Env-based SAML uses the "Apache auth" mechanism to log users in. In this
code path, we first delete all existin auth tokens from the database,
before a new one is inserted. This is problematic for concurrent
requests as they might reach the same code at the same time, hence both
trying to insert a new row wit the same token (the session ID). This
also bubbles up and disables user_saml.
As the token might still be OK (both request will insert the same data),
we can actually just check if the UIDs of the conflict row is the same
as the one we want to insert right now. In that case let's just use the
existing entry and carry on.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
normally this shouldn't be a problem, but cache/storage desync might cause this
so this adds some failsafe to ensure we dont corrupt the cache further
the minimum value is set to -1 instead of 0 in order to triger a background scan
on the folder and figure out the size properly
Signed-off-by: Robin Appelman <robin@icewind.nl>
* Order the imports
* No leading slash on imports
* Empty line before namespace
* One line per import
* Empty after imports
* Emmpty line at bottom of file
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Incoming shares are no longer automatically added to the file list of
the sharee. Instead, the user now needs to explictly accept the share.
Currently shares can be accepted only from the Notifications app, so it
must be explicitly cloned before installing Nextcloud if it is not found
in the "apps" directory. Note that the development branches are already
built, so there is no need to explicitly build the app.
With the new sharing behaviour the "share a skeleton file with another
user before first login" scenario is no longer valid (as the user will
need to log in to accept the share, so at that point the skeleton is
already created), so it was removed.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Since Nextcloud 17 the proper name for the old built-in notifications is
"Toast". Moreover, this will reduce ambiguity when using the
"notification" term to refer to elements in the Notifications app.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Resolves Issue #17885
Check getRedirectUri() for queries, and add a '&' instead of a '?' to $redirectUri if it already has them; otherwise, $redirectUri might end up with two '?'.
Signed-off-by: RussellAult <russellault@users.noreply.github.com>
There is no difference (as far as I know) between running the acceptance
tests on PHP 7.1 or on PHP 7.3; this is simply a preparatory step to be
ready when PHP 7.1 support is dropped in Nextcloud server.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Avoids directly getting the token again. We just inserted it so it and
have all the info. So that query is just a waste.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
the target storage doesn't need additional handling for wrappers as the wrappers implementation of moveFromStorage already deals with that
Any storage based on local storage isn't affected by this as local storage already has it's own way of handling with this
Signed-off-by: Robin Appelman <robin@icewind.nl>
Instead of one big monolitic sections this is the first step in breaking
down the settings. This should make is easiet to see what does what. As
well as nicely splitting up the sections.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Now the link share menu is not automatically opened after a link share
is created, so waiting until it was opened failed in iShareTheLinkFor.
Note that the steps that interact with the link share menu take care
themselves of showing the menu if needed, so there is no need to
explicitly show it despite the change. Also, the waiting in
iShareTheLinkFor was introduced when the link share menu was changed
to automatically open after creating a link share, as that caused some
issues with the steps that opened the menu by themselves (fec8d12fc5).
Due to all this, now that the link share menu is again not automatically
opened the wait can be simply removed.
Signed-off-by: Greta Doci <gretadoci@gmail.com>
Although uncommon, in some cases a Context may need to be extended (for
example, to override a step defined in the server with a specific
behaviour in the acceptance tests of an app); in those cases the
subclass should be able to access the actor attribute defined in the
Context it is extending.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
As documented, the default value for config value proxyuserpwd is ''.
However, that value results in the error:
"cURL error 5: Unsupported proxy syntax in '@'".
This patch handles the values of '' and null (the default in the code)
the same for config values proxyuserpwd and proxy.
Signed-off-by: Scott Shambarger <devel@shambarger.net>
So fun fact. Chrome considers a redirect after submitting a form part of
the form actions. Since we redirect to a new protocol (nc://login/).
Causing the form submission to work but the redirect failing hard.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This adds the events and the classes to modify the feature policy.
It also adds a default restricted feature policy.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Since federated shares have their permissions set on the node, we do not need
to check for parent share permissions. Otherwise reshares of incoming federated
have no permission variable defined and creating them will fail
Signed-off-by: Julius Härtl <jus@bitgrid.net>
There is no need to log the expcetion of most of the stuff here.
We should properly log them but an exception is excessive.
This moves it to a proper exception which we can catch and then log.
The other exceptions will still be fully logged.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
With upcoming work for the feature policy header. Splitting this in
smaller classes that just do 1 thing makes sense.
