Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

occ web executor #24957

Merged
merged 2 commits into from
Jun 22, 2016
Merged

occ web executor #24957

merged 2 commits into from
Jun 22, 2016

Conversation

VicDeo
Copy link
Member

@VicDeo VicDeo commented Jun 1, 2016

As per #21985

@VicDeo VicDeo added this to the 9.1-current milestone Jun 1, 2016
@DeepDiver1975
Copy link
Member

Nice! Go for it!

@mmattel
Copy link
Contributor

mmattel commented Jun 2, 2016

Reminder:
We must not forget to check Apache/nginx rules to allow web access for the occ command (according to #21985 https://domain.tld/owncloud/index.php/occ/app:list?format=json).

Maybe also a check in core if web access to occ is possible and log this - else we never find why it is not working...

Possible changes needed:

  • Apache (in core)
 RewriteRule ^(\.|autotest|occ|issue|indie|db_|console).* - [R=404,L]
  • nginx (in the documentation):
location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
        deny all;
    }

@nickvergessen
Copy link
Contributor

Woot index.php/occ is called, not the occ file directly?

@PVince81
Copy link
Contributor

PVince81 commented Jun 2, 2016

Woot index.php/occ is called, not the occ file directly?

Probably because the ajax request needs to be translated to actual arguments.
Might work as well to call the "occ" one directly but then you lose the advantage of routing / parameter mapping.

@nickvergessen
Copy link
Contributor

Probably because the ajax request needs to be translated to actual arguments.
Might work as well to call the "occ" one directly but then you lose the advantage of routing / parameter mapping.

Well you shouldn't call it directly, because it's a bash file ;) But that is exactly what I wanted to point out. The occ file is still not needed to be accessible, so why should any rewrite rule require changing?

@mmattel
Copy link
Contributor

mmattel commented Jun 2, 2016

@nickvergessen you are right.
I have overseen that https://domain.tld/owncloud/index.php/occ/app:list?format=json does not access occ via ownclouds root as a shell script. Root access is covered and secured by the rewrite rules. Sorry for the confusion. 😄

@DeepDiver1975
Copy link
Member

@VicDeo what's the status with this? THX

@PVince81
Copy link
Contributor

Code already looks good so far

nickvergessen
nickvergessen reviewed Jun 13, 2016
View reviewed changes
core/Controller/OccController.php
'app:getpath',
'app:list',
'check',
'config:list',
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we check on the parameters? --private should not be allowed, because otherwise you can get the plaintext database, mail and other passwords.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@nickvergessen --private is required to read updater.secret see owncloud/updater#233

@VicDeo
Copy link
Member Author

VicDeo commented Jun 13, 2016
edited
Loading

@PVince81 The last step is

  • Bypass maintenance mode

@VicDeo VicDeo changed the title [WIP] occ web executor occ web executor Jun 13, 2016
@PVince81
Copy link
Contributor

@VicDeo when you change labels please post a comment. Changing labels doesn't trigger a github notification.

So this is ready for review ?

nickvergessen
nickvergessen reviewed Jun 15, 2016
View reviewed changes
core/Controller/OccController.php
'upgrade'
];

public function __construct($appName, IRequest $request) {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just leave this out?

@VicDeo VicDeo mentioned this pull request Jun 15, 2016
Merged
6 tasks
@VicDeo
Copy link
Member Author

VicDeo commented Jun 15, 2016

@nickvergessen thanks, everything's addressed

@DeepDiver1975 DeepDiver1975 self-assigned this Jun 20, 2016
@DeepDiver1975
Copy link
Member

