Signed-off-by: Morris Jobke <hey@morrisjobke.de>tags/v21.0.0beta1
@@ -56,6 +56,7 @@ return array( | |||
'OCA\\Settings\\Settings\\Personal\\Security\\TwoFactor' => $baseDir . '/../lib/Settings/Personal/Security/TwoFactor.php', | |||
'OCA\\Settings\\Settings\\Personal\\Security\\WebAuthn' => $baseDir . '/../lib/Settings/Personal/Security/WebAuthn.php', | |||
'OCA\\Settings\\Settings\\Personal\\ServerDevNotice' => $baseDir . '/../lib/Settings/Personal/ServerDevNotice.php', | |||
'OCA\\Settings\\SetupChecks\\CheckUserCertificates' => $baseDir . '/../lib/SetupChecks/CheckUserCertificates.php', | |||
'OCA\\Settings\\SetupChecks\\LegacySSEKeyFormat' => $baseDir . '/../lib/SetupChecks/LegacySSEKeyFormat.php', | |||
'OCA\\Settings\\SetupChecks\\PhpDefaultCharset' => $baseDir . '/../lib/SetupChecks/PhpDefaultCharset.php', | |||
'OCA\\Settings\\SetupChecks\\PhpOutputBuffering' => $baseDir . '/../lib/SetupChecks/PhpOutputBuffering.php', |
@@ -71,6 +71,7 @@ class ComposerStaticInitSettings | |||
'OCA\\Settings\\Settings\\Personal\\Security\\TwoFactor' => __DIR__ . '/..' . '/../lib/Settings/Personal/Security/TwoFactor.php', | |||
'OCA\\Settings\\Settings\\Personal\\Security\\WebAuthn' => __DIR__ . '/..' . '/../lib/Settings/Personal/Security/WebAuthn.php', | |||
'OCA\\Settings\\Settings\\Personal\\ServerDevNotice' => __DIR__ . '/..' . '/../lib/Settings/Personal/ServerDevNotice.php', | |||
'OCA\\Settings\\SetupChecks\\CheckUserCertificates' => __DIR__ . '/..' . '/../lib/SetupChecks/CheckUserCertificates.php', | |||
'OCA\\Settings\\SetupChecks\\LegacySSEKeyFormat' => __DIR__ . '/..' . '/../lib/SetupChecks/LegacySSEKeyFormat.php', | |||
'OCA\\Settings\\SetupChecks\\PhpDefaultCharset' => __DIR__ . '/..' . '/../lib/SetupChecks/PhpDefaultCharset.php', | |||
'OCA\\Settings\\SetupChecks\\PhpOutputBuffering' => __DIR__ . '/..' . '/../lib/SetupChecks/PhpOutputBuffering.php', |
@@ -53,6 +53,7 @@ use OC\DB\SchemaWrapper; | |||
use OC\IntegrityCheck\Checker; | |||
use OC\Lock\NoopLockingProvider; | |||
use OC\MemoryInfo; | |||
use OCA\Settings\SetupChecks\CheckUserCertificates; | |||
use OCA\Settings\SetupChecks\LegacySSEKeyFormat; | |||
use OCA\Settings\SetupChecks\PhpDefaultCharset; | |||
use OCA\Settings\SetupChecks\PhpOutputBuffering; | |||
@@ -692,6 +693,8 @@ Raw output | |||
$phpDefaultCharset = new PhpDefaultCharset(); | |||
$phpOutputBuffering = new PhpOutputBuffering(); | |||
$legacySSEKeyFormat = new LegacySSEKeyFormat($this->l10n, $this->config, $this->urlGenerator); | |||
$checkUserCertificates = new CheckUserCertificates($this->l10n, $this->config, $this->urlGenerator); | |||
return new DataResponse( | |||
[ | |||
'isGetenvServerWorking' => !empty(getenv('PATH')), | |||
@@ -734,6 +737,7 @@ Raw output | |||
PhpDefaultCharset::class => ['pass' => $phpDefaultCharset->run(), 'description' => $phpDefaultCharset->description(), 'severity' => $phpDefaultCharset->severity()], | |||
PhpOutputBuffering::class => ['pass' => $phpOutputBuffering->run(), 'description' => $phpOutputBuffering->description(), 'severity' => $phpOutputBuffering->severity()], | |||
LegacySSEKeyFormat::class => ['pass' => $legacySSEKeyFormat->run(), 'description' => $legacySSEKeyFormat->description(), 'severity' => $legacySSEKeyFormat->severity(), 'linkToDocumentation' => $legacySSEKeyFormat->linkToDocumentation()], | |||
CheckUserCertificates::class => ['pass' => $checkUserCertificates->run(), 'description' => $checkUserCertificates->description(), 'severity' => $checkUserCertificates->severity(), 'elements' => $checkUserCertificates->elements()], | |||
] | |||
); | |||
} |
@@ -0,0 +1,80 @@ | |||
<?php | |||
declare(strict_types=1); | |||
/** | |||
* @copyright Copyright (c) 2020 Morris Jobke <hey@morrisjobke.de> | |||
* | |||
* @author Morris Jobke <hey@morrisjobke.de> | |||
