Commit graph

43 commits

Author SHA1 Message Date
Lukas Reschke
bbd5f28415 Let users configure security headers in their Webserver
Doing this in the PHP code is not the right approach for multiple reasons:

1. A bug in the PHP code prevents them from being added to the response.
2. They are only added when something is served via PHP and not in other cases (that makes for example the newest IE UXSS which is not yet patched by Microsoft exploitable on ownCloud)
3. Some headers such as the Strict-Transport-Security might require custom modifications by administrators. This was not possible before and lead to buggy situations.

This pull request moves those headers out of the PHP code and adds a security check to the admin settings performed via JS.
2015-03-02 19:07:46 +01:00
Morris Jobke
06aef4e8b1 Revert "Updating license headers"
This reverts commit 6a1a4880f0.
2015-02-26 11:37:37 +01:00
Thomas Müller
39d8406933 don't allow installation of already installed apps - fixes #14004 2015-02-23 23:16:28 +01:00
Jenkins for ownCloud
6a1a4880f0 Updating license headers 2015-02-23 12:13:59 +01:00
Thomas Müller
3c75a440a6 Return milliseconds instead of seconds for lastLogin - refs #14005 2015-02-16 17:41:44 +01:00
Thomas Müller
359abca50c Merge pull request #13790 from owncloud/fix-subadmin-group
Fix subadmin listing of group
2015-02-02 09:45:28 +01:00
Lukas Reschke
fcd5056376 Consistent variable naming 2015-01-30 18:31:04 +01:00
Lukas Reschke
0f7634eadc Switch to a factory and add unit tests 2015-01-30 17:24:42 +01:00
Lukas Reschke
7e7dd92f6b Add unit tests 2015-01-30 14:29:46 +01:00
Lukas Reschke
734dcc82dd Fix subadmin listing of group
Without this patch filtering for the "_everyone" (empty) group did not work for subadmins.

Fixes itself.
2015-01-30 14:29:46 +01:00
Joas Schilling
7bd7c20295 Check whether return is an error case before using it 2015-01-30 16:39:57 +01:00
Morris Jobke
9fbeaf0fd9 Add value if restore of data is possible for a user
* reason: nice to know before password change in user management
* restore is possible:
	* encryption is disabled
	* encryption is enabled, admin and user has checked the
	  restore option
* if not possible:
	* highlight users row in red once the admin wants to change the password
	* show also a little tipsy
2015-01-27 13:23:19 +01:00
Joas Schilling
039397bd31 Use setConfigs() instead of calling setConfig() multiple times 2015-01-23 14:52:21 +01:00
Lukas Reschke
2272bcedeb Fix filtering for users when $gid is empty
Previously when $gid was empty the users were not filtered at all. Rendering the search function in the user management pretty useless.

Fixes itself
2015-01-18 18:31:03 +01:00
Thomas Müller
d3cd2b3e0f sorting enabled and disabled apps alphabetically - fixes #13404 2015-01-16 12:07:08 +01:00
Lukas Reschke
b8b4df5425 Cache responses from the AppStore server
Otherwise every time the AppStore was opened a lot of connections to the AppStore server were made which resulted in a terrible performance.

This changeset will cache the response for a sensible time so that only the first request will be somewhat slow.

Performance changes:
- Loading a category took previously more than 3 seconds on my machine. Now for every follow-up request it takes less than 200ms, resulting in a performance gain of 1950%
- Loading the category list took previously about 750ms - now it takes 154ms, a total performance gain of 395%
2015-01-09 19:49:59 +01:00
Morris Jobke
6a5f12beca Merge pull request #12988 from owncloud/logfile_download
Logfile download
2015-01-09 00:33:22 +01:00
Georg Ehrke
f579f2bd94 add Download logfile button to admin settings
add logSettingsController

