Commit graph

196 commits

Author SHA1 Message Date
Vincent Petry
ec8d7010e5
Accept moving FutureFile into a Directory 2017-04-26 15:43:01 +02:00
Vincent Petry
82b967d3f9
Remove ObjectTree::move and let is use the IMoveTarget approach instead
This removes the duplicated code
2017-04-26 15:35:08 +02:00
Vincent Petry
0a9f7730d0
Ported ObjectTree::move to IMoveTarget in new DAV endpoint 2017-04-26 15:33:20 +02:00
Joas Schilling
5334a3dc33
fix objectstore rename
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-25 17:52:05 +02:00
Vincent Petry
1c40a05204
Restrict proppatch to the proper nodes
Need to fetch the node earlier because cancelling from within the
handler is not possible. Well, it is but it prevents other node types
using the same property names to run because the failure marks the
property with status 403.
2017-04-25 17:25:03 +02:00
Morris Jobke
c54a59d51e
Remove unused use statements
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-22 19:23:31 -05:00
Joas Schilling
a3c3124762
Allow file upload when storage is unlimited
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-12 12:27:47 +02:00
Morris Jobke
1729e4471f
Update comments to Nextcloud
* based on PR by @Ardinis
* see #4311

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-11 23:16:27 -05:00
Robin Appelman
429f8ae011
Allow getting the unread comment count for an entire folder at once
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-03-30 12:48:24 +02:00
Thomas Müller
23aab05bda
Adding dav resource for avatars
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-29 00:04:29 +02:00
Christoph Wickert
07b35b7bae DummyGetResponsePlugin: ownCloud -> Nexcloud
Signed-off-by: Christoph Wickert <cwickert@suse.de>
2017-03-18 12:59:25 +01:00
Joas Schilling
3a53784f80
Don't set the HTTP status twice
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-16 13:35:41 +01:00
Maxence Lange
1b9ed81cb6
switch reshares to true
Signed-off-by: Maxence Lange <maxence@nextcloud.com>
2017-03-14 19:27:07 +01:00
Roeland Jago Douma
6565533d3b Merge pull request #3600 from coletivoEITA/master
added method needsPartFile() in Storage
2017-03-14 15:14:59 +01:00
Vinicius Cubas Brand
13e50cbcd7 added method needsPartFile() in Storage
Signed-off-by: Vinicius Cubas Brand <viniciuscb@gmail.com>
2017-03-14 10:06:50 -03:00
Stefan Schneider
f6ef024159 Correct incorrectly typed X-OC-Mtime header
Signed-off-by: Stefan Schneider <stefan.schneider@squareweave.com.au>
2017-03-10 18:16:27 +11:00
Roeland Jago Douma
c16cb1978b Merge pull request #3621 from kuimovvg/master
don't setted status when file is lock
2017-03-09 21:28:32 +01:00
Joas Schilling
d228acabf6
Set a status code when setting a body
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-07 17:31:32 +01:00
Robin Appelman
8f289286a7
handle non existing owners when handling dav requests
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-03-02 15:26:00 +01:00
Roeland Jago Douma
c75b5a5614
Properly handle groups with a /
If a group contains a slash the principal URI becomes
principals/groups/foo/bar. Now the URI is plit on '/' so this creates
issues ;)

Fixes #2957

* Add tests for groups with /

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-02-27 17:07:18 +01:00
vkuimov
db6eb85ad2 don't setted status when file is lock 2017-02-25 16:12:53 +00:00
Morris Jobke
9533f4e5ed
Clean up single user mode
Single user mode basically disables WebDAV, OCS and cron execution. Since
we heavily rely on WebDAV and OCS also in the web UI it's basically useless.
An admin only sees a broken interface and can't even change any settings nor
sees any files. Also sharing is not possible.

As this is at least the case since Nextcloud 9 and we haven't received any
reports for this it seems that this feature is not used at all so I removed it.

