9ce3ea3368
Update license headers
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-12-30 14:07:05 +01:00
c96bb21ab9
Merge pull request #24903 from nextcloud/enh/psalm-ocp
...
Add dedicated baseline for OCP
2020-12-30 13:23:25 +01:00
fe65f8facf
Add dedicated baseline for OCP
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-12-30 11:06:00 +01:00
2ac0e89b05
Merge pull request #24895 from nextcloud/make-integration-tests-work-with-both-php-7.3-and-7.4
...
Make integration tests work with both PHP 7.3 and 7.4
2020-12-30 10:51:58 +01:00
28f2d0ec7a
Make integration tests work with both PHP 7.3 and 7.4
...
The "Trashbin" and "WebDav" traits were using each other in a circular
dependency ("WebDav" -> "Sharing" -> "Provisioning" -> "BasicStructure"
-> "Trashbin" -> "WebDav"). In PHP 7.3 this worked fine, but in PHP 7.4
the fatal error "Trait 'WebDav' not found in .../Trashbin.php" was
thrown. To solve this now the "TrashBin" trait no longer explicitly uses
"WebDav".
However, due to this change, the class using "TrashBin" is now expected
to also use "WebDav". As the "Trashbin" trait was not needed by most
contexts using the "BasicStructure" trait "Trashbin" was removed from it
and added only to those contexts that actually need it.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-12-30 06:01:38 +01:00
4ceeaccdd9
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-12-30 04:42:04 +00:00
04a65121b7
Merge pull request #23958 from nextcloud/dependabot/npm_and_yarn/build/node-sass-5.0.0
2020-12-29 11:21:14 +00:00
35aa34a1fd
Merge pull request #24533 from nextcloud/dependabot/composer/icewind/streams-0.7.2
...
Bump icewind/streams from 0.7.1 to 0.7.2
2020-12-29 11:24:37 +01:00
9e5f167d9a
Bump node-sass from 4.14.1 to 5.0.0 in /build
...
Bumps [node-sass](https://github.com/sass/node-sass ) from 4.14.1 to 5.0.0.
- [Release notes](https://github.com/sass/node-sass/releases )
- [Changelog](https://github.com/sass/node-sass/blob/master/CHANGELOG.md )
- [Commits](https://github.com/sass/node-sass/compare/v4.14.1...v5.0.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-12-29 10:01:34 +00:00
73c7d0dc81
Bump icewind/streams from 0.7.1 to 0.7.2
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-12-29 09:07:36 +01:00
c7a320d880
jsunit: Run jsunit with chromium/puppeteer on github actions
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-12-29 08:42:27 +01:00
3570ca82cf
Update the Psalm baseline
...
Some issues were resolved, hence every CI run shows this diff.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-12-22 17:44:16 +01:00
adc4f1a811
Merge pull request #22916 from J0WI/unifiy-links-to-php.net
...
Unify links to php.net
2020-12-22 09:53:31 +01:00
d89a75be0b
Update all license headers for Nextcloud 21
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-12-16 18:48:22 +01:00
815b39f5bc
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-12-16 04:33:17 +00:00
78079839be
[Security] Bump ini from 1.3.5 to 1.3.7 in /build
...
Bumps [ini](https://github.com/isaacs/ini ) from 1.3.5 to 1.3.7. **This update includes a security fix.**
- [Release notes](https://github.com/isaacs/ini/releases )
- [Commits](https://github.com/isaacs/ini/compare/v1.3.5...v1.3.7 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-12-10 18:12:25 +00:00
3c693db0ca
Merge pull request #24605 from nextcloud/enh/share-deck
...
Add deck share provider support
2020-12-10 14:30:08 +01:00
a0444bc69c
Merge pull request #24247 from nextcloud/bugfix/noid/ocm-providerId-string
2020-12-09 17:25:59 +01:00
b8d2a00b74
Update psalm baseline
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-12-09 13:20:25 +01:00
59f9e7f340
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-12-09 04:31:11 +00:00
86a3b7e7bf
Merge pull request #24486 from nextcloud/feature/noid/phone-number-validation
...
