mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
40,736 Commits 349 Branches 696 Tags 1.6 GiB
Commit Graph

14488 Commits

Author SHA1 Message Date
Tobia De Koninck 92c238e0f0
Privacy enhancements for contacts menu 
- Groups, which are excluded from sharing should not see local users at all
 - If sharing is restricted to users own groups, he should only see contacts from his groups:

Signed-off-by: Tobia De Koninck <tobia@ledfan.be>
 2017-09-15 14:31:39 +02:00
Nextcloud bot 113fd47f30
[tx-robot] updated from transifex 2017-09-15 00:08:08 +00:00
John Molakvoæ (skjnldsv) 1a0ac912b2
Fix webroot throw 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2017-09-14 08:41:10 +02:00
Nextcloud bot 7698781a1e
[tx-robot] updated from transifex 2017-09-14 00:08:12 +00:00
Morris Jobke 883574974d Merge pull request #6458 from nextcloud/rethrow-correct-exception 
Rethrow the correct exception when there was an error in an app conta…
 2017-09-14 00:32:13 +02:00
Lukas Reschke 8ef4fcb4b7 Merge pull request #6452 from lukanetconsult/hotfix/issue-6415-undefined-variable 
Fix undefined variable $tmpRoot
 2017-09-13 22:42:42 +02:00
Nextcloud bot 5ce3c7003b
[tx-robot] updated from transifex 2017-09-13 00:08:12 +00:00
Roeland Jago Douma 9163cf9241
Fix AppPassword 2FA auth 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-09-12 22:28:43 +02:00
Axel Helmert 01d4967130 Fix undefined variable $tmpRoot 
Refactoring of webroot detection left an unused variable.

Fixes: #6415
Signed-off-by: Axel Helmert <info@luka.de>
 2017-09-12 12:14:27 +02:00
Joas Schilling c4b3198ac2
Rethrow the correct exception when there was an error in an app container 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-09-12 11:54:13 +02:00
Julius Härtl 8391ca8792
Use IAppManager instead of private API 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2017-09-12 09:28:22 +02:00
Julius Härtl b49ab065b7
Move theming related imagePath logic to ThemingDefaults 
Signed-off-by: Julius Haertl <jus@bitgrid.net>
 2017-09-12 09:22:57 +02:00
Lukas Reschke 88731848c6 Merge pull request #6435 from nextcloud/add-exception-to-phpdoc 
Add exceptions to PHPDoc of interface
 2017-09-11 13:01:41 +02:00
William Pain 9a63ded43b
Fix uninitialized variable $this->params 
Signed-off-by: William Pain <pain.william@gmail.com>
 2017-09-11 10:01:12 +02:00
Lukas Reschke b97f48f1af
Add exceptions to PHPDoc of interface 
Improves static code analysis here and also keeps expectations proper.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-09-10 20:01:36 +02:00
Nextcloud bot 3f6692ee24
[tx-robot] updated from transifex 2017-09-10 00:08:23 +00:00
Morris Jobke 8a79d0cc70 Merge pull request #6414 from nextcloud/share-notification-wrong-language 
Use the language of the recipient for the share notification
 2017-09-08 19:15:05 +02:00
Morris Jobke 75c38d5d98 Merge pull request #6416 from nextcloud/make-sure-sqlite-works-without-content 
Ask the schema whether the table and column exist
 2017-09-08 19:09:38 +02:00
Morris Jobke e9c713902e Merge pull request #6417 from nextcloud/proper-english-nowhave 
Improve text: 'you have now' -> 'you now have'
 2017-09-08 18:29:22 +02:00
Leon Klingele 8e46e6b827
Improve text: 'you have now' -> 'you now have' 
Signed-off-by: Leon Klingele <leon@struktur.de>
 2017-09-08 13:47:11 +02:00
Joas Schilling 29e1aa57e1
Ask the schema whether the table and column exist 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-09-08 11:45:16 +02:00
Joas Schilling 7e625a8d22
Use the language of the recipient for the share notification 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-09-08 10:48:16 +02:00
Nextcloud bot 194f880073
[tx-robot] updated from transifex 2017-09-08 00:08:16 +00:00
Lukas Reschke bab313da5d Merge pull request #6360 from nextcloud/fix/session-timeout-refresh-csrf-token 
Fix failing csp/nonce check due to timed out session
 2017-09-07 19:51:59 +02:00
Lukas Reschke 11c7a98a2a Merge pull request #6380 from nextcloud/cleanup-oci-setup 
cleanup oci setup code
 2017-09-07 14:11:55 +02:00
Morris Jobke 485e22acde Merge pull request #6329 from nextcloud/ldap-password 
Don't log LDAP password when server is not available
 2017-09-07 09:25:56 +02:00
tux-rampage 7a33b9273e Refactor webroot detection in resource locator 
The current implementation breaks installations with symlinks to
directories inside the webroot (i.E. apps).

