Commit graph

7367 commits

Author SHA1 Message Date
Daniel Calviño Sánchez
51e658da2a Join if block to preceding if chain
If getShareType() returns "email" it can not also return "user", "group"
nor "link", so the if block can be added to the preceding if chain.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-04-24 13:17:46 +02:00
Joas Schilling
3d671cc536 Merge pull request #4443 from nextcloud/cleanup-unused-imports
Remove unused use statements
2017-04-24 11:47:37 +02:00
Daniel Calviño Sánchez
dcc8cce28b Fix double hashing of shared link passwords
The plain text password for a shared links was hashed and, then, the
hashed password was hashed again and set as the final password. Due to
this the password introduced in the "Authenticate" page for the shared
link was always a wrong password, and thus the file could not be
accessed.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-04-24 11:33:07 +02:00
Morris Jobke
c54a59d51e
Remove unused use statements
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-22 19:23:31 -05:00
Morris Jobke
2b6f6dac00
Remove unused variables
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-22 18:20:51 -05:00
Roeland Jago Douma
867b3ee234 Merge pull request #4396 from nextcloud/scan-non-existing
show error when trying to scan non existing path
2017-04-21 19:47:33 +02:00
Roeland Jago Douma
d46b155916 Merge pull request #4428 from nextcloud/file-by-id-limit-user
limit the user when searching for a file by id if we know the user already
2017-04-21 19:43:53 +02:00
Robin Appelman
6fbe991afb
limit the user when searching for a file by id if we know the user already
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-04-21 17:11:26 +02:00
Roeland Jago Douma
e9b00f84b8 Merge pull request #4406 from nextcloud/fix-unit-test-problems
Fix unit test problems
2017-04-21 09:35:01 +02:00
Bjoern Schiessle
972b4c04e2
respect password policy for auto generated passwords
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-04-20 16:33:26 +02:00
Bjoern Schiessle
d8dcd72118
allow admin to enforce password on mail shares
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-04-20 16:33:26 +02:00
Robin Appelman
a0e5107c0b
check for existence before we start the db transaction
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-04-20 13:25:49 +02:00
Joas Schilling
9871e4eaee
Kill dead code
> No tests found in class "Test\Share\MailNotificationsTest".

Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-20 12:43:19 +02:00
Joas Schilling
140580f9d8 Merge pull request #4398 from nextcloud/fix_accesslistcode
Get proper accesslist for userFolder
2017-04-20 11:03:22 +02:00
Roeland Jago Douma
ae2db5e60d
Get proper accesslist for userFolder
If the accesslist is requested for a users root folder we should
properly construct the path

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-20 10:28:32 +02:00
Joas Schilling
799b229a68 Merge pull request #4381 from nextcloud/2954_take_2
Fix group settings routes and fix route regression
2017-04-20 10:25:16 +02:00
Morris Jobke
fbedea0807
Add PHPDoc and handle exception in ScanAppData as well
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-19 17:04:16 -05:00
Morris Jobke
16c4755e03
Rename renderHTML to renderHtml
* fixes #4383
* improves consistency

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-19 15:46:41 -05:00
Robin Appelman
ce2dba0796
show error when trying to scan non existing path
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-04-19 14:36:38 +02:00
Lukas Reschke
a3569a1452 Merge pull request #4382 from nextcloud/use-proper-reply-to
Add "Reply-To" on ShareByMailProvider mails
2017-04-19 12:04:18 +02:00
Morris Jobke
f1ddb939a0 Merge pull request #4371 from nextcloud/dont-allow-dot-usernames
Better validation of allowed user names
2017-04-18 20:04:32 -05:00
Morris Jobke
269600a04f Merge pull request #4369 from nextcloud/fix-translations
Fix translations
2017-04-18 18:01:50 -05:00
Joas Schilling
1c0bffe87f
Fix translations
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-18 16:40:53 -05:00
Morris Jobke
47fe5e8f41 Merge pull request #4380 from nextcloud/show-instance-name-in-from
Add instance name to default sender
2017-04-18 16:22:56 -05:00
Lukas Reschke
203ef88509
Add "Reply-To" on ShareByMailProvider mails
Fixes https://github.com/nextcloud/server/issues/4209

