Commit Graph

140 Commits

Author SHA1 Message Date
Robin Appelman d4a51447d1
Fix getting ocs share permissions if a storage is not available
Signed-off-by: Robin Appelman <robin@icewind.nl>
2018-07-18 14:42:39 +02:00
Georg Ehrke 367ca563b4
allow admins to override FreeBusy capabilities without modifying ShareAPI capabilities
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2018-05-22 19:16:26 +02:00
Arthur Schiwon aff5fe68b3
use SystemConfig, less dependencies, and not publicly needed
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-04-26 23:54:11 +02:00
Arthur Schiwon ab7a4b8693
fix dav test
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-04-26 12:10:53 +02:00
Arthur Schiwon cfc3ab0119
offer API to create own File log. admin_audit makes use of it
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-04-26 12:10:52 +02:00
Arthur Schiwon 5fbf184134
destaticfy Log classes
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-04-26 12:00:06 +02:00
Robin Appelman 15815c034f adjust tests to new exception log format
Signed-off-by: Robin Appelman <robin@icewind.nl>
2018-04-11 11:46:36 +02:00
Roeland Jago Douma 6994bce951
Loglevel is an int
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-27 10:45:35 +01:00
Roeland Jago Douma 4077f16aec
Make ILogger strict
* Make implementations strict
* Add scalar typehints

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-27 10:41:46 +01:00
Joas Schilling bf2be08c9f
Fix risky tests without assertions
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-01-25 11:33:25 +01:00
Joas Schilling 870023365c
Fix "Undefined method setExpectedException()"
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-01-24 18:10:16 +01:00
Thomas Müller 8c5d656f3b Handle OC-Total-Length in new chunking
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-12-15 14:46:36 +01:00
Bjoern Schiessle caff52decd
fix dav unit tests
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-12-12 13:59:52 +01:00
Georg Ehrke 6802e2b59a
Principal search: Take sharing settings into account
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-12-11 16:04:55 +01:00
Morris Jobke 5b20600da9
Merge pull request #7313 from nextcloud/ensure-that-x-oc-mtime-header-is-an-integer-with-chunked-uploads
Ensure that X-OC-MTime header is an integer with chunked uploads
2017-12-11 15:07:05 +01:00
Roeland Jago Douma d2fe30d464
Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-04 15:23:20 +01:00
Daniel Calviño Sánchez 2a7b1bae10 Reject X-OC-MTime header if given as a string with hexadecimal notation
In PHP 7.X hexadecimal notation support was removed from "is_numeric",
so "sanitizeMtime" directly rejected those values; in PHP 5.X, on the
other hand, "sanitizeMtime" returned 0 when a string with hexadecimal
notation was given (as it was the behaviour of "intval"). To provide a
consistent behaviour between PHP versions, and given that it does not
make much sense to send X-OC-MTime in hexadecimal notation, now
X-OC-MTime is always rejected if given as a string with hexadecimal
notation.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-11-28 01:08:52 +01:00
Thomas Müller ffe034abb0 Don't use runInSeparateProcess
Directly calling "header" in the PHPUnit process causes the "Cannot
modify header information - headers already sent by" error to be thrown.
Instead of running the test in a separate process, which is slower, this
commit wraps the call to "header" in a method that can be mocked in the
tests.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-11-27 20:39:45 +01:00
Daniel Calviño Sánchez a5e4c2ea11 Add tests for X-OC-MTime header handling
This commit is based on the commits from pull request 28066 (included in
018d45cad97e0) from ownCloud by Artur Neumann and Phil Davis.

Unit tests are currently run only on systems that support negative
mtimes, so no special handling of negative values was included in the
tests to keep the test code more manageable.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-11-27 20:39:45 +01:00
Daniel Calviño Sánchez 2af3d8a9b2 Make possible to provide a specific HTTP request object to File
This will be used in a following commit to test how the X-OC-MTime
header is handled.

