summaryrefslogtreecommitdiffstats
path: root/settings/controller
Commit message (Collapse)AuthorAgeFilesLines
* We should check for exceptions when trying to get the avatarRoeland Jago Douma2016-02-221-1/+5
| | | | | | | Fixes #22550 * Updated phpdoc of avatatmanager * Add unit test
* Add note if integrity check is disabledLukas Reschke2016-02-121-0/+4
| | | | | | | | Our issue template states that users should post the output of `/index.php/settings/integrity/failed`, at the moment it displays that all passes have been passed if the integrity checker has been disabled. This is however a wrong approach considering that some distributions are gonna package Frankenstein releases and makes it harder for us to detect such issues. Thus if the integrity code checker is disabled (using the config switch) it displays now: `Appcode checker has been disabled. Integrity cannot be verified.` This is not displayed anywhere else in the UI except these URL used for us for debugging purposes.
* Consolidate getQuota and setQuota methods in User instanceArthur Schiwon2016-02-091-1/+1
|
* Move data protection check to javascriptVincent Chan2016-02-011-1/+0
| | | | fixes #20199
* Introduce IUser::setEMailAddress and add hook mechanismThomas Müller2016-01-201-6/+2
|
* Merge pull request #21653 from owncloud/update-license-headers-2016Thomas Müller2016-01-139-10/+11
|\ | | | | Update license headers 2016
| * Happy new year!Thomas Müller2016-01-129-10/+11
| |
* | Allow admins to add system wide root certificatesRobin Appelman2016-01-121-16/+55
|/
* Add a warning on the apps list when the version is missingJoas Schilling2016-01-071-0/+3
|
* Inject OCSClientLukas Reschke2016-01-061-3/+3
| | | | Fixes https://github.com/owncloud/core/issues/21451
* Use OCP\Util::getVersion instead of the internal private implementationMorris Jobke2015-12-181-3/+5
|
* Scrutinizer Auto-FixesScrutinizer Auto-Fixer2015-12-071-1/+0
| | | | This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
* Only try to load avatars in the user list if there is anyRoeland Jago Douma2015-12-041-1/+13
|
* User IUser::getEMailAddress() all over the placeThomas Müller2015-12-021-1/+5
|
* Remove OC_Config from app management templateMorris Jobke2015-12-021-0/+1
| | | | * add unit test for this case
* Add code integrity checkLukas Reschke2015-12-011-2/+79
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository. Furthermore, there is a basic implementation to display problems with the code integrity on the update screen. Code signing basically happens the following way: - There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates. - Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID. - The command generates a signature.json file of the following format: ```json { "hashes": { "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d", "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9" }, "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----", "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl" } ``` `hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`. Steps to do in other PRs, this is already a quite huge one: - Add nag screen in case the code check fails to ensure that administrators are aware of this. - Add code verification also to OCC upgrade and unify display code more. - Add enforced code verification to apps shipped from the appstore with a level of "official" - Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release - Add some developer documentation on how devs can request their own certificate - Check when installing ownCloud - Add support for CRLs to allow revoking certificates **Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature: ``` ➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt Successfully signed "core" ``` Then increase the version and you should see something like the following: ![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png) As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen. For packaging stable releases this requires the following additional steps as a last action before zipping: 1. Run `./occ integrity:sign-core` once 2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
* Moved changedisplayname to usercontrollerRoeland Jago Douma2015-11-201-0/+54
| | | | | Killed the old static route to change a users display name and moved it to a properly testable controller.
* fix subadmin user count for empty groupsMorris Jobke2015-11-041-0/+1
|
* Fix everyone count for subadminsVincent Petry2015-10-291-0/+36
| | | | Also moved the logic to the UsersController
* Drop OC_SubAdmin and replace usagesLukas Reschke2015-10-292-19/+45
|
* Merge pull request #19813 from owncloud/stay-on-apps-category-refreshThomas Müller2015-10-261-6/+41
|\ | | | | Improve settings/apps page
| * Use speaking idsJoas Schilling2015-10-261-7/+40
| |
| * Stay on the same category when refreshing the page on the apps listJoas Schilling2015-10-261-1/+3
| |
* | Update license headersLukas Reschke2015-10-263-2/+3
|/
* Fix unit testRoeland Jago Douma2015-10-211-1/+1
| | | | | | | | Now that OC_SubAdmin is just a wrapper around OC\SubAdmin some unit tests had to be fixed because they expected different behaviour. Eventually they should move to properly mocked instances of OC\SubAdmin of course
* Fix memcached/memcache module checkRobin McCorkell2015-10-201-2/+2
|
* Use injected requestVincent Petry2015-10-091-1/+1
|
* fix IE8 user agent detectionMorris Jobke2015-10-091-1/+1
|
* Fix uploading avatar and root certs in IE8Vincent Petry2015-10-091-5/+14
|
* Don't perform checks for outdated TLS libs when no internet connectionLukas Reschke2015-10-081-2/+20
| | | | | | | | This change makes the check return a positive result when: - The instance has been configured to not use the internet AND/OR - S2S AND the appstore is disabled
* Fix comment syntaxLukas Reschke2015-10-081-2/+2
|
* Fix importing of certificatesLukas Reschke2015-10-061-2/+3
| | | | Fixes https://github.com/owncloud/core/issues/19601
* Merge pull request #19597 from owncloud/update-license-headersThomas Müller2015-10-063-0/+5
|\ | | | | update licence headers via script
| * deduplicate @xenopathicMorris Jobke2015-10-061-1/+1
| |
| * update licence headers via scriptMorris Jobke2015-10-053-0/+5
| |
* | [admin] check for correct PHP memcached moduleMorris Jobke2015-10-061-0/+18
|/
* Update isCertificateImportAllowed() check to new APIRobin McCorkell2015-09-101-2/+2
|
* use config.php value instead of version stringMorris Jobke2015-09-021-1/+1
|
* Add setup check for reverse proxy header configurationRobin McCorkell2015-08-101-1/+20
|
* Merge pull request #17919 from rullzer/php_supported_checkThomas Müller2015-08-101-0/+18
|\ | | | | Display warning in security & setup warnings if php version is EOL
| * Display warning in security & setup warnings if php version is EOLRoeland Jago Douma2015-07-291-0/+18
| |
* | also block certificate management in the back-end if external storages are ↵Bjoern Schiessle2015-08-041-1/+33
|/ | | | disabled for the user
* Merge pull request #17912 from owncloud/detect-old-openssl-versionsRobin McCorkell2015-07-281-1/+69
|\ | | | | Detect old NSS and OpenSSL versions
| * Detect old NSS and OpenSSL versionsLukas Reschke2015-07-281-1/+69
| | | | | | | | | | | | This will detect old NSS and OpenSSL versions and show appropriate errors in the admin interface. Fixes https://github.com/owncloud/core/issues/17901
* | Add unit testsLukas Reschke2015-07-281-13/+25
| |
* | set logger in constructorBjoern Schiessle2015-07-281-0/+1
|/
* don't move keys if the key where already moved in a previous migration runBjoern Schiessle2015-07-171-2/+8
|
* Merge pull request #17500 from owncloud/encryption_migration_improvementsThomas Müller2015-07-161-0/+2
|\ | | | | Only clean up if migration finished succesfully
| * only cleanUp the remaining keys if the migration really finished succesfullyBjoern Schiessle2015-07-081-0/+2
| |
* | Handle returned null value in app level codeMorris Jobke2015-07-131-2/+2
|/ | | | | | * getApplication on OCSClient can also return null this is now handled properly * fixes #17587
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-19 11:56:39 +0000