Commit Graph

5950 Commits

Author SHA1 Message Date
Robin Appelman bee918693a
dissalow symlinks in local storages that point outside the datadir 2016-06-09 14:00:01 +02:00
Joas Schilling 4f27c2c433
Allow to decrypt user '0' files only 2016-06-09 14:00:00 +02:00
Christoph Wurst 60e15e934c
do not generate device token if 2FA is enable for user 2016-06-09 14:00:00 +02:00
Joas Schilling 0041d89dc2
Do not allow to store boolean configs, they behave unexpected on postgres 2016-06-09 13:59:58 +02:00
Robin Appelman 18f7cede51
Fix warnings when trying to get mtime of non existing files 2016-06-09 13:59:58 +02:00
Robin Appelman f4831f4074
return success when deleting ghost files 2016-06-09 13:59:58 +02:00
Robin Appelman 67c2c85b05
allow deleting "ghost files" trough the View and Node api 2016-06-09 13:59:58 +02:00
Thomas Müller f20c617154
Allow login by email address via webdav as well - fixes #24791 2016-06-09 12:08:49 +02:00
Vincent Petry 90c1ec1c49 Merge pull request #25014 from owncloud/admin-datadircheck-fix
Use temporary htaccesstest.txt for data dir security check
2016-06-09 11:58:28 +02:00
Vincent Petry 826e276a79 Merge pull request #24973 from owncloud/token-password-session-token
When creating a session token, make sure it's the login password and …
2016-06-09 11:58:04 +02:00
Vincent Petry aca4ea12c1 Merge pull request #24826 from owncloud/cors-client-login
use client login method on CORS routes
2016-06-09 10:31:14 +02:00
Vincent Petry 0e3737ffe1 Merge pull request #25028 from owncloud/scanner-user-not-setup
skip scanning for a user when the user is not setup yet
2016-06-09 10:29:46 +02:00
Jan-Christoph Borchardt 81145ee57c THIS IS NEXTCLOUD! adjusting the design 2016-06-08 17:02:18 +02:00
Joas Schilling e49307014c Do not log token or challenge with exception stacktrace (#25026)
* Make the filtering better readable

* Add some more methods to the sensitive list
2016-06-08 16:32:58 +02:00
Christoph Wurst 9997c431c3
use client login method on CORS routes 2016-06-08 15:18:53 +02:00
Christoph Wurst 46e26f6b49
catch sessionnotavailable exception if memory session is used 2016-06-08 15:03:15 +02:00
Robin Appelman 808438efc0 skip scanning for a user when the user is not setup yet 2016-06-08 14:19:42 +02:00
Christoph Wurst ec929f07f2
When creating a session token, make sure it's the login password and not a device token 2016-06-08 13:31:55 +02:00
Vincent Petry 8d0948977e Merge pull request #24899 from owncloud/local-storage-symlinks
dissalow symlinks in local storages that point outside the datadir
2016-06-08 10:19:24 +02:00
Vincent Petry ed92f4c427 Merge pull request #24983 from owncloud/issue-23776-do-not-allow-boolean-user-config
Do not allow to store boolean configs, they behave unexpected on postgres
2016-06-08 10:14:08 +02:00
Vincent Petry 12683b786d Merge pull request #24991 from owncloud/2fa-do-not-generate-token
do not generate device token if 2FA is enable for user
2016-06-08 10:13:04 +02:00
Vincent Petry b7935dcebd Merge pull request #24998 from owncloud/issue-24994-allow-decrypting-user-0-only
Allow to decrypt user '0' files only
2016-06-08 10:12:28 +02:00
Vincent Petry fb087a0261
Use temporary htaccesstest.txt for data dir security check 2016-06-07 18:36:13 +02:00
Robin Appelman 2cf7ad8c55 make sure $data['mtime'] is always a timestamp 2016-06-07 17:09:24 +02:00
Robin Appelman 6822689e38 don't update storage mtime if we can't get the modified date 2016-06-07 15:04:24 +02:00
Robin Appelman 73547f29be Ignore forbidden files while scanning 2016-06-07 14:01:55 +02:00
Robin Appelman 7b1b723e5b dissalow symlinks in local storages that point outside the datadir 2016-06-07 14:01:53 +02:00
Vincent Petry bf917d7063 Merge pull request #24813 from owncloud/delete-ghost-files
allow deleting "ghost files" trough the View and Node api
2016-06-07 09:34:16 +02:00
Joas Schilling d4ba982131
Allow to decrypt user '0' files only 2016-06-07 09:13:11 +02:00
Christoph Wurst 8f7a4aaa4d
do not generate device token if 2FA is enable for user 2016-06-07 09:09:51 +02:00
Lukas Reschke deef15a3c7
Remove "Help" link from personal sidebar
At the moment we want to hide the help link from the personal sidebar as it contains the original ownCloud documentation.

