Mirrors
/
nextcloud-server
mirror of https://github.com/nextcloud/server
3
0
Fork 0
Code Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
35631 Commits
695 Branches
1186 Tags
4.1 GiB
Tree: 311531ecce
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '311531ecce'
${ noResults }
nextcloud-server/tests/Settings/Controller/CheckSetupControllerTest.php

1023 lines
37 KiB
Raw Normal View History

Add check for activated local memcache Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it. Fixes https://github.com/owncloud/core/issues/14956
11 years ago
Move tests/settings to PSR-4
10 years ago
Add check for activated local memcache Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it. Fixes https://github.com/owncloud/core/issues/14956
11 years ago
Move tests/settings to PSR-4
10 years ago
Add code integrity check This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository. Furthermore, there is a basic implementation to display problems with the code integrity on the update screen. Code signing basically happens the following way: - There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates. - Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID. - The command generates a signature.json file of the following format: ```json { "hashes": { "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d", "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9" }, "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----", "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl" } ``` `hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`. Steps to do in other PRs, this is already a quite huge one: - Add nag screen in case the code check fails to ensure that administrators are aware of this. - Add code verification also to OCC upgrade and unify display code more. - Add enforced code verification to apps shipped from the appstore with a level of "official" - Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release - Add some developer documentation on how devs can request their own certificate - Check when installing ownCloud - Add support for CRLs to allow revoking certificates **Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature: ``` ➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt Successfully signed "core" ``` Then increase the version and you should see something like the following: ![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png) As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen. For packaging stable releases this requires the following additional steps as a last action before zipping: 1. Run `./occ integrity:sign-core` once 2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
10 years ago
Add check for activated local memcache Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it. Fixes https://github.com/owncloud/core/issues/14956
11 years ago
Add code integrity check This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository. Furthermore, there is a basic implementation to display problems with the code integrity on the update screen. Code signing basically happens the following way: - There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates. - Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID. - The command generates a signature.json file of the following format: ```json { "hashes": { "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d", "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9" }, "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----", "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl" } ``` `hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`. Steps to do in other PRs, this is already a quite huge one: - Add nag screen in case the code check fails to ensure that administrators are aware of this. - Add code verification also to OCC upgrade and unify display code more. - Add enforced code verification to apps shipped from the appstore with a level of "official" - Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release - Add some developer documentation on how devs can request their own certificate - Check when installing ownCloud - Add support for CRLs to allow revoking certificates **Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature: ``` ➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt Successfully signed "core" ``` Then increase the version and you should see something like the following: ![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png) As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen. For packaging stable releases this requires the following additional steps as a last action before zipping: 1. Run `./occ integrity:sign-core` once 2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
10 years ago
Add check for activated local memcache Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it. Fixes https://github.com/owncloud/core/issues/14956
11 years ago
Remove hardcoded link to performance docs
11 years ago
Detect old NSS and OpenSSL versions This will detect old NSS and OpenSSL versions and show appropriate errors in the admin interface. Fixes https://github.com/owncloud/core/issues/17901
11 years ago
Add unit tests
10 years ago
Remove hardcoded link to performance docs
11 years ago
Add check for activated local memcache Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it. Fixes https://github.com/owncloud/core/issues/14956
11 years ago
Remove hardcoded link to performance docs
11 years ago
Add code integrity check This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository. Furthermore, there is a basic implementation to display problems with the code integrity on the update screen. Code signing basically happens the following way: - There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates. - Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID. - The command generates a signature.json file of the following format: ```json { "hashes": { "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d", "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9" }, "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----", "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl" } ``` `hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`. Steps to do in other PRs, this is already a quite huge one: - Add nag screen in case the code check fails to ensure that administrators are aware of this. - Add code verification also to OCC upgrade and unify display code more. - Add enforced code verification to apps shipped from the appstore with a level of "official" - Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release - Add some developer documentation on how devs can request their own certificate - Check when installing ownCloud - Add support for CRLs to allow revoking certificates **Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature: ``` ➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt Successfully signed "core" ``` Then increase the version and you should see something like the following: ![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png) As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen. For packaging stable releases this requires the following additional steps as a last action before zipping: 1. Run `./occ integrity:sign-core` once 2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
10 years ago
Add check for activated local memcache Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it. Fixes https://github.com/owncloud/core/issues/14956
11 years ago
Move tests/settings to PSR-4
10 years ago
Add check for activated local memcache Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it. Fixes https://github.com/owncloud/core/issues/14956
11 years ago
[9.2] Add missing unit tests (#25936) * Adjust unit test execution after folder rename * Adjust login controller tests to match current behavior * Fix broken unit tests
10 years ago
Add check for activated local memcache Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it. Fixes https://github.com/owncloud/core/issues/14956
11 years ago
[9.2] Add missing unit tests (#25936) * Adjust unit test execution after folder rename * Adjust login controller tests to match current behavior * Fix broken unit tests
10 years ago
Add check for activated local memcache Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it. Fixes https://github.com/owncloud/core/issues/14956
11 years ago
[9.2] Add missing unit tests (#25936) * Adjust unit test execution after folder rename * Adjust login controller tests to match current behavior * Fix broken unit tests
10 years ago
Add check for activated local memcache Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it. Fixes https://github.com/owncloud/core/issues/14956
11 years ago
[9.2] Add missing unit tests (#25936) * Adjust unit test execution after folder rename * Adjust login controller tests to match current behavior * Fix broken unit tests
10 years ago
Add check for activated local memcache Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it. Fixes https://github.com/owncloud/core/issues/14956
11 years ago
[9.2] Add missing unit tests (#25936) * Adjust unit test execution after folder rename * Adjust login controller tests to match current behavior * Fix broken unit tests
10 years ago
Remove hardcoded link to performance docs
11 years ago
Add check for activated local memcache Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it. Fixes https://github.com/owncloud/core/issues/14956
11 years ago
[9.2] Add missing unit tests (#25936) * Adjust unit test execution after folder rename * Adjust login controller tests to match current behavior * Fix broken unit tests
10 years ago
Detect old NSS and OpenSSL versions This will detect old NSS and OpenSSL versions and show appropriate errors in the admin interface. Fixes https://github.com/owncloud/core/issues/17901
11 years ago
Add unit tests
10 years ago
[9.2] Add missing unit tests (#25936) * Adjust unit test execution after folder rename * Adjust login controller tests to match current behavior * Fix broken unit tests
10 years ago
Add code integrity check This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository. Furthermore, there is a basic implementation to display problems with the code integrity on the update screen. Code signing basically happens the following way: - There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates. - Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID. - The command generates a signature.json file of the following format: ```json { "hashes": { "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d", "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9" }, "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----", "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl" } ``` `hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`. Steps to do in other PRs, this is already a quite huge one: - Add nag screen in case the code check fails to ensure that administrators are aware of this. - Add code verification also to OCC upgrade and unify display code more. - Add enforced code verification to apps shipped from the appstore with a level of "official" - Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release - Add some developer documentation on how devs can request their own certificate - Check when installing ownCloud - Add support for CRLs to allow revoking certificates **Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature: ``` ➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt Successfully signed "core" ``` Then increase the version and you should see something like the following: ![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png) As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen. For packaging stable releases this requires the following additional steps as a last action before zipping: 1. Run `./occ integrity:sign-core` once 2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
