mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
50,177 Commits 349 Branches 696 Tags 1.6 GiB
Commit Graph

5288 Commits

Author SHA1 Message Date
Roeland Jago Douma 2e2d1b6b5c
Merge pull request #16592 from nextcloud/bugfix/noid/federated-reshare 
Fix permission check on incoming federated shares
 2019-08-01 10:55:35 +02:00
Roeland Jago Douma cf647451e5
Update CSP test cases to handle the new form-action 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-07-31 15:16:10 +02:00
Julius Härtl 22b81ac1e4
Fix permission check on incoming federated shares 
Since federated shares have their permissions set on the node, we do not need
to check for parent share permissions. Otherwise reshares of incoming federated
have no permission variable defined and creating them will fail

Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2019-07-31 12:59:51 +02:00
Roeland Jago Douma 436f7b92d5
Merge pull request #16544 from nextcloud/bugfix/16540 
Add missing password reset page to vue
 2019-07-31 11:02:20 +02:00
Julius Härtl 3b0d13944a
Move actual password reset to vue 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2019-07-31 09:19:07 +02:00
Joas Schilling d4eb8481fa
Merge pull request #16594 from nextcloud/tech-debt/noid/remove-unused-checkPasswordProtectedShare 
Remove unused OC\Share\Share::checkPasswordProtectedShare
 2019-07-30 09:58:38 +02:00
Roeland Jago Douma 135209f24e
Merge pull request #16579 from nextcloud/enh/PostLoginEvent 
Add proper PostLoginEvent
 2019-07-30 08:54:10 +02:00
Morris Jobke e21f440990
Merge pull request #16502 from nextcloud/bugfix/16474 
Check the if we can actually access the storage cache for recent files
 2019-07-29 16:59:26 +02:00
Roeland Jago Douma 0ea7fbae54
Update tests 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-07-29 16:31:40 +02:00
Morris Jobke 98237d2a00
Remove unused OC\Share\Share::checkPasswordProtectedShare 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2019-07-29 15:23:21 +02:00
Roeland Jago Douma 51197ac622
Merge pull request #16582 from nextcloud/enh/split_up_security_middleware 
Split up security middleware
 2019-07-29 12:13:55 +02:00
Roeland Jago Douma b6dd2ebd39
Use proper exception in lostController 
There is no need to log the expcetion of most of the stuff here.
We should properly log them but an exception is excessive.

This moves it to a proper exception which we can catch and then log.
The other exceptions will still be fully logged.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-07-27 20:12:16 +02:00
Roeland Jago Douma 37a4282c7a
Split up security middleware 
With upcoming work for the feature policy header. Splitting this in
smaller classes that just do 1 thing makes sense.

I rather have a few small classes that are tiny and do 1 thing right
(and we all understand what is going on) than have big ones.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-07-27 16:11:45 +02:00
Morris Jobke 2e803dc3d3
Merge pull request #16555 from nextcloud/fix/16529/mask-keys 
use a pattern to identify sensitive config keys
 2019-07-26 15:15:56 +02:00
Morris Jobke 71e5300f84
Merge pull request #16551 from nextcloud/fix/12735/displayname-email 
supresses disclosing the userid for LDAP users in the welcome mail
 2019-07-26 15:14:59 +02:00
Arthur Schiwon 78201bcb72
treat sensitive config keys by pattern 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2019-07-26 13:31:14 +02:00
Roeland Jago Douma 0487144b26
Remove deprecated searchByTag 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-07-26 12:29:19 +02:00
Arthur Schiwon 898430b6b1
supresses disclosing the userid for LDAP users in the welcome mail 
The userid is not relevant here, and by default cannot be used to login
with. Typically, there is a common type of login names in organizations
(LDAP username or email most often) that does not need to be disclosed.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2019-07-26 10:48:34 +02:00
Julius Härtl 3674f6fa2d
Check the if we can actually access the storage cache for recent files 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2019-07-24 14:01:24 +02:00
Morris Jobke d5b524ae07
Merge pull request #16492 from nextcloud/enh/exclude-rnd-files 
Exclude .rnd files from integrity check
 2019-07-23 14:57:55 +02:00
Daniel Kesselberg 8bed3021bd
Exclude .rnd files from integrity check 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2019-07-21 20:29:11 +02:00
Sam Bull ea935f65fd
Add support for CSP_NONCE server variable 
Allow passing a nonce from the web server, allowing the possibility to enforce a strict CSP from the web server.

