Commit Graph

523 Commits

Author SHA1 Message Date
John Molakvoæ 50f6015821
Merge pull request #9680 from nextcloud/dependabot/npm_and_yarn/build/karma-viewport-tw-1.0.2
Update karma-viewport requirement to ^1.0.2 in /build
2018-05-30 13:21:43 +02:00
dependabot[bot] 4d78f2e45b
Update karma-viewport requirement to ^1.0.2 in /build
Updates the requirements on [karma-viewport](https://github.com/squidfunk/karma-viewport) to permit the latest version.
- [Release notes](https://github.com/squidfunk/karma-viewport/releases)
- [Changelog](https://github.com/squidfunk/karma-viewport/blob/master/CHANGELOG)
- [Commits](https://github.com/squidfunk/karma-viewport/commits/1.0.2)

Signed-off-by: dependabot[bot] <support@dependabot.com>
2018-05-30 10:00:57 +00:00
dependabot[bot] d7f725008f
Update karma requirement to ^2.0.2 in /build
Updates the requirements on [karma](https://github.com/karma-runner/karma) to permit the latest version.
- [Release notes](https://github.com/karma-runner/karma/releases)
- [Changelog](https://github.com/karma-runner/karma/blob/master/CHANGELOG.md)
- [Commits](https://github.com/karma-runner/karma/commits/v2.0.2)

Signed-off-by: dependabot[bot] <support@dependabot.com>
2018-05-30 10:00:50 +00:00
Julius Härtl 20b0658ff6
Merge pull request #9685 from nextcloud/dependabot/npm_and_yarn/build/node-sass-approx-4.9.0
Update node-sass requirement to ~4.9.0 in /build
2018-05-30 11:59:16 +02:00
Morris Jobke 69d633c403
Merge pull request #9679 from nextcloud/dependabot/npm_and_yarn/build/jsdoc-approx-3.5.5
Update jsdoc requirement to ~3.5.5 in /build
2018-05-30 11:35:28 +02:00
dependabot[bot] 81ccf33db4
Update guzzlehttp/guzzle requirement to 6.3.3 in /build/integration
Updates the requirements on [guzzlehttp/guzzle](https://github.com/guzzle/guzzle) to permit the latest version.
- [Release notes](https://github.com/guzzle/guzzle/releases)
- [Changelog](https://github.com/guzzle/guzzle/blob/master/CHANGELOG.md)
- [Commits](https://github.com/guzzle/guzzle/commits/6.3.3)

Signed-off-by: dependabot[bot] <support@dependabot.com>
2018-05-30 09:34:25 +00:00
dependabot[bot] 04764cf568
Update node-sass requirement to ~4.9.0 in /build
Updates the requirements on [node-sass](https://github.com/sass/node-sass) to permit the latest version.
- [Release notes](https://github.com/sass/node-sass/releases)
- [Changelog](https://github.com/sass/node-sass/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sass/node-sass/commits/v4.9.0)

Signed-off-by: dependabot[bot] <support@dependabot.com>
2018-05-30 08:23:54 +00:00
dependabot[bot] fd107bc0e5
Update jsdoc requirement to ~3.5.5 in /build
Updates the requirements on [jsdoc](https://github.com/jsdoc3/jsdoc) to permit the latest version.
- [Release notes](https://github.com/jsdoc3/jsdoc/releases)
- [Changelog](https://github.com/jsdoc3/jsdoc/blob/master/CHANGES.md)
- [Commits](https://github.com/jsdoc3/jsdoc/commits/3.5.5)

Signed-off-by: dependabot[bot] <support@dependabot.com>
2018-05-30 08:23:35 +00:00
dependabot[bot] 354cac145c
Update sabre/dav requirement to 3.2.2 in /build/integration
Updates the requirements on [sabre/dav](https://github.com/sabre-io/dav) to permit the latest version.
- [Release notes](https://github.com/sabre-io/dav/releases)
- [Changelog](https://github.com/sabre-io/dav/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sabre-io/dav/commits/3.2.2)

