When a touch is done (i.e. when creating a new file in the node API)
The hooks contain 'write' and 'touch' (and the operation is touch as
well). This would cause a double write update. Which doesn't make sense.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
The second execute statement should be inside the if block. Else it gets
executed twice which makes no sense.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Fixes#12498
This means that we set that it is a proper app token once it is
validated. This will allow the 2FA middleware to just run the same
check.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* fixes#9305 by not being prone to the race condition in insertIfNotExists
* fixes#6899 by not using a query that can result in a deadlock
* replaces the insertIfNotExists call with an insert which is wrapped into a try-catch block
* followup to #12371
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* fixes#6160 by not being prone to the race condition in insertIfNotExists
* fixes#12228 by not using a query that can result in a deadlock
* replaces the insertIfNotExists call with an insert which is wrapped into a try-catch block
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Fixes#1020
When an external storage is shared with you in full the root is ''
(empty). This adds an extra check for an empty jail basically.
Because if the jail is on the empty string. It matches all paths.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Fixes#12131
If we hit an expired token there is no need to continue checking. Since
we know it is a token.
We also should not register this with the bruteforce throttler as it is
actually a valid token. Just expired. Instead the authentication should
fail. And buisness continues as usual.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
When using atoken obtained via OAuth the token expires. Resulting in
brute force attempts hitting the requesting IP.
This resets the brute force attempts for that UID on a valid refresh of
the token.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Before it quit right after finding the theme version of the l10n file which results in a not translated part of the UI.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Fixes#11637
If we do not normalize the unjailed path we might end up with a path
like files/user/folder/. which can break on objectstores
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
To allow us to create previews of files stored in appdata we need to
construct the view differently.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Fixes#11097
If your password hash changed (becuse your are on 7.2 and we moved to
ARGON2). Then we shold not 'set a new password' but just update the
hash. As else we invoke the password policy again which might lock out
users.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This is needed for the Global Scale setup to allow the master
node to perform different operations during login, depending
on the user management. Because in case of SAML, the authentication
at the idp happens at the master node.
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>