Commit graph

1674 commits

Author SHA1 Message Date
Roeland Jago Douma
d5159423cd
Removed depreacted functions (since 6.0)
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-29 14:27:12 +02:00
Roeland Jago Douma
740659a04c
Move away from OC_L10N
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-28 21:46:28 +02:00
Roeland Jago Douma
f722640a32
Proper DI of config
* Fixed comments

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-28 10:13:35 +02:00
Jörn Friedrich Dreyer
f8352fcb8d
introduce callForSeenUsers and countSeenUsers (#26361)
* introduce callForSeenUsers and countSeenUsers

* add tests

* oracle should support not null on clob

* since 9.2.0
2016-10-28 08:44:05 +02:00
Morris Jobke
d4969abc9d Merge pull request #1800 from nextcloud/nextcloud-rich-object-strings
Nextcloud rich object strings
2016-10-27 15:30:58 +02:00
Morris Jobke
cde7f535bd Merge pull request #1738 from nextcloud/comments-provide-displaynames-with-mentions
comment mentions: show displayname not uid
2016-10-26 14:02:49 +02:00
Morris Jobke
89574367bc Merge pull request #1871 from nextcloud/use-csp-nonces
Use CSP nonces
2016-10-25 14:46:00 +02:00
Vincent Petry
44cf67accd
Storage 503 message improvements
"Storage not available" is now "Storage temporarily not available".
Exceptions are now logged in DEBUG level, not FATAL.
2016-10-24 15:43:15 +02:00
Lukas Reschke
9e6634814e
Add support for CSP nonces
CSP nonces are a feature available with CSP v2. Basically instead of saying "JS resources from the same domain are ok to be served" we now say "Ressources from everywhere are allowed as long as they add a `nonce` attribute to the script tag with the right nonce.

At the moment the nonce is basically just a `<?php p(base64_encode($_['requesttoken'])) ?>`, we have to decode the requesttoken since `:` is not an allowed value in the nonce. So if somebody does on their own include JS files (instead of using the `addScript` public API, they now must also include that attribute.)

IE does currently not implement CSP v2, thus there is a whitelist included that delivers the new CSP v2 policy to newer browsers. Check http://caniuse.com/#feat=contentsecuritypolicy2 for the current browser support list. An alternative approach would be to just add `'unsafe-inline'` as well as `'unsafe-inline'` is ignored by CSPv2 when a nonce is set. But this would make this security feature unusable at all in IE. Not worth it at the moment IMO.

Implementing this offers the following advantages:

1. **Security:** As we host resources from the same domain by design we don't have to worry about 'self' anymore being in the whitelist
2. **Performance:** We can move oc.js again to inline JS. This makes the loading way quicker as we don't have to load on every load of a new web page a blocking dynamically non-cached JavaScript file.

If you want to toy with CSP see also https://csp-evaluator.withgoogle.com/

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-24 12:27:50 +02:00
Robin Appelman
3a8e75a814
Allow 4byte unicode filenames on supported platforms
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-10-20 14:26:09 +02:00
Joas Schilling
cf2d1b2427
Move federated share notifications to ROS
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-20 12:14:59 +02:00
Joas Schilling
b35d2fd8f2
Allow rich object subjects for Notifications
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-20 12:14:59 +02:00
Joas Schilling
2098648850
Add Rich Object Definitions and a validator
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-20 12:14:51 +02:00
Arthur Schiwon
5d98ab83e9
resolve displayname via manager and registerable resolvers
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2016-10-19 00:34:00 +02:00
Arthur Schiwon
fea3e20a80
move mention extraction to (I)Comment and report mentions via DAV
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2016-10-19 00:33:55 +02:00
Morris Jobke
96f8f209b9 Merge pull request #1449 from nextcloud/comments-user-mention
Notifications for simple @-mentioning in comments
2016-10-17 09:30:47 +02:00
Arthur Schiwon
1bcd2ca8e3
emit pre-update event for comments
* notifications can be cleaned up, no polluted DB
* updating comments will re-notify users or remove notifications, depending on the message

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2016-10-12 18:06:22 +02:00
Robin Appelman
0d842e0550
optimize Folder::getById to use less queries
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-10-12 16:12:28 +02:00
Arthur Schiwon
e1073cf442
Notificacations for simple @-mentioning in comments
(WIP) notify user when mentioned in comments

Fix doc, and create absolute URL for as notification link.

PSR-4 compatibility changes

also move notification creation to comments app

Do not notify yourself

unit test for controller and application

smaller fixes

- translatable app name
- remove doubles in mention array
- micro perf optimization
- display name: special label for deleted users, keep user id for users that could not be fetched from userManager

Comment Notification-Listener Unit Test

fix email adresses

remove notification when triggering comment was deleted

add and adjust tests

add missing @license tags

simplify NotificationsController registration

appinfo simplification, php docs

make string easier to translate

adjust test

replace dispatcher-based listeners with a registration method and interface

safer to not pass optional data parameter to setSubject for marking as processed. ID and mention suffices

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

update comment

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2016-10-07 17:11:19 +02:00
Joas Schilling
c77933ca22
Add an icon to the notification API
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-07 17:00:24 +02:00
Morris Jobke
316db0a97b add proper exception documentation for ISimpleFS interface
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-10-05 23:47:00 +02:00
Roeland Jago Douma
851769adc8
Deprecate old app folder
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-05 11:00:16 +02:00
Roeland Jago Douma
6807cb684f
avatar to appdata
* Fix AvatarTest