Once we have our own documentation with our proper branding and so on we can reenable this.
2016-06-06 18:40:15 +02:00
Joas Schilling 7d31ae9909 Fix second check for quota size (#24989) 2016-06-06 13:47:53 +02:00
Joas Schilling 911fd3ead4
Do not allow to store boolean configs, they behave unexpected on postgres 2016-06-06 12:38:20 +02:00
Robin Appelman 6bc8305edd Fix warnings when trying to get mtime of non existing files 2016-06-03 13:35:27 +02:00
Robin Appelman 14f96f86e7 return success when deleting ghost files 2016-06-03 13:34:54 +02:00
Robin Appelman 63408fa6ef allow deleting "ghost files" trough the View and Node api 2016-06-03 13:30:59 +02:00
Georg Ehrke 89a10fdb2d
normalize path in getInternalPath 2016-06-02 19:11:35 +02:00
Robin Appelman fce19d22d9 fix mtime propagation on sqlite 2016-06-02 15:43:43 +02:00
Vincent Petry 1ab7ee5e23 Merge pull request #24940 from owncloud/fix-normalizedcachekey-keepunicode
Add keepUnicode value in the cache key of normalizedPathCache
2016-06-02 15:18:13 +02:00
Robin Appelman cc67ad4dda use propagator batching in the scanner 2016-06-02 15:07:50 +02:00
Robin Appelman 9fb44e34af add propagator batching 2016-06-02 15:07:47 +02:00
Vincent Petry 53398b5146 Merge pull request #24936 from owncloud/2fa-block-ocs
block OCS if 2FA challenge needs to be solved first
2016-06-02 14:55:34 +02:00
Vincent Petry f37d519d0d Merge pull request #24946 from owncloud/issue-24943-duplicate-downgrade-unsupported-message
Do not show the hint when it's the same as the message
2016-06-02 10:40:53 +02:00
Vincent Petry 6b1422929d Merge pull request #24947 from owncloud/2fa-remember-redirect-url
remember redirect_url when solving the 2FA challenge
2016-06-02 10:40:32 +02:00
Joas Schilling 1d2cdfb9fd
Fix URL for client downloads 2016-06-01 16:58:57 +02:00
Christoph Wurst 5e71d23ded
remember redirect_url when solving the 2FA challenge 2016-06-01 14:43:47 +02:00
Vincent Petry 5ad8fa7675
Add keepUnicode value in the cache key of normalizedPathCache 2016-06-01 14:28:59 +02:00
Joas Schilling 13892417c4
Do not show the hint when it's the same as the message 2016-06-01 13:34:57 +02:00
Christoph Wurst 3ec6f4e165
block OCS if 2FA challenge needs to be solved first 2016-06-01 11:19:49 +02:00
Vincent Petry 7b4459d28d Merge pull request #24912 from owncloud/session-tokens-apache-auth
Create session tokens for apache auth users
2016-06-01 10:56:10 +02:00
Christoph Wurst c58d8159d7
Create session tokens for apache auth users 2016-05-31 17:07:49 +02:00
Vincent Petry 2b111b217c Merge pull request #24851 from owncloud/ldap-static-method-log
Hack to prevent infinite loop with LDAP + logging
2016-05-31 13:52:52 +02:00
Vincent Petry c0a19ecd2d Merge pull request #24907 from owncloud/properly-check-for-mbstring
Properly check for mbstring extension
2016-05-31 13:51:17 +02:00
Vincent Petry 5bb06723b0
Hack to prevent infinite loop with LDAP + logging
Forward port of a50619200c to 9.1/master
2016-05-31 11:38:41 +02:00
Vincent Petry 59ed464ee6 Merge pull request #24769 from owncloud/issue-24752-no-ui-message-when-integrity-disabled
Only show message in the UI when the checker is enabled
2016-05-31 10:36:16 +02:00
Vincent Petry a441220f24 Merge pull request #24628 from owncloud/decryptall-checkifneedsprocessing
[decrypt_all] Check if file needs to decrypted or not for speed up large oc setups.
2016-05-31 10:12:03 +02:00
Vincent Petry 3361cdf0cc Merge pull request #16688 from owncloud/tests-dockerapachewebdav
Add morrisjobke/webdav docker container for external storage tests
2016-05-31 09:55:06 +02:00
Lukas Reschke a23df94af1
Properly check for mbstring extension
mb_detect_encoding is in the fallback we ship in the polyfill library, mb_strcut is not. Thus this lead to a false positive and ownCloud would just break.
2016-05-31 08:12:36 +02:00
Torben Dannhauer 718f0757e4 Fix for #23066 (#24689) 2016-05-31 06:53:28 +02:00
Vincent Petry 5d7f37d570
Check whether remote DAV server accepted the mtime on touch
ownCloud as remote DAV always accepts the mtime on touch, but other
servers like Apache's DAV server doesn't. The latter doesn't give any
visible hint in its response to detect this case, so this fix does a
subsequent PROPFIND to check whether the mtime was actually set.

