summaryrefslogtreecommitdiffstats
path: root/settings/routes.php
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #21653 from owncloud/update-license-headers-2016Thomas Müller2016-01-131-2/+3
|\ | | | | Update license headers 2016
| * Happy new year!Thomas Müller2016-01-121-2/+3
| |
* | Allow admins to add system wide root certificatesRobin Appelman2016-01-121-0/+2
|/
* Add code integrity checkLukas Reschke2015-12-011-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository. Furthermore, there is a basic implementation to display problems with the code integrity on the update screen. Code signing basically happens the following way: - There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates. - Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID. - The command generates a signature.json file of the following format: ```json { "hashes": { "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d", "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9" }, "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----", "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl" } ``` `hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`. Steps to do in other PRs, this is already a quite huge one: - Add nag screen in case the code check fails to ensure that administrators are aware of this. - Add code verification also to OCC upgrade and unify display code more. - Add enforced code verification to apps shipped from the appstore with a level of "official" - Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release - Add some developer documentation on how devs can request their own certificate - Check when installing ownCloud - Add support for CRLs to allow revoking certificates **Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature: ``` ➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt Successfully signed "core" ``` Then increase the version and you should see something like the following: ![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png) As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen. For packaging stable releases this requires the following additional steps as a last action before zipping: 1. Run `./occ integrity:sign-core` once 2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
* Moved changedisplayname to usercontrollerRoeland Jago Douma2015-11-201-2/+1
| | | | | Killed the old static route to change a users display name and moved it to a properly testable controller.
* Fix everyone count for subadminsVincent Petry2015-10-291-2/+1
| | | | Also moved the logic to the UsersController
* update license headers and authorsMorris Jobke2015-06-251-2/+0
|
* Migrate personal certificate handling into AppFramework controllersLukas Reschke2015-04-201-4/+2
| | | | Also added unit-tests and better error-handling
* allow user to start migration in admin settings if no external user ↵Bjoern Schiessle2015-04-161-0/+1
| | | | back-ends are enabled
* Merge pull request #15314 from owncloud/app-categories-15274Lukas Reschke2015-04-091-20/+20
|\ | | | | Add different trust levels to AppStore interface
| * Add experimental applications switchLukas Reschke2015-04-031-20/+20
| | | | | | | | Allows administrators to disable or enabled experimental applications as well as show the trust level.
* | Removing left overs from old encryption appThomas Müller2015-04-071-6/+0
|/
* Add check for activated local memcacheLukas Reschke2015-03-281-2/+1
| | | | | | Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it. Fixes https://github.com/owncloud/core/issues/14956
* Update license headersJenkins for ownCloud2015-03-261-4/+28
|
* Let users configure security headers in their WebserverLukas Reschke2015-03-021-2/+0
| | | | | | | | | | Doing this in the PHP code is not the right approach for multiple reasons: 1. A bug in the PHP code prevents them from being added to the response. 2. They are only added when something is served via PHP and not in other cases (that makes for example the newest IE UXSS which is not yet patched by Microsoft exploitable on ownCloud) 3. Some headers such as the Strict-Transport-Security might require custom modifications by administrators. This was not possible before and lead to buggy situations. This pull request moves those headers out of the PHP code and adds a security check to the admin settings performed via JS.
* Revert "Updating license headers"Morris Jobke2015-02-261-29/+5
| | | | This reverts commit 6a1a4880f0d556fb090f19a5019fec31916f5c36.
* Updating license headersJenkins for ownCloud2015-02-231-5/+29
|
* Remove unused function and correct PHPDocLukas Reschke2015-02-161-2/+0
|
* add Download logfile button to admin settingsGeorg Ehrke2015-01-071-5/+4
| | | | | | | | | | | | | | | | | | | | add logSettingsController add download logfile button move getEntries to LogSettingsController move set log level to logsettingscontroller.php add warning if logfile is bigger than 100MB add unit test for set log level fix typecasting, add new line at EoF show log and logfile download only if log_type is set to owncloud add unit test for getFilenameForDownload
* Mail address of users is now changable in the user managementMorris Jobke2014-12-181-2/+1
| | | | | | | | | | | * introduced new route settings/users/{id}/mailAddress * kept old responses * better error messages * dropped lostpassword.php from settings/ajax * cleaned up the UserList.add() and hand in user object instead of each attribute as another parameter * check for change permission of mail address * proper response messages
* Add REST route for user & group managementLukas Reschke2014-12-081-23/+16
| | | | First step of a somewhat testable user management. - I know, the JSON returns are in an ugly format but the JS expects it that way. So let's keep it that way until we have time to fix the JS in the future.
