nextcloud/tests/lib
Lukas Reschke 202530f4f3
Soften the cookie check if no cookies are sent
When no cookies are sent it is not required to perform any check for the strict or lax cookie, it does not provide any significant security advantage.

It does however interfer with the Android client which requests thumbnails from the unofficial API at `/index.php/apps/files/api/v1/thumbnail/256/256/{filename}`. This endpoint expects the strict cookie to be existent to not leak the existence of files. The Android client authenticates against this endpoint using Basic Auth and without cookies in some cases at least. This will make these endpoints work again with such cases.

To test this issue the following cURL command once without the patch and once with:

> curl http://localhost/index.php/apps/files/api/v1/thumbnail/256/256/welcome.txt  -u admin -v

Without the patch the request is redirected (which the client does not obey) and with the patch the preview is returned.
2016-06-15 11:50:26 +02:00
..
app Update info checker requirements 2016-02-11 11:54:13 +01:00
appframework Soften the cookie check if no cookies are sent 2016-06-15 11:50:26 +02:00
archive Make root tests extend the \Test\TestCase 2014-11-19 14:53:51 +01:00
backgroundjob Change the sort order of background jobs to be DESC instead of ASC 2016-04-22 14:11:26 +02:00
cache propagate folder size in the same query for write updates 2016-01-15 15:36:52 +01:00
command Allow specifing the signing path 2016-02-03 20:08:40 +01:00
comments Limit comment message to 1k chars 2016-02-09 03:14:30 +01:00
db Prevent certain DBs throwing exceptions on same-value updates 2016-03-16 14:50:00 +01:00
encryption fix creation of versions of encrypted files on external storages 2016-03-31 23:18:45 +02:00
files Merge branch 'stable9' into local-invalid-9 2016-04-26 16:46:23 -04:00
group Inject DBConnection 2016-01-12 08:24:08 +01:00
hooks more type hints 2015-06-02 14:07:55 +02:00
http/client Move the helpful method to the TestCase class 2015-06-03 12:33:29 +02:00
integritycheck Add support for custom values in integrity checker 2016-03-15 17:03:16 +01:00
l10n Do not save the language as request lang for apps when we didn't find any 2016-05-04 14:07:07 +02:00
lock Remove all locks after ttl from the db 2015-12-09 14:53:24 +01:00
log Replace OC_Config in tests with IConfig calls 2015-12-02 23:14:52 +01:00
mail Run test only when idn is available 2015-10-16 11:02:10 +02:00
memcache Fix errors in memcached implementation 2016-03-14 16:13:35 +01:00
notification Move the notification API to public namespace 2016-01-22 10:32:42 +01:00
ocs Adding more DB groups to test suits 2015-11-30 10:55:06 +01:00
preview Adding more DB groups to test suits 2015-11-30 10:55:06 +01:00
public Test overriding channel 2015-05-15 22:37:14 +03:00
repair Repair job to fix permissions for avatars (#25068) 2016-06-13 12:47:02 +02:00
security [stable9] Ignore certificate file if it starts with file:// 2016-04-21 19:00:27 +02:00
session Write to session in batch at the end of the request 2015-09-09 12:48:37 +02:00
share Backport of share id as string fix 2016-06-01 17:48:35 +02:00
share20 [stable9] Backport files drop feature 2016-06-11 11:38:16 +02:00
systemtag Merge pull request #22573 from owncloud/issue-22568-allow-string-object-ids 2016-02-24 12:15:23 +01:00
template Add tests for correct path 2015-04-20 12:31:35 +02:00
traits fix creation of versions of encrypted files on external storages 2016-03-31 23:18:45 +02:00
user Introduce IUser::setEMailAddress and add hook mechanism 2016-01-20 14:57:20 +01:00
util/user Move dummy backend to Tests namespace 2015-09-22 11:01:11 +02:00
activitymanager.php Add test coverage for Activity Event and Manager 2015-08-20 10:25:49 +02:00
allconfig.php Introduce IDBConnection::setValues() 2016-01-18 11:10:41 +01:00
api.php Merge pull request #18184 from owncloud/ocs-merge-headers 2015-10-21 10:36:37 +02:00
