Commit Graph

528 Commits

Author SHA1 Message Date
Joas Schilling 89c78bbce4 Merge pull request #1031 from nextcloud/2fa-infinite-redirect-loop
prevent infinite redirect loops if the there is no 2fa provider to pass
2016-08-26 16:03:05 +02:00
Robin Appelman 7c4d9add0d reuse the userfolder's fileinfo when possible during dav setup 2016-08-25 17:22:22 +02:00
Christoph Wurst 6af2efb679
prevent infinite redirect loops if the there is no 2fa provider to pass
This fixes infinite loops that are caused whenever a user is about to solve a 2FA
challenge, but the provider app is disabled at the same time. Since the session
value usually indicates that the challenge needs to be solved before we grant access
we have to remove that value instead in this special case.
2016-08-24 10:49:23 +02:00
Joas Schilling 3fbb5de74f
Better displaynames for shared address books 2016-08-24 08:50:25 +02:00
Joas Schilling 53182fb780
Better displaynames for shared calendars 2016-08-24 08:50:25 +02:00
Roeland Jago Douma 64ff8ac6fa
Fix phpdoc in Comments 2016-08-16 20:33:09 +02:00
Thomas Müller 6f34c37cfb
Adding quota plugin to new dav endpoint (#25615)
* Adding quota plugin to new dav endpoint

* Added integrated test failing in old endpoint

* Added 0B quota test
2016-07-29 10:03:46 +02:00
Robin Appelman 1fef5d3d06 add dav property to check if a file has a preview available 2016-07-27 12:59:39 +02:00
Joas Schilling 0215b004da
Update with robin 2016-07-21 18:13:58 +02:00
Joas Schilling 813f0a0f40
Fix apps/ 2016-07-21 18:13:57 +02:00
Lukas Reschke c385423d10 Merge pull request #479 from nextcloud/add-bruteforce-throttler
Implement brute force protection
2016-07-21 00:31:02 +02:00
Lukas Reschke ba4f12baa0
Implement brute force protection
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.

It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
2016-07-20 22:08:56 +02:00
Lukas Reschke a17ba2f488 Merge pull request #466 from nextcloud/escape-special-characters
Escape special characters (#25429)
2016-07-20 21:24:19 +02:00
Roeland Douma 26cf51403e Merge pull request #464 from nextcloud/master-change-load-order
[master] Change load order of auth backends so that we can throw an exception …
2016-07-20 20:08:22 +02:00
Vincent Petry e5c4f53eea
Cast share id to string (#25402) 2016-07-20 15:10:10 +02:00
Aaron Wood 7c0de08cc4
Escape special characters (#25429)
* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Use correct method in the AbstractMapping class

* Change the getNamesBySearch method so that input can be properly escaped while still supporting matches

* Don't escape hardcoded wildcard
2016-07-20 14:46:47 +02:00
Thomas Müller e795f7b106
Change load order of auth backends so that we can throw an exception in OCA\DAV\Connector\Sabre\Auth - fixes #25362 (#25476) 2016-07-20 14:40:52 +02:00
Morris Jobke 0a6d95b126 Merge pull request #394 from nextcloud/tags-for-everything
SystemTags for everything not just files
2016-07-19 10:47:12 +02:00
Björn Schießle ea470f8777 Merge pull request #405 from nextcloud/theming-fixes
Theming fixes
2016-07-18 15:59:47 +02:00
Joas Schilling 7c039bcbf6
Allow apps to register SystemTags plugins 2016-07-18 10:26:42 +02:00
Joas Schilling c2b077e185
Fix doc blocks 2016-07-18 10:26:42 +02:00
Joas Schilling 8e13ff2c86
Fix TODO and bring in abstraction (similar to comments) 2016-07-18 10:26:36 +02:00
Joas Schilling 2c988ecbf4
Use the themed Defaults everywhere 2016-07-15 09:17:30 +02:00
Roeland Jago Douma 059b7435ab
PasswordLoginForbidden is not a FATAL exception
It is just a 'Sabre\DAV\Exception\NotAuthenticated' exception
with some special meaning.

