diff options
73 files changed, 845 insertions, 214 deletions
diff --git a/apps/encryption/appinfo/register_command.php b/apps/encryption/appinfo/register_command.php index 4fdf7ecec38..0f03b63560a 100644 --- a/apps/encryption/appinfo/register_command.php +++ b/apps/encryption/appinfo/register_command.php @@ -21,10 +21,17 @@ */ use OCA\Encryption\Command\MigrateKeys; +use Symfony\Component\Console\Helper\QuestionHelper; $userManager = OC::$server->getUserManager(); $view = new \OC\Files\View(); $config = \OC::$server->getConfig(); +$userSession = \OC::$server->getUserSession(); $connection = \OC::$server->getDatabaseConnection(); $logger = \OC::$server->getLogger(); +$questionHelper = new QuestionHelper(); +$crypt = new \OCA\Encryption\Crypto\Crypt($logger, $userSession, $config); +$util = new \OCA\Encryption\Util($view, $crypt, $logger, $userSession, $config, $userManager); + $application->add(new MigrateKeys($userManager, $view, $connection, $config, $logger)); +$application->add(new \OCA\Encryption\Command\EnableMasterKey($util, $config, $questionHelper)); diff --git a/apps/encryption/command/enablemasterkey.php b/apps/encryption/command/enablemasterkey.php new file mode 100644 index 00000000000..f49579a3b81 --- /dev/null +++ b/apps/encryption/command/enablemasterkey.php @@ -0,0 +1,86 @@ +<?php +/** + * @author Björn Schießle <schiessle@owncloud.com> + * + * @copyright Copyright (c) 2015, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + + +namespace OCA\Encryption\Command; + + +use OCA\Encryption\Util; +use OCP\IConfig; +use Symfony\Component\Console\Command\Command; +use Symfony\Component\Console\Helper\QuestionHelper; +use Symfony\Component\Console\Input\InputInterface; +use Symfony\Component\Console\Output\OutputInterface; +use Symfony\Component\Console\Question\ConfirmationQuestion; + +class EnableMasterKey extends Command { + + /** @var Util */ + protected $util; + + /** @var IConfig */ + protected $config; + + /** @var QuestionHelper */ + protected $questionHelper; + + /** + * @param Util $util + * @param IConfig $config + * @param QuestionHelper $questionHelper + */ + public function __construct(Util $util, + IConfig $config, + QuestionHelper $questionHelper) { + + $this->util = $util; + $this->config = $config; + $this->questionHelper = $questionHelper; + parent::__construct(); + } + + protected function configure() { + $this + ->setName('encryption:enable-master-key') + ->setDescription('Enable the master key. Only available for fresh installations with no existing encrypted data! There is also no way to disable it again.'); + } + + protected function execute(InputInterface $input, OutputInterface $output) { + + $isAlreadyEnabled = $this->util->isMasterKeyEnabled(); + + if($isAlreadyEnabled) { + $output->writeln('Master key already enabled'); + } else { + $question = new ConfirmationQuestion( + 'Warning: Only available for fresh installations with no existing encrypted data! ' + . 'There is also no way to disable it again. Do you want to continue? (y/n) ', false); + if ($this->questionHelper->ask($input, $output, $question)) { + $this->config->setAppValue('encryption', 'useMasterKey', '1'); + $output->writeln('Master key successfully enabled.'); + } else { + $output->writeln('aborted.'); + } + } + + } + +} diff --git a/apps/encryption/l10n/fr.js b/apps/encryption/l10n/fr.js index d8da3875ce9..0de35f8ec1c 100644 --- a/apps/encryption/l10n/fr.js +++ b/apps/encryption/l10n/fr.js @@ -28,8 +28,10 @@ OC.L10N.register( "one-time password for server-side-encryption" : "Mot de passe à usage unique pour le chiffrement côté serveur", "Can not decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you." : "Impossible de déchiffrer ce fichier : il s'agit probablement d'un fichier partagé. Veuillez demander au propriétaire du fichier de le partager à nouveau avec vous.", "Can not read this file, probably this is a shared file. Please ask the file owner to reshare the file with you." : "Impossible de lire ce fichier, il s'agit probablement d'un fichier partagé. Veuillez demander au propriétaire du fichier de le repartager avec vous. ", + "Hey there,\n\nthe admin enabled server-side-encryption. Your files were encrypted using the password '%s'.\n\nPlease login to the web interface, go to the section 'ownCloud basic encryption module' of your personal settings and update your encryption password by entering this password into the 'old log-in password' field and your current login-password.\n\n" : "Bonjour,\n\nL'administrateur a activé le chiffrement côté serveur. Vos fichiers ont été chiffrés avec le mot de passe '%s'.\n\nVeuillez vous connecté dans l'interface web, allez dans la section \"Module de chiffrement de base d'ownCloud\" de vos paramètres personnels. De là mettez à jour votre mot de passe de chiffrement en entrant ce mot de passe dans le champ \"Ancien mot de passe de connexion\" et votre mot de passe de connexion actuel.\n", "The share will expire on %s." : "Le partage expirera le %s.", "Cheers!" : "À bientôt !", + "Hey there,<br><br>the admin enabled server-side-encryption. Your files were encrypted using the password <strong>%s</strong>.<br><br>Please login to the web interface, go to the section \"ownCloud basic encryption module\" of your personal settings and update your encryption password by entering this password into the \"old log-in password\" field and your current login-password.<br><br>" : "Bonjour,<br><br>L'administrateur a activé le chiffrement côté serveur. Vos fichiers ont été chiffrés avec le mot de passe <strong>%s</strong>. <br><br>Veuillez vous connecté dans l'interface web, allez dans la section \"Module de chiffrement de base d'ownCloud\" de vos paramètres personnels. De là mettez à jour votre mot de passe de chiffrement en entrant ce mot de passe dans le champ \"Ancien mot de passe de connexion\" et votre mot de passe de connexion actuel. <br><br>", "Enable recovery key" : "Activer la clé de récupération", "Disable recovery key" : "Désactiver la clé de récupération", "The recovery key is an extra encryption key that is used to encrypt files. It allows recovery of a user's files if the user forgets his or her password." : "La clé de récupération est une clé supplémentaire utilisée pour chiffrer les fichiers. Elle permet de récupérer les fichiers des utilisateurs s'ils oublient leur mot de passe.", diff --git a/apps/encryption/l10n/fr.json b/apps/encryption/l10n/fr.json index 9d89ef275cb..3fa598a72ce 100644 --- a/apps/encryption/l10n/fr.json +++ b/apps/encryption/l10n/fr.json @@ -26,8 +26,10 @@ "one-time password for server-side-encryption" : "Mot de passe à usage unique pour le chiffrement côté serveur", "Can not decrypt this file, probably this is a shared file. Please ask the file owner to reshare the file with you." : "Impossible de déchiffrer ce fichier : il s'agit probablement d'un fichier partagé. Veuillez demander au propriétaire du fichier de le partager à nouveau avec vous.", "Can not read this file, probably this is a shared file. Please ask the file owner to reshare the file with you." : "Impossible de lire ce fichier, il s'agit probablement d'un fichier partagé. Veuillez demander au propriétaire du fichier de le repartager avec vous. ", + "Hey there,\n\nthe admin enabled server-side-encryption. Your files were encrypted using the password '%s'.\n\nPlease login to the web interface, go to the section 'ownCloud basic encryption module' of your personal settings and update your encryption password by entering this password into the 'old log-in password' field and your current login-password.\n\n" : "Bonjour,\n\nL'administrateur a activé le chiffrement côté serveur. Vos fichiers ont été chiffrés avec le mot de passe '%s'.\n\nVeuillez vous connecté dans l'interface web, allez dans la section \"Module de chiffrement de base d'ownCloud\" de vos paramètres personnels. De là mettez à jour votre mot de passe de chiffrement en entrant ce mot de passe dans le champ \"Ancien mot de passe de connexion\" et votre mot de passe de connexion actuel.\n", "The share will expire on %s." : "Le partage expirera le %s.", "Cheers!" : "À bientôt !", + "Hey there,<br><br>the admin enabled server-side-encryption. Your files were encrypted using the password <strong>%s</strong>.<br><br>Please login to the web interface, go to the section \"ownCloud basic encryption module\" of your personal settings and update your encryption password by entering this password into the \"old log-in password\" field and your current login-password.<br><br>" : "Bonjour,<br><br>L'administrateur a activé le chiffrement côté serveur. Vos fichiers ont été chiffrés avec le mot de passe <strong>%s</strong>. <br><br>Veuillez vous connecté dans l'interface web, allez dans la section \"Module de chiffrement de base d'ownCloud\" de vos paramètres personnels. De là mettez à jour votre mot de passe de chiffrement en entrant ce mot de passe dans le champ \"Ancien mot de passe de connexion\" et votre mot de passe de connexion actuel. <br><br>", "Enable recovery key" : "Activer la clé de récupération", "Disable recovery key" : "Désactiver la clé de récupération", "The recovery key is an extra encryption key that is used to encrypt files. It allows recovery of a user's files if the user forgets his or her password." : "La clé de récupération est une clé supplémentaire utilisée pour chiffrer les fichiers. Elle permet de récupérer les fichiers des utilisateurs s'ils oublient leur mot de passe.", diff --git a/apps/encryption/lib/crypto/encryption.php b/apps/encryption/lib/crypto/encryption.php index 1bd6af2eca7..d2925e1b6be 100644 --- a/apps/encryption/lib/crypto/encryption.php +++ b/apps/encryption/lib/crypto/encryption.php @@ -84,6 +84,9 @@ class Encryption implements IEncryptionModule { /** @var EncryptAll */ private $encryptAll; + /** @var bool */ + private $useMasterPassword; + /** * * @param Crypt $crypt @@ -105,6 +108,7 @@ class Encryption implements IEncryptionModule { $this->encryptAll = $encryptAll; $this->logger = $logger; $this->l = $il10n; + $this->useMasterPassword = $util->isMasterKeyEnabled(); } /** @@ -193,23 +197,26 @@ class Encryption implements IEncryptionModule { $this->writeCache = ''; } $publicKeys = array(); - foreach ($this->accessList['users'] as $uid) { - try { - $publicKeys[$uid] = $this->keyManager->getPublicKey($uid); - } catch (PublicKeyMissingException $e) { - $this->logger->warning( - 'no public key found for user "{uid}", user will not be able to read the file', - ['app' => 'encryption', 'uid' => $uid] - ); - // if the public key of the owner is missing we should fail - if ($uid === $this->user) { - throw $e; + if ($this->useMasterPassword === true) { + $publicKeys[$this->keyManager->getMasterKeyId()] = $this->keyManager->getPublicMasterKey(); + } else { + foreach ($this->accessList['users'] as $uid) { + try { + $publicKeys[$uid] = $this->keyManager->getPublicKey($uid); + } catch (PublicKeyMissingException $e) { + $this->logger->warning( + 'no public key found for user "{uid}", user will not be able to read the file', + ['app' => 'encryption', 'uid' => $uid] + ); + // if the public key of the owner is missing we should fail + if ($uid === $this->user) { + throw $e; + } } } } $publicKeys = $this->keyManager->addSystemKeys($this->accessList, $publicKeys, $this->user); - $encryptedKeyfiles = $this->crypt->multiKeyEncrypt($this->fileKey, $publicKeys); $this->keyManager->setAllFileKeys($this->path, $encryptedKeyfiles); } @@ -318,8 +325,12 @@ class Encryption implements IEncryptionModule { if (!empty($fileKey)) { $publicKeys = array(); - foreach ($accessList['users'] as $user) { - $publicKeys[$user] = $this->keyManager->getPublicKey($user); + if ($this->useMasterPassword === true) { + $publicKeys[$this->keyManager->getMasterKeyId()] = $this->keyManager->getPublicMasterKey(); + } else { + foreach ($accessList['users'] as $user) { + $publicKeys[$user] = $this->keyManager->getPublicKey($user); + } } $publicKeys = $this->keyManager->addSystemKeys($accessList, $publicKeys, $uid); diff --git a/apps/encryption/lib/keymanager.php b/apps/encryption/lib/keymanager.php index 6c793e5964f..c4507228878 100644 --- a/apps/encryption/lib/keymanager.php +++ b/apps/encryption/lib/keymanager.php @@ -55,6 +55,10 @@ class KeyManager { */ private $publicShareKeyId; /** + * @var string + */ + private $masterKeyId; + /** * @var string UserID */ private $keyId; @@ -131,10 +135,20 @@ class KeyManager { $this->config->setAppValue('encryption', 'publicShareKeyId', $this->publicShareKeyId); } + $this->masterKeyId = $this->config->getAppValue('encryption', + 'masterKeyId'); + if (empty($this->masterKeyId)) { + $this->masterKeyId = 'master_' . substr(md5(time()), 0, 8); + $this->config->setAppValue('encryption', 'masterKeyId', $this->masterKeyId); + } + $this->keyId = $userSession && $userSession->isLoggedIn() ? $userSession->getUser()->getUID() : false; $this->log = $log; } + /** + * check if key pair for public link shares exists, if not we create one + */ public function validateShareKey() { $shareKey = $this->getPublicShareKey(); if (empty($shareKey)) { @@ -153,6 +167,26 @@ class KeyManager { } /** + * check if a key pair for the master key exists, if not we create one + */ + public function validateMasterKey() { + $masterKey = $this->getPublicMasterKey(); + if (empty($masterKey)) { + $keyPair = $this->crypt->createKeyPair(); + + // Save public key + $this->keyStorage->setSystemUserKey( + $this->masterKeyId . '.publicKey', $keyPair['publicKey'], + Encryption::ID); + + // Encrypt private key with system password + $encryptedKey = $this->crypt->encryptPrivateKey($keyPair['privateKey'], $this->getMasterKeyPassword(), $this->masterKeyId); + $header = $this->crypt->generateHeader(); + $this->setSystemPrivateKey($this->masterKeyId, $header . $encryptedKey); + } + } + + /** * @return bool */ public function recoveryKeyExists() { @@ -304,8 +338,15 @@ class KeyManager { $this->session->setStatus(Session::INIT_EXECUTED); + try { - $privateKey = $this->getPrivateKey($uid); + if($this->util->isMasterKeyEnabled()) { + $uid = $this->getMasterKeyId(); + $passPhrase = $this->getMasterKeyPassword(); + $privateKey = $this->getSystemPrivateKey($uid); + } else { + $privateKey = $this->getPrivateKey($uid); + } $privateKey = $this->crypt->decryptPrivateKey($privateKey, $passPhrase, $uid); } catch (PrivateKeyMissingException $e) { return false; @@ -345,6 +386,10 @@ class KeyManager { public function getFileKey($path, $uid) { $encryptedFileKey = $this->keyStorage->getFileKey($path, $this->fileKeyId, Encryption::ID); + if ($this->util->isMasterKeyEnabled()) { + $uid = $this->getMasterKeyId(); + } + if (is_null($uid)) { $uid = $this->getPublicShareKeyId(); $shareKey = $this->getShareKey($path, $uid); @@ -566,4 +611,37 @@ class KeyManager { return $publicKeys; } + + /** + * get master key password + * + * @return string + * @throws \Exception + */ + protected function getMasterKeyPassword() { + $password = $this->config->getSystemValue('secret'); + if (empty($password)){ + throw new \Exception('Can not get secret from ownCloud instance'); + } + + return $password; + } + + /** + * return master key id + * + * @return string + */ + public function getMasterKeyId() { + return $this->masterKeyId; + } + + /** + * get public master key + * + * @return string + */ + public function getPublicMasterKey() { + return $this->keyStorage->getSystemUserKey($this->masterKeyId . '.publicKey', Encryption::ID); + } } diff --git a/apps/encryption/lib/users/setup.php b/apps/encryption/lib/users/setup.php index 433ea824c9b..d4f7c374547 100644 --- a/apps/encryption/lib/users/setup.php +++ b/apps/encryption/lib/users/setup.php @@ -84,6 +84,7 @@ class Setup { */ public function setupServerSide($uid, $password) { $this->keyManager->validateShareKey(); + $this->keyManager->validateMasterKey(); // Check if user already has keys if (!$this->keyManager->userHasKeys($uid)) { return $this->keyManager->storeKeyPair($uid, $password, diff --git a/apps/encryption/lib/util.php b/apps/encryption/lib/util.php index fbedc5d6077..e9f916eff38 100644 --- a/apps/encryption/lib/util.php +++ b/apps/encryption/lib/util.php @@ -102,6 +102,16 @@ class Util { } /** + * check if master key is enabled + * + * @return bool + */ + public function isMasterKeyEnabled() { + $userMasterKey = $this->config->getAppValue('encryption', 'useMasterKey', '0'); + return ($userMasterKey === '1'); + } + + /** * @param $enabled * @return bool */ diff --git a/apps/encryption/tests/command/testenablemasterkey.php b/apps/encryption/tests/command/testenablemasterkey.php new file mode 100644 index 00000000000..c905329269e --- /dev/null +++ b/apps/encryption/tests/command/testenablemasterkey.php @@ -0,0 +1,103 @@ +<?php +/** + * @author Björn Schießle <schiessle@owncloud.com> + * + * @copyright Copyright (c) 2015, ownCloud, Inc. + * @license AGPL-3.0 + * + * This code is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License, version 3, + * as published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License, version 3, + * along with this program. If not, see <http://www.gnu.org/licenses/> + * + */ + + +namespace OCA\Encryption\Tests\Command; + + +use OCA\Encryption\Command\EnableMasterKey; +use Test\TestCase; + +class TestEnableMasterKey extends TestCase { + + /** @var EnableMasterKey */ + protected $enableMasterKey; + + /** @var Util | \PHPUnit_Framework_MockObject_MockObject */ + protected $util; + + /** @var \OCP\IConfig | \PHPUnit_Framework_MockObject_MockObject */ + protected $config; + + /** @var \Symfony\Component\Console\Helper\QuestionHelper | \PHPUnit_Framework_MockObject_MockObject */ + protected $questionHelper; + + /** @var \Symfony\Component\Console\Output\OutputInterface | \PHPUnit_Framework_MockObject_MockObject */ + protected $output; + + /** @var \Symfony\Component\Console\Input\InputInterface | \PHPUnit_Framework_MockObject_MockObject */ + protected $input; + + public function setUp() { + parent::setUp(); + + $this->util = $this->getMockBuilder('OCA\Encryption\Util') + ->disableOriginalConstructor()->getMock(); + $this->config = $this->getMockBuilder('OCP\IConfig') + ->disableOriginalConstructor()->getMock(); + $this->questionHelper = $this->getMockBuilder('Symfony\Component\Console\Helper\QuestionHelper') + ->disableOriginalConstructor()->getMock(); + $this->output = $this->getMockBuilder('Symfony\Component\Console\Output\OutputInterface') + ->disableOriginalConstructor()->getMock(); + $this->input = $this->getMockBuilder('Symfony\Component\Console\Input\InputInterface') + ->disableOriginalConstructor()->getMock(); + + $this->enableMasterKey = new EnableMasterKey($this->util, $this->config, $this->questionHelper); + } + + /** + * @dataProvider dataTestExecute + * + * @param bool $isAlreadyEnabled + * @param string $answer + */ + public function testExecute($isAlreadyEnabled, $answer) { + + $this->util->expects($this->once())->method('isMasterKeyEnabled') + ->willReturn($isAlreadyEnabled); + + if ($isAlreadyEnabled) { + $this->output->expects($this->once())->method('writeln') + ->with('Master key already enabled'); + } else { + if ($answer === 'y') { + $this->questionHelper->expects($this->once())->method('ask')->willReturn(true); + $this->config->expects($this->once())->method('setAppValue') + ->with('encryption', 'useMasterKey', '1'); + } else { + $this->questionHelper->expects($this->once())->method('ask')->willReturn(false); + $this->config->expects($this->never())->method('setAppValue'); + + } + } + + $this->invokePrivate($this->enableMasterKey, 'execute', [$this->input, $this->output]); + } + + public function dataTestExecute() { + return [ + [true, ''], + [false, 'y'], + [false, 'n'], + [false, ''] + ]; + } +} diff --git a/apps/encryption/tests/lib/KeyManagerTest.php b/apps/encryption/tests/lib/KeyManagerTest.php index 71b00cf254a..8f1da623efb 100644 --- a/apps/encryption/tests/lib/KeyManagerTest.php +++ b/apps/encryption/tests/lib/KeyManagerTest.php @@ -27,6 +27,7 @@ namespace OCA\Encryption\Tests; use OCA\Encryption\KeyManager; +use OCA\Encryption\Session; use Test\TestCase; class KeyManagerTest extends TestCase { @@ -237,24 +238,62 @@ class KeyManagerTest extends TestCase { } + /** + * @dataProvider dataTestInit + * + * @param bool $useMasterKey + */ + public function testInit($useMasterKey) { + + $instance = $this->getMockBuilder('OCA\Encryption\KeyManager') + ->setConstructorArgs( + [ + $this->keyStorageMock, + $this->cryptMock, + $this->configMock, + $this->userMock, + $this->sessionMock, + $this->logMock, + $this->utilMock + ] + )->setMethods(['getMasterKeyId', 'getMasterKeyPassword', 'getSystemPrivateKey', 'getPrivateKey']) + ->getMock(); - public function testInit() { - $this->keyStorageMock->expects($this->any()) - ->method('getUserKey') - ->with($this->equalTo($this->userId), $this->equalTo('privateKey')) - ->willReturn('privateKey'); - $this->cryptMock->expects($this->any()) - ->method('decryptPrivateKey') - ->with($this->equalTo('privateKey'), $this->equalTo('pass')) - ->willReturn('decryptedPrivateKey'); + $this->utilMock->expects($this->once())->method('isMasterKeyEnabled') + ->willReturn($useMasterKey); + + $this->sessionMock->expects($this->at(0))->method('setStatus') + ->with(Session::INIT_EXECUTED); + + $instance->expects($this->any())->method('getMasterKeyId')->willReturn('masterKeyId'); + $instance->expects($this->any())->method('getMasterKeyPassword')->willReturn('masterKeyPassword'); + $instance->expects($this->any())->method('getSystemPrivateKey')->with('masterKeyId')->willReturn('privateMasterKey'); + $instance->expects($this->any())->method('getPrivateKey')->with($this->userId)->willReturn('privateUserKey'); + + if($useMasterKey) { + $this->cryptMock->expects($this->once())->method('decryptPrivateKey') + ->with('privateMasterKey', 'masterKeyPassword', 'masterKeyId') + ->willReturn('key'); + } else { + $this->cryptMock->expects($this->once())->method('decryptPrivateKey') + ->with('privateUserKey', 'pass', $this->userId) + ->willReturn('key'); + } + $this->sessionMock->expects($this->once())->method('setPrivateKey') + ->with('key'); - $this->assertTrue( - $this->instance->init($this->userId, 'pass') - ); + $this->assertTrue($instance->init($this->userId, 'pass')); + } + public function dataTestInit() { + return [ + [true], + [false] + ]; } + public function testSetRecoveryKey() { $this->keyStorageMock->expects($this->exactly(2)) ->method('setSystemUserKey') @@ -401,5 +440,92 @@ class KeyManagerTest extends TestCase { ); } + public function testGetMasterKeyId() { + $this->assertSame('systemKeyId', $this->instance->getMasterKeyId()); + } + + public function testGetPublicMasterKey() { + $this->keyStorageMock->expects($this->once())->method('getSystemUserKey') + ->with('systemKeyId.publicKey', \OCA\Encryption\Crypto\Encryption::ID) + ->willReturn(true); + + $this->assertTrue( + $this->instance->getPublicMasterKey() + ); + } + + public function testGetMasterKeyPassword() { + $this->configMock->expects($this->once())->method('getSystemValue')->with('secret') + ->willReturn('password'); + + $this->assertSame('password', + $this->invokePrivate($this->instance, 'getMasterKeyPassword', []) + ); + } + + /** + * @expectedException \Exception + */ + public function testGetMasterKeyPasswordException() { + $this->configMock->expects($this->once())->method('getSystemValue')->with('secret') + ->willReturn(''); + + $this->invokePrivate($this->instance, 'getMasterKeyPassword', []); + } + + /** + * @dataProvider dataTestValidateMasterKey + * + * @param $masterKey + */ + public function testValidateMasterKey($masterKey) { + + /** @var \OCA\Encryption\KeyManager | \PHPUnit_Framework_MockObject_MockObject $instance */ + $instance = $this->getMockBuilder('OCA\Encryption\KeyManager') + ->setConstructorArgs( + [ + $this->keyStorageMock, + $this->cryptMock, + $this->configMock, + $this->userMock, + $this->sessionMock, + $this->logMock, + $this->utilMock + ] + )->setMethods(['getPublicMasterKey', 'setSystemPrivateKey', 'getMasterKeyPassword']) + ->getMock(); + + $instance->expects($this->once())->method('getPublicMasterKey') + ->willReturn($masterKey); + + $instance->expects($this->any())->method('getMasterKeyPassword')->willReturn('masterKeyPassword'); + $this->cryptMock->expects($this->any())->method('generateHeader')->willReturn('header'); + + if(empty($masterKey)) { + $this->cryptMock->expects($this->once())->method('createKeyPair') + ->willReturn(['publicKey' => 'public', 'privateKey' => 'private']); + $this->keyStorageMock->expects($this->once())->method('setSystemUserKey') + ->with('systemKeyId.publicKey', 'public', \OCA\Encryption\Crypto\Encryption::ID); + $this->cryptMock->expects($this->once())->method('encryptPrivateKey') + ->with('private', 'masterKeyPassword', 'systemKeyId') + ->willReturn('EncryptedKey'); + $instance->expects($this->once())->method('setSystemPrivateKey') + ->with('systemKeyId', 'headerEncryptedKey'); + } else { + $this->cryptMock->expects($this->never())->method('createKeyPair'); + $this->keyStorageMock->expects($this->never())->method('setSystemUserKey'); + $this->cryptMock->expects($this->never())->method('encryptPrivateKey'); + $instance->expects($this->never())->method('setSystemPrivateKey'); + } + + $instance->validateMasterKey(); + } + + public function dataTestValidateMasterKey() { + return [ + ['masterKey'], + [''] + ]; + } } diff --git a/apps/encryption/tests/lib/UtilTest.php b/apps/encryption/tests/lib/UtilTest.php index e75e8ea36b4..9988ff93f43 100644 --- a/apps/encryption/tests/lib/UtilTest.php +++ b/apps/encryption/tests/lib/UtilTest.php @@ -132,4 +132,25 @@ class UtilTest extends TestCase { return $default ?: null; } + /** + * @dataProvider dataTestIsMasterKeyEnabled + * + * @param string $value + * @param bool $expect + */ + public function testIsMasterKeyEnabled($value, $expect) { + $this->configMock->expects($this->once())->method('getAppValue') + ->with('encryption', 'useMasterKey', '0')->willReturn($value); + $this->assertSame($expect, + $this->instance->isMasterKeyEnabled() + ); + } + + public function dataTestIsMasterKeyEnabled() { + return [ + ['0', false], + ['1', true] + ]; + } + } diff --git a/apps/encryption/tests/lib/users/SetupTest.php b/apps/encryption/tests/lib/users/SetupTest.php index e6936c5c12e..bca3ff58b07 100644 --- a/apps/encryption/tests/lib/users/SetupTest.php +++ b/apps/encryption/tests/lib/users/SetupTest.php @@ -43,6 +43,8 @@ class SetupTest extends TestCase { private $instance; public function testSetupServerSide() { + $this->keyManagerMock->expects($this->exactly(2))->method('validateShareKey'); + $this->keyManagerMock->expects($this->exactly(2))->method('validateMasterKey'); $this->keyManagerMock->expects($this->exactly(2)) ->method('userHasKeys') ->with('admin') diff --git a/apps/files/l10n/el.js b/apps/files/l10n/el.js index 