Commit Graph

199 Commits

Author SHA1 Message Date
Lukas Reschke 476579b9c6 Fix WebDAV auth for session authentication only
\Sabre\DAV\Auth\Backend\AbstractBasic::authenticate was only calling \OC_Connector_Sabre_Auth::validateUserPass when the response of \Sabre\HTTP\BasicAuth::getUserPass was not null.

However, there is a case where the value can be null and the user could be authenticated anyways: The authentication via ownCloud web-interface and then accessing WebDAV resources. This was not possible anymore with this patch because it never reached the code path in this scenario.

This patchs allows authenticating with a session without isDavAuthenticated value stored (this is for ugly WebDAV clients that send the cookie in any case) and thus the functionality should work again.

To test this go to the admin settings and test if the WebDAV check works fine. Furthermore all the usual stuff (WebDAV / Shibboleth / etc...) needs testing as well.
2015-01-20 10:03:14 +01:00
Lukas Reschke 730460c9fa Close session properly 2015-01-19 16:25:44 +01:00
Lukas Reschke dfbc405a45 Prioritise Basic Auth header over Cookie
There are a lot of clients that support multiple WebDAV accounts in the same application. However, they resent all the cookies they received from one of the accounts also to the other one. In the case of ownCloud this means that we will always show the user from the session and not the user that is specified in the basic authentication header.

This patch adds a workaround the following way:

1. If the user authenticates via the Sabre Auth Connector add a hint to the session that this was authorized via Basic Auth (this is to prevent logout CSRF)
2. If the request contains this hint and the username specified in the basic auth header differs from the one in the session relogin the user using basic auth

Fixes https://github.com/owncloud/core/issues/11400 and https://github.com/owncloud/core/issues/13245 and probably some other issues as well.

This requires proper testing also considering LDAP / Shibboleth and whatever instances.
2015-01-17 13:29:07 +01:00
Thomas Müller 5f171618fd remove unused variable and fix undefined variable 2015-01-08 09:46:40 +01:00
Vincent Petry 2e57fe93e4 Disable part files for OC ext storage backend + s2s backend
When uploading files to an OC ext storage backend or when using server
to server sharing storage, part files aren't needed because the backend
already has its own part files and takes care of the final atomic rename
operation.

This also fixes issues when using two encrypted ownCloud instances where
one mounts the other either as external storage (ownCloud backend) or
through server to server sharing.
2015-01-07 21:21:51 +01:00
Chris Wilson 402a3ed146 Improve debugging for ServiceUnavailable exceptions
I was getting a lot of these in my logs for no apparent reason, and file
uploads were failing:

	{"app":"webdav","message":"Sabre\\DAV\\Exception\\ServiceUnavailable: ","level":4,"time":"2015-01-06T15:33:39+00:00"}

In order to debug it, I had to add unique messages to all the places where
this exception was thrown, to identify which one it was, and that made the
logs much more useful:

	{"app":"webdav","message":"Sabre\\DAV\\Exception\\ServiceUnavailable: Encryption is disabled","level":4,"time":"2015-01-06T15:36:47+00:00"}
2015-01-06 15:59:38 +00:00
Lukas Reschke 0ed00bca43 Use namespace 2015-01-05 09:54:14 +01:00
Lukas Reschke 556c9b6f46 Write unit-tests and use DI 2015-01-05 09:54:12 +01:00
Lukas Reschke f2ddd565e8 Fix code-style 2015-01-05 09:53:01 +01:00
derkostka deedfad050 fix "app":"PHP","message":"Undefined variable: user at/principal.php#66"
changed variable #user to #name
2015-01-04 17:07:33 +01:00
Thomas Müller 81243b0f5d adding getDirectDownload() to Wrapper 2014-12-28 17:17:14 +01:00
Thomas Müller 5b00bc1d6e Adding basement for the direct download url 2014-12-28 17:17:14 +01:00
Morris Jobke 39d6ddd38a Merge pull request #12865 from owncloud/files-tags-webdav
Returns tags through WebDAV
2014-12-19 09:33:28 +01:00
Vincent Petry 6224e29f25 Fix code style issues for tags plugin 2014-12-18 16:43:00 +01:00
Vincent Petry 3c67900421 Remove obsolete method 2014-12-18 16:04:36 +01:00
Vincent Petry 0b3f0716fc Returns and update tags through WebDAV PROPFIND and PROPPATCH
Added oc:tags and oc:favorites in PROPFIND response.
It is possible to update them with PROPPATCH.
These properties are optional which means they need to be requested
explicitly
2014-12-17 16:50:35 +01:00
Robin Appelman fd85424742 Add getMountPoint to FileInfo 2014-12-17 14:03:50 +01:00
Joas Schilling 78a307995c Fix namespace of Files_Encryption outside of the app 2014-12-09 09:47:26 +01:00
Robin Appelman 0b630a37ab Fix type hinting for app manager 2014-11-18 12:22:13 +01:00
Robin Appelman 7cb12d4bff Add sabredav plugin to check if a user has access to an app 2014-11-17 15:50:24 +01:00
Vincent Petry 0b2c24081f Return real mime type on PROPFIND
Return the real (insecure) mime type on PROPFIND
2014-11-11 15:42:50 +01:00
Vincent Petry 9b99c1d6f0 Merge pull request #12072 from owncloud/sabre-convertstoragenotavailableexception-secondtry
Convert StorageNotAvailableException to SabreDAV exception
2014-11-10 12:52:52 +01:00
Vincent Petry cccedf6f30 Convert StorageNotAvailableException to SabreDAV exception
Convert \OCP\Files\StorageNotAvailableException to
\Sabre\DAV\Exception\ServiceUnavailable for every file/directory
operation happening inside of SabreDAV.

