Clean up single user mode

Single user mode basically disables WebDAV, OCS and cron execution. Since
we heavily rely on WebDAV and OCS also in the web UI it's basically useless.
An admin only sees a broken interface and can't even change any settings nor
sees any files. Also sharing is not possible.

As this is at least the case since Nextcloud 9 and we haven't received any
reports for this it seems that this feature is not used at all so I removed it.

The encryption commands now rely on the well tested maintenance mode.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>

apps/dav/lib/Connector/Sabre/MaintenancePlugin.php

@@ -78,9 +78,6 @@ class MaintenancePlugin extends ServerPlugin {
 	 * @return bool
 	 */
 	public function checkMaintenanceMode() {
-		if ($this->config->getSystemValue('singleuser', false)) {
-			throw new ServiceUnavailable('System in single user mode.');
-		}
 		if ($this->config->getSystemValue('maintenance', false)) {
 			throw new ServiceUnavailable('System in maintenance mode.');
 		}

apps/dav/tests/unit/Connector/Sabre/MaintenancePluginTest.php

@@ -48,27 +48,13 @@ class MaintenancePluginTest extends TestCase {
 
 	/**
 	 * @expectedException \Sabre\DAV\Exception\ServiceUnavailable
-	 * @expectedExceptionMessage System in single user mode.
-	 */
-	public function testSingleUserMode() {
-		$this->config
-			->expects($this->once())
-			->method('getSystemValue')
-			->with('singleuser', false)
-			->will($this->returnValue(true));
-
-		$this->maintenancePlugin->checkMaintenanceMode();
-	}
-
-	/**
-	 * @expectedException \Sabre\DAV\Exception\ServiceUnavailable
-	 * @expectedExceptionMessage System in single user mode.
+	 * @expectedExceptionMessage System in maintenance mode.
 	 */
 	public function testMaintenanceMode() {
 		$this->config
 			->expects($this->exactly(1))
 			->method('getSystemValue')
-			->will($this->onConsecutiveCalls([false, true]));
+			->will($this->returnValue(true));
 
 		$this->maintenancePlugin->checkMaintenanceMode();
 	}

config/config.sample.php

@@ -984,14 +984,6 @@ $CONFIG = array(
  */
 'maintenance' => false,
 
-/**
- * When set to ``true``, the Nextcloud instance will be unavailable for all
- * users who are not in the ``admin`` group.
- *
- * Defaults to ``false``
- */
-'singleuser' => false,
-
 
 /**
  * SSL

core/Command/Encryption/DecryptAll.php

@@ -54,7 +54,7 @@ class DecryptAll extends Command {
 	protected $wasTrashbinEnabled;
 
 	/** @var  bool */
-	protected $wasSingleUserModeEnabled;
+	protected $wasMaintenanceModeEnabled;
 
 	/** @var \OC\Encryption\DecryptAll */
 	protected $decryptAll;
@@ -83,20 +83,20 @@ class DecryptAll extends Command {
 	}
 
 	/**
-	 * Set single user mode and disable the trashbin app
+	 * Set maintenance mode and disable the trashbin app
 	 */
-	protected function forceSingleUserAndTrashbin() {
+	protected function forceMaintenanceAndTrashbin() {
 		$this->wasTrashbinEnabled = $this->appManager->isEnabledForUser('files_trashbin');
-		$this->wasSingleUserModeEnabled = $this->config->getSystemValue('singleuser', false);
-		$this->config->setSystemValue('singleuser', true);
+		$this->wasMaintenanceModeEnabled = $this->config->getSystemValue('maintenance', false);
+		$this->config->setSystemValue('maintenance', true);
 		$this->appManager->disableApp('files_trashbin');
 	}
 