The encryption commands now rely on the well tested maintenance mode.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-02-22 23:02:31 -06:00
Morris Jobke
abf0606054 Merge pull request #3430 from nextcloud/fix-ios-client-detection
Fix detection of the new iOS app
2017-02-10 14:24:45 -06:00
Lukas Reschke
929648ce2c
Add integration tests for legacy DAV endpoints
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-02-10 16:18:04 +01:00
Joas Schilling
33fb86f68b
Fix detection of the new iOS app
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-02-10 10:10:21 +01:00
Michael Jobst
969c19b2e9
Fixed size issues on main detail view and disappearing of share recipients (#26603)
* fixed size issues on main detail view and disappearing of share recipients

* Changes due to code comments

* Moved reloadProperties() to FileInfoModel

* Solved Scrutinizer issues

* Bugfix: undefined value used on error

* check if options are set for FileInfoModel.initialize()

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2016-12-23 16:56:55 +01:00
Sergio Bertolín
928f113361
Return explicit values instead of boolean from sabre (#26654)
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-12-22 10:10:29 +01:00
Thomas Müller
04cf77120c
Fix error when $view is null when being passed into some plugins
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-12-19 15:53:13 +01:00
Lukas Reschke
8a00638425
Don't set Content-Disposition header if one already exists
If a Content-Disposition header is already set by another plugin we don't need to set another one as this breaks clients.

Fixes https://github.com/nextcloud/server/issues/1992

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-12-14 17:35:27 +01:00
Joas Schilling
1aa874e4e3
Also get infos about email shares
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-30 09:21:58 +01:00
Robin Appelman
b56f2c9ed0
basic lockdown logic
Signed-off-by: Robin Appelman <icewind@owncloud.com>
2016-11-16 15:24:23 +01:00
Vincent Petry
17ea1bfb75
Remove unused $view from FilesPlugin (#26549)
The Sabre FilesPlugin never uses the view so remove it.
2016-11-14 14:45:33 +01:00
Robin Appelman
d1291f7aee
remove unneeded getDirectoryContent when getting share types for a folder
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-09 17:04:44 +01:00
Thomas Müller
c778b1bade
Update sabre dav to 3.2 (#26115)
* Update sabre/dav to 3.2.0

* Adjust code to work with sabre/dav 3.2.0 and it's dependencies

* Adding own CalDAV plugin to fix calendar home property

* Test if there is a user logged in when listing files home

* Update sabre version used by integration tests

* Disable unauthenticated DAV access

This is needed to make Sabre 3.2 behave like we did before.
Eventually we should integrate better with the ACL plugin which itself
should implement an auth failure when appropriate.

=====

* Fixed so cherry-pick was succesfull

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-04 13:35:10 +01:00
Vincent Petry
6a4ea2c15a
Upload autorename on client side
Removes the need for POST to collection which would hit against upload
limits.

The client tries to auto rename the file by adding a suffix "(2)".
It tries to use the file list on the client side to guess a
suitable name. In case a file still cannot be uploaded and creates a
conflict, which can happen when the file was concurrently uploaded, the
logic will continue increasing the suffix.
2016-11-02 22:15:03 +01:00
Roeland Jago Douma
fc4d0a86ef
Fix merging backend results
* Merge share types correctly
* Filter share types
* Order share types

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-01 12:16:05 +01:00
Robin Appelman
3692769b0a
Add getShareTypesInFolder to optimize folder listening
Signed-off-by: Robin Appelman <icewind@owncloud.com>
2016-10-31 15:55:40 +01:00
Thomas Müller
1c39b30d50
Require to use at least desktop client 2.0 by default 2016-10-25 18:01:25 +02:00
Morris Jobke
c0adc3c2cf Merge pull request #1883 from nextcloud/downstream-26145
Storage 503 message improvements
2016-10-25 13:19:46 +02:00
Vincent Petry
c68e273664
Goodbye Iframe transport !
Not needed any more in IE >= 11

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-24 21:45:00 +02:00
Vincent Petry
59c5be1cc5
Use Webdav PUT for uploads in the web browser
- uses PUT method with jquery.fileupload for regular and public file
  lists
- for IE and browsers that don't support it, use POST with iframe
  transport
- implemented Sabre plugin to handle iframe transport and redirect the
  embedded PUT request to the proper handler
- added RFC5995 POST to file collection with "add-member" property to
  make it possible to auto-rename conflicting file names
- remove obsolete ajax/upload.php and obsolete ajax routes

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-24 21:45:00 +02:00
Vincent Petry
44cf67accd
Storage 503 message improvements
"Storage not available" is now "Storage temporarily not available".
Exceptions are now logged in DEBUG level, not FATAL.
2016-10-24 15:43:15 +02:00
Morris Jobke
2b76d14330 Merge pull request #1834 from nextcloud/downstream-26186
Add more files plugins to new DAV endpoint
2016-10-21 09:44:15 +02:00
Roeland Jago Douma
50b6ee67cb Merge pull request #1806 from nextcloud/karakayasemi_1767
Update file.php put function posthook calls
2016-10-21 08:45:51 +02:00
Vincent Petry
73e216e0a7
Add more files plugins to new DAV endpoint (#26186)
* Add more files plugins to new DAV endpoint