This is necessary to avoid having the exception bubble up to remote.php
which would return an exception page instead of an appropriate response.
2014-11-10 12:01:24 +01:00
Bjoern Schiessle a10ae2816e clean up encryption exceptions 2014-11-07 13:48:31 +01:00
Bjoern Schiessle c2a45c1238 throw exception if private key is missing 2014-11-05 13:05:46 +01:00
Morris Jobke 56cf1d9d27 fix odd behaviour 2014-10-31 18:46:47 +01:00
Vincent Petry fd4b97d758 Merge pull request #9044 from owncloud/add-missing-email-principal
adding missing email address for principal
2014-10-31 13:24:42 +01:00
Vincent Petry 21d825ed6c Properly catch 503 storage not available in getQuotaInfo
When doing a PROPFIND on the root and one of the mount points is not
available, the returned quota attributes will now be zero.

This fix prevents the expected exception to make the whole call fail.
2014-10-27 16:27:12 +01:00
libasys cbd130bed0 adding missing email address for principal
* fix #8515
* add mail only if it exists
2014-10-24 11:12:23 +02:00
Robin Appelman 19de425a50 Use the cached fileinfo to get creatable permissions 2014-10-13 13:09:05 +02:00
Robin Appelman 10c350b895 Fix dav permissions for folders without create permissions 2014-09-25 14:01:19 +02:00
Morris Jobke f970c81b1e Merge pull request #11215 from owncloud/dav-throwwhendeletefailed
WebDAV now throws 403 when deletion did not work
2014-09-23 00:49:30 +02:00
Vincent Petry 470c25eff4 WebDAV now throws 403 when deletion did not work
Assume a permission issue whenever a file could not be deleted.

This is because some storages are not able to return permissions, so a
permission denied situation can only be triggered during direct
deletion.
2014-09-22 13:15:17 +02:00
Thomas Müller 8abf786af9 Merge pull request #10499 from owncloud/mkcol-headers-afterbind
Use afterBind to send fileId header for files and directories
2014-09-22 10:02:03 +02:00
scolebrook f31e4066de Conceal or display SabreDAV version number in browser and http response headers. 2014-09-16 13:25:44 +02:00
Thomas Müller 27cd30aa94 content size checks are not valid for LOCK 2014-09-12 09:42:32 +02:00
chli1 712487c861 fix BadRequest error if CONTENT_LENGTH not set
If client does not send content length header on webdav upload (e.g. because the content comes from a stream and its length is not predictable) the put() method should not try to compare the content length value with the actually amount of received data, because this will always fail and results in a BadRequest exception. So the check will only be performed if $_SERVER['CONTENT_LENGTH'] is set.
2014-09-04 13:49:15 +02:00
Clark Tomlinson 0400f7845c Merge pull request #10723 from owncloud/webdav-folder-size
adding new webdav property containing the folder size
2014-09-03 09:07:23 -04:00
Thomas Müller 52dc31e13c Merge pull request #10725 from owncloud/sabredav-etag-master
adding OC-ETag header
2014-09-03 11:21:47 +02:00
Thomas Müller 96a931929e adding OC-ETag header 2014-08-29 12:09:33 +02:00
Thomas Müller 647120fb36 adding new webdav property containing the folder size 2014-08-29 11:39:02 +02:00
Jörn Friedrich Dreyer f551917a3c kill OC::$session
maintain deprecated \OC::$session when getting or setting the session via the server container or UserSession

restore order os OC::$session and OC::$CLI

remove unneded initialization of dummy session

write back session when $useCustomSession is true

log warning when deprecated app is used
2014-08-29 10:22:21 +02:00
Lukas Reschke 92c80dd946 Merge pull request #10518 from owncloud/fix_storage_const_autoload
Fix storage const autoload
2014-08-20 23:23:42 +02:00
Morris Jobke b3b3354809 move to public namespace 2014-08-19 14:05:08 +02:00
Stephan Peijnik 2df52e54d7 Fix STORAGE_* constants usage by moving those constants into \OC\Files\Filesystem.
As constants not defined within a class cannot be automatically found by the
autoloader moving those constants into a class makes them accessible to
code which uses them.

