Commit Graph

10325 Commits

Author SHA1 Message Date
Joas Schilling 74a9cadc50
Fix IPv6 remote addresses from X_FORWARDED_FOR headers before validating
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-07-02 11:13:13 +02:00
Joas Schilling b997edad10
Add a dedicated method to get the language for another user
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-07-01 10:20:07 +02:00
Daniel Kesselberg 87dd760a89
Replace TYPE with TYPES
As TYPE::* is deprecated.

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2020-06-30 23:46:22 +02:00
Roeland Jago Douma 873be16c8d
Merge pull request #21588 from nextcloud/bug/21214/method-signature
Update presign method to match with interface again.
2020-06-30 20:36:30 +02:00
Roeland Jago Douma c709dda597
Merge pull request #21589 from nextcloud/debt/noid/wrong-exception-call
Set retry = false for forbidden exception.
2020-06-30 20:35:47 +02:00
Roeland Jago Douma bc29e361b2
Merge pull request #21596 from nextcloud/debt/noid/share-return-mismatch
Replace Share with IShare and add missing return
2020-06-30 19:40:26 +02:00
Robin Appelman da2d425044
add proper paths to locking exceptions
while some code paths do wrap the "raw" locking exception into one with a proper path, not all of them do
by adding the proper path to the original exception we ensure that we always have the usefull information in out logs

Signed-off-by: Robin Appelman <robin@icewind.nl>
2020-06-30 18:10:42 +02:00
Christoph Wurst 8e9726be5c
Log usages of the deprecated app.php file
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-06-30 09:43:40 +02:00
Daniel Kesselberg 4d44d6be2e
Replace Share with IShare and add missing return.
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2020-06-26 10:57:55 +02:00
Daniel Kesselberg e984357cfc
Set retry = false for forbidden exception.
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2020-06-25 23:34:41 +02:00
Daniel Kesselberg 8aa99aa8ff
Update presign method to match with interface again.
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2020-06-25 22:56:28 +02:00
Kevin Lanni c2f2eaf8cc
Add audio formats to htaccess
Signed-off-by: Kevin Lanni <therealklanni@gmail.com>
2020-06-24 20:33:51 -07:00
Roeland Jago Douma b6ce75066d
Merge pull request #21558 from nextcloud/part-file-rename-mask
relax permissions mask check for detecting part file rename
2020-06-24 21:05:07 +02:00
Joas Schilling a2f34f46b2
Fix tests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-06-24 18:13:37 +02:00
Joas Schilling 89ed2c37bf
Update share type constant usage
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-06-24 16:49:16 +02:00
Christoph Wurst 654cd18864
Merge pull request #20916 from nextcloud/feature/unified-search-api
Add unified search API
2020-06-24 15:38:03 +02:00
Christoph Wurst 27b8637e3e
Deprecate \OCP\ISearch
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-06-24 14:20:26 +02:00
Christoph Wurst f8e08a74ba
Implement unified search for Files
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-06-24 14:20:26 +02:00
Christoph Wurst 4488e846a5
Add unified search API
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-06-24 14:20:25 +02:00
Joas Schilling 7972a5fda6
Merge pull request #21525 from nextcloud/techdebt/noid/contacts-manager
Techdebt fix contacts manager
2020-06-24 13:55:31 +02:00
Robin Appelman 35d75dbb38
relax permissions mask check for detecting part file rename
with files drop uploads the original file name isn't always used for the '.ocTransferId' source path

Signed-off-by: Robin Appelman <robin@icewind.nl>
2020-06-24 13:06:14 +02:00
Joas Schilling 95652d4469
Fix language in share notes email for users
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-06-23 22:01:40 +02:00
Joas Schilling ad0731a63c
Make annotations case insensitive
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-06-23 20:18:23 +02:00
Joas Schilling 8ec1b8132e
Merge pull request #21452 from nextcloud/bugfix/21451/allow-autocomplete-by-displayname-again
Fix autocomplete for LDAP with `shareapi_only_share_with_group_members` on
2020-06-23 14:02:17 +02:00
Joas Schilling 404080abb4
More imports
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-06-22 11:10:44 +02:00
Joas Schilling 3997856d76
Fix code style
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-06-22 11:09:32 +02:00
Joas Schilling 7ed79b64b4
Fix undefined class "IAddressbook" on docs
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-06-22 11:08:23 +02:00
Roeland Jago Douma fbf9772a3e
Allow to specify the cookie type for appframework responses
In general it is good to set them to Lax. But also to give devs more
control over them is not a bad thing.