Phone number validation and search
2020-12-08 17:05:38 +01:00
b7326046c6
Update psalm baseline
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-12-08 16:06:13 +01:00
a9ee98e070
Update psalm baseline
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-12-07 15:44:05 +01:00
d0750df20c
Unit tests for searching by phone number
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-12-07 14:19:38 +01:00
46b073d7ce
Add a config for default region of phone numbers
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-12-07 14:19:38 +01:00
689e3a502d
Add an integration test for the phone search API
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-12-07 14:19:38 +01:00
b4b3276a5b
Add integration tests for getting guest avatars
...
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-12-07 04:48:00 +01:00
1552add4ca
Add integration tests for resized user avatars
...
Even on solid color images the resizing can cause some small artifacts
that slightly modify the color of certain pixels. Due to this now the
color comparison is no longer strict but fuzzy.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-12-07 04:48:00 +01:00
2cc22a06b4
Add integration tests for user avatars
...
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-12-07 04:47:56 +01:00
184742e6ff
Make possible to set body in requesttoken requests in integration tests
...
"sendingAToWithRequesttoken" needs to be used to test some non OCS
endpoints which require the request token to be sent in the request. Now
it is possible to specify the body (or, rather, additional contents
beside the cookies and the request token) for those requests, as it will
be needed for example to upload an avatar.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-12-07 04:32:00 +01:00
b553b43b68
Make possible to send requests as anonymous users in integration tests
...
Until now requests always had "auth" headers either for an admin or a
regular user, depending on the value of "currentUser". Now, if
"currentUser" starts by "anonymous" no "auth" header is sent, which
makes possible to also test requests with users not logged in.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-12-07 04:32:00 +01:00
a1a4fa2ac2
Always install composer v2
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-12-04 10:11:02 +01:00
fbc06d39c7
Merge pull request #24429 from nextcloud/3rdparty/closure
...
[3rdparty] Migrate to Opis/Closure
2020-12-03 08:44:53 +01:00
3c606cbec3
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-12-03 04:29:05 +00:00
40ebe24960
Update psalm-baseline.xml
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-12-02 20:27:14 +01:00
4deff37a3c
Merge pull request #23278 from nextcloud/enh/noid/user-limits
...
Allow subscription to indicate that a userlimit is reached
2020-12-02 18:22:13 +01:00
32f6bdf067
Merge pull request #24396 from nextcloud/dont-use-system-composer
...
dont use system composer for autoload checker
2020-12-02 16:15:55 +01:00
d87705a894
Allow subscription to indicate that a userlimit is reached
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-12-02 15:20:03 +01:00
ef016f71c3
cleanup after autoloader generation
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2020-12-02 15:02:56 +01:00
5427acec98
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-12-01 04:28:53 +00:00
f94741ddee
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-11-29 04:27:32 +00:00
3e2e694ea9
dont use system composer for autoload checker
...
this ensures that the same composer version is used by everyone (and ci)
Signed-off-by: Robin Appelman <robin@icewind.nl>
2020-11-26 15:48:46 +01:00
fda21b35c4
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-11-24 04:25:08 +00:00
47ac8e0028
Add Psalm Taint Flow Analysis
...
This adds the Psalm Security Analysis, as described at
https://psalm.dev/docs/security_analysis/
It also adds a plugin for adding input into AppFramework.
The results can be viewed in the GitHub Security tab at
https://github.com/nextcloud/server/security/code-scanning
**Q&A:**
Q: Why do you not use the shipped Psalm version?
A: I do a lot of changes to the Psalm Taint behaviour. Using released
versions is not gonna get us the results we want.
Q: How do I improve false positives?
A: https://psalm.dev/docs/security_analysis/avoiding_false_positives/
Q: How do I add custom sources?
A: https://psalm.dev/docs/security_analysis/custom_taint_sources/
Q: We should run this on apps!
A: Yes.
Q: What will change in Psalm?
A: Quite some of the PHP core functions are not yet marked to propagate
the taint. This leads to results where the taint flow is lost. That's
something that I am currently working on.
Q: Why is the plugin MIT licensed?
A: Because its the first of its kind (based on GitHub Code Search) and
I want other people to copy it if they want to. Security is for all :)
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2020-11-20 23:12:00 +01:00
774350c610
Bump vimeo/psalm from 4.1.1 to 4.2.0
...
