Joas Schilling
3fbb5de74f
Better displaynames for shared address books
2016-08-24 08:50:25 +02:00
Joas Schilling
53182fb780
Better displaynames for shared calendars
2016-08-24 08:50:25 +02:00
Roeland Jago Douma
64ff8ac6fa
Fix phpdoc in Comments
2016-08-16 20:33:09 +02:00
Thomas Müller
6f34c37cfb
Adding quota plugin to new dav endpoint ( #25615 )
...
* Adding quota plugin to new dav endpoint
* Added integrated test failing in old endpoint
* Added 0B quota test
2016-07-29 10:03:46 +02:00
Robin Appelman
1fef5d3d06
add dav property to check if a file has a preview available
2016-07-27 12:59:39 +02:00
Joas Schilling
0215b004da
Update with robin
2016-07-21 18:13:58 +02:00
Joas Schilling
813f0a0f40
Fix apps/
2016-07-21 18:13:57 +02:00
Lukas Reschke
c385423d10
Merge pull request #479 from nextcloud/add-bruteforce-throttler
...
Implement brute force protection
2016-07-21 00:31:02 +02:00
Lukas Reschke
ba4f12baa0
Implement brute force protection
...
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.
It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
2016-07-20 22:08:56 +02:00
Lukas Reschke
a17ba2f488
Merge pull request #466 from nextcloud/escape-special-characters
...
Escape special characters (#25429 )
2016-07-20 21:24:19 +02:00
Roeland Douma
26cf51403e
Merge pull request #464 from nextcloud/master-change-load-order
...
[master] Change load order of auth backends so that we can throw an exception …
2016-07-20 20:08:22 +02:00
Vincent Petry
e5c4f53eea
Cast share id to string ( #25402 )
2016-07-20 15:10:10 +02:00
Aaron Wood
7c0de08cc4
Escape special characters ( #25429 )
...
* Escape LIKE parameter
* Escape LIKE parameter
* Escape LIKE parameter
* Escape LIKE parameter
* Escape LIKE parameter
* Use correct method in the AbstractMapping class
* Change the getNamesBySearch method so that input can be properly escaped while still supporting matches
* Don't escape hardcoded wildcard
2016-07-20 14:46:47 +02:00
Thomas Müller
e795f7b106
Change load order of auth backends so that we can throw an exception in OCA\DAV\Connector\Sabre\Auth - fixes #25362 ( #25476 )
2016-07-20 14:40:52 +02:00
Morris Jobke
0a6d95b126
Merge pull request #394 from nextcloud/tags-for-everything
...
SystemTags for everything not just files
2016-07-19 10:47:12 +02:00
Björn Schießle
ea470f8777
Merge pull request #405 from nextcloud/theming-fixes
...
Theming fixes
2016-07-18 15:59:47 +02:00
Joas Schilling
7c039bcbf6
Allow apps to register SystemTags plugins
2016-07-18 10:26:42 +02:00
Joas Schilling
c2b077e185
Fix doc blocks
2016-07-18 10:26:42 +02:00
Joas Schilling
8e13ff2c86
Fix TODO and bring in abstraction (similar to comments)
2016-07-18 10:26:36 +02:00
Joas Schilling
2c988ecbf4
Use the themed Defaults everywhere
2016-07-15 09:17:30 +02:00
Roeland Jago Douma
059b7435ab
PasswordLoginForbidden is not a FATAL exception
...
It is just a 'Sabre\DAV\Exception\NotAuthenticated' exception
with some special meaning.
So just log it as DEBUG and not as FATAL.
2016-07-14 22:53:12 +02:00
Robin Appelman
6da066e7be
Fix test using private propertries
2016-07-08 12:36:25 +02:00
Robin Appelman
f98cb9efa0
Fix type hinting
2016-07-08 12:35:50 +02:00
Robin Appelman
8f84c99e3f
Fix undefined properties
2016-07-08 12:35:16 +02:00
Morris Jobke
ba16fd0d33
Merge branch 'master' into sync-master
2016-07-07 11:29:46 +02:00
Thomas Citharel
7d95cde37d
Add all properties while creating a subscription ( #25318 )
...