 	/**
-	 * Reset the single user mode and re-enable the trashbin app
+	 * Reset the maintenance mode and re-enable the trashbin app
 	 */
-	protected function resetSingleUserAndTrashbin() {
-		$this->config->setSystemValue('singleuser', $this->wasSingleUserModeEnabled);
+	protected function resetMaintenanceAndTrashbin() {
+		$this->config->setSystemValue('maintenance', $this->wasMaintenanceModeEnabled);
 		if ($this->wasTrashbinEnabled) {
 			$this->appManager->enableApp('files_trashbin');
 		}
@@ -147,7 +147,7 @@ class DecryptAll extends Command {
 			$output->writeln('');
 			$question = new ConfirmationQuestion('Do you really want to continue? (y/n) ', false);
 			if ($this->questionHelper->ask($input, $output, $question)) {
-				$this->forceSingleUserAndTrashbin();
+				$this->forceMaintenanceAndTrashbin();
 				$user = $input->getArgument('user');
 				$result = $this->decryptAll->decryptAll($input, $output, $user);
 				if ($result === false) {
@@ -158,7 +158,7 @@ class DecryptAll extends Command {
 					$output->writeln('Server side encryption remains enabled');
 					$this->config->setAppValue('core', 'encryption_enabled', 'yes');
 				}
-				$this->resetSingleUserAndTrashbin();
+				$this->resetMaintenanceAndTrashbin();
 			} else {
 				$output->write('Enable server side encryption... ');
 				$this->config->setAppValue('core', 'encryption_enabled', 'yes');
@@ -168,7 +168,7 @@ class DecryptAll extends Command {
 		} catch (\Exception $e) {
 			// enable server side encryption again if something went wrong
 			$this->config->setAppValue('core', 'encryption_enabled', 'yes');
-			$this->resetSingleUserAndTrashbin();
+			$this->resetMaintenanceAndTrashbin();
 			throw $e;
 		}
 

core/Command/Encryption/EncryptAll.php

@@ -50,7 +50,7 @@ class EncryptAll extends Command {
 	protected $wasTrashbinEnabled;
 
 	/** @var  bool */
-	protected $wasSingleUserModeEnabled;
+	protected $wasMaintenanceModeEnabled;
 
 	/**
 	 * @param IManager $encryptionManager
@@ -72,20 +72,20 @@ class EncryptAll extends Command {
 	}
 
 	/**
-	 * Set single user mode and disable the trashbin app
+	 * Set maintenance mode and disable the trashbin app
 	 */
-	protected function forceSingleUserAndTrashbin() {
+	protected function forceMaintenanceAndTrashbin() {
 		$this->wasTrashbinEnabled = $this->appManager->isEnabledForUser('files_trashbin');
-		$this->wasSingleUserModeEnabled = $this->config->getSystemValue('singleuser', false);
-		$this->config->setSystemValue('singleuser', true);
+		$this->wasMaintenanceModeEnabled = $this->config->getSystemValue('maintenance', false);
+		$this->config->setSystemValue('maintenance', true);
 		$this->appManager->disableApp('files_trashbin');
 	}
 
 	/**
-	 * Reset the single user mode and re-enable the trashbin app
+	 * Reset the maintenance mode and re-enable the trashbin app
 	 */
-	protected function resetSingleUserAndTrashbin() {
-		$this->config->setSystemValue('singleuser', $this->wasSingleUserModeEnabled);
+	protected function resetMaintenanceAndTrashbin() {
+		$this->config->setSystemValue('maintenance', $this->wasMaintenanceModeEnabled);
 		if ($this->wasTrashbinEnabled) {
 			$this->appManager->enableApp('files_trashbin');
 		}
@@ -116,17 +116,17 @@ class EncryptAll extends Command {
 		$output->writeln('');
 		$question = new ConfirmationQuestion('Do you really want to continue? (y/n) ', false);
 		if ($this->questionHelper->ask($input, $output, $question)) {
-			$this->forceSingleUserAndTrashbin();
+			$this->forceMaintenanceAndTrashbin();
 
 			try {
 				$defaultModule = $this->encryptionManager->getEncryptionModule();
 				$defaultModule->encryptAll($input, $output);
 			} catch (\Exception $ex) {
-				$this->resetSingleUserAndTrashbin();
+				$this->resetMaintenanceAndTrashbin();
 				throw $ex;
 			}
 
