Commit Graph

490 Commits

Author SHA1 Message Date
Lukas Reschke e2453d78c0 Properly catch whether a share is `null`
Despite it's PHPDoc the function might return `null` which was not properly catched and thus in some situations the share was resolved to the sharing users root directory.

To test this perform the following steps:

* Share file in owncloud 7 (7.0.4.2)
* Delete the parent folder of the shared file
* The share stays is in the DB and the share via the sharelink is inaccessible. (which is good)
* Upgrade to owncloud 8 (8.0.2) (This step is crucial. The bug is not reproduceable without upgrading from 7 to 8. It seems like the old tokens are handled different than the newer ones)
* Optional Step: Logout, Reset Browser Session, etc.
* Access the share via the old share url: almost empty page, but there is a dowload button which adds a "/download" to the URL.
* Upon clicking, a download.zip is downloaded which contains EVERYTHING from the owncloud directory (of the user who shared the file)
* No exception is thrown and no error is logged.

This will add a check whether the share is a valid one and also adds unit tests to prevent further regressions in the future. Needs to be backported to ownCloud 8.

Adding a proper clean-up of the orphaned shares is out-of-scope and would probably require some kind of FK or so.

Fixes https://github.com/owncloud/core/issues/15097
2015-03-24 11:21:58 +01:00
Thomas Müller afa8872955 Merge pull request #14857 from owncloud/preview-provider-registration-in-manager
Preview provider registration in manager
2015-03-20 16:34:22 +01:00
Joas Schilling 7776e088d6 Group sharing activities by user/group and file respectively 2015-03-20 09:49:33 +01:00
Vincent Petry 5f7b3a4dbe Rename must be possible with update-only permission
and this as long as the rename is done within the same folder.
2015-03-19 21:55:56 +01:00
Robin Appelman be6edd465a Merge pull request #14537 from owncloud/oci-external-share
Fix external shares without password on oracle
2015-03-19 16:20:12 +01:00
Vincent Petry c2315aa015 Fix shared storage permission checks 2015-03-18 19:56:31 +01:00
Joas Schilling 8ebb198ef3 Add a unit test for the naming conflict on the mountpoint name 2015-03-17 16:55:03 +01:00
Joas Schilling ba3e4ede39 Use insertIfNotExists() instead of manual logic 2015-03-17 16:03:24 +01:00
Joas Schilling 05c4848954 Correctly get the unique mountpoint name when mounting the share
Previously the mount name was checked for uniqueness prior to inserting the
share. This caused problems, when two shares with the same name where done
or folder, mount point, local share with the same name was done, between
sending and accepting of the remote share
2015-03-17 16:03:24 +01:00
Lukas Reschke db033e4e19 Fix PHPDoc and Co.
Ref https://github.com/owncloud/core/pull/14929#discussion_r26501240
2015-03-17 10:37:09 +01:00
Vincent Petry b9d9405135 Fix scanFile signature warnings 2015-03-16 16:45:11 +01:00
Joas Schilling 47af533183 Move mimetype check from template to controller 2015-03-16 12:45:18 +01:00
Roeland Jago Douma e9a003fe21 Slight better formatting 2015-03-11 15:11:50 +01:00
Roeland Jago Douma 09ee297356 New array syntax 2015-03-11 15:02:55 +01:00
Roeland Jago Douma c985186246 Added new header 2015-03-11 15:02:55 +01:00
Roeland Jago Douma af76716775 Now added enabled element
This change allows for more generic parsing for the capabilities.
2015-03-11 15:02:55 +01:00
Roeland Jago Douma 39b0f0725e Add file_sharing info to capabilities
Display the capabilities regarding file sharing in the capabilities API.
This will allow the clients to provide users a better experince.
2015-03-11 15:02:55 +01:00
Joas Schilling 6a677ce8fe Do not make setupMounts() public just because of testing 2015-03-11 11:10:43 +01:00
Robin Appelman dcd2d7aff5 Add unit tests for external share mananger 2015-03-10 10:17:53 +01:00
Lukas Reschke 48243a2949 Allow iframes from same domain in share view
This is required because the PDF Viewer itself is embedded using an iframe from the same domain. The default policy is blocking this.

Going on further, we have to come up with a solution in the future how to handle previews by applications, one example might be that they call their own endpoint and not the generic share page to allow applications to have full control over how to display previews.

