dd054f0bdb
Merge pull request #22382 from nextcloud/bugfix/22380
...
Add repair step to remove old dashboard app config
2020-08-24 14:00:41 +02:00
17579c6471
Add repair step to remove old dashboard app config
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-08-24 10:16:15 +02:00
51922caa5f
Properly search for users when limittogroups is enabled
...
Searching just for the uid is not enough.
This makes sure this done properly again now.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-08-21 13:14:32 +02:00
6e4b089265
Merge pull request #20891 from cuppett/cuppett/issue#19790
...
Resolves #19790 , Provides Support for IAM Credentials
2020-08-20 20:28:05 +02:00
987f621173
Merge pull request #22331 from nextcloud/bugfix/noid/dont-use-deprecated-inigetwrapper
...
Don't use deprecated getIniWrapper() anymore
2020-08-20 19:45:47 +02:00
65b5e65185
Merge pull request #21529 from nextcloud/enh/encryption/improve_key_format
...
New SSE key format
2020-08-20 17:41:18 +02:00
b09620651c
Don't use deprecated getIniWrapper() anymore
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-08-20 16:35:38 +02:00
5ef0f86ce7
Resolves #19790 , Provides Support for IAM Credentials
...
Includes support for either leveraging environment variables
passed to the PHP runtime or IAM instance profile present
on the host being used. The default and first choice is
still the parameter file as documented.
See also: https://docs.aws.amazon.com/sdk-for-php/v3/developer-guide/guide_credentials_provider.html#chaining-providers
Signed-off-by: Stephen Cuppett <steve@cuppett.com>
2020-08-20 15:54:33 +02:00
5340ab3a75
New SSE key format
...
* Encrypt the keys with the instance secret
* Store them as json (so we can add other things if needed)
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-08-20 15:42:43 +02:00
5af7d921a9
Make Cache::removeChildren non recursive
...
Currently the "add new files during scanning" call stack is smaller than
the "remove deleted files during scanning" call stack. This can lead to
the scanner adding folders in the folder tree that are to deep to be
removed.
This changes the `removeChildren` logic to be non recursive so there is
no limit to the depth of the folder tree during removal
Signed-off-by: Robin Appelman <robin@icewind.nl>
2020-08-20 15:37:02 +02:00
6cdaadbc57
Merge pull request #13712 from nextcloud/bugfix/noid/do-not-load-all-routes
...
Only load routes of the app which is requested
2020-08-20 14:32:25 +02:00
2e4b3cebc6
Exclude the Bridge Bot password as well
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-08-20 10:28:35 +02:00
af3a59fab5
Merge pull request #22237 from nextcloud/bugfix/noid/allow_putContent_empty_string
...
Allow writing empty content to new file
2020-08-20 09:03:06 +02:00
d8bdb439a4
Merge pull request #22289 from nextcloud/techdebt/noid/fix-encryption-stream-invalid-scalar-arguments
...
Cast float to int to avoid invalid scalar argument warning
2020-08-19 22:08:15 +02:00
387cac4c5f
Properly inject IRouter into URLGenerator to properly encapsulate tests
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-08-19 22:00:47 +02:00
053ee7b386
Only load routes of the app which is requested
...
* Add fallback to load all routes if needed
* Move partial loaded routes test to proper place
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-08-19 21:58:20 +02:00
b604d5232e
Merge pull request #22218 from nextcloud/enh/sse/make_legacy_cipher_opt_in
...
SSE: make legacy format opt in
2020-08-19 20:10:45 +02:00
c449d54204
Merge pull request #22304 from nextcloud/techdebt/noid/matching-param-names
...
Use matching parameter names form interfaces and implementations
2020-08-19 19:34:02 +02:00
4c6eb96471
Merge pull request #22280 from nextcloud/bugfix/noid/429-on-brute-force-maximum
...
Send "429 Too Many Requests" in case of brute force protection
2020-08-19 18:21:01 +02:00
fedf9c69d9
Use matching parameter names form interfaces and implementations
...
Found by Psalm 3.14.1
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-08-19 18:16:35 +02:00
60be722ee8
Merge pull request #22288 from nextcloud/techdebt/noid/fix-oc_image-invalid-scalar-arguments
...
Cast float/char to int to avoid invalid scalar argument warning
2020-08-19 17:55:56 +02:00
e93bf71369
Fix the return type of OC_Template->fetchPage() to be string only
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-08-19 16:48:06 +02:00
2bbb848c31
Add legacy scanning command
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-08-19 15:45:45 +02:00
8928bbe969
Make legacy cipher opt in
...