Helps with #21474

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-06-22 08:38:44 +02:00
Roeland Jago Douma 6ec8042d88
Merge pull request #21469 from nextcloud/bugfix/noid/event-service-listener-registration
Fix event service listener registration
2020-06-19 21:28:29 +02:00
Roeland Jago Douma 59093abfaf
Merge pull request #21483 from nextcloud/fix/scss/timeout
Give up after 10 seconds in SCSS timeout
2020-06-19 21:26:26 +02:00
Roeland Jago Douma 4768526b81
Give up after 10 seconds in SCSS timeout
Else we keep idling for ages which leads to bad UX

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-06-19 14:39:31 +02:00
Joas Schilling a7f26cfe28
Don't log Keys
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-06-19 13:44:27 +02:00
Christoph Wurst 2b7b7144d4
Allow crash reporters registration during app bootstrap
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-06-19 10:38:26 +02:00
Joas Schilling 9cf32a3999
Fix event service listener registration
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-06-18 15:00:19 +02:00
Joas Schilling 1151394739
Fix unit tests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-06-18 11:33:43 +02:00
Christoph Wurst 32bf95c774
Continue with next app when one errors during register
My patch at #21461 had a little error in that it exits the method when a
query exception is encountered during the register step of an app. What
we actually want is to continue with the next app and finish the overall
registration procedure.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-06-18 09:17:00 +02:00
Christoph Wurst 5ab5a5f89e
Catch all exceptions when an app is registering or booting
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-06-17 21:07:42 +02:00
Christoph Wurst 5bc8510b3b
Load the app.php before running apps' boot method
Some apps require the composer autoloader from app.php. If we run boot
before including that file, classes and functions from dependencies
won't be found.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-06-17 14:44:02 +02:00
Joas Schilling 9ff7a9c38e
Fix PHP CS
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-06-17 12:08:17 +02:00
Joas Schilling 2ec7b59688
Move back to IGroupManager::displayNamesInGroup()
The problem is that despite it's name IGroup::searchDisplayName()
only searches by userid and this is less fixable than changing back to this method here

Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-06-17 11:59:56 +02:00
Joas Schilling 3539bd1751
Merge pull request #21434 from nextcloud/bugfix/noid/dont-break-with-GenericEventWrapper
Don't break event listeners with the GenericEventWrapper
2020-06-17 11:55:14 +02:00
Christoph Wurst 6328053105
Merge pull request #21406 from nextcloud/fix/aws-disable-csm
Disable Client-Side Monitoring on AWS storage
2020-06-17 10:58:27 +02:00
Christoph Wurst 69571fb536
Add dedicated API for apps' bootstrapping process
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-06-17 09:22:21 +02:00
Joas Schilling c76fa60571
Don't break event listeners with the GenericEventWrapper
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-06-16 19:30:36 +02:00
Christoph Wurst 5e52c110bb
Merge pull request #21416 from nextcloud/fix/user-deleted-token-cleanup
Clean up auth tokens when user is deleted
2020-06-16 10:01:29 +02:00
Christoph Wurst 3474afa938
Clean up auth tokens when user is deleted
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-06-15 19:24:04 +02:00
Julius Härtl 294e40db5f
Avoid duplicate matches in wide and exact results
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-06-15 09:34:57 +02:00
Christoph Wurst 9d392891be
Disable Client-Side Monitoring on AWS storage
The S3 client enables this by default and then tries to read
`.aws/config`. This causes `open_basedir` restriction related error for
some setups. So this patch disables the CSM because it's most likely
unused anyway.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-06-15 09:13:08 +02:00
Joas Schilling b6d5979d0a
Increase timeout of the appstore requests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-06-12 13:01:06 +02:00
Robin Appelman e9b5514186
prevent the root storage from accidentally scanning user folders
while this scan *should* never be triggered, it's good to have some failsafe to ensure
that the users home contents don't end up getting scanned in the root storage

Signed-off-by: Robin Appelman <robin@icewind.nl>
2020-06-11 15:41:33 +02:00
Christoph Wurst a636aef585
Allow group search by display name
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-06-10 11:44:07 +02:00
Roeland Jago Douma 8bee8e1317
Merge pull request #21317 from FlorentCoppint/s3_upload_part_size
Upload part size as S3 parameter instead of constant value
2020-06-09 19:28:58 +02:00
Florent 3594ba6971 Upload part size as S3 parameter instead of constant value
Some S3 providers need a custom upload part size (500 MB static value in Nextcloud).
Here is a commit to change this value via S3 configuration, instead of using S3_UPLOAD_PART_SIZE constant.
A new parameter is added for an S3 connection : uploadPartSize