Anyways, to test this behaviour use a decent newer browser (such as Chrome 41) and share a PDF file, obviously the PDF viewer needs to be enabled as well. Without this patch publicly shared PDF files should not get previewed and an error is thrown. (if it isn't then your browser is probably not obeying our Content-Security-Policy and you might consider switching to another one ;))
2015-03-10 10:06:15 +01:00
Vincent Petry 4322287fc3 Fix size propagation over shared storage boundary 2015-03-05 22:23:47 +01:00
Robin Appelman c65c717379 Fix external shares without password on oracle 2015-02-27 13:22:57 +01:00
Thomas Müller f72f9e0159 Merge pull request #14530 from owncloud/revert-14403
Revert "Updating license headers"
2015-02-27 00:39:29 -08:00
Morris Jobke 06aef4e8b1 Revert "Updating license headers"
This reverts commit 6a1a4880f0.
2015-02-26 11:37:37 +01:00
Lukas Reschke 5bb0889b30 Remove uneeded assignment
'files' is neither used in the controller or the template
2015-02-24 19:50:23 +01:00
Jenkins for ownCloud 6a1a4880f0 Updating license headers 2015-02-23 12:13:59 +01:00
Vincent Petry 837365fff2 Merge pull request #14210 from owncloud/activity/225-sharing-extension-jenkins
Activity/225 sharing extension
2015-02-18 14:46:58 +01:00
Joas Schilling 0833a6e332 Correctly create activities for public downloads 2015-02-17 17:26:03 +01:00
Joas Schilling b768a70616 Use filterNotificationTypes to filter the types and group the methods 2015-02-13 11:30:36 +01:00
Joas Schilling 9ccfbc14f6 Copy sharing related activity code to Files_Sharing activity extension 2015-02-13 11:16:43 +01:00
Morris Jobke 1bb6de7c1b Merge pull request #13425 from owncloud/phpdoc_cleanup
Cleanup of PHPDoc return types
2015-02-10 01:14:00 +01:00
Lukas Reschke a67627140c Revert "Add OCS sharing info to capabilities" 2015-02-07 00:12:26 +01:00
Roeland Jago Douma 3be3e20c0f Bit better formatting when using json output 2015-02-06 10:55:33 +01:00
Roeland Jago Douma d4e361db44 Updated sharing capabilities
Moved to files_sharing
Added more capabilities.
Tried to order to capabilities more OO style
2015-02-06 10:33:08 +01:00
Roeland Jago Douma 0452fde212 Converted getCapabilities to non static function 2015-02-04 14:56:31 +01:00
Roeland Jago Douma 4801d9c02a Use single quotes 2015-02-04 14:56:31 +01:00
Roeland Jago Douma ea1f726b7d Only return capabilities if they are set 2015-02-04 14:56:31 +01:00
Roeland Jago Douma b3ea849a87 Added capabilities whether a server allows public links
This fixes #13673.
It now lists link sharing, passwords enforced, and if public uploads are
allowed.
2015-02-04 14:56:31 +01:00
Morris Jobke 87b39e8f03 Merge pull request #13525 from owncloud/s2s-fixscanfileforbrokenstorage
Catch storage exception in scanner for remote shares
2015-01-28 00:31:37 +01:00
Vincent Petry bd888748bd Merge pull request #13490 from owncloud/fix_reshare_s2s_share
use uid provided by setupfs hook to mount server2server shares
2015-01-26 19:54:14 +01:00
Bjoern Schiessle 5ba19ba7fc certificate manager should always use a \OC\Files\View otherwise we will get problems for different primary storages 2015-01-26 16:58:52 +01:00
Bjoern Schiessle 67da1f7e5a certificate manager only needs the user-id, no need to pass on the complete user object 2015-01-26 16:58:52 +01:00
Bjoern Schiessle 66f0db30b2 use uid provided by setupfs hook to mount server2server shares, otherwise mount will fail for public link shares 2015-01-26 16:54:50 +01:00
Vincent Petry d5b61f9afe Prevent double slash in shareinfo request URL 2015-01-26 16:19:38 +01:00
Vincent Petry f6e644b43f Catch storage exception in scanner for remote shares
Whenever an exception occurs during scan of a remote share, the share is
checked for availability. If the storage is gone, it will be removed
automatically.

