frame-ancestors doesn't fall back to default-src. So when we apply a
very restricted CSP we should make sure to set it to 'none' and not
leave it empty.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This avoids the need to keep the default values in the integration tests
in sync with the code, and also makes possible to reset values with
"dynamic" defaults (defaults that depend on other values).
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Until recently (it was fixed in ac2999a26a) when a path was transferred
other shares with the target user were removed, so a test was added to
ensure that it does not happen again.
Besides that a test to ensure that other files with the target user are
not transferred was added too (it did not fail before, but seemed
convenient to have that covered too :-) ).
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
The files:transfer-ownership performs a sanitization of users with
"risky" display names (including characters like "\" or "/").
In order to allow (escaped) double quotes in the display name the
regular expression used in the "user XXX with displayname YYY exists"
step had to be adjusted.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Currently only transferring ownership of a reshare with a group to a
user in the group is possible.
When transferring ownership of a reshare with another user or with a
group to a user not in the group restoring the share fails (but the
command succeeds, it only fails for the specific files that are
reshares).
When transferring ownership of a path that is a reshare the command
fails (as when a specific path is provided the path tries to move the
file, it does not take into account reshares).
The added integration tests reflect the above behaviours.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
The integration tests did not verify that the shares were actually
transferred between the users (or that they were removed due to being
transferred to the sharee).
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
The integration tests did not verify that the files were actually
transferred between the users, only that the files were downloadable.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
- Make ALLOWED_CONTENT_TYPES public in order to use
- Add $fileName variable which uses "$node->getName()" to get the proper file name and "$file->getMimeType()" along with the ALLOWED_CONTENT_TYPES array in PhotoCache.php to get the proper file extension
- Make "$fileName" the name of the file in the Content-Disposition header when downloading a Contact's photo
- Add filename to the CardDAV integration image export test header
- Change headers in ImageExportPluginTest to reflect changes
Signed-off-by: Jacob Neplokh <me@jacobneplokh.com>
Enabling the "send password by Talk" property of shares require that
Talk is installed and enabled, so the Drone step that runs them has to
first clone the Talk repository.
When the integration tests are run on a local development instance,
however, it is not guaranteed that Talk is installed. Due to this the
"@Talk" tag was added, which ensures that any feature or scenario marked
with it will first check if Talk is installed and, if not, skip the
scenario (instead of failing).
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
In most cases, when a mail share is created or updated an e-mail is sent
to the sharee, which is done by connecting to the SMTP server set in the
configuration. If the server can not be contacted then the creation or
update of the mail share fails.
To make possible to test mail shares without using a real SMTP server a
fake one has been added. The original script, which is MIT licensed, was
based on inetd, so it was slightly modified to run on its own.
In order to use it from the integration tests the "Given dummy mail
server is listening" step has to be called in the scenarios in which the
mail server is needed.
For now that is the only available step; things like checking the sent
mails, while possible (as the script can log the mails to certain file),
have not been added yet.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Note that the "last link share can be downloaded" step was kept as it
tests the "url" property specific of link shares.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
- adapters for PHP API version to Support PHP < 7.3
- switch to pass only one base per search
- cookie logic is moved from Access to API adapters
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.
This also removes and empty lines from method/function bodies at the
beginning and end.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Nextcloud requires EventDispatcher from Symfony 4.4. Behat required
Symfony 4.x until Behat 3.5, but since Behat 3.6 it supports Symfony 5.x
too. However, as the EventDispatcher version was not restricted in the
"composer.json" file Composer installed the latest compatible version
with all the dependencies, which happened to be Symfony 5.x. To prevent
that now the EventDispatcher is explicitly limited to Symfony 4.4 only.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Roeland Jago Douma
Daniel Calviño Sánchez
Morris Jobke
dependabot[bot]
Christoph Wurst
Jacob Neplokh
Julien Veyssier
Joas Schilling
Stefan Weil
Julius Härtl
Roeland Jago Douma
dependabot-preview[bot]
blizzz
Christoph Wurst