582e3b1758b..fe65869c3bb 100644 --- a/apps/files/l10n/el.js +++ b/apps/files/l10n/el.js @@ -72,8 +72,10 @@ OC.L10N.register( "_%n byte_::_%n bytes_" : ["%n byte","%n bytes"], "Favorited" : "Προτιμώμενα", "Favorite" : "Αγαπημένο", + "{newname} already exists" : "το {newname} υπάρχει ήδη", "Upload" : "Μεταφόρτωση", "Text file" : "Αρχείο κειμένου", + "New text file.txt" : "Νέο αρχείο κειμένου.txt", "Folder" : "Φάκελος", "New folder" : "Νέος κατάλογος", "An error occurred while trying to update the tags" : "Ένα σφάλμα προέκυψε κατά τη διάρκεια ενημέρωσης των ετικετών", diff --git a/apps/files/l10n/el.json b/apps/files/l10n/el.json index de550e86dea..37ff95b406e 100644 --- a/apps/files/l10n/el.json +++ b/apps/files/l10n/el.json @@ -70,8 +70,10 @@ "_%n byte_::_%n bytes_" : ["%n byte","%n bytes"], "Favorited" : "Προτιμώμενα", "Favorite" : "Αγαπημένο", + "{newname} already exists" : "το {newname} υπάρχει ήδη", "Upload" : "Μεταφόρτωση", "Text file" : "Αρχείο κειμένου", + "New text file.txt" : "Νέο αρχείο κειμένου.txt", "Folder" : "Φάκελος", "New folder" : "Νέος κατάλογος", "An error occurred while trying to update the tags" : "Ένα σφάλμα προέκυψε κατά τη διάρκεια ενημέρωσης των ετικετών", diff --git a/apps/files/l10n/fi_FI.js b/apps/files/l10n/fi_FI.js index b4d00878e8b..c6615a61234 100644 --- a/apps/files/l10n/fi_FI.js +++ b/apps/files/l10n/fi_FI.js @@ -72,8 +72,10 @@ OC.L10N.register( "_%n byte_::_%n bytes_" : ["%n tavu","%n tavua"], "Favorited" : "Lisätty suosikkeihin", "Favorite" : "Suosikki", + "{newname} already exists" : "{newname} on jo olemassa", "Upload" : "Lähetä", "Text file" : "Tekstitiedosto", + "New text file.txt" : "Uusi tekstitiedosto.txt", "Folder" : "Kansio", "New folder" : "Uusi kansio", "An error occurred while trying to update the tags" : "Tunnisteiden päivitystä yrittäessä tapahtui virhe", diff --git a/apps/files/l10n/fi_FI.json b/apps/files/l10n/fi_FI.json index 507689cbaf2..9be7c66d37a 100644 --- a/apps/files/l10n/fi_FI.json +++ b/apps/files/l10n/fi_FI.json @@ -70,8 +70,10 @@ "_%n byte_::_%n bytes_" : ["%n tavu","%n tavua"], "Favorited" : "Lisätty suosikkeihin", "Favorite" : "Suosikki", + "{newname} already exists" : "{newname} on jo olemassa", "Upload" : "Lähetä", "Text file" : "Tekstitiedosto", + "New text file.txt" : "Uusi tekstitiedosto.txt", "Folder" : "Kansio", "New folder" : "Uusi kansio", "An error occurred while trying to update the tags" : "Tunnisteiden päivitystä yrittäessä tapahtui virhe", diff --git a/apps/files/l10n/fr.js b/apps/files/l10n/fr.js index 6ba0bdee182..3b84a6c0c53 100644 --- a/apps/files/l10n/fr.js +++ b/apps/files/l10n/fr.js @@ -72,8 +72,10 @@ OC.L10N.register( "_%n byte_::_%n bytes_" : ["%n octet","%n octets"], "Favorited" : "Marqué comme favori", "Favorite" : "Favoris", + "{newname} already exists" : "{newname} existe déjà", "Upload" : "Chargement", "Text file" : "Fichier texte", + "New text file.txt" : "Nouveau fichier texte \"file.txt\"", "Folder" : "Dossier", "New folder" : "Nouveau dossier", "An error occurred while trying to update the tags" : "Une erreur est survenue lors de la mise à jour des étiquettes", diff --git a/apps/files/l10n/fr.json b/apps/files/l10n/fr.json index c8c0c1ceabf..4d05b5a42c3 100644 --- a/apps/files/l10n/fr.json +++ b/apps/files/l10n/fr.json @@ -70,8 +70,10 @@ "_%n byte_::_%n bytes_" : ["%n octet","%n octets"], "Favorited" : "Marqué comme favori", "Favorite" : "Favoris", + "{newname} already exists" : "{newname} existe déjà", "Upload" : "Chargement", "Text file" : "Fichier texte", + "New text file.txt" : "Nouveau fichier texte \"file.txt\"", "Folder" : "Dossier", "New folder" : "Nouveau dossier", "An error occurred while trying to update the tags" : "Une erreur est survenue lors de la mise à jour des étiquettes", diff --git a/apps/files/l10n/hu_HU.js b/apps/files/l10n/hu_HU.js index 396d9ec8755..8b9b7c17f15 100644 --- a/apps/files/l10n/hu_HU.js +++ b/apps/files/l10n/hu_HU.js @@ -72,8 +72,10 @@ OC.L10N.register( "_%n byte_::_%n bytes_" : ["%n bájt","%n bájt"], "Favorited" : "Kedvenc", "Favorite" : "Kedvenc", + "{newname} already exists" : "{newname} már létezik", "Upload" : "Feltöltés", "Text file" : "Szövegfájl", + "New text file.txt" : "Új szöveges fájl.txt", "Folder" : "Mappa", "New folder" : "Új mappa", "An error occurred while trying to update the tags" : "Hiba történt, miközben megpróbálta frissíteni a címkéket", diff --git a/apps/files/l10n/hu_HU.json b/apps/files/l10n/hu_HU.json index 3a29ff27f24..6d82cd60413 100644 --- a/apps/files/l10n/hu_HU.json +++ b/apps/files/l10n/hu_HU.json @@ -70,8 +70,10 @@ "_%n byte_::_%n bytes_" : ["%n bájt","%n bájt"], "Favorited" : "Kedvenc", "Favorite" : "Kedvenc", + "{newname} already exists" : "{newname} már létezik", "Upload" : "Feltöltés", "Text file" : "Szövegfájl", + "New text file.txt" : "Új szöveges fájl.txt", "Folder" : "Mappa", "New folder" : "Új mappa", "An error occurred while trying to update the tags" : "Hiba történt, miközben megpróbálta frissíteni a címkéket", diff --git a/apps/files/l10n/it.js b/apps/files/l10n/it.js index 8aa774c7381..aa92ffc0f70 100644 --- a/apps/files/l10n/it.js +++ b/apps/files/l10n/it.js @@ -72,8 +72,10 @@ OC.L10N.register( "_%n byte_::_%n bytes_" : ["%n byte","%n byte"], "Favorited" : "Preferiti", "Favorite" : "Preferito", + "{newname} already exists" : "{newname} esiste già", "Upload" : "Carica", "Text file" : "File di testo", + "New text file.txt" : "Nuovo file di testo.txt", "Folder" : "Cartella", "New folder" : "Nuova cartella", "An error occurred while trying to update the tags" : "Si è verificato un errore durante il tentativo di aggiornare le etichette", diff --git a/apps/files/l10n/it.json b/apps/files/l10n/it.json index 39b6b9983e7..8f18858b2eb 100644 --- a/apps/files/l10n/it.json +++ b/apps/files/l10n/it.json @@ -70,8 +70,10 @@ "_%n byte_::_%n bytes_" : ["%n byte","%n byte"], "Favorited" : "Preferiti", "Favorite" : "Preferito", + "{newname} already exists" : "{newname} esiste già", "Upload" : "Carica", "Text file" : "File di testo", + "New text file.txt" : "Nuovo file di testo.txt", "Folder" : "Cartella", "New folder" : "Nuova cartella", "An error occurred while trying to update the tags" : "Si è verificato un errore durante il tentativo di aggiornare le etichette", diff --git a/apps/files/l10n/nl.js b/apps/files/l10n/nl.js index 66ce04be361..3470d011dc6 100644 --- a/apps/files/l10n/nl.js +++ b/apps/files/l10n/nl.js @@ -71,8 +71,10 @@ OC.L10N.register( "_%n byte_::_%n bytes_" : ["%n byte","%n bytes"], "Favorited" : "Favoriet", "Favorite" : "Favoriet", + "{newname} already exists" : "{newname} bestaat al", "Upload" : "Uploaden", "Text file" : "Tekstbestand", + "New text file.txt" : "Nieuw tekstbestand.txt", "Folder" : "Map", "New folder" : "Nieuwe map", "An error occurred while trying to update the tags" : "Er trad een fout op bij uw poging de tags bij te werken", diff --git a/apps/files/l10n/nl.json b/apps/files/l10n/nl.json index 5739351a79c..04c0b7916b5 100644 --- a/apps/files/l10n/nl.json +++ b/apps/files/l10n/nl.json @@ -69,8 +69,10 @@ "_%n byte_::_%n bytes_" : ["%n byte","%n bytes"], "Favorited" : "Favoriet", "Favorite" : "Favoriet", + "{newname} already exists" : "{newname} bestaat al", "Upload" : "Uploaden", "Text file" : "Tekstbestand", + "New text file.txt" : "Nieuw tekstbestand.txt", "Folder" : "Map", "New folder" : "Nieuwe map", "An error occurred while trying to update the tags" : "Er trad een fout op bij uw poging de tags bij te werken", diff --git a/apps/files/l10n/pt_BR.js b/apps/files/l10n/pt_BR.js index 6586d227d66..7f154cbbf5e 100644 --- a/apps/files/l10n/pt_BR.js +++ b/apps/files/l10n/pt_BR.js @@ -72,8 +72,10 @@ OC.L10N.register( "_%n byte_::_%n bytes_" : ["%n byte","%n bytes"], "Favorited" : "Favorito", "Favorite" : "Favorito", + "{newname} already exists" : "{newname} já existe", "Upload" : "Enviar", "Text file" : "Arquivo texto", + "New text file.txt" : "Novo texto file.txt", "Folder" : "Pasta", "New folder" : "Nova pasta", "An error occurred while trying to update the tags" : "Ocorreu um erro enquanto tentava atualizar as etiquetas", diff --git a/apps/files/l10n/pt_BR.json b/apps/files/l10n/pt_BR.json index 06847e4fa87..81c76bb2b84 100644 --- a/apps/files/l10n/pt_BR.json +++ b/apps/files/l10n/pt_BR.json @@ -70,8 +70,10 @@ "_%n byte_::_%n bytes_" : ["%n byte","%n bytes"], "Favorited" : "Favorito", "Favorite" : "Favorito", + "{newname} already exists" : "{newname} já existe", "Upload" : "Enviar", "Text file" : "Arquivo texto", + "New text file.txt" : "Novo texto file.txt", "Folder" : "Pasta", "New folder" : "Nova pasta", "An error occurred while trying to update the tags" : "Ocorreu um erro enquanto tentava atualizar as etiquetas", diff --git a/apps/files/l10n/th_TH.js b/apps/files/l10n/th_TH.js index 61182b63ad3..2b092551a17 100644 --- a/apps/files/l10n/th_TH.js +++ b/apps/files/l10n/th_TH.js @@ -72,8 +72,10 @@ OC.L10N.register( "_%n byte_::_%n bytes_" : ["%n ไบต์"], "Favorited" : "รายการโปรด", "Favorite" : "รายการโปรด", + "{newname} already exists" : "{newname} ถูกใช้ไปแล้ว", "Upload" : "อัพโหลด", "Text file" : "ไฟล์ข้อความ", + "New text file.txt" : "ไฟล์ข้อความใหม่ .txt", "Folder" : "แฟ้มเอกสาร", "New folder" : "โฟลเดอร์ใหม่", "An error occurred while trying to update the tags" : "เกิดข้อผิดพลาดขณะที่พยายามจะปรับปรุงแท็ก", diff --git a/apps/files/l10n/th_TH.json b/apps/files/l10n/th_TH.json index dd2ecf36df3..3125adc820f 100644 --- a/apps/files/l10n/th_TH.json +++ b/apps/files/l10n/th_TH.json @@ -70,8 +70,10 @@ "_%n byte_::_%n bytes_" : ["%n ไบต์"], "Favorited" : "รายการโปรด", "Favorite" : "รายการโปรด", + "{newname} already exists" : "{newname} ถูกใช้ไปแล้ว", "Upload" : "อัพโหลด", "Text file" : "ไฟล์ข้อความ", + "New text file.txt" : "ไฟล์ข้อความใหม่ .txt", "Folder" : "แฟ้มเอกสาร", "New folder" : "โฟลเดอร์ใหม่", "An error occurred while trying to update the tags" : "เกิดข้อผิดพลาดขณะที่พยายามจะปรับปรุงแท็ก", diff --git a/apps/files_external/l10n/fr.js b/apps/files_external/l10n/fr.js index 42944b2f2fb..8ac5b1a4466 100644 --- a/apps/files_external/l10n/fr.js +++ b/apps/files_external/l10n/fr.js @@ -27,13 +27,17 @@ OC.L10N.register( "Storage with id \"%i\" not found" : "Stockage avec l'id \"%i\" non trouvé", "Invalid backend or authentication mechanism class" : "Système de stockage ou méthode d'authentification non valable", "Invalid mount point" : "Point de montage non valide", + "Objectstore forbidden" : "\"Objectstore\" interdit", "Invalid storage backend \"%s\"" : "Service de stockage non valide : \"%s\"", + "Unsatisfied backend parameters" : "Paramètres manquants pour le service", "Unsatisfied authentication mechanism parameters" : "Paramètres manquants pour la méthode d'authentification", "Admin-only storage backend \"%s\"" : "Service de stockage \"%s\" pour admins seulement", "Personal" : "Personnel", "System" : "Système", "Grant access" : "Autoriser l'accès", "Access granted" : "Accès autorisé", + "Error configuring OAuth1" : "Erreur lors de la configuration de OAuth1", + "Error configuring OAuth2" : "Erreur lors de la configuration de OAuth2", "Enable encryption" : "Activer le chiffrement", "Enable previews" : "Activer les prévisualisations", "Check for changes" : "Rechercher les modifications", @@ -45,6 +49,9 @@ OC.L10N.register( "Saved" : "Sauvegardé", "Generate keys" : "Générer des clés", "Error generating key pair" : "Erreur lors de la génération des clés", + "Access key" : "Clé d'accès", + "Secret key" : "Clé secrète", + "Builtin" : "inclus", "None" : "Aucun", "OAuth1" : "OAuth1", "App key" : "App key", diff --git a/apps/files_external/l10n/fr.json b/apps/files_external/l10n/fr.json index ffc2de0ef53..67b8932202f 100644 --- a/apps/files_external/l10n/fr.json +++ b/apps/files_external/l10n/fr.json @@ -25,13 +25,17 @@ "Storage with id \"%i\" not found" : "Stockage avec l'id \"%i\" non trouvé", "Invalid backend or authentication mechanism class" : "Système de stockage ou méthode d'authentification non valable", "Invalid mount point" : "Point de montage non valide", + "Objectstore forbidden" : "\"Objectstore\" interdit", "Invalid storage backend \"%s\"" : "Service de stockage non valide : \"%s\"", + "Unsatisfied backend parameters" : "Paramètres manquants pour le service", "Unsatisfied authentication mechanism parameters" : "Paramètres manquants pour la méthode d'authentification", "Admin-only storage backend \"%s\"" : "Service de stockage \"%s\" pour admins seulement", "Personal" : "Personnel", "System" : "Système", "Grant access" : "Autoriser l'accès", "Access granted" : "Accès autorisé", + "Error configuring OAuth1" : "Erreur lors de la configuration de OAuth1", + "Error configuring OAuth2" : "Erreur lors de la configuration de OAuth2", "Enable encryption" : "Activer le chiffrement", "Enable previews" : "Activer les prévisualisations", "Check for changes" : "Rechercher les modifications", @@ -43,6 +47,9 @@ "Saved" : "Sauvegardé", "Generate keys" : "Générer des clés", "Error generating key pair" : "Erreur lors de la génération des clés", + "Access key" : "Clé d'accès", + "Secret key" : "Clé secrète", + "Builtin" : "inclus", "None" : "Aucun", "OAuth1" : "OAuth1", "App key" : "App key", diff --git a/apps/files_sharing/l10n/fr.js b/apps/files_sharing/l10n/fr.js index 077c12e6db2..721f52d4a67 100644 --- a/apps/files_sharing/l10n/fr.js +++ b/apps/files_sharing/l10n/fr.js @@ -66,6 +66,7 @@ OC.L10N.register( "Federated Cloud" : "Federated Cloud", "Your Federated Cloud ID:" : "Votre identifiant