Commit Graph

377 Commits

Author SHA1 Message Date
Joas Schilling 94b0315d7a
Fix more tests 2016-09-20 14:28:17 +02:00
Thomas Müller 6eb1bc55ab
The birthday calendar can only hold VEVENT - refs https://github.com/owncloud/tasks/issues/338 2016-09-20 11:26:09 +02:00
Joas Schilling 1944d9b3ab
Use magic DI 2016-09-20 01:15:24 +02:00
Lukas Reschke c0656fb4ef
Move Travis tests to DroneCI
Should give us some quicker test execution speed as we're not limited by Travis

Explicitly invoke with "bash"

Install instance already

Use newest litmus container
2016-09-13 18:17:15 +02:00
Vincent Petry 1ab472b9ad
Improve chunk upload AssemblyStream performance 2016-09-13 09:29:02 +02:00
Lukas Reschke 67439951e6
Filter more mimetypes
There's no need to allow more than those defined mimetypes for images.
2016-09-09 12:33:10 +02:00
Joas Schilling b94a4df592
Fix tests 2016-09-07 18:39:48 +02:00
Robin Appelman 344945bfe9 more efficient check if addressbook and calendar exists for user 2016-08-31 15:08:29 +02:00
Joas Schilling a123fe6f18
Add a unit test for all the magic 2016-08-30 12:24:20 +02:00
Markus Goetz 0cb34c2fa5
[master] DAV: Return data-fingerprint always when asked (#25482)
For owncloud/client#5056
Users can configure arbitrary subfolders for syncing, therefore we should
always return it when asked for.
The sync client makes sure to not always ask for it to save bandwidth.
2016-08-29 14:37:14 +02:00
Joas Schilling 89c78bbce4 Merge pull request #1031 from nextcloud/2fa-infinite-redirect-loop
prevent infinite redirect loops if the there is no 2fa provider to pass
2016-08-26 16:03:05 +02:00
Christoph Wurst 6af2efb679
prevent infinite redirect loops if the there is no 2fa provider to pass
This fixes infinite loops that are caused whenever a user is about to solve a 2FA
challenge, but the provider app is disabled at the same time. Since the session
value usually indicates that the challenge needs to be solved before we grant access
we have to remove that value instead in this special case.
2016-08-24 10:49:23 +02:00
Joas Schilling 3fbb5de74f
Better displaynames for shared address books 2016-08-24 08:50:25 +02:00
Joas Schilling 53182fb780
Better displaynames for shared calendars 2016-08-24 08:50:25 +02:00
Thomas Müller f960aec5bb
Move over to new CalDAVTester repo (#25859)
* Move over to new caldac tester repo

* no run.py anymore
2016-08-19 10:18:59 +02:00
Robin Appelman 1fef5d3d06 add dav property to check if a file has a preview available 2016-07-27 12:59:39 +02:00
Joas Schilling 0215b004da
Update with robin 2016-07-21 18:13:58 +02:00
Joas Schilling 813f0a0f40
Fix apps/ 2016-07-21 18:13:57 +02:00
Lukas Reschke ba4f12baa0
Implement brute force protection
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.

