Commit Graph

5630 Commits

Author SHA1 Message Date
Roeland Jago Douma 251a4d3097
Merge pull request #21143 from nextcloud/fix-password-changes-in-link-and-mail-shares
Fix password changes in link and mail shares
2020-05-29 13:36:09 +02:00
Daniel Calviño Sánchez 45de42a6b8 Fix disabling send password by Talk without new password in mail shares
When "send password by Talk" was disabled in a mail share it was
possible to keep the same password as before, as it does not pose any
security issue (unlike keeping it when "send password by Talk" is
enabled, as in that case the password was already disclosed by mail).

However, if a mail share is updated but the password is not set again
only the hashed password will be available. In that case it would not
make sense to send the password by mail, so now the password must be
changed when disabling "send password by Talk".

Note that, even if explicitly setting the same password again along with
the "send password by Talk" property would work, this was also prevented
for simplicity.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-05-29 02:46:12 +02:00
Daniel Calviño Sánchez a426f84dbe Fix enabling send password by Talk with same password in mail shares
When "send password by Talk" is enabled in a mail share a new password
must be also set. However, when the passwords of the original and the
new share were compared it was not taken into account that the original
password is now hashed, while the new one is not (unless no new password
was sent, in which case the password of the original share was set in
the new share by the controller, but that was already prevented due to
both passwords being literally the same), so it was possible to set the
same password again.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-05-28 21:51:28 +02:00
Daniel Calviño Sánchez 7569590514 Fix enabling send password by Talk with empty password in link shares
When "send password by Talk" is enabled in a link share now a non empty
password is enforced.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-05-28 21:51:28 +02:00
Roeland Jago Douma 28f8a445e4 Move the systemtags to core/src
* Move to the handlebar loader from webpack

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>
2020-05-28 19:05:09 +00:00
Roeland Jago Douma 6aa6ab3e02
Add lazy events for the Node API
Right now if you want to get events via the Node API you have to have a
real instance of the Root. Which in turns sets up the whole FS.

We should make sure this is done lazy. Else enabling the preview
generator for example makes you setup the whole FS on each and every
authenticated call.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-05-28 12:35:45 +02:00
Arthur Schiwon 653162a709
use the loginname to verify the old password in user password changes
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-05-26 16:53:25 +02:00
Morris Jobke 18b0d753f2
Do not read certificate bundle from data dir by default
Before the resources/config/ca-bundle.crt was only used when the list of custom
certificates was empty and the instance was not installed. But it should also
be used when the list is empty and the instance is installed.

This is inverting the logic to stop if the instance is not installed to use the
default bundle. And it also does this when the list is empty.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-05-25 16:57:56 +02:00
Roeland Jago Douma 44d05bf356
Move core/js/files to webpack
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>
2020-05-22 20:28:31 +02:00
Roeland Jago Douma cac844d915
Merge pull request #20814 from nextcloud/group-id-only
dont get the group details if we only ask for the id
2020-05-21 09:53:45 +02:00
Morris Jobke 8123737a40
Revert "Compress the appstore requests by default"
This reverts commit 6ffde128ad.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-05-20 13:37:28 +02:00
Morris Jobke 8bcd1c31da
Allow gzip encoded requests by default
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-05-20 13:37:28 +02:00
Morris Jobke 6ffde128ad
Compress the appstore requests by default
In test it reduced the transfered data from 5 MB to 2 MB. This should reduce the load on the appstore significantly.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-05-20 09:51:07 +02:00
Morris Jobke 3e0d8df036
Cache appstore requests for 60 instead of 5 minutes
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-05-20 09:51:06 +02:00
Valdnet 8e3de41b4b l10n: Add "The" before "Following" 2020-05-15 14:26:50 +08:00
Roeland Jago Douma 7c15c63b05
Merge pull request #20939 from nextcloud/enh/middleware/not_modified
Move not modified check to the middleware
2020-05-13 09:04:56 +02:00
Roeland Jago Douma 4fbea316a7
Merge pull request #20897 from nextcloud/bugfix/httpcache
Proxy server could cache http response when it is not private
2020-05-13 08:27:05 +02:00
Roeland Jago Douma 12fa748c49
Move the notmodified check to middleware where it belongs
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-05-13 08:11:24 +02:00
Roeland Jago Douma 6374c329e3
Merge pull request #20270 from nextcloud/enh/appframework/gzip
Add AppFramework compression middleware to gzip responses
2020-05-12 12:20:39 +02:00
Clement Wong 979dd1b6f5 Fix http cache test
Signed-off-by: Clement Wong <git@clement.hk>
2020-05-12 11:50:48 +02:00
Roeland Jago Douma 203d7eb1d3
Add AppFramework GZip middleware to gzip responses
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-05-12 09:09:48 +02:00
Roeland Jago Douma 35ff4aa1c6
Use random_bytes
Since we don't care if it is human readbale.
The code is backwards compatible with the old format.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-05-11 12:46:59 +02:00
Morris Jobke 16f4b43d94
Adjust tests to only return group IDs
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-05-08 08:10:38 +02:00
Robin Appelman aa83b0b22d
dont get the group details if we only ask for the id
currenty when getting the groups for a user, the full group object is always created (and cached)
even if only the groupid is required

