354c5ff024
Add a repairstep to validate the phone numbers
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-12-07 20:35:54 +01:00
c1f28f8d35
Make debugging migration exceptions easier
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-12-07 19:35:01 +01:00
f3513f3fe4
files: Local#writeStream should use it's own file_put_contents
...
The OC\Files\Storage\Local#writeStream use system provided file_put_contents.
However, it overrides file_put_contents, thus expects that the default behaviour
can be different.
Use Local#file_put_contents in writeStream to benefit from class specific functionality.
Signed-off-by: Tigran Mkrtchyan <tigran.mkrtchyan@desy.de>
2020-12-07 18:11:40 +01:00
7f61535a1a
GD images
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-12-07 15:44:04 +01:00
c02e6fcae2
fix appconfig tests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-12-07 15:44:04 +01:00
0e10d8cb7c
Fix locking logic
...
The comparrison on php8 return true while <php8 it is false.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-12-07 15:44:04 +01:00
f648635758
Make the throwing optional, so background tasks don't break
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-12-07 14:19:38 +01:00
46b073d7ce
Add a config for default region of phone numbers
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-12-07 14:19:38 +01:00
9e04e6f99a
Also translate the phone number when coming in via the accounts manager API directly
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-12-07 14:19:38 +01:00
fe9c46e595
Add an endpoint to search for accounts based on phone number
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-12-07 14:19:37 +01:00
eaba155a09
Add a database table for the accounts data so we can search it better
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-12-07 14:19:37 +01:00
da9462b482
Make code strict
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-12-07 14:19:37 +01:00
cbb34af53f
Do not update incompatible apps
...
Previously there was no (platform) dependency check for an app that was
installed before. So Nextcloud happily upgraded an app that now requires
a php version newer than the current one. Which means in the lucky case
you see a failing upgrade due to the language incompatibility, or in the
unlucky case you see unexpected errors later in production.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-12-04 17:05:22 +01:00
24237f1a34
Check php compatibility of app store app releases
...
Apps might increase the minimum php version requirement, in which case
an update could break the app or even the whole instance. We must not
install those releases, or better, don't even show them for
update/installation. This extends the app fetcher code to filter out the
releases that are not installable.
The filter respects minimum and maximum requirements. E.g. apps that are
still only released for php7.3 won't show up for php7.4 instances. This
behavior is new but if an app lists an explicit version requirement,
then we ought to repect that.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-12-04 16:52:31 +01:00
f0862dcfaa
Merge pull request #24552 from nextcloud/enh/remember_me_is_not_app_password
...
Remember me is not an app_password
2020-12-04 16:35:44 +01:00
0d7819eb6c
Merge pull request #24550 from nextcloud/enh/fix/new_session_id_if_decrypt_fails
...
Generate a new session id if the decrypting the session data fails
2020-12-04 12:52:59 +01:00
5cc348ae72
Fix typo
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-12-04 12:51:45 +01:00
48b4b83b5a
Remember me is not an app_password
...
While technically they are stored the same. This session variable is
used to indicate that a user is using an app password to authenticate.
Like from a client. Or when having it generated automatically.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-12-04 12:40:28 +01:00
858f623081
Generate a new session id if the decrypting the session data fails
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-12-04 11:42:40 +01:00
9b3361ce87
Don't log params of imagecreatefromstring
...
To prevent flooding the log with actual image data.
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
2020-12-04 09:30:20 +01:00
c9cd633665
Fix the download of multiple files from the webUI
...
needed a setupFS call
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-12-03 13:20:01 +01:00
64bc7c79e8
Merge pull request #24498 from nextcloud/enhancement/nextcloud-log-normalizer
...
Replace abandoned log normalizer with our fork
2020-12-03 11:04:49 +01:00
04d67d558e
Also handle legacy cipher support when encryption is disabled but an old master key is present
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-12-03 09:47:05 +01:00
244c53dea1
Replace abandoned log normalizer with our fork
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-12-03 09:44:25 +01:00
4d64ec9944
Merge pull request #24519 from nextcloud/fix/bug/emailtemplate
...
