In general it is good to set them to Lax. But also to give devs more
control over them is not a bad thing.
Helps with #21474
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
while this scan *should* never be triggered, it's good to have some failsafe to ensure
that the users home contents don't end up getting scanned in the root storage
Signed-off-by: Robin Appelman <robin@icewind.nl>
When "send password by Talk" was disabled in a mail share it was
possible to keep the same password as before, as it does not pose any
security issue (unlike keeping it when "send password by Talk" is
enabled, as in that case the password was already disclosed by mail).
However, if a mail share is updated but the password is not set again
only the hashed password will be available. In that case it would not
make sense to send the password by mail, so now the password must be
changed when disabling "send password by Talk".
Note that, even if explicitly setting the same password again along with
the "send password by Talk" property would work, this was also prevented
for simplicity.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
When "send password by Talk" is enabled in a mail share a new password
must be also set. However, when the passwords of the original and the
new share were compared it was not taken into account that the original
password is now hashed, while the new one is not (unless no new password
was sent, in which case the password of the original share was set in
the new share by the controller, but that was already prevented due to
both passwords being literally the same), so it was possible to set the
same password again.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
When "send password by Talk" is enabled in a link share now a non empty
password is enforced.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Right now if you want to get events via the Node API you have to have a
real instance of the Root. Which in turns sets up the whole FS.
We should make sure this is done lazy. Else enabling the preview
generator for example makes you setup the whole FS on each and every
authenticated call.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Before the resources/config/ca-bundle.crt was only used when the list of custom
certificates was empty and the instance was not installed. But it should also
be used when the list is empty and the instance is installed.
This is inverting the logic to stop if the instance is not installed to use the
default bundle. And it also does this when the list is empty.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
In test it reduced the transfered data from 5 MB to 2 MB. This should reduce the load on the appstore significantly.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Since we don't care if it is human readbale.
The code is backwards compatible with the old format.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
currenty when getting the groups for a user, the full group object is always created (and cached)
even if only the groupid is required
Signed-off-by: Robin Appelman <robin@icewind.nl>
The minimum for memory cost is 8 KiB per thread. Threads must be checked and set first to allow checking against the correct memory cost mimimum.
Options are now applied the following way:
- If config.php contains the setting with an integer higher or equal to the minimum, it is applied.
- If config.php contains the setting with an integer lower than the minimum, the minimum is applied.
- If config.php does not contain the setting or with no integer value, the PHP default is applied.
Signed-off-by: MichaIng <micha@dietpi.com>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Previous implementation assumes the app path is always a child \OC::$SERVERROOT. That's not always true.
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
Also prefix resources
Unify the prefix handling
Handle urls with and without slash
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Else the number of files can grow very large very quickly in the preview
folder. Esp on large systems.
This generates the md5 of the fileid. And then creates folders of the
first 7 charts. In that folder is then a folder with the fileid. And
inside there are the previews.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
these are actually expected to FAIL, because NULL as a userid is not
allowed in the schema, but documented to be used on the source
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
JSUnit tests are failing for some reason. It seems to be related to a new karma-coverage version published a few hours ago.
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
hashes are set in "X-Hash-MD5", "X-Hash-SHA1" and "X-Hash-SHA256" headers.
these headers are set for file uploads and the MOVE request at the end of a multipart upload.
Signed-off-by: Robin Appelman <robin@icewind.nl>
Bump p-limit from 2.2.2 to 2.3.0, @nextcloud/auth from 1.2.2 to 1.2.3, @babel/preset-env from 7.8.7 to 7.9.5, @nextcloud/event-bus from 1.1.3 to 1.1.4, @nextcloud/password-confirmation from 1.0.0 to 1.0.1, @nextcloud/l10n from 1.2.2 to 1.2.3, @nextcloud/initial-state from 1.1.1 to 1.1.2, core-js from 3.6.4 to 3.6.5 …
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.