Federated Cloud :", "Share it:" : "Partager :", + "Add to your website" : "Ajouter à votre site web", "Share with me via ownCloud" : "Partagez avec moi via ownCloud", "HTML Code:" : "Code HTML :" }, diff --git a/apps/files_sharing/l10n/fr.json b/apps/files_sharing/l10n/fr.json index c4b3bbe2f72..3f0ee47a381 100644 --- a/apps/files_sharing/l10n/fr.json +++ b/apps/files_sharing/l10n/fr.json @@ -64,6 +64,7 @@ "Federated Cloud" : "Federated Cloud", "Your Federated Cloud ID:" : "Votre identifiant Federated Cloud :", "Share it:" : "Partager :", + "Add to your website" : "Ajouter à votre site web", "Share with me via ownCloud" : "Partagez avec moi via ownCloud", "HTML Code:" : "Code HTML :" },"pluralForm" :"nplurals=2; plural=(n > 1);" diff --git a/apps/files_sharing/l10n/hu_HU.js b/apps/files_sharing/l10n/hu_HU.js index 3278343a769..738fe6eb6b9 100644 --- a/apps/files_sharing/l10n/hu_HU.js +++ b/apps/files_sharing/l10n/hu_HU.js @@ -66,6 +66,7 @@ OC.L10N.register( "Federated Cloud" : "Egyesített felhő", "Your Federated Cloud ID:" : "Egyesített felhő azonosító:", "Share it:" : "Ossza meg:", + "Add to your website" : "Add hozzá saját weboldaladhoz", "Share with me via ownCloud" : "Ossza meg velem ownCloud-on keresztül", "HTML Code:" : "HTML Code:" }, diff --git a/apps/files_sharing/l10n/hu_HU.json b/apps/files_sharing/l10n/hu_HU.json index edb98a5f70b..6b60146ffff 100644 --- a/apps/files_sharing/l10n/hu_HU.json +++ b/apps/files_sharing/l10n/hu_HU.json @@ -64,6 +64,7 @@ "Federated Cloud" : "Egyesített felhő", "Your Federated Cloud ID:" : "Egyesített felhő azonosító:", "Share it:" : "Ossza meg:", + "Add to your website" : "Add hozzá saját weboldaladhoz", "Share with me via ownCloud" : "Ossza meg velem ownCloud-on keresztül", "HTML Code:" : "HTML Code:" },"pluralForm" :"nplurals=2; plural=(n != 1);" diff --git a/apps/files_sharing/l10n/th_TH.js b/apps/files_sharing/l10n/th_TH.js index be9a353ffd9..242b3a8a68b 100644 --- a/apps/files_sharing/l10n/th_TH.js +++ b/apps/files_sharing/l10n/th_TH.js @@ -66,6 +66,7 @@ OC.L10N.register( "Federated Cloud" : "สหพันธ์คลาวด์", "Your Federated Cloud ID:" : "ไอดีคลาวด์ของคุณ:", "Share it:" : "แชร์มัน:", + "Add to your website" : "เพิ่มไปยังเว็บไซต์", "Share with me via ownCloud" : "แชร์ร่วมกับฉันผ่าน ownCloud", "HTML Code:" : "โค้ด HTML:" }, diff --git a/apps/files_sharing/l10n/th_TH.json b/apps/files_sharing/l10n/th_TH.json index 6984d7275d9..4658d45fbbe 100644 --- a/apps/files_sharing/l10n/th_TH.json +++ b/apps/files_sharing/l10n/th_TH.json @@ -64,6 +64,7 @@ "Federated Cloud" : "สหพันธ์คลาวด์", "Your Federated Cloud ID:" : "ไอดีคลาวด์ของคุณ:", "Share it:" : "แชร์มัน:", + "Add to your website" : "เพิ่มไปยังเว็บไซต์", "Share with me via ownCloud" : "แชร์ร่วมกับฉันผ่าน ownCloud", "HTML Code:" : "โค้ด HTML:" },"pluralForm" :"nplurals=1; plural=0;" diff --git a/apps/provisioning_api/lib/apps.php b/apps/provisioning_api/lib/apps.php index 168f6f3cad8..80f6e7049c6 100644 --- a/apps/provisioning_api/lib/apps.php +++ b/apps/provisioning_api/lib/apps.php @@ -31,13 +31,20 @@ class Apps { /** @var \OCP\App\IAppManager */ private $appManager; + /** + * @param \OCP\App\IAppManager $appManager + */ public function __construct(\OCP\App\IAppManager $appManager) { $this->appManager = $appManager; } - public function getApps($parameters){ + /** + * @param array $parameters + * @return OC_OCS_Result + */ + public function getApps($parameters) { $apps = OC_App::listAllApps(); - $list = array(); + $list = []; foreach($apps as $app) { $list[] = $app['id']; } @@ -62,7 +69,11 @@ class Apps { } } - public function getAppInfo($parameters){ + /** + * @param array $parameters + * @return OC_OCS_Result + */ + public function getAppInfo($parameters) { $app = $parameters['appid']; $info = \OCP\App::getAppInfo($app); if(!is_null($info)) { @@ -72,13 +83,21 @@ class Apps { } } - public function enable($parameters){ + /** + * @param array $parameters + * @return OC_OCS_Result + */ + public function enable($parameters) { $app = $parameters['appid']; $this->appManager->enableApp($app); return new OC_OCS_Result(null, 100); } - public function disable($parameters){ + /** + * @param array $parameters + * @return OC_OCS_Result + */ + public function disable($parameters) { $app = $parameters['appid']; $this->appManager->disableApp($app); return new OC_OCS_Result(null, 100); diff --git a/apps/provisioning_api/lib/groups.php b/apps/provisioning_api/lib/groups.php index 91d0a1c6342..c6fbe12b34e 100644 --- a/apps/provisioning_api/lib/groups.php +++ b/apps/provisioning_api/lib/groups.php @@ -25,6 +25,8 @@ namespace OCA\Provisioning_API; use \OC_OCS_Result; use \OC_SubAdmin; +use OCP\IGroup; +use OCP\IUser; class Groups{ @@ -39,21 +41,25 @@ class Groups{ * @param \OCP\IUserSession $userSession */ public function __construct(\OCP\IGroupManager $groupManager, - \OCP\IUserSession $userSession) { + \OCP\IUserSession $userSession) { $this->groupManager = $groupManager; $this->userSession = $userSession; } /** * returns a list of groups + * + * @param array $parameters + * @return OC_OCS_Result */ - public function getGroups($parameters){ + public function getGroups($parameters) { $search = !empty($_GET['search']) ? $_GET['search'] : ''; $limit = !empty($_GET['limit']) ? $_GET['limit'] : null; $offset = !empty($_GET['offset']) ? $_GET['offset'] : null; $groups = $this->groupManager->search($search, $limit, $offset); $groups = array_map(function($group) { + /** @var IGroup $group */ return $group->getGID(); }, $groups); @@ -62,6 +68,9 @@ class Groups{ /** * returns an array of users in the group specified + * + * @param array $parameters + * @return OC_OCS_Result */ public function getGroup($parameters) { // Check if user is logged in @@ -71,7 +80,7 @@ class Groups{ } // Check the group exists - if(!$this->groupManager->groupExists($parameters['groupid'])){ + if(!$this->groupManager->groupExists($parameters['groupid'])) { return new OC_OCS_Result(null, \OCP\API::RESPOND_NOT_FOUND, 'The requested group could not be found'); } // Check subadmin has access to this group @@ -79,6 +88,7 @@ class Groups{ || in_array($parameters['groupid'], \OC_SubAdmin::getSubAdminsGroups($user->getUID()))){ $users = $this->groupManager->get($parameters['groupid'])->getUsers(); $users = array_map(function($user) { + /** @var IUser $user */ return $user->getUID(); }, $users); $users = array_values($users); @@ -90,23 +100,30 @@ class Groups{ /** * creates a new group + * + * @param array $parameters + * @return OC_OCS_Result */ - public function addGroup($parameters){ + public function addGroup($parameters) { // Validate name - $groupid = isset($_POST['groupid']) ? $_POST['groupid'] : ''; - if( preg_match( '/[^a-zA-Z0-9 _\.@\-]/', $groupid ) || empty($groupid)){ + $groupId = isset($_POST['groupid']) ? $_POST['groupid'] : ''; + if( preg_match( '/[^a-zA-Z0-9 _\.@\-]/', $groupId ) || empty($groupId)){ \OCP\Util::writeLog('provisioning_api', 'Attempt made to create group using invalid characters.', \OCP\Util::ERROR); return new OC_OCS_Result(null, 101, 'Invalid group name'); } // Check if it exists - if($this->groupManager->groupExists($groupid)){ + if($this->groupManager->groupExists($groupId)){ return new OC_OCS_Result(null, 102); } - $this->groupManager->createGroup($groupid); + $this->groupManager->createGroup($groupId); return new OC_OCS_Result(null, 100); } - public function deleteGroup($parameters){ + /** + * @param array $parameters + * @return OC_OCS_Result + */ + public function deleteGroup($parameters) { // Check it exists if(!$this->groupManager->groupExists($parameters['groupid'])){ return new OC_OCS_Result(null, 101); @@ -118,6 +135,10 @@ class Groups{ } } + /** + * @param array $parameters + * @return OC_OCS_Result + */ public function getSubAdminsOfGroup($parameters) { $group = $parameters['groupid']; // Check group exists diff --git a/apps/provisioning_api/lib/users.php b/apps/provisioning_api/lib/users.php index f5b201a55ea..617e50b403e 100644 --- a/apps/provisioning_api/lib/users.php +++ b/apps/provisioning_api/lib/users.php @@ -48,10 +48,10 @@ class Users { * @param \OCP\IUserManager $userManager * @param \OCP\IConfig $config * @param \OCP\IGroupManager $groupManager - * @param \OCP\IUserSession $user + * @param \OCP\IUserSession $userSession */ public function __construct(\OCP\IUserManager $userManager, - \OCP\IConfig $config, + \OCP\IConfig $config, \OCP\IGroupManager $groupManager, \OCP\IUserSession $userSession) { $this->userManager = $userManager; @@ -62,8 +62,10 @@ class Users { /** * returns a list of users + * + * @return OC_OCS_Result */ - public function getUsers(){ + public function getUsers() { $search = !empty($_GET['search']) ? $_GET['search'] : ''; $limit = !empty($_GET['limit']) ? $_GET['limit'] : null; $offset = !empty($_GET['offset']) ? $_GET['offset'] : null; @@ -76,7 +78,10 @@ class Users { ]); } - public function addUser(){ + /** + * @return OC_OCS_Result + */ + public function addUser() { $userId = isset($_POST['userid']) ? $_POST['userid'] : null; $password = isset($_POST['password']) ? $_POST['password'] : null; if($this->userManager->userExists($userId)) { @@ -96,6 +101,9 @@ class Users { /** * gets user info + * + * @param array $parameters + * @return OC_OCS_Result */ public function getUser($parameters){ $userId = $parameters['userid']; @@ -150,8 +158,11 @@ class Users { /** * edit users + * + * @param array $parameters + * @return OC_OCS_Result */ - public function editUser($parameters){ + public function editUser($parameters) { $userId = $parameters['userid']; // Check if user is logged in @@ -230,7 +241,11 @@ class Users { return new OC_OCS_Result(null, 100); } - public function deleteUser($parameters){ + /** + * @param array $parameters + * @return OC_OCS_Result + */ + public function deleteUser($parameters) { // Check if user is logged in $user = $this->userSession->getUser(); if ($user === null) { @@ -253,6 +268,10 @@ class Users { } } + /** + * @param array $parameters + * @return OC_OCS_Result + */ public function getUsersGroups($parameters) { // Check if user is logged in $user = $this->userSession->getUser(); @@ -286,7 +305,11 @@ class Users { } - public function addToGroup($parameters){ + /** + * @param array $parameters + * @return OC_OCS_Result + */ + public function addToGroup($parameters) { // Check if user is logged in $user = $this->userSession->getUser(); if ($user === null) { @@ -317,6 +340,10 @@ class Users { return new OC_OCS_Result(null, 100); } + /** + * @param array $parameters + * @return OC_OCS_Result + */ public function removeFromGroup($parameters) { // Check if user is logged in $user = $this->userSession->getUser(); @@ -362,6 +389,9 @@ class Users { /** * Creates a subadmin + * + * @param array $parameters + * @return OC_OCS_Result */ public function addSubAdmin($parameters) { $group = $_POST['groupid']; @@ -393,6 +423,9 @@ class Users { /** * Removes a subadmin from a group + * + * @param array $parameters + * @return OC_OCS_Result */ public function removeSubAdmin($parameters) { $group = $parameters['_delete']['groupid']; @@ -414,7 +447,10 @@ class Users { } /** - * @Get the groups a user is a subadmin of + * Get the groups a user is a subadmin of + * + * @param array $parameters + * @return OC_OCS_Result */ public function getUserSubAdminGroups($parameters) { $user = $parameters['userid']; @@ -431,8 +467,8 @@ class Users { } /** - * @param $userId - * @param $data + * @param string $userId + * @param array $data * @return mixed * @throws \OCP\Files\NotFoundException */ diff --git a/core/templates/layout.base.php b/core/templates/layout.base.php index 43d692c0364..b01820a05bb 100644 --- a/core/templates/layout.base.php +++ b/core/templates/layout.base.php @@ -8,6 +8,7 @@ <?php p($theme->getTitle()); ?> </title> <meta http-equiv="X-UA-Compatible" content="IE=edge"> + <meta name="referrer" content="never"> <meta name="viewport" content="width=device-width, minimum-scale=1.0, maximum-scale=1.0"> <meta name="theme-color" content="<?php p($theme->getMailHeaderColor()); ?>"> <link rel="shortcut icon" type="image/png" href="<?php print_unescaped(image_path('', 'favicon.png')); ?>"> diff --git a/core/templates/layout.guest.php b/core/templates/layout.guest.php index 0fd7521271d..56b762d3266 100644 --- a/core/templates/layout.guest.php +++ b/core/templates/layout.guest.php @@ -8,6 +8,7 @@ <?php p($theme->getTitle()); ?> </title> <meta http-equiv="X-UA-Compatible" content="IE=edge"> + <meta name="referrer" content="never"> <meta name="viewport" content="width=device-width, minimum-scale=1.0, maximum-scale=1.0"> <meta name="apple-itunes-app" content="app-id=<?php p($theme->getiTunesAppId()); ?>"> <meta name="theme-color" content="<?php p($theme->getMailHeaderColor()); ?>"> diff --git a/core/templates/layout.user.php b/core/templates/layout.user.php index 59fced353d1..0910047032d 100644 --- a/core/templates/layout.user.php +++ b/core/templates/layout.user.php @@ -15,6 +15,7 @@ ?> </title> <meta http-equiv="X-UA-Compatible" content="IE=edge"> + <meta name="referrer" content="never"> <meta name="viewport" content="width=device-width, initial-scale=1.0, minimum-scale=1.0, maximum-scale=1.0"> <meta name="apple-itunes-app" content="app-id=<?php p($theme->getiTunesAppId()); ?