Signed-off-by: dependabot[bot] <support@dependabot.com>
2018-05-30 08:23:11 +00:00
Daniel Calviño Sánchez 268a92731f Limit Sinon version to 5.0.7 at most
When using fake servers with Sinon.JS, the JavaScript test framework,
the XHR objects are also fake. In Sinon 5.0.8 the "setRequestHeader" of
XMLHttpRequest was modified to normalize the header values (as requested
by the spec), but since then only string values are accepted; null or
integer values can no longer be passed to "setRequestHeader", as it
expects the "replace" function to be available in the object. However,
in the tests null and integer values are passed to "setRequestHeader",
which causes them to fail.

Both Firefox and Chromium accept passing non-string values to their
"setRequestHeader" implementation, and it is done, for example, in
davclient.js; it is not clear yet whether Sinon got too restrictive or
the code calling "setRequestHeader" was too loose. Given that
davclient.js is an external dependency, as a temporary measure Sinon
version is forced to be 5.0.7 at most until either Sinon or davclient.js
are updated.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-05-28 08:06:20 +02:00
Roeland Jago Douma b3aec38e5e
Remove .lgtm file
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-23 14:49:22 +02:00
Morris Jobke 6d5f4432cd
Merge pull request #9313 from nextcloud/phan-check-php-doc
Check doc block signature to match the specified return type
2018-05-07 15:45:41 +02:00
Guillaume Boudreau eb97035312
Resolves warnings in Chrome Dev Console:
"DevTools failed to parse SourceMap: .../core/vendor/..."
2018-04-29 09:29:56 -04:00
Morris Jobke 13b503a1a4
Check doc block signature to match the specified return type
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-04-26 14:35:24 +02:00
Lukas Reschke 3aaa2307e9
Improve phan config
* exclude routes

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-04-26 11:51:05 +02:00
Morris Jobke 1bc192fbd4
Merge pull request #9203 from nextcloud/declare-func-as-safe
Declare func() as safe method in phan
2018-04-17 13:45:27 +02:00
Morris Jobke 1f06bc246c
Declare func() as safe method in phan
We added a special `func()` method to the query builder, which is a plain text function by definition. It uses the string and does no escaping on purpose. It has the potential for an injection but requiring to add the "supress warning" to all surrounding code makes it harder to spot actual problems, that this plugin want to find. So it's better to only need to check the func() and not all the surrounding code as well.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-04-17 10:58:00 +02:00
John Molakvoæ (skjnldsv) 3e5ea9b0a9
Return proper boolean user enabled state api
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-04-16 15:17:02 +02:00
Morris Jobke 2c15f4003e
Add auth token to github requests
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-04-11 15:15:49 +02:00
Daniel Calviño Sánchez 1d7bf328f8
Make possible to provide "--tags=XXX" parameter to Behat
"--tags=XXX" limits the features or scenarios to be run to those
matching the tag filter expression.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-04-06 15:59:31 +02:00
Daniel Calviño Sánchez 65bc12960f
Add integration tests for zip32/zip64 boundaries of number of files
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-04-06 15:59:31 +02:00
Daniel Calviño Sánchez 6ee5469a03
Add integration tests for downloading basic zip files
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-04-06 15:59:31 +02:00
Daniel Calviño Sánchez 5a7986c25d
Fix use of data directory in integration tests
The data directory is not necessarily located at "../..". The proper
directory is now got by running "php console.php config:system:get
datadirectory".

