Commit Graph

9937 Commits

Author SHA1 Message Date
Arthur Schiwon af91efd315
when downloading from web, skip files that are not accessible
* avoids a 403, but enables download of resources that are not restricted
* single file downloads still cause 403

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-12-19 13:05:10 +01:00
Arthur Schiwon 79eae96f45
use Nodes API for zip streaming
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-12-19 13:05:09 +01:00
Julius Härtl 9e5d6114d5
Use files node API for single file downloads
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-12-19 13:05:09 +01:00
Roeland Jago Douma 5d9fd7ba0c
Merge pull request #16792 from MichaIng/patch-1
Harden data and config protection .htaccess
2019-12-19 11:26:12 +01:00
Christoph Wurst 4ff11e3955
Do not generate tokens for editor IDs that do not exist
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-12-19 09:38:22 +01:00
Christoph Wurst cdd69c0f97
Only parse php7 code in app code checker
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-12-18 15:39:14 +01:00
Roeland Jago Douma 86dccffff9
Fix Office preview generation
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-12-18 08:36:30 +01:00
Julius Härtl de5384466c
Return empty template for default creators
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-12-16 17:22:53 +01:00
Joas Schilling faf58e4cac
Merge pull request #17018 from nextcloud/feature/noid/allow-to-force-enable-via-cli
Allow to force enable apps via CLI
2019-12-16 12:34:27 +01:00
Roeland Jago Douma 3b8fbf129e
Merge pull request #18384 from nextcloud/fix/18255/global_config_to_always_accept
config.php setting to always accept internal shares
2019-12-16 09:50:45 +01:00
Roeland Jago Douma bb4264c565
config.php setting to always accept internal shares
Part of #18255

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-12-16 09:07:25 +01:00
blizzz f7674c592c
Merge pull request #17494 from nextcloud/fix/16340/ignore-invalid-json
Return a default user record if json is broken
2019-12-13 15:43:36 +01:00
Joas Schilling 3eee359d7f
Allow to force enable apps via CLI
Co-authored-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-12-13 13:06:12 +01:00
Christoph Wurst b97d90e0c3
Log critical fallback to user default if we can't parse the JSON
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-12-13 12:39:29 +01:00
Daniel Kesselberg bbe41a73dd
Return a default user record if json is broken
It's possible that json_decode returns null. Mostly the json is broken.
AddMissingDefaultValues expects an array. Pass null will fail.

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-12-13 12:31:45 +01:00
Christoph Wurst b81b824da1
Add typed events for the filesystem/scanner
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-12-13 09:41:05 +01:00
Roeland Jago Douma c6e51924c8
Merge pull request #18236 from nextcloud/bugfix/noid/always-detect-mimetype-by-content-in-workflows
Allow to detect mimetype by content
2019-12-12 11:19:55 +01:00
Roeland Jago Douma 4356c91ffd
Fix detection of non extention types
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-12-12 09:58:22 +01:00
Roeland Jago Douma 97deaf85b9
Merge pull request #17935 from nextcloud/feature/noid/public-auth-for-circles
adding share type circles
2019-12-11 12:37:54 +01:00
Roeland Jago Douma c71e9de5ff
Merge pull request #18350 from nextcloud/enhancement/typed-group-events-II
Add typed events for all group hooks and legacy events
2019-12-11 12:28:03 +01:00
Christoph Wurst 917f1807fd
Merge pull request #18348 from nextcloud/enhancement/typed-user-events-II
Add typed events for all user hooks and legacy events
2019-12-11 12:02:32 +01:00
Christoph Wurst 7f71e67765
Merge pull request #18341 from kbucheli/handle_ipv6_address_with_explicit_interface
handle IPv6 addresses with an explict incoming interface at the end
2019-12-11 11:26:23 +01:00
Christoph Wurst db44cc859b
Merge pull request #18349 from nextcloud/techdebt/deprecate-hooks-emitter-symfony-dispatcher
Deprecate hooks, emitter and Symfony dispatcher mechanisms
2019-12-11 11:25:24 +01:00
Roeland Jago Douma 9a40ccfbf0
Merge pull request #18224 from nextcloud/bugfix/noid/direct-editing-path
Use file path for direct editing
2019-12-11 11:17:26 +01:00
Christoph Wurst 73fdb8e016
Add typed events for all group hooks and legacy events
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-12-11 10:22:21 +01:00
Christoph Wurst 723f017b12
Deprecate hooks, emitter and Symfony dispatcher mechanisms
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-12-11 10:04:36 +01:00
Christoph Wurst d808f9c053
Add typed events for all user hooks and legacy events
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-12-11 10:00:24 +01:00
Konrad Bucheli f2d3e34c96 handle IPv6 addresses with an explict incoming interface at the end (e.g fe80::ae2d:d1e7:fe1e:9a8d%enp2s0)
Signed-off-by: Konrad Bucheli <konrad.bucheli@gmx.ch>
Signed-off-by: Konrad Bucheli <kb@open.ch>
2019-12-10 22:47:20 +01:00
Roeland Jago Douma d66246cf94
Merge pull request #18312 from nextcloud/fix/18249/do_not_disable_auth_apps
Do not disable authentication apps
2019-12-10 14:43:15 +01:00
Roeland Jago Douma c9d77b7f7e
Merge pull request #18253 from nextcloud/bugfix/noid/broken-oracle-install
Pick a shorter name for the transfer ownership table
2019-12-10 13:28:33 +01:00
Roeland Jago Douma 47bc0cc8a8
Do not disable authentication apps
For #18249

