diff options
| author | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2016-06-09 18:45:12 +0200 |
|---|---|---|
| committer | Arthur Schiwon <blizzz@arthur-schiwon.de> | 2016-06-09 18:45:12 +0200 |
| commit | a636e4ff28b25797d6cc7750bc1efe52437ec67f (patch) | |
| tree | ef385b9ef924088b6d6c1404d659e6be450aaf1f /core | |
| parent | 28193732ea24094335cccddf5fe03aeeeb6f5894 (diff) | |
| parent | 6ba18934e6f095de08bec7bdc10c45485eeb5cc7 (diff) | |
| download | nextcloud-server-a636e4ff28b25797d6cc7750bc1efe52437ec67f.tar.gz nextcloud-server-a636e4ff28b25797d6cc7750bc1efe52437ec67f.zip | |
Downstream 2016-06-09
Merge branch 'master' of https://github.com/owncloud/core into downstream-160609
Diffstat (limited to 'core')
| -rw-r--r-- | core/Application.php | 3 | ||||
| -rw-r--r-- | core/Command/Encryption/DecryptAll.php | 13 | ||||
| -rw-r--r-- | core/Controller/TokenController.php | 36 | ||||
| -rw-r--r-- | core/Controller/TwoFactorChallengeController.php | 9 | ||||
| -rw-r--r-- | core/Middleware/TwoFactorMiddleware.php | 5 | ||||
| -rw-r--r-- | core/css/styles.css | 4 | ||||
| -rw-r--r-- | core/css/tooltip.css | 2 | ||||
| -rw-r--r-- | core/js/setupchecks.js | 4 | ||||
| -rw-r--r-- | core/js/tests/specs/setupchecksSpec.js | 2 | ||||
| -rw-r--r-- | core/l10n/ja.js | 1 | ||||
| -rw-r--r-- | core/l10n/ja.json | 1 | ||||
| -rw-r--r-- | core/templates/twofactorselectchallenge.php | 3 | ||||
| -rw-r--r-- | core/templates/twofactorshowchallenge.php | 1 |
13 files changed, 65 insertions, 19 deletions
diff --git a/core/Application.php b/core/Application.php index 25e2fa76273..a87917b626a 100644 --- a/core/Application.php +++ b/core/Application.php @@ -120,7 +120,8 @@ class Application extends App { $c->query('AppName'), $c->query('Request'), $c->query('UserManager'), - $c->query('OC\Authentication\Token\DefaultTokenProvider'), + $c->query('ServerContainer')->query('OC\Authentication\Token\IProvider'), + $c->query('TwoFactorAuthManager'), $c->query('SecureRandom') ); }); diff --git a/core/Command/Encryption/DecryptAll.php b/core/Command/Encryption/DecryptAll.php index 8d7d26f3d23..83c6c1dc168 100644 --- a/core/Command/Encryption/DecryptAll.php +++ b/core/Command/Encryption/DecryptAll.php @@ -111,7 +111,8 @@ class DecryptAll extends Command { $this->addArgument( 'user', InputArgument::OPTIONAL, - 'user for which you want to decrypt all files (optional)' + 'user for which you want to decrypt all files (optional)', + '' ); } @@ -127,8 +128,15 @@ class DecryptAll extends Command { return; } + $uid = $input->getArgument('user'); + if ($uid === '') { + $message = 'your ownCloud'; + } else { + $message = "$uid's account"; + } + $output->writeln("\n"); - $output->writeln('You are about to start to decrypt all files stored in your ownCloud.'); + $output->writeln("You are about to start to decrypt all files stored in $message."); $output->writeln('It will depend on the encryption module and your setup if this is possible.'); $output->writeln('Depending on the number and size of your files this can take some time'); $output->writeln('Please make sure that no user access his files during this process!'); @@ -140,6 +148,7 @@ class DecryptAll extends Command { $result = $this->decryptAll->decryptAll($input, $output, $user); if ($result === false) { $output->writeln(' aborted.'); + $output->writeln('Server side encryption remains