Commit Graph

10203 Commits

Author SHA1 Message Date
Roeland Jago Douma 45108b087e Discourage webauthn user interaction
Else people might have the feeling this is also doing 2FA. And since it
is only prefered it can be ignored and hacked around.

Once we have proper 2FA with webauthn in one go this probably needs to
be revisted.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-07-20 07:31:37 +00:00
Roeland Jago Douma b3c9b166a3
Merge pull request #21779 from nextcloud/backport/21499/stable19
[stable19] fix #21285 as oneliner
2020-07-09 19:27:21 +02:00
Lionel Elie Mamane 2f75ba1adb Return correct loginname in credentials,
even when token is invalid or has no password.

Returning the uid as loginname is wrong, and leads to problems when
these differ. E.g. the getapppassword API was creating app token with
the uid as loginname. In a scenario with external authentication (such
as LDAP), these tokens were then invalidated next time their underlying
password was checked, and systematically ceased to function.

Signed-off-by: Lionel Elie Mamane <lionel@mamane.lu>
2020-07-09 14:37:05 +00:00
Robin Appelman 157f619812 ensure home storage is initialized on first setup
Signed-off-by: Robin Appelman <robin@icewind.nl>
2020-07-09 12:33:20 +00:00
Roeland Jago Douma f174fb91e0 Use the correct mountpoint to calculate
If we use the owners mount point this results in null. And then the rest
of the checks get called with null. Which doesn't work.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-07-09 12:33:19 +00:00
Jaakko Salo 392df2eaf4 Fix releasing a shared lock multiple times
Signed-off-by: Jaakko Salo <jaakkos@gmail.com>
2020-07-06 12:11:46 +00:00
Roeland Jago Douma 4513342478
Merge pull request #21671 from nextcloud/revert-21095-backport/21090/stable19
Revert "[stable19] Do not read certificate bundle from data dir by default"
2020-07-06 10:39:02 +02:00
Roeland Jago Douma 905fab3356
Revert "[stable19] Do not read certificate bundle from data dir by default" 2020-07-03 14:21:38 +02:00
Christoph Wurst 3201e7674f Fix static method call for s3 bucket compat check
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-07-03 08:26:00 +00:00
Joas Schilling d203f8f985
Merge pull request #21387 from nextcloud/backport/21380/stable19
[stable19] Increase timeout of the appstore requests
2020-07-03 10:04:55 +02:00
Morris Jobke f70b2dba18
Merge pull request #21573 from nextcloud/backport/21558/stable19
[stable19] relax permissions mask check for detecting part file rename
2020-07-02 23:51:03 +02:00
Joas Schilling 9d541ccfd1
Increase timeout of the appstore requests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-07-02 23:36:24 +02:00
Joas Schilling a471dba6e1 Fix IPv6 remote addresses from X_FORWARDED_FOR headers before validating
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-07-02 10:09:45 +00:00
Roeland Jago Douma c88402db47
Log deprecated events as debug
Since this can spam the log quite agressively we should log it as debug
and not info.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-07-02 10:49:11 +02:00
Roeland Jago Douma 7fd34d5d64
Merge pull request #21638 from nextcloud/backport/21588/stable19
[stable19] Update presign method to match with interface again.
2020-07-02 09:06:53 +02:00
Joas Schilling 9e9e74736d
Merge pull request #21538 from nextcloud/backport/21452/stable19
[stable19] Fix autocomplete for LDAP with `shareapi_only_share_with_group_members` on
2020-07-01 10:13:19 +02:00
Daniel Kesselberg 4397e57201 Update presign method to match with interface again.
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2020-06-30 18:39:08 +00:00
Robin Appelman 654f5a2109 relax permissions mask check for detecting part file rename
with files drop uploads the original file name isn't always used for the '.ocTransferId' source path

Signed-off-by: Robin Appelman <robin@icewind.nl>
2020-06-24 19:11:18 +00:00
Joas Schilling 407e3df585 Fix language in share notes email for users
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-06-23 21:29:49 +00:00
Roeland Jago Douma 6b5db20fc9
Merge pull request #21526 from nextcloud/backport/21479/stable19
[stable19] Allow to specify the cookie type for appframework responses
2020-06-23 14:04:53 +02:00
Joas Schilling d1df66f7af Fix unit tests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-06-23 12:04:50 +00:00
Joas Schilling 9ce288163c Fix PHP CS
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-06-23 12:04:50 +00:00
Joas Schilling 7a36a4b99c Move back to IGroupManager::displayNamesInGroup()
The problem is that despite it's name IGroup::searchDisplayName()
only searches by userid and this is less fixable than changing back to this method here

Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-06-23 12:04:49 +00:00
Roeland Jago Douma 286f79c388
Merge pull request #21447 from nextcloud/backport/21406/stable19
[stable19] Disable Client-Side Monitoring on AWS storage
2020-06-22 16:29:05 +02:00
Roeland Jago Douma c21a976bc4 Allow to specify the cookie type for appframework responses
In general it is good to set them to Lax. But also to give devs more
control over them is not a bad thing.