Signed-off-by: Robin Appelman <robin@icewind.nl>
2020-05-07 17:16:43 +02:00
Morris Jobke a93d182bac
Merge pull request #20722 from nextcloud/enh/20693/etag-capabilities
Set etag for capabilities endpoint
2020-05-04 10:22:01 +02:00
Roeland Jago Douma a41ad78408
Update education bundle
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-05-01 09:52:58 +02:00
Roeland Jago Douma c724eb24d5
Merge pull request #20380 from nextcloud/design/notification-mails
Fix design and layout of notification mails
2020-05-01 08:53:39 +02:00
Jan-Christoph Borchardt e981669e89
Fix notification mail tests
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2020-05-01 03:00:42 +02:00
Robin Appelman 4e6d3d1880
Fix getDirectoryContent implementation for Jail wrapper
Signed-off-by: Robin Appelman <robin@icewind.nl>
2020-04-30 15:27:09 +02:00
MichaIng ad60619655
Fix Argon2 options checks
The minimum for memory cost is 8 KiB per thread. Threads must be checked and set first to allow checking against the correct memory cost mimimum.
Options are now applied the following way:
- If config.php contains the setting with an integer higher or equal to the minimum, it is applied.
- If config.php contains the setting with an integer lower than the minimum, the minimum is applied.
- If config.php does not contain the setting or with no integer value, the PHP default is applied.

Signed-off-by: MichaIng <micha@dietpi.com>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-04-30 10:18:46 +02:00
Daniel Kesselberg df669a2936
Set etag for capabilities endpoint
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2020-04-29 15:26:46 +02:00
Morris Jobke 1738e17e20
Merge pull request #19793 from nextcloud/bugfix/noid/link-to-federated-reshare
Fix resharing of federated shares that were created out of links
2020-04-27 11:05:34 +02:00
Morris Jobke a64681a0fe
Merge pull request #19514 from sndrr/already-enabled-apps
Already enabled apps
2020-04-27 11:00:16 +02:00
Morris Jobke 9b7e24a7a1
Merge pull request #19084 from nextcloud/bug/13556/wrong-paths-for-svg
Make it possible to resolve svg's outside \OC::$SERVERROOT
2020-04-27 10:58:34 +02:00
Sander Ruitenbeek 3d9cd00c7b
Updated test to check for already enabled apps
Signed-off-by: Sander Ruitenbeek <s.ruitenbeek@getgoing.nl>
2020-04-24 16:30:45 +02:00
Daniel Kesselberg d766d09f01
Add test to ensure that symlinked apps_paths are not resolved
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2020-04-24 16:19:14 +02:00
Daniel Kesselberg 72a16b1779
Make it possible to resolve svg for apps_paths outside the document root
Previous implementation assumes the app path is always a child \OC::$SERVERROOT. That's not always true.

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2020-04-24 16:19:10 +02:00
Roeland Jago Douma f4b8623d33
Allow specifying a default expiration date
This overrides the max expiration date.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-04-24 16:18:20 +02:00
Julius Härtl 2eadf9d567
Do not create remember me cookie
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-04-23 19:12:54 +02:00
Roeland Jago Douma c870b6ab2e
Fix new routing in settings etc
Also prefix resources
Unify the prefix handling
Handle urls with and without slash

Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-04-22 13:09:25 +02:00
Roeland Jago Douma 8f650feede
Merge pull request #20114 from nextcloud/techdebt/noid/allow-some-apps-to-have-root-urls
Allow some apps to have root URLs in their own routing file
2020-04-21 16:00:34 +02:00
Julius Härtl 397ab1c3c5
Remove unneeded test since links have resharing permissions by default
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-04-21 14:35:29 +02:00
Roeland Jago Douma 6c603e8e7d
Move to subfolders for preview files
Else the number of files can grow very large very quickly in the preview
folder. Esp on large systems.

