Commit Graph

265 Commits

Author SHA1 Message Date
Vincent Petry 3cae0135ad Fire prehooks when uploading directly to storage 2015-05-13 17:47:04 +02:00
Robin Appelman 11e1acd8ec fix webdav quota check for the root of the dav endpoint 2015-05-12 14:02:27 +02:00
Robin Appelman 06a65fab13 use cross storage move when renaming the part file during webdav put 2015-05-07 14:28:31 +02:00
Robin Appelman 2e897f05b1 triger propagation for webdav uploads
use post hooks for share etag propagator
2015-04-27 14:07:16 +02:00
Lukas Reschke b9df932e3c Merge pull request #15683 from owncloud/block-legacy-clients
Block old legacy clients
2015-04-24 18:21:10 +02:00
Lukas Reschke ab9ea97d3a Catch not existing User-Agent header
In case of an not sent UA header consider the client as valid
2015-04-23 16:33:51 +02:00
Lukas Reschke ed0b465cf9 Use 403 instead a 50x response 2015-04-20 12:53:40 +02:00
Lukas Reschke 4ea205e262 Block old legacy clients
This Pull Request introduces a SabreDAV plugin that will block all older clients than 1.6.1 to connect and sync with the ownCloud instance.

This has multiple reasons:

1. Old ownCloud client versions before 1.6.0 are not properly working with sticky cookies for load balancers and thus generating sessions en masse
2. Old ownCloud client versions tend to be horrible buggy

In some cases we had in 80minutes about 10'000 sessions created by a single user. While this change set does not really "fix" the problem as 3rdparty legacy clients are affected as well, it is a good work-around and hopefully should force users to update their client
2015-04-20 11:12:17 +02:00
Vincent Petry ffc796edcb Do not trash part files, delete directly 2015-04-21 18:28:15 +02:00
Morris Jobke e33e5b425a Merge pull request #12006 from owncloud/dav-put-storage
Work directly on the storage when uploading over webdav
2015-04-15 03:08:52 +02:00
Robin Appelman eeecca04e6 Keep phpdoc updated. 2015-04-14 16:25:52 +02:00
Robin Appelman 308af8b909 pass a stream to the tests 2015-04-14 15:25:52 +02:00
Robin Appelman 2fd44dbde4 rewind and update error message 2015-04-13 14:14:48 +02:00
Robin Appelman dcfe014103 use our own stream copy instead 2015-04-13 14:13:21 +02:00
Robin Appelman 8af106cc75 block webdav in single user mode 2015-04-09 15:56:41 +02:00
Robin Appelman cbcee34eb0 update tests 2015-04-09 14:46:25 +02:00
Robin Appelman 6a59502759 Work directly on the storage when uploading over webdav 2015-04-08 14:04:58 +02:00
Thomas Müller 161d80da5b In case of encryption exceptions we return 503 - this will allow the client to retry 2015-04-07 14:17:42 +02:00
Thomas Müller 664b2bb7af cleaning up exception mess 2015-04-07 13:30:30 +02:00
Thomas Müller bf809ac85a Removing left overs from old encryption app 2015-04-07 13:30:29 +02:00
Thomas Müller dbdd754c3f Further cleanup of files_encryption 2015-04-07 13:30:28 +02:00
Thomas Müller 00338f9dca Removing files_encryption left overs 2015-04-07 13:30:28 +02:00
Vincent Petry 7ad4dfa201 Merge pull request #15227 from owncloud/ocetag-header
Copy Etag header to OC-Etag for sabre calls
2015-03-27 13:10:27 +01:00
Morris Jobke e8109f0bc3 Merge pull request #13802 from owncloud/share-partfilepermissions
Fix share permission checks
2015-03-26 22:01:05 +01:00
Lukas Reschke 8ebe667202 Remove unneeded argument 2015-03-26 20:45:39 +01:00
Lukas Reschke 55fd0082aa Serve all files with a Content-Disposition of 'attachment' via WebDAV
As an additional security hardening it's sensible to serve these files with a Content-Disposition of 'attachment'. Currently they are served 'inline' and get a "secure mimetype" assigned in case of potential dangerous files.

