Commit graph

1763 commits

Author SHA1 Message Date
Vincent Petry
4a2fb1b4cb
Init the headers in iedavclient.js 2016-06-22 16:58:06 +02:00
Lukas Reschke
2b493e2f9d
Merge remote-tracking branch 'upstream/master' into master-sync-upstream 2016-06-21 11:18:22 +02:00
Robin Appelman
8485f5bcb1 Prevent the advanced options toggle in the setup from acting as a link 2016-06-16 15:25:56 +02:00
Morris Jobke
3720bae3ec
fix setup page strengthify
* fixes #105
2016-06-15 15:27:30 +02:00
Morris Jobke
5e2726c0e7
Change name of the product in update message
* also update all german translations
* fixes #96
2016-06-14 17:02:55 +02:00
Arthur Schiwon
ca43c49709
smaller files drop fixes
* fix infinite spinner on blacklisted files
* move HTML to template
* indentation
2016-06-11 15:15:37 +02:00
Lukas Reschke
842cc2a788 Merge pull request #19 from nextcloud/files-drop
add "hide file list" option
2016-06-10 18:29:09 +02:00
Lukas Reschke
0b00a06a0d
Fix indentation 2016-06-09 18:17:04 +02:00
Lukas Reschke
5fdde426eb
Add fancy layout 2016-06-09 17:55:26 +02:00
Bjoern Schiessle
bb54ab0db8
add hide file list option 2016-06-09 15:15:17 +02:00
Vincent Petry
fb087a0261
Use temporary htaccesstest.txt for data dir security check 2016-06-07 18:36:13 +02:00
Lukas Reschke
aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Vincent Petry
66e93561da
Rename "not-assignble" to "restricted" 2016-05-20 17:56:02 +02:00
Vincent Petry
88740f035d
Act on effective system tag canAssign permission
Whenever the server returns true for the can-assign Webdav property of
a system tag, it means the current user is allowed to assign,
regardless of the value of user-assignable.