Fix vsprint parameter
2020-12-03 09:13:58 +01:00
3d315ec64f
Fix vsprint parameter
...
%2\$; is not valid. On php7 this is just ignored but on php8 it gives an
error. %2\$s; works.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-12-03 08:25:11 +01:00
04c037ebfd
[3rdparty] Migrate to Opis/Closure
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-12-02 20:16:57 +01:00
6f4d3edb5e
Merge pull request #24113 from nextcloud/extend-cache-events
...
extend cache events
2020-12-02 19:48:20 +01:00
4deff37a3c
Merge pull request #23278 from nextcloud/enh/noid/user-limits
...
Allow subscription to indicate that a userlimit is reached
2020-12-02 18:22:13 +01:00
e580f91143
Merge pull request #23257 from aler9/patch-32bit-filesize-master
...
Fix file size computation on 32bit platforms
2020-12-02 16:22:24 +01:00
d69407963c
Merge pull request #24500 from nextcloud/bugfix/noid/log_query_no_crash
...
Prevent log_query to mess up regular execution flow
2020-12-02 16:15:26 +01:00
aef1cdba03
code style and dispatchTyped
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2020-12-02 16:15:02 +01:00
c0a05c0412
Add notification for user limit
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-12-02 15:20:03 +01:00
d87705a894
Allow subscription to indicate that a userlimit is reached
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-12-02 15:20:03 +01:00
a50bcdabcc
Prevent log_query to mess up regular execution flow
...
When the "log_query" debug config parameter is set, SQL queries are
logged. However, if an error occurs when converting the values to
string, it will abort the request.
This fix catches the error and continues instead.
Also added handler for DateTime value which is already known to cause
aborts here.
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
2020-12-02 14:10:35 +01:00
ac0c7a8fe0
Fix file size computation on 32bit platforms
...
Signed-off-by: aler9 <46489434+aler9@users.noreply.github.com>
2020-12-02 12:05:14 +01:00
9a3cc099db
Merge pull request #24414 from nextcloud/techdebt/remove-update-php
...
Remove the deprecated update.php
2020-11-30 12:11:03 +01:00
83a75c670b
Replace static call to Share::unshare with ShareManager->deleteShare in tests
...
And then cleanup all the code that is dead then...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-30 09:51:18 +01:00
6564a95160
Remove now unused methods in Share.php due to the reduced code complexity in Share::getItems
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-29 23:28:16 +01:00
10e5ae5e18
Remove unused method Share Helper::generateTarget
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-29 22:52:52 +01:00
a125d8aaa1
Reduce code complexity in Share::getItems by tracing all remaining callers
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-29 22:30:09 +01:00
596df8fc6f
Remove unused Share::getItemSharedWithBySource()
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-29 22:24:12 +01:00
fd649afb1f
Remove the deprecated update.php
...
* It was documented as deprecated.
* The app code checker warned about it
* It's been three years
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-11-27 13:02:59 +01:00
88f35d52d2
rename cache event to follow new naming standards
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2020-11-26 15:39:46 +01:00
23fb497ff5
extend cache events
...
- adds cache remove event
- expose storage id in event
- emit events during cache move
Signed-off-by: Robin Appelman <robin@icewind.nl>
2020-11-26 15:22:03 +01:00
7dd39a91ee
Remove dead method \OC\Updater::checkAppUpgrade
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-11-26 14:48:41 +01:00
54e3beba16
Merge pull request #24319 from nextcloud/techdebt/noid/streamline-user-creation-and-deletion-events
...
Streamline user creation and deletion events
2020-11-26 14:09:54 +01:00
2172432420
Merge pull request #23912 from nextcloud/objectstore-copy
...
use in objectstore copy
2020-11-25 16:09:26 +01:00
9cfa8a6c44
send expected format of cloud id
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-11-24 23:14:43 +01:00
5d03b5c5dd
Merge pull request #24162 from nextcloud/fix/noid/fedshares-displaynamez
...
set the display name of federated sharees from addressbook
2020-11-24 17:23:37 +01:00
6156a49f6e
Merge pull request #24341 from nextcloud/fix/sharing-enforce-expire-checkbox
...
