summaryrefslogtreecommitdiffstats
path: root/tests/data
Commit message (Collapse)AuthorAgeFilesLines
* Fix email buttons for white themeMorris Jobke2017-12-113-3/+3
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Fix welcome text for better grammar in themed instancesMorris Jobke2017-11-097-7/+7
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Allow multiple settings and sections per appJoas Schilling2017-10-051-0/+6
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Improve text: 'you have now' -> 'you now have'Leon Klingele2017-09-087-7/+7
| | | | Signed-off-by: Leon Klingele <leon@struktur.de>
* Remove windows config settings in testsMorris Jobke2017-08-171-350/+0
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Remove unneeded stylesMorris Jobke2017-07-243-3/+3
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Adjust to height=120Lukas Reschke2017-07-243-3/+3
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Revert "Set max-width of image to 100px in Outlook as well"Lukas Reschke2017-07-243-9/+0
|
* Set max-width of image to 100px in Outlook as wellMorris Jobke2017-07-233-0/+9
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Fix translationsJoas Schilling2017-04-182-2/+2
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Update email template for lost password emailMorris Jobke2017-04-121-1/+1
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Fix unit testsMorris Jobke2017-04-124-4/+8
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Use instance name as alt-textJoas Schilling2017-04-123-3/+3
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Add addBodyButton to add a single button to email templatesMorris Jobke2017-04-122-0/+183
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Allow to set text versions for the plain text emailMorris Jobke2017-04-111-0/+11
| | | | | | * allows different texts for HTML and text version of the email Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Move OC_Defaults to OCP\DefaultsMorris Jobke2017-04-092-2/+2
| | | | | | | | | | | | | * currently there are two ways to access default values: OCP\Defaults or OC_Defaults (which is extended by OCA\Theming\ThemingDefaults) * our code used a mixture of both of them, which made it hard to work on theme values * this extended the public interface with the missing methods and uses them everywhere to only rely on the public interface Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Add support for themingLukas Reschke2017-04-073-5/+202
| | | | | | Add support for theming in generated emails and simplify API Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* New layout for welcome emailMorris Jobke2017-04-072-0/+200
| | | | | | | * thanks to @espina2 for make this nice design * the button says "Set password" if the admin didn't specified a password Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Add tests for SCSSCacherJulius Härtl2017-03-202-0/+2
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* always allow remembered loginChristoph Wurst2017-01-113-3/+0
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix InfoParser empty testsJoas Schilling2016-11-161-1/+6
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Prevent downgrade attacks for appsLukas Reschke2016-11-111-0/+0
| | | | | | | | We should verify the app versions when installing a new update, otherwise this could result in downgrade attacks when an attacker just copies the old signature. Plus it prevents the case that in case of a bug in the appstore actually an older version gets installed. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Add tests for installer methodLukas Reschke2016-10-312-0/+0
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Adding tests for 4 byte unicode charactersMorris Jobke2016-10-191-0/+15
| | | | | * success on SQLite and Postgres * failure on MySQL due to the limited charset that only supports up to 3 bytes
* [9.2] Register commands in info.xml (#26248)Thomas Müller2016-10-111-1/+2
| | | | | | | | | | | | * Use DI to load console commands from the apps - class name to be defined in the info.xml * Load commands from info.xml * Fix unit test * Allow Di magic for IMountManager Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Don't parse info.xml but reuse already cached app infos - fixes #25603 (#25968)Thomas Müller2016-10-071-2/+2
| | | | | | | | * Don't parse info.xml but reuse already cached app infos - fixes #25603 * Use === in InfoParser. Fixes test * InfoParser should not depend on UrlGenerator - fixes issue with session being closed too early
* Svgo optimizationskjnldsv2016-09-272-7/+2
| | | | Signed-off-by: John Molakvoæ <fremulon@protonmail.com>
* Add two factor auth to coreChristoph Wurst2016-05-231-1/+2
|
* Allow declaration of background jobs in info.xmlThomas Müller2016-05-031-1/+2
|
* Adding repair steps for install and uninstall - fixes #24306Thomas Müller2016-05-021-1/+3
|
* Introduce background repair stepsThomas Müller2016-04-261-1/+2
|
* Remove deprecated HTTPHelper from InfoParserThomas Müller2016-04-221-0/+4
|
* tests: Fix typos (found by codespell)Stefan Weil2016-04-061-2/+2
| | | | | | Fix also a small grammar issue. Signed-off-by: Stefan Weil <sw@weilnetz.de>
* Read available l10n files also from theme folderMorris Jobke2016-03-171-0/+0
| | | | | | | | | | The old behaviour was that only languages could be used for an app that are already present in the apps/$app/l10n folder. If there is a themed l10n that is not present in the apps default l10n folder the language could not be used and the texts are not translated. With this change this is possible and also the l10n files are loaded even if the default l10n doesn't contain the l10n file.