10 years ago
Add check for activated local memcache Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it. Fixes https://github.com/owncloud/core/issues/14956
11 years ago
Remove hardcoded link to performance docs
11 years ago
Detect old NSS and OpenSSL versions This will detect old NSS and OpenSSL versions and show appropriate errors in the admin interface. Fixes https://github.com/owncloud/core/issues/17901
11 years ago
Add code integrity check This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository. Furthermore, there is a basic implementation to display problems with the code integrity on the update screen. Code signing basically happens the following way: - There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates. - Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID. - The command generates a signature.json file of the following format: ```json { "hashes": { "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d", "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9" }, "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----", "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl" } ``` `hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`. Steps to do in other PRs, this is already a quite huge one: - Add nag screen in case the code check fails to ensure that administrators are aware of this. - Add code verification also to OCC upgrade and unify display code more. - Add enforced code verification to apps shipped from the appstore with a level of "official" - Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release - Add some developer documentation on how devs can request their own certificate - Check when installing ownCloud - Add support for CRLs to allow revoking certificates **Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature: ``` ➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt Successfully signed "core" ``` Then increase the version and you should see something like the following: ![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png) As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen. For packaging stable releases this requires the following additional steps as a last action before zipping: 1. Run `./occ integrity:sign-core` once 2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
10 years ago
Use MockBuilder instead of createMock CI uses an older PHPUnit
10 years ago
Detect old NSS and OpenSSL versions This will detect old NSS and OpenSSL versions and show appropriate errors in the admin interface. Fixes https://github.com/owncloud/core/issues/17901
11 years ago
Add code integrity check This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository. Furthermore, there is a basic implementation to display problems with the code integrity on the update screen. Code signing basically happens the following way: - There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates. - Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID. - The command generates a signature.json file of the following format: ```json { "hashes": { "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d", "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9" }, "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----", "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl" } ``` `hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`. Steps to do in other PRs, this is already a quite huge one: - Add nag screen in case the code check fails to ensure that administrators are aware of this. - Add code verification also to OCC upgrade and unify display code more. - Add enforced code verification to apps shipped from the appstore with a level of "official" - Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release - Add some developer documentation on how devs can request their own certificate - Check when installing ownCloud - Add support for CRLs to allow revoking certificates **Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature: ``` ➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt Successfully signed "core" ``` Then increase the version and you should see something like the following: ![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png) As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen. For packaging stable releases this requires the following additional steps as a last action before zipping: 1. Run `./occ integrity:sign-core` once 2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
10 years ago
Add unit tests
10 years ago
Detect old NSS and OpenSSL versions This will detect old NSS and OpenSSL versions and show appropriate errors in the admin interface. Fixes https://github.com/owncloud/core/issues/17901
11 years ago
Fix CheckSetupController tests
10 years ago
Add check for activated local memcache Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it. Fixes https://github.com/owncloud/core/issues/14956
11 years ago
Move the helpful method to the TestCase class
11 years ago
Add check for activated local memcache Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it. Fixes https://github.com/owncloud/core/issues/14956
11 years ago
Fix CheckSetupController tests
10 years ago
Add check for activated local memcache Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it. Fixes https://github.com/owncloud/core/issues/14956
11 years ago
Move the helpful method to the TestCase class
11 years ago
Add check for activated local memcache Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it. Fixes https://github.com/owncloud/core/issues/14956
11 years ago
Fix CheckSetupController tests
10 years ago
Add check for activated local memcache Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it. Fixes https://github.com/owncloud/core/issues/14956
11 years ago
Fix CheckSetupController tests
10 years ago
Add check for activated local memcache Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it. Fixes https://github.com/owncloud/core/issues/14956
11 years ago
Fix CheckSetupController tests
10 years ago
Add check for activated local memcache Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it. Fixes https://github.com/owncloud/core/issues/14956
11 years ago
Move the helpful method to the TestCase class
11 years ago
Add check for activated local memcache Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it. Fixes https://github.com/owncloud/core/issues/14956
11 years ago
Move the helpful method to the TestCase class
11 years ago
Add check for activated local memcache Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it. Fixes https://github.com/owncloud/core/issues/14956
11 years ago
Move the helpful method to the TestCase class
11 years ago
Add check for activated local memcache Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it. Fixes https://github.com/owncloud/core/issues/14956
11 years ago
Display warning in security & setup warnings if php version is EOL
11 years ago
Fix CheckSetupController tests
10 years ago
Display warning in security & setup warnings if php version is EOL
11 years ago
Fix CheckSetupController tests
10 years ago
Display warning in security & setup warnings if php version is EOL
11 years ago
Add setup check for reverse proxy header configuration
11 years ago
Display warning in security & setup warnings if php version is EOL
11 years ago
Add setup check for reverse proxy header configuration
11 years ago
Display warning in security & setup warnings if php version is EOL
11 years ago
Add check for activated local memcache Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it. Fixes https://github.com/owncloud/core/issues/14956
11 years ago
Add setup check for reverse proxy header configuration
11 years ago
Don't perform checks for outdated TLS libs when no internet connection This change makes the check return a positive result when: - The instance has been configured to not use the internet AND/OR - S2S AND the appstore is disabled
11 years ago
Add setup check for reverse proxy header configuration
11 years ago
Add check for activated local memcache Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it. Fixes https://github.com/owncloud/core/issues/14956
11 years ago
Fix CheckSetupController tests
10 years ago
Add check for activated local memcache Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it. Fixes https://github.com/owncloud/core/issues/14956
11 years ago
Fix CheckSetupController tests
10 years ago
Add check for activated local memcache Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it. Fixes https://github.com/owncloud/core/issues/14956
11 years ago
Fix CheckSetupController tests
10 years ago
Add check for activated local memcache Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it. Fixes https://github.com/owncloud/core/issues/14956
11 years ago
Add check for availability of /dev/urandom Without /dev/urandom being available to read the medium RNG will rely only on the following components on a Linux system: 1. MicroTime: microtime() . memory_get_usage() as seed and then a garbage collected microtime for loop 2. MTRand: chr((mt_rand() ^ mt_rand()) % 256) 3. Rand: chr((rand() ^ rand()) % 256) 4. UniqId: Plain uniqid() An adversary with the possibility to predict the seed used by the PHP process may thus be able to predict future tokens which is an unwanted behaviour. One should note that this behaviour is documented in our documentation to ensure that users get aware of this even without reading our documentation this will add a post setup check to the administrative interface. Thanks to David Black from d1b.org for bringing this again to our attention.
11 years ago
Remove hardcoded link to performance docs
11 years ago
Add check for availability of /dev/urandom Without /dev/urandom being available to read the medium RNG will rely only on the following components on a Linux system: 1. MicroTime: microtime() . memory_get_usage() as seed and then a garbage collected microtime for loop 2. MTRand: chr((mt_rand() ^ mt_rand()) % 256) 3. Rand: chr((rand() ^ rand()) % 256) 4. UniqId: Plain uniqid() An adversary with the possibility to predict the seed used by the PHP process may thus be able to predict future tokens which is an unwanted behaviour. One should note that this behaviour is documented in our documentation to ensure that users get aware of this even without reading our documentation this will add a post setup check to the administrative interface. Thanks to David Black from d1b.org for bringing this again to our attention.
11 years ago
Fix CheckSetupController tests
10 years ago
Add setup check for reverse proxy header configuration
11 years ago
Add check for activated local memcache Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it. Fixes https://github.com/owncloud/core/issues/14956
11 years ago
Remove hardcoded link to performance docs
11 years ago
Move the helpful method to the TestCase class
11 years ago
Add check for availability of /dev/urandom Without /dev/urandom being available to read the medium RNG will rely only on the following components on a Linux system: 1. MicroTime: microtime() . memory_get_usage() as seed and then a garbage collected microtime for loop 2. MTRand: chr((mt_rand() ^ mt_rand()) % 256) 3. Rand: chr((rand() ^ rand()) % 256) 4. UniqId: Plain uniqid() An adversary with the possibility to predict the seed used by the PHP process may thus be able to predict future tokens which is an unwanted behaviour. One should note that this behaviour is documented in our documentation to ensure that users get aware of this even without reading our documentation this will add a post setup check to the administrative interface. Thanks to David Black from d1b.org for bringing this again to our attention.