It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
2016-07-20 22:08:56 +02:00
Joas Schilling 54708f97a1
Fix non-existing exception class 2016-07-18 10:26:42 +02:00
Joas Schilling 8e13ff2c86
Fix TODO and bring in abstraction (similar to comments) 2016-07-18 10:26:36 +02:00
Roeland Jago Douma 2fcb24166f
Fix PHPUnit 5.4 warnings in DAV app
* getMock is deprecated
2016-07-15 09:52:46 +02:00
Robin Appelman 6da066e7be
Fix test using private propertries 2016-07-08 12:36:25 +02:00
Morris Jobke ba16fd0d33 Merge branch 'master' into sync-master 2016-07-07 11:29:46 +02:00
Thomas Pulzer 90b7f74da7 Changed name of default logfile from owncloud.log to nextcloud.log. 2016-07-04 11:50:32 +02:00
Thomas Citharel 7d95cde37d Add all properties while creating a subscription (#25318)
Fixes #24469
2016-07-01 13:42:35 +02:00
Lukas Reschke 179a355b2c Merge remote-tracking branch 'upstream/master' into master-sync-upstream 2016-07-01 11:36:35 +02:00
Lukas Reschke 149218ead9 Fix tests 2016-06-30 13:46:08 +02:00
Björn Schießle 5ace6b53f3 get only vcards which match both the address book id and the vcard uri (#25294) 2016-06-29 12:13:59 +02:00
Bjoern Schiessle 5f6944954b get only vcard which match both the address book id and the vcard uri 2016-06-28 16:11:06 +02:00
Georg Ehrke 3c399be6ec fix a ImageExportPlugin Test (#25215) 2016-06-27 21:26:56 +02:00
Vincent Petry 56ad4cdfec
Show error message when posting an invalid comment
When an internal server error occurs while creating or updating a
comment, display a proper error notification in the UI.
2016-06-24 10:17:12 +02:00
Georg Ehrke 1452b74de7 Contacts API: replace raw image data with url (#25081)
* add uri to AddressBookImpl array

* Introduce ImageExportPlugin for CardDav

* add plugin to v1 routes

* replace binary contact photo with link

* update tests

* Adding unit tests
2016-06-21 15:25:44 +02:00
Christoph Wurst 5a8cfab68f
throw PasswordLoginForbidden on DAV 2016-06-17 11:30:24 +02:00
Christoph Wurst 82b50d126c
add PasswordLoginForbiddenException 2016-06-17 11:02:07 +02:00
Christoph Wurst 465807490d
create session token only for clients that support cookies 2016-06-13 19:44:05 +02:00
Vincent Petry 68c3b23e04 Merge pull request #24080 from owncloud/support-calendar-class-property
Extract CLASS property from calendar object and store it in the database
2016-06-10 11:22:11 +02:00
Vincent Petry 1399e87d57
DAV now returns file name with Content-Disposition header
Fixes issue where Chrome would append ".txt" to XML files when
downloaded in the web UI
2016-06-09 15:51:41 +02:00
Thomas Müller bfcd1dc49c
Filter confidential calendar objects in shared calendars
Filter private calendar objects in shared calendars
2016-06-09 11:09:14 +02:00
Thomas Müller 082f456b8b
Added unit testing for the migration step 2016-06-09 11:09:14 +02:00
Thomas Müller fbdec59f22
Extract CLASS property from calendar object and store it in the database 2016-06-09 11:09:13 +02:00
Vincent Petry bf917d7063 Merge pull request #24813 from owncloud/delete-ghost-files
allow deleting "ghost files" trough the View and Node api
2016-06-07 09:34:16 +02:00
Thomas Müller 371a07e3ab Fix checkMove() implementation for dav v2 - fixes #24776 (#24971) 2016-06-06 17:01:27 +02:00
Robin Appelman 3bd5073251 add test for deleting ghost files over dav 2016-06-03 13:37:52 +02:00
Christoph Wurst da03a85c3c
block DAV if 2FA challenge needs to be solved first 2016-06-01 10:42:38 +02:00
Lukas Reschke aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Joas Schilling 5882e21b3b
Update DAV unit tests to PSR-4 2016-05-25 16:09:18 +02:00
Joas Schilling 42ba61db04
Fix local execution 2016-05-25 16:09:18 +02:00
Christoph Wurst 28ce7dd262
do not allow client password logins if token auth is enforced or 2FA is enabled 2016-05-24 17:54:02 +02:00
Christoph Wurst ad10485cec
when generating browser/device token, save the login name for later password checks 2016-05-24 11:49:15 +02:00
Vincent Petry c10d8a37f7 Merge pull request #22690 from owncloud/fix-comments-href-remote.php-files
ensure comments-href returns a value also when propfind is done again…
2016-05-23 14:47:03 +02:00
Joas Schilling 54f8822670
Fix unit tests 2016-05-23 09:03:48 +02:00
Vincent Petry 5963128342
Adjust DAV SystemTagPlugin unit tests for groups 2016-05-20 17:56:02 +02:00
Vincent Petry 91d4249ed8
Fix system tags DAV plugin tests 2016-05-20 17:56:02 +02:00
Vincent Petry 03d32bc39b
Fix system tags DAV unit tests 2016-05-20 17:56:02 +02:00
Arthur Schiwon 2b30136ae9
ensure comments-href returns a value also when propfind is done against remote.php/files 2016-05-20 16:22:13 +02:00
Joas Schilling dd9ee10bc0 Move dav app to PSR-4 (#24527)
* Move Application to correct namespace and PSR-4 it