To test this change ensure that:

- [ ] Syncing with the Desktop client still works
- [ ] Syncing with the Android client still works
- [ ] Syncing with the iOS client still works

I verified that the 1.8 OS X and iOS client still work with this change.
2015-03-26 20:01:05 +01:00
Vincent Petry 70acd58336 Copy Etag header to OC-Etag for sabre calls 2015-03-26 16:06:43 +01:00
Vincent Petry a84ade5f32 Revert "adding OC-ETag header"
This reverts commit 30ee8b6f99.
2015-03-26 15:04:41 +01:00
Vincent Petry daceb1a9ac Revert "adding unit tests"
This reverts commit 8d327c94a8.
2015-03-26 15:04:36 +01:00
Vincent Petry cda7f7fd61 Merge pull request #15168 from owncloud/oc-etag-master
adding OC-ETag header
2015-03-26 13:52:43 +01:00
Jenkins for ownCloud b585d87d9d Update license headers 2015-03-26 11:44:36 +01:00
Thomas Müller 8d327c94a8 adding unit tests 2015-03-26 10:49:26 +01:00
Thomas Müller 43beaba0dc Merge pull request #15171 from owncloud/sabre-logforbiddenasdebug
Log forbidden in debug level
2015-03-24 23:31:35 +01:00
Lukas Reschke ec12f5e019 Merge pull request #14949 from owncloud/sabre-2.1.3
Update sabre-2.1.3 thirdparty submodule
2015-03-24 23:16:57 +01:00
Vincent Petry 72c1c89bcd Log forbidden in debug level 2015-03-24 22:08:11 +01:00
Thomas Müller 30ee8b6f99 adding OC-ETag header 2015-03-24 21:36:46 +01:00
Vincent Petry 331f0196e0 Merge pull request #15150 from owncloud/sabre-removerangeexceptionforencryption
Remove range header exception for encryption
2015-03-24 14:29:01 +01:00
jknockaert a1b68b5a48 Remove range header exception for encryption
revert #10422
2015-03-24 13:19:49 +01:00
Vincent Petry eb894e6625 Soft fail in CustomPropertiesBackend whenever storage not available
When a storage is not available, it will not fail the whole call any
more but still return a usable file list.
2015-03-23 17:41:32 +01:00
Vincent Petry 5ba508b346 Fix permission checks in Sabre connector
This fixes moving files in and out of shared folders with some exotic
permission combinations.
2015-03-19 21:18:48 +01:00
Vincent Petry 50194c31b4 Soft fail in custom properties backend
This makes it possible for clients to still receive a file list (minus
the broken files) instead of getting no list at all
2015-03-18 12:36:37 +01:00
Vincent Petry 5ea8ab3bb0 Fix Principal connector override 2015-03-17 12:22:29 +01:00
Thomas Müller 0f3e36fdfd Adding a more meaningful message for sabre dav exception - fixes #14516 2015-03-11 11:53:31 +01:00
Thomas Müller 49e1a81eba fixing namespaces and PHPDoc 2015-03-09 10:38:37 +01:00
Thomas Müller 4bac595068 adding storage specific filename verification - refs #13640 2015-03-09 10:38:37 +01:00
Thomas Müller f72f9e0159 Merge pull request #14530 from owncloud/revert-14403
Revert "Updating license headers"
2015-02-27 00:39:29 -08:00
Morris Jobke 522469614b Merge pull request #14505 from owncloud/dav-copy-fix
Fixes WebDAV copy
2015-02-26 15:42:53 +01:00
Morris Jobke 06aef4e8b1 Revert "Updating license headers"
This reverts commit 6a1a4880f0.
2015-02-26 11:37:37 +01:00
Vincent Petry ae2f37ac06 Removed unused $node variable 2015-02-26 11:16:42 +01:00
Vincent Petry f39fcbc250 Fixes WebDAV copy
- added existence check for source argument
- removed extra logic for folders, as $view->copy() already supports
  that internally
2015-02-25 16:35:13 +01:00
Thomas Müller e9d25e4fdb using Doctrine\DBAL\Connection::executeUpdate() 2015-02-25 13:43:26 +01:00
Thomas Müller b3de86d851 Remove locks plugin.
Reasoning:
- a WebDAV server is not required to implement locking support
- WebDAV Locking is know to break the sync algorithm
- the current lock implementation is known to be broken (locks are not moved if a file is moved, locks on shared files don't work)
2015-02-25 10:30:47 +01:00
Lukas Reschke 432d7be8cc Show a empty response for GET on non-files instead of the Browser Plugin 2015-02-23 22:27:23 +01:00
Vincent Petry 9f6dcb9d3e Sabre Update to 2.1
- VObject fixes for Sabre\VObject 3.3
- Remove VObject property workarounds
- Added prefetching for tags in sabre tags plugin
- Moved oc_properties logic to separate PropertyStorage backend (WIP)
- Fixed Sabre connector namespaces
- Improved files plugin to handle props on-demand
- Moved allowed props from server class to files plugin
- Fixed tags caching for files that are known to have no tags
  (less queries)
- Added/fixed unit tests for Sabre FilesPlugin, TagsPlugin
- Replace OC\Connector\Sabre\Request with direct call to
  httpRequest->setUrl()
- Fix exception detection in DAV client when using Sabre\DAV\Client
- Added setETag() on Node instead of using the static FileSystem
- Also preload tags/props when depth is infinity
2015-02-23 22:27:23 +01:00
Thomas Müller df3c73de72 Merge pull request #14403 from owncloud/update-license-headers
Update license headers
2015-02-23 13:53:16 +01:00
Jenkins for ownCloud 6a1a4880f0 Updating license headers 2015-02-23 12:13:59 +01:00
Lukas Reschke 9a08c7ecb9 Merge pull request #14275 from chris-se/master
DAV authentication: use Owncloud's internal user instead of HTTP auth one
2015-02-23 10:25:13 +01:00
Morris Jobke 5d7d2adcbf Merge pull request #14207 from owncloud/propfind-optimize
Optimize quota calculation for propfind
2015-02-18 00:18:47 +01:00
Christian Seiler 535757bc42 DAV authentication: also use Owncloud's internal user for short-circuit
It still works otherwise, but without this, the performance optimization
of #13416 is defeated in these situations.
2015-02-16 23:47:39 +01:00
Christian Seiler 1377ebc7e9 DAV authentication: use Owncloud's internal user instead of HTTP-supplied one
Fixes: #14048, #14104, calendar#712
2015-02-16 23:34:49 +01:00
Lukas Reschke 886bda5f81 Refactor OC_Request into TrustedDomainHelper and IRequest
This changeset removes the static class `OC_Request` and moves the functions either into `IRequest` which is accessible via `\OC::$server::->getRequest()` or into a separated `TrustedDomainHelper` class for some helper methods which should not be publicly exposed.