This commit brings the proper logic to the web UI to make it possible
for users to assign when they have the permission.
2016-05-20 17:56:02 +02:00
Morris Jobke
0543f8a839 Merge pull request #24397 from owncloud/sort-share-links
Reordered share link settings
2016-05-10 18:42:10 +02:00
Lukas Reschke
e8e72aa910 Merge pull request #24434 from owncloud/permalinks
Permalinks
2016-05-10 09:44:50 +02:00
skjnldsv
ea3cc2661d New animated loader 2016-05-09 07:54:43 +02:00
Vincent Petry
254576e1f7
Do not encode slashes in "dir" URL param in files JS 2016-05-06 17:00:22 +02:00
Vincent Petry
fdeafef6a0
Auto-add fileid in URL for currently displayed folder 2016-05-06 16:46:59 +02:00
Vincent Chan
e07901b63b Reordered share link settings
closes #24122
2016-05-02 20:33:45 +02:00
Björn Schießle
606b756a94 Merge pull request #23918 from owncloud/cruds-for-federated-shares
bring back CRUDS permissions for federated shares
2016-04-22 14:50:42 +02:00
Lukas Reschke
2c4ef37025 Merge pull request #24126 from owncloud/err-reload-delay
Delay reloading the page if an ajax error occurs, show notification
2016-04-22 11:23:39 +02:00
Robin McCorkell
62024d74d4 Add test for reload delay 2016-04-20 22:09:59 +01:00
Morris Jobke
6b66f2dfb4 Merge pull request #23990 from owncloud/heartbeat-debounce
Debounce heartbeat ajax calls to lower the number of requests
2016-04-20 21:23:10 +02:00
Thomas Müller
1ab27ddd4a Merge pull request #24081 from owncloud/migrate-deprecated-jquery-v1-functions
migrate deprecated jQuery 1.x functions
2016-04-20 20:38:38 +02:00
Björn Schießle
2a6a336e87
always share with same default permissions, no special handling for remote shares 2016-04-20 17:47:33 +02:00
Robin McCorkell
bd9a380d53 Delay reloading the page if an ajax error occurs, show notification 2016-04-20 16:31:04 +01:00
Christoph Wurst
e4a8456d01
replace $().attr('checked') by $().prop('checked', state) or $().is(':checked') 2016-04-19 16:20:17 +02:00
Christoph Wurst
05d203a989
replace $.parseJSON() by JSON.parse() 2016-04-19 15:06:42 +02:00
Christoph Wurst
59e268763c
remove deprecated jQuery.browser 2016-04-19 11:55:40 +02:00
Christoph Wurst
e7f07ba02e
extract mail view for sending share invitations
fixes #22947
2016-04-19 11:37:23 +02:00
Thomas Müller
7186975e35 Merge pull request #23993 from owncloud/update-to-jquery2
Update jquery to version 2.2.3
2016-04-19 10:26:08 +02:00
Christoph Wurst
2d772eaaa8
Debounce heartbeat ajax calls to lower the number of requests
fixes #22397
2016-04-18 14:19:26 +02:00
Bjoern Schiessle
4ab02c0c76
bring back CRUDS permissions for federated shares 2016-04-18 12:02:03 +02:00
Christoph Wurst
5900e46f01
Turn off jQuery animations when testing 2016-04-18 10:41:02 +02:00
John Molakvoæ
e11b39a248 Fix rgb values
Fix was required because values was too big for rgb and breaking the brightness calculation.
Now we have the initial sat (70%) and the reduction to 60 if too bright working again.
2016-04-18 09:29:42 +02:00
Christoph Wurst
3e1f1ccc76 downgrade jquery, update jquery-migrate 2016-04-15 13:55:23 +02:00
Christoph Wurst
621d1e2128 update jquery to version 2.2.3 2016-04-14 12:47:35 +02:00
Christoph Wurst
97d553b57a close navigation menu when opening app in new tab (#23914) 2016-04-14 11:53:20 +02:00
Christoph Wurst
a2572ffec7 add loading feedback to user menu entries (#23916)
fixes #19857
2016-04-14 11:53:09 +02:00
Morris Jobke
e03d289b70
Use 6 months as SSL STS header threshold
* this uses 6 months (6 * 30 * 24 * 60 * 60 = 15552000)
* old value was half a year (365 / 2 * 24 * 60 * 60 = 15768000)
* fixes #23957
2016-04-13 08:47:34 +02:00
John Molakvoæ
28571e6361 Updated color generator
Separated the main function to allow special use without dom manipulation.
2016-04-06 19:34:50 +02:00
Morris Jobke
1f7e02e4d4 Add detailed logs hidden and show them on request 2016-04-04 12:34:18 +02:00
Thomas Müller
1bf4c75e8b Show individual sql schema migration steps during upgrade - on web as well as on the command line 2016-04-04 12:34:18 +02:00
Stefan Weil
62a5952a72 core: Fix typos (found by codespell)
Signed-off-by: Stefan Weil <sw@weilnetz.de>
2016-04-04 10:57:17 +02:00
Jan-Christoph Borchardt
a0e2eae7de Merge pull request #23638 from owncloud/new-placeholder-colours-generator
New colour generator
2016-04-03 12:26:22 +02:00
John Molakvoæ
dcc28a3ad7 New colour generator 2016-04-01 18:00:47 +02:00
Vincent Petry
8d11c3b87b Merge pull request #23487 from owncloud/core-globalajaxerrorwhengoingaway
Detect user navigating away, don't interpret as ajax error
2016-04-01 17:03:55 +02:00
Vincent Petry
06e7856400 Adjust core unit tests for unload/reload cases 2016-03-23 10:53:40 +01:00
Thomas Müller
61c5717281 Merge pull request #23463 from owncloud/lets-consistently-use-no-referer
Consistently use rel=noreferrer
2016-03-23 09:14:54 +01:00
Vincent Petry
d00f95578b Stronger fix for navigate away detection 2016-03-22 18:29:19 +01:00
Roeland Jago Douma
cf3e740ae8 Fix js strings if group sharing is disabled 2016-03-22 17:13:34 +01:00
Vincent Petry
6ed8acb15d Firefox returns 303 on cross-domain redirect
Added 303 to catch SSO cross-domain redirect in Firefox.
2016-03-22 16:55:43 +01:00
Vincent Petry
ad1167a44d Detect user navigating away, don't interpret as ajax error
Whenever a user navigates away, all ajax calls will fail with the same
result like a cross-domain redirect (SSO). To distinguish these cases,
we need to detect whether the error is a result of the user navigating
away. For this, we introduce a new flag that will be set in
"beforeunload".

Additional handling was required for false positives in case "beforeunload" is
used (ex: cancelled upload) and the user cancelled the navigation.
2016-03-22 16:54:01 +01:00
Thomas Müller
2db67c3308 Merge pull request #23386 from owncloud/share-keepoptioncheckboxinblocks
Keep share checkboxes together
2016-03-21 18:05:16 +01:00
Thomas Müller
86581f6626 Merge pull request #22065 from owncloud/systemtags-create-same-prefix
Allow creating tags where another one with same prefix exists
2016-03-21 11:15:49 +01:00
Lukas Reschke
6ad957906e Consistently use rel=noreferrer
When linking to external entities we should consistently use rel=noreferrer
2016-03-20 15:27:20 +01:00
Vincent Petry
9ef24b9a0f Keep share checkboxes together
- removed leading spaces before markup which can affect rendering in
  some cases
- added shareOption CSS class to group and keep share option checkbox +
  label
- moved ".showCruds" arrow into the matching shareOption to keep the
  arrow together with the checkbox
2016-03-18 11:59:57 +01:00
Lukas Reschke
2ca3c0d461 Adjust wording a bit
**Before:**
> Your PHP version (5.4.16) is no longer supported by PHP. We encourage you to upgrade your PHP version to take advantage of performance and security updates provided by PHP.

**After:**
> You are currently running PHP 5.4.0. We encourage you to upgrade your PHP version to take advantage of performance and security updates provided by the PHP Group as soon as your distribution supports it.