* Migrate "setsecurity.php" to the AppFrameworkLukas Reschke2014-11-031-3/+5
| | | | | | | | | | | | Add switch to enforce SSL for subdomains Add unit tests Add test for boolean values Camel-case Fix ugly JS
* Migrate new app settings to AppFrameworkLukas Reschke2014-10-151-4/+2
| | | | Let's migrate those two new files.
* Merge pull request #11570 from owncloud/backport-11408-masterLukas Reschke2014-10-151-7/+10
|\ | | | | Backport 11408 master
| * Refactor MailSettings controllerLukas Reschke2014-10-141-7/+10
| | | | | | | | | | | | | | | | | | - Do not store the password (fixes https://github.com/owncloud/core/issues/11385) - Refactor to AppFramework - Add unit tests Conflicts: settings/admin/controller.php
* | introduce new app page layoutThomas Müller2014-10-151-4/+4
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | filter installed and not-installed apps properly kill unneeded file load category 'Installed' on page load adding documentation links new apps mgmt: first style adjustment apps mgmt: only show license and preview if they exist adding buttons new apps mgmt: fix for mobile use app icon if available new apps mgmt: position enable/disable toggle to the right new apps mgmt: proper display of icons or previews new apps mgmt: fix loading spinner reenable group selection for apps new apps mgmt: position enable button normally again new apps mgmt: clarify wording from 'Installed' to 'Enabled' reintroduce enable/disable Move rating image path generation to client-side Move expression outside of l10n fix group handling add buttons for 'More apps' and 'Add your app' again disable changed date of app for now adding recommended label style 'Recommended' app tag fixing php warning sort by rating adding meta-category 'Recommended' Only show existing documentation links lacy loading of screenshots making group based app activation work again adding support to get the app icon not only by the app name but also simply by the fixed name 'app.svg' adding app.svg for all core apps query string '?installed' is not longer needed update and uninstall is back + error feedback remove unneeded parameter fix alignment of 'recommended' label
* Moved WebDAV and internet checks to client side JSVincent Petry2014-09-231-0/+2
| | | | | | | - Added setup checks in JavaScript - Moved isWebDAVWorking to JS using SetupChecks - Moved internet connection checks to an ajax call that goes through the server
* Merge pull request #10740 from owncloud/fix-everyone-group-countLukas Reschke2014-09-081-0/+2
|\ | | | | Using countUsers method to return true count of users
| * Using countUsers method to return true count of usersClark Tomlinson2014-09-051-0/+2
| |
* | Cleanup routesRobin Appelman2014-08-311-2/+2
| |
* | Move certificate management interface from files_external to coreRobin Appelman2014-08-311-0/+4
|/
* Merge branch 'master' into update_shipped_apps_from_appstoreGeorg Ehrke2014-06-051-0/+4
|\ | | | | | | | | | | Conflicts: lib/private/app.php settings/templates/apps.php
| * enable group filteringArthur Schiwon2014-06-021-0/+2
| |
| * Initial Commit : Changes Storage to Quota, Implements GroupName editing.raghunayyar2014-06-021-0/+2
| |
| * Reverts last commit, implements user in group count.raghunayyar2014-06-021-2/+0
| |
| * Add GroupList Ajax to Users.raghunayyar2014-06-021-0/+2
| |
* | add button for properly uninstalling appsGeorg Ehrke2014-05-311-0/+2
|/
* allow admin to disable sharing for specific groups of usersBjoern Schiessle2014-05-221-0/+2
|
* backup the encryption key after the encryption was disabled so that the userBjoern Schiessle2014-05-131-0/+4
| | | | can restore them if needed
* update type hint in PHPDocThomas Müller2014-03-251-1/+1
|
* Merge branch 'master' into fix-7307Thomas Müller2014-03-061-0/+3
|\ | | | | | | | | | | Conflicts: core/js/router.js settings/js/admin.js
| * Add button to send a test mail after changing the email settingsJoas Schilling2014-03-051-0/+3
| | | | | | | | Fix #7175
* | Replace OC.Router.generate() with OC.generateUrl()Thomas Müller2014-03-021-0/+2
|/
* Merge pull request #7174 from owncloud/issue/7166Jan-Christoph Borchardt2014-02-261-0/+3
|\ | | | | Add option to change email settings in admin section
| * Add option to change email settings in admin sectionJoas Schilling2014-02-181-0/+3
| | | | | | | | Fix issue #7166
* | Move isadmin to template and rename it to oc_isadminLukas Reschke2014-02-191-2/+0
|/
* Improve changepassword route namingkondou2013-09-131-2/+2
|
* Move ajax/changepassword to changepassword/controller to use autoloadingkondou2013-09-131-3/+0
|
* Use a controller instead of two files for changepassword.phpkondou2013-09-111-5/+10
|
* Split personal and user-mgmt password change logickondou2013-09-061-0/+2
|