So just log it as DEBUG and not as FATAL.
2016-07-14 22:53:12 +02:00
Robin Appelman 6da066e7be
Fix test using private propertries 2016-07-08 12:36:25 +02:00
Robin Appelman f98cb9efa0
Fix type hinting 2016-07-08 12:35:50 +02:00
Robin Appelman 8f84c99e3f
Fix undefined properties 2016-07-08 12:35:16 +02:00
Morris Jobke ba16fd0d33 Merge branch 'master' into sync-master 2016-07-07 11:29:46 +02:00
Thomas Citharel 7d95cde37d Add all properties while creating a subscription (#25318)
Fixes #24469
2016-07-01 13:42:35 +02:00
Lukas Reschke 179a355b2c Merge remote-tracking branch 'upstream/master' into master-sync-upstream 2016-07-01 11:36:35 +02:00
Bjoern Schiessle 26e14529be fix error message 2016-06-30 13:50:31 +02:00
Lukas Reschke c771368c4e Add proper throws PHP docs 2016-06-30 13:19:50 +02:00
Lukas Reschke 1e7f0f7341 Add required $message parameter 2016-06-30 13:17:53 +02:00
Bjoern Schiessle 3571207bd9 add some additonal permission checks to the webdav backend 2016-06-30 11:16:49 +02:00
Björn Schießle 5ace6b53f3 get only vcards which match both the address book id and the vcard uri (#25294) 2016-06-29 12:13:59 +02:00
Bjoern Schiessle 5f6944954b get only vcard which match both the address book id and the vcard uri 2016-06-28 16:11:06 +02:00
Georg Ehrke 3c399be6ec fix a ImageExportPlugin Test (#25215) 2016-06-27 21:26:56 +02:00
Vincent Petry 56ad4cdfec
Show error message when posting an invalid comment
When an internal server error occurs while creating or updating a
comment, display a proper error notification in the UI.
2016-06-24 10:17:12 +02:00
Georg Ehrke 1452b74de7 Contacts API: replace raw image data with url (#25081)
* add uri to AddressBookImpl array