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-04-06 15:59:30 +02:00
John Molakvoæ (skjnldsv) 762002ec2e
Fixed tests
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-04-05 17:11:41 +02:00
Morris Jobke 612e875f60
Merge pull request #8355 from nextcloud/fix-comments-num-index
Fix comments (and systemtags) when involving users with numerical ids
2018-02-26 17:12:57 +01:00
Morris Jobke 24f96513fd
Merge pull request #8259 from nextcloud/guzzle6
update guzzlehttp/guzzle to 6.3.0
2018-02-14 22:26:19 +01:00
Arthur Schiwon 011dab246d
tests for systemtags related to numeric user ids
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-02-14 17:02:35 +01:00
Arthur Schiwon a5a0a938f2
test creating comments with numeric user ids
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-02-14 14:39:10 +01:00
Robin Appelman a815185bb4
fix redundant namespace
Signed-off-by: Robin Appelman <robin@icewind.nl>
2018-02-12 15:41:23 +01:00
Robin Appelman 359ccbc023
Adjust integration tests to new guzzle
Signed-off-by: Robin Appelman <robin@icewind.nl>
2018-02-09 17:13:30 +01:00
Morris Jobke 23f9ef54e3
Remove old perl script to update l10n files
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-02-08 18:21:14 +01:00
Roeland Jago Douma c715045749
Fix CI after Code of Conduct merge
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-10 11:03:12 +01:00
Morris Jobke 876238ce8b
Merge pull request #7533 from nextcloud/oc-28545-handle-oc-total-length-in-new-chunking
[oc] Handle OC-Total-Length in new chunking
2018-01-03 16:18:24 +01:00
Thomas Müller 74df27b7a7 Add integration tests for length header on new chunking
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-12-15 14:46:44 +01:00
Daniel Calviño Sánchez 173f28a09d Add unit tests for the navigation bar slide gesture
The slide gesture is enabled or disabled depending on the width of the
browser window. In order to easily control that width the karma-viewport
plugin is now used in the unit tests.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-12-14 19:17:40 +01:00
Robin Appelman 74b5ce8fd4
Some tests for the remote cloud api
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-12-08 16:34:33 +01:00
Morris Jobke 4b73ddc9ce
Merge pull request #6437 from nextcloud/support-mail-send-in-share
Add support for `\OCP\Share\IShare::getMailSend` back
2017-11-27 11:29:38 +01:00
Morris Jobke a51a8fbcaf
Federation actually sends an email via Share 2.0
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-27 10:54:40 +01:00
Morris Jobke c930f70b52
Harden phan checks to catch more errors
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-27 07:53:56 +01:00
Björn Schießle f347e2e4a6
Merge pull request #7047 from nextcloud/add-support-for-files-with-no-permissions
Add support for files with no permissions
2017-11-20 16:15:52 +01:00
Julius Härtl 7006b739b0
Remove brackets for invalid mail addresses when updating the license header
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-11-07 10:50:42 +01:00
Morris Jobke 31c5c2a592
Change @georgehrke's email
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 20:38:59 +01:00
Morris Jobke 0eebff152a
Update license headers
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 16:56:19 +01:00
Daniel Calviño Sánchez 555d582f35 Return whether the file is readable or not in the DAV permissions
Until now it was safe to assume that every file was readable by its
owner, so there was no need to return whether the file was readable or
not. However, with the introduction of end to end encryption that is no
longer the case, and it is now necessary to explicitly provide that
information.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-11-02 19:37:00 +01:00
Roeland Jago Douma 2f36744aff
Update phan config
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-10-24 20:40:14 +02:00
Roeland Jago Douma ab20a64ed4
DAV Autoloader
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-10-24 20:40:11 +02:00
Roeland Jago Douma 112b0d57a8
Comments Autoloader
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-10-24 20:40:11 +02:00
Roeland Jago Douma ce7c9dfe8a
Admin Audit autoloader
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-10-24 20:40:09 +02:00
Roeland Jago Douma ff9f325677
Ignore composer stuff in phan
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-10-17 22:22:36 +02:00
Roeland Jago Douma 5d7d96dc45
Update autoload checker
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-10-17 21:55:06 +02:00
Roeland Jago Douma 17bd2fb268
Phan is moved to a new repo
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-10-16 16:23:55 +02:00
Robin Appelman f0c7b8f264
show diff in autoload checker
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-09-18 17:20:08 +02:00
Joas Schilling 242c9ee06c
No more root file
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-07-25 12:47:39 +02:00
Roeland Jago Douma 02b9388fc6
Move image-optimization.sh to build dir
* We should not ship this!

