Commit Graph

4276 Commits

Author SHA1 Message Date
Roeland Jago Douma 8d4346d656
Fix more tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-27 13:34:42 +01:00
Roeland Jago Douma bc16b05243
Fix signCoretests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-27 13:34:42 +01:00
Roeland Jago Douma 305481688b
SignApp fixes
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-27 13:34:42 +01:00
Roeland Jago Douma ef4b59d341
More fixes
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-27 13:34:42 +01:00
Roeland Jago Douma 799f58391e
More fixes
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-27 13:34:41 +01:00
Roeland Jago Douma 3aa5f105fa
Fix more tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-27 13:34:41 +01:00
Roeland Jago Douma 385ec2947d
Skip redis if not configured
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-27 13:34:41 +01:00
Roeland Jago Douma c007ca624f
Make phpunit8 compatible
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-27 13:34:41 +01:00
Roeland Jago Douma 0532f8116d
Merge pull request #18019 from nextcloud/enhancement/password-policy-events
Add typed events for password_policy
2019-11-27 11:11:17 +01:00
blizzz d2f9deba51
Merge pull request #17834 from nextcloud/enh/noid/generic-event-replacement-tk2
Public API's GenericEvent replacement (take 2)
2019-11-27 10:50:07 +01:00
Christoph Wurst 1a886b1472
Add typed events for password_policy
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-11-27 09:56:12 +01:00
Roeland Jago Douma d09f8c7423
Merge pull request #17939 from nextcloud/fix/token-insert-conflict-handling
Handle token insert conflicts
2019-11-26 19:47:59 +01:00
Arthur Schiwon fc16b09a2c
Files first to use own GenericEvent
* those are added to 18 only anyway :)

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-11-26 14:48:59 +01:00
Roeland Jago Douma b607e3e6f4
Merge pull request #17948 from nextcloud/enh/check-if-property-is-bool
Make isXXX available for bool properties only
2019-11-26 12:25:36 +01:00
Christoph Wurst 0299ea0a96
Handle token insert conflicts
Env-based SAML uses the "Apache auth" mechanism to log users in. In this
code path, we first delete all existin auth tokens from the database,
before a new one is inserted. This is problematic for concurrent
requests as they might reach the same code at the same time, hence both
trying to insert a new row wit the same token (the session ID). This
also bubbles up and disables user_saml.

As the token might still be OK (both request will insert the same data),
we can actually just check if the UIDs of the conflict row is the same
as the one we want to insert right now. In that case let's just use the
existing entry and carry on.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-11-26 12:07:12 +01:00
Robin Appelman 74c6beb603
dont set folder size to negative values during propagation
normally this shouldn't be a problem, but cache/storage desync might cause this
so this adds some failsafe to ensure we dont corrupt the cache further

the minimum value is set to -1 instead of 0 in order to triger a background scan
on the folder and figure out the size properly

Signed-off-by: Robin Appelman <robin@icewind.nl>
2019-11-26 12:05:30 +01:00
Robin Appelman 9e450d727a
add LEAST and GREATER to db function builder
Signed-off-by: Robin Appelman <robin@icewind.nl>
2019-11-26 12:05:30 +01:00
blizzz b1dffc5c2d
Merge pull request #17896 from nextcloud/fix/noid/consider-create-group-result
take group creation result into consideration
2019-11-25 17:16:40 +01:00
Arthur Schiwon 7b1eedb11e
take group creation result into consideration
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-11-25 14:01:20 +01:00
Roeland Jago Douma 68748d4f85
Some php-cs fixes
* Order the imports
* No leading slash on imports
* Empty line before namespace
* One line per import
* Empty after imports
* Emmpty line at bottom of file

