Commit graph

297 commits

Author SHA1 Message Date
Roeland Jago Douma
4b70c9f89d
Add referrer policy setup check
Fixes #9122

Based on https://www.w3.org/TR/referrer-policy/ and
https://scotthelme.co.uk/a-new-security-header-referrer-policy/

Setting a sane Referrer-Policy will tell the browser if/when to send
referrer headers when accessing a link from Nextcloud. When configured
properly this results in less tracking and less leaking of (possibly)
sensitive urls

* Fix tests

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-04 09:21:35 +02:00
Daniel Calviño Sánchez
1466586033 Fix ids of permission checkboxes for shares
The ids of permission checkboxes for shares were generated using the
"shareWith" field of the share. The "shareWith" field can contain spaces
(as spaces are allowed, for example, in user or circle names), so this
could cause the id attribute of the HTML element to contain spaces too,
which is forbidden by the HTML specification.

It is not just a "formal" issue, though; when the list was rendered, if
the id contained a space the selector to get the checkbox element was
wrong (as it ended being something like
"#canEdit-view1-name with spaces") and thus the initial state of the
checkbox was not properly set.

Besides that, "shareWith" can contain too single quotes, which would
even cause the jQuery selector to abort the search and leave the UI in
an invalid state.

Instead of adding more cases to the regular expression to escape special
characters and apply it too when the ids are created now the ids of
permission checkboxes for shares are based on the "shareId" field
instead of on "shareWith", as "shareId" is expected to always contain
compatible characters.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-04-18 15:25:23 +02:00
Daniel Calviño Sánchez
203bf51543 Keep showing the working icon while there are pending operations
Before, whenever a pending operation (getting the suggestions,
confirming a share or selecting a recipient) finished the working icon
was hidden and the confirm button was shown again, even if there were
other pending operations (the most common case is typing slowly on the
input field, as several operations to get the suggestions could pile if
the server response is not received fast enough). Now, the working icon
is not hidden until the last pending operation finishes.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-03-21 04:35:26 +01:00
Daniel Calviño Sánchez
6eb5cc5412 Reuse last suggestions if the same parameters are used
When a share is confirmed the suggestions are got to check if there is
an exact match. Usually the suggestions were already got with the same
parameters in order to fill the autocomplete dropdown, so to avoid a
superfluous request now the last suggestions are reused when got again,
although only if the same parameters as the last time are used.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-03-21 04:31:08 +01:00
Daniel Calviño Sánchez
10a4f8e45e Confirm a share also by pressing enter on the input field
Besides confirming a share by clicking on the confirm button now it is
possible to do it by pressing enter on the input field.

Clicking on the confirm button implicitly hides the autocomplete
dropdown. On the other hand, pressing enter on the input field does not,
so the autocompletion must be disabled and closed when the confirmation
begins and then enabled again once it finishes. Otherwise the
autocomplete dropdown would be visible and it would be possible to
interact with it while the share is being confirmed.

The order in which the input field and the autompletion are disabled is
important. Internally, the autocompletion sets a timeout when the input
field is modified that requests the suggestions to the server and then
shows them in the dropdown. That timeout is not cancelled when the
autocompletion is disabled, but when the input field loses its focus and
the autocompletion is not disabled. Therefore, the input field has to be
disabled (which causes it to lose the focus) before the autocompletion
is disabled. Otherwise it could happen that while a share is being
confirmed the timeout ends, so an autocompletion request is sent and
then, once the share is successfully confirmed and thus the
autocompletion is enabled again, the request is received and the
autocomplete dropdown is shown with the old suggestions. Strange, but
possible nevertheless ;-)

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-03-20 19:09:05 +01:00
Daniel Calviño Sánchez
9371b61c4d Add a share when clicking on the confirm button
Clicking on the confirm button now adds a share, but only if there is
just a single exact match. If there are no exact matches or there is
more than one exact match no share is added, and the autocomplete
dropdown is shown again with all the suggestions.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-03-20 19:09:05 +01:00
Daniel Calviño Sánchez
5e2a8cca1b Return also exact matches besides all suggestions
"_getSuggestions" returned all the suggestions from the server, which
are composed by exact matches and partial matches. Now the exact matches
are also returned on their own parameter. This will be used by the
button to confirm a share.

Note that until now the order of the suggestions was "exact users,
partial users, exact groups, partial groups, exact..."; this commit also
changes that order to become "exact users, exact groups, exact...,
partial users, partial groups, partial...". This is not a problem, as
the suggestions were used in the autocomplete dropdown, and this new
order is arguably better than the old one, as all exact matches appear
now at the beginning.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-03-20 19:09:04 +01:00
Daniel Calviño Sánchez
1c440519c2 Show an error when getting the suggestions succeeds with failure content
Instead of silently failing now an error is shown to the user when the
ajax call to get the suggestions succeeds yet it returns failure content
(for example, if an "OCSBadRequestException" was thrown in the server).