This commit is based on the "make File::put() more testable" commit
(included in 018d45cad97e0) from ownCloud by Artur Neumann.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-11-27 20:39:41 +01:00
Björn Schießle f347e2e4a6
Merge pull request #7047 from nextcloud/add-support-for-files-with-no-permissions
Add support for files with no permissions
2017-11-20 16:15:52 +01:00
Morris Jobke 0eebff152a
Update license headers
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 16:56:19 +01:00
Daniel Calviño Sánchez 555d582f35 Return whether the file is readable or not in the DAV permissions
Until now it was safe to assume that every file was readable by its
owner, so there was no need to return whether the file was readable or
not. However, with the introduction of end to end encryption that is no
longer the case, and it is now necessary to explicitly provide that
information.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-11-02 19:37:00 +01:00
Morris Jobke 3f107e59dd
Fix another warning
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-10-26 10:36:17 +02:00
Morris Jobke ab36980d20
Use ::class in test mocks of dav app
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-10-26 10:16:12 +02:00
Morris Jobke 43e498844e
Use ::class in test mocks
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-10-24 17:45:32 +02:00
Roeland Jago Douma ab63c89ab3
Fix quota calculation on new dav upload endpoint
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-09-13 19:28:38 +02:00
Morris Jobke fc12bd0be6 Do not log WebDAV maintenance mode exception
Log the maintenance mode exception only in debug level. Fixes #6124

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-08-15 15:03:39 +02:00
Bjoern Schiessle f186a5cfb1
fix and extend dav test to also test the master-key setup
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-07-06 11:47:11 +02:00
Joas Schilling b27819785e
Don't log passwords on dav exceptions
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-06-29 17:20:10 +02:00
Joas Schilling 698a7cb7f0 Merge pull request #5124 from nextcloud/allow-dirlisting-with-unreadable-items
Allow dir-listing also when one child is blocked by access control
2017-06-16 10:47:08 +02:00
Lukas Reschke 633396001f
Prevent sending second WWW-Authenticate header
Overrides \Sabre\DAV\Auth\Backend\AbstractBearer::challenge to prevent sending a second WWW-Authenticate header which is standard-compliant but most DAV clients simply fail hard.

Fixes https://github.com/nextcloud/server/issues/5088

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-06-13 13:54:52 +02:00
Joas Schilling b6d6f3c521
Fix unit test
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-06-07 11:24:00 +02:00
Lukas Reschke f93db724d7
Make legacy DAV backend use the BearerAuth backend as well
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 21:19:39 +02:00
Lukas Reschke df3909a7c3
Use Bearer backend for SabreDAV
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 20:49:10 +02:00
Joas Schilling 5f6153168f
Fix class names
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-27 15:45:41 +02:00
Joas Schilling a9d06c07d8
Fix last unit tests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-27 10:18:31 +02:00
Joas Schilling 6fb7d9a865
Don't end the abstract class name with Test.php
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-27 09:49:37 +02:00
Vincent Petry 614bd5c294
Properly handle missing READ permission 2017-04-27 09:29:02 +02:00
Joas Schilling 53deb26778
Fix duplicate name of class
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-27 09:15:50 +02:00
Vincent Petry 7b6e4d0dd2
Fix FutureFile MOVE to keep destination node
Sabre usually deletes the target node on MOVE before proceeding with the
actual move operation. This fix prevents this to happen in case the
source node is a FutureFile.
2017-04-26 15:46:38 +02:00
Vincent Petry 642b4331a6
Moved unit tests from ObjectTree::move to Directory 2017-04-26 15:42:29 +02:00
Morris Jobke c54a59d51e
Remove unused use statements
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-22 19:23:31 -05:00
Joas Schilling a3c3124762
Allow file upload when storage is unlimited
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-12 12:27:47 +02:00
Thomas Müller 5bfce597a9
[CI] Can we get some faster phpunit execution? (#27113)
* Don't backup globals and static attributes

* Unset global variable to remove impact on followup tests

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-20 12:34:05 -06:00
Maxence Lange 16e1c21fcc
fix mock
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-14 19:27:20 +01:00
Roeland Jago Douma c75b5a5614
Properly handle groups with a /
If a group contains a slash the principal URI becomes
principals/groups/foo/bar. Now the URI is plit on '/' so this creates
issues ;)

Fixes #2957

* Add tests for groups with /

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-02-27 17:07:18 +01:00
Morris Jobke 9533f4e5ed
Clean up single user mode
Single user mode basically disables WebDAV, OCS and cron execution. Since
we heavily rely on WebDAV and OCS also in the web UI it's basically useless.
An admin only sees a broken interface and can't even change any settings nor
sees any files. Also sharing is not possible.

As this is at least the case since Nextcloud 9 and we haven't received any
reports for this it seems that this feature is not used at all so I removed it.