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-22 20:52:10 +01:00
Roeland Jago Douma 3c1bcd551d
Fix the tests after #18029
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-21 22:31:45 +01:00
Roeland Jago Douma 5c4b2a2436
Merge pull request #18029 from nextcloud/feature/public-post-login-event
Make the post login event public
2019-11-21 12:39:42 +01:00
Roeland Jago Douma da25ed997e
Do not check for updates if we have no internet
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-20 19:30:59 +01:00
Christoph Wurst 535000aac6
Make the post login event public
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-11-20 18:43:09 +01:00
Roeland Jago Douma b367027798
Do pagination on the dummy group backend
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-20 08:08:01 +01:00
Roeland Jago Douma 1bd688a9d1
Use dummy backend in test
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-18 11:54:26 +01:00
Daniel Kesselberg a27c10daa6
Make isXXX available for bool properties only
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-11-16 00:39:48 +01:00
Robin Appelman 066faaec05
fix folder delete
Signed-off-by: Robin Appelman <robin@icewind.nl>
2019-11-13 12:39:46 +01:00
Robin Appelman 43fa746ad9
dont create empty filecache extended rows
Signed-off-by: Robin Appelman <robin@icewind.nl>
2019-11-13 12:39:43 +01:00
Robin Appelman 1b6e647b63
expose filecache extension data in FileInfo
Signed-off-by: Robin Appelman <robin@icewind.nl>
2019-11-13 12:39:32 +01:00
Robin Appelman 842da3f183
store filecache extension fields
Signed-off-by: Robin Appelman <robin@icewind.nl>
2019-11-13 11:30:44 +01:00
Daniel Calviño Sánchez 2f49806c20 Add unit tests for "getAllShares()"
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2019-10-30 14:27:41 +01:00
John Molakvoæ (skjnldsv) ea6f423e2c Extend data returned when searching remote shares
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2019-10-29 12:55:59 +01:00
Roeland Jago Douma 5122629bb0
Make renewSessionToken return the new token
Avoids directly getting the token again. We just inserted it so it and
have all the info. So that query is just a waste.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-10-09 10:10:37 +02:00
Johannes Koenig 2df8d646c1 make TrustedDomainHelper case insensitive
Signed-off-by: Johannes Koenig <mail@jokoenig.de>
2019-10-06 20:43:55 +02:00
blizzz 47ab961aa7
Merge pull request #17001 from nextcloud/fix/noid/addressbookchanges-avatar
reduce adressbook change events and handling
2019-10-01 12:17:35 +02:00
Christoph Wurst de6940352a Move settings to an app
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>
2019-09-28 09:39:28 +00:00
Roeland Jago Douma cc6874df19
Merge pull request #17264 from nextcloud/move-from-storage-wrappers
handle moveFromStorage within the same storage even when storage wrap…
2019-09-26 15:48:59 +02:00
Roeland Jago Douma 6ac67011f4
Merge pull request #17262 from nextcloud/objectstore-remove-cache-on-delete
dont delete cache entries if deleting an object from object store failed
2019-09-26 11:24:02 +02:00
Robin Appelman 35f317df7b
handle moveFromStorage within the same storage even when storage wrappers are applied to the source storage
the target storage doesn't need additional handling for wrappers as the wrappers implementation of moveFromStorage already deals with that

Any storage based on local storage isn't affected by this as local storage already has it's own way of handling with this

Signed-off-by: Robin Appelman <robin@icewind.nl>
2019-09-25 19:17:06 +02:00
Robin Appelman 733d4b6cca
dont delete cache entries if deleting an object from object store failed
Signed-off-by: Robin Appelman <robin@icewind.nl>
2019-09-25 18:09:45 +02:00
Roeland Jago Douma 210a0554a2
Use the actual password to update the tokens
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-09-18 19:50:58 +02:00
Greta Doci 68ef242a0a
Fixed the SecurityTest error
Signed-off-by: Greta Doci <gretadoci@gmail.com>
Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>
2019-09-15 12:04:28 +02:00
Roeland Jago Douma 2b98eea129
Harden identifyproof openssl code
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-09-14 13:52:10 +02:00
Christoph Wurst a1ef939c06
Use Symfony's new contract Event class instead of the deprecated one
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-09-12 14:44:55 +02:00
Roeland Jago Douma 2187f856ce
Merge pull request #16682 from nextcloud/enh/12790/workflow-backend
workflow overhaul
2019-09-11 13:14:06 +02:00
Roeland Jago Douma 41cbb05aea
Split personal security settings in code
Instead of one big monolitic sections this is the first step in breaking
down the settings. This should make is easiet to see what does what. As
well as nicely splitting up the sections.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-09-10 16:22:41 +02:00
Arthur Schiwon 1cc6f34d88
adapt file hooks test to eventdispatcher utilization
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-09-09 23:28:51 +02:00
Roeland Jago Douma bf6082e119
Merge pull request #16836 from nextcloud/fix/16724/smb-availability
Fix SMB availability status + higher delay on auth issues
2019-09-09 16:50:42 +02:00
Roeland Jago Douma 1cfb851300
Merge pull request #17006 from nextcloud/querybuilder-max-min
add MAX and MIN to functionbuilder
2019-09-07 11:09:11 +02:00
Robin Appelman 8ef5a366ec
add MAX and MIN to functionbuilder
Signed-off-by: Robin Appelman <robin@icewind.nl>
2019-09-06 12:28:17 +02:00
Roeland Jago Douma 0ff08810d9
Log/FileTest does not require the DB
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-09-04 20:41:12 +02:00
Arthur Schiwon d33e0be2f1
adjust test expectations
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-09-04 13:46:56 +02:00
Daniel Kesselberg 773778dd8c
Add default timeout to expected request options
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-09-03 14:59:09 +02:00
Roeland Jago Douma 3f12ec95f0
SessionMiddleware: declare session property
* Remove request since we don't useit
* Update tests as well

