Commit Graph

7528 Commits

Author SHA1 Message Date
Roeland Jago Douma ab50f0b1de
Fix AppPassword 2FA auth
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-09-12 22:35:16 +02:00
Morris Jobke cb6178b828 Merge pull request #6443 from nextcloud/backport-6064-absolute-path-must-be-relative-to-files-on-theming-update
[stable12] Still throw a locked exception when the path is not relative to $user/files/
2017-09-12 10:03:29 +02:00
Morris Jobke 3aae3a54e5 Merge pull request #6446 from nextcloud/backport-6414-share-notification-wrong-language
[stable12] Use the language of the recipient for the share notification
2017-09-12 09:40:19 +02:00
Morris Jobke 0c43183ac9 Merge pull request #6442 from nextcloud/backport-6416-make-sure-sqlite-works-without-content
[stable12] Ask the schema whether the table and column exist
2017-09-11 23:20:58 +02:00
Joas Schilling 2a6855a76d
Use the language of the recipient for the share notification
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-11 11:28:20 +02:00
Joas Schilling d25ea6ae1c
Don't lock in the appdata_ directory
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-11 11:18:56 +02:00
Joas Schilling 9cae892974
Still throw a locked exception when the path is not relative to $user/files/
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-11 11:18:47 +02:00
Joas Schilling e88a4a0b3d
Fix Nextcloud 12 compatibility
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-11 11:14:33 +02:00
Joas Schilling 6fd01c3993
Ask the schema whether the table and column exist
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-11 11:08:58 +02:00
Christoph Wurst 55c7aa674c
Fix failing csp/nonce check due to timed out session
The CSP nonce is based on the CSRF token. This token does not change,
unless you log in (or out). In case of the session data being lost,
e.g. because php gets rid of old sessions, a new CSRF token is gen-
erated. While this is fine in theory, it actually caused some annoying
problems where the browser restored a tab and Nextcloud js was blocked
due to an outdated nonce.
The main problem here is that, while processing the request, we write
out security headers relatively early. At that point the CSRF token
is known/generated and transformed into a CSP nonce. During this request,
however, we also log the user in because the session information was
lost. At that point we also refresh the CSRF token, which eventually
causes the browser to block any scripts as the nonce in the header
does not match the one which is used to include scripts.
This patch adds a flag to indicate whether the CSRF token should be
refreshed or not. It is assumed that refreshing is only necessary
if we want to re-generate the session id too. To my knowledge, this
case only happens on fresh logins, not when we recover from a deleted
session file.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-09-11 10:08:06 +02:00
Joas Schilling 287ebb52d5
Don't log LDAP password when server is not available
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-07 09:26:40 +02:00
Roeland Jago Douma ef1c81188b Merge pull request #6319 from nextcloud/improve_2fa-12
[stable12] Improve 2FA
2017-09-06 20:07:46 +02:00
Lukas Reschke ad96c58e8b Merge pull request #6368 from nextcloud/backport-5436-fix-group-check
[stable12] Fix group check on share provider
2017-09-06 17:19:15 +02:00
Roeland Jago Douma dbcd549e35
Fix login with basic auth
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-09-06 17:07:11 +02:00
Jan-Philipp Litza b35c039b77
Fix 500 Internal Server Error on writing
In some not yet completely determined configurations, the following error could occur while writing a file:

