Commit Graph

340 Commits

Author SHA1 Message Date
Moritz Beck ea613a896a Allow "same-origin" as "Referrer-Policy"
Fixes #11531

Although "same-origin" is more strict than e.g. strict-origin it showed up a warning in setupcheck
Based on https://scotthelme.co.uk/a-new-security-header-referrer-policy/

Signed-off-by: Moritz Beck <git@birkenstab.de>
2018-10-20 12:01:48 +02:00
Morris Jobke 5f0887c1d5
Fix a misleading setup check for .well-known/caldav & carddav
The problem is that the version without the slash is the correct one.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-10-10 15:54:12 +02:00
Arthur Schiwon 72588b69bb
Backport of #11036 to stable14
fix check for more users

after a refactor users et al were undefined. The check condition was moved.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

don't user a higher paging size than max autocomplete entries are set

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

adjust and extend js unit tests

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-09-13 10:20:55 +02:00
John Molakvoæ (skjnldsv) 13230f180a
Fix jsunit
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-08-24 22:05:48 +02:00
Michael Weimann 2bab916c53
Adds license to files. Updates the branch.
Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
2018-08-20 20:46:23 +02:00
Morris Jobke 6d749bf021
Merge pull request #10700 from nextcloud/fix/10516/sharepermissions
Fix share dialog sidebar in share views
2018-08-20 17:14:12 +02:00
Morris Jobke 37869d9b2f
Merge pull request #10628 from nextcloud/feature/10154/app-directory-permission-check
Adds a permission check for app directories
2018-08-20 17:08:18 +02:00
Michael Weimann 7aed47f776
Adds tests for the memory checks
Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
2018-08-20 15:24:10 +02:00
Michael Weimann 1d2bc9c45e
Adds tests for the setup memory limit checks
Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
2018-08-20 15:24:10 +02:00
Arthur Schiwon be873c234b
adapt jsunit test
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-08-16 23:08:15 +02:00
John Molakvoæ (skjnldsv) 846b8572ed
Tests fixes
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-08-10 13:54:21 +02:00
Michael Weimann ebcfe33d0d
Extends the setup check js tests
Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
2018-08-09 19:48:39 +02:00
Joas Schilling 3f45ab97da
Improve URL detection
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-07-31 17:11:46 +02:00
John Molakvoæ (skjnldsv) 58debbe42c
Tests fixes and design bump
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-07-21 15:02:21 +02:00
John Molakvoæ (skjnldsv) 8d3f58c391
Jsunit fixes 1
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-07-20 23:38:04 +02:00
Morris Jobke 82021b2b1b
Merge pull request #5280 from nextcloud/shared-with-display-name
sharedWithDisplayName & sharedWithAvatar
2018-07-13 17:29:57 +02:00
Morris Jobke 83b1de4493
Fix unit tests - follow up to #10197
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-07-11 22:02:45 +02:00
Morris Jobke 3036b1d03d
Merge pull request #9895 from nextcloud/fed-group-shares
implement federated group sharing
2018-07-11 21:44:48 +02:00
Roeland Jago Douma 5262d60e94
Merge pull request #10197 from nextcloud/feature/9410/improve-opcache-feedback
Improve opcache feedback
2018-07-11 19:27:09 +02:00
Joas Schilling 72d17ff02c
Improve url detection in comments
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-07-11 16:23:56 +02:00
Cthulhux f6f49c77f7
opcache module check
Improved the speed of isOpcacheProperlySetup() (instant return instead of continuing when we're already failed), added a check for the opcache extension itself. Potentially fixes #9410

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-07-11 16:08:40 +02:00
Bjoern Schiessle f0aaf62b24
fix js tests
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-07-11 10:11:49 +02:00
Morris Jobke 9c4aecb539
Merge all setup checks into one controller
* renamed hasMissingIndexes to missingIndexes

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-06-13 15:25:08 +02:00
Morris Jobke cd87a40eb3
Merge pull request #9836 from nextcloud/feature/noid/merge-tips-and-tricks-into-setup-checks
Merge tips & tricks section into setup checks
2018-06-13 13:18:40 +02:00
Morris Jobke 4a0b7aaf6c
Merge tips & tricks section into setup checks
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-06-13 12:05:38 +02:00
Morris Jobke 624d191ef6
Fix wrong hint about missing indexes
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-06-13 11:56:43 +02:00
Roeland Jago Douma 4b70c9f89d
Add referrer policy setup check
Fixes #9122