-			$this->resetSingleUserAndTrashbin();
+			$this->resetMaintenanceAndTrashbin();
 		} else {
 			$output->writeln('aborted');
 		}

core/Command/Maintenance/SingleUser.php

@@ -1,79 +0,0 @@
-<?php
-/**
- * @copyright Copyright (c) 2016, ownCloud, Inc.
- *
- * @author Morris Jobke <hey@morrisjobke.de>
- * @author Robin Appelman <robin@icewind.nl>
- *
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program.  If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-namespace OC\Core\Command\Maintenance;
-
-use Symfony\Component\Console\Command\Command;
-use Symfony\Component\Console\Input\InputInterface;
-use Symfony\Component\Console\Input\InputOption;
-use Symfony\Component\Console\Output\OutputInterface;
-
-use OCP\IConfig;
-
-class SingleUser extends Command {
-
-	/** @var IConfig */
-	protected $config;
-
-	/**
-	 * @param IConfig $config
-	 */
-	public function __construct(IConfig $config) {
-		$this->config = $config;
-		parent::__construct();
-	}
-
-	protected function configure() {
-		$this
-			->setName('maintenance:singleuser')
-			->setDescription('set single user mode')
-			->addOption(
-				'on',
-				null,
-				InputOption::VALUE_NONE,
-				'enable single user mode'
-			)
-			->addOption(
-				'off',
-				null,
-				InputOption::VALUE_NONE,
-				'disable single user mode'
-			);
-	}
-
-	protected function execute(InputInterface $input, OutputInterface $output) {
-		if ($input->getOption('on')) {
-			$this->config->setSystemValue('singleuser', true);
-			$output->writeln('Single user mode enabled');
-		} elseif ($input->getOption('off')) {
-			$this->config->setSystemValue('singleuser', false);
-			$output->writeln('Single user mode disabled');
-		} else {
-			if ($this->config->getSystemValue('singleuser', false)) {
-				$output->writeln('Single user mode is currently enabled');
-			} else {
-				$output->writeln('Single user mode is currently disabled');
-			}
-		}
-	}
-}

core/register_command.php

@@ -123,7 +123,6 @@ if (\OC::$server->getConfig()->getSystemValue('installed', false)) {
 	$application->add(new OC\Core\Command\Maintenance\Mimetype\UpdateDB(\OC::$server->getMimeTypeDetector(), \OC::$server->getMimeTypeLoader()));
 	$application->add(new OC\Core\Command\Maintenance\Mimetype\UpdateJS(\OC::$server->getMimeTypeDetector()));
 	$application->add(new OC\Core\Command\Maintenance\Mode(\OC::$server->getConfig()));
-	$application->add(new OC\Core\Command\Maintenance\SingleUser(\OC::$server->getConfig()));
 	$application->add(new OC\Core\Command\Maintenance\UpdateHtaccess());
 
 	$application->add(new OC\Core\Command\Upgrade(\OC::$server->getConfig(), \OC::$server->getLogger()));

cron.php

@@ -50,11 +50,6 @@ try {
 		exit;
 	}
 
-	if (\OC::$server->getSystemConfig()->getValue('singleuser', false)) {
-		\OCP\Util::writeLog('cron', 'We are in admin only mode, skipping cron', \OCP\Util::DEBUG);
-		exit;
-	}
-
 	// load all apps to get all api routes properly setup
 	OC_App::loadApps();
 