OccController has no unit tests - this has to be added please

@VicDeo
Copy link
Member Author

VicDeo commented Jun 21, 2016

@DeepDiver1975 done

@DeepDiver1975
Copy link
Member

@VicDeo integration tests look fishy - please have a look

21:23:59 [Mon Jun 20 21:24:55 2016] Argument 1 passed to OC::checkMaintenanceMode() must implement interface OCP\IRequest, none given, called in /ssd/jenkins/workspace/ocs-api-integration-tests-ci/public.php on line 38 and defined at /ssd/jenkins/workspace/ocs-api-integration-tests-ci/lib/base.php#280
21:23:59 [Mon Jun 20 21:24:55 2016] Undefined variable: request at /ssd/jenkins/workspace/ocs-api-integration-tests-ci/lib/base.php#282
21:23:59 [Mon Jun 20 21:24:55 2016] PHP Fatal error:  Call to a member function getScriptName() on null in /ssd/jenkins/workspace/ocs-api-integration-tests-ci/lib/base.php on line 282
21:23:59 [Mon Jun 20 21:24:55 2016] PHP Stack trace:
21:23:59 [Mon Jun 20 21:24:55 2016] PHP   1. {main}() /ssd/jenkins/workspace/ocs-api-integration-tests-ci/public.php:0
21:23:59 [Mon Jun 20 21:24:55 2016] PHP   2. OC::checkMaintenanceMode() /ssd/jenkins/workspace/ocs-api-integration-tests-ci/public.php:38
21:23:59 [Mon Jun 20 21:24:55 2016] ::1:56378 [500]: /public.php/webdav/ - Call to a member function getScriptName() on null in /ssd/jenkins/workspace/ocs-api-integration-tests-ci/lib/base.php on line 282
21:23:59 [Mon Jun 20 21:24:55 2016] Call to a member function getScriptName() on null at /ssd/jenkins/workspace/ocs-api-integration-tests-ci/lib/base.php#282
21:23:59 [Mon Jun 20 21:24:55 2016] Internal Server Error

DeepDiver1975
DeepDiver1975 reviewed Jun 21, 2016
View reviewed changes
tests/Core/Controller/OccControllerTest.php
private $controller;

public static function setUpBeforeClass(){
self::$oldSecret = \OC::$server->getConfig()->setSystemValue('updater.secret', '');
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@VicDeo please inject an instance of IConfig into the OccController and mock this onject for testing. THX

VicDeo and others added 2 commits June 21, 2016 14:41
@VicDeo @DeepDiver1975
Initial web executor
8b9b515
@DeepDiver1975
Fix PHPDoc
ab477f9 
Fix broken integration test

OccControllerTests do not require database access - moch them all!

Kill unused sprintf
VicDeo
VicDeo reviewed Jun 21, 2016
View reviewed changes
tests/Core/Controller/OccControllerTest.php
->willReturnCallback(
function ($input, $output) {
/** @var Output $output */
$output->writeln('{"installed":true,"version":"9.1.0.8","versionstring":"9.1.0 beta 2","edition":""}');
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@DeepDiver1975 I didn't go this way because it requires adjustment with any version bump.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not really relevant because we don't assert on the version.

@DeepDiver1975
Copy link
Member

👍

@DeepDiver1975 DeepDiver1975 merged commit 854352d into master Jun 22, 2016
@DeepDiver1975 DeepDiver1975 deleted the web-executor branch June 22, 2016 11:12
DeepDiver1975 pushed a commit that referenced this pull request Jun 22, 2016
@VicDeo @DeepDiver1975
occ web executor (#24957)
b027cd6 
* Initial web executor

* Fix PHPDoc

Fix broken integration test

OccControllerTests do not require database access - moch them all!

Kill unused sprintf
@DeepDiver1975 DeepDiver1975 mentioned this pull request Jun 22, 2016
Merged
@PVince81
Copy link
Contributor

stable9: #25222

DeepDiver1975 pushed a commit that referenced this pull request Jun 27, 2016
@VicDeo @DeepDiver1975
occ web executor (#24957)
e42c088 
* Initial web executor

* Fix PHPDoc

Fix broken integration test

OccControllerTests do not require database access - moch them all!

Kill unused sprintf
DeepDiver1975 pushed a commit that referenced this pull request Jul 1, 2016
@VicDeo @DeepDiver1975
occ web executor (#24957)
9fcb269 
* Initial web executor

* Fix PHPDoc

Fix broken integration test

OccControllerTests do not require database access - moch them all!

Kill unused sprintf
@MorrisJobke MorrisJobke mentioned this pull request Jul 7, 2016
Merged
@lock
Copy link

lock bot commented Aug 5, 2019

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@lock lock bot locked as resolved and limited conversation to collaborators Aug 5, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees

@DeepDiver1975 DeepDiver1975

Labels
3 - To Review feature:update sev2-high
Projects
None yet
Milestone
9.1
Development

Successfully merging this pull request may close these issues.
5 participants
@VicDeo @DeepDiver1975 @mmattel @nickvergessen @PVince81