Fixes #24469
2016-07-01 13:42:35 +02:00
Lukas Reschke
179a355b2c
Merge remote-tracking branch 'upstream/master' into master-sync-upstream
2016-07-01 11:36:35 +02:00
Bjoern Schiessle
26e14529be
fix error message
2016-06-30 13:50:31 +02:00
Lukas Reschke
c771368c4e
Add proper throws PHP docs
2016-06-30 13:19:50 +02:00
Lukas Reschke
1e7f0f7341
Add required $message parameter
2016-06-30 13:17:53 +02:00
Bjoern Schiessle
3571207bd9
add some additonal permission checks to the webdav backend
2016-06-30 11:16:49 +02:00
Björn Schießle
5ace6b53f3
get only vcards which match both the address book id and the vcard uri ( #25294 )
2016-06-29 12:13:59 +02:00
Bjoern Schiessle
5f6944954b
get only vcard which match both the address book id and the vcard uri
2016-06-28 16:11:06 +02:00
Georg Ehrke
3c399be6ec
fix a ImageExportPlugin Test ( #25215 )
2016-06-27 21:26:56 +02:00
Vincent Petry
56ad4cdfec
Show error message when posting an invalid comment
...
When an internal server error occurs while creating or updating a
comment, display a proper error notification in the UI.
2016-06-24 10:17:12 +02:00
Georg Ehrke
1452b74de7
Contacts API: replace raw image data with url ( #25081 )
...
* add uri to AddressBookImpl array
* Introduce ImageExportPlugin for CardDav
* add plugin to v1 routes
* replace binary contact photo with link
* update tests
* Adding unit tests
2016-06-21 15:25:44 +02:00
Vincent Petry
2340660a5b
PasswordLoginForbidden must extend NotAuthenticated
...
The auth code from Sabre will forward NotAuthenticated exceptions but
in the case of a generic exception, it is packaged as "service not
available".
2016-06-17 15:50:24 +02:00
Christoph Wurst
5a8cfab68f
throw PasswordLoginForbidden on DAV
2016-06-17 11:30:24 +02:00
Christoph Wurst
82b50d126c
add PasswordLoginForbiddenException
2016-06-17 11:02:07 +02:00
Thomas Müller
0b7685d326
Move birthday calendar generation to a live migration job ( #25135 )
2016-06-16 16:14:28 +02:00
Christoph Wurst
331d88bcab
create session token on all APIs
2016-06-13 15:38:34 +02:00
Vincent Petry
68c3b23e04
Merge pull request #24080 from owncloud/support-calendar-class-property
...
Extract CLASS property from calendar object and store it in the database
2016-06-10 11:22:11 +02:00
Vincent Petry
67c3a97401
Merge pull request #25046 from owncloud/fix-the-realm
...
Use the correct realm for basic authentication
2016-06-10 10:41:46 +02:00
Vincent Petry
543545505d
Merge pull request #25043 from owncloud/webdav-download-mimetype
...
DAV now returns file name with Content-Disposition header
2016-06-10 09:55:59 +02:00
Vincent Petry
1399e87d57
DAV now returns file name with Content-Disposition header
...
Fixes issue where Chrome would append ".txt" to XML files when
downloaded in the web UI
2016-06-09 15:51:41 +02:00
Thomas Müller
cf06b17df1
Use the correct realm for basic authentication - fixes #23427
2016-06-09 13:53:32 +02:00
Thomas Müller
f20c617154
Allow login by email address via webdav as well - fixes #24791
2016-06-09 12:08:49 +02:00
Thomas Müller
bfcd1dc49c
Filter confidential calendar objects in shared calendars
...
Filter private calendar objects in shared calendars
2016-06-09 11:09:14 +02:00
Thomas Müller
082f456b8b
Added unit testing for the migration step
2016-06-09 11:09:14 +02:00
Thomas Müller
369c3b5d7e
Implement classification migration as repair step
2016-06-09 11:09:14 +02:00
Thomas Müller
287e41732c
Bump dav app version and fix variable rename
2016-06-09 11:09:14 +02:00
Thomas Müller
f013cfc530
Add migration step
2016-06-09 11:09:13 +02:00
Thomas Müller
fbdec59f22
Extract CLASS property from calendar object and store it in the database
2016-06-09 11:09:13 +02:00
Robin Appelman
f119769c26
Better handling of forbidden files in dav
2016-06-07 14:01:55 +02:00
Thomas Müller
371a07e3ab
Fix checkMove() implementation for dav v2 - fixes #24776 ( #24971 )
2016-06-06 17:01:27 +02:00
Vincent Petry
3ff2bec5fa
Merge pull request #24935 from owncloud/2fa-block-dav
...
