Commit Graph

75 Commits

Author SHA1 Message Date
Joas Schilling 12ac777bfd
Set a status code when setting a body
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-08 09:30:56 +01:00
Lukas Reschke 9ba080f5f8 Merge pull request #3445 from nextcloud/stable11-add-integration-tests-for-dav
[stable11] Add integration tests for legacy DAV endpoints
2017-02-13 10:11:28 +01:00
Lukas Reschke 886938718d
Add integration tests for legacy DAV endpoints
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-02-10 16:19:45 +01:00
Joas Schilling 76a2bf72e6
Fix detection of the new iOS app
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-02-10 10:13:33 +01:00
Lukas Reschke adef282c44
Don't set Content-Disposition header if one already exists
If a Content-Disposition header is already set by another plugin we don't need to set another one as this breaks clients.

Fixes https://github.com/nextcloud/server/issues/1992

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-01-05 12:22:27 +01:00
Roeland Jago Douma b452e250e0
Fix legacy caldav endpoints
* CaldavBackend is now endpoint aware (use old style principals on old
endpoint and new onces on new).

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-12-15 20:12:10 +01:00
Joas Schilling 1aa874e4e3
Also get infos about email shares
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-30 09:21:58 +01:00
Robin Appelman b56f2c9ed0
basic lockdown logic
Signed-off-by: Robin Appelman <icewind@owncloud.com>
2016-11-16 15:24:23 +01:00
Vincent Petry 17ea1bfb75
Remove unused $view from FilesPlugin (#26549)
The Sabre FilesPlugin never uses the view so remove it.
2016-11-14 14:45:33 +01:00
Robin Appelman d1291f7aee
remove unneeded getDirectoryContent when getting share types for a folder
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-09 17:04:44 +01:00
Thomas Müller c778b1bade
Update sabre dav to 3.2 (#26115)
* Update sabre/dav to 3.2.0

* Adjust code to work with sabre/dav 3.2.0 and it's dependencies

* Adding own CalDAV plugin to fix calendar home property

* Test if there is a user logged in when listing files home

* Update sabre version used by integration tests

* Disable unauthenticated DAV access

This is needed to make Sabre 3.2 behave like we did before.
Eventually we should integrate better with the ACL plugin which itself
should implement an auth failure when appropriate.

=====

* Fixed so cherry-pick was succesfull

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-04 13:35:10 +01:00
Vincent Petry 6a4ea2c15a
Upload autorename on client side
Removes the need for POST to collection which would hit against upload
limits.

The client tries to auto rename the file by adding a suffix "(2)".
It tries to use the file list on the client side to guess a
suitable name. In case a file still cannot be uploaded and creates a
conflict, which can happen when the file was concurrently uploaded, the
logic will continue increasing the suffix.
2016-11-02 22:15:03 +01:00
Roeland Jago Douma fc4d0a86ef
Fix merging backend results
* Merge share types correctly
* Filter share types
* Order share types

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-01 12:16:05 +01:00
Robin Appelman 3692769b0a
Add getShareTypesInFolder to optimize folder listening
Signed-off-by: Robin Appelman <icewind@owncloud.com>
2016-10-31 15:55:40 +01:00
Thomas Müller 1c39b30d50
Require to use at least desktop client 2.0 by default 2016-10-25 18:01:25 +02:00
Morris Jobke c0adc3c2cf Merge pull request #1883 from nextcloud/downstream-26145
Storage 503 message improvements
2016-10-25 13:19:46 +02:00
Vincent Petry c68e273664
Goodbye Iframe transport !
Not needed any more in IE >= 11

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-24 21:45:00 +02:00
Vincent Petry 59c5be1cc5
Use Webdav PUT for uploads in the web browser
- uses PUT method with jquery.fileupload for regular and public file
  lists
- for IE and browsers that don't support it, use POST with iframe
  transport
- implemented Sabre plugin to handle iframe transport and redirect the
  embedded PUT request to the proper handler
- added RFC5995 POST to file collection with "add-member" property to
  make it possible to auto-rename conflicting file names
- remove obsolete ajax/upload.php and obsolete ajax routes

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-24 21:45:00 +02:00
Vincent Petry 44cf67accd
Storage 503 message improvements
"Storage not available" is now "Storage temporarily not available".
Exceptions are now logged in DEBUG level, not FATAL.
2016-10-24 15:43:15 +02:00
Morris Jobke 2b76d14330 Merge pull request #1834 from nextcloud/downstream-26186
Add more files plugins to new DAV endpoint
2016-10-21 09:44:15 +02:00
Roeland Jago Douma 50b6ee67cb Merge pull request #1806 from nextcloud/karakayasemi_1767
Update file.php put function posthook calls
2016-10-21 08:45:51 +02:00
Vincent Petry 73e216e0a7
Add more files plugins to new DAV endpoint (#26186)
* Add more files plugins to new DAV endpoint

Also fix report plugin to properly retrieve the path from the
prolongated URL

* In case the report is not for this plugin -> simply return to allow other plugins to get executed