Signed-off-by: Florent <florent@coppint.com>
2020-06-09 09:18:42 +02:00
Robin Appelman e75797ad67
increase log level for storage self-test
Signed-off-by: Robin Appelman <robin@icewind.nl>
2020-06-08 18:12:49 +02:00
Christoph Wurst 5e1805d253
Fix missing parent constructor call and get_class usage in GenericEventWrapper
* The parent constructor was not called
* `get_class` does not allow null values in php7.2+

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-06-08 09:42:45 +02:00
Roeland Jago Douma 72a8e15d3a
Merge pull request #20914 from nextcloud/enh/deprecated_event_log_usage
Log usage of a deprecated event instead of emitting
2020-06-04 19:19:02 +02:00
Joas Schilling 69eda9c0f6
Prevent harder to share your root
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-06-03 14:47:38 +02:00
Roeland Jago Douma 43a0bf7215
Merge pull request #21155 from nextcloud/td/move_to_capabilities_package
Move to @nextcloud/capabilities package
2020-05-30 08:58:19 +02:00
Roeland Jago Douma 0209532638
Move to @nextcloud/capabilities package
And kill of oc_capabilities and _oc_capabilities globals

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-05-29 16:10:08 +02:00
Roeland Jago Douma 71b2f94101
Fix the loading order of the js files_info and files_client
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-05-29 15:43:45 +02:00
Roeland Jago Douma 251a4d3097
Merge pull request #21143 from nextcloud/fix-password-changes-in-link-and-mail-shares
Fix password changes in link and mail shares
2020-05-29 13:36:09 +02:00
Daniel Calviño Sánchez 45de42a6b8 Fix disabling send password by Talk without new password in mail shares
When "send password by Talk" was disabled in a mail share it was
possible to keep the same password as before, as it does not pose any
security issue (unlike keeping it when "send password by Talk" is
enabled, as in that case the password was already disclosed by mail).

However, if a mail share is updated but the password is not set again
only the hashed password will be available. In that case it would not
make sense to send the password by mail, so now the password must be
changed when disabling "send password by Talk".

Note that, even if explicitly setting the same password again along with
the "send password by Talk" property would work, this was also prevented
for simplicity.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-05-29 02:46:12 +02:00
Daniel Calviño Sánchez a426f84dbe Fix enabling send password by Talk with same password in mail shares
When "send password by Talk" is enabled in a mail share a new password
must be also set. However, when the passwords of the original and the
new share were compared it was not taken into account that the original
password is now hashed, while the new one is not (unless no new password
was sent, in which case the password of the original share was set in
the new share by the controller, but that was already prevented due to
both passwords being literally the same), so it was possible to set the
same password again.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-05-28 21:51:28 +02:00
Daniel Calviño Sánchez 7569590514 Fix enabling send password by Talk with empty password in link shares
When "send password by Talk" is enabled in a link share now a non empty
password is enforced.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-05-28 21:51:28 +02:00
Christoph Wurst 97e9823787
Document \OC_App::getAllApps return type
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-05-28 20:37:24 +02:00
Roeland Jago Douma 6aa6ab3e02
Add lazy events for the Node API
Right now if you want to get events via the Node API you have to have a
real instance of the Root. Which in turns sets up the whole FS.

We should make sure this is done lazy. Else enabling the preview
generator for example makes you setup the whole FS on each and every
authenticated call.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-05-28 12:35:45 +02:00
Christoph Wurst 5b92f35fe2
Log why a token is not valid during password check
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-05-27 09:58:44 +02:00
Christoph Wurst 2006a6dd0e
Improve traces of invalid token exceptions
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-05-27 09:21:47 +02:00
Roeland Jago Douma 4bada5c732
Merge pull request #21092 from nextcloud/enh/noid/recommended-apps
Update recommended apps
2020-05-25 20:47:20 +02:00
Roeland Jago Douma a6b0bed585
Merge pull request #21090 from nextcloud/bug/noid/do-not-read-cert-from-datadir-by-default
Do not read certificate bundle from data dir by default
2020-05-25 19:48:00 +02:00
Morris Jobke 18b0d753f2
Do not read certificate bundle from data dir by default
Before the resources/config/ca-bundle.crt was only used when the list of custom
certificates was empty and the instance was not installed. But it should also
be used when the list is empty and the instance is installed.