Fixes https://github.com/owncloud/enterprise/issues/1170
2016-03-11 17:39:35 +01:00
Roeland Jago Douma
19347187d8 Fix MKCOL for IE11 as well
Using https://github.com/owncloud/core/pull/22274 we have to patch the
iedavclient.js as well.
2016-03-10 13:36:26 +01:00
Thomas Müller
4324d302bc Merge pull request #22872 from owncloud/password-change-tooltip-text
Update error text for link passwords
2016-03-07 14:46:27 +01:00
Morris Jobke
49b7fc107a Update error text for link passwords
* this removes the old tooltip first before showing
  the new one to update the text - otherwise the old
  text will be shown
2016-03-04 18:11:42 +01:00
prastut
aa8bdc7f14 trigger login if remember_login checked 2016-03-04 00:22:04 +05:30
Lukas Reschke
933f60e314 Update author information
Probably nice for the people that contributed to 9.0 to see themselves in the AUTHORS file :)
2016-03-01 17:25:15 +01:00
Thomas Müller
71e5de3865 Merge pull request #22677 from owncloud/allow-to-overwrite-single-l10n-string-via-theme
Allow to overwrite a single language string via the theme folder
2016-03-01 08:26:28 +01:00
Vincent Petry
0091df2bc8 Improved JS L10N bundle merging + tests 2016-02-29 17:39:21 +01:00
Joas Schilling
78570a5f72 Allow to overwrite a single language string via the theme folder 2016-02-26 13:56:02 +01:00
Thomas Müller
c6c15ba825 Merge pull request #22608 from owncloud/collaborative-tags
Rename system tags app to collaborative tags
2016-02-26 10:47:40 +01:00
Joas Schilling
4471f359b1 Rename system tags app to collaborative tags 2016-02-26 09:14:28 +01:00
Vincent Petry
b634f1e2c7 Make more action icons themable + style fixes
Action icons now appear properly in public link page.
More actions are now CSS icons.
2016-02-25 23:01:07 +01:00
Roeland Jago Douma
92cff0984d Make file actions use icon CSS classes
This makes theming of file actions possible
2016-02-25 22:49:52 +01:00
Vincent Petry
1add45ae6a Tweak tooltip style for recipients 2016-02-25 11:18:30 +01:00
Joas Schilling
edbc1060ce Add the uid on hover for sharing autocomplete 2016-02-24 09:57:02 +01:00
Vincent Petry
27544144ce Fix unit tests affected by side effects
The notification tests were not restoring the clock properly, but
indirectly helped other tests pass.

Since now we're restoring the clock properly, the other tests were fixed
to still work.
2016-02-22 17:25:32 +01:00
Vincent Petry
8ea80e114a Accumulate notifications instead of blinking
This makes it possible to display multiple notifications.
If the options.type is set to "error", it will also add a close button.
2016-02-22 17:25:32 +01:00
Thomas Müller
8abdcb8085 Fix error ins source language strings
https://www.transifex.com/owncloud-org/owncloud/translate/#en_GB/core/50786279
https://www.transifex.com/owncloud-org/owncloud/translate/#en_GB/settings-1/50555028
2016-02-19 15:04:16 +01:00
Lukas Reschke
9b3c4e8dc4 Require CSRF token for non WebDAV authenticated requests 2016-02-18 11:18:36 +01:00
Thomas Müller
7af7d18cfa Merge pull request #16783 from owncloud/handle-redirects-global
Adding global error handler for ajax calls which run into redirection…
2016-02-17 14:49:04 +01:00
Thomas Müller
7b0f83b616 Merge pull request #22445 from owncloud/files-client-sendpropfindheaders
Files DAV client send propfind headers
2016-02-17 11:32:16 +01:00
Thomas Müller
92e5160003 Merge pull request #22452 from owncloud/fix_22441
Unlock sharee input field when sharing fails
2016-02-17 10:59:03 +01:00
Roeland Jago Douma
a9a3947e61 Do not clear sharee input on failed share 2016-02-17 09:21:17 +01:00
Roeland Jago Douma
e1fd86ccb6 Unlock sharee input field when sharing fails
Fixes #22441

When addShares fails (for whatever reason) we should unlock the sharee
input field so the user does not have to reload the page.
2016-02-17 09:21:12 +01:00
Vincent Petry
5575443be9 Fix redundant headers in files dav client
The defaultHeaders are already injected with the xhrProvider, so no need
to pass them again a second time.
2016-02-16 17:37:12 +01:00
Roeland Jago Douma
d8f91b0e82 Allow searching for single user 2016-02-16 16:23:09 +01:00
Vincent Petry
b8b77709c0 Add handler for global ajax errors 2016-02-15 12:48:47 +01:00
Thomas Müller
294dcb4eff Adding global error handler for ajax calls which run into redirections or unauthorized responses 2016-02-15 12:47:18 +01:00
Thomas Müller
be65ba4089 Merge pull request #22383 from owncloud/better-sharee-translations
Do not use string concatination for translations
2016-02-15 11:16:16 +01:00
Thomas Müller
2054dbd4c8 Merge pull request #22350 from owncloud/fix_22304
WebUI feedback when sharing
2016-02-15 10:45:42 +01:00
Joas Schilling
c8ddbc385c Do not use string concatination for translations 2016-02-15 09:20:15 +01:00
Roeland Jago Douma
33ef240b39 Search tags case insensitive
fixes: #22352