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-28 13:02:29 +02:00
Roeland Jago Douma 505f10044a
Merge pull request #16865 from nextcloud/bugfix/noid/5-min-cron
Cron should run every 5 mins
2019-08-26 19:29:57 +02:00
Arthur Schiwon 4bd83c9a28
adjust tests
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-08-26 13:47:35 +02:00
Joas Schilling db968cb1d4
Cleanup the Settings class
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-08-26 11:50:26 +02:00
Roeland Jago Douma 7927aebdeb
Fix report of phpstan in Limiter
* unneeded arguments to constructor
* added return types
* let automatic DI do its work

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-19 19:38:43 +02:00
Roeland Jago Douma f465f9d4b9
Merge pull request #16721 from nextcloud/fix/16644
Correctly handle emtpy string in proxyuserpwd config
2019-08-11 22:46:01 +02:00
Scott Shambarger edf946dfc7
Correctly handle emtpy string in proxyuserpwd config
As documented, the default value for config value proxyuserpwd is ''.
However, that value results in the error:
 "cURL error 5: Unsupported proxy syntax in '@'".
This patch handles the values of '' and null (the default in the code)
the same for config values proxyuserpwd and proxy.

Signed-off-by: Scott Shambarger <devel@shambarger.net>
2019-08-11 21:07:30 +02:00
Roeland Jago Douma f81817b47d
Add tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-10 19:40:13 +02:00
Roeland Jago Douma b8c5008acf
Add feature policy header
This adds the events and the classes to modify the feature policy.
It also adds a default restricted feature policy.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-10 14:26:22 +02:00
Roeland Jago Douma 2e2d1b6b5c
Merge pull request #16592 from nextcloud/bugfix/noid/federated-reshare
Fix permission check on incoming federated shares
2019-08-01 10:55:35 +02:00
Roeland Jago Douma cf647451e5
Update CSP test cases to handle the new form-action
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-31 15:16:10 +02:00
Julius Härtl 22b81ac1e4
Fix permission check on incoming federated shares
Since federated shares have their permissions set on the node, we do not need
to check for parent share permissions. Otherwise reshares of incoming federated
have no permission variable defined and creating them will fail

Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-07-31 12:59:51 +02:00
Joas Schilling d4eb8481fa
Merge pull request #16594 from nextcloud/tech-debt/noid/remove-unused-checkPasswordProtectedShare
Remove unused OC\Share\Share::checkPasswordProtectedShare
2019-07-30 09:58:38 +02:00
Roeland Jago Douma 135209f24e
Merge pull request #16579 from nextcloud/enh/PostLoginEvent
Add proper PostLoginEvent
2019-07-30 08:54:10 +02:00
Morris Jobke e21f440990
Merge pull request #16502 from nextcloud/bugfix/16474
Check the if we can actually access the storage cache for recent files
2019-07-29 16:59:26 +02:00
Roeland Jago Douma 0ea7fbae54
Update tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-29 16:31:40 +02:00
Morris Jobke 98237d2a00
Remove unused OC\Share\Share::checkPasswordProtectedShare
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-07-29 15:23:21 +02:00
Roeland Jago Douma 37a4282c7a
Split up security middleware
With upcoming work for the feature policy header. Splitting this in
smaller classes that just do 1 thing makes sense.