Signed-off-by: Stephan Peijnik <speijnik@anexia-it.com>
2014-08-19 13:55:35 +02:00
Vincent Petry ec274ad40b Use afterBind to send fileId header for files and directories
afterBind is called for both files and directories and is now used to
send the OC-FileId headers.
2014-08-18 18:40:58 +02:00
Vincent Petry cc8c1d8e07 Return whole file if range request cannot be granted due to encryption
Whenenver range headers are set and encryption is enabled, it is not
possible to automatically fseek() to the proper position.

To avoid returning corrupt/invalid data or causing a decryption error,
the range headers are stripped so that the SabreDAV code in httpGet()
returns the whole file.
2014-08-14 15:18:49 +02:00
Thomas Müller 31149fb1c3 adding special handling of checkPrecondition() for chunked upload 2014-07-22 13:06:20 +02:00
Thomas Müller 0a9e0d1051 perm -> permissions 2014-07-21 13:49:22 +02:00
Thomas Müller ea269f0067 Upload abortion is now detected within the OC_Connector_Sabre_File::put()
OC_Connector_Sabre_AbortedUploadDetectionPlugin is pointless

Adding unit test testUploadAbort()
2014-07-08 11:09:59 +02:00
Robin Appelman 8161104420 Catch StorageInvalidException in webdav 2014-07-01 15:03:29 +02:00
Robin Appelman 99960d7747 Handle StorageNotAvailableException in webdav 2014-06-30 16:36:11 +02:00
Robin Appelman 80e6d357a2 Fix permissions check when moving a file to a different directory over webdav 2014-06-20 14:29:13 +02:00
Robin Appelman 07fdeba50b Fix moving movablemount over webdav 2014-06-17 14:10:11 +02:00
Robin Appelman c6a83b2f17 Fix exposing single files over webdav 2014-06-14 10:13:24 +02:00
Robin Appelman 65f3b2fad2 Add server<->server sharing backend 2014-06-14 10:10:37 +02:00
icewind1991 c47d4ebbac Merge pull request #8666 from owncloud/mount-remove
Support for (re)moving mountpoints
2014-06-06 11:57:43 +02:00
Bjoern Schiessle b0a74edbb2 allow moving files to the root 2014-06-06 09:56:00 +02:00
Markus Goetz e6665a0542 WebDAV Permissions: Distinguish between renameing and moving 2014-06-05 14:39:06 +02:00
Thomas Müller 48eee0b432 use the right interface \Sabre\DAVACL\PrincipalBackend\BackendInterface 2014-06-04 17:47:09 +02:00
Thomas Müller 76e04027bc Upgrade SabreDAV to 1.8.10
Updating SabreDAV namespaces
2014-06-04 12:22:23 +02:00
ringmaster cda87fd9c4 Normalize lock exception messages. 2014-06-04 07:55:45 +02:00
Lukas Reschke 9bbc4b0034 Fix typo 2014-06-04 07:55:44 +02:00
ringmaster 6b94732bdf Respect locked files, surface correct exception. 2014-06-04 07:55:44 +02:00
Andreas Fischer fb4556033a Cast '{DAV:}getcontentlength' to number instead of int. 2014-05-29 16:26:02 +02:00
Morris Jobke dc36d30953 Remove all occurences of @brief and @returns from PHPDoc
* test case added to avoid adding them later
2014-05-19 17:50:53 +02:00
Thomas Müller 95741f3936 Merge pull request #8435 from owncloud/fix-8322-master
Expose permission via WebDAV
2014-05-19 16:52:03 +02:00
Robin McCorkell 87b548ed91 Fix all PHPDoc types and variable names, in /lib 2014-05-13 19:08:14 +01:00
Robin McCorkell a7ae2e874a Squash 'a | b' into 'a|b', in /lib 2014-05-13 19:08:14 +01:00
Thomas Müller e5ee84ca9b - update permissions
- change xml tag to perm
2014-05-09 17:18:43 +02:00
Vincent Petry 4a493c8835 Some expected Sabre exceptions are now logged with DEBUG level 2014-05-07 11:43:50 +02:00
Thomas Müller c92c577b5e - Introduce isShared() and isMounted() on FileInfo class
- Reuse these methods on determineIcon()
- Generate permission string for the desktop client
- expose {http://owncloud.org/ns}permissions as additional WebDAV property containing the permission string
2014-05-02 17:37:16 +02:00
Robin Appelman 6c20a014ea merge master into webdav-injection 2014-04-25 11:47:06 +02:00
Robin Appelman cd0c5990f8 properly quote etags 2014-04-24 11:12:39 +02:00
Robin Appelman 49b44e7e22 Normalize paths when moving properties 2014-04-24 11:12:39 +02:00
Thomas Müller 4ba6f4839d fixing typos and PHPDoc 2014-04-23 15:36:01 +02:00
Robin Appelman e77d89fc4b Revert changes to OC_Connector_Sabre_Server 2014-04-23 14:21:09 +02:00
Bjoern Schiessle 7ef8f6d352 always allow to rename the share mount point 2014-04-23 12:54:26 +02:00
Bjoern Schiessle 27c5a978f9 we no longer need to handle the Shared folder different from any other folder 2014-04-23 12:54:25 +02:00
Morris Jobke a2a0eb370b Merge pull request #8222 from owncloud/type-hinting
Type hinting fixes
2014-04-17 16:08:15 +02:00
Bart Visscher a4b7f5155f Fix PHPdoc in lib/private
using scrutinizer patch
2014-04-15 22:55:20 +02:00
Robin Appelman 295b75cca9 merge master into webdav-injection 2014-04-15 20:05:43 +02:00
Robin Appelman c82adb8c5d merge master into webdav-injection 2014-04-15 20:03:00 +02:00
Thomas Tanghus 51e47319ef White-list known secure mime types. Refs. #8184 2014-04-14 17:17:50 +02:00
Vincent Petry 4f11786a3d Fixed Sabre Node implementation to correctly return timestamps as int
Negative timestamps were returned as string and were confusing other