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-18 22:23:07 +02:00
Roeland Jago Douma
d12ec7cff1
Revert "Match slashes in ../{id} resource routes"
This reverts commit 31f9be7a75.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-18 21:50:36 +02:00
Lukas Reschke
bae64e810e
Add instance name to default sender
Otherwise your mail program shows "foo@mail.com" instead of "Nextcloud" or whatever your instance name is.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-18 21:44:37 +02:00
Joas Schilling
a5b4308a51
Don't put the SMTP password into the HTML code
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-18 15:44:20 +02:00
Joas Schilling
a3922bbcdc
Better validation of allowed user names
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-18 14:29:34 +02:00
Morris Jobke
10290eb006 Merge pull request #2834 from nextcloud/accesListToShareManager
Access list to share manager
2017-04-15 13:06:24 -05:00
Roeland Jago Douma
f40b9fa9bd Merge pull request #4330 from nextcloud/activities-for-password-mail-change
Add activities when email or password is changed
2017-04-14 08:16:43 +02:00
Lukas Reschke
8149945a91
Make BruteForceProtection annotation more clever
This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware.

Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 23:05:33 +02:00
Morris Jobke
d0c0f6cfc1 Merge pull request #4326 from nextcloud/downstream-27562
Reorder the entries of the log for easier reading
2017-04-13 13:11:47 -05:00
Lukas Reschke
81d3732bf5 Merge pull request #4308 from nextcloud/lost-password-email
Update email template for lost password email
2017-04-13 20:02:15 +02:00
Morris Jobke
d36751ee38 Merge pull request #2424 from nextcloud/fix-login-controller-test-consolidate-login
Fix login controller test and consolidate login
2017-04-13 12:16:38 -05:00
Morris Jobke
ac05d6dd67
Improve PHPDoc
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-13 12:16:12 -05:00
Joas Schilling
695696a4a6
Use constants
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:04:32 -05:00
Roeland Jago Douma
0f5682321e
Fix server container registration
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 14:52:09 +02:00
Roeland Jago Douma
aef95b9b7d
Not needed in the DIContainer anymore
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 13:37:39 +02:00
Roeland Jago Douma
b96297e9cc
Do not set full path if not currentAccess
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 12:58:53 +02:00
Joas Schilling
f57ef55249
Add samples to the docs
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:58:53 +02:00
Joas Schilling
29f2088a7b
Catch exceptions and use as many results as possible
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:58:53 +02:00
Joas Schilling
629b7c0fc3
Adjust docs and make !$currentAccess simpler
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:58:52 +02:00
Joas Schilling
5b57bb955b
Fix default share provider
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:58:52 +02:00
Joas Schilling
2fcf334c6a
Fix tests for ShareHelper
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:58:52 +02:00
Joas Schilling
3c1365c0d1
Fix returned paths for remote shares
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:58:51 +02:00
Joas Schilling
4bcb7d88b5
Return the token as well
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:58:51 +02:00
Joas Schilling
cf7c320949
Also return the token
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:58:51 +02:00
Joas Schilling
91e650791d
Return the paths for the users without setting them all up
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:58:50 +02:00
Roeland Jago Douma
0c2dc3bc8c
Fix comments
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 12:58:50 +02:00
Roeland Jago Douma
12afd7d1d5
Add mail element to access list
* Each provider just returns what they have so adding an element won't
require changing everything
* Added tests

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 12:58:50 +02:00
Roeland Jago Douma
2cbac3357b
Offload acceslist creation to providers
* This allows for effective queries.
* Introduce currentAccess parameter to speciy if the users needs to have
currently acces (deleted incomming group share). (For notifications)