block DAV if 2FA challenge needs to be solved first
2016-06-02 15:31:18 +02:00
Joas Schilling
942e946f06
Catch the ForbiddenException to make sure it gets handled
2016-06-01 16:17:57 +02:00
Christoph Wurst
da03a85c3c
block DAV if 2FA challenge needs to be solved first
2016-06-01 10:42:38 +02:00
Lukas Reschke
aba539703c
Update license headers
2016-05-26 19:57:24 +02:00
Christoph Wurst
28ce7dd262
do not allow client password logins if token auth is enforced or 2FA is enabled
2016-05-24 17:54:02 +02:00
Christoph Wurst
ad10485cec
when generating browser/device token, save the login name for later password checks
2016-05-24 11:49:15 +02:00
Vincent Petry
87fa86a69a
Merge pull request #24559 from owncloud/2fa
...
two factor auth
2016-05-23 20:50:03 +02:00
Vincent Petry
c10d8a37f7
Merge pull request #22690 from owncloud/fix-comments-href-remote.php-files
...
ensure comments-href returns a value also when propfind is done again…
2016-05-23 14:47:03 +02:00
Christoph Wurst
dfb4d426c2
Add two factor auth to core
2016-05-23 11:21:10 +02:00
Joas Schilling
c9fda84841
Make the root collection neutral so it does not only work for files
2016-05-23 09:03:48 +02:00
Joas Schilling
3a8e537946
Remove unused UserFolder
2016-05-23 09:03:47 +02:00
Vincent Petry
5963128342
Adjust DAV SystemTagPlugin unit tests for groups
2016-05-20 17:56:02 +02:00
Vincent Petry
10fae3994a
Fix system tag update code
2016-05-20 17:56:02 +02:00
Vincent Petry
d7727cdc74
Add admin-only system tag groups property
...
For setting/getting system tag groups
2016-05-20 17:56:02 +02:00
Vincent Petry
88740f035d
Act on effective system tag canAssign permission
...
Whenever the server returns true for the can-assign Webdav property of
a system tag, it means the current user is allowed to assign,
regardless of the value of user-assignable.
This commit brings the proper logic to the web UI to make it possible
for users to assign when they have the permission.
2016-05-20 17:56:02 +02:00
Vincent Petry
03d32bc39b
Fix system tags DAV unit tests
2016-05-20 17:56:02 +02:00
Vincent Petry
bede872dbc
Bring back admin permissions to change system tag permissions
2016-05-20 17:56:02 +02:00
Vincent Petry
09b3883d9c
Updated canUser* functions in SystemTagManager to accept objects
2016-05-20 17:56:02 +02:00
Vincent Petry
8343cfb64b
Add interface methods for permission check
...
Instead of checking for admin perm, use interface method
canUserAssignTag and canUserSeeTag to check for permissions.
Allows for more flexible implementation.
2016-05-20 17:56:02 +02:00
Arthur Schiwon
2b30136ae9
ensure comments-href returns a value also when propfind is done against remote.php/files
2016-05-20 16:22:13 +02:00
Joas Schilling
dd9ee10bc0
Move dav app to PSR-4 ( #24527 )
...
* Move Application to correct namespace and PSR-4 it
* Move dav app to PSR-4
2016-05-12 09:42:40 +02:00
Christoph Wurst
0486d750aa
use the UID for creating the session token, not the login name
2016-05-11 13:36:46 +02:00
Christoph Wurst
5e55dfb2d6
create session token for DAV clients (sync clients)
2016-05-11 13:36:46 +02:00
Vincent Petry
47157bcd76
Merge pull request #24400 from owncloud/cache_shareManager
...
Cache shareManager
2016-05-06 14:25:30 +02:00
Roeland Jago Douma
3c2fee8775
Cache shareManager
...
There is no need to call \OC::$server->getShareManager for each Node.
We have it available so better pass it around.