* Introduce ImageExportPlugin for CardDav

* add plugin to v1 routes

* replace binary contact photo with link

* update tests

* Adding unit tests
2016-06-21 15:25:44 +02:00
Vincent Petry 2340660a5b
PasswordLoginForbidden must extend NotAuthenticated
The auth code from Sabre will forward NotAuthenticated exceptions but
in the case of a generic exception, it is packaged as "service not
available".
2016-06-17 15:50:24 +02:00
Christoph Wurst 5a8cfab68f
throw PasswordLoginForbidden on DAV 2016-06-17 11:30:24 +02:00
Christoph Wurst 82b50d126c
add PasswordLoginForbiddenException 2016-06-17 11:02:07 +02:00
Thomas Müller 0b7685d326 Move birthday calendar generation to a live migration job (#25135) 2016-06-16 16:14:28 +02:00
Christoph Wurst 331d88bcab
create session token on all APIs 2016-06-13 15:38:34 +02:00
Vincent Petry 68c3b23e04 Merge pull request #24080 from owncloud/support-calendar-class-property
Extract CLASS property from calendar object and store it in the database
2016-06-10 11:22:11 +02:00
Vincent Petry 67c3a97401 Merge pull request #25046 from owncloud/fix-the-realm
Use the correct realm for basic authentication
2016-06-10 10:41:46 +02:00
Vincent Petry 543545505d Merge pull request #25043 from owncloud/webdav-download-mimetype
DAV now returns file name with Content-Disposition header
2016-06-10 09:55:59 +02:00
Vincent Petry 1399e87d57
DAV now returns file name with Content-Disposition header
Fixes issue where Chrome would append ".txt" to XML files when
downloaded in the web UI
2016-06-09 15:51:41 +02:00
Thomas Müller cf06b17df1
Use the correct realm for basic authentication - fixes #23427 2016-06-09 13:53:32 +02:00
Thomas Müller f20c617154
Allow login by email address via webdav as well - fixes #24791 2016-06-09 12:08:49 +02:00
Thomas Müller bfcd1dc49c
Filter confidential calendar objects in shared calendars
Filter private calendar objects in shared calendars
2016-06-09 11:09:14 +02:00
Thomas Müller 082f456b8b
Added unit testing for the migration step 2016-06-09 11:09:14 +02:00
Thomas Müller 369c3b5d7e
Implement classification migration as repair step 2016-06-09 11:09:14 +02:00
Thomas Müller 287e41732c
Bump dav app version and fix variable rename 2016-06-09 11:09:14 +02:00
Thomas Müller f013cfc530
Add migration step 2016-06-09 11:09:13 +02:00
Thomas Müller fbdec59f22
Extract CLASS property from calendar object and store it in the database 2016-06-09 11:09:13 +02:00
Robin Appelman f119769c26 Better handling of forbidden files in dav 2016-06-07 14:01:55 +02:00
Thomas Müller 371a07e3ab Fix checkMove() implementation for dav v2 - fixes #24776 (#24971) 2016-06-06 17:01:27 +02:00
Vincent Petry 3ff2bec5fa Merge pull request #24935 from owncloud/2fa-block-dav
block DAV if 2FA challenge needs to be solved first
2016-06-02 15:31:18 +02:00
Joas Schilling 942e946f06
Catch the ForbiddenException to make sure it gets handled 2016-06-01 16:17:57 +02:00
Christoph Wurst da03a85c3c
block DAV if 2FA challenge needs to be solved first 2016-06-01 10:42:38 +02:00
Lukas Reschke aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Christoph Wurst 28ce7dd262
do not allow client password logins if token auth is enforced or 2FA is enabled 2016-05-24 17:54:02 +02:00
Christoph Wurst ad10485cec
when generating browser/device token, save the login name for later password checks 2016-05-24 11:49:15 +02:00
Vincent Petry 87fa86a69a Merge pull request #24559 from owncloud/2fa
two factor auth
2016-05-23 20:50:03 +02:00
Vincent Petry c10d8a37f7 Merge pull request #22690 from owncloud/fix-comments-href-remote.php-files
ensure comments-href returns a value also when propfind is done again…
2016-05-23 14:47:03 +02:00
Christoph Wurst dfb4d426c2
Add two factor auth to core 2016-05-23 11:21:10 +02:00
Joas Schilling c9fda84841
Make the root collection neutral so it does not only work for files 2016-05-23 09:03:48 +02:00
Joas Schilling 3a8e537946
Remove unused UserFolder 2016-05-23 09:03:47 +02:00
Vincent Petry 5963128342
Adjust DAV SystemTagPlugin unit tests for groups 2016-05-20 17:56:02 +02:00
Vincent Petry 10fae3994a
Fix system tag update code 2016-05-20 17:56:02 +02:00
Vincent Petry d7727cdc74
Add admin-only system tag groups property
For setting/getting system tag groups
2016-05-20 17:56:02 +02:00
Vincent Petry 88740f035d
Act on effective system tag canAssign permission
Whenever the server returns true for the can-assign Webdav property of
a system tag, it means the current user is allowed to assign,
regardless of the value of user-assignable.

This commit brings the proper logic to the web UI to make it possible
for users to assign when they have the permission.
2016-05-20 17:56:02 +02:00
Vincent Petry 03d32bc39b
Fix system tags DAV unit tests 2016-05-20 17:56:02 +02:00
Vincent Petry bede872dbc
Bring back admin permissions to change system tag permissions 2016-05-20 17:56:02 +02:00
Vincent Petry 09b3883d9c
Updated canUser* functions in SystemTagManager to accept objects 2016-05-20 17:56:02 +02:00
Vincent Petry 8343cfb64b
Add interface methods for permission check
Instead of checking for admin perm, use interface method
canUserAssignTag and canUserSeeTag to check for permissions.
Allows for more flexible implementation.
2016-05-20 17:56:02 +02:00
Arthur Schiwon 2b30136ae9
ensure comments-href returns a value also when propfind is done against remote.php/files 2016-05-20 16:22:13 +02:00
Joas Schilling dd9ee10bc0 Move dav app to PSR-4 (#24527)
* Move Application to correct namespace and PSR-4 it

