Lukas Reschke
67439951e6
Filter more mimetypes
...
There's no need to allow more than those defined mimetypes for images.
2016-09-09 12:33:10 +02:00
Joas Schilling
b94a4df592
Fix tests
2016-09-07 18:39:48 +02:00
Robin Appelman
344945bfe9
more efficient check if addressbook and calendar exists for user
2016-08-31 15:08:29 +02:00
Joas Schilling
a123fe6f18
Add a unit test for all the magic
2016-08-30 12:24:20 +02:00
Markus Goetz
0cb34c2fa5
[master] DAV: Return data-fingerprint always when asked ( #25482 )
...
For owncloud/client#5056
Users can configure arbitrary subfolders for syncing, therefore we should
always return it when asked for.
The sync client makes sure to not always ask for it to save bandwidth.
2016-08-29 14:37:14 +02:00
Joas Schilling
89c78bbce4
Merge pull request #1031 from nextcloud/2fa-infinite-redirect-loop
...
prevent infinite redirect loops if the there is no 2fa provider to pass
2016-08-26 16:03:05 +02:00
Christoph Wurst
6af2efb679
prevent infinite redirect loops if the there is no 2fa provider to pass
...
This fixes infinite loops that are caused whenever a user is about to solve a 2FA
challenge, but the provider app is disabled at the same time. Since the session
value usually indicates that the challenge needs to be solved before we grant access
we have to remove that value instead in this special case.
2016-08-24 10:49:23 +02:00
Joas Schilling
3fbb5de74f
Better displaynames for shared address books
2016-08-24 08:50:25 +02:00
Joas Schilling
53182fb780
Better displaynames for shared calendars
2016-08-24 08:50:25 +02:00
Robin Appelman
1fef5d3d06
add dav property to check if a file has a preview available
2016-07-27 12:59:39 +02:00
Joas Schilling
0215b004da
Update with robin
2016-07-21 18:13:58 +02:00
Joas Schilling
813f0a0f40
Fix apps/
2016-07-21 18:13:57 +02:00
Lukas Reschke
ba4f12baa0
Implement brute force protection
...
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.
It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
2016-07-20 22:08:56 +02:00
Joas Schilling
54708f97a1
Fix non-existing exception class
2016-07-18 10:26:42 +02:00
Joas Schilling
8e13ff2c86
Fix TODO and bring in abstraction (similar to comments)
2016-07-18 10:26:36 +02:00
Roeland Jago Douma
2fcb24166f
Fix PHPUnit 5.4 warnings in DAV app
...
* getMock is deprecated
2016-07-15 09:52:46 +02:00
Robin Appelman
6da066e7be
Fix test using private propertries
2016-07-08 12:36:25 +02:00
Morris Jobke
ba16fd0d33
Merge branch 'master' into sync-master
2016-07-07 11:29:46 +02:00
Thomas Citharel
7d95cde37d
Add all properties while creating a subscription ( #25318 )
...
Fixes #24469
2016-07-01 13:42:35 +02:00
Lukas Reschke
179a355b2c
Merge remote-tracking branch 'upstream/master' into master-sync-upstream
2016-07-01 11:36:35 +02:00
Lukas Reschke
149218ead9
Fix tests
2016-06-30 13:46:08 +02:00
Björn Schießle
5ace6b53f3
get only vcards which match both the address book id and the vcard uri ( #25294 )
2016-06-29 12:13:59 +02:00
Bjoern Schiessle
5f6944954b
get only vcard which match both the address book id and the vcard uri
2016-06-28 16:11:06 +02:00
Georg Ehrke
3c399be6ec
fix a ImageExportPlugin Test ( #25215 )
2016-06-27 21:26:56 +02:00
Vincent Petry
56ad4cdfec
Show error message when posting an invalid comment
...
When an internal server error occurs while creating or updating a
comment, display a proper error notification in the UI.
2016-06-24 10:17:12 +02:00
Georg Ehrke
1452b74de7
Contacts API: replace raw image data with url ( #25081 )
...
