The comparisson of NULL is a bit special.
So we need to handle this a tad beter else it might not replace NULL
values. or allow you to set NULL values on updates.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This is within the failed lock acquiring branch. So the lock is free by another process and should not be removed because the cached file (that was created by the process having the lock) appeared on the filesystem.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
On some systems with a lot of users this creates a lot of extra DB
writes.
Being able to increase this interval helps there.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
When asking for sharees we compare not only UID and displayname but also
the email address. And if that matches we return the sharee as an exact
match. This logic had a flaw as in that it also matched the empty string
to users with no email address.
This is most noticeable when you disable sharee enumeration and open the
ownership transfer dialog. It suggested other users of the instance
before. This has stopped now.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Before when you have a user "smith" and a federated user "smith@example.com"
you could see the federation result with "smit" but not with "smith" anymore.
With most LDAP configurations and local backend setups this is disturbing and
causes issues.
The idea of not showing the email and federation on a matching user was with:
Local user registered with "smith@example.com" user id and having that same
email / cloud id in your contacts addressbook. So we now only hide those
"side results" when the search does contain an @
Signed-off-by: Joas Schilling <coding@schilljs.com>
Since we try to do range requests this will fail hard.
However since empty files are not that interesting to read anyways we
just read from an emptry memory stream.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Since all the compiled routes are based on the server webroot,
we have to use this, independent from which app this belongs to.
Signed-off-by: Joas Schilling <coding@schilljs.com>
When your password changes out of bounds your Nextcloud tokens will
become invalid. There is no real way around that. However we should make
sure that if you successfully log in again your passwords are all
updates
* Added event listener to the PostLoggedInEvent so that we can act on it
- Only if it is not a token login
* Make sure that we actually reset the invalid state when we update a
token. Else it keeps being marked invalid and thus not used.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Else we might run into the issue that for an external storage where the
size is not known yet we do not use zip64. Which then of course fails on
large zip files.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
If the object store errors we should not always delete the filecache
entry. As this might lead to people losing access to their files.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
instead of showing the generic 'Your storage is full' message, better explain that it's the group folder/external storage that is full
Signed-off-by: Robin Appelman <robin@icewind.nl>
* Systems that upgrade have this enabled by default
* New systems disable it
* We'll have to add some wargning in the setup checks if this is enabled
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
having the "cache rename" after the "storage move" caused the target
to get the fileid from the source file, without taking care that the object
is stored under the original file id.
By doing the "cache rename" first, we trigger the "update existing file"
logic while moving the file to the object store and the object gets stored for the
correct file id
Signed-off-by: Robin Appelman <robin@icewind.nl>
this allows an admin to configure the max trashbin size instead of always relying on the users quota.
The trashbin size can be configured using the `occ trash:size` command and can be set both globally and per-user
Signed-off-by: Robin Appelman <robin@icewind.nl>
Else people might have the feeling this is also doing 2FA. And since it
is only prefered it can be ignored and hacked around.
Once we have proper 2FA with webauthn in one go this probably needs to
be revisted.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
even when token is invalid or has no password.
Returning the uid as loginname is wrong, and leads to problems when
these differ. E.g. the getapppassword API was creating app token with
the uid as loginname. In a scenario with external authentication (such
as LDAP), these tokens were then invalidated next time their underlying
password was checked, and systematically ceased to function.
Signed-off-by: Lionel Elie Mamane <lionel@mamane.lu>
If we use the owners mount point this results in null. And then the rest
of the checks get called with null. Which doesn't work.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
The problem is that despite it's name IGroup::searchDisplayName()
only searches by userid and this is less fixable than changing back to this method here
Signed-off-by: Joas Schilling <coding@schilljs.com>
In general it is good to set them to Lax. But also to give devs more
control over them is not a bad thing.
Helps with #21474
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
The S3 client enables this by default and then tries to read
`.aws/config`. This causes `open_basedir` restriction related error for
some setups. So this patch disables the CSM because it's most likely
unused anyway.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Some S3 providers need a custom upload part size (500 MB static value in Nextcloud).
Here is a commit to change this value via S3 configuration, instead of using S3_UPLOAD_PART_SIZE constant.
A new parameter is added for an S3 connection : uploadPartSize
Signed-off-by: Florent <florent@coppint.com>
When "send password by Talk" was disabled in a mail share it was
possible to keep the same password as before, as it does not pose any
security issue (unlike keeping it when "send password by Talk" is
enabled, as in that case the password was already disclosed by mail).
However, if a mail share is updated but the password is not set again
only the hashed password will be available. In that case it would not
make sense to send the password by mail, so now the password must be
changed when disabling "send password by Talk".
Note that, even if explicitly setting the same password again along with
the "send password by Talk" property would work, this was also prevented
for simplicity.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
When "send password by Talk" is enabled in a mail share a new password
must be also set. However, when the passwords of the original and the
new share were compared it was not taken into account that the original
password is now hashed, while the new one is not (unless no new password
was sent, in which case the password of the original share was set in
the new share by the controller, but that was already prevented due to
both passwords being literally the same), so it was possible to set the
same password again.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
When "send password by Talk" is enabled in a link share now a non empty
password is enforced.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Else if a lot of writes happen. It might happen that an old stat result
is used. Resulting in a wrong file size for the file. For example the
text app when a lot of people edit at the same time.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Before the resources/config/ca-bundle.crt was only used when the list of custom
certificates was empty and the instance was not installed. But it should also
be used when the list is empty and the instance is installed.
This is inverting the logic to stop if the instance is not installed to use the
default bundle. And it also does this when the list is empty.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Before we'd also get the diplayname for each group in the backend. In a
separate query. This is of course not ideal as this information is
obtained on each and every query. Now this is queried once and properly
cached.
Also added more caching to the manager.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
In test it reduced the transfered data from 5 MB to 2 MB. This should reduce the load on the appstore significantly.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Since we don't care if it is human readbale.
The code is backwards compatible with the old format.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Else the wrong mimetype might be set. Resulting in continious
regeneration of previews when browsing.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
The minimum for memory cost is 8 KiB per thread. Threads must be checked and set first to allow checking against the correct memory cost mimimum.
Options are now applied the following way:
- If config.php contains the setting with an integer higher or equal to the minimum, it is applied.
- If config.php contains the setting with an integer lower than the minimum, the minimum is applied.
- If config.php does not contain the setting or with no integer value, the PHP default is applied.
Signed-off-by: MichaIng <micha@dietpi.com>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Until now, you wouldn't be able to create
objects larger that 5GB.
It's somewhat related with pull #18883
Signed-off-by: Adrian Brzezinski <adrian.brzezinski@eo.pl>
Improves efficiency when downloading files from Swift storage.
Before, files were downloaded and then pushed back to user.
That behaevior causes all kinds of performance problems.
Now, files are streamed directly to user.
Signed-off-by: Adrian Brzezinski <adrian.brzezinski@eo.pl>
Email creation appears to have been refactored lately but it looks like custom template-based emails were left out.
Signed-off-by: Tekhnee <info@tekhnee.org>
- UsersController:editUser() calls isUserAccessible() even if the user is admin
This fix reduces API calls to editUser (ex change locale/display name) from >2 minutes (!) to ~3 seconds per call in average.
Signed-off-by: Mikael Hammarin <mikael@try2.se>
Also prefix resources
Unify the prefix handling
Handle urls with and without slash
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>