Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>tags/v29.0.0beta1
@@ -79,6 +79,7 @@ return array( | |||
'OCA\\Settings\\SetupChecks\\AppDirsWithDifferentOwner' => $baseDir . '/../lib/SetupChecks/AppDirsWithDifferentOwner.php', | |||
'OCA\\Settings\\SetupChecks\\BruteForceThrottler' => $baseDir . '/../lib/SetupChecks/BruteForceThrottler.php', | |||
'OCA\\Settings\\SetupChecks\\CheckUserCertificates' => $baseDir . '/../lib/SetupChecks/CheckUserCertificates.php', | |||
'OCA\\Settings\\SetupChecks\\CodeIntegrity' => $baseDir . '/../lib/SetupChecks/CodeIntegrity.php', | |||
'OCA\\Settings\\SetupChecks\\DatabaseHasMissingColumns' => $baseDir . '/../lib/SetupChecks/DatabaseHasMissingColumns.php', | |||
'OCA\\Settings\\SetupChecks\\DatabaseHasMissingIndices' => $baseDir . '/../lib/SetupChecks/DatabaseHasMissingIndices.php', | |||
'OCA\\Settings\\SetupChecks\\DatabaseHasMissingPrimaryKeys' => $baseDir . '/../lib/SetupChecks/DatabaseHasMissingPrimaryKeys.php', |
@@ -94,6 +94,7 @@ class ComposerStaticInitSettings | |||
'OCA\\Settings\\SetupChecks\\AppDirsWithDifferentOwner' => __DIR__ . '/..' . '/../lib/SetupChecks/AppDirsWithDifferentOwner.php', | |||
'OCA\\Settings\\SetupChecks\\BruteForceThrottler' => __DIR__ . '/..' . '/../lib/SetupChecks/BruteForceThrottler.php', | |||
'OCA\\Settings\\SetupChecks\\CheckUserCertificates' => __DIR__ . '/..' . '/../lib/SetupChecks/CheckUserCertificates.php', | |||
'OCA\\Settings\\SetupChecks\\CodeIntegrity' => __DIR__ . '/..' . '/../lib/SetupChecks/CodeIntegrity.php', | |||
'OCA\\Settings\\SetupChecks\\DatabaseHasMissingColumns' => __DIR__ . '/..' . '/../lib/SetupChecks/DatabaseHasMissingColumns.php', | |||
'OCA\\Settings\\SetupChecks\\DatabaseHasMissingIndices' => __DIR__ . '/..' . '/../lib/SetupChecks/DatabaseHasMissingIndices.php', | |||
'OCA\\Settings\\SetupChecks\\DatabaseHasMissingPrimaryKeys' => __DIR__ . '/..' . '/../lib/SetupChecks/DatabaseHasMissingPrimaryKeys.php', |
@@ -51,6 +51,7 @@ use OCA\Settings\Search\UserSearch; | |||
use OCA\Settings\SetupChecks\AppDirsWithDifferentOwner; | |||
use OCA\Settings\SetupChecks\BruteForceThrottler; | |||
use OCA\Settings\SetupChecks\CheckUserCertificates; | |||
use OCA\Settings\SetupChecks\CodeIntegrity; | |||
use OCA\Settings\SetupChecks\DatabaseHasMissingColumns; | |||
use OCA\Settings\SetupChecks\DatabaseHasMissingIndices; | |||
use OCA\Settings\SetupChecks\DatabaseHasMissingPrimaryKeys; | |||
@@ -168,6 +169,7 @@ class Application extends App implements IBootstrap { | |||
$context->registerSetupCheck(AppDirsWithDifferentOwner::class); | |||
$context->registerSetupCheck(BruteForceThrottler::class); | |||
$context->registerSetupCheck(CheckUserCertificates::class); | |||
$context->registerSetupCheck(CodeIntegrity::class); | |||
$context->registerSetupCheck(DatabaseHasMissingColumns::class); | |||
$context->registerSetupCheck(DatabaseHasMissingIndices::class); | |||
$context->registerSetupCheck(DatabaseHasMissingPrimaryKeys::class); |
@@ -406,8 +406,6 @@ Raw output | |||
'isUsedTlsLibOutdated' => $this->isUsedTlsLibOutdated(), | |||