Fix the config key on the sharing expire checkbox
2020-11-24 15:49:49 +01:00
9d4848e863
use in objectstore copy
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2020-11-24 15:16:58 +01:00
2526c5e042
Fix the config key on the sharing expire checkbox
...
We don't use `shareapi_internal_enforce_expire_date` anywhere.
`shareapi_enforce_internal_expire_date` is the one we want.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-11-24 14:17:41 +01:00
16a78f535a
set the display name of federated sharees from addressbook
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-11-24 11:30:11 +01:00
c2c539a754
Merge pull request #24323 from nextcloud/fix/comments-tab-missing
...
Fix reverse registration and missing comments tab
2020-11-24 09:34:50 +01:00
8ac9767881
Merge pull request #24312 from nextcloud/bugfix/noid/fix-router-alias
...
Add proper alias for internal router class
2020-11-24 08:43:29 +01:00
decc5c844b
Fix reverse registration and missing comments tab
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-11-24 08:28:19 +01:00
d9708ebece
Add proper alias for internal router class
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-11-24 08:01:39 +01:00
f4c1512bb7
Fix typo in @deprecated PHPDoc tag
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-24 00:13:09 +01:00
9bf76d2bad
Streamline user creation and deletion events
...
CreateUserEvent was the only one that didn't matched the naming scheme of BeforePASTTENSEEvent and PASTTENSEEvent. The event wasn't used at all so this just removes it again as there is BeforeUserCreatedEvent that is also available since 18.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-23 23:59:52 +01:00
9a0428835f
Merge pull request #24267 from nextcloud/techdebt/noid/auto-wire-encryption-app-view-dependent
...
Auto-wire remaining encryption app services that depend on View
2020-11-22 22:33:53 +01:00
032de4f333
Merge pull request #24269 from nextcloud/taint-specialize
...
Mark getAppPath as specialized taint
2020-11-22 13:39:46 +01:00
d25ca1976b
Mark getAppPath as specialized taint
...
Should remove some false positives.
https://psalm.dev/docs/security_analysis/avoiding_false_positives/
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2020-11-21 01:15:15 +00:00
98ddfdd1e8
Mark cleanAppId as sanitizer for include
...
Should remove a bunch of false positive code scanning results.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2020-11-21 00:57:25 +00:00
e606c0eef4
Allow View to be used via DI
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-21 00:18:59 +01:00
db3a3bee37
Merge pull request #24064 from nextcloud/techdebt/noid/auto-wire-encryption-app
...
Auto-wire as much as possible in the encryption app
2020-11-21 00:04:54 +01:00
6811274cfd
Merge pull request #24246 from LukasReschke/add-taint-flow-analysis
...
Add Psalm Security Analysis
2020-11-21 00:04:37 +01:00
5be18215fb
Auto-wire as much as possible in the encryption app
...
Also cleans up only non-classname services in the server container
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-20 23:13:22 +01:00
47ac8e0028
Add Psalm Taint Flow Analysis
...
This adds the Psalm Security Analysis, as described at
https://psalm.dev/docs/security_analysis/
It also adds a plugin for adding input into AppFramework.
The results can be viewed in the GitHub Security tab at
https://github.com/nextcloud/server/security/code-scanning
**Q&A:**
Q: Why do you not use the shipped Psalm version?
A: I do a lot of changes to the Psalm Taint behaviour. Using released
versions is not gonna get us the results we want.
Q: How do I improve false positives?
A: https://psalm.dev/docs/security_analysis/avoiding_false_positives/
Q: How do I add custom sources?
A: https://psalm.dev/docs/security_analysis/custom_taint_sources/
Q: We should run this on apps!
A: Yes.
Q: What will change in Psalm?
A: Quite some of the PHP core functions are not yet marked to propagate
the taint. This leads to results where the taint flow is lost. That's
something that I am currently working on.