* | |||
* @license GNU AGPL version 3 or any later version | |||
* | |||
* This program is free software: you can redistribute it and/or modify | |||
* it under the terms of the GNU Affero General Public License as | |||
* published by the Free Software Foundation, either version 3 of the | |||
* License, or (at your option) any later version. | |||
* | |||
* This program is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
* GNU Affero General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU Affero General Public License | |||
* along with this program. If not, see <http://www.gnu.org/licenses/>. | |||
* | |||
*/ | |||
namespace OCA\Settings\SetupChecks; | |||
use OCP\IConfig; | |||
use OCP\IL10N; | |||
use OCP\IURLGenerator; | |||
class CheckUserCertificates { | |||
/** @var IL10N */ | |||
private $l10n; | |||
/** @var string */ | |||
private $configValue; | |||
/** @var IURLGenerator */ | |||
private $urlGenerator; | |||
public function __construct(IL10N $l10n, IConfig $config, IURLGenerator $urlGenerator) { | |||
$this->l10n = $l10n; | |||
$configValue = $config->getAppValue('files_external', 'user_certificate_scan', false); | |||
if (!is_string($configValue)) { | |||
$configValue = ''; | |||
} | |||
$this->configValue = $configValue; | |||
$this->urlGenerator = $urlGenerator; | |||
} | |||
public function description(): string { | |||
if ($this->configValue === '') { | |||
return ''; | |||
} | |||
if ($this->configValue === 'not-run-yet') { | |||
return $this->l10n->t('A background job is pending that checks for user imported SSL certificates. Please check back later.'); | |||
} | |||
return $this->l10n->t('There are some user imported SSL certificates present, that are not used anymore with Nextcloud 21. They can be imported on the command line via "occ security:certificates:import" command. Their paths inside the data directory are shown below.'); | |||
} | |||
public function severity(): string { | |||
return 'warning'; | |||
} | |||
public function run(): bool { | |||
// all fine if neither "not-run-yet" nor a result | |||
return $this->configValue === ''; | |||
} | |||
public function elements(): array { | |||
if ($this->configValue === '' || $this->configValue === 'not-run-yet') { | |||
return []; | |||
} | |||
$data = json_decode($this->configValue); | |||
if (!is_array($data)) { | |||
return []; | |||
} | |||
return $data; | |||
} | |||
} |
@@ -382,22 +382,26 @@ class CheckSetupControllerTest extends TestCase { | |||
public function testCheck() { | |||
$this->config->expects($this->at(0)) | |||
->method('getAppValue') | |||
->with('files_external', 'user_certificate_scan', false) | |||
->willReturn('["a", "b"]'); | |||
$this->config->expects($this->at(1)) | |||
->method('getAppValue') | |||
->with('core', 'cronErrors') | |||
->willReturn(''); | |||
$this->config->expects($this->at(2)) | |||
$this->config->expects($this->at(3)) | |||
->method('getSystemValue') | |||
->with('connectivity_check_domains', ['www.nextcloud.com', 'www.startpage.com', 'www.eff.org', 'www.edri.org']) | |||
->willReturn(['www.nextcloud.com', 'www.startpage.com', 'www.eff.org', 'www.edri.org']); | |||
$this->config->expects($this->at(3)) | |||
$this->config->expects($this->at(4)) | |||
->method('getSystemValue') | |||
->with('memcache.local', null) | |||
->willReturn('SomeProvider'); | |||
$this->config->expects($this->at(4)) | |||
$this->config->expects($this->at(5)) | |||
->method('getSystemValue') | |||
->with('has_internet_connection', true) | |||
->willReturn(true); | |||
$this->config->expects($this->at(5)) | |||
$this->config->expects($this->at(6)) | |||
->method('getSystemValue') | |||
->with('appstoreenabled', true) | |||
->willReturn(false); | |||
@@ -594,6 +598,7 @@ class CheckSetupControllerTest extends TestCase { | |||