11 years ago
Detect old NSS and OpenSSL versions This will detect old NSS and OpenSSL versions and show appropriate errors in the admin interface. Fixes https://github.com/owncloud/core/issues/17901
11 years ago
Display warning in security & setup warnings if php version is EOL
11 years ago
Add setup check for reverse proxy header configuration
11 years ago
[admin] check for correct PHP memcached module
11 years ago
Add code integrity check This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository. Furthermore, there is a basic implementation to display problems with the code integrity on the update screen. Code signing basically happens the following way: - There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates. - Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID. - The command generates a signature.json file of the following format: ```json { "hashes": { "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d", "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9" }, "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----", "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl" } ``` `hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`. Steps to do in other PRs, this is already a quite huge one: - Add nag screen in case the code check fails to ensure that administrators are aware of this. - Add code verification also to OCC upgrade and unify display code more. - Add enforced code verification to apps shipped from the appstore with a level of "official" - Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release - Add some developer documentation on how devs can request their own certificate - Check when installing ownCloud - Add support for CRLs to allow revoking certificates **Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature: ``` ➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt Successfully signed "core" ``` Then increase the version and you should see something like the following: ![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png) As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen. For packaging stable releases this requires the following additional steps as a last action before zipping: 1. Run `./occ integrity:sign-core` once 2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
10 years ago
Add check for activated local memcache Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it. Fixes https://github.com/owncloud/core/issues/14956
11 years ago
Detect old NSS and OpenSSL versions This will detect old NSS and OpenSSL versions and show appropriate errors in the admin interface. Fixes https://github.com/owncloud/core/issues/17901
11 years ago
Add unit tests
10 years ago
Detect old NSS and OpenSSL versions This will detect old NSS and OpenSSL versions and show appropriate errors in the admin interface. Fixes https://github.com/owncloud/core/issues/17901
11 years ago
Don't perform checks for outdated TLS libs when no internet connection This change makes the check return a positive result when: - The instance has been configured to not use the internet AND/OR - S2S AND the appstore is disabled
11 years ago
Detect old NSS and OpenSSL versions This will detect old NSS and OpenSSL versions and show appropriate errors in the admin interface. Fixes https://github.com/owncloud/core/issues/17901
11 years ago
Don't perform checks for outdated TLS libs when no internet connection This change makes the check return a positive result when: - The instance has been configured to not use the internet AND/OR - S2S AND the appstore is disabled
11 years ago
Detect old NSS and OpenSSL versions This will detect old NSS and OpenSSL versions and show appropriate errors in the admin interface. Fixes https://github.com/owncloud/core/issues/17901
11 years ago
Don't perform checks for outdated TLS libs when no internet connection This change makes the check return a positive result when: - The instance has been configured to not use the internet AND/OR - S2S AND the appstore is disabled
11 years ago
Detect old NSS and OpenSSL versions This will detect old NSS and OpenSSL versions and show appropriate errors in the admin interface. Fixes https://github.com/owncloud/core/issues/17901
11 years ago
Don't perform checks for outdated TLS libs when no internet connection This change makes the check return a positive result when: - The instance has been configured to not use the internet AND/OR - S2S AND the appstore is disabled
11 years ago
use config.php value instead of version string
11 years ago
Detect old NSS and OpenSSL versions This will detect old NSS and OpenSSL versions and show appropriate errors in the admin interface. Fixes https://github.com/owncloud/core/issues/17901
11 years ago
use config.php value instead of version string
11 years ago
Don't perform checks for outdated TLS libs when no internet connection This change makes the check return a positive result when: - The instance has been configured to not use the internet AND/OR - S2S AND the appstore is disabled
11 years ago
use config.php value instead of version string
11 years ago
Don't perform checks for outdated TLS libs when no internet connection This change makes the check return a positive result when: - The instance has been configured to not use the internet AND/OR - S2S AND the appstore is disabled
11 years ago
use config.php value instead of version string
11 years ago
Detect old NSS and OpenSSL versions This will detect old NSS and OpenSSL versions and show appropriate errors in the admin interface. Fixes https://github.com/owncloud/core/issues/17901
11 years ago
Don't perform checks for outdated TLS libs when no internet connection This change makes the check return a positive result when: - The instance has been configured to not use the internet AND/OR - S2S AND the appstore is disabled
11 years ago
use config.php value instead of version string
11 years ago
Detect old NSS and OpenSSL versions This will detect old NSS and OpenSSL versions and show appropriate errors in the admin interface. Fixes https://github.com/owncloud/core/issues/17901
11 years ago
Don't perform checks for outdated TLS libs when no internet connection This change makes the check return a positive result when: - The instance has been configured to not use the internet AND/OR - S2S AND the appstore is disabled
11 years ago
Detect old NSS and OpenSSL versions This will detect old NSS and OpenSSL versions and show appropriate errors in the admin interface. Fixes https://github.com/owncloud/core/issues/17901
11 years ago
Don't perform checks for outdated TLS libs when no internet connection This change makes the check return a positive result when: - The instance has been configured to not use the internet AND/OR - S2S AND the appstore is disabled
11 years ago
Detect old NSS and OpenSSL versions This will detect old NSS and OpenSSL versions and show appropriate errors in the admin interface. Fixes https://github.com/owncloud/core/issues/17901
11 years ago
Don't perform checks for outdated TLS libs when no internet connection This change makes the check return a positive result when: - The instance has been configured to not use the internet AND/OR - S2S AND the appstore is disabled
11 years ago
use config.php value instead of version string
11 years ago
Detect old NSS and OpenSSL versions This will detect old NSS and OpenSSL versions and show appropriate errors in the admin interface. Fixes https://github.com/owncloud/core/issues/17901
11 years ago
Don't perform checks for outdated TLS libs when no internet connection This change makes the check return a positive result when: - The instance has been configured to not use the internet AND/OR - S2S AND the appstore is disabled
11 years ago
Detect old NSS and OpenSSL versions This will detect old NSS and OpenSSL versions and show appropriate errors in the admin interface. Fixes https://github.com/owncloud/core/issues/17901
11 years ago
Don't perform checks for outdated TLS libs when no internet connection This change makes the check return a positive result when: - The instance has been configured to not use the internet AND/OR - S2S AND the appstore is disabled
11 years ago
Deprecate getEditionString()
10 years ago
Don't perform checks for outdated TLS libs when no internet connection This change makes the check return a positive result when: - The instance has been configured to not use the internet AND/OR - S2S AND the appstore is disabled
11 years ago
Deprecate getEditionString()
10 years ago
Don't perform checks for outdated TLS libs when no internet connection This change makes the check return a positive result when: - The instance has been configured to not use the internet AND/OR - S2S AND the appstore is disabled
11 years ago
Add code integrity check This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository. Furthermore, there is a basic implementation to display problems with the code integrity on the update screen. Code signing basically happens the following way: - There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates. - Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID. - The command generates a signature.json file of the following format: ```json { "hashes": { "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d", "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9" }, "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----", "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl" } ``` `hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`. Steps to do in other PRs, this is already a quite huge one: - Add nag screen in case the code check fails to ensure that administrators are aware of this. - Add code verification also to OCC upgrade and unify display code more. - Add enforced code verification to apps shipped from the appstore with a level of "official" - Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release - Add some developer documentation on how devs can request their own certificate - Check when installing ownCloud - Add support for CRLs to allow revoking certificates **Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature: ``` ➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt Successfully signed "core" ``` Then increase the version and you should see something like the following: ![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png) As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen. For packaging stable releases this requires the following additional steps as a last action before zipping: 1. Run `./occ integrity:sign-core` once 2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
10 years ago
Add unit tests
10 years ago
Add code integrity check This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository. Furthermore, there is a basic implementation to display problems with the code integrity on the update screen. Code signing basically happens the following way: - There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates. - Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID. - The command generates a signature.json file of the following format: ```json { "hashes": { "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d", "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9" }, "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----", "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl" } ``` `hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`. Steps to do in other PRs, this is already a quite huge one: - Add nag screen in case the code check fails to ensure that administrators are aware of this. - Add code verification also to OCC upgrade and unify display code more. - Add enforced code verification to apps shipped from the appstore with a level of "official" - Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release - Add some developer documentation on how devs can request their own certificate - Check when installing ownCloud - Add support for CRLs to allow revoking certificates **Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature: ``` ➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt Successfully signed "core" ``` Then increase the version and you should see something like the following: ![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png) As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen. For packaging stable releases this requires the following additional steps as a last action before zipping: 1. Run `./occ integrity:sign-core` once 2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
10 years ago
Add note if integrity check is disabled Our issue template states that users should post the output of `/index.php/settings/integrity/failed`, at the moment it displays that all passes have been passed if the integrity checker has been disabled. This is however a wrong approach considering that some distributions are gonna package Frankenstein releases and makes it harder for us to detect such issues. Thus if the integrity code checker is disabled (using the config switch) it displays now: `Appcode checker has been disabled. Integrity cannot be verified.` This is not displayed anywhere else in the UI except these URL used for us for debugging purposes.
10 years ago
Add code integrity check This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository. Furthermore, there is a basic implementation to display problems with the code integrity on the update screen. Code signing basically happens the following way: - There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates. - Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID. - The command generates a signature.json file of the following format: ```json { "hashes": { "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d", "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9" }, "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----", "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl" } ``` `hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`. Steps to do in other PRs, this is already a quite huge one: - Add nag screen in case the code check fails to ensure that administrators are aware of this. - Add code verification also to OCC upgrade and unify display code more. - Add enforced code verification to apps shipped from the appstore with a level of "official" - Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release - Add some developer documentation on how devs can request their own certificate - Check when installing ownCloud - Add support for CRLs to allow revoking certificates **Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature: ``` ➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt Successfully signed "core" ``` Then increase the version and you should see something like the following: ![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png) As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen. For packaging stable releases this requires the following additional steps as a last action before zipping: 1. Run `./occ integrity:sign-core` once 2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
10 years ago
Add note if integrity check is disabled Our issue template states that users should post the output of `/index.php/settings/integrity/failed`, at the moment it displays that all passes have been passed if the integrity checker has been disabled. This is however a wrong approach considering that some distributions are gonna package Frankenstein releases and makes it harder for us to detect such issues. Thus if the integrity code checker is disabled (using the config switch) it displays now: `Appcode checker has been disabled. Integrity cannot be verified.` This is not displayed anywhere else in the UI except these URL used for us for debugging purposes.
