Commit Graph

3566 Commits

Author SHA1 Message Date
Lukas Reschke 53057f2bd0 Merge pull request #5462 from nextcloud/add-frameancestor-support
Add CSP frame-ancestors support
2017-09-18 14:25:44 +02:00
Lukas Reschke 705432ca6f
Add filter for `shareapi_allow_share_dialog_user_enumeration`
This adjusts the contacts menu to also support searching by email address which is relevant in scenarios where no UID is known such as LDAP, etc.

Furthermore, if `shareapi_allow_share_dialog_user_enumeration` is disabled only results are shown that match the full user ID or email address.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-09-15 15:58:04 +02:00
Thomas Citharel ecf347bd1a Add CSP frame-ancestors support
Didn't set the @since annotation yet.

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2017-09-15 15:23:10 +02:00
Tobia De Koninck fa402c74d2
Add tests
Signed-off-by: Tobia De Koninck <tobia@ledfan.be>
2017-09-15 14:31:40 +02:00
Tobia De Koninck 473a1ecad1
Fix tests
Signed-off-by: Tobia De Koninck <tobia@ledfan.be>
2017-09-15 14:31:39 +02:00
Roeland Jago Douma 9163cf9241
Fix AppPassword 2FA auth
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-09-12 22:28:43 +02:00
Morris Jobke 8a79d0cc70 Merge pull request #6414 from nextcloud/share-notification-wrong-language
Use the language of the recipient for the share notification
2017-09-08 19:15:05 +02:00
Leon Klingele 8e46e6b827
Improve text: 'you have now' -> 'you now have'
Signed-off-by: Leon Klingele <leon@struktur.de>
2017-09-08 13:47:11 +02:00
Joas Schilling 7e625a8d22
Use the language of the recipient for the share notification
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-08 10:48:16 +02:00
Morris Jobke 5d4540f179 Merge pull request #6364 from nextcloud/fix_login_loop
Fix login with basic auth
2017-09-06 17:04:00 +02:00
Morris Jobke 15cd21d252 Merge pull request #6358 from nextcloud/fix-mixup-of-id-and-name
Set the meta data before everything
2017-09-05 16:08:57 +02:00
Morris Jobke 4e3c39c1d1
Fix tests
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-09-05 13:55:36 +02:00
Roeland Jago Douma b96485b6bd
Fix login with basic auth
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-09-05 12:24:41 +02:00
Joas Schilling dea011243e
Fix unit tests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-04 17:01:31 +02:00
Morris Jobke 4fd3240b5f Merge pull request #6254 from nextcloud/async-bus-split
Allow configuring different command bus backends
2017-09-04 14:22:06 +02:00
Morris Jobke 1ebf91ec16
Add proper EOL
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-09-04 14:21:44 +02:00
Roeland Jago Douma 84ea66dca8 Merge pull request #6296 from nextcloud/improve_2fa
Improve 2FA
2017-08-31 10:52:40 +02:00
Roeland Jago Douma 84b7022118
Improve 2FA
* Store the auth state in the session so we don't have to query it every
time.
* Added some tests

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-29 20:27:36 +02:00
Morris Jobke 0b652648cc Merge pull request #6177 from nextcloud/properly-add-slo-url
Properly allow \OCP\Authentication\IApacheBackend to specify logout URL
2017-08-26 18:50:52 +02:00
Björn Schießle 60ee450809 Merge pull request #5870 from nextcloud/generate-system-wide-key-pair
extend the identity proof manager to allow system wide key pairs
2017-08-24 18:36:35 +02:00
Robin Appelman 9731350ace split async test bus for easier subclassing 2017-08-24 16:06:37 +02:00
Roeland Jago Douma 9357cf735a Merge pull request #6164 from nextcloud/dont-show-error-message-when-sql-failed
Prevent SQL error message in case of error
2017-08-23 16:49:57 +02:00
Lukas Reschke 2e4cd44556
Inject \OCP\IURLGenerator to make tests work
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-18 15:32:40 +02:00
Lukas Reschke a04feff9a7
Properly allow \OCP\Authentication\IApacheBackend to specify logout URL
Any `\OCP\Authentication\IApacheBackend` previously had to implement `getLogoutAttribute` which returns a string.
This string is directly injected into the logout `<a>` tag, so returning something like `href="foo"` would result
in `<a href="foo">`.

This is rather error prone and also in Nextcloud 12 broken as the logout entry has been moved with
054e161eb5 inside the navigation manager where one cannot simply inject attributes.

Thus this feature is broken in Nextcloud 12 which effectively leads to the bug described at nextcloud/user_saml#112,
people cannot logout anymore when using SAML using SLO. Basically in case of SAML you have a SLO url which redirects
you to the IdP and properly logs you out there as well.