Error: Call to a member function getUsers() on null
    /var/www/nextcloud/lib/private/Share20/Manager.php - line 1277: OC\Share20\DefaultShareProvider->getAccessList(Array, true)
    /var/www/nextcloud/lib/private/Share20/ShareHelper.php - line 51: OC\Share20\Manager->getAccessList(Object(OC\Files\Node\Folder), true, true)
    /var/www/nextcloud/apps/activity/lib/FilesHooks.php - line 616: OC\Share20\ShareHelper->getPathsForAccessList(Object(OC\Files\Node\File))
    /var/www/nextcloud/apps/activity/lib/FilesHooks.php - line 196: OCA\Activity\FilesHooks->getUserPathsFromPath('/path/to/file', 'user')
    /var/www/nextcloud/apps/activity/lib/FilesHooks.php - line 157: OCA\Activity\FilesHooks->addNotificationsForFileAction('/path/to/file', 'file_changed', 'changed_self', 'changed_by')
    /var/www/nextcloud/apps/activity/lib/FilesHooksStatic.php - line 55: OCA\Activity\FilesHooks->fileUpdate('/path/to/file')
    /var/www/nextcloud/lib/private/legacy/hook.php - line 106: OCA\Activity\FilesHooksStatic fileUpdate(Array)
    /var/www/nextcloud/lib/private/Files/View.php - line 1245: OC_Hook emit('OC_Filesystem', 'post_update', Array)
    /var/www/nextcloud/lib/private/Files/View.php - line 1173: OC\Files\View->runHooks(Array, '/path/to/file', true)
    /var/www/nextcloud/lib/private/Files/View.php - line 679: OC\Files\View->basicOperation('file_put_conten...', '/path/to/file', Array, '<?xml version="...')
    /var/www/nextcloud/lib/private/Files/Node/File.php - line 64: OC\Files\View->file_put_contents('/path/to/file', '<?xml version="...')
    [...]

Signed-off-by: Jan-Philipp Litza <janphilipp@litza.de>
2017-09-05 17:31:39 +02:00
Joas Schilling 6e7c37cbd3
Merge setMetaData into constructor
This ensures that the meta data is set in the beginning

Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-05 16:04:09 +02:00
Roeland Jago Douma faffebc718
Improve 2FA
* Store the auth state in the session so we don't have to query it every
time.
* Added some tests

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-31 10:54:10 +02:00
Bjoern Schiessle 181c77ca87
move repair step to stable12
because we decided to backport it the repair step needs to be executed
already on stable12

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-08-30 20:36:47 +02:00
Bjoern Schiessle 3e6833f5a6
add prefix to user and system keys to avoid name collisions
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-08-30 20:36:10 +02:00
Bjoern Schiessle 5f49398e13
extend the identity proof manager to allow system wide key pairs
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-08-30 20:36:10 +02:00
Lukas Reschke 5755897712
Inject \OCP\IURLGenerator to make tests work
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-30 14:42:50 +02:00
Lukas Reschke 245080e647
Properly allow \OCP\Authentication\IApacheBackend to specify logout URL
Any `\OCP\Authentication\IApacheBackend` previously had to implement `getLogoutAttribute` which returns a string.
This string is directly injected into the logout `<a>` tag, so returning something like `href="foo"` would result
in `<a href="foo">`.

This is rather error prone and also in Nextcloud 12 broken as the logout entry has been moved with
054e161eb5 inside the navigation manager where one cannot simply inject attributes.

Thus this feature is broken in Nextcloud 12 which effectively leads to the bug described at nextcloud/user_saml#112,
people cannot logout anymore when using SAML using SLO. Basically in case of SAML you have a SLO url which redirects
you to the IdP and properly logs you out there as well.

Instead of monkey patching the Navigation manager I decided to instead change `\OCP\Authentication\IApacheBackend` to
use `\OCP\Authentication\IApacheBackend::getLogoutUrl` instead where it can return a string with the appropriate logout
URL. Since this functionality is only prominently used in the SAML plugin. Any custom app would need a small change but
I'm not aware of any and there's simply no way to fix this properly otherwise.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-30 14:42:46 +02:00
Morris Jobke 7fd3068184
Add shareWith to email template metadata
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-08-29 16:05:12 +02:00
Morris Jobke 6f9c3ab8a6
Allow the expiration date to be set to null
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-08-28 17:47:51 +02:00
Joas Schilling 7df1ddcf2c
Add meta information to emails for better customisation
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-28 17:33:35 +02:00
Maxence Lange 0d4803e6dc using CircleProvider on token
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2017-08-23 16:58:32 +02:00
Roeland Jago Douma a62620feeb Merge pull request #6148 from nextcloud/backport-6047-select-indexed-columns
[stable12] Use indexed column path_hash to find the parent
2017-08-23 15:58:59 +02:00
Lukas Reschke 179b850e4d
Ensure log message is UTF-8 encoded
PHP's json_encode only accept proper UTF-8 strings, loop over all
elements to ensure that they are properly UTF-8 compliant or convert
them manually.