This also removes and empty lines from method/function bodies at the
beginning and end.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
If the value was never enabled or disabled, the settings show "Restrict
username enumeration to groups" as disabled. However, in some components
it was enabled by default, which caused an inconsistency in the
behaviour with respect to the settings, for example in the contacts
menu.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
This reverts commit f402e23448.
Since eb4c42d3d1 now shares are accepted
by default, so no notification is shown to accept them.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
behat/mink 1.8 and behat/mink-selenium2-driver 1.4 introduced behaviour
changes that broke the acceptance tests. Until the tests are updated to
work with the newer versions the last known versions are forced.
Note that some acceptance tests still fail after enforcing the
compatible versions, although that is caused by changes in the Nextcloud
server itself.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
As discussed in #18603 caching a 201 response is hard. It's now possible to distinguish between generated and uploaded avatars by reading the X-NC-IsCustomAvatar (0 = generated, 1 = uploaded) header.
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
The custom config allows to setup a proxy URI that is passed to
GuzzleHTTP client as request options. Guzzle has the option to receive
an array of proxies for each URI scheme as well as 'no' key value pair
to provide a list of host names that should not be proxied to.
Guzzle would automatically populate these options with HTTPS_PROXY
and NO_PROXY environment variables. However, when providing a 'proxy'
request option, default values will be overriden and it is required to
explicitly provide the 'no' value if needed.
More info:
http://docs.guzzlephp.org/en/stable/request-options.html#proxy
This commit will add support for a new config 'proxyexclude', which
takes a list of host names to be excluded.
It will also provide 'proxy' request option as an array instead of a
string to Guzzle, and populate 'http' and 'https' URI schemes with
proxy URI, and 'no' with 'proxyexclude' list.
Also, if no 'proxy' is configured, it will leave out 'proxy' request
option, so it won't override Guzzle default values.
Sample config file includes a hint on how to explicitly sync
'proxyexclude' with NO_PROXY, and a note about default values.
Signed-off-by: Mohammed Abdellatif <m.latief@gmail.com>
There is no need to have weird magic in the manager. This should be
properly registered in the right way. The settings code is messy
anyways. This is a start to make it a tad more clean.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Env-based SAML uses the "Apache auth" mechanism to log users in. In this
code path, we first delete all existin auth tokens from the database,
before a new one is inserted. This is problematic for concurrent
requests as they might reach the same code at the same time, hence both
trying to insert a new row wit the same token (the session ID). This
also bubbles up and disables user_saml.
As the token might still be OK (both request will insert the same data),
we can actually just check if the UIDs of the conflict row is the same
as the one we want to insert right now. In that case let's just use the
existing entry and carry on.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
normally this shouldn't be a problem, but cache/storage desync might cause this
so this adds some failsafe to ensure we dont corrupt the cache further
the minimum value is set to -1 instead of 0 in order to triger a background scan
on the folder and figure out the size properly
Signed-off-by: Robin Appelman <robin@icewind.nl>
* Order the imports
* No leading slash on imports
* Empty line before namespace
* One line per import
* Empty after imports
* Emmpty line at bottom of file
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Incoming shares are no longer automatically added to the file list of
the sharee. Instead, the user now needs to explictly accept the share.
Currently shares can be accepted only from the Notifications app, so it
must be explicitly cloned before installing Nextcloud if it is not found
in the "apps" directory. Note that the development branches are already
built, so there is no need to explicitly build the app.
With the new sharing behaviour the "share a skeleton file with another
user before first login" scenario is no longer valid (as the user will
need to log in to accept the share, so at that point the skeleton is
already created), so it was removed.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Since Nextcloud 17 the proper name for the old built-in notifications is
"Toast". Moreover, this will reduce ambiguity when using the
"notification" term to refer to elements in the Notifications app.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Resolves Issue #17885
Check getRedirectUri() for queries, and add a '&' instead of a '?' to $redirectUri if it already has them; otherwise, $redirectUri might end up with two '?'.