'OCA\Settings\SetupChecks\PhpDefaultCharset' => ['pass' => true, 'description' => 'PHP configuration option default_charset should be UTF-8', 'severity' => 'warning'], | |||
'OCA\Settings\SetupChecks\PhpOutputBuffering' => ['pass' => true, 'description' => 'PHP configuration option output_buffering must be disabled', 'severity' => 'error'], | |||
'OCA\Settings\SetupChecks\LegacySSEKeyFormat' => ['pass' => true, 'description' => 'The old server-side-encryption format is enabled. We recommend disabling this.', 'severity' => 'warning', 'linkToDocumentation' => ''], | |||
'OCA\Settings\SetupChecks\CheckUserCertificates' => ['pass' => false, 'description' => 'There are some user imported SSL certificates present, that are not used anymore with Nextcloud 21. They can be imported on the command line via "occ security:certificates:import" command. Their paths inside the data directory are shown below.', 'severity' => 'warning', 'elements' => ['a', 'b']], | |||
'imageMagickLacksSVGSupport' => false, | |||
] | |||
); |
@@ -0,0 +1,79 @@ | |||
<?php | |||
/** | |||
* @copyright 2020 Morris Jobke <hey@morrisjobke.de> | |||
* | |||
* @author Morris Jobke <hey@morrisjobke.de> | |||
* | |||
* @license GNU AGPL version 3 or any later version | |||
* | |||
* This program is free software: you can redistribute it and/or modify | |||
* it under the terms of the GNU Affero General Public License as | |||
* published by the Free Software Foundation, either version 3 of the | |||
* License, or (at your option) any later version. | |||
* | |||
* This program is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
* GNU Affero General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU Affero General Public License | |||
* along with this program. If not, see <http://www.gnu.org/licenses/>. | |||
* | |||
*/ | |||
namespace OC\Core\BackgroundJobs; | |||
use OC\BackgroundJob\QueuedJob; | |||
use OCP\Files\Folder; | |||
use OCP\Files\IRootFolder; | |||
use OCP\Files\NotFoundException; | |||
use OCP\IConfig; | |||
use OCP\IUser; | |||
use OCP\IUserManager; | |||
class CheckForUserCertificates extends QueuedJob { | |||
/** @var IConfig */ | |||
protected $config; | |||
/** @var IUserManager */ | |||
private $userManager; | |||
/** @var IRootFolder */ | |||
private $rootFolder; | |||
public function __construct(IConfig $config, IUserManager $userManager, IRootFolder $rootFolder) { | |||
$this->config = $config; | |||
$this->userManager = $userManager; | |||
$this->rootFolder = $rootFolder; | |||
} | |||
/** | |||
* Checks all user directories for old user uploaded certificates | |||
*/ | |||
public function run($arguments) { | |||
$uploadList = []; | |||
$this->userManager->callForSeenUsers(function (IUser $user) use (&$uploadList) { | |||
$userId = $user->getUID(); | |||
try { | |||
\OC_Util::setupFS($userId); | |||
$filesExternalUploadsFolder = $this->rootFolder->get($userId . '/files_external/uploads'); | |||
} catch (NotFoundException $e) { | |||
\OC_Util::tearDownFS(); | |||
return; | |||
} | |||
if ($filesExternalUploadsFolder instanceof Folder) { | |||
$files = $filesExternalUploadsFolder->getDirectoryListing(); | |||
foreach ($files as $file) { | |||
$filename = $file->getName(); | |||
$uploadList[] = "$userId/files_external/uploads/$filename"; | |||
} | |||
} | |||
\OC_Util::tearDownFS(); | |||
}); | |||
if (empty($uploadList)) { | |||
$this->config->deleteAppValue('files_external', 'user_certificate_scan'); | |||
} else { | |||
$this->config->setAppValue('files_external', 'user_certificate_scan', json_encode($uploadList)); | |||
} | |||
} | |||
} |
@@ -488,6 +488,7 @@ | |||
OC.SetupChecks.addGenericSetupCheck(data, 'OCA\\Settings\\SetupChecks\\PhpDefaultCharset', messages) | |||
