Commit Graph

14198 Commits

Author SHA1 Message Date
Nextcloud bot 99916a9bda
[tx-robot] updated from transifex 2017-09-15 00:08:17 +00:00
Nextcloud bot a7f3fadd37
[tx-robot] updated from transifex 2017-09-14 00:08:21 +00:00
Nextcloud bot 51c110dd66
[tx-robot] updated from transifex 2017-09-13 00:08:21 +00:00
Roeland Jago Douma ab50f0b1de
Fix AppPassword 2FA auth
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-09-12 22:35:16 +02:00
Morris Jobke cb6178b828 Merge pull request #6443 from nextcloud/backport-6064-absolute-path-must-be-relative-to-files-on-theming-update
[stable12] Still throw a locked exception when the path is not relative to $user/files/
2017-09-12 10:03:29 +02:00
Morris Jobke 3aae3a54e5 Merge pull request #6446 from nextcloud/backport-6414-share-notification-wrong-language
[stable12] Use the language of the recipient for the share notification
2017-09-12 09:40:19 +02:00
Morris Jobke 0c43183ac9 Merge pull request #6442 from nextcloud/backport-6416-make-sure-sqlite-works-without-content
[stable12] Ask the schema whether the table and column exist
2017-09-11 23:20:58 +02:00
Joas Schilling 2a6855a76d
Use the language of the recipient for the share notification
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-11 11:28:20 +02:00
Joas Schilling d25ea6ae1c
Don't lock in the appdata_ directory
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-11 11:18:56 +02:00
Joas Schilling 9cae892974
Still throw a locked exception when the path is not relative to $user/files/
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-11 11:18:47 +02:00
Joas Schilling e88a4a0b3d
Fix Nextcloud 12 compatibility
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-11 11:14:33 +02:00
Joas Schilling 6fd01c3993
Ask the schema whether the table and column exist
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-11 11:08:58 +02:00
Christoph Wurst 55c7aa674c
Fix failing csp/nonce check due to timed out session
The CSP nonce is based on the CSRF token. This token does not change,
unless you log in (or out). In case of the session data being lost,
e.g. because php gets rid of old sessions, a new CSRF token is gen-
erated. While this is fine in theory, it actually caused some annoying
problems where the browser restored a tab and Nextcloud js was blocked
due to an outdated nonce.
The main problem here is that, while processing the request, we write
out security headers relatively early. At that point the CSRF token
is known/generated and transformed into a CSP nonce. During this request,
however, we also log the user in because the session information was
lost. At that point we also refresh the CSRF token, which eventually
causes the browser to block any scripts as the nonce in the header
does not match the one which is used to include scripts.
This patch adds a flag to indicate whether the CSRF token should be
refreshed or not. It is assumed that refreshing is only necessary
if we want to re-generate the session id too. To my knowledge, this
case only happens on fresh logins, not when we recover from a deleted
session file.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-09-11 10:08:06 +02:00
Nextcloud bot 985cbc6b33
[tx-robot] updated from transifex 2017-09-10 00:08:33 +00:00
Nextcloud bot ac96dc80de
[tx-robot] updated from transifex 2017-09-08 00:08:25 +00:00
Joas Schilling 287ebb52d5
Don't log LDAP password when server is not available
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-07 09:26:40 +02:00
Roeland Jago Douma ef1c81188b Merge pull request #6319 from nextcloud/improve_2fa-12
[stable12] Improve 2FA
2017-09-06 20:07:46 +02:00
Lukas Reschke ad96c58e8b Merge pull request #6368 from nextcloud/backport-5436-fix-group-check
[stable12] Fix group check on share provider
2017-09-06 17:19:15 +02:00
Roeland Jago Douma dbcd549e35
Fix login with basic auth
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-09-06 17:07:11 +02:00
Nextcloud bot ba71df12cc
[tx-robot] updated from transifex 2017-09-06 00:08:30 +00:00
Jan-Philipp Litza b35c039b77
Fix 500 Internal Server Error on writing
In some not yet completely determined configurations, the following error could occur while writing a file:

Error: Call to a member function getUsers() on null
    /var/www/nextcloud/lib/private/Share20/Manager.php - line 1277: OC\Share20\DefaultShareProvider->getAccessList(Array, true)
    /var/www/nextcloud/lib/private/Share20/ShareHelper.php - line 51: OC\Share20\Manager->getAccessList(Object(OC\Files\Node\Folder), true, true)
    /var/www/nextcloud/apps/activity/lib/FilesHooks.php - line 616: OC\Share20\ShareHelper->getPathsForAccessList(Object(OC\Files\Node\File))
    /var/www/nextcloud/apps/activity/lib/FilesHooks.php - line 196: OCA\Activity\FilesHooks->getUserPathsFromPath('/path/to/file', 'user')
    /var/www/nextcloud/apps/activity/lib/FilesHooks.php - line 157: OCA\Activity\FilesHooks->addNotificationsForFileAction('/path/to/file', 'file_changed', 'changed_self', 'changed_by')
    /var/www/nextcloud/apps/activity/lib/FilesHooksStatic.php - line 55: OCA\Activity\FilesHooks->fileUpdate('/path/to/file')
    /var/www/nextcloud/lib/private/legacy/hook.php - line 106: OCA\Activity\FilesHooksStatic fileUpdate(Array)
    /var/www/nextcloud/lib/private/Files/View.php - line 1245: OC_Hook emit('OC_Filesystem', 'post_update', Array)
    /var/www/nextcloud/lib/private/Files/View.php - line 1173: OC\Files\View->runHooks(Array, '/path/to/file', true)
    /var/www/nextcloud/lib/private/Files/View.php - line 679: OC\Files\View->basicOperation('file_put_conten...', '/path/to/file', Array, '<?xml version="...')
    /var/www/nextcloud/lib/private/Files/Node/File.php - line 64: OC\Files\View->file_put_contents('/path/to/file', '<?xml version="...')
    [...]