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 12:58:50 +02:00
Roeland Jago Douma
97f8ca6595
Added ShareHelper
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 12:58:49 +02:00
Roeland Jago Douma
a1edcc8ecf
Port Encryption/file to new getAccessList
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 12:58:49 +02:00
Roeland Jago Douma
88299ec27c
Added to public interface
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 12:58:49 +02:00
Roeland Jago Douma
7dcc98eb20
Add owner to access list
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 12:58:49 +02:00
Roeland Jago Douma
d84df15590
Add getAccessList to ShareManager
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 12:58:48 +02:00
Joas Schilling
1110b51aa3
Allow to read the old email on the hook as well
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:34:02 +02:00
Lukas Reschke
e39e6d0605
Remove expired attempts
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 12:00:18 +02:00
Lukas Reschke
a1ae5275f9
Move to dedicated MiddleWare
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 12:00:17 +02:00
Lukas Reschke
511524c668
Add isset() as it can be an empty result
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 12:00:17 +02:00
Lukas Reschke
d729bde98c
Register in ServerContainer
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 12:00:16 +02:00
Lukas Reschke
66835476b5
Add support for ratelimiting via annotations
This allows adding rate limiting via annotations to controllers, as one example:

```
@UserRateThrottle(limit=5, period=100)
@AnonRateThrottle(limit=1, period=100)
```

Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 12:00:16 +02:00
Joas Schilling
f23a36b0a6
Add activities when email or password is changed
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 11:13:19 +02:00
Lukas Reschke
01f3698175 Merge pull request #3966 from nextcloud/downstream-26570
Override config.php values through environment variables
2017-04-13 10:51:09 +02:00
Morris Jobke
7cb6038fca Merge pull request #3043 from nextcloud/issue-3038-no-logentry-on-email-login
Dont create a log entry on email login
2017-04-13 01:04:11 -05:00
Morris Jobke
1f962f9115
Update email template for lost password email
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-12 15:19:53 -05:00
Roeland Jago Douma
b3b24172e4 Merge pull request #4307 from nextcloud/sharing-emails
New emails for sharebymail
2017-04-12 21:23:11 +02:00
Morris Jobke
a7da2ef977 Merge pull request #4282 from nextcloud/oci-connect-string
use the same oci connectstring in all code paths
2017-04-12 13:11:00 -05:00
Morris Jobke
124fdf8062 Merge pull request #4331 from nextcloud/query-builder-sum
Add sum() to the query function builder
2017-04-12 12:55:09 -05:00
Morris Jobke
31024b7700 Merge pull request #4329 from nextcloud/move-out-shared-folder
Fix moving files out of a shared folder
2017-04-12 11:44:26 -05:00
Joas Schilling
4b639e2763
No newlines when heading is empty
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-12 17:16:27 +02:00
Bjoern Schiessle
0a464dfb61
make the plain text footer standard compliant and add a space after '--'. It also adds a line break in front so that there is some spacing between the mail body and the footer
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-04-12 17:16:27 +02:00
Joas Schilling
1c8c62272c
Use instance name as alt-text
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-12 17:16:26 +02:00
Joas Schilling
506c7731a6
Don't duplicate the sentence with the header
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-12 17:16:26 +02:00
Morris Jobke
33e077c1c1
Properly escape heading, body and button text
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-12 17:16:26 +02:00
Morris Jobke
050ce1d40b
Add addBodyButton to add a single button to email templates
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-12 17:16:26 +02:00
Robin Appelman
ac45af68cd
Add sub() to the query function builder
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-04-12 16:09:35 +02:00
Roeland Jago Douma
dccb8928a1 Merge pull request #4325 from nextcloud/downstream-27522
Optimize put - Dont try to fetch filecache for not existing filecache…
2017-04-12 16:04:03 +02:00
Björn Schießle
b90e91144b Merge pull request #3614 from nextcloud/discover-federatedsharing-endpoints
Discover federatedsharing endpoints
2017-04-12 16:01:07 +02:00
Robin Appelman
8500debe79
use unjailed path when moving files out of a shared storage
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-04-12 14:56:51 +02:00
Robin Appelman
2f949f4515
rename Jail::getSourcePath to getUnjailedPath to fix conflict with Local::getSourcePath
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-04-12 14:55:47 +02:00
Juan Pablo Villafáñez
38e5135cb9
Reorder the entries of the log for easier reading 2017-04-12 13:03:19 +02:00
Piotr M
dc78f1251e
Optimize put - Dont try to fetch filecache for not existing filecache in encription 2017-04-12 12:54:20 +02:00
Joas Schilling
bd37021587
Fix casing of same origin frame option
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-12 12:37:32 +02:00
Lukas Reschke
b5d31e4e65 Merge pull request #4309 from nextcloud/remove-unused-code
Removes unused code for link share emails
2017-04-12 10:15:59 +02:00
Morris Jobke
be9a514dff
Allow to set text versions for the plain text email
* allows different texts for HTML and text version of the email