* add uri to AddressBookImpl array
* Introduce ImageExportPlugin for CardDav
* add plugin to v1 routes
* replace binary contact photo with link
* update tests
* Adding unit tests
2016-06-21 15:25:44 +02:00
Christoph Wurst
5a8cfab68f
throw PasswordLoginForbidden on DAV
2016-06-17 11:30:24 +02:00
Christoph Wurst
82b50d126c
add PasswordLoginForbiddenException
2016-06-17 11:02:07 +02:00
Christoph Wurst
465807490d
create session token only for clients that support cookies
2016-06-13 19:44:05 +02:00
Vincent Petry
68c3b23e04
Merge pull request #24080 from owncloud/support-calendar-class-property
...
Extract CLASS property from calendar object and store it in the database
2016-06-10 11:22:11 +02:00
Vincent Petry
1399e87d57
DAV now returns file name with Content-Disposition header
...
Fixes issue where Chrome would append ".txt" to XML files when
downloaded in the web UI
2016-06-09 15:51:41 +02:00
Thomas Müller
bfcd1dc49c
Filter confidential calendar objects in shared calendars
...
Filter private calendar objects in shared calendars
2016-06-09 11:09:14 +02:00
Thomas Müller
082f456b8b
Added unit testing for the migration step
2016-06-09 11:09:14 +02:00
Thomas Müller
fbdec59f22
Extract CLASS property from calendar object and store it in the database
2016-06-09 11:09:13 +02:00
Vincent Petry
bf917d7063
Merge pull request #24813 from owncloud/delete-ghost-files
...
allow deleting "ghost files" trough the View and Node api
2016-06-07 09:34:16 +02:00
Thomas Müller
371a07e3ab
Fix checkMove() implementation for dav v2 - fixes #24776 ( #24971 )
2016-06-06 17:01:27 +02:00
Robin Appelman
3bd5073251
add test for deleting ghost files over dav
2016-06-03 13:37:52 +02:00
Christoph Wurst
da03a85c3c
block DAV if 2FA challenge needs to be solved first
2016-06-01 10:42:38 +02:00
Lukas Reschke
aba539703c
Update license headers
2016-05-26 19:57:24 +02:00
Joas Schilling
5882e21b3b
Update DAV unit tests to PSR-4
2016-05-25 16:09:18 +02:00
Joas Schilling
42ba61db04
Fix local execution
2016-05-25 16:09:18 +02:00
Christoph Wurst
28ce7dd262
do not allow client password logins if token auth is enforced or 2FA is enabled
2016-05-24 17:54:02 +02:00
Christoph Wurst
ad10485cec
when generating browser/device token, save the login name for later password checks
2016-05-24 11:49:15 +02:00
Vincent Petry
c10d8a37f7
Merge pull request #22690 from owncloud/fix-comments-href-remote.php-files
...
ensure comments-href returns a value also when propfind is done again…
2016-05-23 14:47:03 +02:00
Joas Schilling
54f8822670
Fix unit tests
2016-05-23 09:03:48 +02:00
Vincent Petry
5963128342
Adjust DAV SystemTagPlugin unit tests for groups
2016-05-20 17:56:02 +02:00
Vincent Petry
91d4249ed8
Fix system tags DAV plugin tests
2016-05-20 17:56:02 +02:00
Vincent Petry
03d32bc39b
Fix system tags DAV unit tests
2016-05-20 17:56:02 +02:00
Arthur Schiwon
2b30136ae9
ensure comments-href returns a value also when propfind is done against remote.php/files
2016-05-20 16:22:13 +02:00
Joas Schilling
dd9ee10bc0
Move dav app to PSR-4 ( #24527 )
...
* Move Application to correct namespace and PSR-4 it
* Move dav app to PSR-4
2016-05-12 09:42:40 +02:00
Christoph Wurst
0486d750aa
use the UID for creating the session token, not the login name
2016-05-11 13:36:46 +02:00
Thomas Müller
b10dcfc3b7
Fixing local event delivery for calendar events based on the email address
2016-05-02 14:20:59 +02:00
Thomas Müller
22ff97256e
Test an event in the far future - refs #24221
2016-04-29 14:57:19 +02:00
Björn Schießle
606b756a94
Merge pull request #23918 from owncloud/cruds-for-federated-shares
...
bring back CRUDS permissions for federated shares
2016-04-22 14:50:42 +02:00
Thomas Müller
3b3cff4f79
Merge pull request #24151 from owncloud/create-personal-calendar
...