Helps with #21474

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-06-22 11:02:50 +00:00
Roeland Jago Douma adb5a80674
Merge pull request #21485 from nextcloud/backport/21482/stable19
[stable19] Don't log Keys
2020-06-21 09:19:35 +02:00
Roeland Jago Douma 88e121d684 Give up after 10 seconds in SCSS timeout
Else we keep idling for ages which leads to bad UX

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-06-19 19:29:56 +00:00
Joas Schilling 0ebbabebe8 Don't log Keys
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-06-19 13:11:18 +00:00
Christoph Wurst 60a3bf8572 Disable Client-Side Monitoring on AWS storage
The S3 client enables this by default and then tries to read
`.aws/config`. This causes `open_basedir` restriction related error for
some setups. So this patch disables the CSM because it's most likely
unused anyway.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-06-17 09:00:28 +00:00
Christoph Wurst 1022db87db Clean up auth tokens when user is deleted
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-06-16 08:03:45 +00:00
Julius Härtl 21bc4b3cad Avoid duplicate matches in wide and exact results
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-06-15 17:52:59 +00:00
Florent 6280d09765 Upload part size as S3 parameter instead of constant value
Some S3 providers need a custom upload part size (500 MB static value in Nextcloud).
Here is a commit to change this value via S3 configuration, instead of using S3_UPLOAD_PART_SIZE constant.
A new parameter is added for an S3 connection : uploadPartSize

Signed-off-by: Florent <florent@coppint.com>
2020-06-15 08:40:02 +00:00
Joas Schilling 982f2fc21a Prevent harder to share your root
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-06-04 09:01:40 +00:00
Daniel Calviño Sánchez 6ca312eec9 Fix disabling send password by Talk without new password in mail shares
When "send password by Talk" was disabled in a mail share it was
possible to keep the same password as before, as it does not pose any
security issue (unlike keeping it when "send password by Talk" is
enabled, as in that case the password was already disclosed by mail).

However, if a mail share is updated but the password is not set again
only the hashed password will be available. In that case it would not
make sense to send the password by mail, so now the password must be
changed when disabling "send password by Talk".

Note that, even if explicitly setting the same password again along with
the "send password by Talk" property would work, this was also prevented
for simplicity.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-05-29 11:37:43 +00:00
Daniel Calviño Sánchez 8e5aa03834 Fix enabling send password by Talk with same password in mail shares
When "send password by Talk" is enabled in a mail share a new password
must be also set. However, when the passwords of the original and the
new share were compared it was not taken into account that the original
password is now hashed, while the new one is not (unless no new password
was sent, in which case the password of the original share was set in
the new share by the controller, but that was already prevented due to
both passwords being literally the same), so it was possible to set the
same password again.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-05-29 11:37:43 +00:00
Daniel Calviño Sánchez 9df3ea94b8 Fix enabling send password by Talk with empty password in link shares
When "send password by Talk" is enabled in a link share now a non empty
password is enforced.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-05-29 11:37:43 +00:00
Roeland Jago Douma 9d2d3c4809 Clear the statscache before fetching the metadata
Else if a lot of writes happen. It might happen that an old stat result
is used. Resulting in a wrong file size for the file. For example the
text app when a lot of people edit at the same time.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-05-28 10:30:35 +00:00
Roeland Jago Douma 24e97c1a7c
Merge pull request #21095 from nextcloud/backport/21090/stable19
[stable19] Do not read certificate bundle from data dir by default
2020-05-26 11:43:46 +02:00
Morris Jobke 3bf0285840
Merge pull request #21068 from nextcloud/backport/20776/stable19
[stable19] Improve group queries
2020-05-26 10:38:17 +02:00
Julius Härtl abecd5696b Update hub bundle and add proxy rule to htaccess
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>
2020-05-25 19:52:22 +00:00
Morris Jobke ebbdd2de33 Do not read certificate bundle from data dir by default
Before the resources/config/ca-bundle.crt was only used when the list of custom
certificates was empty and the instance was not installed. But it should also
be used when the list is empty and the instance is installed.

This is inverting the logic to stop if the instance is not installed to use the
default bundle. And it also does this when the list is empty.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-05-25 17:51:03 +00:00
Roeland Jago Douma 444b28adf6 Improve group queries
Before we'd also get the diplayname for each group in the backend. In a
separate query. This is of course not ideal as this information is
obtained on each and every query. Now this is queried once and properly
cached.

Also added more caching to the manager.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-05-22 12:22:03 +00:00
Morris Jobke 745667e426 Compress the appstore requests by default
In test it reduced the transfered data from 5 MB to 2 MB. This should reduce the load on the appstore significantly.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-05-20 09:07:35 +00:00
Morris Jobke 5c0f06b259 Cache appstore requests for 60 instead of 5 minutes
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-05-20 09:07:35 +00:00
Roeland Jago Douma 8e9433aee9 Remember the webauthn name of devices
Fixes #20289
we should not reset to default once we have logged in with the device.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-05-12 12:08:38 +00:00
Roeland Jago Douma c37bb7745b
Merge pull request #20923 from nextcloud/backport/20915/stable19
[stable19] Use random_bytes
2020-05-11 21:00:16 +02:00
Roeland Jago Douma 387af7eb60 Use random_bytes
Since we don't care if it is human readbale.
The code is backwards compatible with the old format.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-05-11 12:23:02 +00:00
GretaD adbdecb1d6 Fix languages empty array
Signed-off-by: GretaD <gretadoci@gmail.com>
2020-05-08 09:25:59 +00:00
Roeland Jago Douma d5850eb28f
Merge pull request #18955 from adrb/swift_upload_large_objects
Large Object support for OpenStack Swift
2020-05-06 13:03:24 +02:00
Roeland Jago Douma 0c35aaba29
Fix OC_Image new resize functions
Else the wrong mimetype might be set. Resulting in continious
regeneration of previews when browsing.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-05-02 21:57:34 +02:00