cleanup files, address review
Fix CleanupRemoteStoragesTest tests
Fix test expectation.
Added files count to check filecache deletion.
Sort by numeric id for deterministic test results
Removed precise order test and added storage check
Remove inaccurate removal message check which has a different order on
Oracle.
Added more checks to confirm that existing storages still exist.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Fixed failing test which was ignoring a required (not null) column
* restored test to original, catching DriverException which also catches ConstraintViolationException
* catch ConstraintViolationException again
* removed unnecessary field from this test
* clobfield should be nullable
* clobfield now is nullable
* removed autoincrement since whenever this strategy is enabled, oracle would not throw constraint violation exceptions (needed for setValues), which mysql still does
* this field does not auto increment anymore
* mark integerfield as primary, since it is not getting marked as such through auto increment anymore,
integerfield default always has been 0 instead of null
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Usually Backbone collections cannot be created and just simply exists.
But in the Webdav world they need to be creatable.
This enhancement makes it possible to use a Backbone Model to represent
such collections and when creating it, it will use MKCOL instead of PUT.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Whenever a user was deleted for encryption where the keys are stored in
the home, we can ignore user existence exceptions because it means the
keys are already gone.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Skip null groups in group manager (#26871)
* Skip null groups in group manager
* Also skip null groups in group manager's search function
* Add more group null checks in sharing code
* Add unit tests for null group safety in group manager
* Add unit tests for sharing code null group checks
* Added tests for null groups handling in sharing code
* Ignore moveShare optional repair in mount provider
In some cases, data is inconsistent in the oc_share table due to legacy
data. The mount provider might attempt to make it consistent but if the
target group does not exist any more it cannot work. In such case we
simply ignore the exception as it is not critical. Keeping the
exception would break user accounts as they would be unable to use
their filesystem.
* Adjust null group handing + tests
* Fix new group manager tests
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
The background job that scans storages must skip failed storages to
avoid potential exceptions, especially when the failed storage comes
from a shared storage where the source is not accessible.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Add test for basic deletion.
Add test when deleting from shared folder as recipient.
Add test to check that metadata stays when moving out of shared folder
as recipient.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Many API callers will call unlink even for directories and it can mess
up with some wrappers like the encryption wrapper
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Disable execution of eval in jQuery. We do require an allowed eval CSP
configuration at the moment for handlebars et al. But for jQuery there is
not much of a reason to execute JavaScript directly via eval.
This thus mitigates some unexpected XSS vectors. As example try to insert
`$('.fileinfo').html('<a href="asd"><script>alert(1)</script></a>');`
with and without this patch in your browsers JS console when the file list
is opened.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
The constructor is iniitiated already very early in base.php, thus requiring this here will break the setup and some more. For now we probably have to live with a static function call here thus.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
This mitigates issues where developers pass untrusted user-input through t() which may lead to XSS issues.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Roeland Jago Douma
Jörn Friedrich Dreyer
Philipp Schaffrath
Vincent Petry
Markus Goetz
Morris Jobke
Nextcloud bot
Lukas Reschke
Joas Schilling
Roeland Jago Douma
Julius Haertl
Ko-