10 years ago
Add code integrity check This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository. Furthermore, there is a basic implementation to display problems with the code integrity on the update screen. Code signing basically happens the following way: - There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates. - Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID. - The command generates a signature.json file of the following format: ```json { "hashes": { "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d", "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9" }, "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----", "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl" } ``` `hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`. Steps to do in other PRs, this is already a quite huge one: - Add nag screen in case the code check fails to ensure that administrators are aware of this. - Add code verification also to OCC upgrade and unify display code more. - Add enforced code verification to apps shipped from the appstore with a level of "official" - Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release - Add some developer documentation on how devs can request their own certificate - Check when installing ownCloud - Add support for CRLs to allow revoking certificates **Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature: ``` ➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt Successfully signed "core" ``` Then increase the version and you should see something like the following: ![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png) As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen. For packaging stable releases this requires the following additional steps as a last action before zipping: 1. Run `./occ integrity:sign-core` once 2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
10 years ago
Add note if integrity check is disabled Our issue template states that users should post the output of `/index.php/settings/integrity/failed`, at the moment it displays that all passes have been passed if the integrity checker has been disabled. This is however a wrong approach considering that some distributions are gonna package Frankenstein releases and makes it harder for us to detect such issues. Thus if the integrity code checker is disabled (using the config switch) it displays now: `Appcode checker has been disabled. Integrity cannot be verified.` This is not displayed anywhere else in the UI except these URL used for us for debugging purposes.
10 years ago
Add code integrity check This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository. Furthermore, there is a basic implementation to display problems with the code integrity on the update screen. Code signing basically happens the following way: - There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release :wink:). This certificate is not intended to be used for signing directly and only is used to sign new certificates. - Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`, apps need to be signed with a certificate that either has a CN of `core` (shipped apps!) or the AppID. - The command generates a signature.json file of the following format: ```json { "hashes": { "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d", "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9" }, "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----", "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl" } ``` `hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`. Steps to do in other PRs, this is already a quite huge one: - Add nag screen in case the code check fails to ensure that administrators are aware of this. - Add code verification also to OCC upgrade and unify display code more. - Add enforced code verification to apps shipped from the appstore with a level of "official" - Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release - Add some developer documentation on how devs can request their own certificate - Check when installing ownCloud - Add support for CRLs to allow revoking certificates **Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature: ``` ➜ master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt Successfully signed "core" ``` Then increase the version and you should see something like the following: ![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png) As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen. For packaging stable releases this requires the following additional steps as a last action before zipping: 1. Run `./occ integrity:sign-core` once 2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
10 years ago
Add check for activated local memcache Also used the opportunity to refactor it into an AppFramework controller so that we can unit test it. Fixes https://github.com/owncloud/core/issues/14956
11 years ago
  1. <?php
  2. /**
  3. * @author Lukas Reschke <lukas@owncloud.com>
  4. *
  5. * @copyright Copyright (c) 2015, ownCloud, Inc.
  6. * @license AGPL-3.0
  7. *
  8. * This code is free software: you can redistribute it and/or modify
  9. * it under the terms of the GNU Affero General Public License, version 3,
  10. * as published by the Free Software Foundation.
  11. *
  12. * This program is distributed in the hope that it will be useful,
  13. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  14. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  15. * GNU Affero General Public License for more details.
  16. *
  17. * You should have received a copy of the GNU Affero General Public License, version 3,
  18. * along with this program. If not, see <http://www.gnu.org/licenses/>
  19. *
  20. */
  22. namespace Tests\Settings\Controller;
  24. use OC\Settings\Controller\CheckSetupController;
  25. use OCP\AppFramework\Http;
  26. use OCP\AppFramework\Http\DataDisplayResponse;
  27. use OCP\AppFramework\Http\DataResponse;
  28. use OCP\AppFramework\Http\RedirectResponse;
  29. use OCP\Http\Client\IClientService;
  30. use OCP\IConfig;
  31. use OCP\IL10N;
  32. use OCP\ILogger;
  33. use OCP\IRequest;
  34. use OCP\IURLGenerator;
  35. use OC_Util;
  36. use Test\TestCase;
  37. use OC\IntegrityCheck\Checker;
  39. /**
  40. * Class CheckSetupControllerTest
  41. *
  42. * @package Tests\Settings\Controller
  43. */
  44. class CheckSetupControllerTest extends TestCase {
  45. /** @var CheckSetupController | \PHPUnit_Framework_MockObject_MockObject */
  46. private $checkSetupController;
  47. /** @var IRequest | \PHPUnit_Framework_MockObject_MockObject */
  48. private $request;
  49. /** @var IConfig | \PHPUnit_Framework_MockObject_MockObject */
  50. private $config;
  51. /** @var IClientService | \PHPUnit_Framework_MockObject_MockObject*/
  52. private $clientService;
  53. /** @var IURLGenerator | \PHPUnit_Framework_MockObject_MockObject */
  54. private $urlGenerator;
  55. /** @var OC_Util */
  56. private $util;
  57. /** @var IL10N | \PHPUnit_Framework_MockObject_MockObject */
  58. private $l10n;
  59. /** @var ILogger */
  60. private $logger;
  61. /** @var Checker | \PHPUnit_Framework_MockObject_MockObject */
  62. private $checker;
  64. public function setUp() {
  65. parent::setUp();
  67. $this->request = $this->getMockBuilder('\OCP\IRequest')
  68. ->disableOriginalConstructor()->getMock();
  69. $this->config = $this->getMockBuilder('\OCP\IConfig')
  70. ->disableOriginalConstructor()->getMock();
  71. $this->config = $this->getMockBuilder('\OCP\IConfig')
  72. ->disableOriginalConstructor()->getMock();
  73. $this->clientService = $this->getMockBuilder('\OCP\Http\Client\IClientService')
  74. ->disableOriginalConstructor()->getMock();
  75. $this->util = $this->getMockBuilder('\OC_Util')
  76. ->disableOriginalConstructor()->getMock();
  77. $this->urlGenerator = $this->getMockBuilder('\OCP\IURLGenerator')
  78. ->disableOriginalConstructor()->getMock();
  79. $this->l10n = $this->getMockBuilder('\OCP\IL10N')
  80. ->disableOriginalConstructor()->getMock();
  81. $this->l10n->expects($this->any())
  82. ->method('t')
  83. ->will($this->returnCallback(function($message, array $replace) {
  84. return vsprintf($message, $replace);
  85. }));
  86. $this->checker = $this->getMockBuilder('\OC\IntegrityCheck\Checker')