Without this somebody passing an invalid User Agent may make json_encode
return false which will get logged as empty newline.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-21 10:21:54 +02:00
Joas Schilling ccb758ade3
Use indexed column path_hash to find the parent
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-16 10:49:30 +02:00
Roeland Jago Douma 745ad2f323
Fix copy from jailed storage
If we have a jailed storage we must also fix the internal path on copy.
Else we pass in the wrong path.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-10 08:07:00 +02:00
Morris Jobke 3f8e3fbb6b Merge pull request #5946 from nextcloud/12-5897
[stable12] Send an email once a file/folder is shared with a user
2017-08-08 16:36:46 +02:00
Morris Jobke e11dcfcf9e Merge pull request #5966 from nextcloud/backport-oracle
[stable12] Fix oracle db
2017-08-08 16:34:25 +02:00
Morris Jobke bf4283bce8 Merge pull request #5945 from nextcloud/stable12_5836
[stable12] Empty search no longer works
2017-08-08 10:41:05 +02:00
Morris Jobke 3313c682bf Merge pull request #5925 from derkostka/patch-1
[stable12] Removed cast to integer in getSize
2017-08-08 10:40:09 +02:00
Joas Schilling 0476de0674
Don't throw an error when the table doesn't exist
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-07 09:43:45 +02:00
Joas Schilling 3a111adc33
Add a method to compare empty strings with an expression
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-03 16:41:03 +02:00
Joas Schilling 4f31860fd6
Fix repair step for oracle...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-03 16:40:54 +02:00
Joas Schilling d6e902fd03
Fix last failures with oracle
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-03 16:40:46 +02:00
Joas Schilling bb30b876ae
Fix ILIKE regex for oracle
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-03 16:40:26 +02:00
Joas Schilling c9430fbb77
Fix auth provider
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-03 16:40:17 +02:00
Joas Schilling 54a4aa9315
Use selectAlias()
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-03 16:40:10 +02:00
Joas Schilling d6b888461d
Can not insert auto increment on oracle
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-03 16:40:00 +02:00
Joas Schilling 5d7cab245f
Fix clob comparison
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-03 16:39:41 +02:00
Joas Schilling 5eef54c636
Quote aliases as well
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-03 16:39:21 +02:00
Joas Schilling daa3cfcb70
Oracle does not support PDO::FETCH_KEY_PAIR
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-03 16:37:06 +02:00
Morris Jobke cf16087585 Disable default activity email for incoming shares
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-08-02 20:57:12 +02:00
Morris Jobke 1ef19bb0ec Send an email once a file/folder is shared with a user
* only if user has set an email address
* only for user shares (no group shares for now)

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-08-01 15:17:32 +02:00
Roeland Jago Douma e73f46e344
Empty search no longer works
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-01 13:29:17 +02:00
Sebastian Kostka 09b120c6da [Stable 12] Removed cast to integer in getSize
Fixes - Wrong or no sizes of files/folders #5031 for 32-bit systems a direct cast to integer causes problems.
Backport from #5744

Signed-off-by: Sebastian Kostka <sebastian.kostka@gmail.com>
2017-07-29 07:40:13 +02:00
Lukas Reschke 7425316b29 Merge pull request #5919 from nextcloud/add-brackets-on-concat-method
Add brackets around concat statements so comparing the result works a…
2017-07-28 15:35:49 +02:00