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-03-20 19:09:04 +01:00
Daniel Calviño Sánchez
ed1452d7a0 Use "showTemporary" instead of explicitly hiding the notification
"OC.Notification.hide" expects the notification to be hidden to be
passed as an argument. As it was being used to show a temporary
notification the combination of "OC.Notification.show" and
"OC.Notification.hide" was replaced by a single call to
"OC.Notification.showTemporary".

The timeout could have been specified in the options of the call, but it
was left to the default value (7 seconds) for consistency with other
notifications.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-03-20 19:09:04 +01:00
Daniel Calviño Sánchez
fcef15af80 Move stub setup outside the test method
Stubs should be restored outside the test method in which they are used
to ensure that they are properly restored no matter the result of the
test (for example, if an exception is thrown).

Besides that, this will make possible to reuse the stub in other sibling
tests without having to explicitly setup it in them.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-03-20 19:09:04 +01:00
Daniel Calviño Sánchez
3980364b6d Add autocompletion tests for each type of share
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-03-20 19:09:04 +01:00
Daniel Calviño Sánchez
8af9c553e6 Add tests for exact search results already shared with
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-03-20 19:09:04 +01:00
Daniel Calviño Sánchez
375eab9df3 Add tests for emails and circles already shared with
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-03-20 19:09:04 +01:00
Daniel Calviño Sánchez
6fef01c481 Adjust search term to test
As the server response is faked the search term is ignored in the tests.
However, it is clearer to use a search term that would make the server
return what the faked response contains.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-03-20 19:09:03 +01:00
Jan-Christoph Borchardt
ce7775acd0 Replace information icon with confirmation button in share input
The confirmation button right now is just an icon; its behaviour will be
added in the following commits.

Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2018-03-20 19:09:03 +01:00
Christoph Wurst
b9720703e8 Add CSRF token controller to retrieve the current CSRF token
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-03-08 16:48:50 +01:00
Vincent Petry
7466468af1
Fix share capabilities JS tests
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-02-27 12:29:25 +01:00
Maximilian Wende
7c453b2425
Update tests for indeterminate state, fix slashes not being escaped
Signed-off-by: Maximilian Wende <dasisdormax@mailbox.org>
2018-02-16 11:42:41 +01:00
Allan Nordhøy
29d68d7a35
There was an error loading → could not load 2018-01-20 09:15:50 +01:00
Allan Nordhøy
e81f30b124
Spelling: FreeType 2018-01-14 16:01:23 +01:00
Roeland Jago Douma
03a7d9bbfa
Merge pull request #7635 from Abijeet/bug-7106
Fixes password input being prompted every time.
2018-01-10 20:10:40 +01:00
Daniel Calviño Sánchez
9c22e99331 Add extra test cases for password confirmation
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-01-10 16:42:25 +01:00
Abijeet
b246ca96ff Added test cases for the fix for the password confirmation box appearing repeatedly.
Signed-off-by: Abijeet <abijeetpatro@gmail.com>
2018-01-10 16:41:27 +01:00
Julius Härtl
fd8f0788b1
Fix tests
The avatar plugin should not change the display element, since the
avatar is always shown by default and the display value is up to the
developers

Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-01-08 10:36:06 +01:00
Morris Jobke
9d43724d45
Merge pull request #7526 from nextcloud/make-possible-for-apps-to-disable-the-navigation-bar-slide-gesture
Make possible for apps to disable the navigation bar slide gesture
2018-01-03 00:12:54 +01:00
Roeland Jago Douma
325637f4f3
Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-19 18:49:27 +01:00
Daniel Calviño Sánchez
de4028336a Force the drag to end when the navigation bar Snap is disabled by an app
When a Snap was disabled it stopped listening to the events, but if a
drag gesture was being performed it was kept as active. Thus, when the
Snap was enabled again move events were handled as if the Snap had never
been disabled, causing the gesture handling to continue where it was
left.

When the Snap for the navigation bar is disabled by an app it could be
as a result of a different gesture being recognized by the app (for
example, a vertical swipe) once both gestures have started. In that case
when the other gesture ends and the Snap is enabled again any pointer
movement will cause the navigation bar to slide until an "up" event is
triggered again (obviously not the desired behaviour).

Due to all this now when the Snap for the navigation bar is disabled by
an app the current drag gesture for the navigation bar is ended.