2016-05-02 22:27:24 +02:00
Thomas Müller
b10dcfc3b7
Fixing local event delivery for calendar events based on the email address
2016-05-02 14:20:59 +02:00
Björn Schießle
606b756a94
Merge pull request #23918 from owncloud/cruds-for-federated-shares
...
bring back CRUDS permissions for federated shares
2016-04-22 14:50:42 +02:00
Thomas Müller
3b3cff4f79
Merge pull request #24151 from owncloud/create-personal-calendar
...
Personal calendar should be generated even if the birthday calendar a…
2016-04-22 11:09:45 +02:00
Thomas Müller
1d1247069f
Birthday calendar should never have write acl - fixes #24154
2016-04-21 13:36:52 +02:00
Thomas Müller
38c7296867
Personal calendar should be generated even if the birthday calendar already exists - fixes #24082
2016-04-21 12:34:20 +02:00
Thomas Müller
cd01c440a0
Merge pull request #23919 from owncloud/cyclyc-share-dep-example
...
SharedStorage to new sharing code + cleanup
2016-04-20 20:37:27 +02:00
Lukas Reschke
a86fd873d6
Merge pull request #24076 from owncloud/fix-initial-calendar-and-addressbook-names
...
Fix displayname for initial calendars and address books
2016-04-19 14:30:35 +02:00
Roeland Jago Douma
afa37d363f
Fix related logic
2016-04-19 14:04:00 +02:00
Thomas Müller
748134bd90
Fix displayname for initial calendars and address books - fixes #24057
2016-04-18 23:08:37 +02:00
Thomas Müller
d0ad8e6e69
Revert "Fix displayname for initial calendars and address books - fixes #24057"
...
This reverts commit a5d3e5ed68
.
2016-04-18 23:07:49 +02:00
Thomas Müller
a5d3e5ed68
Fix displayname for initial calendars and address books - fixes #24057
2016-04-18 23:06:38 +02:00
Roeland Jago Douma
dcb2b37e24
Add data-fingerprint property to webdav
2016-04-18 16:08:11 +02:00
Björn Schießle
52669d0ea3
return correct share permissions on propfind
2016-04-18 12:02:06 +02:00
Roeland Jago Douma
0cebb16e7c
Move share-permissions property namespace
...
Fixes https://github.com/owncloud/core/issues/23741
2016-04-15 10:22:18 +02:00
Thomas Müller
55735e1450
Translate contacts birthday - fixes #23982
2016-04-14 16:58:45 +02:00
Thomas Müller
068e73cc47
Merge pull request #23975 from owncloud/change-default-calendar-and-contacts-names
...
Use better names for the default calendars and addressbooks
2016-04-14 11:57:43 +02:00
Thomas Müller
439de52534
Remove dav migration for 9.1
2016-04-13 15:53:57 +02:00
Thomas Müller
353449bff7
Use better names for the default calendars and addressbooks - fixes #23720
2016-04-13 15:44:59 +02:00
Thomas Müller
3c0a1d4241
Merge pull request #20118 from owncloud/chunked-upload-dav
...
Initial implementation of the new chunked upload
2016-04-13 14:37:10 +02:00
Björn Schießle
499d131a09
always return the complete permissions the file was shared with
2016-04-12 17:56:56 +02:00
Thomas Müller
e21642ca31
Fix unit test of file plugin
2016-04-12 15:51:09 +02:00
Thomas Müller
bb2e68f72b
Fix chunk file move
2016-04-12 14:26:42 +02:00
Thomas Müller
72f5c539e8
Initial implementation of the new chunked upload - as specified in https://dragotin.wordpress.com/2015/06/22/owncloud-chunking-ng/
2016-04-12 12:32:04 +02:00
Thomas Müller
8652ef28aa
Merge pull request #23868 from owncloud/scrutinizer-patch-2
...
Scrutinizer Auto-Fixes
2016-04-11 10:38:02 +02:00
Thomas Müller
24c2252ff4
Adding VCFExportPlugin
2016-04-10 12:43:15 +02:00
Scrutinizer Auto-Fixer
3ebeb07a30
Scrutinizer Auto-Fixes
...
This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com
2016-04-08 15:11:37 +00:00
Thomas Müller
6f3eeeeb36
Merge pull request #23510 from owncloud/birthdays-on-shared-addressbooks
...