This generates the md5 of the fileid. And then creates folders of the
first 7 charts. In that folder is then a folder with the fileid. And
inside there are the previews.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-04-19 10:30:56 +02:00
Joas Schilling 250467e842
Extend tests for root url
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-04-18 11:21:28 +02:00
Roeland Jago Douma 16e6707f3f
Fix mailer test
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-04-17 16:39:49 +02:00
John Molakvoæ 36f9ad32f2
Merge pull request #20447 from liamjack/fix/13287/welcome_email
Increase max-height on button in welcome email template
2020-04-17 09:42:49 +02:00
Morris Jobke 840bed9a85
Fix tests
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-04-17 09:00:59 +02:00
blizzz d55f4183b5
Merge pull request #20505 from nextcloud/fix/noid/system-creds
do not advertise nulled userId for for systemwide credentials
2020-04-16 11:53:24 +02:00
Roeland Jago Douma bb4dedb015
Provide the proper language to the mailer
Else we can't properly translate the footer in the recipients e-mail
language.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-04-16 09:04:13 +02:00
Arthur Schiwon 5437844b7e
fix credentialsManager documentation and ensure userId to be used as string
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-04-15 19:34:23 +02:00
Arthur Schiwon f6cb452037
add DB tests for credentials manager
these are actually expected to FAIL, because NULL as a userid is not
allowed in the schema, but documented to be used on the source

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-04-15 16:44:28 +02:00
Morris Jobke 7fe8477830
Run cs:fix and fix HashWrapper code
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-04-15 14:08:56 +02:00
Joas Schilling 5c0637bc90
Merge pull request #20138 from nextcloud/bugfix/noid/make-remote-checking-more-generic
Make remote checking more generic
2020-04-15 12:48:49 +02:00
Roeland Jago Douma 95ad9ab4ac
Merge pull request #20401 from nextcloud/fix/login-sso-redirct
Fix absolute redirect
2020-04-15 11:28:40 +02:00
Roeland Jago Douma d63abebc93
Merge pull request #19351 from nextcloud/dav-upload-hash
Return hashes of uploaded content for dav uploads
2020-04-15 10:23:22 +02:00
Joas Schilling fd0c1a3bb2
Fix unit tests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-04-15 08:06:51 +02:00
Joas Schilling 5e402f8aae
Check all remotes for local access
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-04-14 18:56:06 +02:00
Daniel Kesselberg 0ccaec9841
Fix jsunit tests
JSUnit tests are failing for some reason. It seems to be related to a new karma-coverage version published a few hours ago.

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2020-04-14 11:55:12 +02:00
Robin Appelman c2677682c4
Return hashes of uploaded content for dav uploads
hashes are set in "X-Hash-MD5", "X-Hash-SHA1" and "X-Hash-SHA256" headers.

these headers are set for file uploads and the MOVE request at the end of a multipart upload.

Signed-off-by: Robin Appelman <robin@icewind.nl>
2020-04-13 12:57:27 +02:00
John Molakvoæ b5a30d5cd6
Merge pull request #20426 from nextcloud/techdebt/psr2
It is done
2020-04-11 08:21:35 +02:00
John Molakvoæ 97de425a17
Merge pull request #20419 from nextcloud/dependabot/npm_and_yarn/various
Bump p-limit from 2.2.2 to 2.3.0, @nextcloud/auth from 1.2.2 to 1.2.3, @babel/preset-env from 7.8.7 to 7.9.5, @nextcloud/event-bus from 1.1.3 to 1.1.4, @nextcloud/password-confirmation from 1.0.0 to 1.0.1, @nextcloud/l10n from 1.2.2 to 1.2.3, @nextcloud/initial-state from 1.1.1 to 1.1.2, core-js from 3.6.4 to 3.6.5 …
2020-04-11 08:18:14 +02:00
John Molakvoæ (skjnldsv) 0f135c7bd6
Bump acceptance tests
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2020-04-10 17:07:14 +02:00
Christoph Wurst 28f8eb5dba
Add visibility to all constants
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 16:54:27 +02:00
Christoph Wurst 1584c9ae9c
Add visibility to all methods and position of static keyword
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 16:51:06 +02:00
Christoph Wurst a7c8d26d31
Add visibility to all properties and move static keyword
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 16:48:31 +02:00
Christoph Wurst 1762a409f9
Merge pull request #20422 from nextcloud/techdebt/format-control-structs-classes-methods
Format control structures, classes, methods and function
2020-04-10 16:38:23 +02:00
Roeland Jago Douma eba3726e1e
Merge pull request #19495 from nextcloud/preview-generate-batch
optimize batch generation of previews
2020-04-10 15:57:06 +02:00
Christoph Wurst caff1023ea
Format control structures, classes, methods and function
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.