>"> <meta name="apple-mobile-web-app-capable" content="yes"> diff --git a/lib/l10n/th_TH.js b/lib/l10n/th_TH.js index 2ff86f599e9..6092f348cb5 100644 --- a/lib/l10n/th_TH.js +++ b/lib/l10n/th_TH.js @@ -91,6 +91,7 @@ OC.L10N.register( "Sharing %s failed, because the user %s does not exist" : "การแชร์ %s ล้มเหลวเนื่องจากไม่ได้มีผู้ใช้ %s อยู่", "Sharing %s failed, because the user %s is not a member of any groups that %s is a member of" : "การแชร์ %s ล้มเหลวเนื่องจากผู้ใช้ %s ไม่ได้เป็นสมาชิกของกลุ่มใดๆ %s เป็นสมาชิกของ", "Sharing %s failed, because this item is already shared with %s" : "การแชร์ %s ล้มเหลวเพราะรายการนี้ถูกแชร์กับ %s", + "Sharing %s failed, because this item is already shared with user %s" : "%s ที่กำลังแชร์ล้มเหลว เพราะรายการนี้ได้ถูกแชร์กับผู้ใช้ %s", "Sharing %s failed, because the group %s does not exist" : "การแชร์ %s ล้มเหลวเพราะไม่มีกลุ่ม %s อยู่", "Sharing %s failed, because %s is not a member of the group %s" : "การแชร์ %s ล้มเหลวเพราะ %s ไม่ได้เป็นสมาชิกของกลุ่ม %s", "You need to provide a password to create a public link, only protected links are allowed" : "คุณจำเป็นต้องระบุรหัสผ่านเพื่อสร้างลิงค์สาธารณะ, ลิงค์ที่มีการป้องกันเท่านั้นที่ได้รับอนุญาต", diff --git a/lib/l10n/th_TH.json b/lib/l10n/th_TH.json index a215b67a180..a872236a70d 100644 --- a/lib/l10n/th_TH.json +++ b/lib/l10n/th_TH.json @@ -89,6 +89,7 @@ "Sharing %s failed, because the user %s does not exist" : "การแชร์ %s ล้มเหลวเนื่องจากไม่ได้มีผู้ใช้ %s อยู่", "Sharing %s failed, because the user %s is not a member of any groups that %s is a member of" : "การแชร์ %s ล้มเหลวเนื่องจากผู้ใช้ %s ไม่ได้เป็นสมาชิกของกลุ่มใดๆ %s เป็นสมาชิกของ", "Sharing %s failed, because this item is already shared with %s" : "การแชร์ %s ล้มเหลวเพราะรายการนี้ถูกแชร์กับ %s", + "Sharing %s failed, because this item is already shared with user %s" : "%s ที่กำลังแชร์ล้มเหลว เพราะรายการนี้ได้ถูกแชร์กับผู้ใช้ %s", "Sharing %s failed, because the group %s does not exist" : "การแชร์ %s ล้มเหลวเพราะไม่มีกลุ่ม %s อยู่", "Sharing %s failed, because %s is not a member of the group %s" : "การแชร์ %s ล้มเหลวเพราะ %s ไม่ได้เป็นสมาชิกของกลุ่ม %s", "You need to provide a password to create a public link, only protected links are allowed" : "คุณจำเป็นต้องระบุรหัสผ่านเพื่อสร้างลิงค์สาธารณะ, ลิงค์ที่มีการป้องกันเท่านั้นที่ได้รับอนุญาต", diff --git a/lib/private/eventsource.php b/lib/private/eventsource.php index c69671c1a75..e2be808e726 100644 --- a/lib/private/eventsource.php +++ b/lib/private/eventsource.php @@ -59,6 +59,17 @@ class OC_EventSource implements \OCP\IEventSource { $this->fallback = isset($_GET['fallback']) and $_GET['fallback'] == 'true'; if ($this->fallback) { $this->fallBackId = (int)$_GET['fallback_id']; + /** + * FIXME: The default content-security-policy of ownCloud forbids inline + * JavaScript for security reasons. IE starting on Windows 10 will + * however also obey the CSP which will break the event source fallback. + * + * As a workaround thus we set a custom policy which allows the execution + * of inline JavaScript. + * + * @link https://github.com/owncloud/core/issues/14286 + */ + header("Content-Security-Policy: default-src 'none'; script-src 'unsafe-inline'"); header("Content-Type: text/html"); echo str_repeat('<span></span>' . PHP_EOL, 10); //dummy data to keep IE happy } else { diff --git a/lib/private/files.php b/lib/private/files.php index 6268bf8a129..0172f1ca6af 100644 --- a/lib/private/files.php +++ b/lib/private/files.php @@ -86,15 +86,6 @@ class OC_Files { */ public static function get($dir, $files, $only_header = false) { $view = \OC\Files\Filesystem::getView(); - $xsendfile = false; - if (\OC::$server->getLockingProvider() instanceof NoopLockingProvider) { - if (isset($_SERVER['MOD_X_SENDFILE_ENABLED']) || - isset($_SERVER['MOD_X_SENDFILE2_ENABLED']) || - isset($_SERVER['MOD_X_ACCEL_REDIRECT_ENABLED']) - ) { - $xsendfile = true; - } - } if (is_array($files) && count($files) === 1) { $files = $files[0]; @@ -129,9 +120,6 @@ class OC_Files { if ($get_type === self::FILE) { $zip = false; - if ($xsendfile && \OC::$server->getEncryptionManager()->isEnabled()) { - $xsendfile = false; - } } else { $zip = new ZipStreamer(false); } @@ -176,17 +164,7 @@ class OC_Files { $zip->finalize(); set_time_limit($executionTime); } else { - if ($xsendfile) { - /** @var $storage \OC\Files\Storage\Storage */ - list($storage) = $view->resolvePath($filename); - if ($storage->isLocal()) { - self::addSendfileHeader($filename); - } else { - \OC\Files\Filesystem::readfile($filename); - } - } else { - \OC\Files\Filesystem::readfile($filename); - } + \OC\Files\Filesystem::readfile($filename); } if ($get_type === self::FILE) { $view->unlockFile($filename, ILockingProvider::LOCK_SHARED); @@ -203,40 +181,6 @@ class OC_Files { } /** - * @param false|string $filename - */ - private static function addSendfileHeader($filename) { - if (isset($_SERVER['MOD_X_SENDFILE_ENABLED'])) { - $filename = \OC\Files\Filesystem::getLocalFile($filename); - header("X-Sendfile: " . $filename); - } - if (isset($_SERVER['MOD_X_SENDFILE2_ENABLED'])) { - $filename = \OC\Files\Filesystem::getLocalFile($filename); - if (isset($_SERVER['HTTP_RANGE']) && - preg_match("/^bytes=([0-9]+)-([0-9]*)$/", $_SERVER['HTTP_RANGE'], $range)) { - $filelength = filesize($filename); - if ($range[2] === "") { - $range[2] = $filelength - 1; - } - header("Content-Range: bytes $range[1]-$range[2]/" . $filelength); - header("HTTP/1.1 206 Partial content"); - header("X-Sendfile2: " . str_replace(",", "%2c", rawurlencode($filename)) . " $range[1]-$range[2]"); - } else { - header("X-Sendfile: " . $filename); - } - } - - if (isset($_SERVER['MOD_X_ACCEL_REDIRECT_ENABLED'])) { - if (isset($_SERVER['MOD_X_ACCEL_REDIRECT_PREFIX'])) { - $filename = $_SERVER['MOD_X_ACCEL_REDIRECT_PREFIX'] . \OC\Files\Filesystem::getLocalFile($filename); - } else { - $filename = \OC::$WEBROOT . '/data' . \OC\Files\Filesystem::getRoot() . $filename; - } - header("X-Accel-Redirect: " . $filename); - } - } - - /** * @param string $dir * @param ZipStreamer $zip * @param string $internalDir diff --git a/lib/private/server.php b/lib/private/server.php index 8e8444c83d4..bbf060a47b7 100644 --- a/lib/private/server.php +++ b/lib/private/server.php @@ -178,8 +178,6 @@ class Server extends SimpleContainer implements IServerContainer { $manager = $c->getUserManager(); $session = new \OC\Session\Memory(''); - $cryptoWrapper = $c->getSessionCryptoWrapper(); - $session = $cryptoWrapper->wrapSession($session); $userSession = new \OC\User\Session($manager, $session); $userSession->listen('\OC\User', 'preCreateUser', function ($uid, $password) { @@ -253,7 +251,7 @@ class Server extends SimpleContainer implements IServerContainer { if($config->getSystemValue('installed', false) && !(defined('PHPUNIT_RUN') && PHPUNIT_RUN)) { $v = \OC_App::getAppVersions(); - $v['core'] = implode('.', \OC_Util::getVersion()); + $v['core'] = md5(file_get_contents(\OC::$SERVERROOT . '/version.php')); $version = implode(',', $v); $instanceId = \OC_Util::getInstanceId(); $path = \OC::$SERVERROOT; diff --git a/lib/private/session/cryptosessiondata.php b/lib/private/session/cryptosessiondata.php index 60d22b25e97..6826ede5e33 100644 --- a/lib/private/session/cryptosessiondata.php +++ b/lib/private/session/cryptosessiondata.php @@ -32,22 +32,47 @@ use OCP\Security\ICrypto; class CryptoSessionData implements \ArrayAccess, ISession { /** @var ISession */ protected $session; - /** @var \OCP\Security\ICrypto */ protected $crypto; - /** @var string */ protected $passphrase; + /** @var array */ + protected $sessionValues; + /** @var bool */ + protected $isModified = false; + CONST encryptedSessionName = 'encrypted_session_data'; /** * @param ISession $session * @param ICrypto $crypto * @param string $passphrase */ - public function __construct(ISession $session, ICrypto $crypto, $passphrase) { + public function __construct(ISession $session, + ICrypto $crypto, + $passphrase) { $this->crypto = $crypto; $this->session = $session; $this->passphrase = $passphrase; + $this->initializeSession(); + } + + /** + * Close session if class gets destructed + */ + public function __destruct() { + $this->close(); + } + + protected function initializeSession() { + $encryptedSessionData = $this->session->get(self::encryptedSessionName); + try { + $this->sessionValues = json_decode( + $this->crypto->decrypt($encryptedSessionData, $this->passphrase), + true + ); + } catch (\Exception $e) { + $this->sessionValues = []; + } } /** @@ -57,8 +82,8 @@ class CryptoSessionData implements \ArrayAccess, ISession { * @param mixed $value */ public function set($key, $value) { - $encryptedValue = $this->crypto->encrypt(json_encode($value), $this->passphrase); - $this->session->set($key, $encryptedValue); + $this->sessionValues[$key] = $value; + $this->isModified = true; } /** @@ -68,17 +93,11 @@ class CryptoSessionData implements \ArrayAccess, ISession { * @return string|null Either the value or null */ public function get($key) { - $encryptedValue = $this->session->get($key); - if ($encryptedValue === null) { - return null; + if(isset($this->sessionValues[$key])) { + return $this->sessionValues[$key]; } - try { - $value = $this->crypto->decrypt($encryptedValue, $this->passphrase); - return json_decode($value); - } catch (\Exception $e) { - return null; - } + return null; } /** @@ -88,7 +107,7 @@ class CryptoSessionData implements \ArrayAccess, ISession { * @return bool */ public function exists($key) { - return $this->session->exists($key); + return isset($this->sessionValues[$key]); } /** @@ -97,20 +116,29 @@ class CryptoSessionData implements \ArrayAccess, ISession { * @param string $key */ public function remove($key) { - $this->session->remove($key); + $this->isModified = true; + unset($this->sessionValues[$key]); + $this->session->remove(self::encryptedSessionName); } /** * Reset and recreate the session */ public function clear() { + $this->sessionValues = []; + $this->isModified = true; $this->session->clear(); } /** - * Close the session and release the lock + * Close the session and release the lock, also writes all changed data in batch */ public function close() { + if($this->isModified) { + $encryptedValue = $this->crypto->encrypt(json_encode($this->sessionValues), $this->passphrase); + $this->session->set(self::encryptedSessionName, $encryptedValue); + $this->isModified = false; + } $this->session->close(); } diff --git a/lib/private/session/internal.php b/lib/private/session/internal.php index 77197887754..8ee21272104 100644 --- a/lib/private/session/internal.php +++ b/lib/private/session/internal.php @@ -32,6 +32,10 @@ namespace OC\Session; * @package OC\Session */ class Internal extends Session { + /** + * @param string $name + * @throws \Exception + */ public function __construct($name) { session_name($name); set_error_handler(array($this, 'trapError')); @@ -42,10 +46,6 @@ class Internal extends Session { } } - public function __destruct() { - $this->close(); - } - /** * @param string $key * @param integer $value diff --git a/lib/private/share/share.php b/lib/private/share/share.php index 70ed26c0b27..6ad36d60fe8 100644 --- a/lib/private/share/share.php +++ b/lib/private/share/share.php @@ -765,7 +765,7 @@ class Share extends Constants { } // Generate hash of password - same method as user passwords - if (!empty($shareWith)) { + if (is_string($shareWith) && $shareWith !== '') { self::verifyPassword($shareWith); $shareWith = \OC::$server->getHasher()->hash($shareWith); } else { diff --git a/lib/private/updater.php b/lib/private/updater.php index f73fa8ff655..71e9732c307 100644 --- a/lib/private/updater.php +++ b/lib/private/updater.php @@ -212,19 +212,26 @@ class Updater extends BasicEmitter { } /** + * Return version from which this version is allowed to upgrade from + * + * @return string allowed previous version + */ + private function getAllowedPreviousVersion() { + // this should really be a JSON file + require \OC::$SERVERROOT . '/version.php'; + return implode('.', $OC_VersionCanBeUpgradedFrom); + } + + /** * Whether an upgrade to a specified version is possible * @param string $oldVersion * @param string $newVersion + * @param string $allowedPreviousVersion * @return bool */ - public function isUpgradePossible($oldVersion, $newVersion) { - $oldVersion = explode('.', $oldVersion); - $newVersion = explode('.', $newVersion); - - if($newVersion[0] > ($oldVersion[0] + 1) || $oldVersion[0] > $newVersion[0]) { - return false; - } - return true; + public function isUpgradePossible($oldVersion, $newVersion, $allowedPreviousVersion) { + return (version_compare($allowedPreviousVersion, $oldVersion, '<=') + && version_compare($oldVersion, $newVersion, '<=')); } /** @@ -259,8 +266,9 @@ class Updater extends BasicEmitter { */ private function doUpgrade($currentVersion, $installedVersion) { // Stop update if the update is over several major versions - if (!self::isUpgradePossible($installedVersion, $currentVersion)) { - throw new \Exception('Updates between multiple major versions are unsupported.'); + $allowedPreviousVersion = $this->getAllowedPreviousVersion(); + if (!self::isUpgradePossible($installedVersion, $currentVersion, $allowedPreviousVersion)) { + throw new \Exception('Updates between multiple major versions and downgrades are unsupported.'); } // Update .htaccess files diff --git a/lib/private/util.php b/lib/private/util.php index 0fda55496dc..eb1de5be5a4 100644 --- a/lib/private/util.php +++ b/lib/private/util.php @@ -1054,6 +1054,7 @@ class OC_Util { return $id; } + protected static $encryptedToken; /** * Register an get/post call. Important to prevent CSRF attacks. * @@ -1066,6 +1067,11 @@ class OC_Util { * @see OC_Util::isCallRegistered() */ public static function callRegister() { + // Use existing token if function has already been called + if(isset(self::$encryptedToken)) { + return self::$encryptedToken; + } + // Check if a token exists if (!