Commit graph

38334 commits

Author SHA1 Message Date
Daniel Calviño Sánchez
c4613733eb Add acceptance tests related to access levels
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-04-19 08:26:03 +02:00
Daniel Calviño Sánchez
1203369ea6 Add acceptance tests related to login
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-04-19 08:26:03 +02:00
Daniel Calviño Sánchez
6a15d9da9c Add script to set up and run the acceptance tests
The acceptance tests require several elements to be set up in order to
be run. Besides those PHP packages that it depends on, like Behat or
Mink, it requires a running Selenium server and a Docker image with the
Nextcloud server to be tested available in the system. The "run.sh"
script takes care of preparing all the needed elements and then run the
acceptance tests; once finished, either normally or due to an error, it
also cleans up the temporal elements created/started by the script and
the acceptance tests.

The Docker image with the Nextcloud server to be tested is created from
the Nextcloud code in the greatparent directory each time "run.sh" is
executed; the code is copied inside the image, so once the acceptance
tests are started the code in the greatparent directory can be modified
without affecting them. As it is based on the current code at the time
of the launch that image is created and destroyed each time the
acceptance tests are run. However, the image that it is based on, which
is created using "docker/nextcloud-local-parent/Dockerfile", does not
change between runs, so it is kept built in the system to speed up the
launch of acceptance tests.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-04-19 08:26:03 +02:00
Daniel Calviño Sánchez
b22997796b Add wrappers to adapt the element finding system of Mink
Mink elements (including the document element) provide a
"find(selector, locator)" method to look for child elements in their web
browser session. The Locator class is added to be able to store the
selector and locator in a single object; it also provides a fluent API
to ease the definition of Mink locators, specially those using the
"named" selector.

The method "find(locator, timeout, timeoutStep)" is added to Actor
objects; it is simply a wrapper over Mink's "find(selector, locator)"
method, although it throws an exception if the element can not be found
instead of returning null, and it also makes possible to automatically
retry to find the element for certain amount of time.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-04-19 08:26:03 +02:00
Daniel Calviño Sánchez
7c07f01d59 Add actors for test scenarios
An actor plays the role of an end-user in the test scenario. As such,
each actor has its own web browser session used to perform the actions
specified by the steps of the scenario. Only one actor is active at a
time in a test scenario, and the current actor can be set through the "I
act as XXX" step; from then on, all the steps are performed by that
actor, until a different actor is set by calling "I act as XXX" again.
If no actor was explicitly set in a scenario then the default actor,
unsurprisingly named "default", is the one used.

The ActorContext class is added to provide automatic support for all
that. To use the ActorContext, besides adding it to the context list in
"behat.yml", a Mink session for each actor used in the features must be
specified in "behat.yml". Once done other Contexts just need to
implement the ActorAwareInterface (which can be done simply by using the
ActorAware trait) to have access to the current Actor object of the test
scenario; as the Actor object provides its own session other Contexts do
not need to extend from RawMinkContext. The ActorContext is itself a
RawMinkContext, so it automatically receives the base URL of the
Nextcloud test server run by NextcloudTestServerContext and propagates
that base URL to all the actors.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-04-19 08:26:03 +02:00
Daniel Calviño Sánchez
4c620f1fcb Add helper context to isolate the test server with Docker containers
Scenarios in acceptance tests must be independent one of each other.
That is, the execution of one scenario can not affect the execution of
another scenario, nor it can depend on the result of the execution of a
different scenario. Each scenario must be isolated and self-contained.
As the acceptance tests are run against a Nextcloud server the server
must be in a known and predefined initial state each time a scenario
begins.

The NextcloudTestServerContext is introduced to automatically set up the
Nextcloud test server for each scenario.

This can be achieved using Docker containers. Before an scenario begins
a new Docker container with a Nextcloud server is run; the scenario is
then run against the server provided by the container. When the scenario
ends the container is destroyed. As long as the Nextcloud server uses
local data storage each scenario is thus isolated from the rest.