  87. ->disableOriginalConstructor()->getMock();
  88. $this->logger = $this->getMockBuilder('\OCP\ILogger')->getMock();
  89. $this->checkSetupController = $this->getMockBuilder('\OC\Settings\Controller\CheckSetupController')
  90. ->setConstructorArgs([
  91. 'settings',
  92. $this->request,
  93. $this->config,
  94. $this->clientService,
  95. $this->urlGenerator,
  96. $this->util,
  97. $this->l10n,
  98. $this->checker,
  99. $this->logger
  100. ])
  101. ->setMethods(['getCurlVersion', 'isPhpOutdated'])->getMock();
  102. }
  104. public function testIsInternetConnectionWorkingDisabledViaConfig() {
  105. $this->config->expects($this->once())
  106. ->method('getSystemValue')
  107. ->with('has_internet_connection', true)
  108. ->will($this->returnValue(false));
  110. $this->assertFalse(
  111. self::invokePrivate(
  112. $this->checkSetupController,
  113. 'isInternetConnectionWorking'
  114. )
  115. );
  116. }
  118. public function testIsInternetConnectionWorkingCorrectly() {
  119. $this->config->expects($this->once())
  120. ->method('getSystemValue')
  121. ->with('has_internet_connection', true)
  122. ->will($this->returnValue(true));
  124. $client = $this->getMockBuilder('\OCP\Http\Client\IClient')
  125. ->disableOriginalConstructor()->getMock();
  126. $client->expects($this->any())
  127. ->method('get');
  129. $this->clientService->expects($this->once())
  130. ->method('newClient')
  131. ->will($this->returnValue($client));
  134. $this->assertTrue(
  135. self::invokePrivate(
  136. $this->checkSetupController,
  137. 'isInternetConnectionWorking'
  138. )
  139. );
  140. }
  142. public function testIsInternetConnectionFail() {
  143. $this->config->expects($this->once())
  144. ->method('getSystemValue')
  145. ->with('has_internet_connection', true)
  146. ->will($this->returnValue(true));
  148. $client = $this->getMockBuilder('\OCP\Http\Client\IClient')
  149. ->disableOriginalConstructor()->getMock();
  150. $client->expects($this->any())
  151. ->method('get')
  152. ->will($this->throwException(new \Exception()));
  154. $this->clientService->expects($this->exactly(3))
  155. ->method('newClient')
  156. ->will($this->returnValue($client));
  158. $this->assertFalse(
  159. self::invokePrivate(
  160. $this->checkSetupController,
  161. 'isInternetConnectionWorking'
  162. )
  163. );
  164. }
  167. public function testIsMemcacheConfiguredFalse() {
  168. $this->config->expects($this->once())
  169. ->method('getSystemValue')
  170. ->with('memcache.local', null)
  171. ->will($this->returnValue(null));
  173. $this->assertFalse(
  174. self::invokePrivate(
  175. $this->checkSetupController,
  176. 'isMemcacheConfigured'
  177. )
  178. );
  179. }
  181. public function testIsMemcacheConfiguredTrue() {
  182. $this->config->expects($this->once())
  183. ->method('getSystemValue')
  184. ->with('memcache.local', null)
  185. ->will($this->returnValue('SomeProvider'));
  187. $this->assertTrue(
  188. self::invokePrivate(
  189. $this->checkSetupController,
  190. 'isMemcacheConfigured'
  191. )
  192. );
  193. }
  195. public function testIsPhpSupportedFalse() {
  196. $this->checkSetupController
  197. ->expects($this->once())
  198. ->method('isPhpOutdated')
  199. ->willReturn(true);
  201. $this->assertEquals(
  202. ['eol' => true, 'version' => PHP_VERSION],
  203. self::invokePrivate($this->checkSetupController, 'isPhpSupported')
  204. );
  205. }
  207. public function testIsPhpSupportedTrue() {
  208. $this->checkSetupController
  209. ->expects($this->exactly(2))
  210. ->method('isPhpOutdated')
  211. ->willReturn(false);
  213. $this->assertEquals(
  214. ['eol' => false, 'version' => PHP_VERSION],
  215. self::invokePrivate($this->checkSetupController, 'isPhpSupported')
  216. );
  219. $this->assertEquals(
  220. ['eol' => false, 'version' => PHP_VERSION],
  221. self::invokePrivate($this->checkSetupController, 'isPhpSupported')
  222. );
  223. }
  225. public function testForwardedForHeadersWorkingFalse() {
  226. $this->config->expects($this->once())
  227. ->method('getSystemValue')
  228. ->with('trusted_proxies', [])
  229. ->willReturn(['1.2.3.4']);
  230. $this->request->expects($this->once())
  231. ->method('getRemoteAddress')
  232. ->willReturn('1.2.3.4');
  234. $this->assertFalse(
  235. self::invokePrivate(
  236. $this->checkSetupController,
  237. 'forwardedForHeadersWorking'
  238. )
  239. );
  240. }
  242. public function testForwardedForHeadersWorkingTrue() {
  243. $this->config->expects($this->once())
  244. ->method('getSystemValue')
  245. ->with('trusted_proxies', [])
  246. ->willReturn(['1.2.3.4']);
  247. $this->request->expects($this->once())
  248. ->method('getRemoteAddress')
  249. ->willReturn('4.3.2.1');
  251. $this->assertTrue(
  252. self::invokePrivate(
  253. $this->checkSetupController,
  254. 'forwardedForHeadersWorking'
  255. )
  256. );
  257. }
  259. public function testCheck() {
  260. $this->config->expects($this->at(0))
  261. ->method('getSystemValue')
  262. ->with('has_internet_connection', true)
  263. ->will($this->returnValue(true));
  264. $this->config->expects($this->at(1))
  265. ->method('getSystemValue')
  266. ->with('memcache.local', null)
  267. ->will($this->returnValue('SomeProvider'));
  268. $this->config->expects($this->at(2))
  269. ->method('getSystemValue')
  270. ->with('has_internet_connection', true)
  271. ->will($this->returnValue(false));
  272. $this->config->expects($this->at(3))
  273. ->method('getSystemValue')
  274. ->with('trusted_proxies', [])
  275. ->willReturn(['1.2.3.4']);
  277. $this->request->expects($this->once())
  278. ->method('getRemoteAddress')
  279. ->willReturn('4.3.2.1');
  281. $client = $this->getMockBuilder('\OCP\Http\Client\IClient')
  282. ->disableOriginalConstructor()->getMock();
  283. $client->expects($this->at(0))
  284. ->method('get')
  285. ->with('http://www.nextcloud.com/', [])
  286. ->will($this->throwException(new \Exception()));
  287. $client->expects($this->at(1))
  288. ->method('get')
  289. ->with('http://www.google.com/', [])
  290. ->will($this->throwException(new \Exception()));
  291. $client->expects($this->at(2))
  292. ->method('get')
  293. ->with('http://www.github.com/', [])
  294. ->will($this->throwException(new \Exception()));
  295. $this->clientService->expects($this->exactly(3))
  296. ->method('newClient')
  297. ->will($this->returnValue($client));
  298. $this->urlGenerator->expects($this->at(0))
  299. ->method('linkToDocs')
  300. ->with('admin-performance')
  301. ->willReturn('http://doc.owncloud.org/server/go.php?to=admin-performance');
  302. $this->urlGenerator->expects($this->at(1))
  303. ->method('linkToDocs')
  304. ->with('admin-security')
  305. ->willReturn('https://doc.owncloud.org/server/8.1/admin_manual/configuration_server/hardening.html');
  306. $this->checkSetupController
  307. ->expects($this->once())
  308. ->method('isPhpOutdated')
  309. ->willReturn(true);
  310. $this->urlGenerator->expects($this->at(2))
  311. ->method('linkToDocs')
  312. ->with('admin-reverse-proxy')
  313. ->willReturn('reverse-proxy-doc-link');
  315. $expected = new DataResponse(
  316. [
  317. 'serverHasInternetConnection' => false,
  318. 'isMemcacheConfigured' => true,
  319. 'memcacheDocs' => 'http://doc.owncloud.org/server/go.php?to=admin-performance',
  320. 'isUrandomAvailable' => self::invokePrivate($this->checkSetupController, 'isUrandomAvailable'),
  321. 'securityDocs' => 'https://doc.owncloud.org/server/8.1/admin_manual/configuration_server/hardening.html',
  322. 'isUsedTlsLibOutdated' => '',
  323. 'phpSupported' => [
  324. 'eol' => true,
  325. 'version' => PHP_VERSION
  326. ],
  327. 'forwardedForHeadersWorking' => true,
  328. 'reverseProxyDocs' => 'reverse-proxy-doc-link',
  329. 'isCorrectMemcachedPHPModuleInstalled' => true,
  330. 'hasPassedCodeIntegrityCheck' => null,
  331. 'codeIntegrityCheckerDocumentation' => null,
  332. ]
  333. );
  334. $this->assertEquals($expected, $this->checkSetupController->check());
  335. }
  337. public function testGetCurlVersion() {
  338. $checkSetupController = $this->getMockBuilder('\OC\Settings\Controller\CheckSetupController')
  339. ->setConstructorArgs([
  340. 'settings',
  341. $this->request,