* Move dav app to PSR-4
2016-05-12 09:42:40 +02:00
Christoph Wurst 0486d750aa
use the UID for creating the session token, not the login name 2016-05-11 13:36:46 +02:00
Christoph Wurst 5e55dfb2d6
create session token for DAV clients (sync clients) 2016-05-11 13:36:46 +02:00
Vincent Petry 47157bcd76 Merge pull request #24400 from owncloud/cache_shareManager
Cache shareManager
2016-05-06 14:25:30 +02:00
Roeland Jago Douma 3c2fee8775
Cache shareManager
There is no need to call \OC::$server->getShareManager for each Node.
We have it available so better pass it around.
2016-05-02 22:27:24 +02:00
Thomas Müller b10dcfc3b7
Fixing local event delivery for calendar events based on the email address 2016-05-02 14:20:59 +02:00
Björn Schießle 606b756a94 Merge pull request #23918 from owncloud/cruds-for-federated-shares
bring back CRUDS permissions for federated shares
2016-04-22 14:50:42 +02:00
Thomas Müller 3b3cff4f79 Merge pull request #24151 from owncloud/create-personal-calendar
Personal calendar should be generated even if the birthday calendar a…
2016-04-22 11:09:45 +02:00
Thomas Müller 1d1247069f
Birthday calendar should never have write acl - fixes #24154 2016-04-21 13:36:52 +02:00
Thomas Müller 38c7296867
Personal calendar should be generated even if the birthday calendar already exists - fixes #24082 2016-04-21 12:34:20 +02:00
Thomas Müller cd01c440a0 Merge pull request #23919 from owncloud/cyclyc-share-dep-example
SharedStorage to new sharing code + cleanup
2016-04-20 20:37:27 +02:00
Lukas Reschke a86fd873d6 Merge pull request #24076 from owncloud/fix-initial-calendar-and-addressbook-names
Fix displayname for initial calendars and address books
2016-04-19 14:30:35 +02:00
Roeland Jago Douma afa37d363f
Fix related logic 2016-04-19 14:04:00 +02:00
Thomas Müller 748134bd90
Fix displayname for initial calendars and address books - fixes #24057 2016-04-18 23:08:37 +02:00
Thomas Müller d0ad8e6e69
Revert "Fix displayname for initial calendars and address books - fixes #24057"
This reverts commit a5d3e5ed68.
2016-04-18 23:07:49 +02:00
Thomas Müller a5d3e5ed68
Fix displayname for initial calendars and address books - fixes #24057 2016-04-18 23:06:38 +02:00
Roeland Jago Douma dcb2b37e24
Add data-fingerprint property to webdav 2016-04-18 16:08:11 +02:00
Björn Schießle 52669d0ea3
return correct share permissions on propfind 2016-04-18 12:02:06 +02:00
Roeland Jago Douma 0cebb16e7c
Move share-permissions property namespace
Fixes https://github.com/owncloud/core/issues/23741
2016-04-15 10:22:18 +02:00
Thomas Müller 55735e1450
Translate contacts birthday - fixes #23982 2016-04-14 16:58:45 +02:00
Thomas Müller 068e73cc47 Merge pull request #23975 from owncloud/change-default-calendar-and-contacts-names
Use better names for the default calendars and addressbooks
2016-04-14 11:57:43 +02:00
Thomas Müller 439de52534
Remove dav migration for 9.1 2016-04-13 15:53:57 +02:00
Thomas Müller 353449bff7
Use better names for the default calendars and addressbooks - fixes #23720 2016-04-13 15:44:59 +02:00
Thomas Müller 3c0a1d4241 Merge pull request #20118 from owncloud/chunked-upload-dav
Initial implementation of the new chunked upload
2016-04-13 14:37:10 +02:00
Björn Schießle 499d131a09
always return the complete permissions the file was shared with 2016-04-12 17:56:56 +02:00
Thomas Müller e21642ca31 Fix unit test of file plugin 2016-04-12 15:51:09 +02:00
Thomas Müller bb2e68f72b Fix chunk file move 2016-04-12 14:26:42 +02:00
Thomas Müller 72f5c539e8 Initial implementation of the new chunked upload - as specified in https://dragotin.wordpress.com/2015/06/22/owncloud-chunking-ng/ 2016-04-12 12:32:04 +02:00
Thomas Müller 8652ef28aa Merge pull request #23868 from owncloud/scrutinizer-patch-2
Scrutinizer Auto-Fixes
2016-04-11 10:38:02 +02:00
Thomas Müller 24c2252ff4 Adding VCFExportPlugin 2016-04-10 12:43:15 +02:00
Scrutinizer Auto-Fixer 3ebeb07a30 Scrutinizer Auto-Fixes
This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
2016-04-08 15:11:37 +00:00
Thomas Müller 6f3eeeeb36 Merge pull request #23510 from owncloud/birthdays-on-shared-addressbooks
Propagate birthdays of shared addressbooks to the sharee's birthday c…
2016-04-08 15:19:38 +02:00
Roeland Jago Douma 375f6fcab1
Move public webdav auth over to share manager
The public webdav auth should use the shiny new share manager.
2016-04-08 14:17:13 +02:00
Thomas Müller dda739c0cc Merge pull request #23501 from owncloud/alarms_for_birthdayevents
add VALARM for birthday events
2016-04-06 14:31:07 +02:00
Thomas Müller f6cea3c9c4 Merge pull request #23557 from owncloud/sabre-plugin-browser-error-page
In case of exception we return an html page in case the client is a b…
2016-04-04 13:51:23 +02:00
Thomas Müller 63b01a3616 Merge pull request #22834 from owncloud/webdav_property_for_share_permissions
Add sharePermissions webdav property
2016-03-31 23:18:53 +02:00
Roeland Jago Douma 89478a0961 Fix unit tests 2016-03-31 21:25:23 +02:00
Roeland Jago Douma 5334bcce66 Correct share permissions for external storages 2016-03-31 20:17:59 +02:00
Roeland Jago Douma 8c0ef4c4bd Add sharePermissions webdav property
This property can be queries by the clients so they know the max
permissions they can use to share a file with. This will improve the UX.