add download logfile button

move getEntries to LogSettingsController

move set log level to logsettingscontroller.php

add warning if logfile is bigger than 100MB

add unit test for set log level

fix typecasting, add new line at EoF

show log and logfile download only if log_type is set to owncloud

add unit test for getFilenameForDownload
2015-01-07 14:55:53 +01:00
Thomas Müller
fc38d4cc81 fixing wrong usage of license vs licence 2015-01-06 13:07:17 +01:00
Morris Jobke
5913af8a72 Mail address of users is now changable in the user management
* introduced new route settings/users/{id}/mailAddress
* kept old responses
* better error messages
* dropped lostpassword.php from settings/ajax
* cleaned up the UserList.add() and hand in user object instead of
  each attribute as another parameter
* check for change permission of mail address
* proper response messages
2014-12-18 22:43:09 +01:00
Morris Jobke
3b61f76ca0 Send mail for new users
* supply mail address
* send mail with username and URL to that mail address
* option to temporary enable this feature
2014-12-16 09:10:22 +01:00
Bernhard Posselt
be45366013 Merge pull request #12625 from owncloud/app-dependencies-libs-and-commands
adding dependencies for command line tools and php libraries
2014-12-15 12:34:46 +01:00
Morris Jobke
efb495b09f Merge pull request #12726 from owncloud/add-filter-for-backend-to-rest-index
Add filter for backend to rest index
2014-12-13 08:50:15 +01:00
Lukas Reschke
76a633bf52 Make comment clear 2014-12-12 16:50:14 +01:00
Lukas Reschke
dced436a3a Comment code path 2014-12-12 16:45:11 +01:00
Lukas Reschke
202f1215aa Use limit and offset 2014-12-12 16:43:24 +01:00
Lukas Reschke
d5b26e682c Use array key instead of value 2014-12-12 16:42:25 +01:00
Morris Jobke
04aaa72810 Show user backend in user management
* add switch to settings to show user backend
* user classes for headers and rows to unify the show/hide statement
* add user backend to response of user create request
* proper markup in settings area
2014-12-12 14:19:29 +01:00
Thomas Müller
dcb88e395b rework api of DependencyAnalyzer 2014-12-12 12:34:53 +01:00
Lukas Reschke
661dc789ce Break loop 2014-12-11 12:29:53 +01:00
Lukas Reschke
5dc6406b70 Add filter for 'backend' to user REST route
This adds a "backend" type filter to the index REST route which is a pre-requisite for https://github.com/owncloud/core/issues/12620

For example when calling `index.php/settings/users/users?offset=0&limit=10&gid=&pattern=&backend=OC_User_Database` only users within the backend `OC_User_Database` would be shown. (requires sending a CSRF token as well)

Depends upon https://github.com/owncloud/core/pull/12711
2014-12-10 12:07:34 +01:00
Lukas Reschke
4c13918bd8 Expose backend type via REST API
This change will expose the user backend via the REST API which is a pre-requisite for https://github.com/owncloud/core/issues/12620.

For example:
````json
[{"name":"9707A09E-CA9A-4ABE-A66A-3F632F16C409","displayname":"Document Conversion User Account","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/9707A09E-CA9A-4ABE-A66A-3F632F16C409","lastLogin":0,"backend":"OCA\\user_ldap\\USER_LDAP"},{"name":"ED86733E-745C-4E4D-90CB-278A9737DB3C","displayname":"Hacker","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/ED86733E-745C-4E4D-90CB-278A9737DB3C","lastLogin":0,"backend":"OCA\\user_ldap\\USER_LDAP"},{"name":"71CDF45B-E125-450D-983C-D9192F36EC88","displayname":"admin","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/71CDF45B-E125-450D-983C-D9192F36EC88","lastLogin":0,"backend":"OCA\\user_ldap\\USER_LDAP"},{"name":"admin","displayname":"admin","groups":["admin"],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/admin","lastLogin":"1418057287","backend":"OC_User_Database"},{"name":"test","displayname":"test","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/test","lastLogin":0,"backend":"OC_User_Database"}]
```
2014-12-09 12:04:19 +01:00
Lukas Reschke
c23957811d React on other statuscodes than 200 2014-12-08 16:35:13 +01:00
Lukas Reschke
8b3e389062 Add statuscodes 2014-12-08 15:32:59 +01:00
Lukas Reschke
fe7d9a7ca0 Add REST route for user & group management
First step of a somewhat testable user management. - I know, the JSON returns are in an ugly format but the JS expects it that way. So let's keep it that way until we have time to fix the JS in the future.
2014-12-08 12:11:01 +01:00
Thomas Müller
ba52c996cf adding supported databases 2014-12-04 11:40:33 +01:00
Thomas Müller
b469e9f6fb introduce dependency analyzer to take care of app dependencies
some more unit tests on xml info parser
2014-12-04 11:40:33 +01:00
Lukas Reschke
e73ccbd4ca Migrate "setsecurity.php" to the AppFramework
Add switch to enforce SSL for subdomains

Add unit tests

Add test for boolean values

Camel-case

Fix ugly JS
2014-11-03 16:53:03 +01:00
Lukas Reschke
437a660680 Merge pull request #11600 from owncloud/refactor-appsettings-to-app-framework
Migrate new app settings to AppFramework
2014-10-28 11:13:20 +01:00
Thomas Müller
4f2422ffbe fixing typo in English source string 2014-10-16 15:24:28 +02:00
Lukas Reschke
e4227658d9 Migrate new app settings to AppFramework
Let's migrate those two new files.
2014-10-15 22:01:56 +02:00
Thomas Müller
d3eebad591 fixing typos 2014-10-14 15:38:39 +02:00
Lukas Reschke
13b1b45ee4 Refactor MailSettings controller
- Do not store the password (fixes https://github.com/owncloud/core/issues/11385)
- Refactor to AppFramework
- Add unit tests

Conflicts:
	settings/admin/controller.php
2014-10-14 15:38:34 +02:00