* Added unit tests
2016-02-14 20:41:39 +01:00
Thomas Müller
11707dffce Merge pull request #22351 from owncloud/fix_22277
show remote server on federated share auto-complete
2016-02-13 18:25:04 +01:00
Thomas Müller
761e9cf3a4 Merge pull request #21837 from owncloud/recipients-error-message
First try for shareWithField error message
2016-02-12 16:09:37 +01:00
Bjoern Schiessle
862e28f006 show remote server on auto complete 2016-02-12 15:52:51 +01:00
Roeland Jago Douma
92c131b481 Updated unit tests 2016-02-12 14:31:00 +01:00
Roeland Jago Douma
51b55d5320 Provide proper feedback when creating a share in the webUI
Fixes #22304

Creating a share is not instant (especially not for federated shares) so
we should show that something is happening in the webUI properly.
2016-02-12 14:01:15 +01:00
Roeland Jago Douma
b786523bb7 Clear error when removing text 2016-02-12 10:25:42 +01:00
Roeland Jago Douma
113bfb0b07 Update tooltip on new search 2016-02-12 10:04:33 +01:00
Julian Müller
de4824077e First try for shareWithField error message
Second try for ShareWithField error message
2016-02-12 10:04:30 +01:00
Roeland Jago Douma
a823485638 Reload list of shares on directory change 2016-02-11 11:06:26 +01:00
Roeland Jago Douma
f5be48d81d Calculate the share statuses in js from the OCS Response
Right now this is only done on page load. We should do it on each
directory traversal.
2016-02-11 11:03:11 +01:00
Roeland Jago Douma
1301ec9351 Only show link shares for the current user
Currently we have no way to display multiple links in the UI.
So just display the link share for the current user.

Fixes #22275
2016-02-10 16:00:55 +01:00
Roeland Jago Douma
630bee749b Only show link spinner if the share exists
If there is no share to delete do not set the spinner.
Fixes #21726
2016-02-10 11:08:15 +01:00
Lukas Reschke
abc675d87e Move update notification code into app
Moves the update notification code in a single app. This is required since we want to use SSO for the new updater and for this have some code running in ownCloud as well (and we don't want that in core neccessarily). This app can provide that in the future, right now it's only the update notification itself. Will continue working on the SSO right away but wanted to keep the PR small.

Furthermore also makes some more code unit-testable...
2016-02-09 18:05:51 +01:00
Vincent Petry
e378a757ff Add system tags filter section for files app 2016-02-09 10:59:29 +01:00
Thomas Müller
a35d5625e0 Merge pull request #22186 from owncloud/show-different-unsupported-failure-message
Don't show "report this to the community" when the upgrade is unsuppo…
2016-02-08 16:45:32 +01:00
Lukas Reschke
25aad470c1 Add message with reference to forum post 2016-02-08 10:45:46 +01:00
Morris Jobke
4032cc0166 Don't show "report this to the community" when the upgrade is unsupported
* fixes #21367
2016-02-08 09:19:16 +01:00
Vincent Petry
995a825dac Make JS Webdav work again with IE9-IE10 2016-02-05 14:48:10 +01:00
Thomas Müller
f9aa5d2971 Merge pull request #22133 from owncloud/add-check-for-content
Add check for content
2016-02-04 17:40:31 +01:00
Thomas Müller
e22b2d8b63 Merge pull request #22130 from owncloud/fix-jsunit-filesclient
Fix jsunit filesclient
2016-02-04 16:49:58 +01:00
Lukas Reschke
5ba6148bfe Add check for content
The response may be a redirect which is always followed by jQuery. Thus leading to false positives depending on the server configuration (e.g. when it issues a 302)

To prevent that there is also a check performed on the response content.
2016-02-04 16:13:27 +01:00
Vincent Petry
23f0515771 Fix JS DAV files client unit tests
Instead of trying to mock the promise, just stub davclient.js' request
object.
2016-02-04 15:39:18 +01:00
Vincent Petry
8782004742 Small fixes in Dav files client
Remove double leading slash in path.
Add utf-8 in default content type.
2016-02-04 15:38:54 +01:00
Faruk Uzun
6ffd8f3e0d Introduce some mimetypes for richdocuments
* application/vnd.lotus-wordpro
* application/vnd.visio
* application/vnd.wordperfect
* application/msonenote
2016-02-04 13:48:21 +02:00
Roeland Jago Douma
aef43816c2 host and hostname are different things
host can contain the port (host of http://example.com:1234 is
example.com:1234) while hostname never contains a port. They can however
be similar. If you navigate to http://example.com then both host and
hostname will be example.com.