I rather have a few small classes that are tiny and do 1 thing right
(and we all understand what is going on) than have big ones.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
The userid is not relevant here, and by default cannot be used to login
with. Typically, there is a common type of login names in organizations
(LDAP username or email most often) that does not need to be disclosed.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Allow passing a nonce from the web server, allowing the possibility to enforce a strict CSP from the web server.
Signed-off-by: Sam Bull <git@sambull.org>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This is bit hacky but a start to lock the SCSS compiler properly
Retry during 10s then give up
Properly get error message
Do not clear locks and properly debug scss caching
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This introduces and event that can be listend to when we actually use
the CSP. This means that apps no longer have to always inject their CSP
but only do so when it is required. Yay for being lazy.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
the main difference is passing the `File` object to the provider
instead of a `View` + path
Old providers will still continue to work as before
Signed-off-by: Robin Appelman <robin@icewind.nl>
Otherwise the output would just read "Failed asserting that true is
false." or "Failed asserting that false is true.", which is not very
informative when there are several assertFalse/True in a row.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
The old notifications were added as ".row" elements to the
"#notification-container" element; the new notifications based on
toastify are added as ".toastify .on .toast..." elements to the
"#content" element. Besides that, they also include a span element with
an X to close the notification, so now only the first child text node
should be compared to the expected message.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
This avoids calls to the autoloader (or chain of autoloaders) to see if
for example 'principalPrefix' class can be found. While we already know
it is a string.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
The header is the full http header like: HTTP/1.1 304 Not Modified
So comparing this to an int always yields false
This also makes the 304 RFC compliant as the resulting content length
should otherwise be the length of the message and not 0.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
This allows a user to mark a token for remote wipe.
Clients that support this can then wipe the device properly.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Once 2FA is enforced for a user and they have no 2FA setup yet this will
now prompt them with a setup screen. Given that providers are enabled
that allow setup then.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Changed the implementation for getProxyUri with
fd1d85365c
If proxy is already null then we don't ask for proxyuserpwd. Test
failed because we expected getSystemValue to be called once with
proxyuserpwd
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
For #14179
By default responses should have the strictest (and simplest) CSP
possible. Only template responses should require an actual CSP.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
File names are no longer shown directly in the ".filename" element, but
split in two "span" elements inside a ".filename-parts" element, so now
the texts in those span elements need to be concatenated to get the file
name.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Fixes#14793
This is caused by the mess we have with OC\Settings mapping to settings
and lib/private/Settings.
Anyway this is the quick fix. Moving stuff around for 17 seems better.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
The bundle acceptance tests fails after #14578 sometimes. This is
because of a race condition. not all apps have compatible 16 versions
yet. So trying to enable them results in those apps doing 💥.
Because of #14578 we do show them now. So we try to enable them. However
depending on which requests finishes first the disable button for the
audit app either shows up or now.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* tests/acceptance/features/login.feature:15
<details><summary>Show full log</summary>
```
Scenario: log in with valid user and invalid password once fixed by admin # /drone/src/github.com/nextcloud/server/tests/acceptance/features/login.feature:15
Given I act as John # ActorContext::iActAs()
And I can not log in with user user0 and password 654231 # LoginPageContext::iCanNotLogInWithUserAndPassword()
When I act as Jane # ActorContext::iActAs()
And I am logged in as the admin # LoginPageContext::iAmLoggedInAsTheAdmin()
And I open the User settings # SettingsMenuContext::iOpenTheUserSettings()
And I set the password for user0 to 654321 # UsersSettingsContext::iSetTheFieldForUserTo()
And I act as John # ActorContext::iActAs()
And I log in with user user0 and password 654321 # LoginPageContext::iLogInWithUserAndPassword()
Then I see that the current page is the Files app # FilesAppContext::iSeeThatTheCurrentPageIsTheFilesApp()
Failed asserting that 'http://acceptance-login/index.php/login?user=user0' starts with "http://acceptance-login/index.php/apps/files/".
