aboutsummaryrefslogtreecommitdiffstats
path: root/core/js
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #21640 from owncloud/add-config-to-disable-wellknown-checkThomas Müller2016-01-122-3/+18
|\ | | | | Add config switch to disable the .well-known URL check
| * Add config switch to disable the .well-known URL checkMorris Jobke2016-01-122-3/+18
| |
* | Show the well-known URL check as info instead of errorMorris Jobke2016-01-122-2/+2
|/ | | | * ref https://github.com/owncloud/core/pull/21562#issuecomment-170344549
* Add check for .well-known URL in the root of the webservers URLMorris Jobke2016-01-083-0/+57
| | | | * fixes #20012
* Check the correct config for displaying the "notify by email" optionJoas Schilling2016-01-083-3/+10
|
* Added js tests for the Sharee API usageRoeland Jago Douma2015-12-301-0/+292
|
* Fix unit testsRoeland Jago Douma2015-12-302-7/+33
|
* Filter out share owner in sharee suggestion listRoeland Jago Douma2015-12-301-0/+9
|
* Web sharing uses sharee endpointRoeland Jago Douma2015-12-301-15/+75
|
* Merge pull request #21364 from owncloud/bring_back_icons_filepickerThomas Müller2015-12-281-0/+1
|\ | | | | Get the icon in javascript for the filepicker
| * Since the server no longer calculates the iconRoeland Jago Douma2015-12-241-0/+1
| | | | | | | | | | The server no longer calculates the icon. So we have the js side do it for us.
* | [Avatars] Calculate 'sane' hue precissionsRoeland Jago Douma2015-12-241-2/+2
|/ | | | | | | | | | We used to get the numeric value of the entrire md5 string which is a 128bit integer. We would then devide this by the maxval of a 128bit int. There is no need for such huge computations. As we just require a value between 0 and 255. Thus using two 16 bit values is more than enough to get the precision we need. By just taking the MSB we get nearly identical results.
* Fix unit testsLukas Reschke2015-12-231-6/+6
| | | | Fixes https://github.com/owncloud/core/issues/21345
* add _blank to hrefRenaud Fortier2015-12-211-6/+6
|
* Use OCP\Util::getVersion instead of the internal private implementationMorris Jobke2015-12-181-1/+1
|
* Since avatar.js is now essentially empty remove itRoeland Jago Douma2015-12-171-5/+0
|
* Add a default size to the avatar placeholdersRoeland Jago Douma2015-12-172-6/+6
| | | | | This removed the need to do an avatar request on the "empty" row in the user settings.
* Merge pull request #21259 from owncloud/load_big_avatar_only_personalThomas Müller2015-12-171-2/+1
|\ | | | | Only load the big (128x128) avatar on the perosnal page
| * Only load the big (128x128) avatar on the perosnal pageRoeland Jago Douma2015-12-171-2/+1
| | | | | | | | | | Before the code was executed on every page if a user was logged in. Now only on the personal page. Thus saving a request on all other pages.
* | Merge pull request #21200 from owncloud/files-authorizationheaderThomas Müller2015-12-171-12/+10
|\ \ | |/ |/| Use Authorization headers for public webdav in web UI
| * Use Authorization headers for public webdav instead of URLVincent Petry2015-12-141-12/+10
| | | | | | | | | | | | Instead of prepending the token as username in the URL, use the Authorization header instead. This is because IE9 considers this a cross-domain call and refuses to do it in the first place.
* | Fix files UI mtime parsing from webdavVincent Petry2015-12-162-6/+6
|/
* Files can't have create permissionsRoeland Jago Douma2015-12-111-4/+0
| | | | Fixes #20839
* Merge pull request #21014 from owncloud/share-unsharelinkpapercutThomas Müller2015-12-081-3/+5
|\ | | | | Fix unshare link click element
| * Fix unshare link click elementVincent Petry2015-12-071-3/+5
| | | | | | | | | | | | | | | | | | When clicking on the unshare link (trash icon), the correct link element needs to be used instead of whatever child was clicked. Then, that element might contain a visible loading icon. This fixes the spinner detection and also prevents a full page reload in case the spinner was visible.
* | Merge pull request #21015 from owncloud/update-redirecttocorrectpageThomas Müller2015-12-071-1/+1
|\ \ | | | | | | Redirect to correct URL after updating
| * | Redirect to correct URL after updatingVincent Petry2015-12-071-1/+1
| | | | | | | | | | | | | | | Now requires a trailing slash to make sure we don't land on the forbidden page.