Bumps [vimeo/psalm](https://github.com/vimeo/psalm ) from 4.1.1 to 4.2.0.
- [Release notes](https://github.com/vimeo/psalm/releases )
- [Commits](https://github.com/vimeo/psalm/compare/4.1.1...4.2.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-11-20 09:07:01 +01:00
9163790b7c
Set frame-ancestors to none if none are filled
...
frame-ancestors doesn't fall back to default-src. So when we apply a
very restricted CSP we should make sure to set it to 'none' and not
leave it empty.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-11-18 10:13:36 +01:00
e93a76962c
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-11-17 04:22:33 +00:00
426dc68b45
Merge pull request #24069 from nextcloud/fix-default-internal-expiration-date
...
Fix default internal expiration date
2020-11-16 14:13:56 +01:00
28c57004dd
Add integration tests for creating shares with default expiration dates
...
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-11-16 08:54:19 +01:00
4f5271acf9
Reset app configs by deleting the values instead of setting the defaults
...
This avoids the need to keep the default values in the integration tests
in sync with the code, and also makes possible to reset values with
"dynamic" defaults (defaults that depend on other values).
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-11-16 08:54:19 +01:00
aa967d798c
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-11-14 04:21:44 +00:00
05cd789e9d
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-11-13 04:22:06 +00:00
e39d657e24
Merge pull request #23882 from nextcloud/tests/oracle
...
Run unit tests against oracle
2020-11-11 10:05:24 +01:00
ee852d7e0e
Add integration tests for default share permissions
...
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-11-11 02:31:25 +01:00
6883676ad4
Update baseline, I'm sorry
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-11-10 15:55:06 +01:00
e35329176d
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-11-10 04:18:47 +00:00
c8822508de
Merge pull request #23967 from nextcloud/dependabot/composer/build/integration/behat/behat-approx-3.8.0
...
Update behat/behat requirement from ~3.7.0 to ~3.8.0 in /build/integration
2020-11-09 19:54:41 +01:00
63c68d49c7
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-11-08 04:26:59 +00:00
610c22d2ca
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-11-07 04:26:22 +00:00
d2aeeddce7
Update behat/behat requirement in /build/integration
...
Updates the requirements on [behat/behat](https://github.com/Behat/Behat ) to permit the latest version.
- [Release notes](https://github.com/Behat/Behat/releases )
- [Changelog](https://github.com/Behat/Behat/blob/master/CHANGELOG.md )
- [Commits](https://github.com/Behat/Behat/compare/v3.7.0...v3.8.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-11-07 02:40:59 +00:00
4c61d52879
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-11-06 04:25:56 +00:00
0a1f4549e7
Check InvalidArgument psalm error into baseline - PHPDoc needs to be improved
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-05 13:49:25 +01:00
3929dc24c9
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-11-04 04:24:19 +00:00
4bbd6ceefd
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-11-03 04:23:30 +00:00
f8739b327a
Update psalm-baseline.xml
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-02 10:14:07 +01:00
7410489e86
Update psalm baseline
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-10-30 10:49:57 +01:00
f438ee40a4
Revert "[Automated] Update psalm-baseline.xml"
2020-10-30 10:36:46 +01:00
ac8a5ca18c
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-10-30 04:18:38 +00:00
92be66cff2
Fix the expected output
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-10-27 09:11:36 +01:00
c5d0c8ce12
Simplify the function looking for output
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-10-27 09:11:19 +01:00
dd3d5829e7
This is not javascript
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-10-26 17:06:32 +01:00
46e3ea4e41
Fix undefined variable
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-10-26 16:37:54 +01:00
d08dca4ee5
Update baseline
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2020-10-22 14:44:38 +02:00
3ecfaca85f
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-10-21 04:30:21 +00:00
8f813c691d
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-10-20 04:29:45 +00:00
8005fd6f19
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-10-16 04:28:48 +00:00
2c40d2cf45
Bump vimeo/psalm from 3.15 to 3.17.1
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-10-14 11:47:54 +02:00
081e9ac47f
Use own psalm instead of a global one
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-10-13 17:55:37 +02:00
035346a5d3
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-10-13 04:28:02 +00:00
953c6eda28
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-10-11 04:27:09 +00:00
7896b20100
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-10-09 04:27:56 +00:00
ab6f6f7149
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-10-07 04:26:43 +00:00
c2a6893033
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-10-06 04:27:00 +00:00
482b42c4a7
Merge pull request #22891 from nextcloud/techdebt/18680/improve-ProvisioningApiMiddleware-service-logic
...