This changes only internal methods and nothing on the public API. Some public functions in `util.php` have been deprecated though in favour of the new non-static functions.

Unfortunately some part of this code uses things like `__DIR__` and thus is not completely unit-testable. Where tests where possible they ahve been added though.

Fixes https://github.com/owncloud/core/issues/13976 which was requested in https://github.com/owncloud/core/pull/13973#issuecomment-73492969
2015-02-16 22:13:00 +01:00
Robin Appelman 9abaa0cc61 pass fileinfo to getStorageInfo 2015-02-13 17:59:58 +01:00
Robin Appelman fb2a3284df Cache quota info for directories 2015-02-13 17:50:53 +01:00
Vincent Petry 8210200770 Revert "adding OC-ETag header"
This reverts commit 96a931929e.
2015-02-05 20:43:37 +01:00
Robin Appelman 05035ef4af Fix webdav put for single file webdav shares 2015-01-29 12:47:12 +01:00
Thomas Müller b7cf4d551e let init() take an INode - fixes PHP message 2015-01-27 11:31:37 +01:00
Lukas Reschke 476579b9c6 Fix WebDAV auth for session authentication only
\Sabre\DAV\Auth\Backend\AbstractBasic::authenticate was only calling \OC_Connector_Sabre_Auth::validateUserPass when the response of \Sabre\HTTP\BasicAuth::getUserPass was not null.