* Fixed docs
* added getHostName function
2016-02-03 11:28:07 +01:00
Vincent Petry
d81c00304f Fix parsing empty Webdav property nodes
Return empty string instead of undefined
2016-02-02 18:01:15 +01:00
Vincent Petry
3b581b051f Expose display name in JS side
Adds a new method `OC.getCurrentUser` to get both the user id and
display name Could be used for a future Js
2016-02-02 18:01:15 +01:00
Vincent Petry
29386eccf9 Add pagination support for comments GUI 2016-02-02 18:01:15 +01:00
Vincent Petry
22be3867f1 Allow creating tags where another one with same prefix exists
When creating a new entry, compare the full tag name and not only the
prefix.
2016-02-02 10:42:35 +01:00
Vincent Chan
59cfeae2cd changed variables to lowercase 2016-02-02 10:32:50 +01:00
Vincent Chan
faf48e42b7 Move data protection check to javascript
fixes #20199
2016-02-01 18:57:58 +01:00
Thomas Müller
e23cd35019 Merge pull request #21953 from owncloud/make-enable_avatars-more-robust
Make enable_avatars setting more robust
2016-02-01 14:08:40 +01:00
matthias-g
41c87531ff Update explanation of how to enable debug mode 2016-01-30 18:26:10 +01:00
Thomas Müller
45609d95d4 Merge pull request #21992 from owncloud/share-dialog-error-handling
Properly forward error messages in share dialog
2016-01-29 14:42:57 +01:00
Joas Schilling
c925bfdcd6 Trim tag names to avoid problems 2016-01-28 20:41:47 +01:00
Vincent Petry
df3f6fee10 Properly forward error messages in share dialog 2016-01-28 17:18:33 +01:00
Vincent Petry
7e1de0e3c2 Fix share default expiration date calculation
Now using UTC dates with moment js to accurately add the number of days
2016-01-28 15:25:34 +01:00
Vincent Petry
b063ddb05b Share dialog use OCS API 2016-01-28 15:25:34 +01:00
Thomas Müller
de8852a760 Merge pull request #21958 from owncloud/systemtags-style
Use boxes for system tags, shorten permission text
2016-01-28 12:54:52 +01:00
Vincent Petry
1473e156f4 Use boxes for system tags, shorten permission text
Permission text now doesn't appear when all permissions are there, or
shows as "invisible" or "not assignable", which should better cover all
use cases.

Changed select2 style to use boxes in the input field.
2016-01-28 11:24:13 +01:00
Morris Jobke
1601d9235a Make enable_avatars setting more robust
* handles the setting in the same way everywhere
* fixes #21949
2016-01-27 15:17:25 +01:00
Vincent Petry
714d8c2424 Fix system tags conflict situations
Does not disrupt the UX whenever a tag or association was created
concurrently. The input field will adjust itself as if the tag was
already there in the first place.
2016-01-27 15:09:59 +01:00
Vincent Petry
cfba90a78d Fix system tags proppatch with booleans
Backbone webdav adapter now converts booleans and ints to strings.