Signed-off-by: Jan-Philipp Litza <janphilipp@litza.de>
2017-09-05 17:31:39 +02:00
Joas Schilling 6e7c37cbd3
Merge setMetaData into constructor
This ensures that the meta data is set in the beginning

Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-05 16:04:09 +02:00
Nextcloud bot fe2f9ac7ce
[tx-robot] updated from transifex 2017-09-02 00:08:39 +00:00
Roeland Jago Douma faffebc718
Improve 2FA
* Store the auth state in the session so we don't have to query it every
time.
* Added some tests

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-31 10:54:10 +02:00
Nextcloud bot 0ba7914d0c
[tx-robot] updated from transifex 2017-08-31 00:08:40 +00:00
Bjoern Schiessle b53587cf8d
update autoloader
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-08-30 20:36:48 +02:00
Bjoern Schiessle 181c77ca87
move repair step to stable12
because we decided to backport it the repair step needs to be executed
already on stable12

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-08-30 20:36:47 +02:00
Bjoern Schiessle 3e6833f5a6
add prefix to user and system keys to avoid name collisions
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-08-30 20:36:10 +02:00
Bjoern Schiessle 5f49398e13
extend the identity proof manager to allow system wide key pairs
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-08-30 20:36:10 +02:00
Lukas Reschke 5755897712
Inject \OCP\IURLGenerator to make tests work
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-30 14:42:50 +02:00
Lukas Reschke 245080e647
Properly allow \OCP\Authentication\IApacheBackend to specify logout URL
Any `\OCP\Authentication\IApacheBackend` previously had to implement `getLogoutAttribute` which returns a string.
This string is directly injected into the logout `<a>` tag, so returning something like `href="foo"` would result
in `<a href="foo">`.

This is rather error prone and also in Nextcloud 12 broken as the logout entry has been moved with
054e161eb5 inside the navigation manager where one cannot simply inject attributes.

Thus this feature is broken in Nextcloud 12 which effectively leads to the bug described at nextcloud/user_saml#112,
people cannot logout anymore when using SAML using SLO. Basically in case of SAML you have a SLO url which redirects
you to the IdP and properly logs you out there as well.

Instead of monkey patching the Navigation manager I decided to instead change `\OCP\Authentication\IApacheBackend` to
use `\OCP\Authentication\IApacheBackend::getLogoutUrl` instead where it can return a string with the appropriate logout
URL. Since this functionality is only prominently used in the SAML plugin. Any custom app would need a small change but
I'm not aware of any and there's simply no way to fix this properly otherwise.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-30 14:42:46 +02:00
Nextcloud bot c13a06b7a5
[tx-robot] updated from transifex 2017-08-30 00:08:36 +00:00
Morris Jobke 7fd3068184
Add shareWith to email template metadata
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-08-29 16:05:12 +02:00
Nextcloud bot a6ea872b1f
[tx-robot] updated from transifex 2017-08-29 00:08:37 +00:00
Morris Jobke 6f9c3ab8a6
Allow the expiration date to be set to null
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-08-28 17:47:51 +02:00
Joas Schilling 7df1ddcf2c
Add meta information to emails for better customisation
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-28 17:33:35 +02:00
Nextcloud bot eb71c1288d
[tx-robot] updated from transifex 2017-08-28 00:08:33 +00:00
Roeland Jago Douma f29384a057 Merge pull request #6243 from nextcloud/stable12-circles-token
using CircleProvider on token
2017-08-26 13:49:25 +02:00
Nextcloud bot 2c6bc236cb
[tx-robot] updated from transifex 2017-08-26 00:08:36 +00:00
Nextcloud bot 992c91e288
[tx-robot] updated from transifex 2017-08-25 00:09:08 +00:00
Nextcloud bot 9baf03d28c
[tx-robot] updated from transifex 2017-08-24 00:09:00 +00:00
Maxence Lange 0d4803e6dc using CircleProvider on token
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2017-08-23 16:58:32 +02:00
Roeland Jago Douma 9b3e70f554 Merge pull request #6151 from nextcloud/backport-6099-no-exception-on-sharee-error
[stable12] Catch exceptions on error of cloud id resolution
2017-08-23 15:59:33 +02:00
Roeland Jago Douma a62620feeb Merge pull request #6148 from nextcloud/backport-6047-select-indexed-columns
[stable12] Use indexed column path_hash to find the parent
2017-08-23 15:58:59 +02:00
Nextcloud bot 8f20b4566a
[tx-robot] updated from transifex 2017-08-23 00:09:04 +00:00
Roeland Jago Douma efdf1a4bb5 Merge pull request #6197 from nextcloud/stable12-check-encoding-log
[Stable12] check encoding log
2017-08-22 09:09:35 +02:00
Nextcloud bot 8e8af07e79
[tx-robot] updated from transifex 2017-08-22 00:08:29 +00:00
Lukas Reschke 179b850e4d
Ensure log message is UTF-8 encoded
PHP's json_encode only accept proper UTF-8 strings, loop over all
elements to ensure that they are properly UTF-8 compliant or convert
them manually.

Without this somebody passing an invalid User Agent may make json_encode
return false which will get logged as empty newline.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-21 10:21:54 +02:00
Nextcloud bot de8fe9cbd9
[tx-robot] updated from transifex 2017-08-21 00:08:22 +00:00
Nextcloud bot 6ea56593a7
[tx-robot] updated from transifex 2017-08-20 00:08:24 +00:00