With this change both variants, directory and symlinks, will be detected
correctly.

Fixes: #6028
Signed-off-by: Axel Helmert <axel.helmert@luka.de>
 2017-09-06 21:32:48 +02:00
Morris Jobke a10c4517cb Merge pull request #5571 from Luzifer/5570_backend_admin 
Allow group backend to declare users as admins
 2017-09-06 19:50:52 +02:00
Morris Jobke 5d4540f179 Merge pull request #6364 from nextcloud/fix_login_loop 
Fix login with basic auth
 2017-09-06 17:04:00 +02:00
Joas Schilling b68609d0cf
Don't log LDAP password when server is not available 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-09-06 16:38:55 +02:00
Robin Appelman 2c0efae30f
cleanup oci setup code 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-09-06 15:55:05 +02:00
Nextcloud bot 9d930210ee
[tx-robot] updated from transifex 2017-09-06 00:08:21 +00:00
Morris Jobke 15cd21d252 Merge pull request #6358 from nextcloud/fix-mixup-of-id-and-name 
Set the meta data before everything
 2017-09-05 16:08:57 +02:00
Knut Ahlers 586cefc4f1
Add @since tag to constant 
Signed-off-by: Knut Ahlers <knut@ahlers.me>
 2017-09-05 15:49:13 +02:00
Roeland Jago Douma b96485b6bd
Fix login with basic auth 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-09-05 12:24:41 +02:00
Christoph Wurst 87aeae21e3
Fix failing csp/nonce check due to timed out session 
The CSP nonce is based on the CSRF token. This token does not change,
unless you log in (or out). In case of the session data being lost,
e.g. because php gets rid of old sessions, a new CSRF token is gen-
erated. While this is fine in theory, it actually caused some annoying
problems where the browser restored a tab and Nextcloud js was blocked
due to an outdated nonce.
The main problem here is that, while processing the request, we write
out security headers relatively early. At that point the CSRF token
is known/generated and transformed into a CSP nonce. During this request,
however, we also log the user in because the session information was
lost. At that point we also refresh the CSRF token, which eventually
causes the browser to block any scripts as the nonce in the header
does not match the one which is used to include scripts.
This patch adds a flag to indicate whether the CSRF token should be
refreshed or not. It is assumed that refreshing is only necessary
if we want to re-generate the session id too. To my knowledge, this
case only happens on fresh logins, not when we recover from a deleted
session file.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2017-09-04 17:29:26 +02:00
Morris Jobke e0c92c2da3
Update autoloader 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-09-04 15:42:34 +02:00
Joas Schilling 6dbb64c4a2
Merge setMetaData into constructor 
This ensures that the meta data is set in the beginning

Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-09-04 15:07:41 +02:00
Morris Jobke 4fd3240b5f Merge pull request #6254 from nextcloud/async-bus-split 
Allow configuring different command bus backends
 2017-09-04 14:22:06 +02:00
Morris Jobke 1ebf91ec16
Add proper EOL 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-09-04 14:21:44 +02:00
Morris Jobke c04a494ea7 Merge pull request #6064 from nextcloud/fix-5219-absolute-path-must-be-relative-to-files-on-theming-update 
Still throw a locked exception when the path is not relative to $user/files/
 2017-09-04 14:05:34 +02:00
Roeland Jago Douma c4f175d079 Merge pull request #6326 from nextcloud/fix_4654_3375 
Pass new value to triggerChange
 2017-09-04 12:03:19 +02:00
Morris Jobke 139f9bd3ca Merge pull request #6331 from nextcloud/update-repair-step 
Generate system wide key pair (update repair step after backport)
 2017-09-04 11:59:34 +02:00
Bjoern Schiessle e195021926
update autoloader 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2017-09-04 11:59:00 +02:00
Morris Jobke e33aa460f1 Merge pull request #6297 from te-online/add-mimetype-internet-shortcut 
Add mimetype application/internet-shortcut for .url files
 2017-09-04 11:55:05 +02:00
Julius Härtl b09ce70117
Rebuild SCSS files if frontend controller value changes 
fixes #6271
 2017-09-03 17:32:41 +02:00
Nextcloud bot 27c6dc9657
[tx-robot] updated from transifex 2017-09-02 00:08:29 +00:00
Bjoern Schiessle e039a4c191
move repair step to stable12 
because we decided to backport it the repair step needs to be executed
already on stable12

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2017-09-01 11:05:11 +02:00
Roeland Jago Douma ffe1429c4f
Pass new value to triggerChange 
it is not used. but pass in the empty string (on delete) and the new
file (on create)