Also, getDirectoryContent() will now skip unavailable storages.
2015-01-26 13:59:49 +01:00
Bjoern Schiessle 73a058e301 by default send mail for new server-to-server share 2015-01-23 21:59:07 +01:00
Bjoern Schiessle 7216983a08 delete all server-to-server shares if a user gets deleted 2015-01-21 17:11:34 +01:00
Thomas Müller 8ba42abbe4 Merge pull request #13432 from owncloud/animate_gifs_public_sharing
show animated gifs on public sharing page
2015-01-21 17:09:46 +01:00
Vincent Petry 9fbdd1072e Fix webdav mkdir for remote shares 2015-01-21 15:14:57 +01:00
Thomas Müller 87a754c72e avoid $this->cache being null - fixes #13491 2015-01-20 12:38:54 +01:00
Georg Ehrke 374ddbff55 show animated gifs on public sharing page 2015-01-19 16:20:06 +01:00
Robin McCorkell 2b99fc76ec Cleanup of PHPDoc return types 2015-01-16 20:30:43 +00:00
Morris Jobke 9b7c1a0093 Merge pull request #13347 from owncloud/share-scanpermissionsfromsource
Use source storage permissions when scanning shared storage
2015-01-15 11:15:15 +01:00
Robin McCorkell 9d0915013b Merge pull request #13352 from owncloud/hhvm-array-key
HHVM: Do not use key() on array as the result depends on the internal array pointer.
2015-01-15 01:06:45 +00:00
Andreas Fischer b4a52e889a Do not use key() on array as the result depends on the internal array pointer. 2015-01-15 00:48:10 +01:00
Vincent Petry a9f0582e3e Use source storage permissions when scanning shared storage 2015-01-14 18:11:23 +01:00
Thomas Müller 25806346c2 remove deprecated code - fixes #13119 2015-01-14 13:56:49 +01:00
Bjoern Schiessle d50e70ba3a set accept to 1 (=true) for all server-to-server shares on update, at this point in time all shares are created by the first version of server-to-server sharing and are accepted if they were added to the table 2015-01-13 17:24:00 +01:00
Vincent Petry 01c83158bb Fix source path when share is a mount point
Whenever an external storage mount point is shared directly, its path is
empty which causes a leading slash to appear in the source path.

This fix removes the bogus leading slash in such situation.
2015-01-08 11:46:11 +01:00
Joas Schilling 70dcebbf92 Correctly return false when translating a foreign activity 2015-01-07 15:02:25 +01:00
Bjoern Schiessle 8c48be453e only send activity if we have a valid path and the file is readable 2014-12-23 13:32:54 +01:00
Robin Appelman 3afcc71764 Make sure the path passed to the activity manager is normalized 2014-12-22 18:50:00 +01:00
Bjoern Schiessle 393deb5961 add activity if public shared file/folder was downloaded 2014-12-22 18:50:00 +01:00
Morris Jobke 510488ad3e Merge pull request #12942 from owncloud/favs-missingsharedsubdirs
Fix issues with searchByTag in shared storage
2014-12-21 10:38:34 +01:00
Bjoern Schiessle 24993280ed Next step in server-to-server sharing next generation, see #12285
Beside some small improvements and bug fixes this will probably the final state for OC8.

To test this you need to set up two ownCloud instances. Let's say:

URL: myPC/firstOwnCloud user: user1
URL: myPC/secondOwnCloud user: user2
Now user1 can share a file with user2 by entering the username and the URL to the second ownCloud to the share-drop-down, in this case "user2@myPC/secondOwnCloud".

The next time user2 login he will get a notification that he received a server-to-server share with the option to accept/decline it. If he accept it the share will be mounted. In both cases a event will be send back to user1 and add a notification to the activity stream that the share was accepted/declined.

If user1 decides to unshare the file again from user2 the share will automatically be removed from the second ownCloud server and user2 will see a notification in his activity stream that user1@myPC/firstOwnCloud has unshared the file/folder from him.
2014-12-19 15:20:24 +01:00
Jörn Friedrich Dreyer 49318b4d93 Merge pull request #12896 from owncloud/drop-deprecated
first step to drop \OCP\Config:: in favour of IConfig
2014-12-18 23:01:49 +01:00
Vincent Petry 11b3aa2dbe Fix issues with searchByTag in shared storage 2014-12-18 17:27:56 +01:00
Robin Appelman e656af4c83 Root always exists 2014-12-17 16:09:41 +01:00
Morris Jobke d41082f4d6 first step to drop \OCP\Config:: in favour of IConfig 2014-12-17 11:12:37 +01:00
Vincent Petry 4b57892c4e Merge pull request #12778 from owncloud/searchbytags2
Added searchByTags to view, storage and cache
2014-12-12 14:27:19 +01:00
Joas Schilling 46def69574 Specify list of activity parameters for sharing extension 2014-12-12 11:41:01 +01:00
Vincent Petry 15ecb28d50 Make $userId mandatory for searchByTags
$userId is now a mandatory parameter for searchByTags.

