Commit Graph

40046 Commits

Author SHA1 Message Date
Joas Schilling 206c4da149
Allow translations of the comments activity in the emails too
Message and object data is not available on emails atm,
so we can not use them either...

Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-11 11:05:06 +02:00
Christoph Wurst 55c7aa674c
Fix failing csp/nonce check due to timed out session
The CSP nonce is based on the CSRF token. This token does not change,
unless you log in (or out). In case of the session data being lost,
e.g. because php gets rid of old sessions, a new CSRF token is gen-
erated. While this is fine in theory, it actually caused some annoying
problems where the browser restored a tab and Nextcloud js was blocked
due to an outdated nonce.
The main problem here is that, while processing the request, we write
out security headers relatively early. At that point the CSRF token
is known/generated and transformed into a CSP nonce. During this request,
however, we also log the user in because the session information was
lost. At that point we also refresh the CSRF token, which eventually
causes the browser to block any scripts as the nonce in the header
does not match the one which is used to include scripts.
This patch adds a flag to indicate whether the CSRF token should be
refreshed or not. It is assumed that refreshing is only necessary
if we want to re-generate the session id too. To my knowledge, this
case only happens on fresh logins, not when we recover from a deleted
session file.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-09-11 10:08:06 +02:00
Nextcloud bot b7768ac11d
[tx-robot] updated from transifex 2017-09-11 00:08:28 +00:00
Nextcloud bot 985cbc6b33
[tx-robot] updated from transifex 2017-09-10 00:08:33 +00:00
John Molakvoæ (skjnldsv) 4baae80d98
Fix hovering on all popover types
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2017-09-09 14:05:51 +02:00
Nextcloud bot 79c0d69844
[tx-robot] updated from transifex 2017-09-09 00:08:30 +00:00
Morris Jobke 85633784d3 Merge pull request #6421 from nextcloud/12-6419
[stable12] Use tmpfs for mysql CI containers
2017-09-08 16:58:49 +02:00
Morris Jobke ff94640c4f
Use tmpfs for mysql CI containers
Should improve performance

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-09-08 15:57:15 +02:00
Nextcloud bot ac96dc80de
[tx-robot] updated from transifex 2017-09-08 00:08:25 +00:00
Joas Schilling 27ea0bd9e1 Merge pull request #6396 from nextcloud/12-6329
[stable12] Don't log LDAP password when server is not available
2017-09-07 12:48:13 +02:00
Morris Jobke 7c3148f1aa Merge pull request #6386 from nextcloud/12-6247
[stable12] Fix undefined index oauthState
2017-09-07 09:32:45 +02:00
Joas Schilling 287ebb52d5
Don't log LDAP password when server is not available
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-07 09:26:40 +02:00
Nextcloud bot 9071f60605
[tx-robot] updated from transifex 2017-09-07 00:08:32 +00:00
Roeland Jago Douma ef1c81188b Merge pull request #6319 from nextcloud/improve_2fa-12
[stable12] Improve 2FA
2017-09-06 20:07:46 +02:00
Morris Jobke 04583a7587
Fix tests
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-09-06 19:48:12 +02:00
Morris Jobke 6375d7ef7f
Fix undefined index oauthState
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-09-06 19:48:08 +02:00
Lukas Reschke ad96c58e8b Merge pull request #6368 from nextcloud/backport-5436-fix-group-check
[stable12] Fix group check on share provider
2017-09-06 17:19:15 +02:00
Lukas Reschke e1e248aeb8 Merge pull request #6357 from nextcloud/swift-tmpfiles-12
[12] Remove tmpFiles Array in Swift.php
2017-09-06 17:17:36 +02:00
Roeland Jago Douma dbcd549e35
Fix login with basic auth
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-09-06 17:07:11 +02:00
Nextcloud bot ba71df12cc
[tx-robot] updated from transifex 2017-09-06 00:08:30 +00:00
Morris Jobke f1bbef392f Merge pull request #6366 from nextcloud/backport-6358-email-update
Backport email update
2017-09-05 20:57:06 +02:00
Jan-Philipp Litza b35c039b77
Fix 500 Internal Server Error on writing
In some not yet completely determined configurations, the following error could occur while writing a file:

Error: Call to a member function getUsers() on null
    /var/www/nextcloud/lib/private/Share20/Manager.php - line 1277: OC\Share20\DefaultShareProvider->getAccessList(Array, true)
    /var/www/nextcloud/lib/private/Share20/ShareHelper.php - line 51: OC\Share20\Manager->getAccessList(Object(OC\Files\Node\Folder), true, true)
    /var/www/nextcloud/apps/activity/lib/FilesHooks.php - line 616: OC\Share20\ShareHelper->getPathsForAccessList(Object(OC\Files\Node\File))
    /var/www/nextcloud/apps/activity/lib/FilesHooks.php - line 196: OCA\Activity\FilesHooks->getUserPathsFromPath('/path/to/file', 'user')
    /var/www/nextcloud/apps/activity/lib/FilesHooks.php - line 157: OCA\Activity\FilesHooks->addNotificationsForFileAction('/path/to/file', 'file_changed', 'changed_self', 'changed_by')
    /var/www/nextcloud/apps/activity/lib/FilesHooksStatic.php - line 55: OCA\Activity\FilesHooks->fileUpdate('/path/to/file')
    /var/www/nextcloud/lib/private/legacy/hook.php - line 106: OCA\Activity\FilesHooksStatic fileUpdate(Array)
    /var/www/nextcloud/lib/private/Files/View.php - line 1245: OC_Hook emit('OC_Filesystem', 'post_update', Array)
    /var/www/nextcloud/lib/private/Files/View.php - line 1173: OC\Files\View->runHooks(Array, '/path/to/file', true)
    /var/www/nextcloud/lib/private/Files/View.php - line 679: OC\Files\View->basicOperation('file_put_conten...', '/path/to/file', Array, '<?xml version="...')
    /var/www/nextcloud/lib/private/Files/Node/File.php - line 64: OC\Files\View->file_put_contents('/path/to/file', '<?xml version="...')
    [...]