This also removes and empty lines from method/function bodies at the
beginning and end.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 14:19:56 +02:00
Robin Appelman 8f9bac26f8
fix preview generation tests
Signed-off-by: Robin Appelman <robin@icewind.nl>
2020-04-10 13:39:45 +02:00
Christoph Wurst 14c996d982
Use elseif instead of else if
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 10:35:09 +02:00
John Molakvoæ (skjnldsv) 6c49dc2d1f
Fix absolute redirect
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2020-04-10 08:58:54 +02:00
Christoph Wurst 3a415e4139
Remove space between switch case and colon
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 16:17:53 +02:00
Christoph Wurst a8a06a82d2
Remove trailing whitespaces from comments
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 16:09:23 +02:00
Christoph Wurst 44577e4345
Remove trailing and in between spaces
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 16:07:47 +02:00
Christoph Wurst afbd9c4e6e
Unify function spacing to PSR2 recommendation
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 13:54:22 +02:00
Christoph Wurst 2a529e453a
Use a blank line after the opening tag
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 11:50:14 +02:00
Christoph Wurst 41b5e5923a
Use exactly one empty line after the namespace declaration
For PSR2

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 11:48:10 +02:00
Christoph Wurst 2fbad1ed72
Fix (array) indent style to always use one tab
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 10:16:08 +02:00
blizzz e9795d01f1
Merge pull request #16035 from nextcloud/share-search-hide-on-match
dont show remote and email options if we have an exact match for local user email
2020-04-09 00:08:34 +02:00
Christoph Wurst 85e369cddb
Fix multiline comments
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-08 22:24:54 +02:00
Robin Appelman 01c147a4a5
dont show remote and email options if we have an exact match for local user email
Signed-off-by: Robin Appelman <robin@icewind.nl>
2020-04-08 16:11:09 +02:00
Azul 62f7e6ba81 tests: fix failing header acceptance test
The username is listed in a div with class `fullname` now.

Signed-off-by: Azul <azul@riseup.net>
2020-04-07 14:57:20 +02:00
Christoph Wurst 1e086064f5
Move legacy classes from PSR0 to PSR4
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-07 08:48:00 +02:00
Roeland Jago Douma f5919d5b83
Merge pull request #20033 from nextcloud/s3-seekable-stream
Enable fseek for files in S3 storage
2020-04-06 21:38:49 +02:00
Roeland Jago Douma 4a292126e5
Merge pull request #20139 from nextcloud/unify-default-value-for-restricting-user-enumeration-with-settings
Unify default value for restricting user enumeration with settings
2020-04-04 10:33:04 +02:00
Robin Appelman 3ba46f3b50
add basic tests for s3 seeking and add some error handling if reopen return the wrong range
Signed-off-by: Robin Appelman <robin@icewind.nl>
2020-04-01 15:23:05 +02:00
Robin Appelman f984512e33
fix tests
Signed-off-by: Robin Appelman <robin@icewind.nl>
2020-04-01 14:17:31 +02:00
Roeland Jago Douma 590849e4d7
Merge pull request #19858 from nextcloud/feature/webauthn
Add WebAuthn support
2020-03-31 22:55:13 +02:00
Roeland Jago Douma 53db05a1f6
Start with webauthn
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>
2020-03-31 22:17:07 +02:00
Roeland Jago Douma 84f3d2ddeb
[POC] Event for failed login attempts
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-03-31 21:41:02 +02:00
Christoph Wurst 463b388589
Merge pull request #20170 from nextcloud/techdebt/remove-unused-imports
Remove unused imports
2020-03-27 17:14:08 +01:00
Christoph Wurst b80ebc9674
Use the short array syntax, everywhere
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-26 16:34:56 +01:00
Christoph Wurst 25ab122245
Merge pull request #20172 from nextcloud/techdebt/phpunit-short-return
Use the shorter phpunit syntax for mocked return values
2020-03-26 09:25:19 +01:00
Christoph Wurst 2ee65f177e
Use the shorter phpunit syntax for mocked return values
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-25 22:21:27 +01:00
Christoph Wurst 74936c49ea
Remove unused imports
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-25 22:08:08 +01:00
Christoph Wurst 23eb0462e5
Use lowercase true, false and null constants
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-25 21:53:04 +01:00
Roeland Jago Douma b93e1e300e
Merge pull request #14722 from tacruc/GpgMailerHooks
Add Mailer events
2020-03-25 08:10:04 +01:00
Arne Hamann a16aa99586
Added Hook before Message is send
Signed-off-by: Arne Hamann <kontakt+github@arne.email>
2020-03-24 20:57:27 +01:00
Roeland Jago Douma 3b26bfe879
Merge pull request #20127 from nextcloud/bugfix/noid/check-user-on-remote-wipe
Check the user on remote wipe
2020-03-24 20:26:52 +01:00
Daniel Calviño Sánchez 4ec370016f Add acceptance test for restricting user enumeration to groups
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-03-24 14:42:52 +01:00