Commit graph

249 commits

Author SHA1 Message Date
Roeland Jago Douma
fc215d0980 Make the share object lazy
Share providers can now just pass in a fileId. And the node will only be
created once needed.
2016-02-04 12:51:23 +01:00
Roeland Jago Douma
96662c4d0d [Share 2.0] Fix shareManager 2016-02-03 19:25:29 +01:00
Lukas Reschke
809ff5ac95 Add public API to give developers the possibility to adjust the global CSP defaults
Allows to inject something into the default content policy. This is for
example useful when you're injecting Javascript code into a view belonging
to another controller and cannot modify its Content-Security-Policy itself.
Note that the adjustment is only applied to applications that use AppFramework
controllers.

To use this from your `app.php` use `\OC::$server->getContentSecurityPolicyManager()->addDefaultPolicy($policy)`,
$policy has to be of type `\OCP\AppFramework\Http\ContentSecurityPolicy`.

To test this add something like the following into an `app.php` of any enabled app:
```
$manager = \OC::$server->getContentSecurityPolicyManager();
$policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(false);
$policy->addAllowedFrameDomain('asdf');
$policy->addAllowedScriptDomain('yolo.com');

$policy->allowInlineScript(false);
$manager->addDefaultPolicy($policy);
$policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(false);
$policy->addAllowedFontDomain('yolo.com');
$manager->addDefaultPolicy($policy);

$policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(false);
$policy->addAllowedFrameDomain('banana.com');
$manager->addDefaultPolicy($policy);
```

If you now open the files app the policy should be:

```
Content-Security-Policy:default-src 'none';script-src yolo.com 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src yolo.com 'self';connect-src 'self';media-src 'self';frame-src asdf banana.com 'self'
```
2016-01-28 18:36:46 +01:00
Roeland Jago Douma
f2e70441e4 [Share 2.0] Add getShareManager to OCP\IServerContainer 2016-01-27 22:04:37 +01:00
Lukas Reschke
cb1a64b949 Check whether ownCloud is installed
ownCloud might not yet be setup. This causes an issue as the user config requires a setup ownCloud. Thus this needs a block whether ownCloud is installed or not.

Fixes https://github.com/owncloud/core/issues/21955
2016-01-27 18:30:18 +01:00
Joas Schilling
043625ee52 Move findLanguage() and setLanguageFromRequest() to factory 2016-01-26 14:02:31 +01:00
Thomas Müller
2bafb1c649 Merge pull request #21894 from owncloud/refactor-csrf
Add new CSRF manager for unit testing purposes
2016-01-26 11:36:56 +01:00
Lukas Reschke
a977465af5 Add new CSRF manager for unit testing purposes
This adds a new CSRF manager for unit testing purposes, it's interface is based upon https://github.com/symfony/security-csrf. Due to some of our required custom changes it is however not possible to use the Symfony component directly.
2016-01-25 20:03:40 +01:00
Morris Jobke
287e6d36bf remove unused variable 2016-01-25 09:29:44 +01:00
Thomas Müller
7731b29136 Merge pull request #21719 from owncloud/move-notification-api-to-ocp
Move the notification API to public namespace
2016-01-22 16:20:26 +01:00
Thomas Müller
9b4c9a0357 Merge pull request #18531 from owncloud/ext-user-credentials
External storage 'Login credentials' auth mechanism
2016-01-22 13:14:14 +01:00
Thomas Müller
1410120758 Merge pull request #20768 from owncloud/mount-cache
cache mountpoints in the db
2016-01-22 11:01:54 +01:00
Joas Schilling
ee02165005 Move the notification API to public namespace 2016-01-22 10:32:42 +01:00
Thomas Müller
7c7467fe42 Merge pull request #21792 from owncloud/systemtags-managerfactory
Allow custom implementation of system tag managers
2016-01-21 12:13:01 +01:00
Vincent Petry
899f9bd113 Allow custom implementation of system tag managers
Added config.php option to replace the default implementation of system
tag manager and system tag object mapper.

Also adjusted the comments manager factory to inject the server container
2016-01-20 16:36:10 +01:00
Robin Appelman
be380accb9 clear mount cache when deleting user 2016-01-20 16:32:56 +01:00
Robin Appelman
8940429976 log duplicates 2016-01-20 16:30:22 +01:00
Robin Appelman
cf6ee1c866 cache mountpoints in the db 2016-01-20 16:30:22 +01:00
Thomas Müller
aeb89947a2 Introduce IUser::setEMailAddress and add hook mechanism 2016-01-20 14:57:20 +01:00
Roeland Jago Douma
7a946a05f5 Properly DI the servercontainer 2016-01-20 08:33:36 +01:00
Robin McCorkell
da4127d23b Introduce CredentialsManager for storage of credentials in DB
CredentialsManager performs a simple role, of storing and retrieving
encrypted credentials from the database. Credentials are stored by user
ID (which may be null) and credentials identifier. Credentials
themselves may be of any type that can be JSON encoded.