The NextcloudTestServerContext also notifies its sibling RawMinkContexts
about the base URL of the Nextcloud test server being used in each
scenario.

Although it uses the Behat context system, NextcloudTestServerContext is
not really part of the acceptance tests, but a provider of core features
needed by them; it can be seen as part of a Nextcloud acceptance test
library. Therefore, those classes are stored in the "core" directory
instead of the "bootstrap" directory. Besides its own (quite limited)
autoload configuration, Behat also uses the Composer autoloader, so the
"core" directory has to be added there for its classes to be found by
Behat.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-04-19 08:26:03 +02:00
Daniel Calviño Sánchez
b5fba56499 Add basic files for the automated acceptance test system
The acceptance tests verify that a Nextcloud server works as expected
from the point of view of an end-user. They are specified as user
stories using Behat paired with Mink, which provides web browser
automation.

Mink supports several browser emulators, but the system is set up to use
Selenium, as it is FOSS and the one that better reflects the use of a
web browser by an end-user (as, in fact, it controls real web browsers).

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-04-19 08:26:03 +02:00
Morris Jobke
f1ddb939a0 Merge pull request #4371 from nextcloud/dont-allow-dot-usernames
Better validation of allowed user names
2017-04-18 20:04:32 -05:00
Nextcloud bot
febe01f571
[tx-robot] updated from transifex 2017-04-19 00:07:40 +00:00
Nextcloud bot
6b490f45fd
[tx-robot] updated from transifex 2017-04-18 23:08:43 +00:00
Morris Jobke
269600a04f Merge pull request #4369 from nextcloud/fix-translations
Fix translations
2017-04-18 18:01:50 -05:00
Morris Jobke
34e0b21f41 Merge pull request #3585 from nextcloud/popover-clickable-area
expand clickable area of popover menu entries to full width
2017-04-18 17:59:42 -05:00
Morris Jobke
4b2d594c70 Merge pull request #4379 from nextcloud/nicely-designed-confirmation-mail
Beautify test email
2017-04-18 17:17:40 -05:00
Jan-Christoph Borchardt
535ec04245
expand clickable area of popover menu entries to full width
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2017-04-18 16:59:35 -05:00
Joas Schilling
1c0bffe87f
Fix translations
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-18 16:40:53 -05:00
Morris Jobke
47fe5e8f41 Merge pull request #4380 from nextcloud/show-instance-name-in-from
Add instance name to default sender
2017-04-18 16:22:56 -05:00
Lukas Reschke
0a54d5a5dd
Beautify test email
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-18 16:18:00 -05:00
Morris Jobke
d379ac7545 Merge pull request #4372 from nextcloud/smtp-password
Don't put the SMTP password into the HTML code
2017-04-18 16:13:31 -05:00
Nextcloud bot
c40b7acb09
[tx-robot] updated from transifex 2017-04-18 20:47:45 +00:00
Morris Jobke
d2c4440ed6
Fix unit tests
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-18 15:08:38 -05:00
Lukas Reschke
bae64e810e
Add instance name to default sender
Otherwise your mail program shows "foo@mail.com" instead of "Nextcloud" or whatever your instance name is.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-18 21:44:37 +02:00
Christoph Wurst
24f5c44e2b Merge pull request #4376 from nextcloud/add-bruteforce-protection-to-change-self-password
Add bruteforce protection to changePersonalPassword
2017-04-18 21:43:11 +02:00
Lukas Reschke
805419bb95
Add bruteforce protection to changePersonalPassword
While the risk is actually quite low because one would already have the user session and could potentially do other havoc it makes sense to throttle here in case of invalid previous password attempts.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-18 17:55:51 +02:00
Joas Schilling
fcaa315c96
Fix some more stuff
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-18 16:11:29 +02:00
Joas Schilling
dfca672378
Fix tests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-18 16:08:29 +02:00
Joas Schilling
a5b4308a51
Don't put the SMTP password into the HTML code
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-18 15:44:20 +02:00
Joas Schilling
a3922bbcdc
Better validation of allowed user names
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-18 14:29:34 +02:00
Nextcloud bot
b072d2c49d
[tx-robot] updated from transifex 2017-04-18 00:07:25 +00:00
Nextcloud bot
df2235c71f
[tx-robot] updated from transifex 2017-04-17 00:07:33 +00:00
Nextcloud bot
69e0e2420c
[tx-robot] updated from transifex 2017-04-16 00:07:23 +00:00
Morris Jobke
10290eb006 Merge pull request #2834 from nextcloud/accesListToShareManager
Access list to share manager
2017-04-15 13:06:24 -05:00
Nextcloud bot
dafa9c740a
[tx-robot] updated from transifex 2017-04-15 00:07:36 +00:00
Roeland Jago Douma
f40b9fa9bd Merge pull request #4330 from nextcloud/activities-for-password-mail-change
Add activities when email or password is changed
2017-04-14 08:16:43 +02:00
Roeland Jago Douma
6b79bf0960 Merge pull request #4346 from nextcloud/properly-do-bruteforce-protection-via-annotation
Make BruteForceProtection annotation more clever
2017-04-14 08:15:55 +02:00
Nextcloud bot
0f96d5a641
[tx-robot] updated from transifex 2017-04-14 00:07:36 +00:00
Morris Jobke
8e8b345fbd
Fix autoloader
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-13 16:28:07 -05:00
Lukas Reschke
8149945a91
Make BruteForceProtection annotation more clever
This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware.

Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 23:05:33 +02:00
Morris Jobke
d0c0f6cfc1 Merge pull request #4326 from nextcloud/downstream-27562
Reorder the entries of the log for easier reading
2017-04-13 13:11:47 -05:00
Lukas Reschke
81d3732bf5 Merge pull request #4308 from nextcloud/lost-password-email
Update email template for lost password email
2017-04-13 20:02:15 +02:00
Morris Jobke
d36751ee38 Merge pull request #2424 from nextcloud/fix-login-controller-test-consolidate-login
Fix login controller test and consolidate login
2017-04-13 12:16:38 -05:00
Morris Jobke
ac05d6dd67
Improve PHPDoc
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-13 12:16:12 -05:00
Morris Jobke
ec034757fa Merge pull request #4337 from nextcloud/fix-adblock-share-icon
Fix AdBlock blocking share icon, ref #866
2017-04-13 12:10:37 -05:00
Joas Schilling
695696a4a6
Use constants
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:04:32 -05:00
Morris Jobke
13c71203bb Merge pull request #4341 from nextcloud/local-link-explanation
Explain local link
2017-04-13 12:01:57 -05:00
Jos Poortvliet
a8b09c860e
Explain local link
The local link is a clever thing and the clients should support this imho but it might not be clear to all users. For one, the term 'local link' is a bit odd. Local with respect to what? It links directly to the file or folder, so direct link seems to make more sense to me. And we should explain the difference with a public link. So this PR:
* renames local link to direct link
* adds a short explanation, noting it only works for users who have access to this file/folder.

As other links are called public link you could also consider calling this 'private link', I suppose. But the links we sent by mail to ppl could also be called 'private link' (they are for one user, who git it by email) so I think it might be confusing. What do @nextcloud/designers think?

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-13 12:01:45 -05:00
Lukas Reschke
f3dbfd68a2 Merge pull request #4336 from nextcloud/add-ratelimiting
Add support for ratelimiting via annotations
2017-04-13 18:53:56 +02:00
Morris Jobke
9b9ca0b34d Merge pull request #4342 from nextcloud/update-certificate-bundle
Update CA bundle
2017-04-13 10:40:12 -05:00
Roeland Jago Douma
0f8a098476 Merge pull request #4344 from nextcloud/dont-load-handlebars
Don't load handlebars in template
2017-04-13 16:08:29 +02:00
Roeland Jago Douma
cab41118f6
Mail shares trigger the public key
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 15:19:23 +02:00
Roeland Jago Douma
6a519abde8
Update autoloader
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 14:56:05 +02:00