Since a touch() operation seldom happens (only on uploads), the minor
performance loss should hopefully be acceptable.
2016-05-30 16:10:30 +02:00
Vincent Petry 6f346b4b1f
Fix webdav destination header when overwriting folders
The trailing slash is needed when talking to Apache's mod_dav server
2016-05-30 16:10:30 +02:00
Vincent Petry 1423cf1d9d
Use isEncrpyted() instead 2016-05-30 14:49:27 +02:00
Christian Jürges fd4f9091fd
Respect oc coding style guide. 2016-05-30 14:49:27 +02:00
Christian Jürges b996c1f43f
Check if file needs to decrypted or not for speed up large oc setups. 2016-05-30 14:49:27 +02:00
Robin Appelman d717b583d2 trigger size calculation after scanning (#24875) 2016-05-30 11:14:31 +02:00
Lukas Reschke aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Joas Schilling db2e9df5f0
Move Job to a better class name 2016-05-25 16:06:06 +02:00
Joas Schilling b72706b450
Move background job to PSR-4 2016-05-25 14:59:59 +02:00
Vincent Petry b5f455f5ac Merge pull request #24812 from owncloud/fkammer-enhancement-cache-folder-gc-ttl
Make chunk cache ttl configurable
2016-05-25 11:07:31 +02:00
Vincent Petry c36cf30ade Merge pull request #24444 from owncloud/update-notifications-for-core-and-apps
Update notifications for core and apps
2016-05-25 09:13:10 +02:00
Christoph Wurst a922957f76
add default token auth config on install, upgrade and add it to sample config 2016-05-24 18:02:52 +02:00
Christoph Wurst 28ce7dd262
do not allow client password logins if token auth is enforced or 2FA is enabled 2016-05-24 17:54:02 +02:00
Vincent Petry d3fb5d618e Merge pull request #24748 from owncloud/login-explicitly
Log in explicitly, save login name when generating browser/device tokens
2016-05-24 17:51:49 +02:00
Vincent Petry 51b0036d8f
Changed labels of chunk TTL to mention chunks 2016-05-24 15:18:56 +02:00
Vincent Petry e7110c7678 Merge pull request #24760 from owncloud/objectstore_multibucket
Objectstore multibucket
2016-05-24 15:15:59 +02:00
Vincent Petry c9b26d065b
Move cache chunk TTL value to FileChunking class
This makes it less generic and only used for actual file chunking
2016-05-24 14:58:27 +02:00
Frederik Kammer 299520b322
Add config value for cache gc ttl 2016-05-24 14:55:26 +02:00
Christoph Wurst ad10485cec
when generating browser/device token, save the login name for later password checks 2016-05-24 11:49:15 +02:00
Joas Schilling aac990eddf
Add a background job that generates notifications when an update is available 2016-05-24 11:26:51 +02:00
Vincent Petry ee1f4602f3 Merge pull request #24787 from owncloud/fix-update-issue-on-master
Add the background jobs after the table was updated
2016-05-24 10:14:00 +02:00
Vincent Petry 1d1cb79321 Merge pull request #23395 from owncloud/mysql-check-speedup
Speedup schema cloning for MySQL
2016-05-24 10:00:38 +02:00
Christoph Wurst 4128b853e5
login explicitly 2016-05-24 09:48:02 +02:00
Roeland Jago Douma abe338f433
Store user bucket in preferences 2016-05-23 21:57:41 +02:00