Improve registerService logic for ProvisioningApiMiddleware for static code analysis
2020-10-05 21:50:50 +02:00
d9015a8c94
Format code to a single space around binary operators
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-10-05 20:25:24 +02:00
8c2fe6df0a
Bump jsdoc from 3.6.5 to 3.6.6 in /build
...
Bumps [jsdoc](https://github.com/jsdoc/jsdoc ) from 3.6.5 to 3.6.6.
- [Release notes](https://github.com/jsdoc/jsdoc/releases )
- [Changelog](https://github.com/jsdoc/jsdoc/blob/3.6.6/CHANGES.md )
- [Commits](https://github.com/jsdoc/jsdoc/compare/3.6.5...3.6.6 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2020-09-26 01:16:20 +00:00
f7e5ba6116
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-09-25 04:24:37 +00:00
7b9a40b407
Add integration tests to check that only the given path is transferred
...
Until recently (it was fixed in ac2999a26a
2020-09-18 18:35:06 +02:00
c4c602ee80
Add integration tests for transferring files of a user with a risky name
...
The files:transfer-ownership performs a sanitization of users with
"risky" display names (including characters like "\" or "/").
In order to allow (escaped) double quotes in the display name the
regular expression used in the "user XXX with displayname YYY exists"
step had to be adjusted.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-09-18 18:34:30 +02:00
5e143845cb
Add integration test for transferring the path of a single file
...
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-09-18 18:32:23 +02:00
281f0d6793
Update psalm baseline
...
Signed-off-by: GitHub <noreply@github.com>
2020-09-18 04:23:58 +00:00
68ce17e59b
Unify links to php.net
...
Update all links to https://www.php.net/
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
2020-09-17 17:40:04 +02:00
a65b431f51
Update baseline
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-09-16 17:02:44 +02:00
c6948c2517
Update baseline
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-09-16 16:54:10 +02:00
04a3580d19
Remove phan config - was replaced by Psalm
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-09-16 14:46:29 +02:00
1c9a898875
Merge pull request #22761 from nextcloud/extend-integration-tests-for-files-transfer-ownership-command
...
Extend integration tests for "files:transfer-ownership" command
2020-09-14 17:50:53 +02:00
04c174ab89
Merge pull request #22665 from nextcloud/dependabot/composer/build/integration/behat/behat-approx-3.7.0
...
Update behat/behat requirement from ~3.6.1 to ~3.7.0 in /build/integration
2020-09-10 12:52:31 +02:00
58d57b35ea
Add integration tests for transferring ownership of reshares
...
Currently only transferring ownership of a reshare with a group to a
user in the group is possible.
When transferring ownership of a reshare with another user or with a
group to a user not in the group restoring the share fails (but the
command succeeds, it only fails for the specific files that are
reshares).
When transferring ownership of a path that is a reshare the command
fails (as when a specific path is provided the path tries to move the
file, it does not take into account reshares).
The added integration tests reflect the above behaviours.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-09-10 04:34:33 +02:00
0ce8096839
Check share ownership after transferring file ownership
...
The integration tests did not verify that the shares were actually
transferred between the users (or that they were removed due to being
transferred to the sharee).
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-09-10 04:24:16 +02:00
d3d01d6355
Check whether file exists or not after transferring ownership
...
The integration tests did not verify that the files were actually
transferred between the users, only that the files were downloadable.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2020-09-10 04:18:53 +02:00
Christoph Wurst
Roeland Jago Douma
Roeland Jago Douma
Daniel Calviño Sánchez
Nextcloud-PR-Bot
dependabot-preview[bot]
Christoph Wurst
Julius Härtl
Joas Schilling
Joas Schilling
Morris Jobke
Robin Appelman
Lukas Reschke
Daniel Kesselberg
J0WI