Instead of monkey patching the Navigation manager I decided to instead change `\OCP\Authentication\IApacheBackend` to
use `\OCP\Authentication\IApacheBackend::getLogoutUrl` instead where it can return a string with the appropriate logout
URL. Since this functionality is only prominently used in the SAML plugin. Any custom app would need a small change but
I'm not aware of any and there's simply no way to fix this properly otherwise.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-18 12:22:44 +02:00
Lukas Reschke ed8a98eaa1
Prevent SQL error message in case of error
`\OC\User\Database::createUser` can throw a PHP exception in case the UID is longer than
permitted in the database. This is against it's PHPDocs and we should cast this to `false`,
so that the regular error handling triggers in.

The easiest way to reproduce is on MySQL:

1. Create user `aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa` in admin panel
2. Create user `aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa` in admin panel again
3. See SQL exception as error message

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-17 12:08:40 +02:00
Morris Jobke 1c38a83927 Always log cron execution
There was a setting to disable the last execution of cron. There is no known
problem with this write access and it was also questioned when this feature
was build in https://github.com/owncloud/core/pull/7689#issuecomment-38264707

Recently there was also a bug report about a non-visible last cron execution
(#6088) - let's better remove this.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-08-17 09:45:11 +02:00
Morris Jobke a55e794bfd Cleanup unused methods
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-08-15 14:29:26 +02:00
Morris Jobke cf7c4a4439 Merge pull request #6123 from nextcloud/cleanup-shareItem
Cleanup usage of shareItem in internal code base
2017-08-15 13:57:00 +02:00
Morris Jobke c5f14ac884 Merge pull request #6121 from nextcloud/cleanup-registerBackend
Use proper methods for registerBackend
2017-08-15 13:52:49 +02:00
Morris Jobke 8366dfa50b Cleanup usage of shareItem in internal code base
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-08-15 11:57:18 +02:00
Morris Jobke 895b9c2309 Use proper methods for registerBackend
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-08-15 11:29:15 +02:00
Morris Jobke 3e13e94254 Use proper methods for checkPasswordProtectedShare
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-08-15 11:28:05 +02:00
Morris Jobke f640b56bfa Cleanup unused methods
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-08-15 10:09:47 +02:00
Bjoern Schiessle bae5be3dc1
add prefix to user and system keys to avoid name collisions
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-08-10 14:27:35 +02:00
Bjoern Schiessle 9524badccc
extend the identity proof manager to allow system wide key pairs
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-08-10 14:27:35 +02:00
Roeland Jago Douma 1ea7f14f0a
Fix SessionTest
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-09 16:13:54 +02:00
Roeland Jago Douma 26bf0ca9d4
Fix RepairMimeTypeTest
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-09 16:04:57 +02:00
Roeland Jago Douma db27bbf90d
Fix CacheTest
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-09 16:01:09 +02:00
Roeland Jago Douma 8b0051eb40
Fix encryption test
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-09 15:51:08 +02:00
Roeland Jago Douma ed3b391e47
Use symfony/translation for L10N plurals
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-07 19:53:36 +02:00
Roeland Jago Douma 4633717f04
Move pre_shared and post_shared events to EventDispatcher
* Now listeners for those events get proper share objects.
* Legacy hooks still fired
* Updated tests

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-03 15:14:29 +02:00
Joas Schilling 2f8756754f
Fix last failures with oracle
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-02 09:48:16 +02:00
Joas Schilling 293dea0625
Fix querybuilder and functionbuilder tests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-02 09:48:16 +02:00
Joas Schilling 20f8d1094a
Can not insert auto increment on oracle
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-02 09:48:16 +02:00
Joas Schilling 106df7bc33
Fix missing escape on column and table name
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-02 09:48:16 +02:00
Lukas Reschke f93a82b8b0
Remove explicit type hints for Controller
This is public API and breaks the middlewares of existing apps. Since this also requires maintaining two different code paths for 12 and 13 I'm at the moment voting for reverting this change.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-01 17:32:03 +02:00
Morris Jobke 84c22fdeef Merge pull request #5907 from nextcloud/add-metadata-to-throttle-call
Add metadata to \OCP\AppFramework\Http\Response::throttle
2017-08-01 14:43:47 +02:00
Morris Jobke 6010c4f267 Merge pull request #5877 from nextcloud/typehint_middleware
Prop argument type for Middleware
2017-08-01 14:28:16 +02:00
Roeland Jago Douma c8452803ef Merge pull request #5897 from nextcloud/add-share-mail-for-user-share
Send an email once a file/folder is shared with a user
2017-08-01 13:27:15 +02:00
Morris Jobke 582fb5d129 Update the URLs in tests to use example.org
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-08-01 11:16:04 +02:00