* Move dav app to PSR-4
2016-05-12 09:42:40 +02:00
Christoph Wurst 0486d750aa
use the UID for creating the session token, not the login name 2016-05-11 13:36:46 +02:00
Thomas Müller b10dcfc3b7
Fixing local event delivery for calendar events based on the email address 2016-05-02 14:20:59 +02:00
Thomas Müller 22ff97256e
Test an event in the far future - refs #24221 2016-04-29 14:57:19 +02:00
Björn Schießle 606b756a94 Merge pull request #23918 from owncloud/cruds-for-federated-shares
bring back CRUDS permissions for federated shares
2016-04-22 14:50:42 +02:00
Thomas Müller 3b3cff4f79 Merge pull request #24151 from owncloud/create-personal-calendar
Personal calendar should be generated even if the birthday calendar a…
2016-04-22 11:09:45 +02:00
Thomas Müller 1d1247069f
Birthday calendar should never have write acl - fixes #24154 2016-04-21 13:36:52 +02:00
Thomas Müller 38c7296867
Personal calendar should be generated even if the birthday calendar already exists - fixes #24082 2016-04-21 12:34:20 +02:00
Lukas Reschke a86fd873d6 Merge pull request #24076 from owncloud/fix-initial-calendar-and-addressbook-names
Fix displayname for initial calendars and address books
2016-04-19 14:30:35 +02:00
Thomas Müller 748134bd90
Fix displayname for initial calendars and address books - fixes #24057 2016-04-18 23:08:37 +02:00
Thomas Müller d0ad8e6e69
Revert "Fix displayname for initial calendars and address books - fixes #24057"
This reverts commit a5d3e5ed68.
2016-04-18 23:07:49 +02:00
Thomas Müller a5d3e5ed68
Fix displayname for initial calendars and address books - fixes #24057 2016-04-18 23:06:38 +02:00
Roeland Jago Douma dcb2b37e24
Add data-fingerprint property to webdav 2016-04-18 16:08:11 +02:00
Björn Schießle 52669d0ea3
return correct share permissions on propfind 2016-04-18 12:02:06 +02:00
Thomas Müller 55735e1450
Translate contacts birthday - fixes #23982 2016-04-14 16:58:45 +02:00
Thomas Müller 439de52534
Remove dav migration for 9.1 2016-04-13 15:53:57 +02:00
Thomas Müller 3c0a1d4241 Merge pull request #20118 from owncloud/chunked-upload-dav
Initial implementation of the new chunked upload
2016-04-13 14:37:10 +02:00
Björn Schießle 499d131a09
always return the complete permissions the file was shared with 2016-04-12 17:56:56 +02:00
Thomas Müller e21642ca31 Fix unit test of file plugin 2016-04-12 15:51:09 +02:00
Thomas Müller 72f5c539e8 Initial implementation of the new chunked upload - as specified in https://dragotin.wordpress.com/2015/06/22/owncloud-chunking-ng/ 2016-04-12 12:32:04 +02:00
Roeland Jago Douma 2c77bfa0d0
Fix dav comments 2016-04-08 15:23:23 +02:00
Roeland Jago Douma 4c9e257b27
Fix filesplugin 2016-04-08 15:23:13 +02:00
Thomas Müller 6f3eeeeb36 Merge pull request #23510 from owncloud/birthdays-on-shared-addressbooks
Propagate birthdays of shared addressbooks to the sharee's birthday c…
2016-04-08 15:19:38 +02:00
Roeland Jago Douma eda71240e2
Add unit tests for public auth webdav 2016-04-08 14:17:24 +02:00
Thomas Müller f6cea3c9c4 Merge pull request #23557 from owncloud/sabre-plugin-browser-error-page
In case of exception we return an html page in case the client is a b…
2016-04-04 13:51:23 +02:00
Roeland Jago Douma 89478a0961 Fix unit tests 2016-03-31 21:25:23 +02:00
Roeland Jago Douma 8c0ef4c4bd Add sharePermissions webdav property
This property can be queries by the clients so they know the max
permissions they can use to share a file with. This will improve the UX.