Vincent Petry adcf942901 Merge pull request #24750 from owncloud/lenz1111-share_download_range_requests_support
Http Range requests support in downloads
2016-05-23 21:01:26 +02:00
Vincent Petry 5a8af2f0be Merge pull request #24729 from owncloud/try-token-login-first
try token login first
2016-05-23 20:50:57 +02:00
Vincent Petry 4f6670d759 Merge pull request #24658 from owncloud/invalidate-disabled-user-session
invalidate user session if the user was disabled
2016-05-23 20:50:25 +02:00
Vincent Petry 87fa86a69a Merge pull request #24559 from owncloud/2fa
two factor auth
2016-05-23 20:50:03 +02:00
Roeland Jago Douma e03e4921a0
Fix Name 2016-05-23 20:42:08 +02:00
Roeland Jago Douma 5e2316d05d
Allow multibucket in objectstore 2016-05-23 20:42:08 +02:00
Victor Dubiniuk 01aedbe506 Speedup schema cloning for MySQL 2016-05-23 20:52:40 +03:00
Vincent Petry aa56d42fa8 Merge pull request #24777 from owncloud/scanner-dont-propagate
dont needlessly triger the propgator in the scanner
2016-05-23 19:05:20 +02:00
Joas Schilling 78da57466f
Add the background jobs after the table was updated 2016-05-23 17:58:46 +02:00
Vincent Petry 524479fa09 Merge pull request #24699 from owncloud/background-scan-recursion
Only recurse into incomplete folders during background scans
2016-05-23 17:44:02 +02:00
Piotr Filiciak 6577bbe887 Code style and doc fix 2016-05-23 15:17:00 +02:00
Robin Appelman eca57be336 Only recurse into incomplete folders during background scans 2016-05-23 14:40:35 +02:00
Vincent Petry 21df2eb5a1 Merge pull request #24695 from owncloud/background-scan-propagate
Trigger propagation from the background scanner
2016-05-23 14:32:28 +02:00
Vincent Petry 68c5df798c Merge pull request #24765 from owncloud/boolean-installed-config
Make sure we evaluate installed everywhere as a boolean
2016-05-23 14:32:10 +02:00
Vincent Petry 57525a02f8 Merge pull request #24703 from owncloud/personal-settings-auth-tokens
Personal settings auth tokens
2016-05-23 14:17:01 +02:00
Robin Appelman f3979e5459 dont needlessly triger the propgator in the scanner 2016-05-23 13:53:05 +02:00
Vincent Petry bd87f67473 Merge pull request #24349 from owncloud/nfd-storagewrapper
Add wrapper for NFD encoding workaround
2016-05-23 13:45:33 +02:00
Vincent Petry 862d8f43e5 Merge pull request #24766 from owncloud/mmccarn-patch-2
Update imagePath to prefer theme, then app, then core images
2016-05-23 11:46:03 +02:00
Joas Schilling c2cac0940d
Only show message in the UI when the checker is enabled 2016-05-23 11:29:40 +02:00
Christoph Wurst 847bbc51b6
add OCC command to enable/disable 2FA for a user 2016-05-23 11:21:13 +02:00
Christoph Wurst dfb4d426c2
Add two factor auth to core 2016-05-23 11:21:10 +02:00
Christoph Wurst c20cdc2213
invalidate user session if the user is disabled 2016-05-23 10:32:16 +02:00
mmccarn 1bc5eb111b
Update imagePath to prefer theme, then app, then core images
imagePath updated so that image searches follow this priority:

1) /themes/$theme/apps/$app/img
2) /themes/$theme/$app/img
3) /themes/$theme/core/img
4) $appPath/img
5) /$app/img
6) /core/img

For each folder:
- if the specified file exists, use it.
- otherwise, if $basename.svg does NOT exist, try $basename.png
(This might better be "if filename was an svg, try the png"...)
2016-05-23 10:24:04 +02:00
Joas Schilling 7f1b8f22d4
Make sure that installed is a boolean 2016-05-23 10:09:22 +02:00
Vincent Petry 5ba1add03c Merge pull request #24603 from owncloud/federated_reshare
flat federated re-share
2016-05-23 09:52:13 +02:00
Vincent Petry c78bb2ab34 Merge pull request #24356 from owncloud/scanner-recursion-memory
Free up folder content from memory before recursing in the file scanner
2016-05-23 09:51:52 +02:00
Christoph Wurst 74277c25be
add button to invalidate browser sessions/device tokens 2016-05-23 09:11:12 +02:00
Christoph Wurst 6495534bcd
add button to add new device tokens 2016-05-23 09:11:12 +02:00
Christoph Wurst 12431aa399
list user's auth tokens on the personal settings page 2016-05-23 09:11:12 +02:00
Vincent Petry 8646802850 Merge pull request #24696 from owncloud/lock-jobs-while-executing
Lock jobs while executing them, to allow multiple executors to run in…
2016-05-21 19:08:15 +02:00
Joas Schilling d0a2fa0506
Lock jobs while executing them, to allow multiple executors to run in parallel 2016-05-21 01:59:25 +02:00
Joas Schilling 7e3ce83526
Add a method to lock a table 2016-05-21 01:59:03 +02:00
Björn Schießle 7b25839bd5
use share initiator as fall back to access the file
in case of federated re-shares the owner can be a remote user.
Therefore we can't always use to owner to access the local file
2016-05-20 21:15:15 +02:00
Piotr Filiciak 9999e05660
Http Range requests support in downloads
Http range requests support is required for video preview
2016-05-20 18:16:44 +02:00
Vincent Petry 8fbb63d316
Some tweaks for systemtagmanager 2016-05-20 17:56:02 +02:00
Vincent Petry 88740f035d
Act on effective system tag canAssign permission
Whenever the server returns true for the can-assign Webdav property of
a system tag, it means the current user is allowed to assign,
regardless of the value of user-assignable.

This commit brings the proper logic to the web UI to make it possible
for users to assign when they have the permission.
2016-05-20 17:56:02 +02:00
Vincent Petry b5eb3d9e5a
Add system tag assignability check with groups
Whenever a user is not an admin, a tag is visible but not
user-assignable, check whether the user is a member of the allowed
groups.
2016-05-20 17:56:02 +02:00
Vincent Petry 3cd65fe25d
Add systemtag_group table and get/set methods
Added systemtag to group mapping table.
Added methods in ISystemTagManager to get/set the group mappings.
2016-05-20 17:56:02 +02:00
Vincent Petry 09b3883d9c
Updated canUser* functions in SystemTagManager to accept objects 2016-05-20 17:56:02 +02:00
Vincent Petry 8343cfb64b
Add interface methods for permission check
Instead of checking for admin perm, use interface method
canUserAssignTag and canUserSeeTag to check for permissions.
Allows for more flexible implementation.
2016-05-20 17:56:02 +02:00
Christoph Wurst 11dc97da43
try token login first 2016-05-20 10:52:39 +02:00
Vincent Petry bac8e13324
Remove unneeded unsets in encoding wrapper 2016-05-20 09:33:59 +02:00
Vincent Petry e8d082208d
Fixes for encoding wrapper
Improved label
Fixed rename/copy/moveFromStorage/copyFromStorage and added tests
Improved findPathToUse algo
2016-05-20 09:33:59 +02:00
Vincent Petry f8b2b95408
Scanner must normalize new children names for cache diff
Since new children from the storage might contain NFD entries, these
must be normalized to NFC to be properly diff'ed with the cache
contents which is always NFC.

