We have a function for it so better to override that. Also because other
codes that might check this should get the right value.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Exposing the encrypted property is required for E2E. However, there is
no need to expose this on files as then it is server side encryption
(which the clients don't care about).
Better to not confuse the output.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Add a "searchPrincipals" function to the NC principal backend.
Fix the "findByUri" function to respect the prefixPath.
Signed-off-by: Christoph Seitz <christoph.seitz@posteo.de>
We have to double check. Since getting the info of the root returns a
generic entry. But actually the stroage is not available. Else we get
very weird sync and web behavior.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
There was only one call, that actually needed the parameter to be set to true. So this change moved the print of the page to that location and replaces all other occurences with a direct call to the underlying OCP API.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
In PHP 7.X hexadecimal notation support was removed from "is_numeric",
so "sanitizeMtime" directly rejected those values; in PHP 5.X, on the
other hand, "sanitizeMtime" returned 0 when a string with hexadecimal
notation was given (as it was the behaviour of "intval"). To provide a
consistent behaviour between PHP versions, and given that it does not
make much sense to send X-OC-MTime in hexadecimal notation, now
X-OC-MTime is always rejected if given as a string with hexadecimal
notation.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Directly calling "header" in the PHPUnit process causes the "Cannot
modify header information - headers already sent by" error to be thrown.
Instead of running the test in a separate process, which is slower, this
commit wraps the call to "header" in a method that can be mocked in the
tests.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
This will be used in a following commit to test how the X-OC-MTime
header is handled.
This commit is based on the "make File::put() more testable" commit
(included in 018d45cad97e0) from ownCloud by Artur Neumann.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
This commit extends the changes introduced in pull request #3793 also to
chunked uploads.
The "sanitizeMTime" method name is the same used in the equivalent pull
request to this one from ownCloud (28066).
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Until now it was safe to assume that every file was readable by its
owner, so there was no need to return whether the file was readable or
not. However, with the introduction of end to end encryption that is no
longer the case, and it is now necessary to explicitly provide that
information.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Overrides \Sabre\DAV\Auth\Backend\AbstractBearer::challenge to prevent sending a second WWW-Authenticate header which is standard-compliant but most DAV clients simply fail hard.
Fixes https://github.com/nextcloud/server/issues/5088
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Sabre usually deletes the target node on MOVE before proceeding with the
actual move operation. This fix prevents this to happen in case the
source node is a FutureFile.
Need to fetch the node earlier because cancelling from within the
handler is not possible. Well, it is but it prevents other node types
using the same property names to run because the failure marks the
property with status 403.
If a group contains a slash the principal URI becomes
principals/groups/foo/bar. Now the URI is plit on '/' so this creates
issues ;)
Fixes#2957
* Add tests for groups with /
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Single user mode basically disables WebDAV, OCS and cron execution. Since
we heavily rely on WebDAV and OCS also in the web UI it's basically useless.
An admin only sees a broken interface and can't even change any settings nor
sees any files. Also sharing is not possible.
As this is at least the case since Nextcloud 9 and we haven't received any
reports for this it seems that this feature is not used at all so I removed it.
The encryption commands now rely on the well tested maintenance mode.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* CaldavBackend is now endpoint aware (use old style principals on old
endpoint and new onces on new).
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* fixed size issues on main detail view and disappearing of share recipients
* Changes due to code comments
* Moved reloadProperties() to FileInfoModel
* Solved Scrutinizer issues
* Bugfix: undefined value used on error
* check if options are set for FileInfoModel.initialize()
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
If a Content-Disposition header is already set by another plugin we don't need to set another one as this breaks clients.
Fixes https://github.com/nextcloud/server/issues/1992
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Update sabre/dav to 3.2.0
* Adjust code to work with sabre/dav 3.2.0 and it's dependencies
* Adding own CalDAV plugin to fix calendar home property
* Test if there is a user logged in when listing files home
* Update sabre version used by integration tests
* Disable unauthenticated DAV access
This is needed to make Sabre 3.2 behave like we did before.
Eventually we should integrate better with the ACL plugin which itself
should implement an auth failure when appropriate.
=====
* Fixed so cherry-pick was succesfull
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Removes the need for POST to collection which would hit against upload
limits.
The client tries to auto rename the file by adding a suffix "(2)".
It tries to use the file list on the client side to guess a
suitable name. In case a file still cannot be uploaded and creates a
conflict, which can happen when the file was concurrently uploaded, the
logic will continue increasing the suffix.
- uses PUT method with jquery.fileupload for regular and public file
lists
- for IE and browsers that don't support it, use POST with iframe
transport
- implemented Sabre plugin to handle iframe transport and redirect the
embedded PUT request to the proper handler
- added RFC5995 POST to file collection with "add-member" property to
make it possible to auto-rename conflicting file names
- remove obsolete ajax/upload.php and obsolete ajax routes
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add more files plugins to new DAV endpoint
Also fix report plugin to properly retrieve the path from the
prolongated URL
* In case the report is not for this plugin -> simply return to allow other plugins to get executed
* Adjust onReport tests to match new behavior
Logicaly, postHooks should emit after touch. For chunking file it is already emitting after touch.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Enhanced the REPORT method on the Webdav endpoint and added a
"oc:favorite" filter rule. When set, it will return a flat list of
results filtered with only favorite files.
The web UI was also adjusted to use this REPORT method instead of the
private API endpoint.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
The files home node must also return DAV properties like etag,
permissions, etc for the clients to work like they did with the old
endpoint.
This fix makes FilesHome extend the Sabre Directory class, this makes
the FilesPlugin and other plugins recognize it as a directory and will
retrieve the matching properties when applicable.
Downstream of https://github.com/owncloud/core/pull/26066
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
For owncloud/client#5056
Users can configure arbitrary subfolders for syncing, therefore we should
always return it when asked for.
The sync client makes sure to not always ask for it to save bandwidth.
This fixes infinite loops that are caused whenever a user is about to solve a 2FA
challenge, but the provider app is disabled at the same time. Since the session
value usually indicates that the challenge needs to be solved before we grant access
we have to remove that value instead in this special case.
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.
It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)