Christoph Wurst
d89a75be0b
Update all license headers for Nextcloud 21
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-12-16 18:48:22 +01:00
Nextcloud-PR-Bot
815b39f5bc
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-12-16 04:33:17 +00:00
dependabot-preview[bot]
78079839be
[Security] Bump ini from 1.3.5 to 1.3.7 in /build
...
Bumps [ini](https://github.com/isaacs/ini ) from 1.3.5 to 1.3.7. **This update includes a security fix.**
- [Release notes](https://github.com/isaacs/ini/releases )
- [Commits](https://github.com/isaacs/ini/compare/v1.3.5...v1.3.7 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-12-10 18:12:25 +00:00
Roeland Jago Douma
3c693db0ca
Merge pull request #24605 from nextcloud/enh/share-deck
...
Add deck share provider support
2020-12-10 14:30:08 +01:00
Julius Härtl
a0444bc69c
Merge pull request #24247 from nextcloud/bugfix/noid/ocm-providerId-string
2020-12-09 17:25:59 +01:00
Julius Härtl
b8d2a00b74
Update psalm baseline
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-12-09 13:20:25 +01:00
Nextcloud-PR-Bot
59f9e7f340
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-12-09 04:31:11 +00:00
Joas Schilling
86a3b7e7bf
Merge pull request #24486 from nextcloud/feature/noid/phone-number-validation
...
Phone number validation and search
2020-12-08 17:05:38 +01:00
Julius Härtl
b7326046c6
Update psalm baseline
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-12-08 16:06:13 +01:00
Roeland Jago Douma
a9ee98e070
Update psalm baseline
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-12-07 15:44:05 +01:00
Joas Schilling
d0750df20c
Unit tests for searching by phone number
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-12-07 14:19:38 +01:00
Joas Schilling
46b073d7ce
Add a config for default region of phone numbers
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-12-07 14:19:38 +01:00
Joas Schilling
689e3a502d
Add an integration test for the phone search API
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-12-07 14:19:38 +01:00
Daniel Calviño Sánchez
b4b3276a5b
Add integration tests for getting guest avatars
...
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-12-07 04:48:00 +01:00
Daniel Calviño Sánchez
1552add4ca
Add integration tests for resized user avatars
...
Even on solid color images the resizing can cause some small artifacts
that slightly modify the color of certain pixels. Due to this now the
color comparison is no longer strict but fuzzy.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-12-07 04:48:00 +01:00
Daniel Calviño Sánchez
2cc22a06b4
Add integration tests for user avatars
...
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-12-07 04:47:56 +01:00
Daniel Calviño Sánchez
184742e6ff
Make possible to set body in requesttoken requests in integration tests
...
"sendingAToWithRequesttoken" needs to be used to test some non OCS
endpoints which require the request token to be sent in the request. Now
it is possible to specify the body (or, rather, additional contents
beside the cookies and the request token) for those requests, as it will
be needed for example to upload an avatar.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-12-07 04:32:00 +01:00
Daniel Calviño Sánchez
b553b43b68
Make possible to send requests as anonymous users in integration tests
...
Until now requests always had "auth" headers either for an admin or a
regular user, depending on the value of "currentUser". Now, if
"currentUser" starts by "anonymous" no "auth" header is sent, which
makes possible to also test requests with users not logged in.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-12-07 04:32:00 +01:00
Julius Härtl
a1a4fa2ac2
Always install composer v2
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-12-04 10:11:02 +01:00
Christoph Wurst
fbc06d39c7
Merge pull request #24429 from nextcloud/3rdparty/closure
...
[3rdparty] Migrate to Opis/Closure
2020-12-03 08:44:53 +01:00
Nextcloud-PR-Bot
3c606cbec3
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-12-03 04:29:05 +00:00
Morris Jobke
40ebe24960
Update psalm-baseline.xml
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-12-02 20:27:14 +01:00
Christoph Wurst
4deff37a3c
Merge pull request #23278 from nextcloud/enh/noid/user-limits
...
Allow subscription to indicate that a userlimit is reached
2020-12-02 18:22:13 +01:00
Morris Jobke
32f6bdf067
Merge pull request #24396 from nextcloud/dont-use-system-composer
...
dont use system composer for autoload checker
2020-12-02 16:15:55 +01:00
Morris Jobke
d87705a894
Allow subscription to indicate that a userlimit is reached
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-12-02 15:20:03 +01:00
Robin Appelman
ef016f71c3
cleanup after autoloader generation
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2020-12-02 15:02:56 +01:00
Nextcloud-PR-Bot
5427acec98
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-12-01 04:28:53 +00:00
Nextcloud-PR-Bot
f94741ddee
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-11-29 04:27:32 +00:00
Robin Appelman
3e2e694ea9
dont use system composer for autoload checker
...
this ensures that the same composer version is used by everyone (and ci)
Signed-off-by: Robin Appelman <robin@icewind.nl>
2020-11-26 15:48:46 +01:00
Nextcloud-PR-Bot
fda21b35c4
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-11-24 04:25:08 +00:00
Lukas Reschke
47ac8e0028
Add Psalm Taint Flow Analysis
...
