschke
ca3447fcde Add a configuration switch for enabled preview mimetypes 2014-09-22 16:09:08 +02:00
Lukas Reschke
b31b6db4de Reword the description
The old one was just horrible wrong.
2014-09-16 15:51:48 +02:00
Lukas Reschke
ae3425d2da Merge branch 'master' into securityutils
Conflicts:
	lib/private/util.php
2014-08-31 15:21:09 +02:00
Lukas Reschke
d26a9c3c58 Add some security utilities
This adds some security utilities to core including:
- A library for basic crypto operations (e.g. to encrypt passwords)
- A better library for cryptographic actions which allows you to specify the charset
- A library for secure string comparisions

Remove .htaccess

Remove .htaccess

Fix typo

Add public API

Use timing constant comparision

Remove CBC constant

Adjust code

Remove confusing $this
2014-08-27 00:18:04 +02:00
Lukas Reschke
7acdd018a1 Add support for getting the real client IP behind proxies
Fixes https://github.com/owncloud/core/issues/10624

Fix copy paste fail

Add unittest for comma separated headers

Revert 3rdparty
2014-08-27 00:05:04 +02:00
Robin McCorkell
b5c2964070 Merge pull request #9818 from owncloud/fix-mount-file-config
Comment out mount_file config option
2014-08-24 17:32:24 +01:00
Robin McCorkell
9094b380ca Comment out mount_file config option
Prevents sample config issues with external storages. Fixes #9734
2014-08-20 20:25:06 +01:00
Lukas Reschke
fdb203ff1e Merge pull request #10409 from owncloud/iShallNotCopyStuffWithoutThinking
Add a copied_sample_config switch
2014-08-19 11:03:57 +02:00
Björn Schießle
19610157d3 Merge pull request #10425 from owncloud/set_default_share_folder
Set default share folder
2014-08-19 10:21:21 +02:00
Lukas Reschke
c33d1cacd4 Add a copied_sample_config switch
Hopefully this will stop people from copying the sample config. I'm so annoyed by all those wrong bug reports...

Add some explanation about this switch

Move check to init
2014-08-19 09:57:03 +02:00
Bjoern Schiessle
c9903f2e68 make share folder configurable 2014-08-18 16:52:48 +02:00
Stefan Rado
ccc46be740 Make skeleton directory configurable. 2014-08-16 01:07:42 +02:00
Lukas Reschke
5bb4772858 Move authentication failed logging to checkPassword
Fixes https://github.com/owncloud/core/issues/10366
2014-08-15 12:13:00 +02:00
Bjoern Schiessle
4bbdcfbccf support aes 256 2014-07-23 12:14:01 +02:00
Frank Karlitschek
f92b5a2507 update appstore api url 2014-07-17 21:54:46 -04:00
Joas Schilling
bef0934719 Add comment to overwrite* configs about CLI/cron problems 2014-07-07 15:08:46 +02:00
Vincent Petry
c005515ebd Support for multiple default apps
If a default app isn't visible for the user, try the next one.
Else fallback to the "files" app.
2014-07-01 15:42:26 +02:00
Jörn Friedrich Dreyer
5756aba594 add disclaimer to objectstore example config 2014-06-23 16:42:05 +02:00
Jörn Friedrich Dreyer
5722e31d1a add autocreate config option for containers, implement autocreate and delete of containers, use generated container names for tests 2014-06-18 12:53:20 +02:00
Jörn Friedrich Dreyer
1410cb10b4 add 'objectstore' configuration example 2014-06-18 12:53:20 +02:00
Bjoern Schiessle
277f25222a if file doesn't exist, check parent folder 2014-06-14 10:14:07 +02:00
Frank Karlitschek
87101e6638 Merge pull request #9018 from owncloud/dbms-socket-support
Refactor OC_DB::connect() to properly support sockets.
2014-06-13 18:09:51 +02:00
josh4trunks
55ccd6da51 Update notes on dbhost 2014-06-05 20:17:50 -07:00