'reverseProxyDocs' => $this->urlGenerator->linkToDocs('admin-reverse-proxy'), | |||
'isCorrectMemcachedPHPModuleInstalled' => $this->isCorrectMemcachedPHPModuleInstalled(), | |||
'hasPassedCodeIntegrityCheck' => $this->checker->hasPassedCheck(), | |||
'codeIntegrityCheckerDocumentation' => $this->urlGenerator->linkToDocs('admin-code-integrity'), | |||
'isSettimelimitAvailable' => $this->isSettimelimitAvailable(), | |||
'areWebauthnExtensionsEnabled' => $this->areWebauthnExtensionsEnabled(), | |||
'isMysqlUsedWithoutUTF8MB4' => $this->isMysqlUsedWithoutUTF8MB4(), |
@@ -0,0 +1,63 @@ | |||
<?php | |||
declare(strict_types=1); | |||
/** | |||
* @copyright Copyright (c) 2023 Côme Chilliet <come.chilliet@nextcloud.com> | |||
* | |||
* @author Côme Chilliet <come.chilliet@nextcloud.com> | |||
* | |||
* @license GNU AGPL version 3 or any later version | |||
* | |||
* This program is free software: you can redistribute it and/or modify | |||
* it under the terms of the GNU Affero General Public License as | |||
* published by the Free Software Foundation, either version 3 of the | |||
* License, or (at your option) any later version. | |||
* | |||
* This program is distributed in the hope that it will be useful, | |||
* but WITHOUT ANY WARRANTY; without even the implied warranty of | |||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |||
* GNU Affero General Public License for more details. | |||
* | |||
* You should have received a copy of the GNU Affero General Public License | |||
* along with this program. If not, see <http://www.gnu.org/licenses/>. | |||
* | |||
*/ | |||
namespace OCA\Settings\SetupChecks; | |||
use OC\IntegrityCheck\Checker; | |||
use OCP\IL10N; | |||
use OCP\IURLGenerator; | |||
use OCP\SetupCheck\ISetupCheck; | |||
use OCP\SetupCheck\SetupResult; | |||
class CodeIntegrity implements ISetupCheck { | |||
public function __construct( | |||
private IL10N $l10n, | |||
private IURLGenerator $urlGenerator, | |||
private Checker $checker, | |||
) { | |||
} | |||
public function getName(): string { | |||
return $this->l10n->t('Code integrity'); | |||
} | |||
public function getCategory(): string { | |||
return 'security'; | |||
} | |||
public function run(): SetupResult { | |||
if (!$this->checker->isCodeCheckEnforced()) { | |||
return SetupResult::info($this->l10n->t('Integrity checker has been disabled. Integrity cannot be verified.')); | |||
} elseif ($this->checker->hasPassedCheck()) { | |||
return SetupResult::success($this->l10n->t('No altered files')); | |||
} else { | |||
// FIXME: If setup check can link to settings pages this should link to /settings/integrity/failed and /settings/integrity/rescan?requesttoken=TOKEN | |||
return SetupResult::error( | |||
$this->l10n->t('Some files have not passed the integrity check.'), | |||
$this->urlGenerator->linkToDocs('admin-code-integrity') | |||
); | |||
} | |||
} | |||
} |
@@ -254,8 +254,6 @@ class CheckSetupControllerTest extends TestCase { | |||
'isUsedTlsLibOutdated' => '', | |||
'reverseProxyDocs' => 'reverse-proxy-doc-link', | |||
'isCorrectMemcachedPHPModuleInstalled' => true, | |||