Q: Why is the plugin MIT licensed?
A: Because its the first of its kind (based on GitHub Code Search) and
I want other people to copy it if they want to. Security is for all :)
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2020-11-20 23:12:00 +01:00
a42eb05a35
Simple typo in comments
2020-11-20 20:01:28 +01:00
691409cdec
Merge pull request #24062 from nextcloud/revert-24060-revert-24039-faster-installation
...
Revert "Revert "Installation goes brrrr""
2020-11-20 15:02:51 +01:00
b71803802c
Harden EncryptionLegacyCipher a bit
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-11-20 09:52:55 +01:00
1b613c84e9
Merge pull request #24007 from nextcloud/select-distinct-multiple
...
allow selecting multiple columns with SELECT DISTINCT
2020-11-19 22:39:01 +01:00
c2510ecae9
Merge pull request #24103 from nextcloud/bugfix/noid/groupfolder-share-object-storage
...
Only check path for being accessible when the storage is a object home
2020-11-19 22:37:28 +01:00
650ffc587f
Merge pull request #24164 from nextcloud/fix/lazy-app-registration
...
Allow lazy app registration
2020-11-19 22:35:09 +01:00
d602aa1825
Merge pull request #24135 from medical-cloud/fix/23357-nextcloud-logo-in-email-notifications-is-misaligned-in-version-20
...
Fix nextcloud logo in email notifications misalignment
2020-11-19 10:48:18 +01:00
87ec4a0da3
Fix #23357
...
Signed-off-by: medcloud <42641918+medcloud@users.noreply.github.com>
2020-11-18 22:29:02 +01:00
a0d9b15a80
missing level
...
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2020-11-18 18:30:07 -01:00
3cf39c573f
Allow lazy app registration
...
During app installation we run migration steps. Those steps may use
services the app registers or classes from composer. Hence we have to
make sure the app runs through the registration.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-11-18 08:48:45 +01:00
72a9c35be3
Remove some IRouter methods
...
This is not the end. IRouter needs to burn.
But it is a start.
🎵 we didn't start the fire 🎵
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-11-17 14:08:20 +01:00
a8cb8e21c1
Add types to function builder
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-11-16 19:46:24 +01:00
9a3ce2f71f
Don't drop the table anymore when we create it again
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-11-16 19:34:38 +01:00
a61a757b85
allow selecting multiple columns with SELECT DISTINCT
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2020-11-16 15:45:17 +01:00
426dc68b45
Merge pull request #24069 from nextcloud/fix-default-internal-expiration-date
...
Fix default internal expiration date
2020-11-16 14:13:56 +01:00
d0f738fd59
Merge pull request #24112 from nextcloud/bugfix/24099/setup-fs-before-query-storage-in-settings
...
Set up FS before querying storage info in settings
2020-11-16 11:46:22 +01:00
bcf0a69af4
Fix default internal expiration date
...
The default expiration date for internal shares was set from the default
link expiration date instead of the internal one.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-11-16 08:54:18 +01:00
91a3e439cb
Don't throw on SHOW VERSION query
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-11-16 08:43:48 +01:00
2143f2bb82
Set up FS before querying storage info in settings
...
The personal info section of the personal settings is querying the
storage quota information. For this it requires the FS to be setup which
is not always guaranteed.
This fixes an issue where refreshing the settings page would cause it to
fail after Redis caches are full. It is likely that when Redis cache is
populated, some code path is initializing the FS, so it works so far.
But when the cache is populated, that code path is skipped so the FS is
not guaranteed to be setup...
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
2020-11-13 17:06:37 +01:00
d665981447
Only check path for being accessible when the storage is a object home
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-11-13 13:48:32 +01:00
51a02c8009
ReflectionParamter::getClass is deprecated
...