The oc:permissions proptery is not enough since mountpoints have
different permissions (delete + move by default).

By making it a new property the clients can just request it. On older
servers it will just return a 404 for that property (and thus they know
they have to fall back to their hacky work arounds). But if the property
is returned the client can show proper info.

* unit tests
* intergration test
2016-03-31 20:12:34 +02:00
Stefan Weil 65b0127241 apps/dav: Fix typos in comments (found and fixed by codespell)
Signed-off-by: Stefan Weil <sw@weilnetz.de>
2016-03-30 10:14:26 +02:00
Thomas Müller ab0db65b23 Merge pull request #23549 from owncloud/dav-sharetypes-remote
Return remote shares in oc:share-types Webdav property
2016-03-24 22:44:19 +01:00
Thomas Müller c46f480031 In case of exception we return an html page in case the client is a browser 2016-03-24 19:02:16 +01:00
Thomas Müller 3d51682440 Merge pull request #23342 from owncloud/fix-group-sharing-for-v1-caldav-and-carddav
Fix group shares on v1 caldav and carddav
2016-03-24 12:47:18 +01:00
Vincent Petry 9ee1f506f2 Return remote shares in oc:share-types Webdav property
Fixes web UI to properly display the share status icon when an outgoing
remote share exists
2016-03-24 12:16:57 +01:00
Thomas Müller 06e8c70400 Fix acls for calendar objects and cards - fixes #23273 2016-03-24 09:53:36 +01:00
Lukas Reschke cc8c0b6a90 Check if request is sent from official ownCloud client
There are authentication backends such as Shibboleth that do send no Basic Auth credentials for DAV requests. This means that the ownCloud DAV backend would consider these requests coming from an untrusted source and require higher levels of security checks. (e.g. a CSRF check)