Propagate birthdays of shared addressbooks to the sharee's birthday c…
2016-04-08 15:19:38 +02:00
Roeland Jago Douma
375f6fcab1
Move public webdav auth over to share manager
...
The public webdav auth should use the shiny new share manager.
2016-04-08 14:17:13 +02:00
Thomas Müller
dda739c0cc
Merge pull request #23501 from owncloud/alarms_for_birthdayevents
...
add VALARM for birthday events
2016-04-06 14:31:07 +02:00
Thomas Müller
f6cea3c9c4
Merge pull request #23557 from owncloud/sabre-plugin-browser-error-page
...
In case of exception we return an html page in case the client is a b…
2016-04-04 13:51:23 +02:00
Thomas Müller
63b01a3616
Merge pull request #22834 from owncloud/webdav_property_for_share_permissions
...
Add sharePermissions webdav property
2016-03-31 23:18:53 +02:00
Roeland Jago Douma
89478a0961
Fix unit tests
2016-03-31 21:25:23 +02:00
Roeland Jago Douma
5334bcce66
Correct share permissions for external storages
2016-03-31 20:17:59 +02:00
Roeland Jago Douma
8c0ef4c4bd
Add sharePermissions webdav property
...
This property can be queries by the clients so they know the max
permissions they can use to share a file with. This will improve the UX.
The oc:permissions proptery is not enough since mountpoints have
different permissions (delete + move by default).
By making it a new property the clients can just request it. On older
servers it will just return a 404 for that property (and thus they know
they have to fall back to their hacky work arounds). But if the property
is returned the client can show proper info.
* unit tests
* intergration test
2016-03-31 20:12:34 +02:00
Lukas Reschke
ba69a90ab5
Enforce type
2016-03-31 19:32:30 +02:00
Vincent Petry
262547ba3d
Return 401 DummyBasicAuth in case of ajax call
2016-03-31 19:31:31 +02:00
Stefan Weil
65b0127241
apps/dav: Fix typos in comments (found and fixed by codespell)
...
Signed-off-by: Stefan Weil <sw@weilnetz.de>
2016-03-30 10:14:26 +02:00
Thomas Müller
cd850dc325
Merge pull request #23568 from owncloud/finally-fix-23328-now-for-addressbooks-as-well
...
Handle group shares of addressbooks on v1 as well ... now FINALLY ....
2016-03-29 18:41:40 +02:00
Achim Königs
596a8416c2
Merge branch 'master' into alarms_for_birthdayevents
2016-03-26 14:27:38 +01:00
Thomas Müller
ab0db65b23
Merge pull request #23549 from owncloud/dav-sharetypes-remote
...
Return remote shares in oc:share-types Webdav property
2016-03-24 22:44:19 +01:00
Lukas Reschke
95820fbd5b
Add magical regex to catch browsers
2016-03-24 19:02:16 +01:00
Thomas Müller
c46f480031
In case of exception we return an html page in case the client is a browser
2016-03-24 19:02:16 +01:00
Thomas Müller
89cd6e228d
Handle group shares of addressbooks on v1 as well ... now FINALLY ....
2016-03-24 17:11:07 +01:00
Thomas Müller
3d51682440
Merge pull request #23342 from owncloud/fix-group-sharing-for-v1-caldav-and-carddav
...
Fix group shares on v1 caldav and carddav
2016-03-24 12:47:18 +01:00
Vincent Petry
9ee1f506f2
Return remote shares in oc:share-types Webdav property
...
Fixes web UI to properly display the share status icon when an outgoing
remote share exists
2016-03-24 12:16:57 +01:00
Thomas Müller
06e8c70400
Fix acls for calendar objects and cards - fixes #23273
2016-03-24 09:53:36 +01:00
Thomas Müller
8c2b19d2bc
Return proper current-user-principal on v1 endpoints - fixes #23306
2016-03-24 09:53:36 +01:00
Thomas Müller
4c738ea9c4
Fix group shares on v1 caldav and carddav - fixes #23328
2016-03-24 09:53:36 +01:00
Lukas Reschke
cc8c0b6a90
Check if request is sent from official ownCloud client
...
