IE11 triggers an 'input' event whenever an input is focussed
or loses focus. Thus this causes an endless loading loop as soon
as the view is re-rendered. To prevent this, this remembers the
previous search term and ignores events where the term has not
changed.
Fixes https://github.com/nextcloud/server/issues/5281
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
The seed of the image placeholder is needed to generate the background
color of the image, but as the background color is later overriden any
seed could be used. When no text is explicitly given the seed is used as
text too, so there is no need to pass the user ID and simply using "?"
as seed is enough.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
When calling the jQuery avatar plugin with a user that did not exist
(that is, users for which "/avatar/{user}/{size}" return a JSON response
with an empty "displayname" value) "?" on a grey background was shown.
However, if the jQuery avatar plugin was called with an undefined
JavaScript value then "?" was shown on a bluish background. This commit
unifies both cases to use the grey background.
The unit tests were also modified to ensure that the grey background is
used in both cases.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
If the share input field is unfocused, the autocomplete list is closed. Once
the field was focused again it was not properly opened again. This adds a
trigger to redo the search and show the results again.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
The pure CSS loading icon uses an ::after pseudo-element, and thus it
can only be used on container elements; the input element is not a
container element, so when the class "icon-loading-small" is set on an
input element it falls back to a loading icon GIF.
This commit modifies the markup of the login button to add a div element
that holds the confirm icon and the loading icon (depending on the
case). In order to position the icon in the same place as before the
input and the icon are both wrapped by another div making possible to
set the absolute position of the icon relative to the input.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
"select2-toggleselect.js" provides an extension to Select2 that makes
possible to unselect items in a multi-select dropdown by clicking on
them. It seems that its load slipped through when moving things around
in commit 6a470e59356b8c52115fe2790666027f38977604; this commit adds it
to the JavaScript files to be loaded in the same position that it should
have had in that commit (based on how the other declarations were
moved).
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
The sort comparator checks the "isFavorite" property of the FileInfo
objects to compare. That property is set when the file list is loaded
and the response from the server is parsed, and thus a freshly loaded
file list has the proper sorting for favorite files. However, the
property is not set in other cases, like when the FileInfo objects are
derived from FileInfoModels due to a file being marked as a favorite or
a text editor being closed, which causes the file to be sorted in the
wrong position.
There is no need to add the property in those situations, though; in all
cases the TagsPlugin adds a "tags" array property that contains an
OC.TAG_FAVORITE tag, so that tag can be checked instead of "isFavorite".
Moreover, although "isFavorite" was added by the main "_parseFileInfo"
function it did not really belong there but to the "FileInfoParser" from
the TagsPlugin; however, as that property now is not used anywhere it
was removed altogether.
A cleaner solution would have been to make the sort comparator
extensible by plugins like other behaviours of the file list and then
add the sorting logic related to favorite files to the TagsPlugin.
However, right now only the TagsPlugin would need to alter the main
sorting logic, and it seems like a corner case anyway. Even if it is
implemented as a plugin, favorite files is a core feature, so for the
time being it will be taken into account directly in the main sorting
logic; making the sort comparator extensible by plugins is defered until
there are other use cases for that.
Fixes#5410
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Fixed typo and removed doclink symbol.
Reported at transifex
Update util.php
Another l10n improvement from transifex.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* share a file/fodler by public link and click the
copy to clipboard icon and watch the tooltip
* before: it said "Copy"
* after: it now says "Copied" after clicking the button
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* they do calls against core/ajax/share.php which doesn't exist anymore
* also the methods are not called in any of our apps or any of the apps in the appstore
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
We do not want to have sensitive information in the URL and
therefore also not in the access log. Thus the GET request is
replaced by a POST request.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
When we test wheter action menus in the contacts menu close
when clicking other ones, we have to provide test data
that actually causes the view to render the menu.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
This implements the basics for the new app-password based authentication flow for our clients.
The current implementation tries to keep it as simple as possible and works the following way:
1. Unauthenticated client opens `/index.php/login/flow`
2. User will be asked whether they want to grant access to the client
3. If accepted the user has the chance to do so using existing App Token or automatically generate an app password.
If the user chooses to use an existing app token then that one will simply be redirected to the `nc://` protocol handler.
While we can improve on that in the future, I think keeping this smaller at the moment has its advantages. Also, in the
near future we have to think about an automatic migration endpoint so there's that anyways :-)
If the user chooses to use the regular login the following happens:
1. A session state token is written to the session
2. User is redirected to the login page
3. If successfully authenticated they will be redirected to a page redirecting to the POST controller
4. The POST controller will check if the CSRF token as well as the state token is correct, if yes the user will be redirected to the `nc://` protocol handler.
This approach is quite simple but also allows to be extended in the future. One could for example allow external websites to consume this authentication endpoint as well.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Before, the icon appeared below the text input for the password. Now, it
appears inside the text input, to the right end.
The CSS was adjusted based on other icons shown in that position for
other text inputs in the Share tab view, like the information icon or
the clipboard icon.
Fixes#4135
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
When a request to set the password of a shared link is sent a working
icon is shown. However, as there was no "success" callback, the icon was
never hidden again after successfully setting the password (it worked
fine if there was an error, though).
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Calls to `sinon.stub(obj, 'meth', fn)` are deprecated and therefore
replaced by `sinon.stub(obj, 'meth).callsFake(fn)` as instructed by
the deprecation warning.
This makes the js unit testing output readable again.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Fixes#1330
userA shares a file to userB
userB shares that file to userC
userA can see both userB and userC.
Now they can also see that userB shared it to user C
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
works like "enforce password protection", but let the
user optionally remove the password protection after the
password is set.
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
Fixes#4087
Because of fancy javascript if a full numeric uid was used javascript
would convert this to an int. Now we just convert everything to a string
first.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
There is a bunch of javascript we always load from vendors. This
combines this into 1 javascript file. Which reduces the number of
request by ~10.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
test files against ignore_files list on upload
fix typo and indentation
Move blacklist declaration to lib/public/Files/FileInfo.php,
Rename *ignored to *blacklisted
Mocked blacklist_files for testing
Mocked blacklist_files for testing
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Write method overriding extension
Add a list of unknowns while inputting a search term
Rename OCA.Share extension point
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Usually Backbone collections cannot be created and just simply exists.
But in the Webdav world they need to be creatable.
This enhancement makes it possible to use a Backbone Model to represent
such collections and when creating it, it will use MKCOL instead of PUT.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Disable execution of eval in jQuery. We do require an allowed eval CSP
configuration at the moment for handlebars et al. But for jQuery there is
not much of a reason to execute JavaScript directly via eval.
This thus mitigates some unexpected XSS vectors. As example try to insert
`$('.fileinfo').html('<a href="asd"><script>alert(1)</script></a>');`
with and without this patch in your browsers JS console when the file list
is opened.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
This mitigates issues where developers pass untrusted user-input through t() which may lead to XSS issues.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* If there are social sharing buttons move them and the copy action to a
menu
* If there are no social sharing buttons just leave the copy action
where it is directly
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>