In php8 this starts throwing warnings. And since we use it quite often
we flood the log. This moves it to getType which does the same. Only non
deprecated now.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-11-11 20:42:14 +01:00
d7b5d4cb58
Revert "Revert "Installation goes brrrr""
2020-11-11 20:12:13 +01:00
d36155620c
Revert "Installation goes brrrr"
2020-11-11 17:40:12 +01:00
77713ab454
Don't create a schema to check if the migrations table exists
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-11-11 11:45:00 +01:00
dde0e73c6b
Reduce the number of schemas we generate when we just run all migrations anyway
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-11-11 11:45:00 +01:00
7f45f90789
Only update the schema when we install anyway
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-11-11 11:40:51 +01:00
61496d3482
Merge pull request #24041 from nextcloud/techdebt/noid/remove-oc_hooks-for-group-management
...
Remove old OC_Hook for OC_Group events
2020-11-11 11:17:31 +01:00
e187c1d778
Remove old OC_Hook for OC_Group events
...
Those mappings exist and we will remove the first ones (labeled as `old`):
old: `\OC_Hook::listen('OC_Group', 'pre_createGroup', array('run' => true, 'gid' => $gid));`
since OC 8 (owncloud/core#12618): `$groupManager->listen('\OC\Group', 'preCreate', function ($gid) { ... });`
since NC 17 (#18350 ): `OCP\Group\Events\BeforeGroupCreatedEvent`
old: `\OC_Hook::emit('OC_User', 'post_createGroup', array('gid' => $gid->getGID()));`
since OC 8 (owncloud/core#12618 ): `$groupManager->listen('\OC\Group', 'postCreate', function (\OC\Group\Group $gid) { ... });`
since NC 17 (#18350 ): `OCP\Group\Events\GroupCreatedEvent`
old: `\OC_Hook::emit('OC_Group', 'pre_deleteGroup', array('run' => true, 'gid' => $group->getGID()));`
since OC 8 (owncloud/core#12618 ): `$groupManager->listen('\OC\Group', 'preDelete', function (\OC\Group\Group $group) { ... });`
since NC 17 (#18350 ): `OCP\Group\Events\BeforeGroupDeletedEvent`
old: `\OC_Hook::emit('OC_User', 'post_deleteGroup', array('gid' => $group->getGID()));`
since OC 8 (owncloud/core#12618 ): `$groupManager->listen('\OC\Group', 'postDelete', function (\OC\Group\Group $group) { ... });`
since NC 17 (#18350 ): `OCP\Group\Events\GroupDeletedEvent`
old: `\OC_Hook::emit('OC_Group', 'pre_addToGroup', array('run' => true, 'uid' => $user->getUID(), 'gid' => $group->getGID()));`
since OC 8 (owncloud/core#12618 ): `$groupManager->listen('\OC\Group', 'preAddUser', function (\OC\Group\Group $group, \OC\User\User $user) { ... });`
since NC 17 (#18350 ): `OCP\Group\Events\BeforeUserAddedEvent`
old: `\OC_Hook::emit('OC_Group', 'post_addToGroup', array('uid' => $user->getUID(), 'gid' => $group->getGID()));`
since OC 8 (owncloud/core#12618 ): `$groupManager->listen('\OC\Group', 'postAddUser', function (\OC\Group\Group $group, \OC\User\User $user) { ... });`
since NC 17 (#18350 ): `OCP\Group\Events\UserAddedEvent`
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-10 21:58:44 +01:00
d5df033ede
Create primary keys on all tables and add a command to create the afterwards
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-11-10 15:36:27 +01:00
5b5aebbf66
Replace the credentials table with one that can have empty user
...
Primary key columns on Oracle can not have empty strings
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-11-10 15:36:27 +01:00
fbda2d1d25
Don't try to update on NotNullConstraintViolationException, only on unique or foreign key
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-11-10 15:36:27 +01:00
Joas Schilling
Tigran Mkrtchyan
Roeland Jago Douma
Christoph Wurst
Roeland Jago Douma
Morris Jobke
Vincent Petry
Joas Schilling
Julius Härtl
Christoph Wurst
Robin Appelman
aler9
Arthur Schiwon
Lukas Reschke
Carlos Ferreira
medcloud
Maxence Lange
Daniel Calviño Sánchez