Commit graph

11 commits

Author SHA1 Message Date
Morris Jobke
54c227b6c4
Use cached app list
Followup to #7264

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-12-14 09:56:53 +01:00
Morris Jobke
df61d43529
Make isUpdateAvailable non-static
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-25 12:01:02 +01:00
Morris Jobke
0e2f00ec59
Get the Installer via DI
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-25 12:00:57 +01:00
Joas Schilling
0bff4f3f07 Fix the installer tests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-07-05 13:02:16 +02:00
Lukas Reschke
3f9aaac4a2
Adjust tests
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-26 20:07:51 +02:00
Lukas Reschke
32bf8ec826
Don't use cached informations for app version
When installing an app from the appstore the `\OC_App::getAppVersion` code is triggered twice:

- First when the downloader tries to compare the current version to the new version on the appstore to check if there is a newer version. This protects against downgrade attacks and is implemented in `\OC\Installer::downloadApp`.
- Second, when the app is actually installed the current version is written to the database. (`\OC\Installer::installApp`)

This fails however when the version is actually cached. Because in step 1 the cached version will be set to "0" and then be reused in the second step.

While this is probably not the cleanest version I assume this is an approach that is least invasive. Feedback and suggestions welcome :)

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-12-09 18:01:45 +01:00
Lukas Reschke
7cb0df28e2
Prevent downgrade attacks for apps
We should verify the app versions when installing a new update, otherwise this could result in downgrade attacks when an attacker just copies the old signature.

Plus it prevents the case that in case of a bug in the appstore actually an older version gets installed.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-11 18:53:26 +01:00
Lukas Reschke
0eeef26a8e
Add tests for installer method
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-31 19:39:35 +01:00
Lukas Reschke
8acb54aa0b
Add update support
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-31 17:17:47 +01:00
Lukas Reschke
8d83e239f3
Fix tests
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-31 17:17:45 +01:00
Thomas Müller
e049953d1a
OC_Installer -> \OC\Installer 2016-05-02 08:52:06 +02:00
Renamed from tests/lib/installer.php (Browse further)