```
</details>
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Fails with:
* tests/acceptance/features/app-files.feature:90
<details><summary>Show full log</summary>
```
Scenario: show favorites # /drone/src/github.com/nextcloud/server/tests/acceptance/features/app-files.feature:90
Given I am logged in # LoginPageContext::iAmLoggedIn()
And I mark "welcome.txt" as favorite # FileListContext::iMarkAsFavorite()
When I open the "Favorites" section # AppNavigationContext::iOpenTheSection()
Then I see that the current section is "Favorites" # AppNavigationContext::iSeeThatTheCurrentSectionIs()
Then I see that the file list contains a file named "welcome.txt" # FileListContext::iSeeThatTheFileListContainsAFileNamed()
Row for file welcome.txt in file list could not be found after 100 seconds (NoSuchElementException)
```
</details>
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Fails with:
* tests/acceptance/features/apps.feature:66
<details><summary>Show full log</summary>
```
Scenario: Show section from app store # /drone/src/github.com/nextcloud/server/tests/acceptance/features/apps.feature:66
Given I act as Jane # ActorContext::iActAs()
And I am logged in as the admin # LoginPageContext::iAmLoggedInAsTheAdmin()
And I open the Apps management # SettingsMenuContext::iOpenTheAppsManagement()
And I see that the current section is "Your apps" # AppNavigationContext::iSeeThatTheCurrentSectionIs()
When I open the "Files" section # AppNavigationContext::iOpenTheSection()
Files section item in App Navigation could not be found after 100 seconds (NoSuchElementException)
Then I see that there some apps listed from the app store # AppsManagementContext::iSeeThatThereSomeAppsListedFromTheAppStore()
And I see that the current section is "Files" # AppNavigationContext::iSeeThatTheCurrentSectionIs()
```
</details>
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Fails with:
* tests/acceptance/features/app-files-tags.feature:42
<details><summary>Show full log</summary>
```
Scenario: add tags using the dropdown in the details view # /drone/src/github.com/nextcloud/server/tests/acceptance/features/app-files-tags.feature:42
Given I am logged in as the admin # LoginPageContext::iAmLoggedInAsTheAdmin()
And I visit the settings page # SettingsMenuContext::iVisitTheSettingsPage()
And I open the "Tag management" section # AppNavigationContext::iOpenTheSection()
And I see that the button to select tags is shown # SettingsContext::iSeeThatTheButtonToSelectTagsIsShown()
And I create the tag "tag1" in the settings # SettingsContext::iCreateTheTagInTheSettings()
And I create the tag "tag2" in the settings # SettingsContext::iCreateTheTagInTheSettings()
And I create the tag "tag3" in the settings # SettingsContext::iCreateTheTagInTheSettings()
And I create the tag "tag4" in the settings # SettingsContext::iCreateTheTagInTheSettings()
And I see that the dropdown for tags in the settings eventually contains the tag "tag1" # SettingsContext::iSeeThatTheDropdownForTagsInTheSettingsEventuallyContainsTheTag()
And I see that the dropdown for tags in the settings eventually contains the tag "tag2" # SettingsContext::iSeeThatTheDropdownForTagsInTheSettingsEventuallyContainsTheTag()
And I see that the dropdown for tags in the settings eventually contains the tag "tag3" # SettingsContext::iSeeThatTheDropdownForTagsInTheSettingsEventuallyContainsTheTag()
And I see that the dropdown for tags in the settings eventually contains the tag "tag4" # SettingsContext::iSeeThatTheDropdownForTagsInTheSettingsEventuallyContainsTheTag()
And I log out # SettingsMenuContext::iLogOut()
And I am logged in # LoginPageContext::iAmLoggedIn()
And I open the details view for "welcome.txt" # FileListContext::iOpenTheDetailsViewFor()
And I open the input field for tags in the details view # FilesAppContext::iOpenTheInputFieldForTagsInTheDetailsView()
When I check the tag "tag2" in the dropdown for tags in the details view # FilesAppContext::iCheckTheTagInTheDropdownForTagsInTheDetailsView()
And I check the tag "tag4" in the dropdown for tags in the details view # FilesAppContext::iCheckTheTagInTheDropdownForTagsInTheDetailsView()
Then I see that the tag "tag2" in the dropdown for tags in the details view is checked # FilesAppContext::iSeeThatTheTagInTheDropdownForTagsInTheDetailsViewIsChecked()
And I see that the tag "tag4" in the dropdown for tags in the details view is checked # FilesAppContext::iSeeThatTheTagInTheDropdownForTagsInTheDetailsViewIsChecked()
And I see that the input field for tags in the details view contains the tag "tag2" # FilesAppContext::iSeeThatTheInputFieldForTagsInTheDetailsViewContainsTheTag()
Failed asserting that false is true.
And I see that the input field for tags in the details view contains the tag "tag4" # FilesAppContext::iSeeThatTheInputFieldForTagsInTheDetailsViewContainsTheTag()
```
</details>
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
This adds the new login flow. The desktop client will open up a browser
and poll a returned endpoint at regular intervals to check if the flow
is done.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>