enabled'); $this->config->setAppValue('core', 'encryption_enabled', 'yes'); } $this->resetSingleUserAndTrashbin(); diff --git a/core/Controller/TokenController.php b/core/Controller/TokenController.php index 42cc29bad10..13b1db9044a 100644 --- a/core/Controller/TokenController.php +++ b/core/Controller/TokenController.php @@ -1,4 +1,5 @@ <?php + /** * @author Christoph Wurst <christoph@owncloud.com> * @@ -23,22 +24,27 @@ namespace OC\Core\Controller; use OC\AppFramework\Http; use OC\Authentication\Token\DefaultTokenProvider; +use OC\Authentication\Token\IProvider; use OC\Authentication\Token\IToken; -use OC\User\Manager; +use OC\Authentication\TwoFactorAuth\Manager as TwoFactorAuthManager; +use OC\User\Manager as UserManager; +use OCA\User_LDAP\User\Manager; use OCP\AppFramework\Controller; use OCP\AppFramework\Http\JSONResponse; -use OCP\AppFramework\Http\Response; use OCP\IRequest; use OCP\Security\ISecureRandom; class TokenController extends Controller { - /** @var Manager */ + /** @var UserManager */ private $userManager; - /** @var DefaultTokenProvider */ + /** @var IProvider */ private $tokenProvider; + /** @var TwoFactorAuthManager */ + private $twoFactorAuthManager; + /** @var ISecureRandom */ private $secureRandom; @@ -49,12 +55,12 @@ class TokenController extends Controller { * @param DefaultTokenProvider $tokenProvider * @param ISecureRandom $secureRandom */ - public function __construct($appName, IRequest $request, Manager $userManager, DefaultTokenProvider $tokenProvider, - ISecureRandom $secureRandom) { + public function __construct($appName, IRequest $request, UserManager $userManager, IProvider $tokenProvider, TwoFactorAuthManager $twoFactorAuthManager, ISecureRandom $secureRandom) { parent::__construct($appName, $request); $this->userManager = $userManager; $this->tokenProvider = $tokenProvider; $this->secureRandom = $secureRandom; + $this->twoFactorAuthManager = $twoFactorAuthManager; } /** @@ -70,18 +76,26 @@ class TokenController extends Controller { */ public function generateToken($user, $password, $name = 'unknown client') { if (is_null($user) || is_null($password)) { - $response = new Response(); + $response = new JSONResponse(); $response->setStatus(Http::STATUS_UNPROCESSABLE_ENTITY); return $response; } - $loginResult = $this->userManager->checkPassword($user, $password); - if ($loginResult === false) { - $response = new Response(); + $loginName = $user; + $user = $this->userManager->checkPassword($loginName, $password); + if ($user === false) { + $response = new JSONResponse(); $response->setStatus(Http::STATUS_UNAUTHORIZED); return $response; } + + if ($this->twoFactorAuthManager->isTwoFactorAuthenticated($user)) { + $resp = new JSONResponse(); + $resp->setStatus(Http::STATUS_UNAUTHORIZED); + return $resp; + } + $token = $this->secureRandom->generate(128); - $this->tokenProvider->generateToken($token, $loginResult->getUID(), $user, $password, $name, IToken::PERMANENT_TOKEN); + $this->tokenProvider->generateToken($token, $user->getUID(), $loginName, $password, $name, IToken::PERMANENT_TOKEN); return [ 'token' => $token, ]; diff --git a/core/Controller/TwoFactorChallengeController.php b/core/Controller/TwoFactorChallengeController.php index 499898de3bc..edaf3378cd8 100644 --- a/core/Controller/TwoFactorChallengeController.php +++ b/core/Controller/TwoFactorChallengeController.php @@ -62,6 +62,13 @@ class TwoFactorChallengeController extends Controller { } /** + * @return string + */ + protected function getLogoutAttribute() { + return \OC_User::getLogoutAttribute(); + } + + /** * @NoAdminRequired * @NoCSRFRequired * @@ -75,6 +82,7 @@ class TwoFactorChallengeController extends Controller { $data = [ 'providers' => $providers, 'redirect_url' => $redirect_url, + 'logout_attribute' => $this->getLogoutAttribute(), ]; return new TemplateResponse($this->appName, 'twofactorselectchallenge', $data, 'guest'); } @@ -106,6 +114,7 @@ class TwoFactorChallengeController extends Controller { $data = [ 'error' => $error, 'provider' => $provider, + 'logout_attribute' => $this->getLogoutAttribute(), 'template' => $tmpl->fetchPage(), ]; return new TemplateResponse($this->appName, 'twofactorshowchallenge', $data, 'guest'); diff --git a/core/Middleware/TwoFactorMiddleware.php b/core/Middleware/TwoFactorMiddleware.php index aa82897ad46..0bad8a2c40f 100644 --- a/core/Middleware/TwoFactorMiddleware.php +++ b/core/Middleware/TwoFactorMiddleware.php @@ -82,6 +82,11 @@ class TwoFactorMiddleware extends Middleware { return; } + if ($controller instanceof \OC\Core\Controller\LoginController && $methodName === 'logout') { + // Don't block the logout page, to allow canceling the 2FA + return; + } + if ($this->userSession->isLoggedIn()) { $user = $this->userSession->getUser(); diff --git a/core/css/styles.css b/core/css/styles.css index df9509baa19..475c4fa3fb3 100644 --- a/core/css/styles.css +++ b/core/css/styles.css @@ -38,6 +38,10 @@ body { display: inline-block; } +a.two-factor-cancel { + color: #fff; +} + .float-spinner { height: 32px; display: none; diff --git a/core/css/tooltip.css b/core/css/tooltip.css index 34d0ec6c70f..af25fd5533d 100644 --- a/core/css/tooltip.css +++ b/core/css/tooltip.css @@ -47,7 +47,7 @@ padding: 0 5px; } .tooltip-inner { - max-width: 200px; + max-width: 350px; padding: 3px 8px; color: #ffffff; text-align: center; diff --git a/core/js/setupchecks.js b/core/js/setupchecks.js index 4cc50e51ae6..f987c9f04e6 100644 --- a/core/js/setupchecks.js +++ b/core/js/setupchecks.js @@ -197,7 +197,7 @@ } var afterCall = function(xhr) { var messages = []; - if (xhr.status !== 403 && xhr.status !== 307 && xhr.status !== 301 && xhr.responseText === '') { + if (xhr.status !== 403 && xhr.status !== 307 && xhr.status !== 301 && xhr.responseText !== '') { messages.push({ msg: t('core', 'Your data directory and your files are probably accessible from the Internet. The .htaccess file is not working. We strongly suggest that you configure your web server in a way that the data directory is no longer accessible or you move the data directory outside the web server document root.'), type: OC.SetupChecks.MESSAGE_TYPE_ERROR @@ -208,7 +208,7 @@ $.ajax({ type: 'GET', - url: OC.linkTo('', oc_dataURL+'/.ocdata'), + url: OC.linkTo('', oc_dataURL+'/htaccesstest.txt?t=' + (new Date()).getTime()), complete: afterCall }); return deferred.promise(); diff --git a/core/js/tests/specs/setupchecksSpec.js b/core/js/tests/specs/setupchecksSpec.js index 4931ca990da..172e6e27135 100644 --- a/core/js/tests/specs/setupchecksSpec.js +++ b/core/js/tests/specs/setupchecksSpec.js @@ -103,7 +103,7 @@ describe('OC.SetupChecks tests', function() { it('should return an error if data directory is not protected', function(done) { var async = OC.SetupChecks.checkDataProtected(); - suite.server.requests[0].respond(200); + suite.server.requests[0].respond(200, {'Content-Type': 'text/plain'}, 'file contents'); async.done(function( data, s, x ){ expect(data).toEqual([ diff --git a/core/l10n/ja.js b/core/l10n/ja.js index 397a417eb9d..a45c8620c6e 100644 --- a/core/l10n/ja.js +++ b/core/l10n/ja.js @@ -295,6 +295,7 @@ OC.L10N.register( "This means only administrators can use the instance." : "これは、管理者のみがインスタンスを利用できることを意味しています。", "Contact your system administrator if this message persists or appeared unexpectedly." : "このメッセージが引き続きもしくは予期せず現れる場合は、システム管理者に問い合わせてください。", "Thank you for your patience." : "しばらくお待ちください。", + "Two-step verification" : "2段階認証", "You are accessing the server from an untrusted domain." : "信頼されていないドメインからサーバーにアクセスしています。", "Please contact your administrator. If you are an administrator of this instance, configure the \"trusted_domains\" setting in config/config.php. An example configuration is provided in config/config.sample.php." : "管理者に問い合わせてください。このサーバーの管理者の場合は、\"trusted_domain\" の設定を config/config.php に設定してください。config/config.sample.php にサンプルの設定方法が記載してあります。", "Depending on your configuration, as an administrator you might also be able to use the button below to trust this domain." : "環境により、下のボタンで信頼するドメインに追加する必要があるかもしれません。", diff --git a/core/l10n/ja.json b/core/l10n/ja.json index 11c88968ee2..b5e9ba9b9d0 100644 --- a/core/l10n/ja.json +++ b/core/l10n/ja.json @@ -293,6 +293,7 @@ "This means only administrators can use the instance." : "これは、管理者のみがインスタンスを利用できることを意味しています。", "Contact your system administrator if this message persists or appeared unexpectedly." : "このメッセージが引き続きもしくは予期せず現れる場合は、システム管理者に問い合わせてください。", "Thank you for your patience." : "しばらくお待ちください。", + "Two-step verification" : "2段階認証", "You are accessing the server from an untrusted domain." : "信頼されていないドメインからサーバーにアクセスしています。", "Please contact your administrator. If you are an administrator of this instance, configure the \"trusted_domains\" setting in config/config.php. An example configuration is provided in config/config.sample.php." : "管理者に問い合わせてください。このサーバーの管理者の場合は、\"trusted_domain\" の設定を config/config.php に設定してください。config/config.sample.php にサンプルの設定方法が記載してあります。", "Depending on your configuration, as an administrator you might also be able to use the button below to trust this domain." : "環境により、下のボタンで信頼するドメインに追加する必要があるかもしれません。", diff --git a/core/templates/twofactorselectchallenge.php b/core/templates/twofactorselectchallenge.php index 14d599aab3e..4209beac4e6 100644 --- a/core/templates/twofactorselectchallenge.php +++ b/core/templates/twofactorselectchallenge.php @@ -18,4 +18,5 @@ </li> <?php endforeach; ?> </ul> -</fieldset>
\ No newline at end of file +</fieldset> +<a class="two-factor-cancel" <?php print_unescaped($_['logout_attribute']); ?>><?php p($l->t('Cancel login')) ?></a> diff --git a/core/templates/twofactorshowchallenge.php b/core/templates/twofactorshowchallenge.php index 66f5ed312ec..c5ee9aca4b4 100644 --- a/core/templates/twofactorshowchallenge.php +++ b/core/templates/twofactorshowchallenge.php @@ -17,3 +17,4 @@ $template = $_['template']; <span class="warning"><?php p($l->t('An error occured while verifying the token')); ?></span> <?php endif; ?> <?php print_unescaped($template); ?> +<a class="two-factor-cancel" <?php print_unescaped($_['logout_attribute']); ?>><?php p($l->t('Cancel login')) ?></a> |