OC.SetupChecks.addGenericSetupCheck(data, 'OCA\\Settings\\SetupChecks\\PhpOutputBuffering', messages) | |||
OC.SetupChecks.addGenericSetupCheck(data, 'OCA\\Settings\\SetupChecks\\LegacySSEKeyFormat', messages) | |||
OC.SetupChecks.addGenericSetupCheck(data, 'OCA\\Settings\\SetupChecks\\CheckUserCertificates', messages) | |||
} else { | |||
messages.push({ | |||
@@ -520,6 +521,15 @@ | |||
if (setupCheck.linkToDocumentation) { | |||
message += ' ' + t('core', 'For more details see the <a target="_blank" rel="noreferrer noopener" href="{docLink}">documentation</a>.', {docLink: setupCheck.linkToDocumentation}); | |||
} | |||
if (setupCheck.elements) { | |||
message += '<br><ul>' | |||
setupCheck.elements.forEach(function(element){ | |||
message += '<li>'; | |||
message += element | |||
message += '</li>'; | |||
}); | |||
message += '</ul>' | |||
} | |||
if (!setupCheck.pass) { | |||
messages.push({ |
@@ -769,6 +769,7 @@ return array( | |||
'OC\\Contacts\\ContactsMenu\\Providers\\EMailProvider' => $baseDir . '/lib/private/Contacts/ContactsMenu/Providers/EMailProvider.php', | |||
'OC\\Core\\Application' => $baseDir . '/core/Application.php', | |||
'OC\\Core\\BackgroundJobs\\BackgroundCleanupUpdaterBackupsJob' => $baseDir . '/core/BackgroundJobs/BackgroundCleanupUpdaterBackupsJob.php', | |||
'OC\\Core\\BackgroundJobs\\CheckForUserCertificates' => $baseDir . '/core/BackgroundJobs/CheckForUserCertificates.php', | |||
'OC\\Core\\BackgroundJobs\\CleanupLoginFlowV2' => $baseDir . '/core/BackgroundJobs/CleanupLoginFlowV2.php', | |||
'OC\\Core\\Command\\App\\CheckCode' => $baseDir . '/core/Command/App/CheckCode.php', | |||
'OC\\Core\\Command\\App\\Disable' => $baseDir . '/core/Command/App/Disable.php', | |||
@@ -1254,6 +1255,7 @@ return array( | |||
'OC\\Repair\\NC20\\EncryptionLegacyCipher' => $baseDir . '/lib/private/Repair/NC20/EncryptionLegacyCipher.php', | |||
'OC\\Repair\\NC20\\EncryptionMigration' => $baseDir . '/lib/private/Repair/NC20/EncryptionMigration.php', | |||
'OC\\Repair\\NC20\\ShippedDashboardEnable' => $baseDir . '/lib/private/Repair/NC20/ShippedDashboardEnable.php', | |||
'OC\\Repair\\NC21\\AddCheckForUserCertificatesJob' => $baseDir . '/lib/private/Repair/NC21/AddCheckForUserCertificatesJob.php', | |||
'OC\\Repair\\OldGroupMembershipShares' => $baseDir . '/lib/private/Repair/OldGroupMembershipShares.php', | |||
'OC\\Repair\\Owncloud\\DropAccountTermsTable' => $baseDir . '/lib/private/Repair/Owncloud/DropAccountTermsTable.php', | |||
'OC\\Repair\\Owncloud\\SaveAccountsTableData' => $baseDir . '/lib/private/Repair/Owncloud/SaveAccountsTableData.php', |
@@ -798,6 +798,7 @@ class ComposerStaticInit53792487c5a8370acc0b06b1a864ff4c | |||
'OC\\Contacts\\ContactsMenu\\Providers\\EMailProvider' => __DIR__ . '/../../..' . '/lib/private/Contacts/ContactsMenu/Providers/EMailProvider.php', | |||
'OC\\Core\\Application' => __DIR__ . '/../../..' . '/core/Application.php', | |||
'OC\\Core\\BackgroundJobs\\BackgroundCleanupUpdaterBackupsJob' => __DIR__ . '/../../..' . '/core/BackgroundJobs/BackgroundCleanupUpdaterBackupsJob.php', | |||
'OC\\Core\\BackgroundJobs\\CheckForUserCertificates' => __DIR__ . '/../../..' . '/core/BackgroundJobs/CheckForUserCertificates.php', | |||
'OC\\Core\\BackgroundJobs\\CleanupLoginFlowV2' => __DIR__ . '/../../..' . '/core/BackgroundJobs/CleanupLoginFlowV2.php', | |||
'OC\\Core\\Command\\App\\CheckCode' => __DIR__ . '/../../..' . '/core/Command/App/CheckCode.php', | |||
'OC\\Core\\Command\\App\\Disable' => __DIR__ . '/../../..' . '/core/Command/App/Disable.php', | |||
@@ -1283,6 +1284,7 @@ class ComposerStaticInit53792487c5a8370acc0b06b1a864ff4c | |||
'OC\\Repair\\NC20\\EncryptionLegacyCipher' => __DIR__ . '/../../..' . '/lib/private/Repair/NC20/EncryptionLegacyCipher.php', | |||