app.php Remove unneeded parameter from OC_App::getEnabledApps 2016-02-15 13:33:07 +01:00
appconfig.php Apply DB group annotation ... 2015-11-30 10:55:05 +01:00
archive.php change tests back to check for logo-wide, make them pass again 2015-05-28 23:39:55 +02:00
autoloader.php Move lib/repair to lib/private/repair 2016-01-07 09:14:35 +01:00
avatarmanagertest.php Do not copy skeleton on avatar access 2016-02-16 09:18:38 +01:00
avatartest.php only remove avatars from the folder we store them in 2016-03-30 10:25:37 +02:00
cache.php cap the number of entries we cache in smb's statcache 2016-01-12 13:26:58 +01:00
capabilitiesmanager.php Use DI 2015-08-10 10:45:16 +02:00
configtests.php Use TempManager instead of tmpFolder 2015-12-18 11:19:53 +01:00
contactsmanager.php Mock interface 2014-12-08 13:18:00 +01:00
datetimeformatter.php Use a fixed timestamp so we dont switch days/years with the getTimestampAgo 2014-12-11 13:22:05 +01:00
db.php Remove OC_DB::insertid 2016-01-07 14:54:55 +01:00
dbschema.php getMediumStrengthGenerator is deprecated and does not do anything anymore 2016-01-11 20:06:30 +01:00
errorHandler.php Make root tests extend the \Test\TestCase 2014-11-19 14:53:51 +01:00
filechunking.php Added tests 2016-03-09 14:48:42 +01:00
files.php skip failing tests 2016-06-07 19:24:56 +02:00
group.php Remove deprecated function OC_User::getManager 2015-12-17 16:18:34 +01:00
helper.php properly use standard 2016-01-19 10:41:12 +01:00
helperstorage.php Removed deprecated function OC_User::deleteUser 2015-12-17 16:18:40 +01:00
hookhelper.php Fire prehooks when uploading directly to storage 2015-05-13 17:47:04 +02:00
httphelper.php Add connection timeout to default POST options 2015-05-26 11:22:50 +02:00
image.php Fix max preview, some resizing and caching issues and force preview providers to resize their previews properly 2015-06-06 16:25:04 +02:00
installer.php Verify signature of apps with level "Official" coming from the appstore 2016-01-10 19:40:28 +01:00
largefilehelper.php Make root tests extend the \Test\TestCase 2014-11-19 14:53:51 +01:00
largefilehelpergetfilesize.php Check if open_basedir is set 2014-12-11 00:09:55 +01:00
logger.php Remove the password from the validateUserPass() method as well 2016-05-19 12:11:31 +02:00
naturalsort.php Add PHPunit test for DefaultCollator 2015-02-24 23:51:08 +01:00
navigationmanagertest.php Add tests for the navigation manager (closure) behaviour 2015-03-16 16:46:17 +01:00
ocsclienttest.php Verify signature of apps with level "Official" coming from the appstore 2016-01-10 19:40:28 +01:00
preview.php Adding more DB groups to test suits 2015-11-30 10:55:06 +01:00
releasenotestest.php Remove duplicated message 2016-04-06 15:51:25 +02:00
repair.php Make root tests extend the \Test\TestCase 2014-11-19 14:53:51 +01:00
server.php Add public API to give developers the possibility to adjust the global CSP defaults 2016-01-28 18:36:46 +01:00
setup.php Run .htaccess updates in any case 2015-12-08 08:16:24 +01:00
streamwrappers.php Use TempManager instead of tmpFile 2015-12-18 11:25:33 +01:00
subadmin.php subadmin methods should not return any null user or group 2015-11-05 11:50:57 +01:00
tags.php Remove OC_DB::getConnection 2016-01-07 14:54:55 +01:00
template.php verify the path in the autoloader 2015-09-01 15:03:28 +02:00
tempmanager.php skip failing tests 2016-06-07 19:24:56 +02:00
testcase.php Add tests for findLanguage() 2016-01-26 14:02:32 +01:00
testmoveablemountpoint.php Keep shared locks in post hooks 2015-06-25 16:33:02 +02:00
updater.php [stable9] Use custom updater URL 2016-06-12 23:49:23 +02:00
urlGenerator.php Add DB group to some files_external tests 2015-11-30 10:55:10 +01:00
user.php Removed deprecated function OC_User::deleteUser 2015-12-17 16:18:40 +01:00
util.php Fix unit tests 2016-02-12 07:49:36 +01:00
utilcheckserver.php skip failing tests 2016-06-07 19:24:56 +02:00