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-05 11:00:16 +02:00
Roeland Jago Douma
5d8b941fea
Initial AppData
* Introduce simpleFS
* Introduce IAppData
* Introduce AppData Factory to get your AppData folder
* Update FileDisplayResponse

* AppData implements a ISimpleRoot but lazy. So only if an apps starts
  to access data will stuff get initialized

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-05 11:00:14 +02:00
Morris Jobke
afe40ac996
write channel to config file when changed
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-09-26 13:44:56 +02:00
Roeland Jago Douma
7c078a81b4
Add trict CSP to OCS responses
If a repsonse now explicitly has the Empty CSP set then the middleware
won't touch it.
2016-09-15 13:11:36 +02:00
Roeland Jago Douma
3c55fe6bab
Split OCS version handling
This cleans up a bit the OCSController/Middleware. Since the 2 versions
of OCS differ a bit. Moved a lot of stuff internal since it is of no
concern to the outside.
2016-09-06 11:57:39 +02:00
Roeland Jago Douma
777c3ee325
Add FileDisplayResponse
A lazy implementation of the DisplayResponse that only hits the
filesystem if the etag and mtime do not match.
2016-09-05 15:09:54 +02:00
Lukas Reschke
06fa486706 Merge pull request #1158 from nextcloud/cache_avatars
Cache avatars
2016-09-05 15:08:43 +02:00
Joas Schilling
12736a3592 Merge pull request #1271 from nextcloud/fix-docs-for-notifications
Null !== void, those methods are void
2016-09-05 14:16:45 +02:00
Joas Schilling
fb04c56827
Null !== void, those methods are void 2016-09-05 13:00:56 +02:00
Roeland Jago Douma
3b2beeaa14
Deprecate OCSRespone
The OCSResponse should not be used by apps. They should extend the
OCSController and use normal DataResponses instead.
2016-09-05 10:51:19 +02:00
Roeland Jago Douma
14136295b7
Cache avatars properly
* Set proper caching headers for avatars (15 minutes)
* For our own avatar use some extra logic to invalidate when we update
2016-08-30 09:00:16 +02:00
Robin Appelman
1c3b1e5797 add stacktrace to query logger 2016-08-24 14:37:15 +02:00
Joas Schilling
a111181eb3
Validate the operation 2016-08-19 12:23:05 +02:00
Joas Schilling
a9f36067fd
Fix constant name, copy-pasterino 2016-08-17 10:41:13 +02:00
Roeland Jago Douma
ce0604bd06 Merge pull request #892 from nextcloud/fix_phpdoc
Some scrutinizer phpdoc fixes
2016-08-17 10:38:21 +02:00
Roeland Jago Douma
0dc22d13a9
Fix IL10N phpdoc 2016-08-16 20:24:50 +02:00
Arthur Schiwon
208e551216
check registered sections and settings after an app got updated to garbage collect orphaned classes 2016-08-16 00:56:17 +02:00
Arthur Schiwon
9edca39b49
attempt to remove section and settings entries when an app got disabled 2016-08-16 00:56:17 +02:00
Lukas Reschke
8261ccce1b
Merge branch 'master' into implement_712 2016-08-11 19:37:17 +02:00
Lukas Reschke
225eb27bca
Add since tags to class 2016-08-11 19:33:37 +02:00
Lukas Reschke
8f12f5df15
Add missing since annotations 2016-08-11 19:28:24 +02:00
Arthur Schiwon
14ddf9d923
rename IAdmin to ISettings, the interface is not bound to a specific settings scope 2016-08-11 14:48:21 +02:00
Roeland Jago Douma
ba922c9f73 Merge pull request #807 from nextcloud/ocs_dataresponse
OCSController requires DataResponse
2016-08-10 22:36:25 +02:00
Arthur Schiwon
1eb8b951c2
more admin page splitup improvements
* bump version to ensure tables are created
* make updatenotification app use settings api
* change IAdmin::render() to getForm() and change return type from Template to TemplateResponse
* adjust User_LDAP accordingly, as well as built-in forms
* add IDateTimeFormatter to AppFramework/DependencyInjection/DIContainer.php. This is important so that \OC::$server->query() is able to resolve the
constructor parameters. We should ensure that all OCP/* stuff that is available from \OC::$server is available here. Kudos to @LukasReschke
* make sure apps that have settings info in their info.xml are loaded before triggering adding the settings setup method
2016-08-10 15:21:25 +02:00
Roeland Jago Douma
1f370c97ed
OCSController requires DataResponse
The OCS Controller requires a DataResponse object to be returned.
This means that all error handling will have to be done via exceptions
thrown and handling in the middleware.
2016-08-10 12:40:26 +02:00
Arthur Schiwon
ceeb44bd04
Initial work on Apps page split:
* interfaces for the Admin settings (IAdmin) and section (ISection)
* SettingsManager service
* example setup with LDAP app
2016-08-09 18:05:09 +02:00
Robin Appelman
a999420c75 get shared storage storage id without setting up the storage 2016-08-09 15:52:13 +02:00
blizzz
73311091bf Merge pull request #519 from GitHubUser4234/master
New LDAPProvider for user_ldap
2016-07-28 10:14:34 +02:00