I rather have a few small classes that are tiny and do 1 thing right
(and we all understand what is going on) than have big ones.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-27 16:11:45 +02:00
Morris Jobke 2e803dc3d3
Merge pull request #16555 from nextcloud/fix/16529/mask-keys
use a pattern to identify sensitive config keys
2019-07-26 15:15:56 +02:00
Arthur Schiwon 78201bcb72
treat sensitive config keys by pattern
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-07-26 13:31:14 +02:00
Roeland Jago Douma 0487144b26
Remove deprecated searchByTag
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-26 12:29:19 +02:00
Julius Härtl 3674f6fa2d
Check the if we can actually access the storage cache for recent files
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-07-24 14:01:24 +02:00
Morris Jobke d5b524ae07
Merge pull request #16492 from nextcloud/enh/exclude-rnd-files
Exclude .rnd files from integrity check
2019-07-23 14:57:55 +02:00
Daniel Kesselberg 8bed3021bd
Exclude .rnd files from integrity check
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-07-21 20:29:11 +02:00
Sam Bull ea935f65fd
Add support for CSP_NONCE server variable
Allow passing a nonce from the web server, allowing the possibility to enforce a strict CSP from the web server.

Signed-off-by: Sam Bull <git@sambull.org>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-18 12:16:29 +02:00
Morris Jobke 5b604eaeab
Merge pull request #15040 from nextcloud/feature/13980/push-for-deleted-notifications
Notifications overhaul
2019-07-17 20:22:03 +02:00
Morris Jobke 782554d2ac
Merge pull request #16075 from nextcloud/bugfix/15823/app-restricted-groups
Remove deleted groups from app restrictions fixes #15823
2019-07-17 17:36:00 +02:00
Morris Jobke 99f2c82222
Properly inject the logger
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-07-16 22:38:14 +02:00
Joas Schilling 565838da9c
Update unit tests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-07-16 13:32:44 +02:00
Joas Schilling 55f5bc79a1
Keep the old method as a fallback and adjust the tests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-07-16 11:36:32 +02:00
Roeland Jago Douma f8aeef7ae9
Lock SCSS so we only run 1 job at a time
This is bit hacky but a start to lock the SCSS compiler properly
Retry during 10s then give up
Properly get error message
Do not clear locks and properly debug scss caching

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-12 16:18:02 +02:00
Joas Schilling 092d34d9df
Add a unit test for guests as well
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-07-11 10:24:27 +02:00
Christoph Wurst d058ef2b6c
Make it possible to wipe all tokens/devices of a user
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-07-09 13:57:04 +02:00
Christoph Wurst 1c261675ad
Refactor: move remote wipe token logic to RW service
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-07-09 13:39:27 +02:00
Roeland Jago Douma 5cef8957b5
Merge pull request #15730 from nextcloud/enh/14179/event_for_csp
Add an event to edit the CSP
2019-07-09 10:59:15 +02:00
Roeland Jago Douma 5ac857bcdc
Add an event to edit the CSP
This introduces and event that can be listend to when we actually use
the CSP. This means that apps no longer have to always inject their CSP
but only do so when it is required. Yay for being lazy.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-08 20:35:15 +02:00
Morris Jobke 53d2d95478
Remove one time repair steps that have already run when updating to 17
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-07-08 14:47:26 +02:00
John Molakvoæ 5a03189ce7
Mimetype list integrity check should not fail if it's changed (#15810)
Mimetype list integrity check should not fail if it's changed
2019-07-07 20:01:58 +02:00
Xheni Myrtaj 9211e34aec
Added Tests for modified mimetypelist
Signed-off-by: Xheni Myrtaj <myrtajxheni@gmail.com>
2019-07-04 09:35:36 +01:00
Julius Härtl 857fae288c
Always set the display name for user shares
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-07-03 21:34:18 +02:00
Joas Schilling 85a80b05ac
Unify the permission checking in one place only
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-07-03 16:34:00 +02:00
Joas Schilling e4addbae3e
Better check reshare permissions when creating a share
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-07-03 14:00:13 +02:00
Christoph Wurst c50fe2a9c9
Send emails when remote wipe starts/finishes
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-07-02 21:59:23 +02:00
Greta Doci 5898e87e0f Remove deleted groups from app restrictions fixes #15823
Signed-off-by: Greta Doci <gretadoci@gmail.com>
2019-06-27 20:17:50 +02:00
Christoph Wurst aa6622ccef Decouple remote wipe notifcation channels with events
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-06-27 17:16:18 +02:00
Jan-Christoph Borchardt b466127b1f
Merge pull request #16055 from nextcloud/design/native-fonts
Use native font stack
2019-06-26 00:08:16 +02:00