While an elegant solution would rely on authenticating via token (so that one can properly ensure that the request came indeed from a trusted client) this is a okay'ish workaround for this problem until we have something more reliable in the authentication code.
2016-03-24 08:59:56 +01:00
Thomas Müller c8d6a9594a Propagate birthday to group shares as well 2016-03-23 14:12:50 +01:00
Thomas Müller 48ec8ab3d3 Merge pull request #23404 from owncloud/fix-22988
adjust PrincipalUri as returned from Sabre to effective username
2016-03-22 14:49:54 +01:00
Arthur Schiwon be572de7f0 fix unittest 2016-03-21 21:53:16 +01:00
Vincent Petry f28f538029 Do not fire pre/post hooks twice on chunk upload 2016-03-21 15:14:58 +01:00
Roeland Jago Douma 6e6e002280 Remove duplicated copyright 2016-03-17 19:24:25 +01:00
Vincent Petry f778e48ee5 Add webdav property for share info in PROPFIND response 2016-03-17 15:35:21 +01:00
Thomas Müller 750ec93394 Merge pull request #23080 from owncloud/use-non-localized-birthday-title
Use a birthday title which does not require translation because we ha…
2016-03-11 11:49:13 +01:00
Thomas Müller 07a1313114 Merge pull request #23119 from owncloud/fix-getOwner-on-fileshome-master
getOwner is not available on FileHome
2016-03-10 23:12:51 +01:00
Thomas Müller b7adf371c6 getOwner is not available on FileHome - fixes #23116 2016-03-10 20:53:56 +01:00
Thomas Müller 7f16aaefc8 Merge pull request #23048 from owncloud/no-fatal-error-if-DSTART-is-not-set
No fatal error if dstart is not set
2016-03-10 17:58:01 +01:00
Thomas Müller 85521879cd The birthday_calendar is read-only 2016-03-10 12:50:07 +01:00
Thomas Müller fe7103506b Use a birthday title which does not require translation because we have no idea about the target device language and forcing English upon all users is kind of bad 2016-03-10 12:41:37 +01:00
Thomas Müller 6133253a2c fixes #23004 2016-03-10 09:20:53 +01:00
Thomas Müller 20db92c71a Fix group sharing and sharing permissions - fixes #22932 2016-03-08 11:22:07 +01:00
Thomas Müller 3b25ccef65 Handle addressbook migration issue by writing the faulty event to the log and continue 2016-03-07 15:04:19 +01:00
Thomas Müller d32b35fc7f Handle calendar migration issue by writing the faulty event to the log and continue 2016-03-07 15:04:19 +01:00
Thomas Müller 296a46cc38 Merge pull request #22244 from owncloud/dont-update-shared-resource-properties
For 9.0 we don't have the possibility to store calendar and addressbo…
2016-03-07 12:42:52 +01:00
Roeland Jago Douma 3bdafc2122 Rename and move permissions are set when a file is updatable
* Fix unit tests
2016-03-03 20:03:06 +01:00
C. Montero Luque 4d69e562a0 Merge pull request #22757 from owncloud/apply-license
Update copyright information and author file
2016-03-01 15:36:37 -05:00
Lukas Reschke c353d51810 Remove Scrutinizer Auto Fixer 2016-03-01 17:48:23 +01:00
Lukas Reschke c430f5ba53 Map Maci 2016-03-01 17:45:05 +01:00
Lukas Reschke 933f60e314 Update author information
Probably nice for the people that contributed to 9.0 to see themselves in the AUTHORS file :)
2016-03-01 17:25:15 +01:00
Robin Appelman 37f1206818 allow putting the part file in the view root 2016-03-01 15:21:24 +01:00
Thomas Müller a83af96dd3 Merge pull request #22686 from owncloud/cleanup_remote_address_books
remove remote address book if access was revoked
2016-03-01 14:46:51 +01:00
Thomas Müller fd4742d430 Merge pull request #22613 from owncloud/quota-changedavreturnvaluewhennoquotaset
Don't return quota when none set
2016-03-01 08:30:58 +01:00
Bjoern Schiessle 87e47afed8 remove synced remote address book if the remote server revoked access to his system address book 2016-02-29 16:50:34 +01:00
Joas Schilling 6f22784d3d Allow to hide a shared calendar 2016-02-29 16:49:55 +01:00
Thomas Müller 95e218b00c For 9.0 we don't have the possibility to store calendar and addressbook properties on a per-user basis and therefore we simple don't allow this for now 2016-02-29 16:49:55 +01:00
Vincent Petry 11215f4e27 Return -3 for unlimited quota
Returns -3 for unlimited quota in Webdav response.
Also adjusted personal page to show unlimited quota when set.
2016-02-29 14:36:20 +01:00
Joas Schilling 2a0cda74d4 Use IQueryBuilder::PARAM_* instead of \PDO::PARAM_* 2016-02-29 09:44:40 +01:00
Thomas Müller 9a0950f10b Merge pull request #22569 from owncloud/issue-22566-too-much-mapping-entries
Allow defining a limit and offset for getObjectIdsForTags
2016-02-23 15:02:08 +01:00
Joas Schilling 3a65bdf4d5 Fix dav unit tests 2016-02-23 09:04:15 +01:00
Thomas Müller 4dfdb2720c Case insensitive search in contacts - fixes #22575 2016-02-22 19:47:10 +01:00
Joas Schilling a0d0edc754 Make non-public-method protected 2016-02-22 15:26:59 +01:00
Lukas Reschke 3bd95cca6b Check if user has permission to create such a tag
Fixes https://github.com/owncloud/core/issues/22512
2016-02-19 20:45:20 +01:00
Thomas Müller ffc2950393 Merge pull request #22198 from owncloud/birthday-calendar
Sync a users contacts birthday to the users birthday calendar
2016-02-19 12:33:19 +01:00
Thomas Müller f6e61a296f Merge pull request #22424 from owncloud/add-generic-csrf-protection-to-webdav
Require CSRF token for non WebDAV authenticated requests
2016-02-19 09:13:00 +01:00
Thomas Müller d8de7d1e73 Adding cli command to sync birthday calendar 2016-02-18 14:49:45 +01:00
Thomas Müller 981c73000c Prevent deletion of birthday calendar 2016-02-18 11:49:16 +01:00
Thomas Müller c9187cc820 Sync a users contacts birthday to the users birthday calendar 2016-02-18 11:48:34 +01:00
Lukas Reschke 9b3c4e8dc4 Require CSRF token for non WebDAV authenticated requests 2016-02-18 11:18:36 +01:00
Vincent Petry 53eff9792f Check the quota on the actual file's storage in dav quota plugin
Fix quota plugin to use the correct file name when chunking

