When the ownership of a user share is transfered to the receiver the
share is removed, as the receiver now owns the original file. However,
due to a missing condition, any share with a group, link or remote with
the same id as the user was removed, not only the user shares.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
When using fake servers with Sinon.JS, the JavaScript test framework,
the XHR objects are also fake. In Sinon 5.0.8 the "setRequestHeader" of
XMLHttpRequest was modified to normalize the header values (as requested
by the spec), but since then only string values are accepted; null or
integer values can no longer be passed to "setRequestHeader", as it
expects the "replace" function to be available in the object. However,
in the tests null and integer values are passed to "setRequestHeader",
which causes them to fail.
Both Firefox and Chromium accept passing non-string values to their
"setRequestHeader" implementation, and it is done, for example, in
davclient.js; it is not clear yet whether Sinon got too restrictive or
the code calling "setRequestHeader" was too loose. Given that
davclient.js is an external dependency, as a temporary measure Sinon
version is forced to be 5.0.7 at most until either Sinon or davclient.js
are updated.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
test creating comments with numeric user ids
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
fix creating comments when file is accessible to users with numeric ids
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
tests for systemtags related to numeric user ids
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
fix systemtags event with numeric user ids
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Overrides \Sabre\DAV\Auth\Backend\AbstractBearer::challenge to prevent sending a second WWW-Authenticate header which is standard-compliant but most DAV clients simply fail hard.
Fixes https://github.com/nextcloud/server/issues/5088
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
This allows adding rate limiting via annotations to controllers, as one example:
```
@UserRateThrottle(limit=5, period=100)
@AnonRateThrottle(limit=1, period=100)
```
Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Add test for basic deletion.
Add test when deleting from shared folder as recipient.
Add test to check that metadata stays when moving out of shared folder
as recipient.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
This helps massively reduce the numerous useless 401 exceptions that
appears in the test log. These appear only because Sabre first connects
without any auth type to receive the challenge and then sends the
authentication data.
With this change it will directly use basic auth.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
There is a bunch of javascript we always load from vendors. This
combines this into 1 javascript file. Which reduces the number of
request by ~10.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>