* Adjust onReport tests to match new behavior
2016-10-20 21:36:15 +02:00
Semih Serhat Karakaya 33cee3502a
Update file.php put function posthook calls
Logicaly, postHooks should emit after touch. For chunking file it is already emitting after touch.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-20 21:07:15 +02:00
Joas Schilling 246bb9f33d
Move OC\Files\Storage\Shared to the right namespace 2016-10-20 20:27:44 +02:00
Morris Jobke 98c8464564 Merge pull request #1821 from nextcloud/downstream-26366
Code style changes from downstream
2016-10-20 20:18:47 +02:00
Lukas Reschke 0864f53675 Merge pull request #1796 from nextcloud/oc_fav-report
Make it possible to filter by tags with REPORT method
2016-10-20 18:32:51 +02:00
Thomas Müller 08d6884107
Sanitize length headers when validating quota 2016-10-20 15:15:48 +02:00
Vincent Petry 361f008c70
Make it possible to filter by tags with REPORT method
Enhanced the REPORT method on the Webdav endpoint and added a
"oc:favorite" filter rule. When set, it will return a flat list of
results filtered with only favorite files.

The web UI was also adjusted to use this REPORT method instead of the
private API endpoint.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-19 11:06:29 +02:00
Joas Schilling 05223a39f9
Make sure we only use numbers as length
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-19 09:28:54 +02:00
Thomas Citharel 3b055b160e
fix typo
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2016-10-14 11:48:18 +02:00
Morris Jobke ff3e8c2139 Merge pull request #1518 from nextcloud/dav-fileshome-directory-properties
FilesHome now also returns DAV properties
2016-10-06 00:21:44 +02:00
Thomas Müller bd96c6aa38
Return ETag and OC-ETag in case of a move (#25683)
Downstreaming of https://github.com/owncloud/core/pull/25683

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-09-28 21:12:50 +02:00
Vincent Petry b17e836e45
FilesHome now also returns DAV properties
The files home node must also return DAV properties like etag,
permissions, etc for the clients to work like they did with the old
endpoint.

This fix makes FilesHome extend the Sabre Directory class, this makes
the FilesPlugin and other plugins recognize it as a directory and will
retrieve the matching properties when applicable.

Downstream of https://github.com/owncloud/core/pull/26066

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-09-26 11:24:23 +02:00
Joas Schilling cf69a2b7eb
UPDATE permissions qualify for renaming a node 2016-09-07 11:22:57 +02:00
Joas Schilling 4c0665b6ec
Only require CREATE permissions when the file does not exist yet 2016-09-07 11:10:48 +02:00
Markus Goetz 0cb34c2fa5
[master] DAV: Return data-fingerprint always when asked (#25482)
For owncloud/client#5056
Users can configure arbitrary subfolders for syncing, therefore we should
always return it when asked for.
The sync client makes sure to not always ask for it to save bandwidth.
2016-08-29 14:37:14 +02:00
Lukas Reschke 4d85ffc27c Merge pull request #1054 from nextcloud/less-cache-hits
Reduce the number of cache operations for dav operations
2016-08-27 22:44:29 +02:00
Robin Appelman 7c4d9add0d reuse the userfolder's fileinfo when possible during dav setup 2016-08-25 17:22:22 +02:00
Christoph Wurst 6af2efb679
prevent infinite redirect loops if the there is no 2fa provider to pass
This fixes infinite loops that are caused whenever a user is about to solve a 2FA
challenge, but the provider app is disabled at the same time. Since the session
value usually indicates that the challenge needs to be solved before we grant access
we have to remove that value instead in this special case.
2016-08-24 10:49:23 +02:00
Robin Appelman 1fef5d3d06 add dav property to check if a file has a preview available 2016-07-27 12:59:39 +02:00
Joas Schilling 0215b004da
Update with robin 2016-07-21 18:13:58 +02:00
Joas Schilling 813f0a0f40
Fix apps/ 2016-07-21 18:13:57 +02:00
Lukas Reschke c385423d10 Merge pull request #479 from nextcloud/add-bruteforce-throttler
Implement brute force protection
2016-07-21 00:31:02 +02:00
Lukas Reschke ba4f12baa0
Implement brute force protection
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.

It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
2016-07-20 22:08:56 +02:00
Lukas Reschke a17ba2f488 Merge pull request #466 from nextcloud/escape-special-characters
Escape special characters (#25429)
2016-07-20 21:24:19 +02:00
Vincent Petry e5c4f53eea
Cast share id to string (#25402) 2016-07-20 15:10:10 +02:00
Aaron Wood 7c0de08cc4
Escape special characters (#25429)
* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Use correct method in the AbstractMapping class

* Change the getNamesBySearch method so that input can be properly escaped while still supporting matches

* Don't escape hardcoded wildcard
2016-07-20 14:46:47 +02:00
Björn Schießle ea470f8777 Merge pull request #405 from nextcloud/theming-fixes
Theming fixes
2016-07-18 15:59:47 +02:00
Joas Schilling 2c988ecbf4
Use the themed Defaults everywhere 2016-07-15 09:17:30 +02:00
Roeland Jago Douma 059b7435ab
PasswordLoginForbidden is not a FATAL exception
It is just a 'Sabre\DAV\Exception\NotAuthenticated' exception
with some special meaning.

So just log it as DEBUG and not as FATAL.
2016-07-14 22:53:12 +02:00