* | | Merge pull request #20996 from ↵Thomas Müller2015-12-072-4/+9
|\ \ \ | |/ / |/| | | | | | | | owncloud/issue-12215-remove-password-reset-when-not-possible Issue 12215 remove password reset when not possible
| * | Allow specifying a custom reset-password-urlJoas Schilling2015-12-072-4/+9
| | |
* | | Fix duplicate bogus share field when link sharing is not allowedVincent Petry2015-12-072-6/+10
| |/ |/| | | | | | | | | | | | | | | Whenever link share is not allowed, it was outputting a bogus sharing field which name would conflict with the regular sharing field. This fix makes sure that the bogus sharing field with "Resharing not allowed" message only appears when triggered by removed share permissions.
* | OC.FilePath has still a valid use case when generating paths to static files ↵Thomas Müller2015-12-071-1/+0
|/ | | | what for generateUrl cannot be used for - closes #15604
* Merge pull request #11131 from owncloud/use-phpini-wrapperThomas Müller2015-12-071-1/+1
|\ | | | | Replacing ini_get instances with inigetwrapper usages
| * Replacing ini_get instances with inigetwrapper usagesClark Tomlinson2015-11-231-1/+1
| |
* | [Avatars] JS should not load same avatar twiceRoeland Jago Douma2015-12-041-19/+40
| | | | | | | | | | | | | | | | | | Old code first dit an ajax request to the avatar. Then a new image object with the same src was created and since we do not cache avatars yet :( this resulted in 2 sequential requests to the exact same URL Now if you set the displayname it will first set the placeholder and then load the avatar in the background. Only once this time!
* | Support pretty URLsLukas Reschke2015-12-012-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | This changeset allows ownCloud to run with pretty URLs, they will be used if mod_rewrite and mod_env are available. This means basically that the `index.php` in the URL is not shown to the user anymore. Also the not deprecated functions to generate URLs have been modified to support this behaviour, old functions such as `filePath` will still behave as before for compatibility reasons. Examples: http://localhost/owncloud/index.php/s/AIDyKbxiRZWAAjP => http://localhost/owncloud/s/AIDyKbxiRZWAAjP http://localhost/owncloud/index.php/apps/files/ => http://localhost/owncloud/apps/files/ Due to the way our CSS and JS is structured the .htaccess uses some hacks for the final result but could be worse... And I was just annoyed by all that users crying for the removal of `index.php` ;-)
* | Add code integrity checkLukas Reschke2015-12-013-0/+59
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository. Furthermore, there is a basic implementation to display problems with the code integrity on the update screen. Code signing basically happens the following way: - There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates. - Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID. - The command generates a signature.json file of the following format: ```json { "hashes": { "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d", "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9" }, "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----", "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl" } ``` `hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`. Steps to do in other PRs, this is already a quite huge one: - Add nag screen in case the code check fails to ensure that administrators are aware of this. - Add code verification also to OCC upgrade and unify display code more. - Add enforced code verification to apps shipped from the appstore with a level of "official" - Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release - Add some developer documentation on how devs can request their own certificate - Check when installing ownCloud - Add support for CRLs to allow revoking certificates **Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature: ``` ➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt Successfully signed "core" ``` Then increase the version and you should see something like the following: ![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png) As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen. For packaging stable releases this requires the following additional steps as a last action before zipping: 1. Run `./occ integrity:sign-core` once 2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
* | Fix for parsing pretty printed Webdav responsesVincent Petry2015-11-241-4/+1
|/ | | | Update davclient.js + adjust IE workaround for this
* Now using IE8 workaround of davclient.js for all IE versionsVincent Petry2015-11-221-1/+1
|
* Fix OC.FileInfo to copy all propertiesVincent Petry2015-11-221-25/+17
| | | | | This makes it possible to also store custom properties passed through the data object like tags or shareOwner.
* Use oc:fileid property instead of oc:idVincent Petry2015-11-222-19/+5
|
* Fix port issue - options.host already has the port attachedThomas Müller2015-11-222-18/+4
|
* Query tags/favorite through Webdav in file listVincent Petry2015-11-222-10/+58
|
* Make files app use Webdav for most operationsVincent Petry2015-11-221-1/+1
|
* Added OC.Files.Client Webdav-based files clientVincent Petry2015-11-225-1/+1529
|
* Add evert's davclient.js + es6-promise + IE8 workaroundVincent Petry2015-11-222-2/+175
| | | | | | - Add davclient.js lib - Add es6-promise required by that lib - Wrote IE8 workaround lib/shim for davclient.js
* Allow creating OCS v2 links in JSJoas Schilling2015-11-161-2/+4
|
* Set "ie" CSS class for IE10, IE11Vincent Petry2015-11-101-0/+8
| | | | Fixed border in file action menu
* Close the user menu when clicking it againJoas Schilling2015-11-022-3/+2
|
* [tags] remove unneeded variablesMorris Jobke2015-10-301-9/+0
|
* Merge pull request #20122 from owncloud/files-consolidateiconupdateThomas Müller2015-10-293-3/+23
|\ | | | | Fix icon update to be more consistent
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-01 11:46:24 +0000