Personal calendar should be generated even if the birthday calendar a…
2016-04-22 11:09:45 +02:00
Thomas Müller
1d1247069f
Birthday calendar should never have write acl - fixes #24154
2016-04-21 13:36:52 +02:00
Thomas Müller
38c7296867
Personal calendar should be generated even if the birthday calendar already exists - fixes #24082
2016-04-21 12:34:20 +02:00
Lukas Reschke
a86fd873d6
Merge pull request #24076 from owncloud/fix-initial-calendar-and-addressbook-names
...
Fix displayname for initial calendars and address books
2016-04-19 14:30:35 +02:00
Thomas Müller
748134bd90
Fix displayname for initial calendars and address books - fixes #24057
2016-04-18 23:08:37 +02:00
Thomas Müller
d0ad8e6e69
Revert "Fix displayname for initial calendars and address books - fixes #24057 "
...
This reverts commit a5d3e5ed68
.
2016-04-18 23:07:49 +02:00
Thomas Müller
a5d3e5ed68
Fix displayname for initial calendars and address books - fixes #24057
2016-04-18 23:06:38 +02:00
Roeland Jago Douma
dcb2b37e24
Add data-fingerprint property to webdav
2016-04-18 16:08:11 +02:00
Björn Schießle
52669d0ea3
return correct share permissions on propfind
2016-04-18 12:02:06 +02:00
Thomas Müller
55735e1450
Translate contacts birthday - fixes #23982
2016-04-14 16:58:45 +02:00
Thomas Müller
439de52534
Remove dav migration for 9.1
2016-04-13 15:53:57 +02:00
Thomas Müller
3c0a1d4241
Merge pull request #20118 from owncloud/chunked-upload-dav
...
Initial implementation of the new chunked upload
2016-04-13 14:37:10 +02:00
Björn Schießle
499d131a09
always return the complete permissions the file was shared with
2016-04-12 17:56:56 +02:00
Thomas Müller
e21642ca31
Fix unit test of file plugin
2016-04-12 15:51:09 +02:00
Thomas Müller
72f5c539e8
Initial implementation of the new chunked upload - as specified in https://dragotin.wordpress.com/2015/06/22/owncloud-chunking-ng/
2016-04-12 12:32:04 +02:00
Roeland Jago Douma
2c77bfa0d0
Fix dav comments
2016-04-08 15:23:23 +02:00
Roeland Jago Douma
4c9e257b27
Fix filesplugin
2016-04-08 15:23:13 +02:00
Thomas Müller
6f3eeeeb36
Merge pull request #23510 from owncloud/birthdays-on-shared-addressbooks
...
Propagate birthdays of shared addressbooks to the sharee's birthday c…
2016-04-08 15:19:38 +02:00
Roeland Jago Douma
eda71240e2
Add unit tests for public auth webdav
2016-04-08 14:17:24 +02:00
Thomas Müller
f6cea3c9c4
Merge pull request #23557 from owncloud/sabre-plugin-browser-error-page
...
In case of exception we return an html page in case the client is a b…
2016-04-04 13:51:23 +02:00
Roeland Jago Douma
89478a0961
Fix unit tests
2016-03-31 21:25:23 +02:00
Roeland Jago Douma
8c0ef4c4bd
Add sharePermissions webdav property
...
This property can be queries by the clients so they know the max
permissions they can use to share a file with. This will improve the UX.
The oc:permissions proptery is not enough since mountpoints have
different permissions (delete + move by default).
By making it a new property the clients can just request it. On older
servers it will just return a 404 for that property (and thus they know
they have to fall back to their hacky work arounds). But if the property
is returned the client can show proper info.
* unit tests
* intergration test
2016-03-31 20:12:34 +02:00
Stefan Weil
65b0127241
apps/dav: Fix typos in comments (found and fixed by codespell)
...
