* removes the ability for users to import their own certificates (for external storage)
* reliably returns the same certificate bundles system wide (and not depending on the user context and available sessions)
The user specific certificates were broken in some cases anyways, as they are only loaded if the specific user is logged in and thus causing unexpected behavior for background jobs and other non-user triggered code paths.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Encrypt the keys with the instance secret
* Store them as json (so we can add other things if needed)
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* `php occ preview:repair` - a preview migration tool that moves existing previews into the new location introduced with #19214
* moves `appdata_INSTANCEID/previews/FILEID` to `appdata_INSTANCEID/previews/0/5/8/4/c/e/5/FILEID`
* migration tool can be stopped during migration via `CTRL+C` - it then finishes the current folder (with the previews of one file) and stops gracefully
* if a PHP memory limit is set in the `php.ini` then it will stop automatically once it has less than 25 MiB memory left (this is to avoid hard crashes in the middle of a migration)
* the tool can be used during operation - possible drawbacks:
* there is the chance of a race condition that a new preview is generated in the moment the folder is already migrated away - so the old folder with the newly cached preview is deleted and one cached preview needs to be re-generated
* there is the chance of a race condition during access of a preview while it is migrated to the other folder - then no preview can be shown and results in a 404 (as of now this is an accepted risk)
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
getRepairSteps is quite expensive (because every repair step is
initialized and their dependencies are injected). Should not
call it during register.
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
This adds persistence to the Nextcloud server 2FA logic so that the server
knows which 2FA providers are enabled for a specific user at any time, even
when the provider is not available.
The `IStatefulProvider` interface was added as tagging interface for providers
that are compatible with this new API.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Fixme:
- Install and update of apps
- No revert on live systems (debug only)
- Service adjustment to our interface
- Loading via autoloader
Signed-off-by: Joas Schilling <coding@schilljs.com>
* success on SQLite and Postgres
* failure on MySQL due to the limited charset that only supports up to 3 bytes
Add config option to update charset of mysql to utf8mb4
* fully optional
* requires additional options set in the database
only disable unicode test on mysql
Fixing ctor call
Adding docker based unit test execution for mysql utf8mb4
Add mysqlmb4 test configuration to Jenkinsfile
fix collation on utf8mb4
Properly setup charset and collation in the doctrine connection
Allow files containing 4-byte chars in case the database supports it
During setup of a mysql database we try to detect if charset 'utf8mb4' can be used
Fix mysql settings
Add console command to migrate the charset
Set ROW_FORMAT before setting collation to mb4
Also select tables with wrong collation
Faster MySQL docker
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Single user mode basically disables WebDAV, OCS and cron execution. Since
we heavily rely on WebDAV and OCS also in the web UI it's basically useless.
An admin only sees a broken interface and can't even change any settings nor
sees any files. Also sharing is not possible.
As this is at least the case since Nextcloud 9 and we haven't received any
reports for this it seems that this feature is not used at all so I removed it.
The encryption commands now rely on the well tested maintenance mode.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Don't parse info.xml but reuse already cached app infos - fixes#25603
* Use === in InfoParser. Fixes test
* InfoParser should not depend on UrlGenerator - fixes issue with session being closed too early