Also fix report plugin to properly retrieve the path from the
prolongated URL

* In case the report is not for this plugin -> simply return to allow other plugins to get executed

* Adjust onReport tests to match new behavior
2016-10-20 21:36:15 +02:00
Semih Serhat Karakaya
33cee3502a
Update file.php put function posthook calls
Logicaly, postHooks should emit after touch. For chunking file it is already emitting after touch.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-20 21:07:15 +02:00
Joas Schilling
246bb9f33d
Move OC\Files\Storage\Shared to the right namespace 2016-10-20 20:27:44 +02:00
Morris Jobke
98c8464564 Merge pull request #1821 from nextcloud/downstream-26366
Code style changes from downstream
2016-10-20 20:18:47 +02:00
Lukas Reschke
0864f53675 Merge pull request #1796 from nextcloud/oc_fav-report
Make it possible to filter by tags with REPORT method
2016-10-20 18:32:51 +02:00
Thomas Müller
08d6884107
Sanitize length headers when validating quota 2016-10-20 15:15:48 +02:00
Vincent Petry
361f008c70
Make it possible to filter by tags with REPORT method
Enhanced the REPORT method on the Webdav endpoint and added a
"oc:favorite" filter rule. When set, it will return a flat list of
results filtered with only favorite files.

The web UI was also adjusted to use this REPORT method instead of the
private API endpoint.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-19 11:06:29 +02:00
Joas Schilling
05223a39f9
Make sure we only use numbers as length
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-19 09:28:54 +02:00
Thomas Citharel
3b055b160e
fix typo
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2016-10-14 11:48:18 +02:00
Morris Jobke
ff3e8c2139 Merge pull request #1518 from nextcloud/dav-fileshome-directory-properties
FilesHome now also returns DAV properties
2016-10-06 00:21:44 +02:00
Thomas Müller
bd96c6aa38
Return ETag and OC-ETag in case of a move (#25683)
Downstreaming of https://github.com/owncloud/core/pull/25683

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-09-28 21:12:50 +02:00
Vincent Petry
b17e836e45
FilesHome now also returns DAV properties
The files home node must also return DAV properties like etag,
permissions, etc for the clients to work like they did with the old
endpoint.

This fix makes FilesHome extend the Sabre Directory class, this makes
the FilesPlugin and other plugins recognize it as a directory and will
retrieve the matching properties when applicable.

Downstream of https://github.com/owncloud/core/pull/26066

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-09-26 11:24:23 +02:00
Joas Schilling
cf69a2b7eb
UPDATE permissions qualify for renaming a node 2016-09-07 11:22:57 +02:00
Joas Schilling
4c0665b6ec
Only require CREATE permissions when the file does not exist yet 2016-09-07 11:10:48 +02:00
Markus Goetz
0cb34c2fa5
[master] DAV: Return data-fingerprint always when asked (#25482)
For owncloud/client#5056
Users can configure arbitrary subfolders for syncing, therefore we should
always return it when asked for.
The sync client makes sure to not always ask for it to save bandwidth.
2016-08-29 14:37:14 +02:00
Lukas Reschke
4d85ffc27c Merge pull request #1054 from nextcloud/less-cache-hits
Reduce the number of cache operations for dav operations
2016-08-27 22:44:29 +02:00
Robin Appelman
7c4d9add0d reuse the userfolder's fileinfo when possible during dav setup 2016-08-25 17:22:22 +02:00
Christoph Wurst
6af2efb679
prevent infinite redirect loops if the there is no 2fa provider to pass
This fixes infinite loops that are caused whenever a user is about to solve a 2FA
challenge, but the provider app is disabled at the same time. Since the session
value usually indicates that the challenge needs to be solved before we grant access
we have to remove that value instead in this special case.
2016-08-24 10:49:23 +02:00
Robin Appelman
1fef5d3d06 add dav property to check if a file has a preview available 2016-07-27 12:59:39 +02:00
Joas Schilling
0215b004da
Update with robin 2016-07-21 18:13:58 +02:00
Joas Schilling
813f0a0f40
Fix apps/ 2016-07-21 18:13:57 +02:00
Lukas Reschke
c385423d10 Merge pull request #479 from nextcloud/add-bruteforce-throttler
Implement brute force protection
2016-07-21 00:31:02 +02:00
Lukas Reschke
ba4f12baa0
Implement brute force protection
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.