Signed-off-by: RussellAult <russellault@users.noreply.github.com>
There is no difference (as far as I know) between running the acceptance
tests on PHP 7.1 or on PHP 7.3; this is simply a preparatory step to be
ready when PHP 7.1 support is dropped in Nextcloud server.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Avoids directly getting the token again. We just inserted it so it and
have all the info. So that query is just a waste.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
the target storage doesn't need additional handling for wrappers as the wrappers implementation of moveFromStorage already deals with that
Any storage based on local storage isn't affected by this as local storage already has it's own way of handling with this
Signed-off-by: Robin Appelman <robin@icewind.nl>
Instead of one big monolitic sections this is the first step in breaking
down the settings. This should make is easiet to see what does what. As
well as nicely splitting up the sections.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Now the link share menu is not automatically opened after a link share
is created, so waiting until it was opened failed in iShareTheLinkFor.
Note that the steps that interact with the link share menu take care
themselves of showing the menu if needed, so there is no need to
explicitly show it despite the change. Also, the waiting in
iShareTheLinkFor was introduced when the link share menu was changed
to automatically open after creating a link share, as that caused some
issues with the steps that opened the menu by themselves (fec8d12fc5).
Due to all this, now that the link share menu is again not automatically
opened the wait can be simply removed.
Signed-off-by: Greta Doci <gretadoci@gmail.com>
Although uncommon, in some cases a Context may need to be extended (for
example, to override a step defined in the server with a specific
behaviour in the acceptance tests of an app); in those cases the
subclass should be able to access the actor attribute defined in the
Context it is extending.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
As documented, the default value for config value proxyuserpwd is ''.
However, that value results in the error:
"cURL error 5: Unsupported proxy syntax in '@'".
This patch handles the values of '' and null (the default in the code)
the same for config values proxyuserpwd and proxy.
Signed-off-by: Scott Shambarger <devel@shambarger.net>
So fun fact. Chrome considers a redirect after submitting a form part of
the form actions. Since we redirect to a new protocol (nc://login/).
Causing the form submission to work but the redirect failing hard.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This adds the events and the classes to modify the feature policy.
It also adds a default restricted feature policy.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Since federated shares have their permissions set on the node, we do not need
to check for parent share permissions. Otherwise reshares of incoming federated
have no permission variable defined and creating them will fail
Signed-off-by: Julius Härtl <jus@bitgrid.net>
There is no need to log the expcetion of most of the stuff here.
We should properly log them but an exception is excessive.
This moves it to a proper exception which we can catch and then log.
The other exceptions will still be fully logged.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
With upcoming work for the feature policy header. Splitting this in
smaller classes that just do 1 thing makes sense.
I rather have a few small classes that are tiny and do 1 thing right
(and we all understand what is going on) than have big ones.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
The userid is not relevant here, and by default cannot be used to login
with. Typically, there is a common type of login names in organizations
(LDAP username or email most often) that does not need to be disclosed.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Allow passing a nonce from the web server, allowing the possibility to enforce a strict CSP from the web server.
Signed-off-by: Sam Bull <git@sambull.org>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This is bit hacky but a start to lock the SCSS compiler properly
Retry during 10s then give up
Properly get error message
Do not clear locks and properly debug scss caching
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This introduces and event that can be listend to when we actually use
the CSP. This means that apps no longer have to always inject their CSP
but only do so when it is required. Yay for being lazy.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
the main difference is passing the `File` object to the provider
instead of a `View` + path
Old providers will still continue to work as before
Signed-off-by: Robin Appelman <robin@icewind.nl>
Otherwise the output would just read "Failed asserting that true is
false." or "Failed asserting that false is true.", which is not very
informative when there are several assertFalse/True in a row.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
The old notifications were added as ".row" elements to the
"#notification-container" element; the new notifications based on
toastify are added as ".toastify .on .toast..." elements to the
"#content" element. Besides that, they also include a span element with
an X to close the notification, so now only the first child text node
should be compared to the expected message.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
This avoids calls to the autoloader (or chain of autoloaders) to see if
for example 'principalPrefix' class can be found. While we already know
it is a string.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
The header is the full http header like: HTTP/1.1 304 Not Modified
So comparing this to an int always yields false
This also makes the 304 RFC compliant as the resulting content length
should otherwise be the length of the message and not 0.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
This allows a user to mark a token for remote wipe.