Signed-off-by: Stefan Weil <sw@weilnetz.de>
2016-03-30 10:14:26 +02:00
Thomas Müller
ab0db65b23
Merge pull request #23549 from owncloud/dav-sharetypes-remote
...
Return remote shares in oc:share-types Webdav property
2016-03-24 22:44:19 +01:00
Thomas Müller
c46f480031
In case of exception we return an html page in case the client is a browser
2016-03-24 19:02:16 +01:00
Thomas Müller
3d51682440
Merge pull request #23342 from owncloud/fix-group-sharing-for-v1-caldav-and-carddav
...
Fix group shares on v1 caldav and carddav
2016-03-24 12:47:18 +01:00
Vincent Petry
9ee1f506f2
Return remote shares in oc:share-types Webdav property
...
Fixes web UI to properly display the share status icon when an outgoing
remote share exists
2016-03-24 12:16:57 +01:00
Thomas Müller
06e8c70400
Fix acls for calendar objects and cards - fixes #23273
2016-03-24 09:53:36 +01:00
Lukas Reschke
cc8c0b6a90
Check if request is sent from official ownCloud client
...
There are authentication backends such as Shibboleth that do send no Basic Auth credentials for DAV requests. This means that the ownCloud DAV backend would consider these requests coming from an untrusted source and require higher levels of security checks. (e.g. a CSRF check)
While an elegant solution would rely on authenticating via token (so that one can properly ensure that the request came indeed from a trusted client) this is a okay'ish workaround for this problem until we have something more reliable in the authentication code.
2016-03-24 08:59:56 +01:00
Thomas Müller
c8d6a9594a
Propagate birthday to group shares as well
2016-03-23 14:12:50 +01:00
Thomas Müller
48ec8ab3d3
Merge pull request #23404 from owncloud/fix-22988
...
adjust PrincipalUri as returned from Sabre to effective username
2016-03-22 14:49:54 +01:00
Arthur Schiwon
be572de7f0
fix unittest
2016-03-21 21:53:16 +01:00
Vincent Petry
f28f538029
Do not fire pre/post hooks twice on chunk upload
2016-03-21 15:14:58 +01:00
Roeland Jago Douma
6e6e002280
Remove duplicated copyright
2016-03-17 19:24:25 +01:00
Vincent Petry
f778e48ee5
Add webdav property for share info in PROPFIND response
2016-03-17 15:35:21 +01:00
Thomas Müller
750ec93394
Merge pull request #23080 from owncloud/use-non-localized-birthday-title
...
Use a birthday title which does not require translation because we ha…
2016-03-11 11:49:13 +01:00
Thomas Müller
07a1313114
Merge pull request #23119 from owncloud/fix-getOwner-on-fileshome-master
...
getOwner is not available on FileHome
2016-03-10 23:12:51 +01:00
Thomas Müller
b7adf371c6
getOwner is not available on FileHome - fixes #23116
2016-03-10 20:53:56 +01:00
Thomas Müller
7f16aaefc8
Merge pull request #23048 from owncloud/no-fatal-error-if-DSTART-is-not-set
...
No fatal error if dstart is not set
2016-03-10 17:58:01 +01:00
Thomas Müller
85521879cd
The birthday_calendar is read-only
2016-03-10 12:50:07 +01:00
Thomas Müller
fe7103506b
Use a birthday title which does not require translation because we have no idea about the target device language and forcing English upon all users is kind of bad
2016-03-10 12:41:37 +01:00
Thomas Müller
6133253a2c
fixes #23004
2016-03-10 09:20:53 +01:00
Thomas Müller
20db92c71a
Fix group sharing and sharing permissions - fixes #22932
2016-03-08 11:22:07 +01:00
Thomas Müller
3b25ccef65
Handle addressbook migration issue by writing the faulty event to the log and continue
2016-03-07 15:04:19 +01:00
Thomas Müller
d32b35fc7f
Handle calendar migration issue by writing the faulty event to the log and continue
2016-03-07 15:04:19 +01:00
Thomas Müller
296a46cc38
Merge pull request #22244 from owncloud/dont-update-shared-resource-properties
...