\OC::$server->getSession()->exists('requesttoken')) { // No valid token found, generate a new one. @@ -1078,7 +1084,8 @@ class OC_Util { // Encrypt the token to mitigate breach-like attacks $sharedSecret = \OC::$server->getSecureRandom()->getMediumStrengthGenerator()->generate(10); - return \OC::$server->getCrypto()->encrypt($requestToken, $sharedSecret) . ':' . $sharedSecret; + self::$encryptedToken = \OC::$server->getCrypto()->encrypt($requestToken, $sharedSecret) . ':' . $sharedSecret; + return self::$encryptedToken; } /** @@ -1449,8 +1456,12 @@ class OC_Util { if ($config->getSystemValue('installed', false)) { $installedVersion = $config->getSystemValue('version', '0.0.0'); $currentVersion = implode('.', OC_Util::getVersion()); - if (version_compare($currentVersion, $installedVersion, '>')) { + $versionDiff = version_compare($currentVersion, $installedVersion); + if ($versionDiff > 0) { return true; + } else if ($versionDiff < 0) { + // downgrade attempt, throw exception + throw new \OC\HintException('Downgrading is not supported and is likely to cause unpredictable issues (from ' . $installedVersion . ' to ' . $currentVersion . ')'); } // also check for upgrades for apps (independently from the user) diff --git a/ocs/routes.php b/ocs/routes.php index f8e6f33c48a..9a8625bcc31 100644 --- a/ocs/routes.php +++ b/ocs/routes.php @@ -104,31 +104,33 @@ API::register( ); // Server-to-Server Sharing -$s2s = new \OCA\Files_Sharing\API\Server2Server(); -API::register('post', +if (\OC::$server->getAppManager()->isEnabledForUser('files_sharing')) { + $s2s = new \OCA\Files_Sharing\API\Server2Server(); + API::register('post', '/cloud/shares', array($s2s, 'createShare'), 'files_sharing', API::GUEST_AUTH -); + ); -API::register('post', + API::register('post', '/cloud/shares/{id}/accept', array($s2s, 'acceptShare'), 'files_sharing', API::GUEST_AUTH -); + ); -API::register('post', + API::register('post', '/cloud/shares/{id}/decline', array($s2s, 'declineShare'), 'files_sharing', API::GUEST_AUTH -); + ); -API::register('post', + API::register('post', '/cloud/shares/{id}/unshare', array($s2s, 'unshare'), 'files_sharing', API::GUEST_AUTH -); + ); +} diff --git a/settings/l10n/el.js b/settings/l10n/el.js index 6f167f62493..21b70a65740 100644 --- a/settings/l10n/el.js +++ b/settings/l10n/el.js @@ -119,6 +119,7 @@ OC.L10N.register( "SSL" : "SSL", "TLS" : "TLS", "php does not seem to be setup properly to query system environment variables. The test with getenv(\"PATH\") only returns an empty response." : "Η php δεν φαίνεται να είναι σωστά ρυθμισμένη για ερωτήματα σε μεταβλητές περιβάλλοντος του συστήματος. Η δοκιμή με την εντολή getenv(\"PATH\") επιστρέφει κενή απάντηση.", + "Please check the <a target=\"_blank\" href=\"%s\">installation documentation ↗</a> for php configuration notes and the php configuration of your server, especially when using php-fpm." : "Παρακαλούμε ελέγξτε την <a target=\"_blank\" href=\"%s\">τεκμηρίωση της εγκατάστασης ↗</a> για τις σημειώσεις σχετικά με τη διαμόρφωση της php και τη διαμόρφωση της php στο διακομιστή σας, ειδικά όταν χρησιμοποιείτε php-fpm.", "The Read-Only config has been enabled. This prevents setting some configurations via the web-interface. Furthermore, the file needs to be made writable manually for every update." : "Η ρύθμιση \"μόνο ανάγνωση\" έχει ενεργοποιηθεί. Αυτό εμποδίζει τον καθορισμό κάποιων ρυθμίσεων μέσω της διεπαφής web. Επιπλέον, το αρχείο πρέπει να γίνει χειροκίνητα εγγράψιμο πριν από κάθε διαδικασία ενημέρωσης.", "PHP is apparently setup to strip inline doc blocks. This will make several core apps inaccessible." : "Ο PHP φαίνεται να είναι ρυθμισμένος ώστε να αφαιρεί μπλοκ εσωτερικών κειμένων (inline doc). Αυτό θα καταστήσει κύριες εφαρμογές μη-διαθέσιμες.", "This is probably caused by a cache/accelerator such as Zend OPcache or eAccelerator." : "Αυτό πιθανόν προκλήθηκε από προσωρινή μνήμη (cache)/επιταχυντή όπως τη Zend OPcache ή τον eAccelerator.", diff --git a/settings/l10n/el.json b/settings/l10n/el.json index 9b758b1eec3..87aca13d1bd 100644 --- a/settings/l10n/el.json +++ b/settings/l10n/el.json @@ -117,6 +117,7 @@ "SSL" : "SSL", "TLS" : "TLS", "php does not seem to be setup properly to query system environment variables. The test with getenv(\"PATH\") only returns an empty response." : "Η php δεν φαίνεται να είναι σωστά ρυθμισμένη για ερωτήματα σε μεταβλητές περιβάλλοντος του συστήματος. Η δοκιμή με την εντολή getenv(\"PATH\") επιστρέφει κενή απάντηση.", + "Please check the <a target=\"_blank\" href=\"%s\">installation documentation ↗</a> for php configuration notes and the php configuration of your server, especially when using php-fpm." : "Παρακαλούμε ελέγξτε την <a target=\"_blank\" href=\"%s\">τεκμηρίωση της εγκατάστασης ↗</a> για τις σημειώσεις σχετικά με τη διαμόρφωση της php και τη διαμόρφωση της php στο διακομιστή σας, ειδικά όταν χρησιμοποιείτε php-fpm.", "The Read-Only config has been enabled. This prevents setting some configurations via the web-interface. Furthermore, the file needs to be made writable manually for every update." : "Η ρύθμιση \"μόνο ανάγνωση\" έχει ενεργοποιηθεί. Αυτό εμποδίζει τον καθορισμό κάποιων ρυθμίσεων μέσω της διεπαφής web. Επιπλέον, το αρχείο πρέπει να γίνει χειροκίνητα εγγράψιμο πριν από κάθε διαδικασία ενημέρωσης.", "PHP is apparently setup to strip inline doc blocks. This will make several core apps inaccessible." : "Ο PHP φαίνεται να είναι ρυθμισμένος ώστε να αφαιρεί μπλοκ εσωτερικών κειμένων (inline doc). Αυτό θα καταστήσει κύριες εφαρμογές μη-διαθέσιμες.", "This is probably caused by a cache/accelerator such as Zend OPcache or eAccelerator." : "Αυτό πιθανόν προκλήθηκε από προσωρινή μνήμη (cache)/επιταχυντή όπως τη Zend OPcache ή τον eAccelerator.", diff --git a/settings/l10n/fi_FI.js b/settings/l10n/fi_FI.js index 63456c91a95..cbbdba36bd5 100644 --- a/settings/l10n/fi_FI.js +++ b/settings/l10n/fi_FI.js @@ -115,6 +115,7 @@ OC.L10N.register( "NT LAN Manager" : "NT LAN Manager", "SSL" : "SSL", "TLS" : "TLS", + "Please check the <a target=\"_blank\" href=\"%s\">installation documentation ↗</a> for php configuration notes and the php configuration of your server, especially when using php-fpm." : "Tarkista <a target=\"_blank\" href=\"%s\">asennusohjeet ↗</a> PHP-asetusten osalta, erityisesti jos käytössäsi on php-fpm.", "The Read-Only config has been enabled. This prevents setting some configurations via the web-interface. Furthermore, the file needs to be made writable manually for every update." : "Vain luku -asetukset on otettu käyttöön. Tämä estää joidenkin asetusten määrittämisen selainkäyttöliittymän kautta. Lisäksi kyseinen tiedostoon tulee asettaa kirjoitusoikeus käsin joka päivityksen yhteydessä.", "Your server is running on Microsoft Windows. We highly recommend Linux for optimal user experience." : "Palvelimesi käyttöjärjestelmä on Microsoft Windows. Suosittelemme käyttämään parhaan mahdollisen käyttökokemuksen saavuttamiseksi Linuxia.", "%1$s below version %2$s is installed, for stability and performance reasons we recommend to update to a newer %1$s version." : "%1$s alta version %2$s on asennettu. Vakauden ja suorituskyvyn vuoksi suosittelemme päivittämään uudempaan versioon %1$s.", @@ -149,6 +150,7 @@ OC.L10N.register( "Enable server-side encryption" : "Käytä palvelinpään salausta", "Please read carefully before activating server-side encryption: " : "Lue tarkasti, ennen kuin otat palvelinpään salauksen käyttöön:", "Server-side encryption is a one way process. Once encryption is enabled, all files from that point forward will be encrypted on the server and it will not be possible to disable encryption at a later date" : "Salausta ei voi perua. Kun salaus on käytössä, kaikki tiedostot siitä hetkestä eteenpäin palvelimella on salattu, eikä salausta voi enää poistaa käytöstä.", + "You should regularly backup all encryption keys to prevent permanent data loss (data/<user>/files_encryption and data/files_encryption)" : "Varmista, että otat säännöllisesti varmuuskopiot salausavaimista, jotta et menetä kaikkia tietoja pysyvästi (data/<käyttäjä>/files_encryption ja data/files_encryption)", "This is the final warning: Do you really want to enable encryption?" : "Tämä on viimeinen varoitus: haluatko varmasti ottaa salauksen käyttöön?", "Enable encryption" : "Käytä salausta", "No encryption module loaded, please enable an encryption module in the app menu." : "Salausmoduulia ei ole käytössä. Ota salausmoduuli käyttöön sovellusvalikosta.", diff --git a/settings/l10n/fi_FI.json b/settings/l10n/fi_FI.json index 932c3950528..f4b6bb41749 100644 --- a/settings/l10n/fi_FI.json +++ b/settings/l10n/fi_FI.json @@ -113,6 +113,7 @@ "NT LAN Manager" : "NT LAN Manager", "SSL" : "SSL", "TLS" : "TLS", + "Please check the <a target=\"_blank\" href=\"%s\">installation documentation ↗</a> for php configuration notes and the php configuration of your server, especially when using php-fpm." : "Tarkista <a target=\"_blank\" href=\"%s\">asennusohjeet ↗</a> PHP-asetusten osalta, erityisesti jos käytössäsi on php-fpm.", "The Read-Only config has been enabled. This prevents setting some configurations via the web-interface. Furthermore, the file needs to be made writable manually for every update." : "Vain luku -asetukset on otettu käyttöön. Tämä estää joidenkin asetusten määrittämisen selainkäyttöliittymän kautta. Lisäksi kyseinen tiedostoon tulee asettaa kirjoitusoikeus käsin joka päivityksen yhteydessä.", "Your server is running on Microsoft Windows. We highly recommend Linux for optimal user experience." : "Palvelimesi käyttöjärjestelmä on Microsoft Windows. Suosittelemme käyttämään parhaan mahdollisen käyttökokemuksen saavuttamiseksi Linuxia.", "%1$s below version %2$s is installed, for stability and performance reasons we recommend to update to a newer %1$s version." : "%1$s alta version %2$s on asennettu. Vakauden ja suorituskyvyn vuoksi suosittelemme päivittämään uudempaan versioon %1$s.", @@ -147,6 +148,7 @@ "Enable server-side encryption" : "Käytä palvelinpään salausta", "Please read carefully before activating server-side encryption: " : "Lue tarkasti, ennen kuin otat palvelinpään salauksen käyttöön:", "Server-side encryption is a one way process. Once encryption is enabled, all files from that point forward will be encrypted on the server and it will not be possible to disable encryption at a later date" : "Salausta ei voi perua. Kun salaus on käytössä, kaikki tiedostot siitä hetkestä eteenpäin palvelimella on salattu, eikä salausta voi enää poistaa käytöstä.", + "You should regularly backup all encryption keys to prevent permanent data loss (data/<user>/files_encryption and data/files_encryption)" : "Varmista, että otat säännöllisesti varmuuskopiot salausavaimista, jotta et menetä kaikkia tietoja pysyvästi (data/<käyttäjä>/files_encryption ja data/files_encryption)", "This is the final warning: Do you really want to enable encryption?" : "Tämä on viimeinen varoitus: haluatko varmasti ottaa salauksen käyttöön?", "Enable encryption" : "Käytä salausta", "No encryption module loaded, please enable an encryption module in the app menu." : "Salausmoduulia ei ole käytössä. Ota salausmoduuli käyttöön sovellusvalikosta.", diff --git a/settings/l10n/hu_HU.js b/settings/l10n/hu_HU.js index cb0400e63b4..0766f2b55aa 100644 --- a/settings/l10n/hu_HU.js +++ b/settings/l10n/hu_HU.js @@ -60,6 +60,7 @@ OC.L10N.register( "Approved" : "Jóváhagyott", "Experimental" : "Kísérleti", "All" : "Mind", + "This app is not checked for security issues and is new or known to be unstable. Install at your own risk." : "Ez az alkalmazás még nincs biztonságilag ellenőrizve és vagy új, vagy ismert instabil. Telepítés csak saját felelősségre!", "Update to %s" : "Frissítés erre: %s", "Please wait...." : "Kérjük várj...", "Error while disabling app" : "Hiba az alkalmazás letiltása közben", @@ -110,6 +111,8 @@ OC.L10N.register( "NT LAN Manager" : "NT LAN Manager", "SSL" : "SSL", "TLS" : "TLS", + "php does not seem to be setup properly to query system environment variables. The test with getenv(\"PATH\") only returns an empty response." : "Úgy tűnik, hogy a PHP nem tudja olvasni a rendszer környezeti változóit. A getenv(\"PATH\") teszt visszatérési értéke üres.", + "Please check the <a target=\"_blank\" href=\"%s\">installation documentation ↗</a> for php configuration notes and the php configuration of your server, especially when using php-fpm." : "Kérjük ellenőrizd a <a target=\"_blank\" href=\"%s\">telepítési dokumentációt ↗</a> a PHP konfigurációs beállításaival kapcsolatban, főleg ha PHP-FPM-et használsz.", "PHP is apparently setup to strip inline doc blocks. This will make several core apps inaccessible." : "Úgy tűnik, hogy a PHP úgy van beállítva, hogy eltávolítja programok belsejében elhelyezett szövegblokkokat. Emiatt a rendszer több alapvető fontosságú eleme működésképtelen lesz.", "This is probably caused by a cache/accelerator such as Zend OPcache or eAccelerator." : "Ezt valószínűleg egy gyorsítótár ill. kódgyorsító, mint pl, a Zend, OPcache vagy eAccelererator okozza.", "Your server is running on