Clients that support this can then wipe the device properly.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Once 2FA is enforced for a user and they have no 2FA setup yet this will
now prompt them with a setup screen. Given that providers are enabled
that allow setup then.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Changed the implementation for getProxyUri with
fd1d85365c
If proxy is already null then we don't ask for proxyuserpwd. Test
failed because we expected getSystemValue to be called once with
proxyuserpwd
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
For #14179
By default responses should have the strictest (and simplest) CSP
possible. Only template responses should require an actual CSP.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
File names are no longer shown directly in the ".filename" element, but
split in two "span" elements inside a ".filename-parts" element, so now
the texts in those span elements need to be concatenated to get the file
name.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Fixes#14793
This is caused by the mess we have with OC\Settings mapping to settings
and lib/private/Settings.
Anyway this is the quick fix. Moving stuff around for 17 seems better.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
The bundle acceptance tests fails after #14578 sometimes. This is
because of a race condition. not all apps have compatible 16 versions
yet. So trying to enable them results in those apps doing 💥.
Because of #14578 we do show them now. So we try to enable them. However
depending on which requests finishes first the disable button for the
audit app either shows up or now.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* tests/acceptance/features/login.feature:15
<details><summary>Show full log</summary>
```
Scenario: log in with valid user and invalid password once fixed by admin # /drone/src/github.com/nextcloud/server/tests/acceptance/features/login.feature:15
Given I act as John # ActorContext::iActAs()
And I can not log in with user user0 and password 654231 # LoginPageContext::iCanNotLogInWithUserAndPassword()
When I act as Jane # ActorContext::iActAs()
And I am logged in as the admin # LoginPageContext::iAmLoggedInAsTheAdmin()
And I open the User settings # SettingsMenuContext::iOpenTheUserSettings()
And I set the password for user0 to 654321 # UsersSettingsContext::iSetTheFieldForUserTo()
And I act as John # ActorContext::iActAs()
And I log in with user user0 and password 654321 # LoginPageContext::iLogInWithUserAndPassword()
Then I see that the current page is the Files app # FilesAppContext::iSeeThatTheCurrentPageIsTheFilesApp()
Failed asserting that 'http://acceptance-login/index.php/login?user=user0' starts with "http://acceptance-login/index.php/apps/files/".
