Commit Graph

852 Commits

Author SHA1 Message Date
dependabot-preview[bot] 04a65121b7
Merge pull request #23958 from nextcloud/dependabot/npm_and_yarn/build/node-sass-5.0.0 2020-12-29 11:21:14 +00:00
Christoph Wurst 35aa34a1fd
Merge pull request #24533 from nextcloud/dependabot/composer/icewind/streams-0.7.2
Bump icewind/streams from 0.7.1 to 0.7.2
2020-12-29 11:24:37 +01:00
dependabot-preview[bot] 9e5f167d9a
Bump node-sass from 4.14.1 to 5.0.0 in /build
Bumps [node-sass](https://github.com/sass/node-sass) from 4.14.1 to 5.0.0.
- [Release notes](https://github.com/sass/node-sass/releases)
- [Changelog](https://github.com/sass/node-sass/blob/master/CHANGELOG.md)
- [Commits](https://github.com/sass/node-sass/compare/v4.14.1...v5.0.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-12-29 10:01:34 +00:00
Christoph Wurst 73c7d0dc81
Bump icewind/streams from 0.7.1 to 0.7.2
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-12-29 09:07:36 +01:00
Julius Härtl c7a320d880 jsunit: Run jsunit with chromium/puppeteer on github actions
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-12-29 08:42:27 +01:00
Christoph Wurst 3570ca82cf
Update the Psalm baseline
Some issues were resolved, hence every CI run shows this diff.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-12-22 17:44:16 +01:00
Roeland Jago Douma adc4f1a811
Merge pull request #22916 from J0WI/unifiy-links-to-php.net
Unify links to php.net
2020-12-22 09:53:31 +01:00
Christoph Wurst d89a75be0b
Update all license headers for Nextcloud 21
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-12-16 18:48:22 +01:00
Nextcloud-PR-Bot 815b39f5bc Update psalm baseline
Signed-off-by: GitHub <noreply@github.com>
2020-12-16 04:33:17 +00:00
dependabot-preview[bot] 78079839be
[Security] Bump ini from 1.3.5 to 1.3.7 in /build
Bumps [ini](https://github.com/isaacs/ini) from 1.3.5 to 1.3.7. **This update includes a security fix.**
- [Release notes](https://github.com/isaacs/ini/releases)
- [Commits](https://github.com/isaacs/ini/compare/v1.3.5...v1.3.7)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-12-10 18:12:25 +00:00
Roeland Jago Douma 3c693db0ca
Merge pull request #24605 from nextcloud/enh/share-deck
Add deck share provider support
2020-12-10 14:30:08 +01:00
Julius Härtl a0444bc69c
Merge pull request #24247 from nextcloud/bugfix/noid/ocm-providerId-string 2020-12-09 17:25:59 +01:00
Julius Härtl b8d2a00b74
Update psalm baseline
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-12-09 13:20:25 +01:00
Nextcloud-PR-Bot 59f9e7f340 Update psalm baseline
Signed-off-by: GitHub <noreply@github.com>
2020-12-09 04:31:11 +00:00
Joas Schilling 86a3b7e7bf
Merge pull request #24486 from nextcloud/feature/noid/phone-number-validation
Phone number validation and search
2020-12-08 17:05:38 +01:00
Julius Härtl b7326046c6
Update psalm baseline
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-12-08 16:06:13 +01:00
Roeland Jago Douma a9ee98e070
Update psalm baseline
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-12-07 15:44:05 +01:00
Joas Schilling d0750df20c
Unit tests for searching by phone number
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-12-07 14:19:38 +01:00
Joas Schilling 46b073d7ce
Add a config for default region of phone numbers
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-12-07 14:19:38 +01:00
Joas Schilling 689e3a502d
Add an integration test for the phone search API
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-12-07 14:19:38 +01:00
Daniel Calviño Sánchez b4b3276a5b Add integration tests for getting guest avatars
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-12-07 04:48:00 +01:00
Daniel Calviño Sánchez 1552add4ca Add integration tests for resized user avatars
Even on solid color images the resizing can cause some small artifacts
that slightly modify the color of certain pixels. Due to this now the
color comparison is no longer strict but fuzzy.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-12-07 04:48:00 +01:00
Daniel Calviño Sánchez 2cc22a06b4 Add integration tests for user avatars
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-12-07 04:47:56 +01:00
Daniel Calviño Sánchez 184742e6ff Make possible to set body in requesttoken requests in integration tests
"sendingAToWithRequesttoken" needs to be used to test some non OCS
endpoints which require the request token to be sent in the request. Now
it is possible to specify the body (or, rather, additional contents
beside the cookies and the request token) for those requests, as it will
be needed for example to upload an avatar.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-12-07 04:32:00 +01:00
Daniel Calviño Sánchez b553b43b68 Make possible to send requests as anonymous users in integration tests
Until now requests always had "auth" headers either for an admin or a
regular user, depending on the value of "currentUser". Now, if
"currentUser" starts by "anonymous" no "auth" header is sent, which
makes possible to also test requests with users not logged in.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-12-07 04:32:00 +01:00
Julius Härtl a1a4fa2ac2
Always install composer v2
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-12-04 10:11:02 +01:00
Christoph Wurst fbc06d39c7
Merge pull request #24429 from nextcloud/3rdparty/closure
[3rdparty] Migrate to Opis/Closure
2020-12-03 08:44:53 +01:00
Nextcloud-PR-Bot 3c606cbec3 Update psalm baseline
Signed-off-by: GitHub <noreply@github.com>
2020-12-03 04:29:05 +00:00
Morris Jobke 40ebe24960
Update psalm-baseline.xml
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-12-02 20:27:14 +01:00
Christoph Wurst 4deff37a3c
Merge pull request #23278 from nextcloud/enh/noid/user-limits
Allow subscription to indicate that a userlimit is reached
2020-12-02 18:22:13 +01:00
Morris Jobke 32f6bdf067
Merge pull request #24396 from nextcloud/dont-use-system-composer
dont use system composer for autoload checker
2020-12-02 16:15:55 +01:00
Morris Jobke d87705a894
Allow subscription to indicate that a userlimit is reached
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-12-02 15:20:03 +01:00
Robin Appelman ef016f71c3
cleanup after autoloader generation
Signed-off-by: Robin Appelman <robin@icewind.nl>
2020-12-02 15:02:56 +01:00
Nextcloud-PR-Bot 5427acec98 Update psalm baseline
Signed-off-by: GitHub <noreply@github.com>
2020-12-01 04:28:53 +00:00
Nextcloud-PR-Bot f94741ddee Update psalm baseline
Signed-off-by: GitHub <noreply@github.com>
2020-11-29 04:27:32 +00:00
Robin Appelman 3e2e694ea9
dont use system composer for autoload checker
this ensures that the same composer version is used by everyone (and ci)