If an app encounters an error during loading of app.php the app is
normally disabled. However. We should make sure that this doesn't happen
for authentication apps (looking at your user_saml).

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-12-10 12:02:16 +01:00
Roeland Jago Douma 162b47075a
Merge pull request #18297 from nextcloud/enh/notification_dismiss
Add interface for notification handler for dimissed events
2019-12-10 11:30:19 +01:00
Roeland Jago Douma 4fad9e4e6b
Merge pull request #18314 from nextcloud/fixFileIdSearch
Fix ambigious fileID on search
2019-12-10 11:28:40 +01:00
Joas Schilling 059968e1c7
Pick a shorter name for the transfer ownership table
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-12-10 11:01:26 +01:00
Joas Schilling 107ef72afb
Try more methods
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-12-10 10:56:47 +01:00
Roeland Jago Douma 2b581814f3
Add interface for notification handler for dimissed events
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-12-10 10:02:24 +01:00
tobiasKaminsky 41cb214112
fix https://github.com/nextcloud/server/issues/18313
Signed-off-by: tobiasKaminsky <tobias@kaminsky.me>
2019-12-10 09:47:30 +01:00
Joas Schilling da44c2a414
Some more fixes in detecting the mimetype from the content
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-12-10 09:11:42 +01:00
Joas Schilling 1336dedd5d
Cleanup the code
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-12-10 09:11:40 +01:00
Joas Schilling b92ebb928a
Allow to check for the mimetype by content only
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-12-10 09:10:32 +01:00
Roeland Jago Douma 72155009fa
Merge pull request #18184 from nextcloud/bugfix/noid/is-trusted-domain
Move overwritehost check to isTrustedDomain
2019-12-09 21:37:22 +01:00
Roeland Jago Douma 0360ab408e
Merge pull request #18256 from nextcloud/files-aditional-scripts-new-events
Use non-depricated events for loading additional scripts in files app
2019-12-09 21:24:55 +01:00
Roeland Jago Douma 5dba8d318d
Fix search limit to home
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-12-09 20:38:13 +01:00
Robin Appelman 1c585d2c50
use OCP\EventDispatcher\GenericEvent in more places
Signed-off-by: Robin Appelman <robin@icewind.nl>
2019-12-09 14:24:57 +01:00
Daniel Kesselberg 29575c4d36
Move custom definition logic into method
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-12-09 12:10:19 +01:00
Daniel Kesselberg 64aba49461
Ensure that we don't merge broken json.
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-12-09 12:09:43 +01:00
Christoph Wurst 8bc4295cfa
Merge pull request #17325 from nextcloud/enh/decouple-register-resource-provider
Decouple resource provider registration
2019-12-09 09:51:25 +01:00
Daniel Kesselberg dbb1eef446
Don't log the stack trace for ConnectException
The stack trace for ConnectException could contain the old apps.json content and is probably huge.