For 9.0 we don't have the possibility to store calendar and addressbo…
2016-03-07 12:42:52 +01:00
Roeland Jago Douma
3bdafc2122
Rename and move permissions are set when a file is updatable
...
* Fix unit tests
2016-03-03 20:03:06 +01:00
C. Montero Luque
4d69e562a0
Merge pull request #22757 from owncloud/apply-license
...
Update copyright information and author file
2016-03-01 15:36:37 -05:00
Lukas Reschke
c353d51810
Remove Scrutinizer Auto Fixer
2016-03-01 17:48:23 +01:00
Lukas Reschke
c430f5ba53
Map Maci
2016-03-01 17:45:05 +01:00
Lukas Reschke
933f60e314
Update author information
...
Probably nice for the people that contributed to 9.0 to see themselves in the AUTHORS file :)
2016-03-01 17:25:15 +01:00
Robin Appelman
37f1206818
allow putting the part file in the view root
2016-03-01 15:21:24 +01:00
Thomas Müller
a83af96dd3
Merge pull request #22686 from owncloud/cleanup_remote_address_books
...
remove remote address book if access was revoked
2016-03-01 14:46:51 +01:00
Thomas Müller
fd4742d430
Merge pull request #22613 from owncloud/quota-changedavreturnvaluewhennoquotaset
...
Don't return quota when none set
2016-03-01 08:30:58 +01:00
Bjoern Schiessle
87e47afed8
remove synced remote address book if the remote server revoked access to his system address book
2016-02-29 16:50:34 +01:00
Joas Schilling
6f22784d3d
Allow to hide a shared calendar
2016-02-29 16:49:55 +01:00
Thomas Müller
95e218b00c
For 9.0 we don't have the possibility to store calendar and addressbook properties on a per-user basis and therefore we simple don't allow this for now
2016-02-29 16:49:55 +01:00
Vincent Petry
11215f4e27
Return -3 for unlimited quota
...
Returns -3 for unlimited quota in Webdav response.
Also adjusted personal page to show unlimited quota when set.
2016-02-29 14:36:20 +01:00
Joas Schilling
2a0cda74d4
Use IQueryBuilder::PARAM_* instead of \PDO::PARAM_*
2016-02-29 09:44:40 +01:00
Thomas Müller
9a0950f10b
Merge pull request #22569 from owncloud/issue-22566-too-much-mapping-entries
...
Allow defining a limit and offset for getObjectIdsForTags
2016-02-23 15:02:08 +01:00
Joas Schilling
3a65bdf4d5
Fix dav unit tests
2016-02-23 09:04:15 +01:00
Thomas Müller
4dfdb2720c
Case insensitive search in contacts - fixes #22575
2016-02-22 19:47:10 +01:00
Joas Schilling
a0d0edc754
Make non-public-method protected
2016-02-22 15:26:59 +01:00
Lukas Reschke
3bd95cca6b
Check if user has permission to create such a tag
...
Fixes https://github.com/owncloud/core/issues/22512
2016-02-19 20:45:20 +01:00
Thomas Müller
ffc2950393
Merge pull request #22198 from owncloud/birthday-calendar
...
Sync a users contacts birthday to the users birthday calendar
2016-02-19 12:33:19 +01:00
Thomas Müller
f6e61a296f
Merge pull request #22424 from owncloud/add-generic-csrf-protection-to-webdav
...
Require CSRF token for non WebDAV authenticated requests
2016-02-19 09:13:00 +01:00
Thomas Müller
d8de7d1e73
Adding cli command to sync birthday calendar
2016-02-18 14:49:45 +01:00
Thomas Müller
981c73000c
Prevent deletion of birthday calendar
2016-02-18 11:49:16 +01:00
Thomas Müller
c9187cc820
Sync a users contacts birthday to the users birthday calendar
2016-02-18 11:48:34 +01:00
Lukas Reschke
9b3c4e8dc4
Require CSRF token for non WebDAV authenticated requests
2016-02-18 11:18:36 +01:00
Vincent Petry
53eff9792f
Check the quota on the actual file's storage in dav quota plugin
...
