summaryrefslogtreecommitdiffstats
path: root/tests/settings
Commit message (Collapse)AuthorAgeFilesLines
* Correctly register autoloading before install.php and loading commandsJoas Schilling2016-05-111-1/+1
|
* Move OC_User_Database to \OC\User\DatabaseRoeland Jago Douma2016-05-101-2/+2
|
* Fix inconsistent nameing of AppFrameworkRoeland Jago Douma2016-04-221-2/+2
|
* Merge pull request #22551 from owncloud/make-exceptions-easier-to-debugThomas Müller2016-02-231-4/+13
|\ | | | | Throw normal exceptions instead of eating them
| * Throw normal exceptions instead of eating themLukas Reschke2016-02-221-4/+13
| | | | | | | | | | | | Partially addresses https://github.com/owncloud/core/issues/22550 Replaces https://github.com/owncloud/core/pull/20185
* | We should check for exceptions when trying to get the avatarRoeland Jago Douma2016-02-221-0/+26
|/ | | | | | | Fixes #22550 * Updated phpdoc of avatatmanager * Add unit test
* Add note if integrity check is disabledLukas Reschke2016-02-121-0/+19
| | | | | | | | Our issue template states that users should post the output of `/index.php/settings/integrity/failed`, at the moment it displays that all passes have been passed if the integrity checker has been disabled. This is however a wrong approach considering that some distributions are gonna package Frankenstein releases and makes it harder for us to detect such issues. Thus if the integrity code checker is disabled (using the config switch) it displays now: `Appcode checker has been disabled. Integrity cannot be verified.` This is not displayed anywhere else in the UI except these URL used for us for debugging purposes.
* fix testsArthur Schiwon2016-02-091-29/+51
|
* Move data protection check to javascriptVincent Chan2016-02-011-5/+0
| | | | fixes #20199
* Introduce IUser::setEMailAddress and add hook mechanismThomas Müller2016-01-201-26/+13
|
* always allow autoloading encryption in unit testRobin Appelman2016-01-181-0/+3
|
* Allow admins to add system wide root certificatesRobin Appelman2016-01-121-0/+4
|
* Only try to load avatars in the user list if there is anyRoeland Jago Douma2015-12-041-11/+49
|
* User IUser::getEMailAddress() all over the placeThomas Müller2015-12-021-22/+62
|
* Remove OC_Config from app management templateMorris Jobke2015-12-021-4/+38
| | | | * add unit test for this case
* Add code integrity checkLukas Reschke2015-12-011-0/+449
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository. Furthermore, there is a basic implementation to display problems with the code integrity on the update screen. Code signing basically happens the following way: - There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates. - Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID. - The command generates a signature.json file of the following format: ```json { "hashes": { "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d", "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9" }, "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----", "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl" } ``` `hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`. Steps to do in other PRs, this is already a quite huge one: - Add nag screen in case the code check fails to ensure that administrators are aware of this. - Add code verification also to OCC upgrade and unify display code more. - Add enforced code verification to apps shipped from the appstore with a level of "official" - Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release - Add some developer documentation on how devs can request their own certificate - Check when installing ownCloud - Add support for CRLs to allow revoking certificates **Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature: ``` ➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt Successfully signed "core" ``` Then increase the version and you should see something like the following: ![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png) As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen. For packaging stable releases this requires the following additional steps as a last action before zipping: 1. Run `./occ integrity:sign-core` once 2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
* Moved changedisplayname to usercontrollerRoeland Jago Douma2015-11-201-0/+169
| | | | | Killed the old static route to change a users display name and moved it to a properly testable controller.