Signed-off-by: Jan-Philipp Litza <janphilipp@litza.de>
2017-09-05 17:31:39 +02:00
Morris Jobke c0692abee7
Fix tests
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-09-05 16:04:29 +02:00
Joas Schilling 6428359820
Fix unit tests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-05 16:04:17 +02:00
Joas Schilling 6e7c37cbd3
Merge setMetaData into constructor
This ensures that the meta data is set in the beginning

Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-05 16:04:09 +02:00
Joas Schilling 54faa09b4d
Set the meta data before everything
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-05 16:03:57 +02:00
Joas Schilling 6aa707de42
Fix naming of user id in email meta data
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-05 16:03:50 +02:00
Morris Jobke ec00e4b001
Implement metadata for email templates of remaining emails
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-09-05 16:03:40 +02:00
Nextcloud bot 42b46ead67
[tx-robot] updated from transifex 2017-09-05 00:08:33 +00:00
Julius Härtl 9bcf90adc8
Cleanup theming styles to fit the new login page
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-09-04 15:59:46 +02:00
Julius Härtl ed11c0d6e2
Fix tests for primary element color
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-09-04 15:59:40 +02:00
Julius Härtl 0f2f19c65f
Use separate element color in theming
This way we can use a grey color when the primary color is to bright

Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-09-04 15:50:33 +02:00
Christopher Bartz 222ec97f5f
Remove tmpFiles Array in Swift.php
tmpFiles Array is unnecessary and there has been
a reference without an assignment which lead to a bug making swift external
storage unuseable.
2017-09-04 14:54:13 +02:00
blizzz ebadf2f21d Merge pull request #6355 from nextcloud/6221-12
[stable12] Correctly format OCS response with favorites
2017-09-04 12:52:44 +02:00
Morris Jobke 274b72f223 Merge pull request #6333 from nextcloud/new-dav-event-stable12
[stable12] add a new dav event to allow apps to register their own sabredav plugins
2017-09-04 11:57:22 +02:00
Roeland Jago Douma 38548a7006
Correctly format OCS response with favorites
The helper funtion did not handle the response correctly and basically
only returned the last share with tags.

This is a simple rewrite. That is still understandable. Loops maybe more
than strictly required. But preformance is not the issue here.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-09-04 11:49:19 +02:00
Nextcloud bot c5950bd8f8
[tx-robot] updated from transifex 2017-09-03 00:08:24 +00:00
Nextcloud bot fe2f9ac7ce
[tx-robot] updated from transifex 2017-09-02 00:08:39 +00:00
Bjoern Schiessle 38a60e44db
also allow to register additional plugins if the old endpoint is used
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-09-01 12:07:05 +02:00
Bjoern Schiessle 8e1d33369b
add a new dav event to allow apps to register their own sabredav plugins
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-09-01 12:06:55 +02:00
Nextcloud bot a8f4b1ee52
[tx-robot] updated from transifex 2017-09-01 00:08:36 +00:00
Roeland Jago Douma faffebc718
Improve 2FA
* Store the auth state in the session so we don't have to query it every
time.
* Added some tests

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-31 10:54:10 +02:00
Nextcloud bot 0ba7914d0c
[tx-robot] updated from transifex 2017-08-31 00:08:40 +00:00
Morris Jobke 8bc95d3449 Merge pull request #6285 from nextcloud/generate-system-wide-key-pair-12
Generate system wide key pair
2017-08-30 21:31:31 +02:00
Morris Jobke 6704e89c5a Merge pull request #5841 from nextcloud/bugfix-stable12/2855/dont_send_invitations_for_past_events
[stable12] dont send invitations for past events
2017-08-30 21:01:32 +02:00
Bjoern Schiessle b53587cf8d
update autoloader
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-08-30 20:36:48 +02:00
Bjoern Schiessle 181c77ca87
move repair step to stable12
because we decided to backport it the repair step needs to be executed
already on stable12

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-08-30 20:36:47 +02:00
Roeland Jago Douma 52833704d5
Bump version
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-30 20:36:47 +02:00
Bjoern Schiessle 3e6833f5a6
add prefix to user and system keys to avoid name collisions
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-08-30 20:36:10 +02:00
Bjoern Schiessle 5f49398e13
extend the identity proof manager to allow system wide key pairs
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-08-30 20:36:10 +02:00