Microsoft Windows. We highly recommend Linux for optimal user experience." : "A szervered Microsoft Windowson fut. A legjobb felhasználói élményért erősen javasoljuk, hogy Linuxot használj.", @@ -142,6 +145,7 @@ OC.L10N.register( "cron.php is registered at a webcron service to call cron.php every 15 minutes over http." : "A cron.php webcron szolgáltatásként van regisztrálva, hogy 15 percenként egyszer lefuttassa a cron.php-t.", "Use system's cron service to call the cron.php file every 15 minutes." : "A rendszer cron szolgáltatását használjuk, mely a cron.php állományt futtatja le 15 percenként.", "Enable server-side encryption" : "Szerveroldali titkosítás engedélyezése", + "Please read carefully before activating server-side encryption: " : "Kérjük, ezt olvasd el figyelmesen mielőtt engedélyezed a szerveroldali titkosítást:", "Server-side encryption is a one way process. Once encryption is enabled, all files from that point forward will be encrypted on the server and it will not be possible to disable encryption at a later date" : "A szerveroldali titkosítás egyirányú folyamat. Ha egyszer engedélyezve lett a titkosítás, akkor onnantól kezdve a szerveren az összes fájl titkosításra kerül, melyet később nem lehet visszafordítani.", "This is the final warning: Do you really want to enable encryption?" : "Ez az utolsó figyelmeztetés: Biztosan szeretnéd engedélyezni a titkosítást?", "Enable encryption" : "Titkosítás engedélyezése", diff --git a/settings/l10n/hu_HU.json b/settings/l10n/hu_HU.json index 34ea7fc681d..4f1801fdef4 100644 --- a/settings/l10n/hu_HU.json +++ b/settings/l10n/hu_HU.json @@ -58,6 +58,7 @@ "Approved" : "Jóváhagyott", "Experimental" : "Kísérleti", "All" : "Mind", + "This app is not checked for security issues and is new or known to be unstable. Install at your own risk." : "Ez az alkalmazás még nincs biztonságilag ellenőrizve és vagy új, vagy ismert instabil. Telepítés csak saját felelősségre!", "Update to %s" : "Frissítés erre: %s", "Please wait...." : "Kérjük várj...", "Error while disabling app" : "Hiba az alkalmazás letiltása közben", @@ -108,6 +109,8 @@ "NT LAN Manager" : "NT LAN Manager", "SSL" : "SSL", "TLS" : "TLS", + "php does not seem to be setup properly to query system environment variables. The test with getenv(\"PATH\") only returns an empty response." : "Úgy tűnik, hogy a PHP nem tudja olvasni a rendszer környezeti változóit. A getenv(\"PATH\") teszt visszatérési értéke üres.", + "Please check the <a target=\"_blank\" href=\"%s\">installation documentation ↗</a> for php configuration notes and the php configuration of your server, especially when using php-fpm." : "Kérjük ellenőrizd a <a target=\"_blank\" href=\"%s\">telepítési dokumentációt ↗</a> a PHP konfigurációs beállításaival kapcsolatban, főleg ha PHP-FPM-et használsz.", "PHP is apparently setup to strip inline doc blocks. This will make several core apps inaccessible." : "Úgy tűnik, hogy a PHP úgy van beállítva, hogy eltávolítja programok belsejében elhelyezett szövegblokkokat. Emiatt a rendszer több alapvető fontosságú eleme működésképtelen lesz.", "This is probably caused by a cache/accelerator such as Zend OPcache or eAccelerator." : "Ezt valószínűleg egy gyorsítótár ill. kódgyorsító, mint pl, a Zend, OPcache vagy eAccelererator okozza.", "Your server is running on Microsoft Windows. We highly recommend Linux for optimal user experience." : "A szervered Microsoft Windowson fut. A legjobb felhasználói élményért erősen javasoljuk, hogy Linuxot használj.", @@ -140,6 +143,7 @@ "cron.php is registered at a webcron service to call cron.php every 15 minutes over http." : "A cron.php webcron szolgáltatásként van regisztrálva, hogy 15 percenként egyszer lefuttassa a cron.php-t.", "Use system's cron service to call the cron.php file every 15 minutes." : "A rendszer cron szolgáltatását használjuk, mely a cron.php állományt futtatja le 15 percenként.", "Enable server-side encryption" : "Szerveroldali titkosítás engedélyezése", + "Please read carefully before activating server-side encryption: " : "Kérjük, ezt olvasd el figyelmesen mielőtt engedélyezed a szerveroldali titkosítást:", "Server-side encryption is a one way process. Once encryption is enabled, all files from that point forward will be encrypted on the server and it will not be possible to disable encryption at a later date" : "A szerveroldali titkosítás egyirányú folyamat. Ha egyszer engedélyezve lett a titkosítás, akkor onnantól kezdve a szerveren az összes fájl titkosításra kerül, melyet később nem lehet visszafordítani.", "This is the final warning: Do you really want to enable encryption?" : "Ez az utolsó figyelmeztetés: Biztosan szeretnéd engedélyezni a titkosítást?", "Enable encryption" : "Titkosítás engedélyezése", diff --git a/settings/l10n/it.js b/settings/l10n/it.js index aa1e6d7e93f..e51d43544a8 100644 --- a/settings/l10n/it.js +++ b/settings/l10n/it.js @@ -119,6 +119,7 @@ OC.L10N.register( "SSL" : "SSL", "TLS" : "TLS", "php does not seem to be setup properly to query system environment variables. The test with getenv(\"PATH\") only returns an empty response." : "php non sembra essere configurato correttamente per interrogare le variabili d'ambiente di sistema. Il test con getenv(\"PATH\") restituisce solo una risposta vuota.", + "Please check the <a target=\"_blank\" href=\"%s\">installation documentation ↗</a> for php configuration notes and the php configuration of your server, especially when using php-fpm." : "Controlla la <a target=\"_blank\" href=\"%s\">documentazione di installazione↗</a> per le note di configurazione di php e la configurazione del tuo server, in particolare quando utilizzi php-fpm.", "The Read-Only config has been enabled. This prevents setting some configurations via the web-interface. Furthermore, the file needs to be made writable manually for every update." : "La configurazione di sola lettura è stata abilitata. Ciò impedisce l'impostazione di alcune configurazioni tramite l'interfaccia web. Inoltre, i file devono essere resi scrivibili manualmente per ogni aggiornamento.", "PHP is apparently setup to strip inline doc blocks. This will make several core apps inaccessible." : "Sembra che PHP sia configurato per rimuovere i blocchi di documentazione in linea. Ciò renderà inaccessibili diverse applicazioni principali.", "This is probably caused by a cache/accelerator such as Zend OPcache or eAccelerator." : "Ciò è causato probabilmente da una cache/acceleratore come Zend OPcache o eAccelerator.", diff --git a/settings/l10n/it.json b/settings/l10n/it.json index c4f227a1953..66b16c14433 100644 --- a/settings/l10n/it.json +++ b/settings/l10n/it.json @@ -117,6 +117,7 @@ "SSL" : "SSL", "TLS" : "TLS", "php does not seem to be setup properly to query system environment variables. The test with getenv(\"PATH\") only returns an empty response." : "php non sembra essere configurato correttamente per interrogare le variabili d'ambiente di sistema. Il test con getenv(\"PATH\") restituisce solo una risposta vuota.", + "Please check the <a target=\"_blank\" href=\"%s\">installation documentation ↗</a> for php configuration notes and the php configuration of your server, especially when using php-fpm." : "Controlla la <a target=\"_blank\" href=\"%s\">documentazione di installazione↗</a> per le note di configurazione di php e la configurazione del tuo server, in particolare quando utilizzi php-fpm.", "The Read-Only config has been enabled. This prevents setting some configurations via the web-interface. Furthermore, the file needs to be made writable manually for every update." : "La configurazione di sola lettura è stata abilitata. Ciò impedisce l'impostazione di alcune configurazioni tramite l'interfaccia web. Inoltre, i file devono essere resi scrivibili manualmente per ogni aggiornamento.", "PHP is apparently setup to strip inline doc blocks. This will make several core apps inaccessible." : "Sembra che PHP sia configurato per rimuovere i blocchi di documentazione in linea. Ciò renderà inaccessibili diverse applicazioni principali.", "This is probably caused by a cache/accelerator such as Zend OPcache or eAccelerator." : "Ciò è causato probabilmente da una cache/acceleratore come Zend OPcache o eAccelerator.", diff --git a/settings/l10n/nl.js b/settings/l10n/nl.js index 97958325168..d11b77a2183 100644 --- a/settings/l10n/nl.js +++ b/settings/l10n/nl.js @@ -119,6 +119,7 @@ OC.L10N.register( "SSL" : "SSL", "TLS" : "TLS", "php does not seem to be setup properly to query system environment variables. The test with getenv(\"PATH\") only returns an empty response." : "php lijkt niet goed te zijn ingesteld om systeemomgevingsvariabelen te bevragen. De test met getenv(\"PATH\") gaf een leeg resultaat.", + "Please check the <a target=\"_blank\" href=\"%s\">installation documentation ↗</a> for php configuration notes and the php configuration of your server, especially when using php-fpm." : "Verifieer de <a target=\"_blank\" href=\"%s\">installatiedocumentatie ↗</a> voor php configuratie notities en de php configuratie van uw server, zeker als php-fpm wordt gebruikt.", "The Read-Only config has been enabled. This prevents setting some configurations via the web-interface. Furthermore, the file needs to be made writable manually for every update." : "De Alleen-lezen config is geactiveerd. Dit voorkomt het via de webinterface wijzigen van verschillende instellingen. Bovendien moet het bestand voor elke aanpassing handmatig op beschrijfbaar worden ingesteld.", "PHP is apparently setup to strip inline doc blocks. This will make several core apps inaccessible." : "PHP is blijkbaar zo ingesteld dat inline doc blokken worden gestript. Hierdoor worden verschillende kernmodules onbruikbaar.", "This is probably caused by a cache/accelerator such as Zend OPcache or eAccelerator." : "Dit wordt vermoedelijk veroorzaakt door een cache/accelerator, zoals Zend OPcache of eAccelerator.", diff --git a/settings/l10n/nl.json b/settings/l10n/nl.json index 637cc3bb2d9..a47e0b11403 100644 --- a/settings/l10n/nl.json +++ b/settings/l10n/nl.json @@ -117,6 +117,7 @@ "SSL" : "SSL", "TLS" : "TLS", "php does not seem to be setup properly to query system environment variables. The test with getenv(\"PATH\") only returns an empty response." : "php lijkt niet goed te zijn ingesteld om systeemomgevingsvariabelen te bevragen. De test met getenv(\"PATH\") gaf een leeg resultaat.", + "Please check the <a target=\"_blank\" href=\"%s\">installation documentation ↗</a> for php configuration notes and the php configuration of your server, especially when using php-fpm." : "Verifieer de <a target=\"_blank\" href=\"%s\">installatiedocumentatie ↗</a> voor php configuratie notities en de php configuratie van uw server, zeker als php-fpm wordt gebruikt.", "The Read-Only config has been enabled. This prevents setting some configurations via the web-interface. Furthermore, the file needs to be made writable manually for every update." : "De Alleen-lezen config is geactiveerd. Dit voorkomt het via de webinterface wijzigen van verschillende instellingen. Bovendien moet het bestand voor elke aanpassing handmatig op beschrijfbaar worden ingesteld.", "PHP is apparently setup to strip inline doc blocks. This will make several core apps inaccessible." : "PHP is blijkbaar zo ingesteld dat inline doc blokken worden gestript. Hierdoor worden verschillende kernmodules onbruikbaar.", "This is probably caused by a cache/accelerator such as Zend OPcache or eAccelerator." : "Dit wordt vermoedelijk veroorzaakt door een cache/accelerator, zoals Zend OPcache of eAccelerator.", diff --git a/settings/l10n/pt_BR.js b/settings/l10n/pt_BR.js index bf7b404b6ca..14cc0211bef 100644 --- a/settings/l10n/pt_BR.js +++ b/settings/l10n/pt_BR.js @@ -119,6 +119,7 @@ OC.L10N.register( "SSL" : "SSL", "TLS" : "TLS", "php does not seem to be setup properly to query system environment variables. The test with getenv(\"PATH\") only returns an empty response." : "O PHP não parecem esta configurado corretamente para consultar as variáveis de ambiente do sistema. O teste com getenv(\"PATH\") só retorna uma resposta vazia.", + "Please check the <a target=\"_blank\" href=\"%s\">installation documentation ↗</a> for php configuration notes and the php configuration of your server, especially when using php-fpm." : "Por favor verifique o <a target=\"_blank\" href=\"%s\">documento de instalação ↗</a> para as notas de configuração do PHP e configuração do PHP do seu servidor, especialmente quando usando PHP-FPM.", "The Read-Only config has been enabled. This prevents setting some configurations via the web-interface. Furthermore, the file needs to be made writable manually for every update." : "A configuração Somente-Leitura foi habilitada. Isso impede que algumas configurações sejam definidas via a interface web. Além disso, o arquivo precisa ter permissão de escrita manual para cada atualização.", "PHP is apparently setup to strip inline doc blocks. This will make several core apps inaccessible." : "PHP é, aparentemente, a configuração para retirar blocos doc inline. Isso fará com que vários aplicativos do núcleo fiquem inacessíveis.", "This is probably caused by a cache/accelerator such as Zend OPcache or eAccelerator." : "Isso provavelmente é causado por uma cache/acelerador, como Zend OPcache ou eAccelerator.", diff --git a/settings/l10n/pt_BR.json b/settings/l10n/pt_BR.json index ee03a1cdd08..2f056645a0c 