Commit graph

32377 commits

Author SHA1 Message Date
Christoph Wurst
3a1882b143
run upgrades in incognito mode 2016-05-12 11:56:58 +02:00
Christoph Wurst
c28e462583
Use CLOB for auth token names to allow long user agent strings 2016-05-12 11:19:17 +02:00
Joas Schilling
eea98f1d74 Background jobs from info.xml (#24582)
* Move background job registration of Federation to info.xml

* Move background registration of Files app to info.xml

* Move background job registration of files_sharing to info.xml

* Move background job registration of files_trashbin to info.xml

* Move background job registration of files_versions to info.xml

* Move background job registration from user_ldap to info.xml
2016-05-12 10:43:43 +02:00
Joas Schilling
1def89b2c5 Move the testing app to PSR-4 (#24580) 2016-05-12 09:49:37 +02:00
Joas Schilling
b57f3126eb Move files_versions to PSR-4 (#24571) 2016-05-12 09:49:15 +02:00
Joas Schilling
d5dee80580 Move files_trashbin to PSR-4 (#24570) 2016-05-12 09:48:53 +02:00
Roeland Douma
56f4c4bed9 Move \OCP\Comments to PSR-4 (#24565) 2016-05-12 09:48:11 +02:00
Roeland Douma
9b05f37fad lib/private/ocs to PSR-4 (#24558)
* Move OC_OCS_XX to legacy

* Move \OC\OCS to PSR-4

* OC_OCS_xx to \OC\OCS\xx

* Moved OC_OCS_xx to proper namespace
* OC_OCS_xx is still there for legacy reasons as a wrapper

* No calls to OC_OCS_xx in \OC\OCS\
2016-05-12 09:43:53 +02:00
Lukas Reschke
52add798d4 Do not automatically try to enable index.php-less URLs (#24539)
The current logic for mod_rewrite relies on the fact that people have properly configured ownCloud, basically it reads from the `overwrite.cli.ur
l` entry and then derives the `RewriteBase` from it.

This usually works. However, since the ownCloud packages seem to install themselves at `/owncloud` (because subfolders are cool or so…) _a lot_ of people have just created a new Virtual Host for it or have simply symlinked the path etc.

This means that `overwrite.cli.url` is wrong, which fails hard if it is used as RewriteBase since Apache does not know where it should serve files from. In the end the ownCloud instance will not be accessible anymore and users will be frustrated. Also some shared hosters like 1&1 (because using shared hosters is so awesome… ;-)) have somewhat dubious Apache configurations or use versions of mod_rewrite from the mediveal age. (because updating is money or so…)

Anyhow. This makes this explicitly an opt-in configuration flag. If `htaccess.RewriteBase` is set then it will configure index.php-less URLs, if
admins set that after installation and don't want to wait until the next ownCloud version they can run `occ maintenance:update:htaccess`.

For ownCloud 9.0 we also have to add a repair step to make sure that instances that already have a RewriteBase configured continue to use it by copying it into the config file. That way all existing URLs stay valid. That one is not in this PR since this is unneccessary in master.

Effectively this reduces another risk of breakage when updating from ownCloud 8 to ownCloud 9.

Fixes https://github.com/owncloud/core/issues/24525, https://github.com/owncloud/core/issues/24426 and probably some more.
2016-05-12 09:43:26 +02:00
Joas Schilling
dd9ee10bc0 Move dav app to PSR-4 (#24527)
* Move Application to correct namespace and PSR-4 it

* Move dav app to PSR-4
2016-05-12 09:42:40 +02:00
Joas Schilling
4a3311f430 Move Encryption app to PSR-4 (#24524)
* Move Encryption to PSR-4

* Move encryption tests to PSR-4

* Fix the tests
2016-05-12 09:42:19 +02:00
Jenkins for ownCloud
c5ae14453a [tx-robot] updated from transifex 2016-05-12 02:08:58 -04:00
Robin McCorkell
8f58b89c3f Add tests for backend/auth mechanism providers 2016-05-11 21:24:53 +01:00
Robin McCorkell
711bc7469a Use backend/auth mechanism providers in files_external 2016-05-11 21:16:31 +01:00
Robin McCorkell
af0930fe59 Introduce backend/auth mechanism providers
Direct registration of backends/auth mechanisms is now deprecated
2016-05-11 21:16:26 +01:00
Vincent Petry
ceaac03bb5 Make permalinks work for trashed files (#24537)
Opening a permalink that points to a trashed file will now display the
file within the "Deleted Files" section in the files web UI.
2016-05-11 19:41:36 +02:00
Joas Schilling
bc1d70f08c Pass on the error message from the user manager to the UI (#24526) 2016-05-11 19:41:13 +02:00
Lukas Reschke
ee0ebd192a Use proper URL generation function (#24576)
Fixes the redirection after login, otherwise `core/files/index` is opened which fails.
2016-05-11 19:39:57 +02:00
Joas Schilling
2a05035339 Move Provisioning api to PSR-4 (#24510)
* Move app to PSR-4