The oc:permissions proptery is not enough since mountpoints have
different permissions (delete + move by default).

By making it a new property the clients can just request it. On older
servers it will just return a 404 for that property (and thus they know
they have to fall back to their hacky work arounds). But if the property
is returned the client can show proper info.

* unit tests
* intergration test
2016-03-31 20:12:34 +02:00
Lukas Reschke ba69a90ab5 Enforce type 2016-03-31 19:32:30 +02:00
Vincent Petry 262547ba3d Return 401 DummyBasicAuth in case of ajax call 2016-03-31 19:31:31 +02:00
Stefan Weil 65b0127241 apps/dav: Fix typos in comments (found and fixed by codespell)
Signed-off-by: Stefan Weil <sw@weilnetz.de>
2016-03-30 10:14:26 +02:00
Thomas Müller cd850dc325 Merge pull request #23568 from owncloud/finally-fix-23328-now-for-addressbooks-as-well
Handle group shares of addressbooks on v1 as well ... now FINALLY ....
2016-03-29 18:41:40 +02:00
Achim Königs 596a8416c2 Merge branch 'master' into alarms_for_birthdayevents 2016-03-26 14:27:38 +01:00
Thomas Müller ab0db65b23 Merge pull request #23549 from owncloud/dav-sharetypes-remote
Return remote shares in oc:share-types Webdav property
2016-03-24 22:44:19 +01:00
Lukas Reschke 95820fbd5b Add magical regex to catch browsers 2016-03-24 19:02:16 +01:00
Thomas Müller c46f480031 In case of exception we return an html page in case the client is a browser 2016-03-24 19:02:16 +01:00
Thomas Müller 89cd6e228d Handle group shares of addressbooks on v1 as well ... now FINALLY .... 2016-03-24 17:11:07 +01:00
Thomas Müller 3d51682440 Merge pull request #23342 from owncloud/fix-group-sharing-for-v1-caldav-and-carddav
Fix group shares on v1 caldav and carddav
2016-03-24 12:47:18 +01:00
Vincent Petry 9ee1f506f2 Return remote shares in oc:share-types Webdav property
Fixes web UI to properly display the share status icon when an outgoing
remote share exists
2016-03-24 12:16:57 +01:00
Thomas Müller 06e8c70400 Fix acls for calendar objects and cards - fixes #23273 2016-03-24 09:53:36 +01:00
Thomas Müller 8c2b19d2bc Return proper current-user-principal on v1 endpoints - fixes #23306 2016-03-24 09:53:36 +01:00
Thomas Müller 4c738ea9c4 Fix group shares on v1 caldav and carddav - fixes #23328 2016-03-24 09:53:36 +01:00
Lukas Reschke cc8c0b6a90 Check if request is sent from official ownCloud client
There are authentication backends such as Shibboleth that do send no Basic Auth credentials for DAV requests. This means that the ownCloud DAV backend would consider these requests coming from an untrusted source and require higher levels of security checks. (e.g. a CSRF check)

