diff options
| m--------- | 3rdparty | 0 | ||||
| -rw-r--r-- | apps/files_external/controller/ajaxcontroller.php | 5 | ||||
| -rw-r--r-- | apps/files_external/lib/config.php | 7 | ||||
| -rw-r--r-- | apps/files_external/lib/sftp.php | 14 | ||||
| -rw-r--r-- | apps/files_external/lib/sftp_key.php | 17 | ||||
| -rw-r--r-- | apps/files_sharing/lib/propagation/recipientpropagator.php | 4 | ||||
| -rw-r--r-- | apps/files_sharing/tests/etagpropagation.php | 19 | ||||
| -rw-r--r-- | lib/private/app.php | 3 | ||||
| -rw-r--r-- | lib/private/appframework/http/request.php | 8 | ||||
| -rw-r--r-- | lib/private/connector/sabre/exceptionloggerplugin.php | 1 | ||||
| -rw-r--r-- | lib/private/defaults.php | 19 | ||||
| -rw-r--r-- | lib/private/files/storage/wrapper/encryption.php | 9 | ||||
| -rw-r--r-- | lib/private/security/crypto.php | 17 | ||||
| -rw-r--r-- | lib/private/template.php | 4 | ||||
| -rw-r--r-- | tests/lib/appframework/http/RequestTest.php | 95 | ||||
| -rw-r--r-- | tests/lib/files/storage/wrapper/encryption.php | 8 | ||||
| -rw-r--r-- | tests/lib/share/searchresultsorter.php | 7 | ||||
| -rw-r--r-- | themes/example/defaults.php | 6 |
18 files changed, 186 insertions, 57 deletions
diff --git a/3rdparty b/3rdparty -Subproject c45d817921543d2f0562ac4f3be61404b1d4a35 +Subproject b94f7d38f6e13825fd34c7113827d3c369a689a diff --git a/apps/files_external/controller/ajaxcontroller.php b/apps/files_external/controller/ajaxcontroller.php index 6225cd0b619..cb2de432286 100644 --- a/apps/files_external/controller/ajaxcontroller.php +++ b/apps/files_external/controller/ajaxcontroller.php @@ -25,6 +25,7 @@ namespace OCA\Files_External\Controller; use OCP\AppFramework\Controller; use OCP\IRequest; use OCP\AppFramework\Http\JSONResponse; +use phpseclib\Crypt\RSA; class AjaxController extends Controller { public function __construct($appName, IRequest $request) { @@ -32,8 +33,8 @@ class AjaxController extends Controller { } private function generateSshKeys() { - $rsa = new \Crypt_RSA(); - $rsa->setPublicKeyFormat(CRYPT_RSA_PUBLIC_FORMAT_OPENSSH); + $rsa = new RSA(); + $rsa->setPublicKeyFormat(RSA::PUBLIC_FORMAT_OPENSSH); $rsa->setPassword(\OC::$server->getConfig()->getSystemValue('secret', '')); $key = $rsa->createKey(); diff --git a/apps/files_external/lib/config.php b/apps/files_external/lib/config.php index 5dc6d06ae06..91e1aa7d509 100644 --- a/apps/files_external/lib/config.php +++ b/apps/files_external/lib/config.php @@ -31,6 +31,8 @@ * */ +use phpseclib\Crypt\AES; + /** * Class to configure mount.json globally and for users */ @@ -895,10 +897,7 @@ class OC_Mount_Config { * Returns the encryption cipher */ private static function getCipher() { - if (!class_exists('Crypt_AES', false)) { - include('Crypt/AES.php'); - } - $cipher = new Crypt_AES(CRYPT_AES_MODE_CBC); + $cipher = new AES(AES::MODE_CBC); $cipher->setKey(\OC::$server->getConfig()->getSystemValue('passwordsalt', null)); return $cipher; } diff --git a/apps/files_external/lib/sftp.php b/apps/files_external/lib/sftp.php index cbe090311a9..03620cfffe2 100644 --- a/apps/files_external/lib/sftp.php +++ b/apps/files_external/lib/sftp.php @@ -30,8 +30,10 @@ */ namespace OC\Files\Storage; +use phpseclib\Net\SFTP\Stream; + /** -* Uses phpseclib's Net_SFTP class and the Net_SFTP_Stream stream wrapper to +* Uses phpseclib's Net\SFTP class and the Net\SFTP\Stream stream wrapper to * provide access to SFTP servers. */ class SFTP extends \OC\Files\Storage\Common { @@ -42,7 +44,7 @@ class SFTP extends \OC\Files\Storage\Common { private $port = 22; /** - * @var \Net_SFTP + * @var SFTP */ protected $client; @@ -51,10 +53,10 @@ class SFTP extends \OC\Files\Storage\Common { */ public function __construct($params) { // Register sftp:// - \Net_SFTP_Stream::register(); + Stream::register(); $this->host = $params['host']; - + //deals with sftp://server example $proto = strpos($this->host, '://'); if ($proto != false) { @@ -87,7 +89,7 @@ class SFTP extends \OC\Files\Storage\Common { /** * Returns the connection. * - * @return \Net_SFTP connected client instance + * @return \phpseclib\Net\SFTP connected client instance * @throws \Exception when the connection failed */ public function getConnection() { @@ -96,7 +98,7 @@ class SFTP extends \OC\Files\Storage\Common { } $hostKeys = $this->readHostKeys(); - $this->client = new \Net_SFTP($this->host, $this->port); + $this->client = new \phpseclib\Net\SFTP($this->host, $this->port); // The SSH Host Key MUST be verified before login(). $currentHostKey = $this->client->getServerPublicHostKey(); diff --git a/apps/files_external/lib/sftp_key.php b/apps/files_external/lib/sftp_key.php index 1bcea6bc96d..a193b323678 100644 --- a/apps/files_external/lib/sftp_key.php +++ b/apps/files_external/lib/sftp_key.php @@ -22,14 +22,15 @@ */ namespace OC\Files\Storage; -/** -* Uses phpseclib's Net_SFTP class and the Net_SFTP_Stream stream wrapper to -* provide access to SFTP servers. -*/ +use phpseclib\Crypt\RSA; + class SFTP_Key extends \OC\Files\Storage\SFTP { private $publicKey; private $privateKey; + /** + * {@inheritdoc} + */ public function __construct($params) { parent::__construct($params); $this->publicKey = $params['public_key']; @@ -39,7 +40,7 @@ class SFTP_Key extends \OC\Files\Storage\SFTP { /** * Returns the connection. * - * @return \Net_SFTP connected client instance + * @return \phpseclib\Net\SFTP connected client instance * @throws \Exception when the connection failed */ public function getConnection() { @@ -48,7 +49,7 @@ class SFTP_Key extends \OC\Files\Storage\SFTP { } $hostKeys = $this->readHostKeys(); - $this->client = new \Net_SFTP($this->getHost()); + $this->client = new \phpseclib\Net\SFTP($this->getHost()); // The SSH Host Key MUST be verified before login(). $currentHostKey = $this->client->getServerPublicHostKey(); @@ -74,10 +75,10 @@ class SFTP_Key extends \OC\Files\Storage\SFTP { /** * Returns the private key to be used for authentication to the remote server. * - * @return \Crypt_RSA instance or null in case of a failure to load the key. + * @return RSA instance or null in case of a failure to load the key. */ private function getPrivateKey() { - $key = new \Crypt_RSA(); + $key = new RSA(); $key->setPassword(\OC::$server->getConfig()->getSystemValue('secret', '')); if (!$key->loadKey($this->privateKey)) { // Should this exception rather than return null? diff --git a/apps/files_sharing/lib/propagation/recipientpropagator.php b/apps/files_sharing/lib/propagation/recipientpropagator.php index 97ea452aa6c..11764106861 100644 --- a/apps/files_sharing/lib/propagation/recipientpropagator.php +++ b/apps/files_sharing/lib/propagation/recipientpropagator.php @@ -133,8 +133,8 @@ class RecipientPropagator { $this->markDirty($share, microtime(true)); // propagate up the share tree - $user = $share['uid_owner']; - if($user !== $this->userId) { + if ($share['share_with'] === $this->userId) { + $user = $share['uid_owner']; $view = new View('/' . $user . '/files'); $path = $view->getPath($share['file_source']); $watcher = new ChangeWatcher($view, $this->manager->getSharePropagator($user)); diff --git a/apps/files_sharing/tests/etagpropagation.php b/apps/files_sharing/tests/etagpropagation.php index d978daf200c..8da4e6f29bd 100644 --- a/apps/files_sharing/tests/etagpropagation.php +++ b/apps/files_sharing/tests/etagpropagation.php @@ -266,15 +266,15 @@ class EtagPropagation extends TestCase { \OCP\Share::unshare( 'folder', $folderId, - \OCP\Share::SHARE_TYPE_USER, + \OCP\Share::SHARE_TYPE_USER, self::TEST_FILES_SHARING_API_USER2 ) ); $this->assertEtagsForFoldersChanged([ // direct recipient affected - self::TEST_FILES_SHARING_API_USER2, + self::TEST_FILES_SHARING_API_USER2, // reshare recipient affected - self::TEST_FILES_SHARING_API_USER4, + self::TEST_FILES_SHARING_API_USER4, ]); $this->assertAllUnchaged(); @@ -287,9 +287,9 @@ class EtagPropagation extends TestCase { ); $this->assertEtagsForFoldersChanged([ // direct recipient affected - self::TEST_FILES_SHARING_API_USER2, + self::TEST_FILES_SHARING_API_USER2, // reshare recipient affected - self::TEST_FILES_SHARING_API_USER4, + self::TEST_FILES_SHARING_API_USER4, ]); $this->assertAllUnchaged(); @@ -398,4 +398,13 @@ class EtagPropagation extends TestCase { $this->assertAllUnchaged(); } + + public function testRecipientUploadInDirectReshare() { + $this->loginAsUser(self::TEST_FILES_SHARING_API_USER2); + Filesystem::file_put_contents('/directReshare/test.txt', 'sad'); + $this->assertEtagsNotChanged([self::TEST_FILES_SHARING_API_USER3]); + $this->assertEtagsChanged([self::TEST_FILES_SHARING_API_USER1, self::TEST_FILES_SHARING_API_USER2, self::TEST_FILES_SHARING_API_USER4]); + + $this->assertAllUnchaged(); + } } diff --git a/lib/private/app.php b/lib/private/app.php index 6c6f79dfa9d..74b21b2b107 100644 --- a/lib/private/app.php +++ b/lib/private/app.php @@ -421,6 +421,7 @@ class OC_App { */ public static function getSettingsNavigation() { $l = \OC::$server->getL10N('lib'); + $defaults = new OC_Defaults(); $settings = array(); // by default, settings only contain the help menu @@ -431,7 +432,7 @@ class OC_App { array( "id" => "help", "order" => 1000, - "href" => OC_Helper::linkToRoute("settings_help"), + "href" => $defaults->getKnowledgeBaseUrl(), "name" => $l->t("Help"), "icon" => OC_Helper::imagePath("settings", "help.svg") ) diff --git a/lib/private/appframework/http/request.php b/lib/private/appframework/http/request.php index baf2f0c4745..43f01dfde3f 100644 --- a/lib/private/appframework/http/request.php +++ b/lib/private/appframework/http/request.php @@ -416,12 +416,10 @@ class Request implements \ArrayAccess, \Countable, IRequest { } // Check if the token is valid - if($token !== $this->items['requesttoken']) { - // Not valid - return false; - } else { - // Valid token + if(\OCP\Security\StringUtils::equals($token, $this->items['requesttoken'])) { return true; + } else { + return false; } } diff --git a/lib/private/connector/sabre/exceptionloggerplugin.php b/lib/private/connector/sabre/exceptionloggerplugin.php index 0b89ae4aef6..741ba4d3e05 100644 --- a/lib/private/connector/sabre/exceptionloggerplugin.php +++ b/lib/private/connector/sabre/exceptionloggerplugin.php @@ -95,6 +95,7 @@ class ExceptionLoggerPlugin extends \Sabre\DAV\ServerPlugin { $exception = [ 'Message' => $message, + 'Exception' => $exceptionClass, 'Code' => $ex->getCode(), 'Trace' => $ex->getTraceAsString(), 'File' => $ex->getFile(), diff --git a/lib/private/defaults.php b/lib/private/defaults.php index 16f45943f54..b86805357bd 100644 --- a/lib/private/defaults.php +++ b/lib/private/defaults.php @@ -46,9 +46,11 @@ class OC_Defaults { private $defaultSlogan; private $defaultLogoClaim; private $defaultMailHeaderColor; + private $defaultKnowledgeBaseUrl; function __construct() { $this->l = \OC::$server->getL10N('lib'); + $urlGenerator = \OC::$server->getURLGenerator(); $version = OC_Util::getVersion(); $this->defaultEntity = 'ownCloud'; /* e.g. company name, used for footers and copyright notices */ @@ -64,6 +66,7 @@ class OC_Defaults { $this->defaultSlogan = $this->l->t('web services under your control'); $this->defaultLogoClaim = ''; $this->defaultMailHeaderColor = '#1d2d44'; /* header color of mail notifications */ + $this->defaultKnowledgeBaseUrl = $urlGenerator->linkToRoute('settings_help'); $themePath = OC::$SERVERROOT . '/themes/' . OC_Util::getTheme() . '/defaults.php'; if (file_exists($themePath)) { @@ -79,6 +82,7 @@ class OC_Defaults { /** * @param string $method + * @return bool */ private function themeExist($method) { if (isset($this->theme) && method_exists($this->theme, $method)) { @@ -280,4 +284,19 @@ class OC_Defaults { } } + /** + * get knowledge base URL, will be used for the "Help"-Link in the top + * right menu + * + * @return string + */ + public function getKnowledgeBaseUrl() { + if ($this->themeExist('getKnowledgeBaseUrl')) { + return $this->theme->getKnowledgeBaseUrl(); + } else { + return $this->defaultKnowledgeBaseUrl; + } + + } + } diff --git a/lib/private/files/storage/wrapper/encryption.php b/lib/private/files/storage/wrapper/encryption.php index 51aa13065c1..4ba9b21ddb4 100644 --- a/lib/private/files/storage/wrapper/encryption.php +++ b/lib/private/files/storage/wrapper/encryption.php @@ -127,12 +127,11 @@ class Encryption extends Wrapper { $info = $this->getCache()->get($path); if (isset($this->unencryptedSize[$fullPath])) { $size = $this->unencryptedSize[$fullPath]; + // update file cache + $info['encrypted'] = true; + $info['size'] = $size; + $this->getCache()->put($path, $info); - if (isset($info['fileid'])) { - $info['encrypted'] = true; - $info['size'] = $size; - $this->getCache()->put($path, $info); - } return $size; } diff --git a/lib/private/security/crypto.php b/lib/private/security/crypto.php index bca0f08090d..9bae1d6992c 100644 --- a/lib/private/security/crypto.php +++ b/lib/private/security/crypto.php @@ -23,11 +23,10 @@ namespace OC\Security; -use Crypt_AES; -use Crypt_Hash; +use phpseclib\Crypt\AES; +use phpseclib\Crypt\Hash; use OCP\Security\ICrypto; use OCP\Security\ISecureRandom; -use OCP\Security\StringUtils; use OCP\IConfig; /** @@ -41,7 +40,7 @@ use OCP\IConfig; * @package OC\Security */ class Crypto implements ICrypto { - /** @var Crypt_AES $cipher */ + /** @var AES $cipher */ private $cipher; /** @var int */ private $ivLength = 16; @@ -50,8 +49,12 @@ class Crypto implements ICrypto { /** @var ISecureRandom */ private $random; + /** + * @param IConfig $config + * @param ISecureRandom $random + */ function __construct(IConfig $config, ISecureRandom $random) { - $this->cipher = new Crypt_AES(); + $this->cipher = new AES(); $this->config = $config; $this->random = $random; } @@ -69,7 +72,7 @@ class Crypto implements ICrypto { // Append an "a" behind the password and hash it to prevent reusing the same password as for encryption $password = hash('sha512', $password . 'a'); - $hash = new Crypt_Hash('sha512'); + $hash = new Hash('sha512'); $hash->setKey($password); return $hash->hash($message); } @@ -119,7 +122,7 @@ class Crypto implements ICrypto { $this->cipher->setIV($iv); - if(!StringUtils::equals($this->calculateHMAC($parts[0].$parts[1], $password), $hmac)) { + if(!\OCP\Security\StringUtils::equals($this->calculateHMAC($parts[0].$parts[1], $password), $hmac)) { throw new \Exception('HMAC does not match.'); } diff --git a/lib/private/template.php b/lib/private/template.php index ca689729f80..e7acc778de3 100644 --- a/lib/private/template.php +++ b/lib/private/template.php @@ -222,9 +222,9 @@ class OC_Template extends \OC\Template\Base { /** * print error page using Exception details - * @param Exception $exception + * @param Exception|Error $exception */ - public static function printExceptionErrorPage(Exception $exception) { + public static function printExceptionErrorPage($exception) { $request = \OC::$server->getRequest(); $content = new \OC_Template('', 'exception', 'error', false); $content->assign('errorClass', get_class($exception)); diff --git a/tests/lib/appframework/http/RequestTest.php b/tests/lib/appframework/http/RequestTest.php index 6e86f3d7041..10a9e486c97 100644 --- a/tests/lib/appframework/http/RequestTest.php +++ b/tests/lib/appframework/http/RequestTest.php @@ -1156,4 +1156,99 @@ class RequestTest extends \Test\TestCase { $this->assertSame($expectedUri, $request->getRequestUri()); } + public function testPassesCSRFCheckWithGet() { + /** @var Request $request */ + $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') + ->setMethods(['getScriptName']) + ->setConstructorArgs([ + [ + 'get' => [ + 'requesttoken' => 'MyStoredRequestToken', + ], + 'requesttoken' => 'MyStoredRequestToken', + ], + $this->secureRandom, + $this->config, + $this->stream + ]) + ->getMock(); + + $this->assertTrue($request->passesCSRFCheck()); + } + + public function testPassesCSRFCheckWithPost() { + /** @var Request $request */ + $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') + ->setMethods(['getScriptName']) + ->setConstructorArgs([ + [ + 'post' => [ + 'requesttoken' => 'MyStoredRequestToken', + ], + 'requesttoken' => 'MyStoredRequestToken', + ], + $this->secureRandom, + $this->config, + $this->stream + ]) + ->getMock(); + + $this->assertTrue($request->passesCSRFCheck()); + } + + public function testPassesCSRFCheckWithHeader() { + /** @var Request $request */ + $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') + ->setMethods(['getScriptName']) + ->setConstructorArgs([ + [ + 'server' => [ + 'HTTP_REQUESTTOKEN' => 'MyStoredRequestToken', + ], + 'requesttoken' => 'MyStoredRequestToken', + ], + $this->secureRandom, + $this->config, + $this->stream + ]) + ->getMock(); + + $this->assertTrue($request->passesCSRFCheck()); + } + + public function testPassesCSRFCheckWithInvalidToken() { + /** @var Request $request */ + $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') + ->setMethods(['getScriptName']) + ->setConstructorArgs([ + [ + 'server' => [ + 'HTTP_REQUESTTOKEN' => 'MyInvalidSentToken', + ], + 'requesttoken' => 'MyStoredRequestToken', + ], + $this->secureRandom, + $this->config, + $this->stream + ]) + ->getMock(); + + $this->assertFalse($request->passesCSRFCheck()); + } + + public function testPassesCSRFCheckWithoutTokenFail() { + /** @var Request $request */ + $request = $this->getMockBuilder('\OC\AppFramework\Http\Request') + ->setMethods(['getScriptName']) + ->setConstructorArgs([ + [], + $this->secureRandom, + $this->config, + $this->stream + ]) + ->getMock(); + + $this->assertFalse($request->passesCSRFCheck()); + } + } diff --git a/tests/lib/files/storage/wrapper/encryption.php b/tests/lib/files/storage/wrapper/encryption.php index 612cf827975..c49e6bb0d1f 100644 --- a/tests/lib/files/storage/wrapper/encryption.php +++ b/tests/lib/files/storage/wrapper/encryption.php @@ -261,10 +261,12 @@ class Encryption extends \Test\Files\Storage\Storage { ->expects($this->once()) ->method('copyKeys') ->willReturn($copyKeysReturn); - $this->cache->expects($this->once()) + $this->cache->expects($this->atLeastOnce()) ->method('put') - ->with($this->anything(), ['encrypted' => true]) - ->willReturn(true); + ->willReturnCallback(function($path, $data) { + $this->assertArrayHasKey('encrypted', $data); + $this->assertTrue($data['encrypted']); + }); } else { $this->cache->expects($this->never())->method('put'); $this->keyStore->expects($this->never())->method('copyKeys'); diff --git a/tests/lib/share/searchresultsorter.php b/tests/lib/share/searchresultsorter.php index 97ef0f9478a..d91110f7a9a 100644 --- a/tests/lib/share/searchresultsorter.php +++ b/tests/lib/share/searchresultsorter.php @@ -37,11 +37,4 @@ class Test_Share_Search extends \Test\TestCase { $this->assertTrue($result[2]['foobar'] === 'Bicyclerepairwoman'); $this->assertTrue($result[3]['foobar'] === 'woot'); } - - /** - * @expectedException PHPUnit_Framework_Error - */ - public function testSortWrongLog() { - $sorter = new \OC\Share\SearchResultSorter('foo', 'bar', 'UTF-8', 'foobar'); - } } diff --git a/themes/example/defaults.php b/themes/example/defaults.php index 0dd0d46bd9c..21d80416e12 100644 --- a/themes/example/defaults.php +++ b/themes/example/defaults.php @@ -28,6 +28,7 @@ class OC_Theme { private $themeSyncClientUrl; private $themeSlogan; private $themeMailHeaderColor; + private $themeKnowledgeBaseUrl; /* put your custom text in these variables */ function __construct() { @@ -39,6 +40,7 @@ class OC_Theme { $this->themeSyncClientUrl = 'https://owncloud.org/install'; $this->themeSlogan = 'Your custom cloud, personalized for you!'; $this->themeMailHeaderColor = '#745bca'; + $this->themeKnowledgeBaseUrl = 'https://doc.owncloud.org'; } /* nothing after this needs to be adjusted */ @@ -92,4 +94,8 @@ class OC_Theme { return $this->themeMailHeaderColor; } + public function getKnowledgeBaseUrl() { + return $this->themeKnowledgeBaseUrl; + } + } |