I saw instances where people had a lot of files (each with custom
properties) and all this prefetching blew up and started to consume an
insane amount of RAM resulting in the process getting killed.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
In PHP 7.X hexadecimal notation support was removed from "is_numeric",
so "sanitizeMtime" directly rejected those values; in PHP 5.X, on the
other hand, "sanitizeMtime" returned 0 when a string with hexadecimal
notation was given (as it was the behaviour of "intval"). To provide a
consistent behaviour between PHP versions, and given that it does not
make much sense to send X-OC-MTime in hexadecimal notation, now
X-OC-MTime is always rejected if given as a string with hexadecimal
notation.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Directly calling "header" in the PHPUnit process causes the "Cannot
modify header information - headers already sent by" error to be thrown.
Instead of running the test in a separate process, which is slower, this
commit wraps the call to "header" in a method that can be mocked in the
tests.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
This commit is based on the commits from pull request 28066 (included in
018d45cad97e0) from ownCloud by Artur Neumann and Phil Davis.
Unit tests are currently run only on systems that support negative
mtimes, so no special handling of negative values was included in the
tests to keep the test code more manageable.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
This will be used in a following commit to test how the X-OC-MTime
header is handled.
This commit is based on the "make File::put() more testable" commit
(included in 018d45cad97e0) from ownCloud by Artur Neumann.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Until now it was safe to assume that every file was readable by its
owner, so there was no need to return whether the file was readable or
not. However, with the introduction of end to end encryption that is no
longer the case, and it is now necessary to explicitly provide that
information.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Overrides \Sabre\DAV\Auth\Backend\AbstractBearer::challenge to prevent sending a second WWW-Authenticate header which is standard-compliant but most DAV clients simply fail hard.
Fixes https://github.com/nextcloud/server/issues/5088
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Sabre usually deletes the target node on MOVE before proceeding with the
actual move operation. This fix prevents this to happen in case the
source node is a FutureFile.
If a group contains a slash the principal URI becomes
principals/groups/foo/bar. Now the URI is plit on '/' so this creates
issues ;)
Fixes#2957
* Add tests for groups with /
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Single user mode basically disables WebDAV, OCS and cron execution. Since
we heavily rely on WebDAV and OCS also in the web UI it's basically useless.
An admin only sees a broken interface and can't even change any settings nor
sees any files. Also sharing is not possible.
As this is at least the case since Nextcloud 9 and we haven't received any
reports for this it seems that this feature is not used at all so I removed it.
The encryption commands now rely on the well tested maintenance mode.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* fixed size issues on main detail view and disappearing of share recipients
* Changes due to code comments
* Moved reloadProperties() to FileInfoModel
* Solved Scrutinizer issues
* Bugfix: undefined value used on error
* check if options are set for FileInfoModel.initialize()
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Use firstLogin event to trigger creation of default calendar and default address book
Delay login of admin user after setup so that firstLogin event can properly be processed for the admin
Fixing tests ...
Skeleton files are not copied over -> only 3 cache entries are remaining
Use updateLastLoginTimestamp to properly setup lastLogin value for a test user
* Update sabre/dav to 3.2.0
* Adjust code to work with sabre/dav 3.2.0 and it's dependencies
* Adding own CalDAV plugin to fix calendar home property
* Test if there is a user logged in when listing files home
* Update sabre version used by integration tests
* Disable unauthenticated DAV access
This is needed to make Sabre 3.2 behave like we did before.
Eventually we should integrate better with the ACL plugin which itself
should implement an auth failure when appropriate.
=====
* Fixed so cherry-pick was succesfull
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Removes the need for POST to collection which would hit against upload
limits.
The client tries to auto rename the file by adding a suffix "(2)".
It tries to use the file list on the client side to guess a
suitable name. In case a file still cannot be uploaded and creates a
conflict, which can happen when the file was concurrently uploaded, the
logic will continue increasing the suffix.
- uses PUT method with jquery.fileupload for regular and public file
lists
- for IE and browsers that don't support it, use POST with iframe
transport
- implemented Sabre plugin to handle iframe transport and redirect the
embedded PUT request to the proper handler
- added RFC5995 POST to file collection with "add-member" property to
make it possible to auto-rename conflicting file names
- remove obsolete ajax/upload.php and obsolete ajax routes
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add more files plugins to new DAV endpoint
Also fix report plugin to properly retrieve the path from the
prolongated URL
* In case the report is not for this plugin -> simply return to allow other plugins to get executed
* Adjust onReport tests to match new behavior
Enhanced the REPORT method on the Webdav endpoint and added a
"oc:favorite" filter rule. When set, it will return a flat list of
results filtered with only favorite files.
The web UI was also adjusted to use this REPORT method instead of the
private API endpoint.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
The files home node must also return DAV properties like etag,
permissions, etc for the clients to work like they did with the old
endpoint.
This fix makes FilesHome extend the Sabre Directory class, this makes
the FilesPlugin and other plugins recognize it as a directory and will
retrieve the matching properties when applicable.
Downstream of https://github.com/owncloud/core/pull/26066
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
For owncloud/client#5056
Users can configure arbitrary subfolders for syncing, therefore we should
always return it when asked for.
The sync client makes sure to not always ask for it to save bandwidth.
This fixes infinite loops that are caused whenever a user is about to solve a 2FA
challenge, but the provider app is disabled at the same time. Since the session
value usually indicates that the challenge needs to be solved before we grant access
we have to remove that value instead in this special case.
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.
It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
Roeland Jago Douma
Georg Ehrke
Morris Jobke
Joas Schilling
Robin Appelman
Daniel Calviño Sánchez
Arthur Schiwon
Thomas Müller
Bjoern Schiessle
Lukas Reschke
Vincent Petry
Thomas Müller
Maxence Lange
Michael Jobst
Roeland Jago Douma
Robin Appelman
Joas Schilling
Markus Goetz
Christoph Wurst
Lukas Reschke
Christoph Wurst