Also fixed some places in the code where the argument was missing (Node
API and View)
2014-12-12 11:18:35 +01:00
Vincent Petry 25dde7e93b Added searchByTags to view, storage and cache 2014-12-11 17:38:50 +01:00
Morris Jobke 3026cdbc80 Merge pull request #12549 from owncloud/shared-cache-non-existing
Dont return cached date in shared cache when the file doesn't exist
2014-12-10 08:49:40 +01:00
Lukas Reschke 25a87d4058 Merge pull request #12577 from owncloud/public-mount-api
Add a public api for apps to add mounts
2014-12-08 22:57:33 +01:00
Robin Appelman f4701d7721 Add public api for mount configurations 2014-12-04 16:47:27 +01:00
Bjoern Schiessle 698ecbf308 OCS API for server-to-server sharing 2014-12-04 13:18:13 +01:00
Robin Appelman ce10b93519 Dont return cached date in shared cache when the file doesn't exist 2014-12-02 15:28:11 +01:00
Morris Jobke c5fa8f1bdc Merge pull request #12421 from owncloud/issue/6101-remove-namespace-permission-constants
Issue/6101 remove namespace permission constants
2014-11-26 08:31:23 +01:00
Thomas Müller e6a7022037 Merge pull request #12410 from owncloud/no_session_for_public_share_key
don't store private public-share-key in session
2014-11-25 22:26:40 +01:00
Joas Schilling 2c39aec8cb Replace deprecated constant with new class constant 2014-11-25 16:30:21 +01:00
Bjoern Schiessle 1d33503487 we no longer need to keep the session open for encryption 2014-11-25 13:37:11 +01:00
Morris Jobke 6fb2477fb7 Merge pull request #12262 from owncloud/removeAbsoluteDirectoryPathFromTemplate
Don't disclose relative directory path for single shared files of user
2014-11-25 10:09:16 +01:00
Lukas Reschke 8589079590 Close session only if encryption app is not enabled
Fixes https://github.com/owncloud/core/issues/12389
2014-11-24 15:02:49 +01:00
Bjoern Schiessle a7ebfe87c9 also check for the correct owner if it was submitted 2014-11-21 16:17:37 +01:00
Thomas Müller cbb9caf030 Merge pull request #12226 from owncloud/remove-phpass
Remove phpass and migrate to new Hasher interface
2014-11-20 14:59:59 +01:00
Lukas Reschke a6ebb17610 Remove unused variable and make Scrutinizer happy. 2014-11-18 18:52:00 +01:00
Lukas Reschke f3ab4f3faf Don't disclose relative directory path for single shared files of user
The "dir" key is used within the public sharing template to indicate in which directory the user currently is when sharing a directory with subdirectories. This is needed by the JS scripts.

However, when not accessing a directory then "dir" was set to the relative path of the file (from the user's home directory), meaning that for every public shared file the sharee can see the path.
(For example if you share the file "foo.txt" from "finances/topsecret/" the sharee would still see the path "finances/topsecret/" from the shared HTML template)

This is not the excpected behaviour and can be considered a privacy problem, this patch addresses this by setting "dir" to an empty key.
2014-11-18 18:51:57 +01:00
Lukas Reschke 1b85f40cbe $file only contains the filename and not the absolute path, that means that files in a subdirectory will not get properly resolved and an empty filesize is returned.
This feature only exists on master.
2014-11-18 17:14:26 +01:00
Lukas Reschke 8595b76df2 Remove phpass and migrate to new Hasher interface
This PR removes phpass and migrates to the new Hasher interface.

Please notice that due to https://github.com/owncloud/core/issues/10671 old hashes are not updated but the hashes are backwards compatible so this shouldn't hurt.
Once the sharing classes have a possibility to update the passwords of single shares those methods should be used within the newHash if block.
2014-11-17 13:39:13 +01:00
Vincent Cloutier fad621140b Added download size on public sharing 2014-11-14 16:26:59 +01:00
Lukas Reschke 988c85d292 Refactor file sharing public link handling
fixes download issue introduced by #10755

Conflicts:
	apps/files_sharing/public.php
2014-11-14 16:26:59 +01:00
Robin Appelman 7ecd220715 Setup shared mounts for the correct user when setting up the filesystem for the non-logged in user 2014-11-06 18:31:40 +01:00
Vincent Petry ee6d8c9d58 Store curl error message directly 2014-11-04 17:37:15 +01:00
Vincent Petry 768f3979e0 Check for cert bundle existence before using it 2014-11-04 16:44:42 +01:00
Vincent Petry 106b9eb55c Merge pull request #11409 from owncloud/watcher-reuse
Pass the cached data to the filesystem watcher
2014-10-29 16:38:16 +01:00
Vincent Petry f44e617dfd Fix warning with unset extension check 2014-10-29 12:56:49 +01:00
Robin Appelman 4438c7de1d Fix shared cache getFolderContents 2014-10-24 12:32:55 +02:00
Robin Appelman 6ed9f53fcd also update shared watcher 2014-10-24 12:32:55 +02:00
Bjoern Schiessle 527e1d001f try to get path from filesystem 2014-10-10 14:47:41 +02:00