This adds the Psalm Security Analysis, as described at
https://psalm.dev/docs/security_analysis/
It also adds a plugin for adding input into AppFramework.
The results can be viewed in the GitHub Security tab at
https://github.com/nextcloud/server/security/code-scanning
**Q&A:**
Q: Why do you not use the shipped Psalm version?
A: I do a lot of changes to the Psalm Taint behaviour. Using released
versions is not gonna get us the results we want.
Q: How do I improve false positives?
A: https://psalm.dev/docs/security_analysis/avoiding_false_positives/
Q: How do I add custom sources?
A: https://psalm.dev/docs/security_analysis/custom_taint_sources/
Q: We should run this on apps!
A: Yes.
Q: What will change in Psalm?
A: Quite some of the PHP core functions are not yet marked to propagate
the taint. This leads to results where the taint flow is lost. That's
something that I am currently working on.
Q: Why is the plugin MIT licensed?
A: Because its the first of its kind (based on GitHub Code Search) and
I want other people to copy it if they want to. Security is for all :)
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2020-11-20 23:12:00 +01:00
dependabot-preview[bot]
774350c610
Bump vimeo/psalm from 4.1.1 to 4.2.0
...
Bumps [vimeo/psalm](https://github.com/vimeo/psalm ) from 4.1.1 to 4.2.0.
- [Release notes](https://github.com/vimeo/psalm/releases )
- [Commits](https://github.com/vimeo/psalm/compare/4.1.1...4.2.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-11-20 09:07:01 +01:00
Roeland Jago Douma
9163790b7c
Set frame-ancestors to none if none are filled
...
frame-ancestors doesn't fall back to default-src. So when we apply a
very restricted CSP we should make sure to set it to 'none' and not
leave it empty.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-11-18 10:13:36 +01:00
Nextcloud-PR-Bot
e93a76962c
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-11-17 04:22:33 +00:00
Roeland Jago Douma
426dc68b45
Merge pull request #24069 from nextcloud/fix-default-internal-expiration-date
...
Fix default internal expiration date
2020-11-16 14:13:56 +01:00
Daniel Calviño Sánchez
28c57004dd
Add integration tests for creating shares with default expiration dates
...
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-11-16 08:54:19 +01:00
Daniel Calviño Sánchez
4f5271acf9
Reset app configs by deleting the values instead of setting the defaults
...
This avoids the need to keep the default values in the integration tests
in sync with the code, and also makes possible to reset values with
"dynamic" defaults (defaults that depend on other values).
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-11-16 08:54:19 +01:00
Nextcloud-PR-Bot
aa967d798c
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-11-14 04:21:44 +00:00
Nextcloud-PR-Bot
05cd789e9d
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-11-13 04:22:06 +00:00
Joas Schilling
e39d657e24
Merge pull request #23882 from nextcloud/tests/oracle
...
Run unit tests against oracle
2020-11-11 10:05:24 +01:00
Daniel Calviño Sánchez
ee852d7e0e
Add integration tests for default share permissions
...
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-11-11 02:31:25 +01:00
Joas Schilling
6883676ad4
Update baseline, I'm sorry
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-11-10 15:55:06 +01:00
Nextcloud-PR-Bot
e35329176d
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-11-10 04:18:47 +00:00
Roeland Jago Douma
c8822508de
Merge pull request #23967 from nextcloud/dependabot/composer/build/integration/behat/behat-approx-3.8.0
...
Update behat/behat requirement from ~3.7.0 to ~3.8.0 in /build/integration
2020-11-09 19:54:41 +01:00
Nextcloud-PR-Bot
63c68d49c7
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-11-08 04:26:59 +00:00
Nextcloud-PR-Bot
610c22d2ca
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-11-07 04:26:22 +00:00
dependabot-preview[bot]
d2aeeddce7
Update behat/behat requirement in /build/integration
...
Updates the requirements on [behat/behat](https://github.com/Behat/Behat ) to permit the latest version.
- [Release notes](https://github.com/Behat/Behat/releases )
- [Changelog](https://github.com/Behat/Behat/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Behat/Behat/compare/v3.7.0...v3.8.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-11-07 02:40:59 +00:00
Nextcloud-PR-Bot
4c61d52879
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-11-06 04:25:56 +00:00
Morris Jobke
0a1f4549e7
Check InvalidArgument psalm error into baseline - PHPDoc needs to be improved
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-05 13:49:25 +01:00
Nextcloud-PR-Bot
3929dc24c9
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-11-04 04:24:19 +00:00