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-07-24 08:08:18 +02:00
Lukas Reschke 3d2600b039
Add Phan plugin to check for SQL injections
This adds a phan plugin which checks for SQL injections on code using our QueryBuilder, while it isn't perfect it should already catch most potential issues.

As always, static analysis will sometimes have false positives and this is also here the case. So in some cases the analyzer just doesn't know if something is potential user input or not, thus I had to add some `@suppress SqlInjectionChecker` in front of those potential injections.

The Phan plugin hasn't the most awesome code but it works and I also added a file with test cases.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-20 22:48:13 +02:00
Lukas Reschke 591aaa4154
Add workaround for https://github.com/etsy/phan/issues/1033
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-19 11:08:43 +02:00
Lukas Reschke d8ec399454
Run phan over code base
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-19 10:28:11 +02:00
Morris Jobke 844e7b03b4 Add test to check if new files are added to the root of the repository
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-07-12 11:52:42 +02:00
Lukas Reschke 633396001f
Prevent sending second WWW-Authenticate header
Overrides \Sabre\DAV\Auth\Backend\AbstractBearer::challenge to prevent sending a second WWW-Authenticate header which is standard-compliant but most DAV clients simply fail hard.

Fixes https://github.com/nextcloud/server/issues/5088

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-06-13 13:54:52 +02:00
Lukas Reschke b8de3f40ee
Bearer comes first on the new endpoint
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 21:57:07 +02:00
Lukas Reschke 639ba526d0
Adjust realm from SabreDAV to Nextcloud
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 21:38:55 +02:00
Lukas Reschke f93db724d7
Make legacy DAV backend use the BearerAuth backend as well
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 21:19:39 +02:00
Lukas Reschke 538112181f
Add additional test for accessing DAV using Bearer Auth
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 20:49:11 +02:00
Lukas Reschke f2a01e1b08
Use a standardized Bearer now
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 20:49:10 +02:00
Lukas Reschke a4116220cb
Add app to autoenabled provisioning API scenario
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 20:49:08 +02:00
Morris Jobke 692e056df9 Extract app name and navigation entries for l10n
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-05-08 23:24:28 -05:00
Morris Jobke 865cd487c4
Split up sharing-v1-part2.feature to avoid timeouts
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-05-02 12:55:29 -03:00
Vincent Petry d379b197d5
Fix forbidden backslash DAV integration tests 2017-04-26 15:47:59 +02:00
Sergio Bertolin a761d4cce7
Added test cases from core 16825 2017-04-26 15:29:01 +02:00
Vincent Petry 9bff66e68d
Simplified new endpoint move test 2017-04-26 15:27:02 +02:00
Vincent Petry c30feafaa2
Added case when final chunk move must not change file id 2017-04-26 15:26:15 +02:00
Sergio Bertolin 9ab17c95c0
Added test about checking file id after a move 2017-04-26 15:24:19 +02:00
Morris Jobke 51da0442d9 Merge pull request #4494 from nextcloud/fix-jsunit
Fix JS unit failure because of Jasmine 2.6 and the phantomjs launcher
2017-04-25 12:45:52 -03:00
Morris Jobke dd5dbe3ebd
Fix JS unit failure because of Jasmine 2.6 and the phantomjs launcher
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-25 10:26:46 -03:00
Joas Schilling 7ea492b69a
Loop over the apps directory and add the task
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-25 14:35:51 +02:00
Joas Schilling dee2c8d23b
Check whether we can json decode the translations
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-25 11:01:34 +02:00
Lukas Reschke 66835476b5
Add support for ratelimiting via annotations
This allows adding rate limiting via annotations to controllers, as one example:

```
@UserRateThrottle(limit=5, period=100)
@AnonRateThrottle(limit=1, period=100)
```

Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 12:00:16 +02:00
Morris Jobke 4cf4d2f27e
Favorites integration tests for shared files
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-12 11:44:57 -05:00
Joas Schilling bd37021587
Fix casing of same origin frame option
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-12 12:37:32 +02:00
Vincent Petry d1081e7940
Add integration test for trashbin
Add test for basic deletion.
Add test when deleting from shared folder as recipient.
Add test to check that metadata stays when moving out of shared folder
as recipient.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-11 14:59:21 -05:00
Lukas Reschke 4cf61481e5
Clear opcode cache after config change
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-11 18:57:40 +02:00
Lukas Reschke b882f65fbb
Add integration tests
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-11 01:39:54 +02:00
Morris Jobke 4c60360bf7 Merge pull request #4221 from nextcloud/provisioning-api-for-account-info
Allow to change account info via provisioning api
2017-04-07 12:48:44 -05:00
Joas Schilling 3d628783d9
Allow to change account info via provisioning api
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-07 12:50:47 +02:00
Morris Jobke b084ceec3d Merge pull request #4224 from nextcloud/dont-list-on-public-calendar-endpoint
Don't list on public calendar endpoints
2017-04-05 20:55:39 -05:00
Lukas Reschke 63288ebc50
Don't list on public calendar endpoints
There is no need to allow listing here.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-05 22:43:05 +02:00
Lukas Reschke 1d3e391ad8
Add integration tests for token auth
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-05 17:58:33 +02:00
Roeland Jago Douma 04fc00fcdf
mergejs should print a newline between imports
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-31 17:06:38 +02:00
Robin Appelman 7d4c4224d1
fix setup of external storage integration tests
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-03-30 17:16:59 +02:00
Morris Jobke f9bc53146d
Fix unit tests
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-28 21:00:12 -06:00
Morris Jobke 6901b28f07
Split long running features/sharing-v1.feature into two smaller parts
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-28 16:46:56 -06:00
Roeland Jago Douma 4821c00ea8 Merge pull request #4004 from nextcloud/backport-27172
Remove SharedCache::getNumericStorageId to let CacheWrapper do it
2017-03-28 21:56:44 +02:00
Vincent Petry c54091d43b
Use authType BASIC for Sabre client in integration tests
This helps massively reduce the numerous useless 401 exceptions that
appears in the test log. These appear only because Sabre first connects
without any auth type to receive the challenge and then sends the
authentication data.

With this change it will directly use basic auth.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-24 12:40:14 -06:00
Lukas Reschke f94bc6f8bb Merge pull request #4013 from nextcloud/bundle_vendor_js
Bundle vendor js
2017-03-24 10:49:57 +01:00
Morris Jobke 9bd4c406e3
also install sinon
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-23 23:42:54 -06:00
Vincent Petry 46a32045d7
Update karma, use sinon from npm
Update karma library and use sinon JS library provided by
karma-jasmine-sinon instead of local file.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-23 23:35:41 -06:00
Morris Jobke 49d0507f5d Merge pull request #3879 from nextcloud/downstream-26915
Added integration tests for sharees using v2.php
2017-03-23 16:12:24 -06:00
Morris Jobke d2654c8aea Merge pull request #3965 from nextcloud/downstream-27343
Providing --path option to transfer-ownership
2017-03-23 15:20:53 -06:00
Roeland Jago Douma 588f47d498
Add CI step to verify merged vendor js
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-23 13:40:30 +01:00
Roeland Jago Douma eda98ed3df
Merge vendor js
There is a bunch of javascript we always load from vendors. This
combines this into 1 javascript file. Which reduces the number of
request by ~10.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-23 13:40:23 +01:00