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-12-08 18:17:06 +01:00
Daniel Kesselberg 0016480370
Decouple resource provider registration
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-12-07 22:04:07 +01:00
Julius Härtl d05f131929
Move overwritehost check to isTrustedDomain
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-12-07 09:53:06 +01:00
Christoph Wurst 5bf3d1bb38
Update license headers
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-12-05 15:38:45 +01:00
Maxence Lange 0f32f8119e using IShare::
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2019-12-05 10:33:48 -01:00
Maxence Lange c1558af16d adding share type circles
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2019-12-05 10:33:48 -01:00
Roeland Jago Douma 63cb31542d
Merge pull request #17941 from nextcloud/search-by-owner
Allow filtering the search results to the users home storage
2019-12-05 11:04:33 +01:00
Roeland Jago Douma 04c2b5fcb1
Merge pull request #18130 from nextcloud/bugfix/noid/prevent-creating-users-with-existing-files
Prevent creating users with existing files
2019-12-05 10:30:00 +01:00
Julius Härtl e29a76bc79
Use file path for direct editing
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-12-05 09:54:58 +01:00
Joas Schilling dd53fad898
Prevent creating users with existing files
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-12-04 15:21:50 +01:00
Roeland Jago Douma 81b919ed9f
Merge pull request #18163 from nextcloud/fix_file_size
fix filename size
2019-12-04 14:15:07 +01:00
MichaIng 4384806f61
Merge branch 'master' into patch-1 2019-12-04 12:42:55 +01:00
Roeland Jago Douma 76b78edd40
Merge pull request #17833 from nextcloud/propagator-no-negative-sizes
dont set folder size to negative values during propagation
2019-12-04 11:49:26 +01:00
Roeland Jago Douma d4f1cc7da6
Merge pull request #18161 from nextcloud/fix/noid/absocsroute-subfolder
fix generation of an url to an absolute ocs route when NC in subfolder
2019-12-04 11:49:06 +01:00
Greta Doci 1110a93fc4 fix filename size, add comment
Signed-off-by: Greta Doci <gretadoci@gmail.com>
2019-12-04 11:04:46 +01:00
Joas Schilling 19935a6a26
Merge pull request #17949 from nextcloud/debt/deprecated-const
Connection::TRANSACTION_READ_COMMITTED is deprecated
2019-12-04 09:49:41 +01:00
Roeland Jago Douma c106a9d293
Set last-password-confirmation for setup
Else you have to enter your password directly after setup if you do
anything admin worthy.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-12-03 19:31:31 +01:00
Robin Appelman f9e5b33c2b
remove old 'owner' filter
Signed-off-by: Robin Appelman <robin@icewind.nl>
2019-12-03 15:20:54 +01:00
Robin Appelman c62637da8b
Allow filtering the search results to the users home storage
This is done by adding a

```xml
<d:eq>
    <d:prop>
        <oc:owner-id/>
    </d:prop>
    <d:literal>$userId</d:literal>
</d:eq>
```

clause to the search query.

Searching by `owner-id` can only be done with the current user id
and the comparison can not be inside a `<d:not>` or `<d:or>` statement

Signed-off-by: Robin Appelman <robin@icewind.nl>
2019-12-03 13:49:37 +01:00
Roeland Jago Douma 9fce87b2df
Merge pull request #17443 from nextcloud/enh/expired_token_on_invalid_pass
Throw an invalid token exception is token is marked outdated
2019-12-03 08:59:11 +01:00
Roeland Jago Douma 1d707cc349
Merge pull request #18028 from nextcloud/enhancement/user-create-events
Add typed create user events
2019-12-03 08:57:51 +01:00
Christoph Wurst cc80339b39
Add typed create user events
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-12-03 08:03:57 +01:00
Roeland Jago Douma 1e91b6a716
Merge pull request #18151 from nextcloud/bugfix/noid/overwrite-host-proxy
Always return overwritehost if configured
2019-12-03 07:48:19 +01:00
Roeland Jago Douma b371e735cf
Throw an invalid token exception is token is marked outdated
This avoids hitting the backend with multiple requests for the same
token. And will help avoid quick LDAP lockouts.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-12-02 18:57:13 +01:00
Arthur Schiwon b57d8b92d6
fix generation of an url to an absolute ocs route when NC in subfolder
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-11-29 11:14:21 +01:00
Roeland Jago Douma 6a940d5c74
Merge pull request #18149 from nextcloud/fix/18148/dont-create-bundle-too-early
delay creation of the cert bundle
2019-11-29 09:07:33 +01:00
Roeland Jago Douma 3cd25846a1
Merge pull request #18150 from nextcloud/docs/noid/files-api-exceptions
Properly annotate LockedException in files node api
2019-11-28 20:26:15 +01:00
Arthur Schiwon 0e911d643f
delay creation of the cert bundle
fixes #18148

