However due to the nature of what we store in the token (encrypted
passwords etc). We can't just delete the tokens because that would make
the oauth refresh useless.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
The avatar endpoint returns the avatar image or, if the user has no
avatar, the display name. In that later case the avatar is generated on
the browser based on the display name. The avatar endpoint response is
cached, so when the display name changes and the avatar is got again the
browser could use the cached value, in which case it would use the same
display name as before and the avatar would not change.
When the avatar is an image the cache is invalidated with the use of
the "version" parameter, which is increased when the image changes. When
the avatar cache was first introduced only the image avatars were
cached, but it was later changed to cache all avatar responses to limit
the requests made to the server. Thus, now the cache of the display name
is invalidated too by increasing the version of the avatar if the
display name changes and there is no explicit avatar set.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
For legacy reasons we stored all the previews with a png extention.
However we did not put png data in them all the time.
This caused the preview endpoints to always report that a preview is a
png file. Which was a lie.
Since we abstract away from the storage etc in the previewmanager. There
is no need anymore to store them as .png files and instead we can use
the actual file extention.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
- With root installation
- Core css
- App inside server root
- Secondary apps directory outside server root
- With an installation in a sub directory
- Core css
- App inside server root
- Secondary apps directory outside server root
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
On a remembered login session, we create a new session token
in the database with the values of the old one. As we actually
don't need the old session token anymore, we can delete it right
away.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Currently static CSS files work fine in apps outside of the root.
However, as soon as an app uses SCSS, Nextcloud starts being unable to
find the web root.
Fix this problem by backporting select snippets from master
specifically targeting this issue, and add a test to ensure it doesn't
regress.
Fix#5289
Signed-off-by: Kyle Fazzari <kyrofa@ubuntu.com>
Currently, if the app path includes a symlink, the calculated webDir
will be incorrect when generating CSS and URLs will be pointing to the
wrong place, breaking CSS.
Use realpath when retrieving app path, and these issues go away.
Fix#6028
Signed-off-by: Kyle Fazzari <kyrofa@ubuntu.com>
Object storage instances always fall back to the content based mimetype detection, because the file name for object storage was always random due to the fact that it was temporarily storage in a generated temp file. This patch adds a check before that to make sure to use the original file name for this purpose and also remove possible other extensions like the versioning or part file extension.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
This adjusts the contacts menu to also support searching by email address which is relevant in scenarios where no UID is known such as LDAP, etc.
Furthermore, if `shareapi_allow_share_dialog_user_enumeration` is disabled only results are shown that match the full user ID or email address.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Store the auth state in the session so we don't have to query it every
time.
* Added some tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Roeland Jago Douma
Georg Ehrke
Roeland Jago Douma
Morris Jobke
Joas Schilling
Daniel Calviño Sánchez
Robin Appelman
Arthur Schiwon
John Molakvoæ (skjnldsv)
Christoph Wurst
Bjoern Schiessle
Kyle Fazzari
Lukas Reschke
Tobia De Koninck
Leon Klingele