* Systems that upgrade have this enabled by default
* New systems disable it
* We'll have to add some wargning in the setup checks if this is enabled
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-08-19 15:45:45 +02:00
35a8519591
Fix CS
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-08-19 11:20:36 +02:00
770381c0c6
Correctly return ms delay when at max
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-08-19 11:20:36 +02:00
931aca2fee
Add missing default
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-08-19 11:20:36 +02:00
d9c4c9eb99
Simplify array filter
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-08-19 11:20:36 +02:00
dfeee3b850
Fix wrong doc + type hint
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-08-19 11:20:36 +02:00
8376c4891f
Only throw when also the last 30 mins were attacking
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-08-19 11:20:36 +02:00
6f751d01db
Make the throttling O(2^n) instead of O(n^n)
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-08-19 11:20:36 +02:00
64539a6ee1
Make Throttler strict
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-08-19 11:20:36 +02:00
c8fea66d65
Split delay calculation from getting the attempts
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-08-19 11:20:35 +02:00
cdb36c8ead
Let the database count the entries
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-08-19 11:20:35 +02:00
e66bc4a8a7
Send "429 Too Many Requests" in case of brute force protection
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-08-19 11:20:35 +02:00
c8f175e936
Allow to disable share emails
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-08-19 09:03:58 +02:00
560ccf5d83
Cast float to int to avoid invalid scalar argument warning
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-08-18 16:56:36 +02:00
27e7332a9c
Cast float/char to int to avoid invalid scalar argument warning
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-08-18 16:51:59 +02:00
6ed4c8a946
Improve recent file fetching
...
Fixes #16876
Before we'd just fetch everything from all storages we'd have access to.
Then we'd sort. And filter in php. Now this of course is tricky if a
user shared just a file with you and then has a ton of activity.
Now we try to contruct the prefix path. So that the filtering can happen
right away in the databae.
Now this will make the DB more busy. But it should help overall as in
most cases less queries are needed then etc.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-08-18 05:56:06 +02:00
565ccb08cd
Merge pull request #22109 from nextcloud/feature/20931/followup-1
2020-08-17 22:13:45 +02:00
6675528804
Merge pull request #22271 from nextcloud/phpdoc/22063/add-interface-method-and-phpdoc
...
Properly add new methods to interface and document in PHPDoc for getR…
2020-08-17 19:34:56 +02:00
d7f66c36ac
Fix "misplaced variables" warning of Psalm in PHPDoc statements
...
Ref #21787
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-08-17 17:46:57 +02:00
00cb8e6c54
Merge pull request #22253 from nextcloud/debt/noid/docblocks
...
Fix some MissingDocblockType or InvalidDocblock warnings.
2020-08-17 17:45:11 +02:00
e47cfc9a54
Properly add new methods to interface and document in PHPDoc for getRootMounts()
...
Introduced in #22063 and was just forgotten.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-08-17 17:13:46 +02:00
3e7b815da4
Fix more MissingDocblockType or InvalidDocblock warnings.
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2020-08-14 20:19:23 +02:00
10ac844448
Update documentation for QueryBuilder::set
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2020-08-14 19:55:01 +02:00
5b26487f14
Expose status via Collaborators API
...
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2020-08-14 17:04:52 +02:00
8daaf33e3d
Silence duplicate session warnings
...
Fixes #20490
Basically restroring the old behavior.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-08-14 05:23:11 +02:00
5559570faf
Merge pull request #22242 from nextcloud/techdebt/noid/remove-deprecated-methods
...
Remove deprecated and unused method calls
2020-08-14 10:10:53 +08:00
b12a390220
Always try and show pre rendered preview
...
Currently if the following situation happens
Server generates preview
Server has command removed which allows a preview to be shown
Client asks for preview, gets a 404 error when preview exists
(Mime checked before preview)
This happens more often with documents, or video as the commands are not
native PHP, they require a binary on the server.
After the fix the following would happen
Server generates preview
Server has command removed which allows a preview to be shown
Client asks for preview, gets preview which has been generated
(Mime checked after preview)
This would also allow offline generation (for example a docker image
containing the extra binaries), allowing a reduction in attack surface
of the instance serving the preview data.
Signed-off-by: Scott Dutton <scott@exussum.co.uk>
2020-08-13 22:50:38 +02:00
John Molakvoæ
Julius Härtl
Roeland Jago Douma
Roeland Jago Douma
Morris Jobke
Joas Schilling
Stephen Cuppett
Robin Appelman
Daniel Kesselberg
Georg Ehrke
Gary Kim
Scott Dutton