'OC\\Repair\\NC20\\EncryptionMigration' => __DIR__ . '/../../..' . '/lib/private/Repair/NC20/EncryptionMigration.php', | |||
'OC\\Repair\\NC20\\ShippedDashboardEnable' => __DIR__ . '/../../..' . '/lib/private/Repair/NC20/ShippedDashboardEnable.php', | |||
'OC\\Repair\\NC21\\AddCheckForUserCertificatesJob' => __DIR__ . '/../../..' . '/lib/private/Repair/NC21/AddCheckForUserCertificatesJob.php', | |||
'OC\\Repair\\OldGroupMembershipShares' => __DIR__ . '/../../..' . '/lib/private/Repair/OldGroupMembershipShares.php', | |||
'OC\\Repair\\Owncloud\\DropAccountTermsTable' => __DIR__ . '/../../..' . '/lib/private/Repair/Owncloud/DropAccountTermsTable.php', | |||
'OC\\Repair\\Owncloud\\SaveAccountsTableData' => __DIR__ . '/../../..' . '/lib/private/Repair/Owncloud/SaveAccountsTableData.php', |
@@ -52,6 +52,7 @@ use OC\Repair\NC18\ResetGeneratedAvatarFlag; | |||
use OC\Repair\NC20\EncryptionLegacyCipher; | |||
use OC\Repair\NC20\EncryptionMigration; | |||
use OC\Repair\NC20\ShippedDashboardEnable; | |||
use OC\Repair\NC21\AddCheckForUserCertificatesJob; | |||
use OC\Repair\OldGroupMembershipShares; | |||
use OC\Repair\Owncloud\DropAccountTermsTable; | |||
use OC\Repair\Owncloud\SaveAccountsTableData; | |||
@@ -164,6 +165,7 @@ class Repair implements IOutput { | |||
\OC::$server->query(EncryptionMigration::class), | |||
\OC::$server->get(ShippedDashboardEnable::class), | |||
\OC::$server->get(AddBruteForceCleanupJob::class), | |||
\OC::$server->get(AddCheckForUserCertificatesJob::class), | |||
]; | |||
} | |||
@@ -0,0 +1,61 @@ | |||
<?php | |||
/** | |||
* @copyright Copyright (c) 2020 Morris Jobke <hey@morrisjobke.de> | |||
* | |||
* @author Morris Jobke <hey@morrisjobke.de> | |||
* | |||
* @license GNU AGPL version 3 or any later version | |||
* | |||
* This program is free software: you can redistribute it and/or modify | |||
* it under the terms of the GNU Affero General Public License as | |||
* published by the Free Software Foundation, either version 3 of the | |||
* License, or (at your option) any later version. | |||
* | |||
* This program is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
* GNU Affero General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU Affero General Public License | |||
* along with this program. If not, see <http://www.gnu.org/licenses/>. | |||
* | |||
*/ | |||
namespace OC\Repair\NC21; | |||
use OC\Core\BackgroundJobs\CheckForUserCertificates; | |||
use OCP\BackgroundJob\IJobList; | |||
use OCP\IConfig; | |||
use OCP\Migration\IOutput; | |||
use OCP\Migration\IRepairStep; | |||
class AddCheckForUserCertificatesJob implements IRepairStep { | |||
/** @var IJobList */ | |||
protected $jobList; | |||
/** @var IConfig */ | |||
private $config; | |||
public function __construct(IConfig $config, IJobList $jobList) { | |||
$this->jobList = $jobList; | |||
$this->config = $config; | |||
} | |||
public function getName() { | |||
return 'Queue a one-time job to check for user uploaded certificates'; | |||
} | |||
private function shouldRun() { | |||
$versionFromBeforeUpdate = $this->config->getSystemValue('version', '0.0.0.0'); | |||
// was added to 21.0.0.2 | |||
return version_compare($versionFromBeforeUpdate, '21.0.0.2', '<'); | |||
} | |||
public function run(IOutput $output) { | |||
if ($this->shouldRun()) { | |||
$this->config->setAppValue('files_external', 'user_certificate_scan', 'not-run-yet'); | |||
$this->jobList->add(CheckForUserCertificates::class); | |||
} | |||
} | |||
} |
@@ -29,7 +29,7 @@ | |||
// between betas, final and RCs. This is _not_ the public version number. Reset minor/patchlevel | |||
// when updating major/minor version number. | |||
$OC_Version = [21, 0, 0, 1]; | |||
$OC_Version = [21, 0, 0, 2]; | |||
// The human readable string | |||
$OC_VersionString = '21.0.0 alpha'; |