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-11-28 17:00:55 +01:00
Julius Härtl 6c92e4d8ae
Check for boolean value
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-11-28 15:50:23 +01:00
Julius Härtl a055d8ddf9
Always return overwritehost if configured
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-11-28 15:02:33 +01:00
Julius Härtl 9eb1554fad
Properly anotate LockedException in files node api
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-11-28 14:17:15 +01:00
Roeland Jago Douma 4173d9d749
Merge pull request #17625 from nextcloud/enh/noid/direct-editing
Direct editing API to allow file editing using a one-time token
2019-11-28 08:49:57 +01:00
Roeland Jago Douma 62dc320191
Merge pull request #17725 from nextcloud/enh/share_exp_internal
Allow internal shares to have a default expiration date
2019-11-28 08:37:19 +01:00
Roeland Jago Douma 669302e570
Merge pull request #18064 from nextcloud/feature/php74
Add php7.4 support
2019-11-28 08:36:10 +01:00
Julius Härtl e18397284b
Use person icon for personal settings
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-11-27 21:06:14 +01:00
Julius Härtl 9a2694fcb0
Code style fixes and cleanup
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-11-27 19:56:40 +01:00
Julius Härtl bc36cc808f
Move editor list to capabilities
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-11-27 14:36:21 +01:00
tobiasKaminsky bccf236738
encapsulate templates
Signed-off-by: tobiasKaminsky <tobias@kaminsky.me>
2019-11-27 14:36:20 +01:00
Julius Härtl e52793c69e
Direct editing API to allow file editing using a one-time token for
mobile apps

Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-11-27 14:36:20 +01:00
Roeland Jago Douma efce1fdfac
Expose internal expiration dates to JS
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-27 14:33:13 +01:00
Roeland Jago Douma 0c0ca45d50
Actualy return data
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-27 14:33:13 +01:00
Roeland Jago Douma 21d7383d95
Allow internal shares to have a default expiration date
* Needs admin UI
* Needs more checks
* Basics seem to work

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-27 14:33:11 +01:00
Roeland Jago Douma 0568b01267
Improve etag handling
Check if values exist before using them

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-27 13:34:42 +01:00
Roeland Jago Douma f2ef35dbf1
Fix logger test
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-27 13:34:42 +01:00
Roeland Jago Douma bfaca7fc78
Sensitive values handling
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-27 13:34:41 +01:00
Roeland Jago Douma 0532f8116d
Merge pull request #18019 from nextcloud/enhancement/password-policy-events
Add typed events for password_policy
2019-11-27 11:11:17 +01:00
blizzz d2f9deba51
Merge pull request #17834 from nextcloud/enh/noid/generic-event-replacement-tk2
Public API's GenericEvent replacement (take 2)
2019-11-27 10:50:07 +01:00
Christoph Wurst 1a886b1472
Add typed events for password_policy
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-11-27 09:56:12 +01:00
Roeland Jago Douma d09f8c7423
Merge pull request #17939 from nextcloud/fix/token-insert-conflict-handling
Handle token insert conflicts
2019-11-26 19:47:59 +01:00
Arthur Schiwon fc16b09a2c
Files first to use own GenericEvent
* those are added to 18 only anyway :)

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-11-26 14:48:59 +01:00
Christoph Wurst 0299ea0a96
Handle token insert conflicts
Env-based SAML uses the "Apache auth" mechanism to log users in. In this
code path, we first delete all existin auth tokens from the database,
before a new one is inserted. This is problematic for concurrent
requests as they might reach the same code at the same time, hence both
trying to insert a new row wit the same token (the session ID). This
also bubbles up and disables user_saml.

As the token might still be OK (both request will insert the same data),
we can actually just check if the UIDs of the conflict row is the same
as the one we want to insert right now. In that case let's just use the
existing entry and carry on.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-11-26 12:07:12 +01:00
Robin Appelman 74c6beb603
dont set folder size to negative values during propagation
normally this shouldn't be a problem, but cache/storage desync might cause this
so this adds some failsafe to ensure we dont corrupt the cache further

the minimum value is set to -1 instead of 0 in order to triger a background scan
on the folder and figure out the size properly

Signed-off-by: Robin Appelman <robin@icewind.nl>
2019-11-26 12:05:30 +01:00
Robin Appelman 9e450d727a
add LEAST and GREATER to db function builder
Signed-off-by: Robin Appelman <robin@icewind.nl>
2019-11-26 12:05:30 +01:00