The encryption commands now rely on the well tested maintenance mode.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-02-22 23:02:31 -06:00
Joas Schilling 33fb86f68b
Fix detection of the new iOS app
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-02-10 10:10:21 +01:00
Michael Jobst 969c19b2e9
Fixed size issues on main detail view and disappearing of share recipients (#26603)
* fixed size issues on main detail view and disappearing of share recipients

* Changes due to code comments

* Moved reloadProperties() to FileInfoModel

* Solved Scrutinizer issues

* Bugfix: undefined value used on error

* check if options are set for FileInfoModel.initialize()

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2016-12-23 16:56:55 +01:00
Roeland Jago Douma 030118cd85 Merge pull request #2111 from nextcloud/oc_26549
Remove unused $view from FilesPlugin (#26549)
2016-11-14 17:00:04 +01:00
Thomas Müller 506ccdbd8d
Introduce an event for first time login based on the last login time stamp
Use firstLogin event to trigger creation of default calendar and default address book

Delay login of admin user after setup so that firstLogin event can properly be processed for the admin

Fixing tests ...

Skeleton files are not copied over -> only 3 cache entries are remaining

Use updateLastLoginTimestamp to properly setup lastLogin value for a test user
2016-11-14 14:50:10 +01:00
Vincent Petry 17ea1bfb75
Remove unused $view from FilesPlugin (#26549)
The Sabre FilesPlugin never uses the view so remove it.
2016-11-14 14:45:33 +01:00
Robin Appelman ec2235e14b
fix tests
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-10 15:06:24 +01:00
Thomas Müller c778b1bade
Update sabre dav to 3.2 (#26115)
* Update sabre/dav to 3.2.0

* Adjust code to work with sabre/dav 3.2.0 and it's dependencies

* Adding own CalDAV plugin to fix calendar home property

* Test if there is a user logged in when listing files home

* Update sabre version used by integration tests

* Disable unauthenticated DAV access

This is needed to make Sabre 3.2 behave like we did before.
Eventually we should integrate better with the ACL plugin which itself
should implement an auth failure when appropriate.

=====

* Fixed so cherry-pick was succesfull

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-04 13:35:10 +01:00
Vincent Petry 6a4ea2c15a
Upload autorename on client side
Removes the need for POST to collection which would hit against upload
limits.

The client tries to auto rename the file by adding a suffix "(2)".
It tries to use the file list on the client side to guess a
suitable name. In case a file still cannot be uploaded and creates a
conflict, which can happen when the file was concurrently uploaded, the
logic will continue increasing the suffix.
2016-11-02 22:15:03 +01:00
Robin Appelman 3692769b0a
Add getShareTypesInFolder to optimize folder listening
Signed-off-by: Robin Appelman <icewind@owncloud.com>
2016-10-31 15:55:40 +01:00
Thomas Müller 9df3869bfc
Fix unit tests for BlockLegacyClientPlugin 2016-10-25 18:03:10 +02:00
Vincent Petry c68e273664
Goodbye Iframe transport !
Not needed any more in IE >= 11

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-24 21:45:00 +02:00
Vincent Petry 59c5be1cc5
Use Webdav PUT for uploads in the web browser
- uses PUT method with jquery.fileupload for regular and public file
  lists
- for IE and browsers that don't support it, use POST with iframe
  transport
- implemented Sabre plugin to handle iframe transport and redirect the
  embedded PUT request to the proper handler
- added RFC5995 POST to file collection with "add-member" property to
  make it possible to auto-rename conflicting file names
- remove obsolete ajax/upload.php and obsolete ajax routes

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-24 21:45:00 +02:00
Morris Jobke 2b76d14330 Merge pull request #1834 from nextcloud/downstream-26186
Add more files plugins to new DAV endpoint
2016-10-21 09:44:15 +02:00
Vincent Petry 73e216e0a7
Add more files plugins to new DAV endpoint (#26186)
* Add more files plugins to new DAV endpoint

Also fix report plugin to properly retrieve the path from the
prolongated URL

* In case the report is not for this plugin -> simply return to allow other plugins to get executed

* Adjust onReport tests to match new behavior
2016-10-20 21:36:15 +02:00
Joas Schilling 246bb9f33d
Move OC\Files\Storage\Shared to the right namespace 2016-10-20 20:27:44 +02:00
Morris Jobke 98c8464564 Merge pull request #1821 from nextcloud/downstream-26366
Code style changes from downstream
2016-10-20 20:18:47 +02:00
Lukas Reschke 0864f53675 Merge pull request #1796 from nextcloud/oc_fav-report
Make it possible to filter by tags with REPORT method
2016-10-20 18:32:51 +02:00
Thomas Müller 08d6884107
Sanitize length headers when validating quota 2016-10-20 15:15:48 +02:00
Vincent Petry 361f008c70
Make it possible to filter by tags with REPORT method
Enhanced the REPORT method on the Webdav endpoint and added a
"oc:favorite" filter rule. When set, it will return a flat list of
results filtered with only favorite files.