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-11 17:50:06 -05:00
Morris Jobke
8fa5141aaa
Removes unused code for link share emails
* now handled by sharebymail app
* see https://github.com/nextcloud/server/pull/657

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-11 17:32:48 -05:00
Lukas Reschke
3600dd4f52
Add IEMailTemplate to public OCP API
Also adds `\OCP\Mail\IMailer::createEMailTemplate` as helper so the functionality can easily be used within apps.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-11 16:35:46 +02:00
Roeland Jago Douma
53bca14a27
Do proper DI
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-11 15:04:01 +02:00
Bjoern Schiessle
449011dae7
remove discovery manager in favour of the OCSDiscoveryService
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-04-11 15:04:01 +02:00
Bjoern Schiessle
0dea31d48b
add tests for discovery service
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-04-11 15:04:01 +02:00
Bjoern Schiessle
45aee2e479
provide public discovery service to discover OCS end-points on another server
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-04-11 15:03:59 +02:00
Lukas Reschke
afb5d45705 Merge pull request #4256 from nextcloud/theming
Move OC_Defaults to OCP\Defaults
2017-04-11 14:39:46 +02:00
Morris Jobke
11d6fe1023 Merge pull request #4283 from nextcloud/shares-by-folder-quote
properly quota table names in getSharesInFolder
2017-04-10 19:39:19 -05:00
Morris Jobke
a045f3c4d7 Merge pull request #4146 from nextcloud/unread-comments-folder
Allow getting the unread comment count for an entire folder at once
2017-04-10 13:21:39 -05:00
Robin Appelman
a555672f21
properly quota table names in getSharesInFolder
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-04-10 17:59:40 +02:00
Robin Appelman
421ca6439f
use the same oci connectstring in all code paths
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-04-10 17:58:52 +02:00
Björn Schießle
18580395d4 Merge pull request #4277 from nextcloud/permissions-mask-scanner
Dont use the permissions mask while scanning
2017-04-10 16:04:12 +02:00
Roeland Jago Douma
e9c6fe2fd8 Merge pull request #4222 from nextcloud/dav-search-fileid
Allow searching file by fileid
2017-04-10 15:57:56 +02:00
Robin Appelman
a7c611039d
Dont use the permissions mask while scanning
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-04-10 15:19:21 +02:00
Roeland Jago Douma
afea05d296 Merge pull request #4210 from nextcloud/downstream-26643
Removed path to datadir in exception
2017-04-10 12:43:46 +02:00
Joas Schilling
9e3a3eebf9
Lowercase "data" correctly
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-10 11:13:46 +02:00
Joas Schilling
bc217cdf87
Also send the new account data with the event
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-10 10:22:57 +02:00
Morris Jobke
5b4adf66e5
Move OC_Defaults to OCP\Defaults
* currently there are two ways to access default values:
  OCP\Defaults or OC_Defaults (which is extended by
  OCA\Theming\ThemingDefaults)
* our code used a mixture of both of them, which made
  it hard to work on theme values
* this extended the public interface with the missing
  methods and uses them everywhere to only rely on the
  public interface