* Fix everyone count for subadminsVincent Petry2015-10-291-0/+69
| | | | Also moved the logic to the UsersController
* Drop OC_SubAdmin and replace usagesLukas Reschke2015-10-291-170/+307
|
* Use speaking idsJoas Schilling2015-10-261-9/+17
|
* Stay on the same category when refreshing the page on the apps listJoas Schilling2015-10-261-1/+20
|
* Fix unit testRoeland Jago Douma2015-10-211-15/+93
| | | | | | | | Now that OC_SubAdmin is just a wrapper around OC\SubAdmin some unit tests had to be fixed because they expected different behaviour. Eventually they should move to properly mocked instances of OC\SubAdmin of course
* Don't perform checks for outdated TLS libs when no internet connectionLukas Reschke2015-10-081-13/+105
| | | | | | | | This change makes the check return a positive result when: - The instance has been configured to not use the internet AND/OR - S2S AND the appstore is disabled
* [admin] check for correct PHP memcached moduleMorris Jobke2015-10-061-0/+1
|
* Move dummy backend to Tests namespaceLukas Reschke2015-09-221-20/+16
|
* use config.php value instead of version stringMorris Jobke2015-09-021-0/+28
|
* [test] more tests for UserController::setMailAddressMorris Jobke2015-08-171-5/+13
| | | | * fixes #12885
* Add setup check for reverse proxy header configurationRobin McCorkell2015-08-101-1/+48
|
* Merge pull request #17919 from rullzer/php_supported_checkThomas Müller2015-08-101-0/+45
|\ | | | | Display warning in security & setup warnings if php version is EOL
| * Display warning in security & setup warnings if php version is EOLRoeland Jago Douma2015-07-291-0/+45
| |
* | also block certificate management in the back-end if external storages are ↵Bjoern Schiessle2015-08-041-7/+18
|/ | | | disabled for the user
* Merge pull request #17912 from owncloud/detect-old-openssl-versionsRobin McCorkell2015-07-281-9/+147
|\ | | | | Detect old NSS and OpenSSL versions
| * Detect old NSS and OpenSSL versionsLukas Reschke2015-07-281-9/+147
| | | | | | | | | | | | This will detect old NSS and OpenSSL versions and show appropriate errors in the admin interface. Fixes https://github.com/owncloud/core/issues/17901
* | Add unit testsLukas Reschke2015-07-281-0/+151
|/
* Only sort by group name when LDAP is involvedJoas Schilling2015-06-161-1/+95
|
* Merge pull request #16402 from owncloud/issue-15956-slow-group-usercountThomas Müller2015-06-081-9/+9
|\ | | | | Sort user groups by group name and hide the user count
| * Sort user groups by group name and hide the user countJoas Schilling2015-05-181-9/+9
| |
* | Move the helpful method to the TestCase classJoas Schilling2015-06-032-11/+11
| |
* | Add check for availability of /dev/urandomLukas Reschke2015-05-261-1/+7
|/ | | | | | | | | | | | | | | Without /dev/urandom being available to read the medium RNG will rely only on the following components on a Linux system: 1. MicroTime: microtime() . memory_get_usage() as seed and then a garbage collected microtime for loop 2. MTRand: chr((mt_rand() ^ mt_rand()) % 256) 3. Rand: chr((rand() ^ rand()) % 256) 4. UniqId: Plain uniqid() An adversary with the possibility to predict the seed used by the PHP process may thus be able to predict future tokens which is an unwanted behaviour. One should note that this behaviour is documented in our documentation to ensure that users get aware of this even without reading our documentation this will add a post setup check to the administrative interface. Thanks to David Black from d1b.org for bringing this again to our attention.
* Merge pull request #15978 from owncloud/feature/fix-encryption-tooltipsThomas Müller2015-05-151-9/+9
|\ | | | | [enc2]fixing recovery tooltip
| * fixing testClark Tomlinson2015-05-111-9/+9
| |
* | Add test for setEmailAddressJoas Schilling2015-05-051-0/+70
|/
* Adjust tests and statuscodeLukas Reschke2015-04-201-3/+3
|
* Migrate personal certificate handling into AppFramework controllersLukas Reschke2015-04-201-0/+174
| | | | Also added unit-tests and better error-handling
* Merge pull request #15314 from owncloud/app-categories-15274Lukas Reschke2015-04-091-0/+231
|\ | | | | Add different trust levels to AppStore interface
| * Add experimental applications switchLukas Reschke2015-04-031-0/+231
| | | | | | | | Allows administrators to disable or enabled experimental applications as well as show the trust level.
* | Remove hardcoded link to performance docsJoas Schilling2015-04-071-3/+14
|/
* Add check for activated local memcacheLukas Reschke2015-03-281-0/+231
| | | | | | Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it. Fixes https://github.com/owncloud/core/issues/14956
* use StreamResponse to download the log file - fixes #14268Thomas Müller2015-03-271-9/+3
|
* Show more detailed error messageLukas Reschke2015-03-161-0/+3
|
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-15 09:42:30 +0000