This fixes an issue where NFD entries would disappear from the cache
after rescannng for children.
2016-05-20 09:33:59 +02:00
Vincent Petry db4c7fe743
Add encoding wrapper as opt-in mount option
The encoding wrapper is now only applied when the mount option is set,
disabled by default.
2016-05-20 09:33:59 +02:00
Vincent Petry 63bbbf29f4
Add wrapper for NFD encoding workaround 2016-05-20 09:33:59 +02:00
Vincent Petry 65eae43ab1 Merge pull request #24721 from owncloud/public_psr4
Move \OCP to PSR-4
2016-05-19 15:53:03 +02:00
Vincent Petry f42cdec4c4 Merge pull request #24725 from owncloud/ocs-provider-psr4
Move OCS Provider to PSR-4 namespace
2016-05-19 15:36:19 +02:00
Vincent Petry 3b3940df6b Merge pull request #24660 from owncloud/no-token-login-for-disabled-users
don't allow token login for disabled users
2016-05-19 15:32:09 +02:00
Joas Schilling 20f229eed9
Move OCS Provider to PSR-4 namespace 2016-05-19 11:10:32 +02:00
Roeland Jago Douma 893204ef4a
Fix broken exception naming 2016-05-19 10:05:53 +02:00
Christoph Wurst f824f3e5f3
don't allow token login for disabled users 2016-05-18 21:10:37 +02:00
Christoph Wurst 0626578739
add method to query all user auth tokens 2016-05-18 18:25:37 +02:00
Vincent Petry 01f44d83b2 Merge pull request #24691 from owncloud/fixchunkttl
Allow chunk GC mtime tolerance for unfinished part chunks
2016-05-18 18:19:08 +02:00
Robin Appelman e6386652df Trigger propagation from the background scanner 2016-05-18 14:31:43 +02:00
Vincent Petry e0af5263fb
Allow chunk GC mtime tolerance for unfinished part chunks
Whenever part chunks are written, every fwrite in the write loop will
reset the mtime to the current mtime. Only at the end will the touch()
operation set the mtime to now + ttl, in the future.

However the GC code is expecting that every chunk with mtime < now are
old and must be deleted. This causes the GC to sometimes delete part
chunks in which the write loop is slow.

To fix this, a tolerance value is added in the GC code to allow for
more time before a part chunk gets deleted.
2016-05-18 13:39:37 +02:00
Christoph Wurst 98b465a8b9
a single token provider suffices 2016-05-18 09:20:48 +02:00
Robin Appelman de5b7609f9 use mount providers to setup home storages (#24567) 2016-05-17 21:40:55 +02:00
Roeland Douma 5c9103287f Group fixup (#24621)
* Move used OC_Group_xx to \OC\Group

* Add (deprecated) legacy wrapper in legacy, OC_Group_xx

* Replace deprecated use of OC_Group_xx with \OC\Group\xx
2016-05-17 16:06:44 +02:00
Jörn Friedrich Dreyer ca8d2e2f2e Merge pull request #24370 from owncloud/iclientservice-dicontainer
add IClientService to DI container
2016-05-17 09:33:54 +02:00
Jörn Friedrich Dreyer 5e03e9a843 Merge pull request #24083 from owncloud/fix-race-condition
Read only once
2016-05-17 09:03:57 +02:00
Vincent Petry 3db709d568 Merge pull request #24600 from owncloud/http-client-lazy-config
only configure the http client once we start using it
2016-05-13 16:10:24 +02:00
Vincent Petry 6938904b07 Merge pull request #24614 from owncloud/token-validation-log
don't spam the log file with failed token validation entries
2016-05-13 16:09:49 +02:00
Christoph Wurst ed01305e29
don't spam the log file with failed token validation entries 2016-05-13 09:53:50 +02:00
Roeland Jago Douma 05cc0dd478
Move \OC\Template to PSR-4 2016-05-13 08:54:07 +02:00
Roeland Jago Douma eb79b83831
Move functions.php to legacy
This file should really be properly namespaced etc!
2016-05-13 08:54:07 +02:00
Robin Appelman ea0f09a7ed only configure the http client once we start using it 2016-05-12 13:29:45 +02:00