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-09 21:43:01 -05:00
Morris Jobke
ca9d25169d Merge pull request #4136 from nextcloud/expire-date-for-all-shares
Unified sharing options
2017-04-07 17:14:05 -05:00
Roeland Jago Douma
6c0cafb10f Merge pull request #4253 from nextcloud/downstream-27599
make JobList::next() lock free
2017-04-07 22:18:40 +02:00
Jörn Friedrich Dreyer
c993c363e0
make JobList::next() lock free
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-07 13:07:09 -05:00
Lukas Reschke
281ad406e8
Add support for theming
Add support for theming in generated emails and simplify API

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-07 12:03:47 -05:00
Morris Jobke
0560e69913
New layout for welcome email
* thanks to @espina2 for make this nice design
* the button says "Set password" if the admin didn't specified a password

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-07 12:03:32 -05:00
Bjoern Schiessle
3323d01db1
update unit tests
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-04-07 15:43:59 +02:00
Joas Schilling
9f3d9b5b23
Don't force the use of Accept-Language anymore
This is not intended anymore, since it falls back to force english
when the header is not set. Also 0228bc6e66
makes clear that the order should be:

1. User setting
2. Accept language
3. Admin default

This is the case since the commit from above, unless via OCS and DAV.
Both forced to accept-language falling back to english.
By removing the force, it now also matches the w3 priority list:
https://www.w3.org/International/questions/qa-lang-priorities

Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-07 11:10:04 +02:00
Joas Schilling
7ad791efb4
Dont create a log entry on email login
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-07 10:15:20 +02:00
Arthur Schiwon
fbadb37b9b
use known LockdownManager
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-04-06 15:27:30 +02:00
Arthur Schiwon
0a463e55ae
Save correct login name
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-04-06 15:22:43 +02:00
Morris Jobke
4eddb95fc4
Add method to $methodsWithSensitiveParameters
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-06 15:22:43 +02:00
Arthur Schiwon
daf9d23547
don't regenerate Session ID twice, also fixes tests
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-04-06 15:22:43 +02:00
Arthur Schiwon
50844e8c47
regenerate session id on successful login, fixes integration test
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-04-06 15:22:43 +02:00
Arthur Schiwon
7b3fdfeeaa
do login routine only once when done via LoginController
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-04-06 15:22:42 +02:00
Robin Appelman
baec42e80a
Save the scope of an auth token in the session
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-04-05 17:58:33 +02:00
Robin Appelman
bb7e236e74
Allow searching file by fileid
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-04-05 15:22:53 +02:00
Kawohl
bee0a3699e
removed path to datadir
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-04 19:07:59 -05:00
Morris Jobke
95a21e2f2a
Check for boolean false and add tests
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-04 15:56:50 -05:00
Morris Jobke
0fcb37adcb
OC_ -> NC_
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-04 15:56:50 -05:00
Philipp Schaffrath
695a17804e
Override config.php values through ENV variables (#26570)
* added functionality to override config.php values with 'OC_' prefixed environment variables

* use getenv to read environment variables since apache does not set $_ENV variables, fixed test

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-04 15:56:50 -05:00
Morris Jobke
fa4107893d Merge pull request #4138 from nextcloud/resources_match_fullid
Match slashes in ../{id} resource routes
2017-04-04 15:52:53 -05:00
Morris Jobke
b78876236d Merge pull request #4192 from nextcloud/fix/custom-default-app-redirect-2fa-selection
Redirect to 2FA selection screen
2017-04-04 15:47:35 -05:00
Morris Jobke
52eaf6cfbb Merge pull request #3310 from duritong/patch-1
only chmod logfile if necessary
2017-04-04 11:42:26 -05:00
Lukas Reschke
e0227cb458 Merge pull request #2095 from nextcloud/bruteforcesetttings
Introduce bruteforce settings
2017-04-04 11:57:43 +02:00
Roeland Jago Douma
efb21a948e Merge pull request #4093 from nextcloud/endorse-password-protection
Endorse password protection
2017-04-04 11:04:21 +02:00
Roeland Jago Douma
31f9be7a75
Match slashes in ../{id} resource routes
Fixes #2954