'hasPassedCodeIntegrityCheck' => true, | |||
'codeIntegrityCheckerDocumentation' => 'http://docs.example.org/server/go.php?to=admin-code-integrity', | |||
'isSettimelimitAvailable' => true, | |||
'areWebauthnExtensionsEnabled' => false, | |||
'isMysqlUsedWithoutUTF8MB4' => false, |
@@ -230,16 +230,6 @@ | |||
type: OC.SetupChecks.MESSAGE_TYPE_WARNING | |||
}); | |||
} | |||
if(!data.hasPassedCodeIntegrityCheck) { | |||
messages.push({ | |||
msg: t('core', 'Some files have not passed the integrity check. Further information on how to resolve this issue can be found in the {linkstart1}documentation ↗{linkend}. ({linkstart2}List of invalid files…{linkend} / {linkstart3}Rescan…{linkend})') | |||
.replace('{linkstart1}', '<a target="_blank" rel="noreferrer noopener" class="external" href="' + data.codeIntegrityCheckerDocumentation + '">') | |||
.replace('{linkstart2}', '<a href="' + OC.generateUrl('/settings/integrity/failed') + '">') | |||
.replace('{linkstart3}', '<a href="' + OC.generateUrl('/settings/integrity/rescan?requesttoken={requesttoken}', {'requesttoken': OC.requestToken}) + '">') | |||
.replace(/{linkend}/g, '</a>'), | |||
type: OC.SetupChecks.MESSAGE_TYPE_ERROR | |||
}); | |||
} | |||
if(!data.isSettimelimitAvailable) { | |||
messages.push({ | |||
msg: t('core', 'The PHP function "set_time_limit" is not available. This could result in scripts being halted mid-execution, breaking your installation. Enabling this function is strongly recommended.'), |
@@ -226,7 +226,6 @@ describe('OC.SetupChecks tests', function() { | |||
suggestedOverwriteCliURL: '', | |||
isFairUseOfFreePushService: true, | |||
isCorrectMemcachedPHPModuleInstalled: true, | |||
hasPassedCodeIntegrityCheck: true, | |||
isSettimelimitAvailable: true, | |||
cronErrors: [], | |||
cronInfo: { | |||
@@ -272,7 +271,6 @@ describe('OC.SetupChecks tests', function() { | |||
suggestedOverwriteCliURL: '', | |||
isFairUseOfFreePushService: true, | |||
isCorrectMemcachedPHPModuleInstalled: true, | |||
hasPassedCodeIntegrityCheck: true, | |||
isSettimelimitAvailable: true, | |||
cronErrors: [], | |||
cronInfo: { | |||
@@ -318,7 +316,6 @@ describe('OC.SetupChecks tests', function() { | |||
suggestedOverwriteCliURL: '', | |||
isFairUseOfFreePushService: true, | |||
isCorrectMemcachedPHPModuleInstalled: true, | |||
hasPassedCodeIntegrityCheck: true, | |||
isSettimelimitAvailable: true, | |||
cronErrors: [], | |||
cronInfo: { | |||
@@ -364,7 +361,6 @@ describe('OC.SetupChecks tests', function() { | |||
suggestedOverwriteCliURL: '', | |||
isFairUseOfFreePushService: true, | |||
isCorrectMemcachedPHPModuleInstalled: false, | |||
hasPassedCodeIntegrityCheck: true, | |||
isSettimelimitAvailable: true, | |||
cronErrors: [], | |||
cronInfo: { | |||
@@ -409,7 +405,6 @@ describe('OC.SetupChecks tests', function() { | |||
isFairUseOfFreePushService: true, | |||
reverseProxyDocs: 'https://docs.nextcloud.com/foo/bar.html', | |||
isCorrectMemcachedPHPModuleInstalled: true, | |||
hasPassedCodeIntegrityCheck: true, | |||
isSettimelimitAvailable: false, | |||
cronErrors: [], | |||
cronInfo: { | |||