This is inverting the logic to stop if the instance is not installed to use the
default bundle. And it also does this when the list is empty.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-05-25 16:57:56 +02:00
Julius Härtl bde5b9577b
Update hub bundle and add proxy rule to htaccess
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-05-25 16:04:54 +02:00
Morris Jobke e57bca31ad
Merge pull request #20005 from joeried/occ-remove-bruteforce-attempts-by-ip
Implement occ command to reset bruteforce attemps from a given IP address
2020-05-25 14:04:18 +02:00
Morris Jobke bd997a105c
Fix code style
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-05-25 14:03:21 +02:00
Jaakko Salo b7dd278e24 Fix releasing a shared lock multiple times
Signed-off-by: Jaakko Salo <jaakkos@gmail.com>
2020-05-24 20:23:57 +03:00
Roeland Jago Douma 5e35594cb6
Merge pull request #20989 from nextcloud/td/js/move_core_files_webpack
Move core/js/files to webpack
2020-05-23 09:47:53 +02:00
Roeland Jago Douma 533cb6992b
Merge pull request #21065 from nextcloud/fix/cleanstatscache_before_fetching_metadata
Clear the statscache before fetching the metadata
2020-05-23 09:46:27 +02:00
Roeland Jago Douma 44d05bf356
Move core/js/files to webpack
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>
2020-05-22 20:28:31 +02:00
Roeland Jago Douma 4dacbbd66d
Log usage of a deprecated event instead of emitting
This way we can track down what is being used and migrate them over. And
slowly kill the old way in a release or 2.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-05-22 14:56:35 +02:00
Roeland Jago Douma fd805a0388
Merge pull request #20776 from nextcloud/enh/limit_group_queries
Improve group queries
2020-05-22 14:19:28 +02:00
Roeland Jago Douma 6b26744787
Clear the statscache before fetching the metadata
Else if a lot of writes happen. It might happen that an old stat result
is used. Resulting in a wrong file size for the file. For example the
text app when a lot of people edit at the same time.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-05-22 09:21:53 +02:00
Roeland Jago Douma cac844d915
Merge pull request #20814 from nextcloud/group-id-only
dont get the group details if we only ask for the id
2020-05-21 09:53:45 +02:00
Roeland Jago Douma 1c1b349473
Merge pull request #21018 from nextcloud/bug/20498/add-defaults-on-empty
Create account structure also for empty record
2020-05-21 09:47:19 +02:00
Morris Jobke 8123737a40
Revert "Compress the appstore requests by default"
This reverts commit 6ffde128ad.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-05-20 13:37:28 +02:00
Morris Jobke 8bcd1c31da
Allow gzip encoded requests by default
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-05-20 13:37:28 +02:00
Morris Jobke 6ffde128ad
Compress the appstore requests by default
In test it reduced the transfered data from 5 MB to 2 MB. This should reduce the load on the appstore significantly.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-05-20 09:51:07 +02:00
Morris Jobke 3e0d8df036
Cache appstore requests for 60 instead of 5 minutes
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-05-20 09:51:06 +02:00
Christoph Wurst 0556fe351a
Add a message to the log entry of an app being disabled
As an admin, it's always a surprise to see that an app got disabled. On
a busy server with many log entries, it's hard to locate the entry that
explains why Nextcloud disabled an app. Adding a message will make it
more obvious, allowing admins and developers to grep for the string.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-05-19 11:44:51 +02:00
Morris Jobke 3e65cc1bba
Merge pull request #21033 from nextcloud/enh/capabilities_initialstate
Provide capabilities via initialstate
2020-05-18 19:44:28 +02:00
Roeland Jago Douma e822c33a90
Provide capabilities via initialstate
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-05-18 16:20:25 +02:00
Morris Jobke 1bba7de28f
Merge pull request #21017 from nextcloud/enh/noid/clean-excluded-groups-list
Remove group from excluded_groups_list after delete
2020-05-18 14:24:18 +02:00
Daniel Kesselberg c6f770ea59
Create account structure also for empty record
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2020-05-17 15:30:36 +02:00
Daniel Kesselberg 16da29caba
Remove group from excluded_groups_list after delete
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2020-05-17 15:15:06 +02:00
Roeland Jago Douma d23c7fff2a
Merge pull request #20957 from nextcloud/Valdnet-patch-5
l10n: Adding "The" before "Following"
2020-05-15 19:44:04 +02:00
Morris Jobke 4e49e1da16
Allow TemplateResponse to be compressed
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-05-15 08:38:39 +02:00
Valdnet 8e3de41b4b l10n: Add "The" before "Following" 2020-05-15 14:26:50 +08:00
Morris Jobke e0d2cd40e7
Fix return code of AppConfig::deleteUserValue
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-05-13 14:55:00 +02:00
Roeland Jago Douma 12fa748c49
Move the notmodified check to middleware where it belongs
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-05-13 08:11:24 +02:00
Morris Jobke dee1d8737b
Merge pull request #20813 from nextcloud/lazy-folder
generalize the "lazy folder" concept
2020-05-12 14:25:22 +02:00
Christoph Wurst 12fe83cd43
Merge pull request #20858 from nextcloud/fix/20289/remember_webauth_names
Remember the webauthn name of devices
2020-05-12 14:06:20 +02:00