* Add support for custom values in integrity checkerLukas Reschke2016-03-152-0/+31
|
* No longer evaluate appinfo/versionThomas Müller2016-02-102-0/+0
|
* Exclude .htaccess modifications from code checkerLukas Reschke2016-01-225-0/+18
| | | | After the initial installation ownCloud will write some content into the .htaccess file such as the 404 or 403 directives. This adds a magic marker into the .htaccess file and only the content above this marker will be compared in the integrity checker.
* Add code integrity checkLukas Reschke2015-12-0110-0/+240
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository. Furthermore, there is a basic implementation to display problems with the code integrity on the update screen. Code signing basically happens the following way: - There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates. - Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID. - The command generates a signature.json file of the following format: ```json { "hashes": { "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d", "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9" }, "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----", "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl" } ``` `hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`. Steps to do in other PRs, this is already a quite huge one: - Add nag screen in case the code check fails to ensure that administrators are aware of this. - Add code verification also to OCC upgrade and unify display code more. - Add enforced code verification to apps shipped from the appstore with a level of "official" - Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release - Add some developer documentation on how devs can request their own certificate - Check when installing ownCloud - Add support for CRLs to allow revoking certificates **Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature: ``` ➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt Successfully signed "core" ``` Then increase the version and you should see something like the following: ![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png) As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen. For packaging stable releases this requires the following additional steps as a last action before zipping: 1. Run `./occ integrity:sign-core` once 2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
* The constant is now deprecatedJoas Schilling2015-10-141-1/+1
|
* Use certificates that expire in 10 yearsLukas Reschke2015-08-272-24/+42
| | | | :speak_no_evil: :speak_no_evil: :speak_no_evil:
* Unit test OC_Files::setUploadLimit()Robin McCorkell2015-07-202-0/+67
| | | | | | | There was also a bug with checking the upper limit on the passed upload size. PHP does funny things with integer vs float comparisons, so our check didn't work. Now the check is much simpler, and ensures the value is sane.
* Check for methods as good as possibleJoas Schilling2015-07-175-0/+9
|
* Allow checking for functionsJoas Schilling2015-07-178-22/+24
|
* Add support for deprecated constantsJoas Schilling2015-07-174-0/+46
|
* Correctly handle use statementsJoas Schilling2015-07-175-0/+48
|
* Fix max preview, some resizing and caching issues and force preview ↵Olivier Paroz2015-06-066-0/+177
| | | | | | | | | | providers to resize their previews properly * introduces a method in OC_Image which doesn't stretch images when trying to make them fit in a box * adds the method to all key providers so that they can do their job, as expected by the Preview class * improves the caching mechanism of Preview in order to reduce I/O and to avoid filling the available disk space * fixes some long standing issues * **contains mostly tests**
* remove logo-wide from testsJan-Christoph Borchardt2015-05-214-875/+5
|
* add positive tests for operator in code checkerMorris Jobke2015-05-051-0/+13
|
* Check usage of != and == - refs #16054Thomas Müller2015-05-052-0/+22
|
* Fix encryption feof to not return too earlyVincent Petry2015-04-202-0/+50
| | | | | | | | | | This is because stream_read will pre-cache the next block which causes feof($this->source) to return true prematurely. So we cannot rely on it. Fixed encryption stream wrapper unit tests to actually simulate 6k/8k blocks to make sure we cover the matching logic. Added two data files with 8192 and 8193 bytes.