The web UI was also adjusted to use this REPORT method instead of the
private API endpoint.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-19 11:06:29 +02:00
Joas Schilling 05223a39f9
Make sure we only use numbers as length
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-19 09:28:54 +02:00
Morris Jobke ff3e8c2139 Merge pull request #1518 from nextcloud/dav-fileshome-directory-properties
FilesHome now also returns DAV properties
2016-10-06 00:21:44 +02:00
Thomas Müller bd96c6aa38
Return ETag and OC-ETag in case of a move (#25683)
Downstreaming of https://github.com/owncloud/core/pull/25683

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-09-28 21:12:50 +02:00
Vincent Petry b17e836e45
FilesHome now also returns DAV properties
The files home node must also return DAV properties like etag,
permissions, etc for the clients to work like they did with the old
endpoint.

This fix makes FilesHome extend the Sabre Directory class, this makes
the FilesPlugin and other plugins recognize it as a directory and will
retrieve the matching properties when applicable.

Downstream of https://github.com/owncloud/core/pull/26066

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-09-26 11:24:23 +02:00
Joas Schilling b94a4df592
Fix tests 2016-09-07 18:39:48 +02:00
Markus Goetz 0cb34c2fa5
[master] DAV: Return data-fingerprint always when asked (#25482)
For owncloud/client#5056
Users can configure arbitrary subfolders for syncing, therefore we should
always return it when asked for.
The sync client makes sure to not always ask for it to save bandwidth.
2016-08-29 14:37:14 +02:00
Christoph Wurst 6af2efb679
prevent infinite redirect loops if the there is no 2fa provider to pass
This fixes infinite loops that are caused whenever a user is about to solve a 2FA
challenge, but the provider app is disabled at the same time. Since the session
value usually indicates that the challenge needs to be solved before we grant access
we have to remove that value instead in this special case.
2016-08-24 10:49:23 +02:00
Robin Appelman 1fef5d3d06 add dav property to check if a file has a preview available 2016-07-27 12:59:39 +02:00
Joas Schilling 0215b004da
Update with robin 2016-07-21 18:13:58 +02:00
Joas Schilling 813f0a0f40
Fix apps/ 2016-07-21 18:13:57 +02:00
Lukas Reschke ba4f12baa0
Implement brute force protection
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.

It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
2016-07-20 22:08:56 +02:00
Roeland Jago Douma 2fcb24166f
Fix PHPUnit 5.4 warnings in DAV app
* getMock is deprecated
2016-07-15 09:52:46 +02:00
Lukas Reschke 149218ead9 Fix tests 2016-06-30 13:46:08 +02:00
Christoph Wurst 5a8cfab68f
throw PasswordLoginForbidden on DAV 2016-06-17 11:30:24 +02:00
Christoph Wurst 82b50d126c
add PasswordLoginForbiddenException 2016-06-17 11:02:07 +02:00
Christoph Wurst 465807490d
create session token only for clients that support cookies 2016-06-13 19:44:05 +02:00
Vincent Petry 1399e87d57
DAV now returns file name with Content-Disposition header
Fixes issue where Chrome would append ".txt" to XML files when
downloaded in the web UI
2016-06-09 15:51:41 +02:00
Vincent Petry bf917d7063 Merge pull request #24813 from owncloud/delete-ghost-files
allow deleting "ghost files" trough the View and Node api
2016-06-07 09:34:16 +02:00
Thomas Müller 371a07e3ab Fix checkMove() implementation for dav v2 - fixes #24776 (#24971) 2016-06-06 17:01:27 +02:00
Robin Appelman 3bd5073251 add test for deleting ghost files over dav 2016-06-03 13:37:52 +02:00
Christoph Wurst da03a85c3c
block DAV if 2FA challenge needs to be solved first 2016-06-01 10:42:38 +02:00
Lukas Reschke aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Joas Schilling 5882e21b3b
Update DAV unit tests to PSR-4 2016-05-25 16:09:18 +02:00