@@ -454,7 +449,6 @@ describe('OC.SetupChecks tests', function() { | |||
isFairUseOfFreePushService: true, | |||
reverseProxyDocs: 'https://docs.nextcloud.com/foo/bar.html', | |||
isCorrectMemcachedPHPModuleInstalled: true, | |||
hasPassedCodeIntegrityCheck: true, | |||
isSettimelimitAvailable: true, | |||
cronErrors: [], | |||
cronInfo: { | |||
@@ -530,7 +524,6 @@ describe('OC.SetupChecks tests', function() { | |||
suggestedOverwriteCliURL: '', | |||
isFairUseOfFreePushService: true, | |||
isCorrectMemcachedPHPModuleInstalled: true, | |||
hasPassedCodeIntegrityCheck: true, | |||
isSettimelimitAvailable: true, | |||
cronErrors: [], | |||
cronInfo: { | |||
@@ -581,7 +574,6 @@ describe('OC.SetupChecks tests', function() { | |||
suggestedOverwriteCliURL: '', | |||
isFairUseOfFreePushService: true, | |||
isCorrectMemcachedPHPModuleInstalled: true, | |||
hasPassedCodeIntegrityCheck: true, | |||
isSettimelimitAvailable: true, | |||
cronErrors: [], | |||
cronInfo: { | |||
@@ -629,7 +621,6 @@ describe('OC.SetupChecks tests', function() { | |||
suggestedOverwriteCliURL: '', | |||
isFairUseOfFreePushService: true, | |||
isCorrectMemcachedPHPModuleInstalled: true, | |||
hasPassedCodeIntegrityCheck: true, | |||
isSettimelimitAvailable: true, | |||
cronErrors: [], | |||
cronInfo: { | |||
@@ -674,7 +665,6 @@ describe('OC.SetupChecks tests', function() { | |||
suggestedOverwriteCliURL: '', | |||
isFairUseOfFreePushService: true, | |||
isCorrectMemcachedPHPModuleInstalled: true, | |||
hasPassedCodeIntegrityCheck: true, | |||
isSettimelimitAvailable: true, | |||
cronErrors: [], | |||
cronInfo: { | |||
@@ -716,7 +706,6 @@ describe('OC.SetupChecks tests', function() { | |||
suggestedOverwriteCliURL: '', | |||
isFairUseOfFreePushService: true, | |||
isCorrectMemcachedPHPModuleInstalled: true, | |||
hasPassedCodeIntegrityCheck: true, | |||
isSettimelimitAvailable: true, | |||
cronErrors: [], | |||
cronInfo: { | |||
@@ -748,7 +737,6 @@ describe('OC.SetupChecks tests', function() { | |||
}); | |||
}); | |||
it('should return an error if gmp or bcmath are not enabled', function(done) { | |||
var async = OC.SetupChecks.checkSetup(); | |||
@@ -761,7 +749,6 @@ describe('OC.SetupChecks tests', function() { | |||
suggestedOverwriteCliURL: '', | |||
isFairUseOfFreePushService: true, | |||
isCorrectMemcachedPHPModuleInstalled: true, | |||
hasPassedCodeIntegrityCheck: true, | |||
isSettimelimitAvailable: true, | |||
cronErrors: [], | |||
cronInfo: { | |||
@@ -805,7 +792,6 @@ describe('OC.SetupChecks tests', function() { | |||
suggestedOverwriteCliURL: '', | |||
isFairUseOfFreePushService: true, | |||
isCorrectMemcachedPHPModuleInstalled: true, | |||
hasPassedCodeIntegrityCheck: true, | |||
isSettimelimitAvailable: true, | |||
cronErrors: [], | |||
cronInfo: { | |||
@@ -856,7 +842,6 @@ describe('OC.SetupChecks tests', function() { | |||
suggestedOverwriteCliURL: '', | |||
isFairUseOfFreePushService: true, | |||
isCorrectMemcachedPHPModuleInstalled: true, | |||
hasPassedCodeIntegrityCheck: true, | |||
isSettimelimitAvailable: true, | |||
cronErrors: [], | |||
cronInfo: { |