Fixed system tags to use "true" / "false" strings for booleans instead
of 1 / 0.
2016-01-27 11:09:43 +01:00
Joas Schilling
4ea0d3c05d Deprecate getFirstWeekDay() and getDateFormat() in favor of l() 2016-01-26 14:02:31 +01:00
Vincent Petry
0a1350d5ac System tags sidebar selector now respects permissions
For admins: display the namespace behind the tag name.
For users: no namespace, don't display non-assignable tags in the
dropdown, display already assigned non-assignable tags with a different
style
2016-01-25 10:45:02 +01:00
Vincent Petry
d4198607ec Expose whether user is an admin through a method
Which is nicer than an obscure global variable
2016-01-25 10:07:47 +01:00
Thomas Müller
44043cb1d7 Merge pull request #21811 from owncloud/fix-unauthenticated-avatar
Show default placeholder if avatar image can't be fetched
2016-01-25 10:01:23 +01:00
Joas Schilling
f108dbfa6a Move getDescriptiveTag to core 2016-01-21 15:56:25 +01:00
Morris Jobke
b188de242e Show default placeholder if avatar image can't be fetched
* fixes owncloud/documents#601
* ref #14564
2016-01-20 15:18:57 +01:00
Vincent Petry
ffba6d0a7e Added system tags GUI in sidebar
Added files details sidebar panel to assign/unassign/rename/delete
system tags.
2016-01-19 16:24:26 +01:00
Vincent Petry
8d41cbb97a Implement toggleselect extension for select2
To make it possible to toggle selected values inside the dropdown
2016-01-19 16:24:26 +01:00
Morris Jobke
6e096936e5 update JS humanFileSize to use KB instead of kB 2016-01-19 10:51:57 +01:00
Joas Schilling
50557b19b6 Run the command once again 2016-01-18 11:13:25 +01:00
Vincent Petry
857c316bda Backbone transport for Webdav 2016-01-16 11:28:04 +01:00
Thomas Müller
b1ee51f255 Merge pull request #21630 from owncloud/add-some-security-headers-as-hardening
Add X-Download-Options and X-Permitted-Cross-Domain-Policies
2016-01-13 10:33:58 +01:00
Thomas Müller
c5a200c419 Merge pull request #21653 from owncloud/update-license-headers-2016
Update license headers 2016
2016-01-13 08:29:42 +01:00
Thomas Müller
682821c71e Happy new year! 2016-01-12 15:02:18 +01:00
Thomas Müller
2493cfede9 Merge pull request #21640 from owncloud/add-config-to-disable-wellknown-check
Add config switch to disable the .well-known URL check
2016-01-12 14:46:09 +01:00
Lukas Reschke
4d0dcd3c53 Add X-Download-Options and X-Permitted-Cross-Domain-Policies
Two small security hardenings for our IE users and those with Adobe products. Aligns it more with https://github.com/twitter/secureheaders#secureheaders---
2016-01-12 10:37:16 +01:00
Morris Jobke
8b6b042ffd Add config switch to disable the .well-known URL check 2016-01-12 09:53:23 +01:00
Morris Jobke
a6c7cdd75e Show the well-known URL check as info instead of error
* ref https://github.com/owncloud/core/pull/21562#issuecomment-170344549
2016-01-12 09:18:20 +01:00
Morris Jobke
0161928fc3 Add check for .well-known URL in the root of the webservers URL
* fixes #20012
2016-01-08 23:27:29 +01:00
Joas Schilling
334a6d57a3 Check the correct config for displaying the "notify by email" option 2016-01-08 14:15:06 +01:00
Roeland Jago Douma
6bd15856b2 Added js tests for the Sharee API usage 2015-12-30 10:46:19 +01:00
Roeland Jago Douma
49031e0744 Fix unit tests 2015-12-30 08:58:04 +01:00
Roeland Jago Douma
f99fcd5dd6 Filter out share owner in sharee suggestion list 2015-12-30 08:58:04 +01:00
Roeland Jago Douma
fa7996aa8a Web sharing uses sharee endpoint 2015-12-30 08:58:04 +01:00
Thomas Müller
9c4ab51735 Merge pull request #21364 from owncloud/bring_back_icons_filepicker
Get the icon in javascript for the filepicker
2015-12-28 10:21:58 +01:00
Roeland Jago Douma
2fc458479e [Avatars] Calculate 'sane' hue precissions
We used to get the numeric value of the entrire md5 string which is a
128bit integer. We would then devide this by the maxval of a 128bit int.

There is no need for such huge computations. As we just require a value
between 0 and 255. Thus using two 16 bit values is more than enough to
get the precision we need. By just taking the MSB we get nearly
identical results.
2015-12-24 10:50:12 +01:00
Roeland Jago Douma
9be43e10af Since the server no longer calculates the icon
The server no longer calculates the icon. So we have the js side do it
for us.
2015-12-24 08:59:32 +01:00
Lukas Reschke
cebeb0e052 Fix unit tests
Fixes https://github.com/owncloud/core/issues/21345
2015-12-23 09:11:22 +01:00
Renaud Fortier
83899a5fa1 add _blank to href 2015-12-21 13:28:32 -05:00
Morris Jobke
ed98cdf532 Use OCP\Util::getVersion instead of the internal private implementation 2015-12-18 15:26:54 +01:00
Roeland Jago Douma
c64e827f00 Since avatar.js is now essentially empty remove it 2015-12-17 16:32:18 +01:00
Roeland Jago Douma
6248bad0f7 Add a default size to the avatar placeholders
This removed the need to do an avatar request on the "empty" row in the
user settings.
2015-12-17 16:30:23 +01:00
Thomas Müller
3bcaaa6c3a Merge pull request #21259 from owncloud/load_big_avatar_only_personal
Only load the big (128x128) avatar on the perosnal page
2015-12-17 16:07:50 +01:00
Thomas Müller
1285b78086 Merge pull request #21200 from owncloud/files-authorizationheader
Use Authorization headers for public webdav in web UI
2015-12-17 15:30:13 +01:00
Roeland Jago Douma
a81836a42f Only load the big (128x128) avatar on the perosnal page
Before the code was executed on every page if a user was logged in. Now
only on the personal page. Thus saving a request on all other pages.
2015-12-17 13:55:22 +01:00
Vincent Petry
181ba7b4e1 Fix files UI mtime parsing from webdav 2015-12-16 17:44:16 +01:00
Vincent Petry
ab9849e72f Use Authorization headers for public webdav instead of URL
Instead of prepending the token as username in the URL, use the
Authorization header instead. This is because IE9 considers this a
cross-domain call and refuses to do it in the first place.
2015-12-14 17:42:13 +01:00
Roeland Jago Douma
e8d5eb65c6 Files can't have create permissions
Fixes #20839
2015-12-11 22:28:26 +01:00
Thomas Müller
d6276faff6 Merge pull request #21014 from owncloud/share-unsharelinkpapercut
Fix unshare link click element
2015-12-08 08:39:33 +01:00
Thomas Müller
b15d77c934 Merge pull request #21015 from owncloud/update-redirecttocorrectpage
Redirect to correct URL after updating
2015-12-07 19:55:45 +01:00
Thomas Müller
4100263bd6 Merge pull request #20996 from owncloud/issue-12215-remove-password-reset-when-not-possible
Issue 12215 remove password reset when not possible
2015-12-07 19:55:26 +01:00
Vincent Petry
69ab047f89 Redirect to correct URL after updating
Now requires a trailing slash to make sure we don't land on the
forbidden page.
2015-12-07 18:08:00 +01:00
Vincent Petry
5567b6cee2 Fix unshare link click element
When clicking on the unshare link (trash icon), the correct link element
needs to be used instead of whatever child was clicked. Then, that
element might contain a visible loading icon.