100644 --- a/settings/l10n/pt_BR.json +++ b/settings/l10n/pt_BR.json @@ -117,6 +117,7 @@ "SSL" : "SSL", "TLS" : "TLS", "php does not seem to be setup properly to query system environment variables. The test with getenv(\"PATH\") only returns an empty response." : "O PHP não parecem esta configurado corretamente para consultar as variáveis de ambiente do sistema. O teste com getenv(\"PATH\") só retorna uma resposta vazia.", + "Please check the <a target=\"_blank\" href=\"%s\">installation documentation ↗</a> for php configuration notes and the php configuration of your server, especially when using php-fpm." : "Por favor verifique o <a target=\"_blank\" href=\"%s\">documento de instalação ↗</a> para as notas de configuração do PHP e configuração do PHP do seu servidor, especialmente quando usando PHP-FPM.", "The Read-Only config has been enabled. This prevents setting some configurations via the web-interface. Furthermore, the file needs to be made writable manually for every update." : "A configuração Somente-Leitura foi habilitada. Isso impede que algumas configurações sejam definidas via a interface web. Além disso, o arquivo precisa ter permissão de escrita manual para cada atualização.", "PHP is apparently setup to strip inline doc blocks. This will make several core apps inaccessible." : "PHP é, aparentemente, a configuração para retirar blocos doc inline. Isso fará com que vários aplicativos do núcleo fiquem inacessíveis.", "This is probably caused by a cache/accelerator such as Zend OPcache or eAccelerator." : "Isso provavelmente é causado por uma cache/acelerador, como Zend OPcache ou eAccelerator.", diff --git a/settings/l10n/th_TH.js b/settings/l10n/th_TH.js index 552dd7d2e6f..d72dc37b703 100644 --- a/settings/l10n/th_TH.js +++ b/settings/l10n/th_TH.js @@ -119,6 +119,7 @@ OC.L10N.register( "SSL" : "SSL", "TLS" : "TLS", "php does not seem to be setup properly to query system environment variables. The test with getenv(\"PATH\") only returns an empty response." : "ไม่ได้ติดตั้งphp อย่างถูกต้องค้นหาตัวแปรสภาพแวดล้อมของระบบการทดสอบกับ getenv(\"PATH\") ส่งกลับเฉพาะการตอบสนองที่ว่างเปล่า", + "Please check the <a target=\"_blank\" href=\"%s\">installation documentation ↗</a> for php configuration notes and the php configuration of your server, especially when using php-fpm." : "กรุณาตรวจสอบ <a target=\"_blank\" href=\"%s\">เอกสารการติดตั้ง</a> สำหรับการตั้งค่าและบันทึก php ของเซิร์ฟเวอร์ของคุณโดยเฉพาะอย่างยิ่งเมื่อใช้ php-fpm", "The Read-Only config has been enabled. This prevents setting some configurations via the web-interface. Furthermore, the file needs to be made writable manually for every update." : "ตั้งค่าให้สามารถอ่านได้อย่างเดียวถูกเปิดใช้งาน นี้จะช่วยป้องกันการตั้งค่าผ่านทางบางเว็บอินเตอร์เฟซ นอกจากนี้จะต้องเขียนไฟล์ด้วยตนเองสำหรับทุกการอัพเดท", "PHP is apparently setup to strip inline doc blocks. This will make several core apps inaccessible." : "เห็นได้ชัดว่าการตั้งค่า PHP จะตัดบล็อคเอกสารแบบอินไลน์ ซึ่งจะทำให้แอพพลิเคชันอีกหลายแกนไม่สามารถเข้าถึงได้", "This is probably caused by a cache/accelerator such as Zend OPcache or eAccelerator." : "นี้อาจเกิดจาก cache/accelerator อย่างเช่น Zend OPcache หรือ eAccelerator", diff --git a/settings/l10n/th_TH.json b/settings/l10n/th_TH.json index 65f226ba72a..f2e4af2f838 100644 --- a/settings/l10n/th_TH.json +++ b/settings/l10n/th_TH.json @@ -117,6 +117,7 @@ "SSL" : "SSL", "TLS" : "TLS", "php does not seem to be setup properly to query system environment variables. The test with getenv(\"PATH\") only returns an empty response." : "ไม่ได้ติดตั้งphp อย่างถูกต้องค้นหาตัวแปรสภาพแวดล้อมของระบบการทดสอบกับ getenv(\"PATH\") ส่งกลับเฉพาะการตอบสนองที่ว่างเปล่า", + "Please check the <a target=\"_blank\" href=\"%s\">installation documentation ↗</a> for php configuration notes and the php configuration of your server, especially when using php-fpm." : "กรุณาตรวจสอบ <a target=\"_blank\" href=\"%s\">เอกสารการติดตั้ง</a> สำหรับการตั้งค่าและบันทึก php ของเซิร์ฟเวอร์ของคุณโดยเฉพาะอย่างยิ่งเมื่อใช้ php-fpm", "The Read-Only config has been enabled. This prevents setting some configurations via the web-interface. Furthermore, the file needs to be made writable manually for every update." : "ตั้งค่าให้สามารถอ่านได้อย่างเดียวถูกเปิดใช้งาน นี้จะช่วยป้องกันการตั้งค่าผ่านทางบางเว็บอินเตอร์เฟซ นอกจากนี้จะต้องเขียนไฟล์ด้วยตนเองสำหรับทุกการอัพเดท", "PHP is apparently setup to strip inline doc blocks. This will make several core apps inaccessible." : "เห็นได้ชัดว่าการตั้งค่า PHP จะตัดบล็อคเอกสารแบบอินไลน์ ซึ่งจะทำให้แอพพลิเคชันอีกหลายแกนไม่สามารถเข้าถึงได้", "This is probably caused by a cache/accelerator such as Zend OPcache or eAccelerator." : "นี้อาจเกิดจาก cache/accelerator อย่างเช่น Zend OPcache หรือ eAccelerator", diff --git a/tests/bootstrap.php b/tests/bootstrap.php index 8bca05b1a18..86bedc3f325 100644 --- a/tests/bootstrap.php +++ b/tests/bootstrap.php @@ -10,9 +10,8 @@ require_once __DIR__ . '/../lib/base.php'; \OC::$loader->addValidRoot(OC::$SERVERROOT . '/tests'); -// load minimum set of apps -OC_App::loadApps(array('authentication')); -OC_App::loadApps(array('filesystem', 'logging')); +// load all enabled apps +\OC_App::loadApps(); if (!class_exists('PHPUnit_Framework_TestCase')) { require_once('PHPUnit/Autoload.php'); diff --git a/tests/lib/appframework/http/JSONResponseTest.php b/tests/lib/appframework/http/JSONResponseTest.php index 253c523934b..a98f5fc894a 100644 --- a/tests/lib/appframework/http/JSONResponseTest.php +++ b/tests/lib/appframework/http/JSONResponseTest.php @@ -69,7 +69,7 @@ class JSONResponseTest extends \Test\TestCase { /** * @return array */ - public function testRenderProvider() { + public function renderDataProvider() { return [ [ ['test' => 'hi'], '{"test":"hi"}', @@ -81,7 +81,7 @@ class JSONResponseTest extends \Test\TestCase { } /** - * @dataProvider testRenderProvider + * @dataProvider renderDataProvider * @param array $input * @param string $expected */ diff --git a/tests/lib/session/cryptowrappingtest.php b/tests/lib/session/cryptowrappingtest.php index 12b3c905b7f..e1fadbf933f 100644 --- a/tests/lib/session/cryptowrappingtest.php +++ b/tests/lib/session/cryptowrappingtest.php @@ -57,26 +57,17 @@ class CryptoWrappingTest extends TestCase { $this->instance = new CryptoSessionData($this->wrappedSession, $this->crypto, 'PASS'); } - public function testWrappingSet() { - $unencryptedValue = 'foobar'; - - $this->wrappedSession->expects($this->once()) - ->method('set') - ->with('key', $this->crypto->encrypt(json_encode($unencryptedValue))); - $this->instance->set('key', $unencryptedValue); - } - public function testUnwrappingGet() { $unencryptedValue = 'foobar'; $encryptedValue = $this->crypto->encrypt($unencryptedValue); $this->wrappedSession->expects($this->once()) ->method('get') - ->with('key') + ->with('encrypted_session_data') ->willReturnCallback(function () use ($encryptedValue) { return $encryptedValue; }); - $this->assertSame($unencryptedValue, $this->wrappedSession->get('key')); + $this->assertSame($unencryptedValue, $this->wrappedSession->get('encrypted_session_data')); } } diff --git a/tests/lib/updater.php b/tests/lib/updater.php index 28577071b4c..763858acf5d 100644 --- a/tests/lib/updater.php +++ b/tests/lib/updater.php @@ -67,14 +67,68 @@ class UpdaterTest extends \Test\TestCase { */ public function versionCompatibilityTestData() { return [ - ['1.0.0.0', '2.2.0', true], - ['1.1.1.1', '2.0.0', true], - ['5.0.3', '4.0.3', false], - ['12.0.3', '13.4.5', true], - ['1', '2', true], - ['2', '2', true], - ['6.0.5', '6.0.6', true], - ['5.0.6', '7.0.4', false], + ['1', '2', '1', true], + ['2', '2', '2', true], + ['6.0.5.0', '6.0.6.0', '5.0', true], + ['5.0.6.0', '7.0.4.0', '6.0', false], + // allow upgrading within the same major release + ['8.0.0.0', '8.0.0.0', '8.0', true], + ['8.0.0.0', '8.0.0.4', '8.0', true], + ['8.0.0.0', '8.0.1.0', '8.0', true], + ['8.0.0.0', '8.0.2.0', '8.0', true], + // does not allow downgrading within the same major release + ['8.0.1.0', '8.0.0.0', '8.0', false], + ['8.0.2.0', '8.0.1.0', '8.0', false], + ['8.0.0.4', '8.0.0.0', '8.0', false], + // allows upgrading within the patch version + ['8.0.0.0', '8.0.0.1', '8.0', true], + ['8.0.0.0', '8.0.0.2', '8.0', true], + // does not allow downgrading within the same major release + ['8.0.0.1', '8.0.0.0', '8.0', false], + ['8.0.0.2', '8.0.0.0', '8.0', false], + // allow upgrading to the next major release + ['8.0.0.0', '8.1.0.0', '8.0', true], + ['8.0.0.0', '8.1.1.0', '8.0', true], + ['8.0.0.0', '8.1.1.5', '8.0', true], + ['8.0.0.2', '8.1.1.5', '8.0', true], + ['8.1.0.0', '8.2.0.0', '8.1', true], + ['8.1.0.2', '8.2.0.4', '8.1', true], + ['8.1.0.5', '8.2.0.1', '8.1', true], + ['8.1.0.0', '8.2.1.0', '8.1', true], + ['8.1.0.2', '8.2.1.5', '8.1', true], + ['8.1.0.5', '8.2.1.1', '8.1', true], + // does not allow downgrading to the previous major release + ['8.1.0.0', '8.0.0.0', '7.0', false], + ['8.1.1.0', '8.0.0.0', '7.0', false], + // does not allow skipping major releases + ['8.0.0.0', '8.2.0.0', '8.1', false], + ['8.0.0.0', '8.2.1.0', '8.1', false], + ['8.0.0.0', '9.0.1.0', '8.2', false], + ['8.0.0.0', '10.0.0.0', '9.3', false], + // allows updating to the next major release + ['8.2.0.0', '9.0.0.0', '8.2', true], + ['8.2.0.0', '9.0.0.0', '8.2', true], + ['8.2.0.0', '9.0.1.0', '8.2', true], + ['8.2.0.0', '9.0.1.1', '8.2', true], + ['8.2.0.2', '9.0.1.1', '8.2', true], + ['8.2.2.0', '9.0.1.0', '8.2', true], + ['8.2.2.2', '9.0.1.1', '8.2', true], + ['9.0.0.0', '9.1.0.0', '9.0', true], + ['9.0.0.0', '9.1.0.2', '9.0', true], + ['9.0.0.2', '9.1.0.1', '9.0', true], + ['9.1.0.0', '9.2.0.0', '9.1', true], + ['9.2.0.0', '9.3.0.0', '9.2', true], + ['9.3.0.0', '10.0.0.0', '9.3', true], + // does not allow updating to the next major release (first number) + ['9.0.0.0', '8.2.0.0', '8.1', false], + // other cases + ['8.0.0.0', '8.1.5.0', '8.0', true], + ['8.2.0.0', '9.0.0.0', '8.2', true], + ['8.2.0.0', '9.1.0.0', '9.0', false], + ['9.0.0.0', '8.1.0.0', '8.0', false], + ['9.0.0.0', '8.0.0.0', '7.0', false], + ['9.1.0.0', '8.0.0.0', '7.0', false], + ['8.2.0.0', '8.1.0.0', '8.0', false], ]; } @@ -106,9 +160,9 @@ class UpdaterTest extends \Test\TestCase { * @param string $newVersion * @param bool $result */ - public function testIsUpgradePossible($oldVersion, $newVersion, $result) { + public function testIsUpgradePossible($oldVersion, $newVersion, $allowedVersion, $result) { $updater = new Updater($this->httpHelper, $this->config); - $this->assertSame($result, $updater->isUpgradePossible($oldVersion, $newVersion)); + $this->assertSame($result, $updater->isUpgradePossible($oldVersion, $newVersion, $allowedVersion)); } public function testCheckInCache() { diff --git a/themes/example/defaults.php b/themes/example/defaults.php index 0dd0d46bd9c..6fea8fa8a49 100644 --- a/themes/example/defaults.php +++ b/themes/example/defaults.php @@ -20,54 +20,32 @@ class OC_Theme { - private $themeEntity; - private $themeName; - private $themeTitle; - private $themeBaseUrl; - private $themeDocBaseUrl; - private $themeSyncClientUrl; - private $themeSlogan; - private $themeMailHeaderColor; - - /* put your custom text in these variables */ - function __construct() { - $this->themeEntity = 'Custom Cloud Co.'; - $this->themeName = 'Custom Cloud'; - $this->themeTitle = 'Custom Cloud'; - $this->themeBaseUrl = 'https://owncloud.org'; - $this->themeDocBaseUrl = 'https://doc.owncloud.org'; - $this->themeSyncClientUrl = 'https://owncloud.org/install'; - $this->themeSlogan = 'Your custom cloud, personalized for you!'; - $this->themeMailHeaderColor = '#745bca'; - } - /* nothing after this needs to be adjusted */ - public function getBaseUrl() { - return $this->themeBaseUrl; + return 'https://owncloud.org'; } public function getSyncClientUrl() { - return $this->themeSyncClientUrl; + return 'https://owncloud.org/install'; } public function getDocBaseUrl() { - return $this->themeDocBaseUrl; + return 'https://doc.owncloud.org'; } public function getTitle() { - return $this->themeTitle; + return 'Custom Cloud'; } public function getName() { - return $this->themeName; + return 'Custom Cloud'; } public function getEntity() { - return $this->themeEntity; + return 'Custom Cloud Co.'; } public function getSlogan() { - return $this->themeSlogan; + return 'Your custom cloud, personalized for you!'; } public function getShortFooter() { @@ -89,7 +67,7 @@ class OC_Theme { } public function getMailHeaderColor() { - return $this->themeMailHeaderColor; + return '#745bca'; } } diff --git a/version.php b/version.php index a115f4b26be..a6b49d9dc74 100644 --- a/version.php +++ b/version.php @@ -2,6 +2,7 @@ /** * @author Frank Karlitschek <frank@owncloud.org> * @author Lukas Reschke <lukas@owncloud.com> + * @author Vincent Petry <pvince81@owncloud.com> * * @copyright Copyright (c) 2015, ownCloud, Inc. * @license AGPL-3.0 @@ -22,14 +23,16 @@ // We only can count up. The 4. digit is only for the internal patchlevel to trigger DB upgrades // between betas, final and RCs. This is _not_ the public version number. Reset minor/patchlevel // when updating major/minor version number. -$OC_Version=array(8, 2, 0, 4); +$OC_Version = [8, 2, 0, 4]; // The human readable string -$OC_VersionString='8.2 pre alpha'; +$OC_VersionString = '8.2 pre alpha'; + +$OC_VersionCanBeUpgradedFrom = [8, 1]; // The ownCloud channel -$OC_Channel='git'; +$OC_Channel = 'git'; // The build number -$OC_Build=''; +$OC_Build = ''; |