Sabre API like Sabre_DAV_Property_GetLastModified.

This fix makes sure the timestamp is returned as int when defined.
2014-04-09 15:46:51 +02:00
Vincent Petry 6e6a131b32 Merge pull request #7696 from owncloud/chunk-remainingspacefix
Fixed chunking and insufficient storage check
2014-04-01 16:09:19 +02:00
Robin Appelman 371a924c92 merge master into webdav-injection 2014-03-26 14:26:07 +01:00
Vincent Petry 4033eba374 Fixed chunking and insufficient storage check
- fixed free space detection based on the already uploaded chunks
- now deleting chunks as soon as it is read out before writing it into
  the part file, which reduces the space needed when assembling part
files
2014-03-17 13:04:34 +01:00
Thomas Müller f0603a971d close the session for all DAV calls right after authentication - no need to write to the session afterwards 2014-03-10 14:40:36 +01:00
Robin Appelman 84cf40ed82 merge master into webdav-injection 2014-03-06 13:35:06 +01:00
Bjoern Schiessle 2e73c957e5 don't allow to create a file or folder named 'Shared' in the root folder, also exclude all combinations of lower and upper case letters 2014-03-05 13:16:25 +01:00
Robin Appelman 5ef37c28d1 Remove the need for a custom SabreDav server constructor 2014-03-04 13:28:48 +01:00
Robin Appelman fe994669cd Make path for dummy fileinfo absolute 2014-03-03 13:57:08 +01:00
Robin Appelman 3a21755963 Pass the filesystem view as argument in the sabredav connectors and use the fileinfo object 2014-02-25 16:23:09 +01:00
Lukas Reschke 719f1111b6 Merge pull request #6714 from owncloud/files-newfileinvalidcharsfix
Added extra checks for invalid file chars in newfile.php and newfolder.php
2014-02-20 11:53:58 +01:00
Scrutinizer Auto-Fixer adaee6a5a1 Scrutinizer Auto-Fixes
This patch was automatically generated as part of the following inspection:
https://scrutinizer-ci.com/g/owncloud/core/inspections/cdfecc4e-a37e-4233-8025-f0d7252a8720

Enabled analysis tools:
 - PHP Analyzer
 - JSHint
 - PHP Copy/Paste Detector
 - PHP PDepend
2014-02-19 09:31:54 +01:00
Vincent Petry bd71a1b7b6 Added file name check in webdav connector
- added file name check for the put, rename and setNames() methods which
  throw a "Bad Request" whenever invalid characters are used
- replaced \OC\Filesystem usage with $this->getFS() to be able to write
  unit tests
2014-02-18 17:54:32 +01:00
Jörn Friedrich Dreyer 2a6a9a8cef polish documentation based on scrutinizer patches 2014-02-06 17:02:21 +01:00
Vincent Petry bd6734291c Merge pull request #6081 from owncloud/partfilewebdavfix
Allow getting info or renaming part files through WebDAV
2014-02-04 07:48:37 -08:00
Vincent Petry 11ef12a106 Added exception logger plugin for sabre connector
Whenever an exception occurs in the sabre connector code or code called
by it, it will be logged.

This plugin approach is needed because Sabre already catches exceptions
to return them to the client in the XML response, so they don't appear
logged in the web server log.

This will make it much easier to debug syncing issues.
2014-01-27 11:40:17 +01:00