  342. $this->config,
  343. $this->clientService,
  344. $this->urlGenerator,
  345. $this->util,
  346. $this->l10n,
  347. $this->checker,
  348. $this->logger
  349. ])
  350. ->setMethods(null)->getMock();
  352. $this->assertArrayHasKey('ssl_version', $this->invokePrivate($checkSetupController, 'getCurlVersion'));
  353. }
  355. public function testIsUsedTlsLibOutdatedWithAnotherLibrary() {
  356. $this->config->expects($this->any())
  357. ->method('getSystemValue')
  358. ->will($this->returnValue(true));
  359. $this->checkSetupController
  360. ->expects($this->once())
  361. ->method('getCurlVersion')
  362. ->will($this->returnValue(['ssl_version' => 'SSLlib']));
  363. $this->assertSame('', $this->invokePrivate($this->checkSetupController, 'isUsedTlsLibOutdated'));
  364. }
  366. public function testIsUsedTlsLibOutdatedWithMisbehavingCurl() {
  367. $this->config->expects($this->any())
  368. ->method('getSystemValue')
  369. ->will($this->returnValue(true));
  370. $this->checkSetupController
  371. ->expects($this->once())
  372. ->method('getCurlVersion')
  373. ->will($this->returnValue([]));
  374. $this->assertSame('', $this->invokePrivate($this->checkSetupController, 'isUsedTlsLibOutdated'));
  375. }
  377. public function testIsUsedTlsLibOutdatedWithOlderOpenSsl() {
  378. $this->config->expects($this->any())
  379. ->method('getSystemValue')
  380. ->will($this->returnValue(true));
  381. $this->checkSetupController
  382. ->expects($this->once())
  383. ->method('getCurlVersion')
  384. ->will($this->returnValue(['ssl_version' => 'OpenSSL/1.0.1c']));
  385. $this->assertSame('cURL is using an outdated OpenSSL version (OpenSSL/1.0.1c). Please update your operating system or features such as installing and updating apps via the app store or Federated Cloud Sharing will not work reliably.', $this->invokePrivate($this->checkSetupController, 'isUsedTlsLibOutdated'));
  386. }
  388. public function testIsUsedTlsLibOutdatedWithOlderOpenSslAndWithoutAppstore() {
  389. $this->config
  390. ->expects($this->at(0))
  391. ->method('getSystemValue')
  392. ->with('has_internet_connection', true)
  393. ->will($this->returnValue(true));
  394. $this->checkSetupController
  395. ->expects($this->once())
  396. ->method('getCurlVersion')
  397. ->will($this->returnValue(['ssl_version' => 'OpenSSL/1.0.1c']));
  398. $this->assertSame('cURL is using an outdated OpenSSL version (OpenSSL/1.0.1c). Please update your operating system or features such as Federated Cloud Sharing will not work reliably.', $this->invokePrivate($this->checkSetupController, 'isUsedTlsLibOutdated'));
  399. }
  401. public function testIsUsedTlsLibOutdatedWithOlderOpenSsl1() {
  402. $this->config->expects($this->any())
  403. ->method('getSystemValue')
  404. ->will($this->returnValue(true));
  405. $this->checkSetupController
  406. ->expects($this->once())
  407. ->method('getCurlVersion')
  408. ->will($this->returnValue(['ssl_version' => 'OpenSSL/1.0.2a']));
  409. $this->assertSame('cURL is using an outdated OpenSSL version (OpenSSL/1.0.2a). Please update your operating system or features such as installing and updating apps via the app store or Federated Cloud Sharing will not work reliably.', $this->invokePrivate($this->checkSetupController, 'isUsedTlsLibOutdated'));
  410. }
  412. public function testIsUsedTlsLibOutdatedWithMatchingOpenSslVersion() {
  413. $this->config->expects($this->any())
  414. ->method('getSystemValue')
  415. ->will($this->returnValue(true));
  416. $this->checkSetupController
  417. ->expects($this->once())
  418. ->method('getCurlVersion')
  419. ->will($this->returnValue(['ssl_version' => 'OpenSSL/1.0.1d']));
  420. $this->assertSame('', $this->invokePrivate($this->checkSetupController, 'isUsedTlsLibOutdated'));
  421. }
  423. public function testIsUsedTlsLibOutdatedWithMatchingOpenSslVersion1() {
  424. $this->config->expects($this->any())
  425. ->method('getSystemValue')
  426. ->will($this->returnValue(true));
  427. $this->checkSetupController
  428. ->expects($this->once())
  429. ->method('getCurlVersion')
  430. ->will($this->returnValue(['ssl_version' => 'OpenSSL/1.0.2b']));
  431. $this->assertSame('', $this->invokePrivate($this->checkSetupController, 'isUsedTlsLibOutdated'));
  432. }
  434. public function testIsBuggyNss400() {
  435. $this->config->expects($this->any())
  436. ->method('getSystemValue')
  437. ->will($this->returnValue(true));
  438. $this->checkSetupController
  439. ->expects($this->once())
  440. ->method('getCurlVersion')
  441. ->will($this->returnValue(['ssl_version' => 'NSS/1.0.2b']));
  442. $client = $this->getMockBuilder('\OCP\Http\Client\IClient')
  443. ->disableOriginalConstructor()->getMock();
  444. $exception = $this->getMockBuilder('\GuzzleHttp\Exception\ClientException')
  445. ->disableOriginalConstructor()->getMock();
  446. $response = $this->getMockBuilder('\GuzzleHttp\Message\ResponseInterface')
  447. ->disableOriginalConstructor()->getMock();
  448. $response->expects($this->once())
  449. ->method('getStatusCode')
  450. ->will($this->returnValue(400));
  451. $exception->expects($this->once())
  452. ->method('getResponse')
  453. ->will($this->returnValue($response));
  455. $client->expects($this->at(0))
  456. ->method('get')
  457. ->with('https://www.owncloud.org/', [])
  458. ->will($this->throwException($exception));
  460. $this->clientService->expects($this->once())
  461. ->method('newClient')
  462. ->will($this->returnValue($client));
  464. $this->assertSame('cURL is using an outdated NSS version (NSS/1.0.2b). Please update your operating system or features such as installing and updating apps via the app store or Federated Cloud Sharing will not work reliably.', $this->invokePrivate($this->checkSetupController, 'isUsedTlsLibOutdated'));
  465. }
  468. public function testIsBuggyNss200() {
  469. $this->config->expects($this->any())
  470. ->method('getSystemValue')
  471. ->will($this->returnValue(true));
  472. $this->checkSetupController
  473. ->expects($this->once())
  474. ->method('getCurlVersion')
  475. ->will($this->returnValue(['ssl_version' => 'NSS/1.0.2b']));
  476. $client = $this->getMockBuilder('\OCP\Http\Client\IClient')
  477. ->disableOriginalConstructor()->getMock();
  478. $exception = $this->getMockBuilder('\GuzzleHttp\Exception\ClientException')
  479. ->disableOriginalConstructor()->getMock();
  480. $response = $this->getMockBuilder('\GuzzleHttp\Message\ResponseInterface')
  481. ->disableOriginalConstructor()->getMock();
  482. $response->expects($this->once())
  483. ->method('getStatusCode')
  484. ->will($this->returnValue(200));
  485. $exception->expects($this->once())
  486. ->method('getResponse')
  487. ->will($this->returnValue($response));
  489. $client->expects($this->at(0))
  490. ->method('get')
  491. ->with('https://www.owncloud.org/', [])
  492. ->will($this->throwException($exception));
  494. $this->clientService->expects($this->once())
  495. ->method('newClient')
  496. ->will($this->returnValue($client));
  498. $this->assertSame('', $this->invokePrivate($this->checkSetupController, 'isUsedTlsLibOutdated'));
  499. }
  501. public function testIsUsedTlsLibOutdatedWithInternetDisabled() {
  502. $this->config
  503. ->expects($this->at(0))
  504. ->method('getSystemValue')
  505. ->with('has_internet_connection', true)
  506. ->will($this->returnValue(false));
  507. $this->assertSame('', $this->invokePrivate($this->checkSetupController, 'isUsedTlsLibOutdated'));
  508. }
  510. public function testIsUsedTlsLibOutdatedWithAppstoreDisabledAndServerToServerSharingEnabled() {
  511. $this->config
  512. ->expects($this->at(0))
  513. ->method('getSystemValue')
  514. ->with('has_internet_connection', true)
  515. ->will($this->returnValue(true));
  516. $this->config
  517. ->expects($this->at(1))
  518. ->method('getSystemValue')
  519. ->with('appstoreenabled', true)
  520. ->will($this->returnValue(false));
  521. $this->config
  522. ->expects($this->at(2))
  523. ->method('getAppValue')
  524. ->with('files_sharing', 'outgoing_server2server_share_enabled', 'yes')
  525. ->will($this->returnValue('no'));
  526. $this->config
  527. ->expects($this->at(3))
  528. ->method('getAppValue')