Signed-off-by: Robin Appelman <robin@icewind.nl>
2020-11-26 15:48:46 +01:00
Nextcloud-PR-Bot fda21b35c4 Update psalm baseline
Signed-off-by: GitHub <noreply@github.com>
2020-11-24 04:25:08 +00:00
Lukas Reschke 47ac8e0028
Add Psalm Taint Flow Analysis
This adds the Psalm Security Analysis, as described at
https://psalm.dev/docs/security_analysis/

It also adds a plugin for adding input into AppFramework.

The results can be viewed in the GitHub Security tab at
https://github.com/nextcloud/server/security/code-scanning

**Q&A:**

Q: Why do you not use the shipped Psalm version?
A: I do a lot of changes to the Psalm Taint behaviour. Using released
versions is not gonna get us the results we want.

Q: How do I improve false positives?
A: https://psalm.dev/docs/security_analysis/avoiding_false_positives/

Q: How do I add custom sources?
A: https://psalm.dev/docs/security_analysis/custom_taint_sources/

Q: We should run this on apps!
A: Yes.

Q: What will change in Psalm?
A: Quite some of the PHP core functions are not yet marked to propagate
the taint. This leads to results where the taint flow is lost. That's
something that I am currently working on.

Q: Why is the plugin MIT licensed?
A: Because its the first of its kind (based on GitHub Code Search) and
I want other people to copy it if they want to. Security is for all :)

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2020-11-20 23:12:00 +01:00
dependabot-preview[bot] 774350c610
Bump vimeo/psalm from 4.1.1 to 4.2.0
Bumps [vimeo/psalm](https://github.com/vimeo/psalm) from 4.1.1 to 4.2.0.
- [Release notes](https://github.com/vimeo/psalm/releases)
- [Commits](https://github.com/vimeo/psalm/compare/4.1.1...4.2.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-11-20 09:07:01 +01:00
Roeland Jago Douma 9163790b7c
Set frame-ancestors to none if none are filled
frame-ancestors doesn't fall back to default-src. So when we apply a
very restricted CSP we should make sure to set it to 'none' and not
leave it empty.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-11-18 10:13:36 +01:00
Nextcloud-PR-Bot e93a76962c Update psalm baseline
Signed-off-by: GitHub <noreply@github.com>
2020-11-17 04:22:33 +00:00
Roeland Jago Douma 426dc68b45
Merge pull request #24069 from nextcloud/fix-default-internal-expiration-date
Fix default internal expiration date
2020-11-16 14:13:56 +01:00
Daniel Calviño Sánchez 28c57004dd Add integration tests for creating shares with default expiration dates
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-11-16 08:54:19 +01:00
Daniel Calviño Sánchez 4f5271acf9 Reset app configs by deleting the values instead of setting the defaults
This avoids the need to keep the default values in the integration tests
in sync with the code, and also makes possible to reset values with
"dynamic" defaults (defaults that depend on other values).

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-11-16 08:54:19 +01:00
Nextcloud-PR-Bot aa967d798c Update psalm baseline
Signed-off-by: GitHub <noreply@github.com>
2020-11-14 04:21:44 +00:00
Nextcloud-PR-Bot 05cd789e9d Update psalm baseline
Signed-off-by: GitHub <noreply@github.com>
2020-11-13 04:22:06 +00:00
Joas Schilling e39d657e24
Merge pull request #23882 from nextcloud/tests/oracle
Run unit tests against oracle
2020-11-11 10:05:24 +01:00
Daniel Calviño Sánchez ee852d7e0e Add integration tests for default share permissions
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-11-11 02:31:25 +01:00
Joas Schilling 6883676ad4
Update baseline, I'm sorry
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-11-10 15:55:06 +01:00
Nextcloud-PR-Bot e35329176d Update psalm baseline
Signed-off-by: GitHub <noreply@github.com>
2020-11-10 04:18:47 +00:00