Based on https://www.w3.org/TR/referrer-policy/ and
https://scotthelme.co.uk/a-new-security-header-referrer-policy/

Setting a sane Referrer-Policy will tell the browser if/when to send
referrer headers when accessing a link from Nextcloud. When configured
properly this results in less tracking and less leaking of (possibly)
sensitive urls

* Fix tests

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-04 09:21:35 +02:00
Maxence Lange 0009adae80 SharedWithDisplayName + SharedWithAvatar
Signed-off-by: Maxence Lange <maxence@nextcloud.com>
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-05-21 01:24:45 +02:00
Daniel Calviño Sánchez 1466586033 Fix ids of permission checkboxes for shares
The ids of permission checkboxes for shares were generated using the
"shareWith" field of the share. The "shareWith" field can contain spaces
(as spaces are allowed, for example, in user or circle names), so this
could cause the id attribute of the HTML element to contain spaces too,
which is forbidden by the HTML specification.

It is not just a "formal" issue, though; when the list was rendered, if
the id contained a space the selector to get the checkbox element was
wrong (as it ended being something like
"#canEdit-view1-name with spaces") and thus the initial state of the
checkbox was not properly set.

Besides that, "shareWith" can contain too single quotes, which would
even cause the jQuery selector to abort the search and leave the UI in
an invalid state.

Instead of adding more cases to the regular expression to escape special
characters and apply it too when the ids are created now the ids of
permission checkboxes for shares are based on the "shareId" field
instead of on "shareWith", as "shareId" is expected to always contain
compatible characters.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-04-18 15:25:23 +02:00
Daniel Calviño Sánchez 203bf51543 Keep showing the working icon while there are pending operations
Before, whenever a pending operation (getting the suggestions,
confirming a share or selecting a recipient) finished the working icon
was hidden and the confirm button was shown again, even if there were
other pending operations (the most common case is typing slowly on the
input field, as several operations to get the suggestions could pile if
the server response is not received fast enough). Now, the working icon
is not hidden until the last pending operation finishes.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-03-21 04:35:26 +01:00
Daniel Calviño Sánchez 6eb5cc5412 Reuse last suggestions if the same parameters are used
When a share is confirmed the suggestions are got to check if there is
an exact match. Usually the suggestions were already got with the same
parameters in order to fill the autocomplete dropdown, so to avoid a
superfluous request now the last suggestions are reused when got again,
although only if the same parameters as the last time are used.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-03-21 04:31:08 +01:00
Daniel Calviño Sánchez 10a4f8e45e Confirm a share also by pressing enter on the input field
Besides confirming a share by clicking on the confirm button now it is
possible to do it by pressing enter on the input field.

Clicking on the confirm button implicitly hides the autocomplete
dropdown. On the other hand, pressing enter on the input field does not,
so the autocompletion must be disabled and closed when the confirmation
begins and then enabled again once it finishes. Otherwise the
autocomplete dropdown would be visible and it would be possible to
interact with it while the share is being confirmed.

The order in which the input field and the autompletion are disabled is
important. Internally, the autocompletion sets a timeout when the input
field is modified that requests the suggestions to the server and then
shows them in the dropdown. That timeout is not cancelled when the
autocompletion is disabled, but when the input field loses its focus and
the autocompletion is not disabled. Therefore, the input field has to be
disabled (which causes it to lose the focus) before the autocompletion
is disabled. Otherwise it could happen that while a share is being
confirmed the timeout ends, so an autocompletion request is sent and
then, once the share is successfully confirmed and thus the
autocompletion is enabled again, the request is received and the
autocomplete dropdown is shown with the old suggestions. Strange, but
possible nevertheless ;-)

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-03-20 19:09:05 +01:00
Daniel Calviño Sánchez 9371b61c4d Add a share when clicking on the confirm button
Clicking on the confirm button now adds a share, but only if there is
just a single exact match. If there are no exact matches or there is
more than one exact match no share is added, and the autocomplete
dropdown is shown again with all the suggestions.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-03-20 19:09:05 +01:00
Daniel Calviño Sánchez 5e2a8cca1b Return also exact matches besides all suggestions
"_getSuggestions" returned all the suggestions from the server, which
are composed by exact matches and partial matches. Now the exact matches
are also returned on their own parameter. This will be used by the
button to confirm a share.