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-08-31 21:59:27 +02:00
Thomas Ebert 93d539b0cf Add mimetype support for .URL (Windows) and .webloc (macOS) files. Update places/link svg. Add filetype/link icon. Add repair step for mime types. 
Signed-off-by: Thomas Ebert <thomas.ebert@te-online.net>
 2017-08-31 16:53:07 +02:00
Roeland Jago Douma 84ea66dca8 Merge pull request #6296 from nextcloud/improve_2fa 
Improve 2FA
 2017-08-31 10:52:40 +02:00
Nextcloud bot 99dcf5036d
[tx-robot] updated from transifex 2017-08-31 00:08:31 +00:00
Nextcloud bot 1e24fe858a
[tx-robot] updated from transifex 2017-08-30 00:08:26 +00:00
Roeland Jago Douma 84b7022118
Improve 2FA 
* Store the auth state in the session so we don't have to query it every
time.
* Added some tests

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-08-29 20:27:36 +02:00
Morris Jobke 3cfe91bf0f
Add shareWith to email template metadata 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-08-29 16:09:25 +02:00
Morris Jobke 8c917cbfe0 Merge pull request #6288 from nextcloud/master-6287 
Allow the expiration date to be set to null
 2017-08-29 11:32:11 +02:00
Nextcloud bot daf2d6cb96
[tx-robot] updated from transifex 2017-08-29 00:08:27 +00:00
Morris Jobke be23f7e1de
Allow the expiration date to be set to null 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-08-28 17:49:16 +02:00
Nextcloud bot 8e4085526d
[tx-robot] updated from transifex 2017-08-28 00:08:24 +00:00
Robin Appelman 804d97d6ff
unlock file when an exception occurs during scanning 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-08-26 18:58:06 +02:00
Robin Appelman 18908af87b
Dont swallow exception when inserting mimetypes if we're inside a transaction 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-08-26 18:58:06 +02:00
Morris Jobke 2bf15eda26 Merge pull request #6255 from nextcloud/email-meta-data 
Add meta information to emails for better customisation
 2017-08-26 18:53:52 +02:00
Morris Jobke 0b652648cc Merge pull request #6177 from nextcloud/properly-add-slo-url 
Properly allow \OCP\Authentication\IApacheBackend to specify logout URL
 2017-08-26 18:50:52 +02:00
Morris Jobke 92292dc06a Merge pull request #6189 from nextcloud/circle-token 
link to getShareByToken
 2017-08-26 18:26:12 +02:00
Roeland Jago Douma 6c6253ff6f
Bump autoloader 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-08-26 13:48:18 +02:00
Christoph Wurst 6676232a56
Allow 2FA providers to specify their custom CSP 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2017-08-26 13:48:08 +02:00
Nextcloud bot ca490bafb9
[tx-robot] updated from transifex 2017-08-26 00:08:26 +00:00
Nextcloud bot 7b8bd8188e
[tx-robot] updated from transifex 2017-08-25 00:08:59 +00:00
Björn Schießle 60ee450809 Merge pull request #5870 from nextcloud/generate-system-wide-key-pair 
extend the identity proof manager to allow system wide key pairs
 2017-08-24 18:36:35 +02:00
Joas Schilling 09747b296a
Add meta information to emails for better customisation 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-08-24 17:54:22 +02:00
Robin Appelman 5431b8bfc2 allow configuring the command bus 2017-08-24 16:21:50 +02:00
Robin Appelman 9731350ace split async test bus for easier subclassing 2017-08-24 16:06:37 +02:00
Nextcloud bot a7f2dc6dd6
[tx-robot] updated from transifex 2017-08-24 00:08:50 +00:00
Roeland Jago Douma 9357cf735a Merge pull request #6164 from nextcloud/dont-show-error-message-when-sql-failed 
Prevent SQL error message in case of error
 2017-08-23 16:49:57 +02:00
Nextcloud bot 782f6e9454
[tx-robot] updated from transifex 2017-08-23 00:08:55 +00:00
Nextcloud bot ae0789ef43
[tx-robot] updated from transifex 2017-08-22 00:08:20 +00:00
Lukas Reschke 223265b369 Merge pull request #6169 from nextcloud/check-encoding-log 
Ensure log message is UTF-8 encoded
 2017-08-21 10:20:52 +02:00
Nextcloud bot 9e1884b27c
[tx-robot] updated from transifex 2017-08-21 00:08:13 +00:00
Maxence Lange 0459c03696 link to getShareByToken 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2017-08-20 15:21:58 +02:00
Nextcloud bot 8c458de4c2
[tx-robot] updated from transifex 2017-08-20 00:08:15 +00:00
Nextcloud bot 6b978ebd29
[tx-robot] updated from transifex 2017-08-19 00:08:26 +00:00
Lukas Reschke 2e4cd44556
Inject \OCP\IURLGenerator to make tests work 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-08-18 15:32:40 +02:00
Lukas Reschke a04feff9a7
Properly allow \OCP\Authentication\IApacheBackend to specify logout URL 
Any `\OCP\Authentication\IApacheBackend` previously had to implement `getLogoutAttribute` which returns a string.
This string is directly injected into the logout `<a>` tag, so returning something like `href="foo"` would result
in `<a href="foo">`.