There are authentication backends such as Shibboleth that do send no Basic Auth credentials for DAV requests. This means that the ownCloud DAV backend would consider these requests coming from an untrusted source and require higher levels of security checks. (e.g. a CSRF check)
While an elegant solution would rely on authenticating via token (so that one can properly ensure that the request came indeed from a trusted client) this is a okay'ish workaround for this problem until we have something more reliable in the authentication code.
2016-03-24 08:59:56 +01:00
Achim Königs
4b2f9e4027
add VALARM for birthday events
...
ACTION=DISPLAY *should* prevents audible alarms.
2016-03-23 23:21:10 +01:00
Thomas Müller
c8d6a9594a
Propagate birthday to group shares as well
2016-03-23 14:12:50 +01:00
Thomas Müller
e979b9c735
Propagate birthdays of shared addressbooks to the sharee's birthday calendar as well
2016-03-23 12:29:45 +01:00
Thomas Müller
24331be991
Merge pull request #23431 from owncloud/use-dav-sabre-plugin-for-browser-2
...
Fix display of vcard and calendar object details page in browser plugin
2016-03-23 11:03:55 +01:00
Thomas Müller
164282c72e
Fix display of vcard and calendar object details page in browser plugin
2016-03-23 10:35:21 +01:00
Thomas Müller
48ec8ab3d3
Merge pull request #23404 from owncloud/fix-22988
...
adjust PrincipalUri as returned from Sabre to effective username
2016-03-22 14:49:54 +01:00
Thomas Müller
9fc371e436
Merge pull request #23320 from owncloud/early-creation-of-birthday-calendar
...
Create the contact birthday calendar right away as soon as the comman…
2016-03-22 10:31:01 +01:00
Vincent Petry
f28f538029
Do not fire pre/post hooks twice on chunk upload
2016-03-21 15:14:58 +01:00
Thomas Müller
8852fdaee3
Merge pull request #22789 from owncloud/dav-sharesproperty
...
Add webdav property for share info in PROPFIND response
2016-03-21 11:15:00 +01:00
Thomas Müller
e983bd7db0
Merge pull request #23368 from owncloud/use-dav-sabre-plugin-for-browser
...
In debugging mode we enable Sabre's browser plugin since it helps a l…
2016-03-21 10:13:27 +01:00
Arthur Schiwon
117c1bffa7
adjust PrincipilUri as returned from Sabre to effective username
2016-03-18 23:31:11 +01:00
Roeland Jago Douma
6e6e002280
Remove duplicated copyright
2016-03-17 19:24:25 +01:00
Thomas Müller
520724d757
Necessary code changes to make browser plugin properly work
2016-03-17 18:00:06 +01:00
Thomas Müller
7d638fdb34
In debugging mode we enable Sabre's browser plugin since it helps a lot when debugging
2016-03-17 16:51:19 +01:00
Vincent Petry
f778e48ee5
Add webdav property for share info in PROPFIND response
2016-03-17 15:35:21 +01:00
Roeland Jago Douma
533fdb4075
Set proper public webdav permissions when public upload disabled
...
Fixes #23325
It can happen that a user shares a folder with public upload. And some
time later the admin disables public upload on the server.
To make sure this is handled correctly we need to check the config value
and reduce the permissions.
Fix is kept small to be easy backportable.
2016-03-17 11:35:31 +01:00
Thomas Müller
fdb7c59e6c
Create the contact birthday calendar right away as soon as the command is executed once - fixes #23203
2016-03-16 17:23:02 +01:00
Thomas Müller
d188ed938c
Merge pull request #23082 from owncloud/contacts_calendar_name_color
...
add title and color to birthday calendar
2016-03-16 17:17:21 +01:00
Thomas Müller
e9eeb3607f
Merge pull request #23074 from owncloud/issue-22835-correctly-use-querybuilder-api
...
Correctly escape join statements and use selectAlias
2016-03-15 12:14:17 +01:00
Thomas Müller
750ec93394
Merge pull request #23080 from owncloud/use-non-localized-birthday-title
...
Use a birthday title which does not require translation because we ha…
2016-03-11 11:49:13 +01:00
Thomas Müller
07a1313114
Merge pull request #23119 from owncloud/fix-getOwner-on-fileshome-master
...
getOwner is not available on FileHome
2016-03-10 23:12:51 +01:00