This fixes the spinner detection and also prevents a full page reload in
case the spinner was visible.
2015-12-07 17:58:17 +01:00
Vincent Petry
6735005be0 Fix duplicate bogus share field when link sharing is not allowed
Whenever link share is not allowed, it was outputting a bogus sharing
field which name would conflict with the regular sharing field.

This fix makes sure that the bogus sharing field with "Resharing not
allowed" message only appears when triggered by removed share
permissions.
2015-12-07 16:53:56 +01:00
Joas Schilling
87bc02c6cd Allow specifying a custom reset-password-url 2015-12-07 15:41:40 +01:00
Thomas Müller
9c550a07ed OC.FilePath has still a valid use case when generating paths to static files what for generateUrl cannot be used for - closes #15604 2015-12-07 12:23:42 +01:00
Thomas Müller
f3d49a89fe Merge pull request #11131 from owncloud/use-phpini-wrapper
Replacing ini_get instances with inigetwrapper usages
2015-12-07 10:20:59 +01:00
Roeland Jago Douma
50d862e5d1 [Avatars] JS should not load same avatar twice
Old code first dit an ajax request to the avatar. Then a new image
object with the same src was created and since we do not cache avatars
yet :(  this resulted in 2 sequential requests to the exact same URL

Now if you set the displayname it will first set the placeholder and
then load the avatar in the background. Only once this time!
2015-12-04 10:42:11 +01:00
Lukas Reschke
2515cb17be Support pretty URLs
This changeset allows ownCloud to run with pretty URLs, they will be used if mod_rewrite and mod_env are available. This means basically that the `index.php` in the URL is not shown to the user anymore.

Also the not deprecated functions to generate URLs have been modified to support this behaviour, old functions such as `filePath` will still behave as before for compatibility reasons.

Examples:
http://localhost/owncloud/index.php/s/AIDyKbxiRZWAAjP => http://localhost/owncloud/s/AIDyKbxiRZWAAjP
http://localhost/owncloud/index.php/apps/files/ => http://localhost/owncloud/apps/files/

Due to the way our CSS and JS is structured the .htaccess uses some hacks for the final result but could be worse... And I was just annoyed by all that users crying for the removal of `index.php` ;-)
2015-12-01 16:46:07 +01:00
Lukas Reschke
4971015544 Add code integrity check
This PR implements the base foundation of the code signing and integrity check. In this PR implemented is the signing and verification logic, as well as commands to sign single apps or the core repository.

Furthermore, there is a basic implementation to display problems with the code integrity on the update screen.

Code signing basically happens the following way:

- There is a ownCloud Root Certificate authority stored `resources/codesigning/root.crt` (in this PR I also ship the private key which we obviously need to change before a release 😉). This certificate is not intended to be used for signing directly and only is used to sign new certificates.
- Using the `integrity:sign-core` and `integrity:sign-app` commands developers can sign either the core release or a single app. The core release needs to be signed with a certificate that has a CN of `core`,  apps need to be signed with a certificate that either has a CN of `core` (shipped apps!)  or the AppID.
- The command generates a signature.json file of the following format:
```json
{
    "hashes": {
        "/filename.php": "2401fed2eea6f2c1027c482a633e8e25cd46701f811e2d2c10dc213fd95fa60e350bccbbebdccc73a042b1a2799f673fbabadc783284cc288e4f1a1eacb74e3d",
        "/lib/base.php": "55548cc16b457cd74241990cc9d3b72b6335f2e5f45eee95171da024087d114fcbc2effc3d5818a6d5d55f2ae960ab39fd0414d0c542b72a3b9e08eb21206dd9"
    },
    "certificate": "-----BEGIN CERTIFICATE-----MIIBvTCCASagAwIBAgIUPvawyqJwCwYazcv7iz16TWxfeUMwDQYJKoZIhvcNAQEF\nBQAwIzEhMB8GA1UECgwYb3duQ2xvdWQgQ29kZSBTaWduaW5nIENBMB4XDTE1MTAx\nNDEzMTcxMFoXDTE2MTAxNDEzMTcxMFowEzERMA8GA1UEAwwIY29udGFjdHMwgZ8w\nDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANoQesGdCW0L2L+a2xITYipixkScrIpB\nkX5Snu3fs45MscDb61xByjBSlFgR4QI6McoCipPw4SUr28EaExVvgPSvqUjYLGps\nfiv0Cvgquzbx/X3mUcdk9LcFo1uWGtrTfkuXSKX41PnJGTr6RQWGIBd1V52q1qbC\nJKkfzyeMeuQfAgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAvF/KIhRMQ3tYTmgHWsiM\nwDMgIDb7iaHF0fS+/Nvo4PzoTO/trev6tMyjLbJ7hgdCpz/1sNzE11Cibf6V6dsz\njCE9invP368Xv0bTRObRqeSNsGogGl5ceAvR0c9BG+NRIKHcly3At3gLkS2791bC\niG+UxI/MNcWV0uJg9S63LF8=\n-----END CERTIFICATE-----",
    "signature": "U29tZVNpZ25lZERhdGFFeGFtcGxl"
}
```
`hashes` is an array of all files in the folder with their corresponding SHA512 hashes (this is actually quite cheap to calculate), the `certificate` is the  certificate used for signing. It has to be issued by the ownCloud Root Authority and it's CN needs to be permitted to perform the required action. The `signature` is then a signature of the `hashes` which can be verified using the `certificate`.

