Commit Graph

423 Commits

Author SHA1 Message Date
Joas Schilling 25e9d67d52
Correctly handle multi-values when converting VCards to array 2016-08-31 12:07:10 +02:00
Markus Goetz 4685ca9154
[master] DAV: Return data-fingerprint always when asked (#25482)
For owncloud/client#5056
Users can configure arbitrary subfolders for syncing, therefore we should
always return it when asked for.
The sync client makes sure to not always ask for it to save bandwidth.
2016-08-29 23:59:57 +02:00
Thomas Müller f944a8861a
Adding quota plugin to new dav endpoint (#25615)
* Adding quota plugin to new dav endpoint

* Added integrated test failing in old endpoint

* Added 0B quota test
2016-07-29 12:31:56 +02:00
Robin Appelman 76b2cffb08 add dav property to check if a file has a preview available 2016-07-27 16:37:56 +02:00
Joas Schilling 23b205ed48
Run the license script 2016-07-22 11:40:41 +02:00
Lukas Reschke c385423d10 Merge pull request #479 from nextcloud/add-bruteforce-throttler
Implement brute force protection
2016-07-21 00:31:02 +02:00
Lukas Reschke ba4f12baa0
Implement brute force protection
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.

It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
2016-07-20 22:08:56 +02:00
Lukas Reschke a17ba2f488 Merge pull request #466 from nextcloud/escape-special-characters
Escape special characters (#25429)
2016-07-20 21:24:19 +02:00
Roeland Douma 26cf51403e Merge pull request #464 from nextcloud/master-change-load-order
[master] Change load order of auth backends so that we can throw an exception …
2016-07-20 20:08:22 +02:00
Vincent Petry e5c4f53eea
Cast share id to string (#25402) 2016-07-20 15:10:10 +02:00
Aaron Wood 7c0de08cc4
Escape special characters (#25429)
* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Use correct method in the AbstractMapping class

* Change the getNamesBySearch method so that input can be properly escaped while still supporting matches

* Don't escape hardcoded wildcard
2016-07-20 14:46:47 +02:00
Thomas Müller e795f7b106
Change load order of auth backends so that we can throw an exception in OCA\DAV\Connector\Sabre\Auth - fixes #25362 (#25476) 2016-07-20 14:40:52 +02:00
Morris Jobke 0a6d95b126 Merge pull request #394 from nextcloud/tags-for-everything
SystemTags for everything not just files
2016-07-19 10:47:12 +02:00
Björn Schießle ea470f8777 Merge pull request #405 from nextcloud/theming-fixes
Theming fixes
2016-07-18 15:59:47 +02:00
Joas Schilling 7c039bcbf6
Allow apps to register SystemTags plugins 2016-07-18 10:26:42 +02:00
Joas Schilling c2b077e185
Fix doc blocks 2016-07-18 10:26:42 +02:00
Joas Schilling 8e13ff2c86
Fix TODO and bring in abstraction (similar to comments) 2016-07-18 10:26:36 +02:00
Joas Schilling 2c988ecbf4
Use the themed Defaults everywhere 2016-07-15 09:17:30 +02:00
Roeland Jago Douma 059b7435ab
PasswordLoginForbidden is not a FATAL exception
It is just a 'Sabre\DAV\Exception\NotAuthenticated' exception
with some special meaning.