Note that until now the order of the suggestions was "exact users,
partial users, exact groups, partial groups, exact..."; this commit also
changes that order to become "exact users, exact groups, exact...,
partial users, partial groups, partial...". This is not a problem, as
the suggestions were used in the autocomplete dropdown, and this new
order is arguably better than the old one, as all exact matches appear
now at the beginning.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-03-20 19:09:04 +01:00
Daniel Calviño Sánchez 1c440519c2 Show an error when getting the suggestions succeeds with failure content
Instead of silently failing now an error is shown to the user when the
ajax call to get the suggestions succeeds yet it returns failure content
(for example, if an "OCSBadRequestException" was thrown in the server).

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-03-20 19:09:04 +01:00
Daniel Calviño Sánchez ed1452d7a0 Use "showTemporary" instead of explicitly hiding the notification
"OC.Notification.hide" expects the notification to be hidden to be
passed as an argument. As it was being used to show a temporary
notification the combination of "OC.Notification.show" and
"OC.Notification.hide" was replaced by a single call to
"OC.Notification.showTemporary".

The timeout could have been specified in the options of the call, but it
was left to the default value (7 seconds) for consistency with other
notifications.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-03-20 19:09:04 +01:00
Daniel Calviño Sánchez fcef15af80 Move stub setup outside the test method
Stubs should be restored outside the test method in which they are used
to ensure that they are properly restored no matter the result of the
test (for example, if an exception is thrown).

Besides that, this will make possible to reuse the stub in other sibling
tests without having to explicitly setup it in them.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-03-20 19:09:04 +01:00
Daniel Calviño Sánchez 3980364b6d Add autocompletion tests for each type of share
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-03-20 19:09:04 +01:00
Daniel Calviño Sánchez 8af9c553e6 Add tests for exact search results already shared with
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-03-20 19:09:04 +01:00
Daniel Calviño Sánchez 375eab9df3 Add tests for emails and circles already shared with
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-03-20 19:09:04 +01:00
Daniel Calviño Sánchez 6fef01c481 Adjust search term to test
As the server response is faked the search term is ignored in the tests.
However, it is clearer to use a search term that would make the server
return what the faked response contains.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-03-20 19:09:03 +01:00
Jan-Christoph Borchardt ce7775acd0 Replace information icon with confirmation button in share input
The confirmation button right now is just an icon; its behaviour will be
added in the following commits.

Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2018-03-20 19:09:03 +01:00
Christoph Wurst b9720703e8 Add CSRF token controller to retrieve the current CSRF token
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-03-08 16:48:50 +01:00
Vincent Petry 7466468af1
Fix share capabilities JS tests
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-02-27 12:29:25 +01:00
Maximilian Wende 7c453b2425
Update tests for indeterminate state, fix slashes not being escaped
Signed-off-by: Maximilian Wende <dasisdormax@mailbox.org>
2018-02-16 11:42:41 +01:00
Allan Nordhøy 29d68d7a35
There was an error loading → could not load 2018-01-20 09:15:50 +01:00
Allan Nordhøy e81f30b124
Spelling: FreeType 2018-01-14 16:01:23 +01:00
Roeland Jago Douma 03a7d9bbfa
Merge pull request #7635 from Abijeet/bug-7106
Fixes password input being prompted every time.
2018-01-10 20:10:40 +01:00
Daniel Calviño Sánchez 9c22e99331 Add extra test cases for password confirmation
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-01-10 16:42:25 +01:00
Abijeet b246ca96ff Added test cases for the fix for the password confirmation box appearing repeatedly.
Signed-off-by: Abijeet <abijeetpatro@gmail.com>
2018-01-10 16:41:27 +01:00