Steps to do in other PRs, this is already a quite huge one:
- Add nag screen in case the code check fails to ensure that administrators are aware of this.
- Add code verification also to OCC upgrade and unify display code more.
- Add enforced code verification to apps shipped from the appstore with a level of "official"
- Add enfocrced code verification to apps shipped from the appstore that were already signed in a previous release
- Add some developer documentation on how devs can request their own certificate
- Check when installing ownCloud
- Add support for CRLs to allow revoking certificates

**Note:** The upgrade checks are only run when the instance has a defined release channel of `stable` (defined in `version.php`). If you want to test this, you need to change the channel thus and then generate the core signature:

```
➜  master git:(add-integrity-checker) ✗ ./occ integrity:sign-core --privateKey=resources/codesigning/core.key --certificate=resources/codesigning/core.crt
Successfully signed "core"
```

Then increase the version and you should see something like the following:

![2015-11-04_12-02-57](https://cloud.githubusercontent.com/assets/878997/10936336/6adb1d14-82ec-11e5-8f06-9a74801c9abf.png)

As you can see a failed code check will not prevent the further update. It will instead just be a notice to the admin. In a next step we will add some nag screen.

For packaging stable releases this requires the following additional steps as a last action before zipping:
1. Run `./occ integrity:sign-core` once
2. Run `./occ integrity:sign-app` _for each_ app. However, this can be simply automated using a simple foreach on the apps folder.
2015-12-01 11:55:20 +01:00
Vincent Petry
b1ca431852 Fix for parsing pretty printed Webdav responses
Update davclient.js + adjust IE workaround for this
2015-11-24 15:26:53 +01:00
Clark Tomlinson
9caf4ffbfc Replacing ini_get instances with inigetwrapper usages 2015-11-23 14:12:31 +01:00
Vincent Petry
a05e40932c Now using IE8 workaround of davclient.js for all IE versions 2015-11-22 16:05:52 +01:00
Vincent Petry
7ec83fc9fb Fix OC.FileInfo to copy all properties
This makes it possible to also store custom properties passed through
the data object like tags or shareOwner.
2015-11-22 16:05:50 +01:00
Vincent Petry
a1d0682ef8 Use oc:fileid property instead of oc:id 2015-11-22 16:05:51 +01:00
Thomas Müller
ab1d786d87 Fix port issue - options.host already has the port attached 2015-11-22 16:05:51 +01:00
Vincent Petry
dc8ce87a26 Query tags/favorite through Webdav in file list 2015-11-22 16:05:50 +01:00
Vincent Petry
fa2be0750c Make files app use Webdav for most operations 2015-11-22 16:05:50 +01:00
Vincent Petry
f120846e29 Added OC.Files.Client Webdav-based files client 2015-11-22 16:05:49 +01:00
Vincent Petry
fb3d5c7856 Add evert's davclient.js + es6-promise + IE8 workaround
- Add davclient.js lib
- Add es6-promise required by that lib
- Wrote IE8 workaround lib/shim for davclient.js
2015-11-22 16:05:49 +01:00
Joas Schilling
78c456b895 Allow creating OCS v2 links in JS 2015-11-16 14:23:43 +01:00
Vincent Petry
a2cd9708f6 Set "ie" CSS class for IE10, IE11
Fixed border in file action menu
2015-11-10 17:04:52 +01:00
Joas Schilling
f04151f69b Close the user menu when clicking it again 2015-11-02 10:09:13 +01:00
Morris Jobke
b32e6fbb62 [tags] remove unneeded variables 2015-10-30 10:02:15 +01:00
Thomas Müller
774d069ff0 Merge pull request #20122 from owncloud/files-consolidateiconupdate
Fix icon update to be more consistent
2015-10-29 15:40:15 +01:00
Vincent Petry
9c9158e6b7 Fix icon update to be more consistent
Makes the details bar show the same icon as in the list.
2015-10-29 12:59:51 +01:00
Tom Needham
628e4a9daf Add sharee list view js tests 2015-10-29 09:01:47 +01:00