It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
2016-07-20 22:08:56 +02:00
Aaron Wood
7c0de08cc4
Escape special characters (#25429)
* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Escape LIKE parameter

* Use correct method in the AbstractMapping class

* Change the getNamesBySearch method so that input can be properly escaped while still supporting matches

* Don't escape hardcoded wildcard
2016-07-20 14:46:47 +02:00
Björn Schießle
ea470f8777 Merge pull request #405 from nextcloud/theming-fixes
Theming fixes
2016-07-18 15:59:47 +02:00
Joas Schilling
2c988ecbf4
Use the themed Defaults everywhere 2016-07-15 09:17:30 +02:00
Roeland Jago Douma
059b7435ab
PasswordLoginForbidden is not a FATAL exception
It is just a 'Sabre\DAV\Exception\NotAuthenticated' exception
with some special meaning.

So just log it as DEBUG and not as FATAL.
2016-07-14 22:53:12 +02:00
Bjoern Schiessle
26e14529be fix error message 2016-06-30 13:50:31 +02:00
Lukas Reschke
c771368c4e Add proper throws PHP docs 2016-06-30 13:19:50 +02:00
Lukas Reschke
1e7f0f7341 Add required $message parameter 2016-06-30 13:17:53 +02:00
Bjoern Schiessle
3571207bd9 add some additonal permission checks to the webdav backend 2016-06-30 11:16:49 +02:00
Vincent Petry
2340660a5b
PasswordLoginForbidden must extend NotAuthenticated
The auth code from Sabre will forward NotAuthenticated exceptions but
in the case of a generic exception, it is packaged as "service not
available".
2016-06-17 15:50:24 +02:00
Christoph Wurst
5a8cfab68f
throw PasswordLoginForbidden on DAV 2016-06-17 11:30:24 +02:00
Christoph Wurst
82b50d126c
add PasswordLoginForbiddenException 2016-06-17 11:02:07 +02:00
Christoph Wurst
331d88bcab
create session token on all APIs 2016-06-13 15:38:34 +02:00
Vincent Petry
67c3a97401 Merge pull request #25046 from owncloud/fix-the-realm
Use the correct realm for basic authentication
2016-06-10 10:41:46 +02:00
Vincent Petry
543545505d Merge pull request #25043 from owncloud/webdav-download-mimetype
DAV now returns file name with Content-Disposition header
2016-06-10 09:55:59 +02:00
Vincent Petry
1399e87d57
DAV now returns file name with Content-Disposition header
Fixes issue where Chrome would append ".txt" to XML files when
downloaded in the web UI
2016-06-09 15:51:41 +02:00
Thomas Müller
cf06b17df1
Use the correct realm for basic authentication - fixes #23427 2016-06-09 13:53:32 +02:00
Thomas Müller
f20c617154
Allow login by email address via webdav as well - fixes #24791 2016-06-09 12:08:49 +02:00
Robin Appelman
f119769c26 Better handling of forbidden files in dav 2016-06-07 14:01:55 +02:00
Thomas Müller
371a07e3ab Fix checkMove() implementation for dav v2 - fixes #24776 (#24971) 2016-06-06 17:01:27 +02:00
Vincent Petry
3ff2bec5fa Merge pull request #24935 from owncloud/2fa-block-dav
block DAV if 2FA challenge needs to be solved first
2016-06-02 15:31:18 +02:00
Joas Schilling
942e946f06
Catch the ForbiddenException to make sure it gets handled 2016-06-01 16:17:57 +02:00
Christoph Wurst
da03a85c3c
block DAV if 2FA challenge needs to be solved first 2016-06-01 10:42:38 +02:00
Lukas Reschke
aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Christoph Wurst
28ce7dd262
do not allow client password logins if token auth is enforced or 2FA is enabled 2016-05-24 17:54:02 +02:00
Christoph Wurst
ad10485cec
when generating browser/device token, save the login name for later password checks 2016-05-24 11:49:15 +02:00
Vincent Petry
87fa86a69a Merge pull request #24559 from owncloud/2fa
two factor auth
2016-05-23 20:50:03 +02:00
Christoph Wurst
dfb4d426c2
Add two factor auth to core 2016-05-23 11:21:10 +02:00
Arthur Schiwon
2b30136ae9
ensure comments-href returns a value also when propfind is done against remote.php/files 2016-05-20 16:22:13 +02:00
Joas Schilling
dd9ee10bc0 Move dav app to PSR-4 (#24527)
* Move Application to correct namespace and PSR-4 it

* Move dav app to PSR-4
2016-05-12 09:42:40 +02:00