While an elegant solution would rely on authenticating via token (so that one can properly ensure that the request came indeed from a trusted client) this is a okay'ish workaround for this problem until we have something more reliable in the authentication code.
2016-03-24 08:59:56 +01:00
Achim Königs 4b2f9e4027 add VALARM for birthday events
ACTION=DISPLAY *should* prevents audible alarms.
2016-03-23 23:21:10 +01:00
Thomas Müller c8d6a9594a Propagate birthday to group shares as well 2016-03-23 14:12:50 +01:00
Thomas Müller e979b9c735 Propagate birthdays of shared addressbooks to the sharee's birthday calendar as well 2016-03-23 12:29:45 +01:00
Thomas Müller 24331be991 Merge pull request #23431 from owncloud/use-dav-sabre-plugin-for-browser-2
Fix display of vcard and calendar object details page in browser plugin
2016-03-23 11:03:55 +01:00
Thomas Müller 164282c72e Fix display of vcard and calendar object details page in browser plugin 2016-03-23 10:35:21 +01:00
Thomas Müller 48ec8ab3d3 Merge pull request #23404 from owncloud/fix-22988
adjust PrincipalUri as returned from Sabre to effective username
2016-03-22 14:49:54 +01:00
Thomas Müller 9fc371e436 Merge pull request #23320 from owncloud/early-creation-of-birthday-calendar
Create the contact birthday calendar right away as soon as the comman…
2016-03-22 10:31:01 +01:00
Vincent Petry f28f538029 Do not fire pre/post hooks twice on chunk upload 2016-03-21 15:14:58 +01:00
Thomas Müller 8852fdaee3 Merge pull request #22789 from owncloud/dav-sharesproperty
Add webdav property for share info in PROPFIND response
2016-03-21 11:15:00 +01:00
Thomas Müller e983bd7db0 Merge pull request #23368 from owncloud/use-dav-sabre-plugin-for-browser
In debugging mode we enable Sabre's browser plugin since it helps a l…
2016-03-21 10:13:27 +01:00
Arthur Schiwon 117c1bffa7 adjust PrincipilUri as returned from Sabre to effective username 2016-03-18 23:31:11 +01:00
Roeland Jago Douma 6e6e002280 Remove duplicated copyright 2016-03-17 19:24:25 +01:00
Thomas Müller 520724d757 Necessary code changes to make browser plugin properly work 2016-03-17 18:00:06 +01:00
Thomas Müller 7d638fdb34 In debugging mode we enable Sabre's browser plugin since it helps a lot when debugging 2016-03-17 16:51:19 +01:00
Vincent Petry f778e48ee5 Add webdav property for share info in PROPFIND response 2016-03-17 15:35:21 +01:00
Roeland Jago Douma 533fdb4075 Set proper public webdav permissions when public upload disabled
Fixes #23325

It can happen that a user shares a folder with public upload. And some
time later the admin disables public upload on the server.

To make sure this is handled correctly we need to check the config value
and reduce the permissions.

Fix is kept small to be easy backportable.
2016-03-17 11:35:31 +01:00
Thomas Müller fdb7c59e6c Create the contact birthday calendar right away as soon as the command is executed once - fixes #23203 2016-03-16 17:23:02 +01:00
Thomas Müller d188ed938c Merge pull request #23082 from owncloud/contacts_calendar_name_color
add title and color to birthday calendar
2016-03-16 17:17:21 +01:00