lib/base.php

@@ -286,32 +286,6 @@ class OC {
 		}
 	}
 
-	public static function checkSingleUserMode($lockIfNoUserLoggedIn = false) {
-		if (!\OC::$server->getSystemConfig()->getValue('singleuser', false)) {
-			return;
-		}
-		$user = OC_User::getUserSession()->getUser();
-		if ($user) {
-			$group = \OC::$server->getGroupManager()->get('admin');
-			if ($group->inGroup($user)) {
-				return;
-			}
-		} else {
-			if(!$lockIfNoUserLoggedIn) {
-				return;
-			}
-		}
-		// send http status 503
-		header('HTTP/1.1 503 Service Temporarily Unavailable');
-		header('Status: 503 Service Temporarily Unavailable');
-		header('Retry-After: 120');
-
-		// render error page
-		$template = new OC_Template('', 'singleuser.user', 'guest');
-		$template->printPage();
-		die();
-	}
-
 	/**
 	 * Checks if the version requires an update and shows
 	 * @param bool $showTemplate Whether an update screen should get shown
@@ -990,7 +964,6 @@ class OC {
 					OC_App::loadApps(array('filesystem', 'logging'));
 					OC_App::loadApps();
 				}
-				self::checkSingleUserMode();
 				OC_Util::setupFS();
 				OC::$server->getRouter()->match(\OC::$server->getRequest()->getRawPathInfo());
 				return;

lib/composer/composer/autoload_classmap.php

@@ -411,7 +411,6 @@ return array(
     'OC\\Core\\Command\\Maintenance\\Mimetype\\UpdateJS' => $baseDir . '/core/Command/Maintenance/Mimetype/UpdateJS.php',
     'OC\\Core\\Command\\Maintenance\\Mode' => $baseDir . '/core/Command/Maintenance/Mode.php',
     'OC\\Core\\Command\\Maintenance\\Repair' => $baseDir . '/core/Command/Maintenance/Repair.php',
-    'OC\\Core\\Command\\Maintenance\\SingleUser' => $baseDir . '/core/Command/Maintenance/SingleUser.php',
     'OC\\Core\\Command\\Maintenance\\UpdateHtaccess' => $baseDir . '/core/Command/Maintenance/UpdateHtaccess.php',
     'OC\\Core\\Command\\Security\\ImportCertificate' => $baseDir . '/core/Command/Security/ImportCertificate.php',
     'OC\\Core\\Command\\Security\\ListCertificates' => $baseDir . '/core/Command/Security/ListCertificates.php',

lib/composer/composer/autoload_static.php

@@ -441,7 +441,6 @@ class ComposerStaticInit53792487c5a8370acc0b06b1a864ff4c
         'OC\\Core\\Command\\Maintenance\\Mimetype\\UpdateJS' => __DIR__ . '/../../..' . '/core/Command/Maintenance/Mimetype/UpdateJS.php',
         'OC\\Core\\Command\\Maintenance\\Mode' => __DIR__ . '/../../..' . '/core/Command/Maintenance/Mode.php',
         'OC\\Core\\Command\\Maintenance\\Repair' => __DIR__ . '/../../..' . '/core/Command/Maintenance/Repair.php',
-        'OC\\Core\\Command\\Maintenance\\SingleUser' => __DIR__ . '/../../..' . '/core/Command/Maintenance/SingleUser.php',
         'OC\\Core\\Command\\Maintenance\\UpdateHtaccess' => __DIR__ . '/../../..' . '/core/Command/Maintenance/UpdateHtaccess.php',
         'OC\\Core\\Command\\Security\\ImportCertificate' => __DIR__ . '/../../..' . '/core/Command/Security/ImportCertificate.php',
         'OC\\Core\\Command\\Security\\ListCertificates' => __DIR__ . '/../../..' . '/core/Command/Security/ListCertificates.php',

ocs/v1.php

@@ -32,8 +32,7 @@
 require_once __DIR__ . '/../lib/base.php';
 
 if (\OCP\Util::needUpgrade()
-	|| \OC::$server->getSystemConfig()->getValue('maintenance', false)
-	|| \OC::$server->getSystemConfig()->getValue('singleuser', false)) {
+	|| \OC::$server->getSystemConfig()->getValue('maintenance', false)) {
 	// since the behavior of apps or remotes are unpredictable during
 	// an upgrade, return a 503 directly
 	OC_Response::setStatus(OC_Response::STATUS_SERVICE_UNAVAILABLE);