Before we could match on <prefix>/{id} however if the id contains a /
this would not match properly. But since we define the resource routes
internally we now make sure that we match all chars (up until the ?).

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-04 08:37:11 +02:00
Roeland Jago Douma
2a9192334e
Don't try to parse empty body if there is no body
Fixes #3890

If we do a put request without a body the current code still tries to
read the body. This patch makes sure that we do not try to read the body
if the content length is 0.

See RFC 2616 Section 4.3

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-04 08:22:33 +02:00
Christoph Wurst
a7cc8c86ab
Redirect to 2FA selection screen
Apps like 'rainloop' use \OCP\Util::isLoggedIn() to check whether the
current request is authenticated. Since we redirected to the index
page before, it resulted in an infinite redirection loop. This change
sets the redirection URL to the 2FA selection page, which is the only
allowed page in that authentication state.

Fixes https://github.com/nextcloud/server/issues/3702

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-04-03 14:31:57 +02:00
Christoph Wurst
cbe44043be Merge pull request #4131 from nextcloud/fix-jscombiner
Fix check for cache value in JSCombiner
2017-04-03 11:27:39 +02:00
Bjoern Schiessle
b85b6f2439
feature endorse password for share links
works like "enforce password protection", but let the
user optionally remove the password protection after the
password is set. by Timo Benk

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-04-03 10:57:52 +02:00
Bjoern Schiessle
dac6826ad7
setting to disable sending password by mail
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-04-03 10:29:33 +02:00
Bjoern Schiessle
b84fd7c361
set expire date for all share types
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-04-03 10:29:32 +02:00
Bjoern Schiessle
3cc0d15f92
add secure drop functionallity to mail shares
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-04-03 10:29:32 +02:00
Bjoern Schiessle
c191173d59
allow password protected mail shares
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-04-03 10:29:32 +02:00
Bjoern Schiessle
0d5147bd49
add new password column to the share table in order to set passwords for share by mails
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-04-03 10:20:49 +02:00
Morris Jobke
ed00bab80b
Fixed layout of bruteforcesettings
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-02 21:19:30 +02:00
Roeland Jago Douma
be674c19a5
Respect bruteforce settings in the Throttler
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-02 21:13:50 +02:00
Roeland Jago Douma
dca555b7f3
Adds security section to the admin page
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-02 21:13:09 +02:00
Björn Schießle
85da9378c0 Merge pull request #4140 from nextcloud/no_encryption_no_wrapper
Don't add the Encryption Storage Wrapper if there are no encryption modules
2017-03-31 14:49:38 +02:00
Roeland Jago Douma
548871a9f3 Merge pull request #3832 from nextcloud/fix_1303
Do not clear CSRF token on logout (fix for #1303)
2017-03-30 18:25:50 +02:00
Joas Schilling
a51e4dd259 Merge pull request #4150 from nextcloud/capped-memcache-push
support pushing to CappedMemoryCache
2017-03-30 15:16:33 +02:00
Robin Appelman
11c1e5dd86
fix whitespace in cleantags
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-03-30 12:49:09 +02:00
Robin Appelman
40154dd6a3
use castColumn
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-03-30 12:48:30 +02:00
Robin Appelman
212d9fd277
Add test for getting unread comment count by folder
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-03-30 12:48:27 +02:00
Robin Appelman
429f8ae011
Allow getting the unread comment count for an entire folder at once
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-03-30 12:48:24 +02:00