The rationale behind this is to avoid further (mis)use of
oc_preferences, which was being used for all manner of data not related
to user preferences.
2016-01-18 11:10:41 +01:00
Roeland Jago Douma
67b7ebccd1 [Share 2.0] Add share provider factory
* Add providers
* Add share manager to server container
* Use share manager from server container
* Properly get the share manager
2016-01-13 16:35:14 +01:00
Thomas Müller
c5a200c419 Merge pull request #21653 from owncloud/update-license-headers-2016
Update license headers 2016
2016-01-13 08:29:42 +01:00
Thomas Müller
682821c71e Happy new year! 2016-01-12 15:02:18 +01:00
Robin Appelman
c15cab7ed6 Allow admins to add system wide root certificates 2016-01-12 12:50:59 +01:00
Roeland Jago Douma
77c611d339 Just query the securerandom from the container 2016-01-09 19:57:03 +01:00
Morris Jobke
190cc2bb67 Remove OC_DB::getConnection 2016-01-07 14:54:55 +01:00
Thomas Müller
95a255b0d4 Merge pull request #21281 from owncloud/allow-di-for-background-jobs
Allow background jobs to be service names for DI
2015-12-18 16:34:42 +01:00
Joas Schilling
412e4ed3f6 Register app containers in the OC container 2015-12-18 13:45:07 +01:00
Roeland Jago Douma
0a09004d39 Inject Config into SystemConfig 2015-12-18 11:53:41 +01:00
Arthur Schiwon
e3dbc3d40c different strategy in cleaning up after user was deleted
we do not listen to deletion hooks anymore, because there is no guarantee that they
will be heard - requires that something fetches the CommentsManager first.

Instead, in the user deletion routine the clean up method will be called directly. Same way
as it happens for files, group memberships, config values.
2015-12-09 14:34:23 +01:00
Arthur Schiwon
2ce2de0ae5 add icommentsmanger and icomment implementation
register CommentsManager service, allow override, document in config.sample.php

don't insert autoincrement ids in tests, because of dislikes from oracle and pgsql

specify timezone in null date

only accepts strings for ID parameter that can be converted to int

replace forgotten hardcoded IDs in tests

react on deleted users

react on file deletion

Postgresql compatibility

lastInsertId needs *PREFIX* with the table name

do not listen for file deletion, because it is not reliable (trashbin, external storages)

add runtime cache for comments
2015-12-09 14:34:23 +01:00
Roeland Jago Douma
b00db2c933 DI in avatar code
* DI in avatar code
* Use the node API
* More unit tests
* Unit tests no longer require DB
2015-12-01 22:15:43 +01:00
Lukas Reschke
4971015544 Add code integrity check
This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository.

Furthermore, there is a basic implementation to display problems with the code integrity on the update screen.

Code signing basically happens the following way:

- There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release 😉). This certificate is not intended to be used for signing directly and only is used to sign new certificates.
- Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`,  apps need to be signed with a certificate that either has a CN of `core` (shipped apps!)  or the AppID.
- The command generates a signature.json file of the following format:
```json
{
    "hashes": {
        "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d",
        "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9"
    },
    "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----",
    "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl"
}
```
`hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the  certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`.

Steps to do in other PRs, this is already a quite huge one:
- Add nag screen in case the code check fails to ensure that administrators are aware of this.
- Add code verification also to OCC upgrade and unify display code more.
- Add enforced code verification to apps shipped from the appstore with a level of "official"
- Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release
- Add some developer documentation on how devs can request their own certificate
- Check when installing ownCloud
- Add support for CRLs to allow revoking certificates

**Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature:

```
➜  master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt
Successfully signed "core"
```

Then increase the version and you should see something like the following:

![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png)

As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen.

For packaging stable releases this requires the following additional steps as a last action before zipping:
1. Run `./occ integrity:sign-core` once
2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
2015-12-01 11:55:20 +01:00
Thomas Müller
08248f66ba Merge pull request #20650 from owncloud/systemtags-core
Implement systemtag managers and mapper
2015-11-30 15:38:43 +01:00
Vincent Petry
b666367a79 Added system tags data structure and PHP side managers
Added SystemTagManager and SystemTagObjectMapper
2015-11-27 17:54:29 +01:00
Robin Appelman
b05c8faba8 Dont die when we're missing a route 2015-11-27 14:29:06 +01:00
Lukas Reschke
8f09d5b67c Update license headers 2015-10-26 14:04:01 +01:00
Lukas Reschke
8133d46620 Remove dependency on ICrypto + use XOR 2015-10-21 17:33:41 +02:00
Morris Jobke
8366ce2767 deduplicate @xenopathic 2015-10-06 09:52:19 +02:00
Morris Jobke
b945d71384 update licence headers via script 2015-10-05 21:15:52 +02:00
Robin Appelman
00020535f9 pass view hooks trough to the node hooks 2015-09-28 17:18:46 +02:00
Thomas Müller
af39e59e88 getService() is not needed -> remove 2015-09-23 12:00:07 +02:00
Individual IT Services
bf1cb20e90 do not load unnecessary code in case of webdav
changing from "protected static" to "protected"
as suggested by @nickvergessen
https://github.com/owncloud/core/pull/19114#discussion_r39719851

moving initTemplate() into template constr.

reduce to move initTemplate only

cleanup spaces
2015-09-23 11:57:10 +02:00
Lukas Reschke
63b2bc136a Move mimetype files into /resources/config/ 2015-09-22 16:43:28 +02:00
Robin Appelman
05fddec022 expire old lock rows 2015-09-17 13:55:04 +02:00
Frank Karlitschek
7562e4959b Merge pull request #18658 from owncloud/configurable-temp
Configurable temporary directory
2015-09-12 22:04:41 +02:00
Robin McCorkell
e99988b9c7 Merge pull request #18676 from owncloud/ext-eventdispatcher
files_external event dispatcher
2015-09-11 09:34:05 +01:00
Lukas Reschke
fb717f254f Merge pull request #18699 from owncloud/notification-manager
Notification manager
2015-09-10 15:26:36 +02:00
Lukas Reschke
bfa26db472 Use md5 over the version file to prevent cyclyc dependency 2015-09-09 12:48:08 +02:00