  529. ->with('files_sharing', 'incoming_server2server_share_enabled', 'yes')
  530. ->will($this->returnValue('yes'));
  532. $this->checkSetupController
  533. ->expects($this->once())
  534. ->method('getCurlVersion')
  535. ->will($this->returnValue([]));
  536. $this->assertSame('', $this->invokePrivate($this->checkSetupController, 'isUsedTlsLibOutdated'));
  537. }
  539. public function testIsUsedTlsLibOutdatedWithAppstoreDisabledAndServerToServerSharingDisabled() {
  540. $this->config
  541. ->expects($this->at(0))
  542. ->method('getSystemValue')
  543. ->with('has_internet_connection', true)
  544. ->will($this->returnValue(true));
  545. $this->config
  546. ->expects($this->at(1))
  547. ->method('getSystemValue')
  548. ->with('appstoreenabled', true)
  549. ->will($this->returnValue(false));
  550. $this->config
  551. ->expects($this->at(2))
  552. ->method('getAppValue')
  553. ->with('files_sharing', 'outgoing_server2server_share_enabled', 'yes')
  554. ->will($this->returnValue('no'));
  555. $this->config
  556. ->expects($this->at(3))
  557. ->method('getAppValue')
  558. ->with('files_sharing', 'incoming_server2server_share_enabled', 'yes')
  559. ->will($this->returnValue('no'));
  561. $this->checkSetupController
  562. ->expects($this->never())
  563. ->method('getCurlVersion')
  564. ->will($this->returnValue([]));
  565. $this->assertSame('', $this->invokePrivate($this->checkSetupController, 'isUsedTlsLibOutdated'));
  566. }
  568. public function testRescanFailedIntegrityCheck() {
  569. $this->checker
  570. ->expects($this->once())
  571. ->method('runInstanceVerification');
  572. $this->urlGenerator
  573. ->expects($this->once())
  574. ->method('linkToRoute')
  575. ->with('settings.AdminSettings.index')
  576. ->will($this->returnValue('/admin'));
  578. $expected = new RedirectResponse('/admin');
  579. $this->assertEquals($expected, $this->checkSetupController->rescanFailedIntegrityCheck());
  580. }
  582. public function testGetFailedIntegrityCheckDisabled() {
  583. $this->checker
  584. ->expects($this->once())
  585. ->method('isCodeCheckEnforced')
  586. ->willReturn(false);
  588. $expected = new DataDisplayResponse('Integrity checker has been disabled. Integrity cannot be verified.');
  589. $this->assertEquals($expected, $this->checkSetupController->getFailedIntegrityCheckFiles());
  590. }
  593. public function testGetFailedIntegrityCheckFilesWithNoErrorsFound() {
  594. $this->checker
  595. ->expects($this->once())
  596. ->method('isCodeCheckEnforced')
  597. ->willReturn(true);
  598. $this->checker
  599. ->expects($this->once())
  600. ->method('getResults')
  601. ->will($this->returnValue([]));
  603. $expected = new DataDisplayResponse(
  604. 'No errors have been found.',
  605. Http::STATUS_OK,
  606. [
  607. 'Content-Type' => 'text/plain',
  608. ]
  609. );
  610. $this->assertEquals($expected, $this->checkSetupController->getFailedIntegrityCheckFiles());
  611. }
  613. public function testGetFailedIntegrityCheckFilesWithSomeErrorsFound() {
  614. $this->checker
  615. ->expects($this->once())
  616. ->method('isCodeCheckEnforced')
  617. ->willReturn(true);
  618. $this->checker
  619. ->expects($this->once())
  620. ->method('getResults')
  621. ->will($this->returnValue(array ( 'core' => array ( 'EXTRA_FILE' => array('/testfile' => array()), 'INVALID_HASH' => array ( '/.idea/workspace.xml' => array ( 'expected' => 'f1c5e2630d784bc9cb02d5a28f55d6f24d06dae2a0fee685f3c2521b050955d9d452769f61454c9ddfa9c308146ade10546cfa829794448eaffbc9a04a29d216', 'current' => 'ce08bf30bcbb879a18b49239a9bec6b8702f52452f88a9d32142cad8d2494d5735e6bfa0d8642b2762c62ca5be49f9bf4ec231d4a230559d4f3e2c471d3ea094', ), '/lib/private/integritycheck/checker.php' => array ( 'expected' => 'c5a03bacae8dedf8b239997901ba1fffd2fe51271d13a00cc4b34b09cca5176397a89fc27381cbb1f72855fa18b69b6f87d7d5685c3b45aee373b09be54742ea', 'current' => '88a3a92c11db91dec1ac3be0e1c87f862c95ba6ffaaaa3f2c3b8f682187c66f07af3a3b557a868342ef4a271218fe1c1e300c478e6c156c5955ed53c40d06585', ), '/settings/controller/checksetupcontroller.php' => array ( 'expected' => '3e1de26ce93c7bfe0ede7c19cb6c93cadc010340225b375607a7178812e9de163179b0dc33809f451e01f491d93f6f5aaca7929685d21594cccf8bda732327c4', 'current' => '09563164f9904a837f9ca0b5f626db56c838e5098e0ccc1d8b935f68fa03a25c5ec6f6b2d9e44a868e8b85764dafd1605522b4af8db0ae269d73432e9a01e63a', ), ), ), 'bookmarks' => array ( 'EXCEPTION' => array ( 'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException', 'message' => 'Signature data not found.', ), ), 'dav' => array ( 'EXCEPTION' => array ( 'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException', 'message' => 'Signature data not found.', ), ), 'encryption' => array ( 'EXCEPTION' => array ( 'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException', 'message' => 'Signature data not found.', ), ), 'external' => array ( 'EXCEPTION' => array ( 'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException', 'message' => 'Signature data not found.', ), ), 'federation' => array ( 'EXCEPTION' => array ( 'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException', 'message' => 'Signature data not found.', ), ), 'files' => array ( 'EXCEPTION' => array ( 'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException', 'message' => 'Signature data not found.', ), ), 'files_antivirus' => array ( 'EXCEPTION' => array ( 'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException', 'message' => 'Signature data not found.', ), ), 'files_drop' => array ( 'EXCEPTION' => array ( 'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException', 'message' => 'Signature data not found.', ), ), 'files_external' => array ( 'EXCEPTION' => array ( 'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException', 'message' => 'Signature data not found.', ), ), 'files_pdfviewer' => array ( 'EXCEPTION' => array ( 'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException', 'message' => 'Signature data not found.', ), ), 'files_sharing' => array ( 'EXCEPTION' => array ( 'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException', 'message' => 'Signature data not found.', ), ), 'files_trashbin' => array ( 'EXCEPTION' => array ( 'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException', 'message' => 'Signature data not found.', ), ), 'files_versions' => array ( 'EXCEPTION' => array ( 'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException', 'message' => 'Signature data not found.', ), ), 'files_videoviewer' => array ( 'EXCEPTION' => array ( 'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException', 'message' => 'Signature data not found.', ), ), 'firstrunwizard' => array ( 'EXCEPTION' => array ( 'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException', 'message' => 'Signature data not found.', ), ), 'gitsmart' => array ( 'EXCEPTION' => array ( 'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException', 'message' => 'Signature data not found.', ), ), 'logreader' => array ( 'EXCEPTION' => array ( 'class' => 'OC\\IntegrityCheck\\Exceptions\\InvalidSignatureException', 'message' => 'Signature could not get verified.', ), ), 'password_policy' => array ( 'EXCEPTION' => array ( 'class' => 'OC\
  623. $expected = new DataDisplayResponse(
  624. 'Technical information
  625. =====================
  626. The following list covers which files have failed the integrity check. Please read
  627. the previous linked documentation to learn more about the errors and how to fix
  628. them.
  630. Results
  631. =======
  632. - core
  633. - EXTRA_FILE
  634. - /testfile
  635. - INVALID_HASH
  636. - /.idea/workspace.xml
  637. - /lib/private/integritycheck/checker.php
  638. - /settings/controller/checksetupcontroller.php
  639. - bookmarks
  640. - EXCEPTION
  641. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  642. - Signature data not found.
  643. - dav
  644. - EXCEPTION
  645. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  646. - Signature data not found.
  647. - encryption
  648. - EXCEPTION
  649. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  650. - Signature data not found.
  651. - external
  652. - EXCEPTION
  653. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  654. - Signature data not found.