```
</details>
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Fails with:
* tests/acceptance/features/app-files.feature:90
<details><summary>Show full log</summary>
```
Scenario: show favorites # /drone/src/github.com/nextcloud/server/tests/acceptance/features/app-files.feature:90
Given I am logged in # LoginPageContext::iAmLoggedIn()
And I mark "welcome.txt" as favorite # FileListContext::iMarkAsFavorite()
When I open the "Favorites" section # AppNavigationContext::iOpenTheSection()
Then I see that the current section is "Favorites" # AppNavigationContext::iSeeThatTheCurrentSectionIs()
Then I see that the file list contains a file named "welcome.txt" # FileListContext::iSeeThatTheFileListContainsAFileNamed()
Row for file welcome.txt in file list could not be found after 100 seconds (NoSuchElementException)
```
</details>
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Fails with:
* tests/acceptance/features/apps.feature:66
<details><summary>Show full log</summary>
```
Scenario: Show section from app store # /drone/src/github.com/nextcloud/server/tests/acceptance/features/apps.feature:66
Given I act as Jane # ActorContext::iActAs()
And I am logged in as the admin # LoginPageContext::iAmLoggedInAsTheAdmin()
And I open the Apps management # SettingsMenuContext::iOpenTheAppsManagement()
And I see that the current section is "Your apps" # AppNavigationContext::iSeeThatTheCurrentSectionIs()
When I open the "Files" section # AppNavigationContext::iOpenTheSection()
Files section item in App Navigation could not be found after 100 seconds (NoSuchElementException)
Then I see that there some apps listed from the app store # AppsManagementContext::iSeeThatThereSomeAppsListedFromTheAppStore()
And I see that the current section is "Files" # AppNavigationContext::iSeeThatTheCurrentSectionIs()
```
</details>
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Fails with:
* tests/acceptance/features/app-files-tags.feature:42
<details><summary>Show full log</summary>
```
Scenario: add tags using the dropdown in the details view # /drone/src/github.com/nextcloud/server/tests/acceptance/features/app-files-tags.feature:42
Given I am logged in as the admin # LoginPageContext::iAmLoggedInAsTheAdmin()
And I visit the settings page # SettingsMenuContext::iVisitTheSettingsPage()
And I open the "Tag management" section # AppNavigationContext::iOpenTheSection()
And I see that the button to select tags is shown # SettingsContext::iSeeThatTheButtonToSelectTagsIsShown()
And I create the tag "tag1" in the settings # SettingsContext::iCreateTheTagInTheSettings()
And I create the tag "tag2" in the settings # SettingsContext::iCreateTheTagInTheSettings()
And I create the tag "tag3" in the settings # SettingsContext::iCreateTheTagInTheSettings()
And I create the tag "tag4" in the settings # SettingsContext::iCreateTheTagInTheSettings()
And I see that the dropdown for tags in the settings eventually contains the tag "tag1" # SettingsContext::iSeeThatTheDropdownForTagsInTheSettingsEventuallyContainsTheTag()
And I see that the dropdown for tags in the settings eventually contains the tag "tag2" # SettingsContext::iSeeThatTheDropdownForTagsInTheSettingsEventuallyContainsTheTag()
And I see that the dropdown for tags in the settings eventually contains the tag "tag3" # SettingsContext::iSeeThatTheDropdownForTagsInTheSettingsEventuallyContainsTheTag()
And I see that the dropdown for tags in the settings eventually contains the tag "tag4" # SettingsContext::iSeeThatTheDropdownForTagsInTheSettingsEventuallyContainsTheTag()
And I log out # SettingsMenuContext::iLogOut()
And I am logged in # LoginPageContext::iAmLoggedIn()
And I open the details view for "welcome.txt" # FileListContext::iOpenTheDetailsViewFor()
And I open the input field for tags in the details view # FilesAppContext::iOpenTheInputFieldForTagsInTheDetailsView()
When I check the tag "tag2" in the dropdown for tags in the details view # FilesAppContext::iCheckTheTagInTheDropdownForTagsInTheDetailsView()
And I check the tag "tag4" in the dropdown for tags in the details view # FilesAppContext::iCheckTheTagInTheDropdownForTagsInTheDetailsView()
Then I see that the tag "tag2" in the dropdown for tags in the details view is checked # FilesAppContext::iSeeThatTheTagInTheDropdownForTagsInTheDetailsViewIsChecked()
And I see that the tag "tag4" in the dropdown for tags in the details view is checked # FilesAppContext::iSeeThatTheTagInTheDropdownForTagsInTheDetailsViewIsChecked()
And I see that the input field for tags in the details view contains the tag "tag2" # FilesAppContext::iSeeThatTheInputFieldForTagsInTheDetailsViewContainsTheTag()
Failed asserting that false is true.
And I see that the input field for tags in the details view contains the tag "tag4" # FilesAppContext::iSeeThatTheInputFieldForTagsInTheDetailsViewContainsTheTag()
```
</details>
Signed-off-by: Morris Jobke <hey@morrisjobke.de>