public.php

@@ -39,7 +39,6 @@ try {
 	}
 
 	OC::checkMaintenanceMode();
-	OC::checkSingleUserMode(true);
 	$request = \OC::$server->getRequest();
 	$pathInfo = $request->getPathInfo();
 

tests/Core/Command/Encryption/DecryptAllTest.php

@@ -77,7 +77,7 @@ class DecryptAllTest extends TestCase {
 
 		$this->config->expects($this->any())
 			->method('getSystemValue')
-			->with('singleuser', false)
+			->with('maintenance', false)
 			->willReturn(false);
 		$this->appManager->expects($this->any())
 			->method('isEnabledForUser')
@@ -85,12 +85,12 @@ class DecryptAllTest extends TestCase {
 
 	}
 
-	public function testSingleUserAndTrashbin() {
+	public function testMaintenanceAndTrashbin() {
 
 		// on construct we enable single-user-mode and disable the trash bin
 		$this->config->expects($this->at(1))
 			->method('setSystemValue')
-			->with('singleuser', true);
+			->with('maintenance', true);
 		$this->appManager->expects($this->once())
 			->method('disableApp')
 			->with('files_trashbin');
@@ -98,7 +98,7 @@ class DecryptAllTest extends TestCase {
 		// on destruct wi disable single-user-mode again and enable the trash bin
 		$this->config->expects($this->at(2))
 			->method('setSystemValue')
-			->with('singleuser', false);
+			->with('maintenance', false);
 		$this->appManager->expects($this->once())
 			->method('enableApp')
 			->with('files_trashbin');
@@ -110,16 +110,16 @@ class DecryptAllTest extends TestCase {
 			$this->decryptAll,
 			$this->questionHelper
 		);
-		$this->invokePrivate($instance, 'forceSingleUserAndTrashbin');
+		$this->invokePrivate($instance, 'forceMaintenanceAndTrashbin');
 
 		$this->assertTrue(
 			$this->invokePrivate($instance, 'wasTrashbinEnabled')
 		);
 
 		$this->assertFalse(
-			$this->invokePrivate($instance, 'wasSingleUserModeEnabled')
+			$this->invokePrivate($instance, 'wasMaintenanceModeEnabled')
 		);
-		$this->invokePrivate($instance, 'resetSingleUserAndTrashbin');
+		$this->invokePrivate($instance, 'resetMaintenanceAndTrashbin');
 	}
 
 	/**

tests/Core/Command/Encryption/EncryptAllTest.php

@@ -88,13 +88,13 @@ class EncryptAllTest extends TestCase {
 		$this->appManager->expects($this->once())->method('disableApp')->with('files_trashbin');
 		// enable single user mode to avoid that other user login during encryption
 		// destructor should disable the single user mode again
-		$this->config->expects($this->once())->method('getSystemValue')->with('singleuser', false)->willReturn(false);
-		$this->config->expects($this->at(1))->method('setSystemValue')->with('singleuser', true);
-		$this->config->expects($this->at(2))->method('setSystemValue')->with('singleuser', false);
+		$this->config->expects($this->once())->method('getSystemValue')->with('maintenance', false)->willReturn(false);
+		$this->config->expects($this->at(1))->method('setSystemValue')->with('maintenance', true);
+		$this->config->expects($this->at(2))->method('setSystemValue')->with('maintenance', false);
 
 		$instance = new EncryptAll($this->encryptionManager, $this->appManager, $this->config, $this->questionHelper);
-		$this->invokePrivate($instance, 'forceSingleUserAndTrashbin');
-		$this->invokePrivate($instance, 'resetSingleUserAndTrashbin');
+		$this->invokePrivate($instance, 'forceMaintenanceAndTrashbin');
+		$this->invokePrivate($instance, 'resetMaintenanceAndTrashbin');
 	}
 