However, there is a case where the value can be null and the user could be authenticated anyways: The authentication via ownCloud web-interface and then accessing WebDAV resources. This was not possible anymore with this patch because it never reached the code path in this scenario.

This patchs allows authenticating with a session without isDavAuthenticated value stored (this is for ugly WebDAV clients that send the cookie in any case) and thus the functionality should work again.

To test this go to the admin settings and test if the WebDAV check works fine. Furthermore all the usual stuff (WebDAV / Shibboleth / etc...) needs testing as well.
2015-01-20 10:03:14 +01:00
Lukas Reschke 730460c9fa Close session properly 2015-01-19 16:25:44 +01:00
Lukas Reschke dfbc405a45 Prioritise Basic Auth header over Cookie
There are a lot of clients that support multiple WebDAV accounts in the same application. However, they resent all the cookies they received from one of the accounts also to the other one. In the case of ownCloud this means that we will always show the user from the session and not the user that is specified in the basic authentication header.

This patch adds a workaround the following way:

1. If the user authenticates via the Sabre Auth Connector add a hint to the session that this was authorized via Basic Auth (this is to prevent logout CSRF)
2. If the request contains this hint and the username specified in the basic auth header differs from the one in the session relogin the user using basic auth

Fixes https://github.com/owncloud/core/issues/11400 and https://github.com/owncloud/core/issues/13245 and probably some other issues as well.

This requires proper testing also considering LDAP / Shibboleth and whatever instances.
2015-01-17 13:29:07 +01:00
Thomas Müller 5f171618fd remove unused variable and fix undefined variable 2015-01-08 09:46:40 +01:00
Vincent Petry 2e57fe93e4 Disable part files for OC ext storage backend + s2s backend
When uploading files to an OC ext storage backend or when using server
to server sharing storage, part files aren't needed because the backend
already has its own part files and takes care of the final atomic rename
operation.

This also fixes issues when using two encrypted ownCloud instances where
one mounts the other either as external storage (ownCloud backend) or
through server to server sharing.
2015-01-07 21:21:51 +01:00
Chris Wilson 402a3ed146 Improve debugging for ServiceUnavailable exceptions
I was getting a lot of these in my logs for no apparent reason, and file
uploads were failing:

	{"app":"webdav","message":"Sabre\\DAV\\Exception\\ServiceUnavailable: ","level":4,"time":"2015-01-06T15:33:39+00:00"}

In order to debug it, I had to add unique messages to all the places where
this exception was thrown, to identify which one it was, and that made the
logs much more useful:

	{"app":"webdav","message":"Sabre\\DAV\\Exception\\ServiceUnavailable: Encryption is disabled","level":4,"time":"2015-01-06T15:36:47+00:00"}
2015-01-06 15:59:38 +00:00
Lukas Reschke 0ed00bca43 Use namespace 2015-01-05 09:54:14 +01:00
Lukas Reschke 556c9b6f46 Write unit-tests and use DI 2015-01-05 09:54:12 +01:00
Lukas Reschke f2ddd565e8 Fix code-style 2015-01-05 09:53:01 +01:00
derkostka deedfad050 fix "app":"PHP","message":"Undefined variable: user at/principal.php#66"
changed variable #user to #name
2015-01-04 17:07:33 +01:00
Thomas Müller 81243b0f5d adding getDirectDownload() to Wrapper 2014-12-28 17:17:14 +01:00
Thomas Müller 5b00bc1d6e Adding basement for the direct download url 2014-12-28 17:17:14 +01:00
Morris Jobke 39d6ddd38a Merge pull request #12865 from owncloud/files-tags-webdav
Returns tags through WebDAV
2014-12-19 09:33:28 +01:00
Vincent Petry 6224e29f25 Fix code style issues for tags plugin 2014-12-18 16:43:00 +01:00
Vincent Petry 3c67900421 Remove obsolete method 2014-12-18 16:04:36 +01:00
Vincent Petry 0b3f0716fc Returns and update tags through WebDAV PROPFIND and PROPPATCH
Added oc:tags and oc:favorites in PROPFIND response.
It is possible to update them with PROPPATCH.
These properties are optional which means they need to be requested
explicitly
2014-12-17 16:50:35 +01:00
Robin Appelman fd85424742 Add getMountPoint to FileInfo 2014-12-17 14:03:50 +01:00
Joas Schilling 78a307995c Fix namespace of Files_Encryption outside of the app 2014-12-09 09:47:26 +01:00
Robin Appelman 0b630a37ab Fix type hinting for app manager 2014-11-18 12:22:13 +01:00
Robin Appelman 7cb12d4bff Add sabredav plugin to check if a user has access to an app 2014-11-17 15:50:24 +01:00
Vincent Petry 0b2c24081f Return real mime type on PROPFIND
Return the real (insecure) mime type on PROPFIND
2014-11-11 15:42:50 +01:00
Vincent Petry 9b99c1d6f0 Merge pull request #12072 from owncloud/sabre-convertstoragenotavailableexception-secondtry
Convert StorageNotAvailableException to SabreDAV exception
2014-11-10 12:52:52 +01:00
Vincent Petry cccedf6f30 Convert StorageNotAvailableException to SabreDAV exception
Convert \OCP\Files\StorageNotAvailableException to
\Sabre\DAV\Exception\ServiceUnavailable for every file/directory
operation happening inside of SabreDAV.

This is necessary to avoid having the exception bubble up to remote.php
which would return an exception page instead of an appropriate response.
2014-11-10 12:01:24 +01:00
Bjoern Schiessle a10ae2816e clean up encryption exceptions 2014-11-07 13:48:31 +01:00
Bjoern Schiessle c2a45c1238 throw exception if private key is missing 2014-11-05 13:05:46 +01:00
Morris Jobke 56cf1d9d27 fix odd behaviour 2014-10-31 18:46:47 +01:00
Vincent Petry fd4b97d758 Merge pull request #9044 from owncloud/add-missing-email-principal
adding missing email address for principal
2014-10-31 13:24:42 +01:00
Vincent Petry 21d825ed6c Properly catch 503 storage not available in getQuotaInfo
When doing a PROPFIND on the root and one of the mount points is not
available, the returned quota attributes will now be zero.

This fix prevents the expected exception to make the whole call fail.
2014-10-27 16:27:12 +01:00
libasys cbd130bed0 adding missing email address for principal
* fix #8515
* add mail only if it exists
2014-10-24 11:12:23 +02:00
Robin Appelman 19de425a50 Use the cached fileinfo to get creatable permissions 2014-10-13 13:09:05 +02:00
Robin Appelman 10c350b895 Fix dav permissions for folders without create permissions 2014-09-25 14:01:19 +02:00
Morris Jobke f970c81b1e Merge pull request #11215 from owncloud/dav-throwwhendeletefailed
WebDAV now throws 403 when deletion did not work
2014-09-23 00:49:30 +02:00
Vincent Petry 470c25eff4 WebDAV now throws 403 when deletion did not work
Assume a permission issue whenever a file could not be deleted.

This is because some storages are not able to return permissions, so a
permission denied situation can only be triggered during direct
deletion.
2014-09-22 13:15:17 +02:00
Thomas Müller 8abf786af9 Merge pull request #10499 from owncloud/mkcol-headers-afterbind
Use afterBind to send fileId header for files and directories
2014-09-22 10:02:03 +02:00