Note that this was added as a parameter to "Snap.disable()" instead of
done unconditionally to keep back-compatibility with the previous
behaviour (probably not really needed as it is unlikely that any app is
using the Snap library relying on that behaviour... but just in case).

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-12-14 21:42:39 +01:00
Daniel Calviño Sánchez
a5db0d2825 Make possible for apps to disallow the navigation bar slide gesture
On narrow screens a slide gesture can be used to open or close the
navigation bar. However that gesture could conflict at times with the
gestures used by certain apps (for example, if the right sidebar is open
the user may expect to close it by dragging it to the right, but that
could open the navigation bar instead depending on how the events are
handled). This commit makes possible for apps to disallow and allow
again that slide gesture.

In any case, note that applications can only disallow the gesture,
but they can not enable it. That is, they can prevent the gesture from
being used on narrow screens, but they can not make the gesture work on
wide screens; they are always limited by the base rules set by the core.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-12-14 21:41:22 +01:00
Daniel Calviño Sánchez
173f28a09d Add unit tests for the navigation bar slide gesture
The slide gesture is enabled or disabled depending on the width of the
browser window. In order to easily control that width the karma-viewport
plugin is now used in the unit tests.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-12-14 19:17:40 +01:00
Roeland Jago Douma
ee20741526 Add tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-13 17:22:58 +01:00
blizzz
4fc8984d89
Merge pull request #6079 from nextcloud/fix-antivirus
Parse Sabre Exception in OC.Files.Client and file-upload
2017-12-11 17:12:02 +01:00
Tobias Kaminsky
430f60db21
Merge pull request #6670 from nextcloud/handle-encryption-state-in-web-interface
Handle encryption state in web interface
2017-12-06 16:19:17 +01:00
blizzz
f700cd14fa
Merge pull request #7222 from nextcloud/fix-filerow-avatars
Fix filerow avatars
2017-11-27 16:46:11 +01:00
Morris Jobke
4af12dcab1
Fix unit tests
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-27 08:50:44 +01:00
Arthur Schiwon
134192d76c
fix sorting test on phantomjs
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-11-24 15:33:26 +01:00
Arthur Schiwon
077381c7b3
rip out obsolete recipientsDisplayName
also needs tests adjustements, and this also brings in natural sorting

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-11-23 13:32:14 +01:00
Arthur Schiwon
9d95391ff1
adjust tests and apply sorting
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-11-23 13:32:13 +01:00
Arthur Schiwon
3a1d8fa45f
adjust, fix and extend tests
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-11-23 13:32:13 +01:00
Bjoern Schiessle
7bc28f14de show e2e folder icon on encrypted folders
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-11-20 21:00:26 +01:00
Bjoern Schiessle
fc456bec39 check for encryption state on propfind
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-11-20 18:24:46 +01:00
Björn Schießle
f347e2e4a6
Merge pull request #7047 from nextcloud/add-support-for-files-with-no-permissions
Add support for files with no permissions
2017-11-20 16:15:52 +01:00
Vincent Petry
dfc91a253c Parse Sabre Exception in OC.Files.Client and file-upload
In case of error, instead of a generic error message, an upload will
display whichever message is returned in the Sabre Exception, if
applicable.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-11-13 12:19:14 +01:00
Lukas Reschke
8c915baa34
Merge pull request #6788 from staabm/master
Prevent XSS in links which open a new browser window
2017-11-08 18:55:35 +01:00
Roeland Jago Douma
497cd7fa4e
Merge pull request #7064 from nextcloud/popover-fix
Fix popover layout
2017-11-08 12:47:58 +01:00
John Molakvoæ (skjnldsv)
b44581e15d
Fixed sharing popover and removed unused old code
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2017-11-07 18:20:59 +01:00
Morris Jobke
d790c27a19
Reduce JSHint errors/warnings
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 09:57:59 +01:00
Daniel Calviño Sánchez
3e844d3a59 Set read permission for files based on the data returned by the server
Now that the permissions returned by the server specify whether a file
is readable or not the frontend no longer needs to assume that every
file is readable.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-11-02 19:37:01 +01:00
Daniel Calviño Sánchez
ec375b3d86 Fix tests for parsing of permissions
Now that these tests are executed they are revealed to be partially
obsolete; they were fixed to match the current parsing behaviour.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-11-02 19:37:01 +01:00
Daniel Calviño Sánchez
e2c755a4b5 Fix asserts silently not executed
The first parameter of "apply" must be the object to act as "this", and
the Promise callback gets the parameters provided in the "resolve".

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-11-02 19:37:01 +01:00
Arthur Schiwon
3b2c9da7cc
Adjust js tests
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-11-01 15:14:45 +01:00