This is rather error prone and also in Nextcloud 12 broken as the logout entry has been moved with
054e161eb5 inside the navigation manager where one cannot simply inject attributes.

Thus this feature is broken in Nextcloud 12 which effectively leads to the bug described at nextcloud/user_saml#112,
people cannot logout anymore when using SAML using SLO. Basically in case of SAML you have a SLO url which redirects
you to the IdP and properly logs you out there as well.

Instead of monkey patching the Navigation manager I decided to instead change `\OCP\Authentication\IApacheBackend` to
use `\OCP\Authentication\IApacheBackend::getLogoutUrl` instead where it can return a string with the appropriate logout
URL. Since this functionality is only prominently used in the SAML plugin. Any custom app would need a small change but
I'm not aware of any and there's simply no way to fix this properly otherwise.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-08-18 12:22:44 +02:00
Nextcloud bot 231cffffb9
[tx-robot] updated from transifex 2017-08-18 00:08:15 +00:00
Lukas Reschke c016b01bf9
Ensure log message is UTF-8 encoded 
PHP's json_encode only accept proper UTF-8 strings, loop over all
elements to ensure that they are properly UTF-8 compliant or convert
them manually.

Without this somebody passing an invalid User Agent may make json_encode
return false which will get logged as empty newline.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-08-17 15:01:50 +02:00
Lukas Reschke ed8a98eaa1
Prevent SQL error message in case of error 
`\OC\User\Database::createUser` can throw a PHP exception in case the UID is longer than
permitted in the database. This is against it's PHPDocs and we should cast this to `false`,
so that the regular error handling triggers in.

The easiest way to reproduce is on MySQL:

1. Create user `aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa` in admin panel
2. Create user `aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa` in admin panel again
3. See SQL exception as error message

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-08-17 12:08:40 +02:00
Lukas Reschke e37cf2d6f0 Merge pull request #6158 from nextcloud/always-log-cron-execution 
Always log cron execution
 2017-08-17 11:14:12 +02:00
Morris Jobke 1c38a83927 Always log cron execution 
There was a setting to disable the last execution of cron. There is no known
problem with this write access and it was also questioned when this feature
was build in https://github.com/owncloud/core/pull/7689#issuecomment-38264707

Recently there was also a bug report about a non-visible last cron execution
(#6088) - let's better remove this.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-08-17 09:45:11 +02:00
Nextcloud bot 0ceb06fde5
[tx-robot] updated from transifex 2017-08-17 00:08:14 +00:00
Morris Jobke 4c558c99f3 Merge pull request #6130 from nextcloud/cleanup-unused-methods 
Cleanup unused methods
 2017-08-16 08:55:06 +02:00
Nextcloud bot d7406e5159
[tx-robot] updated from transifex 2017-08-16 00:08:33 +00:00
Lukas Reschke 422c3e302a Merge pull request #6099 from nextcloud/issue-3457-no-exception-on-sharee-error 
Catch exceptions on error of cloud id resolution
 2017-08-15 17:04:42 +02:00
Morris Jobke a55e794bfd Cleanup unused methods 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-08-15 14:29:26 +02:00
Morris Jobke cf7c4a4439 Merge pull request #6123 from nextcloud/cleanup-shareItem 
Cleanup usage of shareItem in internal code base
 2017-08-15 13:57:00 +02:00
Morris Jobke c5f14ac884 Merge pull request #6121 from nextcloud/cleanup-registerBackend 
Use proper methods for registerBackend
 2017-08-15 13:52:49 +02:00
Morris Jobke 8366dfa50b Cleanup usage of shareItem in internal code base 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-08-15 11:57:18 +02:00
Morris Jobke 895b9c2309 Use proper methods for registerBackend 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-08-15 11:29:15 +02:00
Morris Jobke 3e13e94254 Use proper methods for checkPasswordProtectedShare 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-08-15 11:28:05 +02:00
Morris Jobke c5c23b30b9 Merge pull request #6116 from nextcloud/cleanup-unused-methods 
Cleanup unused methods
 2017-08-15 11:26:26 +02:00
Morris Jobke f640b56bfa Cleanup unused methods 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-08-15 10:09:47 +02:00