When chunking, the file name is the compound name, so need to convert it
to the correct final file name before doing the free space check.
This ensures that in the case of shared files, the correct storage is
used for the quota check.
2016-02-17 11:52:49 +01:00
Thomas Müller df7280a3c7 Queries on the cards table by uri require the addressbook as well - fixes #22284 2016-02-15 14:29:24 +01:00
Thomas Müller c919b41395 Adding a custom webdav property which holds the list of contacts groups 2016-02-10 17:06:13 +01:00
Thomas Müller 2e94d34dfd Fix group principal 2016-02-10 10:43:32 +01:00
Thomas Müller 2982017682 Merge pull request #22228 from owncloud/comments-limit-message
Limit comment message to 1k chars
2016-02-09 16:35:23 +01:00
Thomas Müller 4659bf9b4a Merge pull request #22234 from owncloud/systemtags-filter-intersect-empty
Fix system tag filter AND condition
2016-02-09 15:34:06 +01:00
Arthur Schiwon bbc86e0756 on DAV throw Bad Request if provided message is too long 2016-02-09 13:59:13 +01:00
Joas Schilling 178914104c Add a test for empty mid-result 2016-02-09 12:07:17 +01:00
Vincent Petry 3028684d89 Fix system tag filter AND condition
If one of the results is empty, no need to do array_intersect and return
an empty result directly.
2016-02-09 11:39:22 +01:00
Thomas Müller bf3a843e89 Migration of calendars 2016-02-09 11:20:31 +01:00
Vincent Petry 2f1a60a64d Add REPORT on files endpoint for filtering
For now only supports filtering by system tags
2016-02-08 21:04:53 +01:00
Thomas Müller a67f7ad1f3 Remove calendar-proxy support - did this ever work? 2016-02-08 10:52:30 +01:00
Vincent Petry d2a495f190 Mark own comments as read after posting 2016-02-05 16:30:37 +01:00
Arthur Schiwon a480b2261b Check for authorship on edit and delete attempts 2016-02-04 12:57:48 +01:00
Thomas Müller a3cc448c9d Adding propfind property to retrieve sharee information from a dav resource 2016-02-03 17:18:23 +01:00
Thomas Müller 8c14ce01ba Deleting a shared address book results in unshare 2016-02-03 17:18:22 +01:00
Thomas Müller ef06d6bdaa Deleting a shared calendar results in unshare 2016-02-03 17:18:22 +01:00
Thomas Müller 4b14ca672f Fix ACLs on shared calendars 2016-02-03 17:18:22 +01:00
Thomas Müller 0753067bcd No duplicate address book if shared with user and group and the user is part of the group 2016-02-03 17:18:22 +01:00