  655. - federation
  656. - EXCEPTION
  657. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  658. - Signature data not found.
  659. - files
  660. - EXCEPTION
  661. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  662. - Signature data not found.
  663. - files_antivirus
  664. - EXCEPTION
  665. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  666. - Signature data not found.
  667. - files_drop
  668. - EXCEPTION
  669. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  670. - Signature data not found.
  671. - files_external
  672. - EXCEPTION
  673. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  674. - Signature data not found.
  675. - files_pdfviewer
  676. - EXCEPTION
  677. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  678. - Signature data not found.
  679. - files_sharing
  680. - EXCEPTION
  681. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  682. - Signature data not found.
  683. - files_trashbin
  684. - EXCEPTION
  685. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  686. - Signature data not found.
  687. - files_versions
  688. - EXCEPTION
  689. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  690. - Signature data not found.
  691. - files_videoviewer
  692. - EXCEPTION
  693. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  694. - Signature data not found.
  695. - firstrunwizard
  696. - EXCEPTION
  697. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  698. - Signature data not found.
  699. - gitsmart
  700. - EXCEPTION
  701. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  702. - Signature data not found.
  703. - logreader
  704. - EXCEPTION
  705. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  706. - Signature could not get verified.
  707. - password_policy
  708. - EXCEPTION
  709. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  710. - Signature data not found.
  711. - provisioning_api
  712. - EXCEPTION
  713. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  714. - Signature data not found.
  715. - sketch
  716. - EXCEPTION
  717. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  718. - Signature data not found.
  719. - threatblock
  720. - EXCEPTION
  721. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  722. - Signature data not found.
  723. - two_factor_auth
  724. - EXCEPTION
  725. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  726. - Signature data not found.
  727. - user_ldap
  728. - EXCEPTION
  729. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  730. - Signature data not found.
  731. - user_shibboleth
  732. - EXCEPTION
  733. - OC\IntegrityCheck\Exceptions\InvalidSignatureException
  734. - Signature data not found.
  736. Raw output
  737. ==========
  738. Array
  739. (
  740. [core] => Array
  741. (
  742. [EXTRA_FILE] => Array
  743. (
  744. [/testfile] => Array
  745. (
  746. )
  748. )
  750. [INVALID_HASH] => Array
  751. (
  752. [/.idea/workspace.xml] => Array
  753. (
  754. [expected] => f1c5e2630d784bc9cb02d5a28f55d6f24d06dae2a0fee685f3c2521b050955d9d452769f61454c9ddfa9c308146ade10546cfa829794448eaffbc9a04a29d216
  755. [current] => ce08bf30bcbb879a18b49239a9bec6b8702f52452f88a9d32142cad8d2494d5735e6bfa0d8642b2762c62ca5be49f9bf4ec231d4a230559d4f3e2c471d3ea094
  756. )
  758. [/lib/private/integritycheck/checker.php] => Array
  759. (
  760. [expected] => c5a03bacae8dedf8b239997901ba1fffd2fe51271d13a00cc4b34b09cca5176397a89fc27381cbb1f72855fa18b69b6f87d7d5685c3b45aee373b09be54742ea
  761. [current] => 88a3a92c11db91dec1ac3be0e1c87f862c95ba6ffaaaa3f2c3b8f682187c66f07af3a3b557a868342ef4a271218fe1c1e300c478e6c156c5955ed53c40d06585
  762. )
  764. [/settings/controller/checksetupcontroller.php] => Array
  765. (
  766. [expected] => 3e1de26ce93c7bfe0ede7c19cb6c93cadc010340225b375607a7178812e9de163179b0dc33809f451e01f491d93f6f5aaca7929685d21594cccf8bda732327c4
  767. [current] => 09563164f9904a837f9ca0b5f626db56c838e5098e0ccc1d8b935f68fa03a25c5ec6f6b2d9e44a868e8b85764dafd1605522b4af8db0ae269d73432e9a01e63a
  768. )
  770. )
  772. )
  774. [bookmarks] => Array
  775. (
  776. [EXCEPTION] => Array
  777. (
  778. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  779. [message] => Signature data not found.
  780. )
  782. )
  784. [dav] => Array
  785. (
  786. [EXCEPTION] => Array
  787. (
  788. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  789. [message] => Signature data not found.
  790. )
  792. )
  794. [encryption] => Array
  795. (
  796. [EXCEPTION] => Array
  797. (
  798. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  799. [message] => Signature data not found.
  800. )
  802. )
  804. [external] => Array
  805. (
  806. [EXCEPTION] => Array
  807. (
  808. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  809. [message] => Signature data not found.
  810. )
  812. )
  814. [federation] => Array
  815. (
  816. [EXCEPTION] => Array
  817. (
  818. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  819. [message] => Signature data not found.
  820. )
  822. )
  824. [files] => Array
  825. (
  826. [EXCEPTION] => Array
  827. (
  828. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  829. [message] => Signature data not found.
  830. )
  832. )
  834. [files_antivirus] => Array
  835. (
  836. [EXCEPTION] => Array
  837. (
  838. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  839. [message] => Signature data not found.
  840. )
  842. )
  844. [files_drop] => Array
  845. (
  846. [EXCEPTION] => Array
  847. (
  848. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  849. [message] => Signature data not found.
  850. )
  852. )
  854. [files_external] => Array
  855. (
  856. [EXCEPTION] => Array
  857. (
  858. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  859. [message] => Signature data not found.
  860. )
  862. )
  864. [files_pdfviewer] => Array
  865. (
  866. [EXCEPTION] => Array
  867. (
  868. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  869. [message] => Signature data not found.
  870. )
  872. )
  874. [files_sharing] => Array
  875. (
  876. [EXCEPTION] => Array
  877. (
  878. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  879. [message] => Signature data not found.
  880. )
  882. )
  884. [files_trashbin] => Array
  885. (
  886. [EXCEPTION] => Array
  887. (
  888. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  889. [message] => Signature data not found.
  890. )
  892. )
  894. [files_versions] => Array
  895. (
  896. [EXCEPTION] => Array
  897. (
  898. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  899. [message] => Signature data not found.
  900. )
  902. )
  904. [files_videoviewer] => Array
  905. (
  906. [EXCEPTION] => Array
  907. (
  908. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  909. [message] => Signature data not found.
  910. )
  912. )
  914. [firstrunwizard] => Array
  915. (
  916. [EXCEPTION] => Array
  917. (
  918. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  919. [message] => Signature data not found.
  920. )
  922. )
  924. [gitsmart] => Array
  925. (
  926. [EXCEPTION] => Array
  927. (
  928. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  929. [message] => Signature data not found.
  930. )
  932. )
  934. [logreader] => Array
  935. (
  936. [EXCEPTION] => Array
  937. (
  938. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  939. [message] => Signature could not get verified.
  940. )
  942. )
  944. [password_policy] => Array
  945. (
  946. [EXCEPTION] => Array
  947. (
  948. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  949. [message] => Signature data not found.
  950. )
  952. )
  954. [provisioning_api] => Array
  955. (
  956. [EXCEPTION] => Array
  957. (
  958. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  959. [message] => Signature data not found.
  960. )
  962. )
  964. [sketch] => Array
  965. (
  966. [EXCEPTION] => Array
  967. (
  968. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  969. [message] => Signature data not found.
  970. )
  972. )
  974. [threatblock] => Array
  975. (
  976. [EXCEPTION] => Array
  977. (
  978. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  979. [message] => Signature data not found.
  980. )
  982. )
  984. [two_factor_auth] => Array
  985. (
  986. [EXCEPTION] => Array
  987. (
  988. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  989. [message] => Signature data not found.
  990. )
  992. )
  994. [user_ldap] => Array
  995. (
  996. [EXCEPTION] => Array
  997. (
  998. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  999. [message] => Signature data not found.
  1000. )
  1002. )
  1004. [user_shibboleth] => Array
  1005. (
  1006. [EXCEPTION] => Array
  1007. (
  1008. [class] => OC\IntegrityCheck\Exceptions\InvalidSignatureException
  1009. [message] => Signature data not found.
  1010. )
  1012. )
  1014. )
  1015. ',
  1016. Http::STATUS_OK,
  1017. [
  1018. 'Content-Type' => 'text/plain',
  1019. ]
  1020. );
  1021. $this->assertEquals($expected, $this->checkSetupController->getFailedIntegrityCheckFiles());
  1022. }
  1023. }