Fix quota plugin to use the correct file name when chunking
When chunking, the file name is the compound name, so need to convert it
to the correct final file name before doing the free space check.
This ensures that in the case of shared files, the correct storage is
used for the quota check.
2016-02-17 11:52:49 +01:00
Thomas Müller
df7280a3c7
Queries on the cards table by uri require the addressbook as well - fixes #22284
2016-02-15 14:29:24 +01:00
Thomas Müller
c919b41395
Adding a custom webdav property which holds the list of contacts groups
2016-02-10 17:06:13 +01:00
Thomas Müller
2e94d34dfd
Fix group principal
2016-02-10 10:43:32 +01:00
Thomas Müller
2982017682
Merge pull request #22228 from owncloud/comments-limit-message
...
Limit comment message to 1k chars
2016-02-09 16:35:23 +01:00
Thomas Müller
4659bf9b4a
Merge pull request #22234 from owncloud/systemtags-filter-intersect-empty
...
Fix system tag filter AND condition
2016-02-09 15:34:06 +01:00
Arthur Schiwon
bbc86e0756
on DAV throw Bad Request if provided message is too long
2016-02-09 13:59:13 +01:00
Joas Schilling
178914104c
Add a test for empty mid-result
2016-02-09 12:07:17 +01:00
Vincent Petry
3028684d89
Fix system tag filter AND condition
...
If one of the results is empty, no need to do array_intersect and return
an empty result directly.
2016-02-09 11:39:22 +01:00
Thomas Müller
bf3a843e89
Migration of calendars
2016-02-09 11:20:31 +01:00
Vincent Petry
2f1a60a64d
Add REPORT on files endpoint for filtering
...
For now only supports filtering by system tags
2016-02-08 21:04:53 +01:00
Thomas Müller
a67f7ad1f3
Remove calendar-proxy support - did this ever work?
2016-02-08 10:52:30 +01:00
Vincent Petry
d2a495f190
Mark own comments as read after posting
2016-02-05 16:30:37 +01:00
Arthur Schiwon
a480b2261b
Check for authorship on edit and delete attempts
2016-02-04 12:57:48 +01:00
Thomas Müller
8c14ce01ba
Deleting a shared address book results in unshare
2016-02-03 17:18:22 +01:00
Thomas Müller
ef06d6bdaa
Deleting a shared calendar results in unshare
2016-02-03 17:18:22 +01:00
Thomas Müller
4b14ca672f
Fix ACLs on shared calendars
2016-02-03 17:18:22 +01:00
Thomas Müller
0753067bcd
No duplicate address book if shared with user and group and the user is part of the group
2016-02-03 17:18:22 +01:00
Thomas Müller
18c35bf812
No duplicate calendars if shared with user and group and the user is part of the group
2016-02-03 17:18:22 +01:00
Thomas Müller
9106595608
Add calendar sharing
2016-02-03 17:18:22 +01:00
Thomas Müller
77942ad38a
Merge pull request #22059 from owncloud/comments-readmark-dav
...
Comments DAV methods for read mark manipulation (mark comments of a file as read) + return isUnread status
2016-02-03 09:00:32 +01:00
Thomas Müller
37d6fff976
Merge pull request #22055 from owncloud/systemtags-checkfileidowner
...
Make sure user has access to file for system tag operations
2016-02-02 12:37:52 +01:00
Thomas Müller
ca25055cc8
Register all system address books to the contacts manager
2016-02-02 10:56:33 +01:00
Vincent Petry
d72c0ffbc6
Make sure user has access to file for system tag operations
...
Fixes DAV's SystemTagsObjectTypeCollection to not give access to files
where the current user doesn't have access to.
2016-02-01 18:23:40 +01:00
Arthur Schiwon
29f57eb85c
set read marker via proppatch against entity
2016-02-01 17:43:13 +01:00
Arthur Schiwon
b1c8b077b0
Return isUnread property per comment
2016-02-01 16:55:24 +01:00