So just log it as DEBUG and not as FATAL.
2016-07-14 22:53:12 +02:00
Robin Appelman 6da066e7be
Fix test using private propertries 2016-07-08 12:36:25 +02:00
Robin Appelman f98cb9efa0
Fix type hinting 2016-07-08 12:35:50 +02:00
Robin Appelman 8f84c99e3f
Fix undefined properties 2016-07-08 12:35:16 +02:00
Morris Jobke ba16fd0d33 Merge branch 'master' into sync-master 2016-07-07 11:29:46 +02:00
Thomas Citharel 7d95cde37d Add all properties while creating a subscription (#25318)
Fixes #24469
2016-07-01 13:42:35 +02:00
Lukas Reschke 179a355b2c Merge remote-tracking branch 'upstream/master' into master-sync-upstream 2016-07-01 11:36:35 +02:00
Bjoern Schiessle 26e14529be fix error message 2016-06-30 13:50:31 +02:00
Lukas Reschke c771368c4e Add proper throws PHP docs 2016-06-30 13:19:50 +02:00
Lukas Reschke 1e7f0f7341 Add required $message parameter 2016-06-30 13:17:53 +02:00
Bjoern Schiessle 3571207bd9 add some additonal permission checks to the webdav backend 2016-06-30 11:16:49 +02:00
Björn Schießle 5ace6b53f3 get only vcards which match both the address book id and the vcard uri (#25294) 2016-06-29 12:13:59 +02:00
Bjoern Schiessle 5f6944954b get only vcard which match both the address book id and the vcard uri 2016-06-28 16:11:06 +02:00
Georg Ehrke 3c399be6ec fix a ImageExportPlugin Test (#25215) 2016-06-27 21:26:56 +02:00
Vincent Petry 56ad4cdfec
Show error message when posting an invalid comment
When an internal server error occurs while creating or updating a
comment, display a proper error notification in the UI.
2016-06-24 10:17:12 +02:00
Georg Ehrke 1452b74de7 Contacts API: replace raw image data with url (#25081)
* add uri to AddressBookImpl array

* Introduce ImageExportPlugin for CardDav

* add plugin to v1 routes

* replace binary contact photo with link

* update tests

* Adding unit tests
2016-06-21 15:25:44 +02:00
Vincent Petry 2340660a5b
PasswordLoginForbidden must extend NotAuthenticated
The auth code from Sabre will forward NotAuthenticated exceptions but
in the case of a generic exception, it is packaged as "service not
available".
2016-06-17 15:50:24 +02:00
Christoph Wurst 5a8cfab68f
throw PasswordLoginForbidden on DAV 2016-06-17 11:30:24 +02:00
Christoph Wurst 82b50d126c
add PasswordLoginForbiddenException 2016-06-17 11:02:07 +02:00
Thomas Müller 0b7685d326 Move birthday calendar generation to a live migration job (#25135) 2016-06-16 16:14:28 +02:00
Christoph Wurst 331d88bcab
create session token on all APIs 2016-06-13 15:38:34 +02:00
Vincent Petry 68c3b23e04 Merge pull request #24080 from owncloud/support-calendar-class-property
Extract CLASS property from calendar object and store it in the database
2016-06-10 11:22:11 +02:00
Vincent Petry 67c3a97401 Merge pull request #25046 from owncloud/fix-the-realm
Use the correct realm for basic authentication
2016-06-10 10:41:46 +02:00
Vincent Petry 543545505d Merge pull request #25043 from owncloud/webdav-download-mimetype
DAV now returns file name with Content-Disposition header
2016-06-10 09:55:59 +02:00
Vincent Petry 1399e87d57
DAV now returns file name with Content-Disposition header
Fixes issue where Chrome would append ".txt" to XML files when
downloaded in the web UI
2016-06-09 15:51:41 +02:00
Thomas Müller cf06b17df1
Use the correct realm for basic authentication - fixes #23427 2016-06-09 13:53:32 +02:00
Thomas Müller f20c617154
Allow login by email address via webdav as well - fixes #24791 2016-06-09 12:08:49 +02:00
Thomas Müller bfcd1dc49c
Filter confidential calendar objects in shared calendars
Filter private calendar objects in shared calendars
2016-06-09 11:09:14 +02:00
Thomas Müller 082f456b8b
Added unit testing for the migration step 2016-06-09 11:09:14 +02:00
Thomas Müller 369c3b5d7e
Implement classification migration as repair step 2016-06-09 11:09:14 +02:00
Thomas Müller 287e41732c
Bump dav app version and fix variable rename 2016-06-09 11:09:14 +02:00
Thomas Müller f013cfc530
Add migration step 2016-06-09 11:09:13 +02:00