* Fix setUp method

* Fix the tests
2016-05-11 19:38:49 +02:00
Jörn Friedrich Dreyer
e03f9e8103 allow configuration of memcached options (#23729)
* allow configuration of memcache options

Use production values for memcached as explained in http://apprize.info/php/scaling/15.html

The current implementiation uses ascii based serialization. This PR should reduce traffic to the memcached server.

cc @MorrisJobke @FelixBoehm

* add config sample

* merge config options, throw hint on config error

* fix typo

* fix config sample
2016-05-11 19:38:00 +02:00
Thomas Müller
3333c4c0b9 Merge pull request #24568 from owncloud/fix_24566
Fix etag propegation test race condition
2016-05-11 16:29:00 +02:00
Roeland Jago Douma
8bfa532075
Fix test race condition
E-tag propagation replies on the mtime of the file. Order of events:

1. add file 'foo.txt' with content 'bar'
2. Set mtime to now() - 1
3. Check if etag changed.

Now this goes right often when 1 and 2 happen in the same second.
However imagine

1. add file 'foo.txt' with content 'bar' (at t=0.999)
2. Set mtime to now() - 1 (at t=1.001)

Now the mtime will be set to the same time. Thus not chaning the etag.
2016-05-11 14:07:37 +02:00
Thomas Müller
8729415880 Merge pull request #24531 from owncloud/psr4-loading-for-install-and-commands
Correctly register PSR-4 autoloading before install.php and loading commands
2016-05-11 13:53:16 +02:00
Thomas Müller
efa545f8f0 Merge pull request #24189 from owncloud/pluggable-auth
Pluggable auth
2016-05-11 13:52:45 +02:00
Christoph Wurst
0486d750aa
use the UID for creating the session token, not the login name 2016-05-11 13:36:46 +02:00
Christoph Wurst
5e55dfb2d6
create session token for DAV clients (sync clients) 2016-05-11 13:36:46 +02:00
Christoph Wurst
214aa6639c
fix login with email 2016-05-11 13:36:46 +02:00
Christoph Wurst
69dafd727d
delete the token in case an exception is thrown when decrypting the password 2016-05-11 13:36:46 +02:00
Christoph Wurst
af707fba41
use the query builder instead of raw sql statements 2016-05-11 13:36:46 +02:00
Christoph Wurst
46bdf6ea2b
fix PHPDoc and other minor issues 2016-05-11 13:36:46 +02:00
Christoph Wurst
3ffa7d986a
show login error 2016-05-11 13:36:46 +02:00
Christoph Wurst
a9b500c03b
catch possible SessionNotAvailableExceptions 2016-05-11 13:36:46 +02:00
Christoph Wurst
bfed02b038
add auth integration tests 2016-05-11 13:36:46 +02:00
Christoph Wurst
f0f8bdd495
PHPDoc and other minor fixes 2016-05-11 13:36:46 +02:00
Christoph Wurst
dff108e97b
fix mock builder for old phpunit versions 2016-05-11 13:36:46 +02:00
Christoph Wurst
fbb5768587
add unit tests for all new classes 2016-05-11 13:36:46 +02:00
Christoph Wurst
699289cd26
pass in $request on OCS api 2016-05-11 13:36:46 +02:00
Christoph Wurst
168ccf90a6
try apache auth too 2016-05-11 13:36:46 +02:00
Christoph Wurst
aa85edd224
increase token column width
add some range to time() assertions
2016-05-11 13:36:46 +02:00
Christoph Wurst
8cc5f6036f
Fix existing tests 2016-05-11 13:36:46 +02:00
Christoph Wurst
aafd660b97
fix LoginController unit tests 2016-05-11 13:36:46 +02:00
Christoph Wurst
7aa16e1559
fix setup 2016-05-11 13:36:46 +02:00
Christoph Wurst
18704a9fc8
increase version number to trigger db migration 2016-05-11 13:36:46 +02:00
Christoph Wurst
7e7d5a2ef2
Add fallback to allow user:token basic auth 2016-05-11 13:36:46 +02:00
Christoph Wurst
fdc2cd7554
Add token auth for OCS APIs 2016-05-11 13:36:46 +02:00
Christoph Wurst
8d48502187
Add index on 'last_activity'
add token type column and delete only temporary tokens in the background job

debounce token updates; fix wrong class import
2016-05-11 13:36:46 +02:00
Christoph Wurst
53636c73d6
Add controller to generate client tokens 2016-05-11 13:36:46 +02:00
Christoph Wurst
3ab922601a
Check if session token is valid and log user out if the check fails
* Update last_activity timestamp of the session token
* Check user backend credentials once in 5 minutes
2016-05-11 13:36:46 +02:00
Christoph Wurst
2fa5e0a24e
invalidate (delete) session token on logout
add 'last_activity' column to session tokens and delete old ones via a background job
2016-05-11 13:36:46 +02:00
Christoph Wurst
d8cde414bd
token based auth
* Add InvalidTokenException
* add DefaultTokenMapper and use it to check if a auth token exists
* create new token for the browser session if none exists
hash stored token; save user agent
* encrypt login password when creating the token
2016-05-11 13:36:46 +02:00