 	/**

tests/Core/Command/Maintenance/SingleUserTest.php

@@ -1,132 +0,0 @@
-<?php
-/**
- * @author Morris Jobke <hey@morrisjobke.de>
- *
- * @copyright Copyright (c) 2015, ownCloud, Inc.
- * @license AGPL-3.0
- *
- * This code is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License, version 3,
- * as published by the Free Software Foundation.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License, version 3,
- * along with this program.  If not, see <http://www.gnu.org/licenses/>
- *
- */
-
-namespace Tests\Core\Command\Maintenance;
-
-
-use OC\Core\Command\Maintenance\SingleUser;
-use OCP\IConfig;
-use Symfony\Component\Console\Input\InputInterface;
-use Symfony\Component\Console\Output\OutputInterface;
-use Test\TestCase;
-
-class SingleUserTest extends TestCase {
-	/** @var \PHPUnit_Framework_MockObject_MockObject */
-	protected $config;
-	/** @var \PHPUnit_Framework_MockObject_MockObject */
-	protected $consoleInput;
-	/** @var \PHPUnit_Framework_MockObject_MockObject */
-	protected $consoleOutput;
-
-	/** @var \Symfony\Component\Console\Command\Command */
-	protected $command;
-
-	protected function setUp() {
-		parent::setUp();
-
-		$config = $this->config = $this->getMockBuilder(IConfig::class)
-			->disableOriginalConstructor()
-			->getMock();
-		$this->consoleInput = $this->getMockBuilder(InputInterface::class)->getMock();
-		$this->consoleOutput = $this->getMockBuilder(OutputInterface::class)->getMock();
-
-		/** @var \OCP\IConfig $config */
-		$this->command = new SingleUser($config);
-	}
-
-	public function testChangeStateToOn() {
-
-		$this->consoleInput->expects($this->once())
-			->method('getOption')
-			->with('on')
-			->willReturn(true);
-
-		$this->config->expects($this->once())
-			->method('setSystemValue')
-			->with('singleuser', true);
-
-		$this->consoleOutput->expects($this->once())
-			->method('writeln')
-			->with('Single user mode enabled');
-
-		self::invokePrivate($this->command, 'execute', [$this->consoleInput, $this->consoleOutput]);
-	}
-
-	public function testChangeStateToOff() {
-
-		$this->consoleInput->expects($this->at(0))
-			->method('getOption')
-			->with('on')
-			->willReturn(false);
-
-		$this->consoleInput->expects($this->at(1))
-			->method('getOption')
-			->with('off')
-			->willReturn(true);
-
-		$this->config->expects($this->once())
-			->method('setSystemValue')
-			->with('singleuser', false);
-
-		$this->consoleOutput->expects($this->once())
-			->method('writeln')
-			->with('Single user mode disabled');
-
-		self::invokePrivate($this->command, 'execute', [$this->consoleInput, $this->consoleOutput]);
-	}
-
-	public function stateData() {
-		return [
-			[ true, 'Single user mode is currently enabled' ],
-			[ false, 'Single user mode is currently disabled' ],
-		];
-	}
-
-	/**
-	 * @dataProvider stateData
-	 *
-	 * @param $state
-	 * @param $expectedOutput
-	 */
-	public function testState($state, $expectedOutput) {
-
-		$this->consoleInput->expects($this->at(0))
-			->method('getOption')
-			->with('on')
-			->willReturn(false);
-
-		$this->consoleInput->expects($this->at(1))
-			->method('getOption')
-			->with('off')
-			->willReturn(false);
-
-		$this->config->expects($this->once())
-			->method('getSystemValue')
-			->with('singleuser', false)
-			->willReturn($state);
-
-		$this->consoleOutput->expects($this->once())
-			->method('writeln')
-			->with($expectedOutput);
-
-		self::invokePrivate($this->command, 'execute', [$this->consoleInput, $this->consoleOutput]);
-	}
-}