Signed-off-by: Sam Bull <git@sambull.org>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-07-18 12:16:29 +02:00
Morris Jobke 5b604eaeab
Merge pull request #15040 from nextcloud/feature/13980/push-for-deleted-notifications 
Notifications overhaul
 2019-07-17 20:22:03 +02:00
Morris Jobke 782554d2ac
Merge pull request #16075 from nextcloud/bugfix/15823/app-restricted-groups 
Remove deleted groups from app restrictions fixes #15823
 2019-07-17 17:36:00 +02:00
Morris Jobke 99f2c82222
Properly inject the logger 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2019-07-16 22:38:14 +02:00
Joas Schilling 565838da9c
Update unit tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2019-07-16 13:32:44 +02:00
Joas Schilling 55f5bc79a1
Keep the old method as a fallback and adjust the tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2019-07-16 11:36:32 +02:00
Roeland Jago Douma f8aeef7ae9
Lock SCSS so we only run 1 job at a time 
This is bit hacky but a start to lock the SCSS compiler properly
Retry during 10s then give up
Properly get error message
Do not clear locks and properly debug scss caching

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-07-12 16:18:02 +02:00
Roeland Jago Douma c193c0d466
Merge pull request #16331 from nextcloud/feature/noid/talk-guest-mentions 
Allow guest mentions of talk to be parsed
 2019-07-12 10:35:54 +02:00
Joas Schilling 092d34d9df
Add a unit test for guests as well 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2019-07-11 10:24:27 +02:00
Morris Jobke 5c21b29d7f
Merge pull request #16308 from nextcloud/fix/undefined-offset-0 
Prevent undefined offset 0 in findByUserIdOrMail
 2019-07-10 12:16:36 +02:00
Daniel Kesselberg d57540ac84
Return first value from $users 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2019-07-09 19:29:14 +02:00
Roeland Jago Douma 6a088d6800
Merge pull request #16310 from nextcloud/enh/drop-execution-context 
Don't send executionContexts for Clear-Site-Data
 2019-07-09 19:20:50 +02:00
Daniel Kesselberg 6235a66aac
Don't send executionContexts for Clear-Site-Data 
There are plans to remove executionContexts from the spec: https://github.com/w3c/webappsec-clear-site-data/issues/59

Firefox already removed it https://bugzilla.mozilla.org/show_bug.cgi?id=1548034

Chromium implementation is not finish: https://bugs.chromium.org/p/chromium/issues/detail?id=898503&q=clear-site-data&sort=-modified&colspec=ID%20Pri%20M%20Stars%20ReleaseBlock%20Component%20Status%20Owner%20Summary%20OS%20Modified

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2019-07-09 15:08:25 +02:00
Christoph Wurst d058ef2b6c
Make it possible to wipe all tokens/devices of a user 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2019-07-09 13:57:04 +02:00
Christoph Wurst 1c261675ad
Refactor: move remote wipe token logic to RW service 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2019-07-09 13:39:27 +02:00
Roeland Jago Douma 5cef8957b5
Merge pull request #15730 from nextcloud/enh/14179/event_for_csp 
Add an event to edit the CSP
 2019-07-09 10:59:15 +02:00
Roeland Jago Douma 5ac857bcdc
Add an event to edit the CSP 
This introduces and event that can be listend to when we actually use
the CSP. This means that apps no longer have to always inject their CSP
but only do so when it is required. Yay for being lazy.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-07-08 20:35:15 +02:00
Morris Jobke 53d2d95478
Remove one time repair steps that have already run when updating to 17 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2019-07-08 14:47:26 +02:00
John Molakvoæ 5a03189ce7
Mimetype list integrity check should not fail if it's changed (#15810) 
Mimetype list integrity check should not fail if it's changed
 2019-07-07 20:01:58 +02:00
Xheni Myrtaj 9211e34aec
Added Tests for modified mimetypelist 
Signed-off-by: Xheni Myrtaj <myrtajxheni@gmail.com>
 2019-07-04 09:35:36 +01:00
Julius Härtl 857fae288c
Always set the display name for user shares 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2019-07-03 21:34:18 +02:00
Joas Schilling 85a80b05ac
Unify the permission checking in one place only 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2019-07-03 16:34:00 +02:00
Joas Schilling e4addbae3e
Better check reshare permissions when creating a share 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2019-07-03 14:00:13 +02:00
Christoph Wurst c50fe2a9c9
Send emails when remote wipe starts/finishes 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2019-07-02 21:59:23 +02:00
Georg Ehrke 9f7fca49bb
Merge pull request #15775 from nextcloud/refactor/decouple-remote-wipe-notifications 
Decouple remote wipe notifcation channels with events
 2019-07-02 08:58:21 +00:00
Julius Härtl 5db328cc15
Remove fs package 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2019-07-01 11:24:58 +02:00
Roeland Jago Douma 2c449469d3
Merge pull request #16070 from nextcloud/fix/setup-check-no-internet-no-error 
Do not show a internet connectivity warning if internet access is dis…
 2019-06-28 10:54:29 +02:00
Greta Doci 5898e87e0f Remove deleted groups from app restrictions fixes #15823 
Signed-off-by: Greta Doci <gretadoci@gmail.com>
 2019-06-27 20:17:50 +02:00
Christoph Wurst aa6622ccef Decouple remote wipe notifcation channels with events 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2019-06-27 17:16:18 +02:00