Commit graph

4174 commits

Author SHA1 Message Date
Roeland Jago Douma
ae4d01dfb0 Use the actual password to update the tokens
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-09-18 20:53:38 +00:00
Arthur Schiwon
97be271387 adjust tests
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-09-09 14:53:01 +00:00
Daniel Kesselberg
773778dd8c
Add default timeout to expected request options
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-09-03 14:59:09 +02:00
Roeland Jago Douma
3f12ec95f0
SessionMiddleware: declare session property
* Remove request since we don't useit
* Update tests as well

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-28 13:02:29 +02:00
Roeland Jago Douma
505f10044a
Merge pull request #16865 from nextcloud/bugfix/noid/5-min-cron
Cron should run every 5 mins
2019-08-26 19:29:57 +02:00
Joas Schilling
db968cb1d4
Cleanup the Settings class
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-08-26 11:50:26 +02:00
Roeland Jago Douma
7927aebdeb
Fix report of phpstan in Limiter
* unneeded arguments to constructor
* added return types
* let automatic DI do its work

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-19 19:38:43 +02:00
Roeland Jago Douma
f465f9d4b9
Merge pull request #16721 from nextcloud/fix/16644
Correctly handle emtpy string in proxyuserpwd config
2019-08-11 22:46:01 +02:00
Scott Shambarger
edf946dfc7
Correctly handle emtpy string in proxyuserpwd config
As documented, the default value for config value proxyuserpwd is ''.
However, that value results in the error:
 "cURL error 5: Unsupported proxy syntax in '@'".
This patch handles the values of '' and null (the default in the code)
the same for config values proxyuserpwd and proxy.

Signed-off-by: Scott Shambarger <devel@shambarger.net>
2019-08-11 21:07:30 +02:00
Roeland Jago Douma
f81817b47d
Add tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-10 19:40:13 +02:00
Roeland Jago Douma
b8c5008acf
Add feature policy header
This adds the events and the classes to modify the feature policy.
It also adds a default restricted feature policy.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-10 14:26:22 +02:00
Roeland Jago Douma
2e2d1b6b5c
Merge pull request #16592 from nextcloud/bugfix/noid/federated-reshare
Fix permission check on incoming federated shares
2019-08-01 10:55:35 +02:00
Roeland Jago Douma
cf647451e5
Update CSP test cases to handle the new form-action
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-31 15:16:10 +02:00
Julius Härtl
22b81ac1e4
Fix permission check on incoming federated shares
Since federated shares have their permissions set on the node, we do not need
to check for parent share permissions. Otherwise reshares of incoming federated
have no permission variable defined and creating them will fail

Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-07-31 12:59:51 +02:00
Joas Schilling
d4eb8481fa
Merge pull request #16594 from nextcloud/tech-debt/noid/remove-unused-checkPasswordProtectedShare
Remove unused OC\Share\Share::checkPasswordProtectedShare
2019-07-30 09:58:38 +02:00
Roeland Jago Douma
135209f24e
Merge pull request #16579 from nextcloud/enh/PostLoginEvent
Add proper PostLoginEvent
2019-07-30 08:54:10 +02:00
Morris Jobke
e21f440990
Merge pull request #16502 from nextcloud/bugfix/16474
Check the if we can actually access the storage cache for recent files
2019-07-29 16:59:26 +02:00
Roeland Jago Douma
0ea7fbae54
Update tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-29 16:31:40 +02:00
Morris Jobke
98237d2a00
Remove unused OC\Share\Share::checkPasswordProtectedShare
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-07-29 15:23:21 +02:00
Roeland Jago Douma
37a4282c7a
Split up security middleware
With upcoming work for the feature policy header. Splitting this in
smaller classes that just do 1 thing makes sense.

I rather have a few small classes that are tiny and do 1 thing right
(and we all understand what is going on) than have big ones.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-27 16:11:45 +02:00
Morris Jobke
2e803dc3d3
Merge pull request #16555 from nextcloud/fix/16529/mask-keys
use a pattern to identify sensitive config keys
2019-07-26 15:15:56 +02:00
Arthur Schiwon
78201bcb72
treat sensitive config keys by pattern
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-07-26 13:31:14 +02:00
Roeland Jago Douma
0487144b26
Remove deprecated searchByTag
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-26 12:29:19 +02:00
Julius Härtl
3674f6fa2d
Check the if we can actually access the storage cache for recent files
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-07-24 14:01:24 +02:00
Morris Jobke
d5b524ae07
Merge pull request #16492 from nextcloud/enh/exclude-rnd-files
Exclude .rnd files from integrity check
2019-07-23 14:57:55 +02:00
Daniel Kesselberg
8bed3021bd
Exclude .rnd files from integrity check
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-07-21 20:29:11 +02:00
Sam Bull
ea935f65fd
Add support for CSP_NONCE server variable
Allow passing a nonce from the web server, allowing the possibility to enforce a strict CSP from the web server.

Signed-off-by: Sam Bull <git@sambull.org>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-18 12:16:29 +02:00
Morris Jobke
5b604eaeab
Merge pull request #15040 from nextcloud/feature/13980/push-for-deleted-notifications
Notifications overhaul
2019-07-17 20:22:03 +02:00
Morris Jobke
782554d2ac
Merge pull request #16075 from nextcloud/bugfix/15823/app-restricted-groups
Remove deleted groups from app restrictions fixes #15823
2019-07-17 17:36:00 +02:00
Morris Jobke
99f2c82222
Properly inject the logger
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-07-16 22:38:14 +02:00
Joas Schilling
565838da9c
Update unit tests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-07-16 13:32:44 +02:00
Joas Schilling
55f5bc79a1
Keep the old method as a fallback and adjust the tests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-07-16 11:36:32 +02:00
Roeland Jago Douma
f8aeef7ae9
Lock SCSS so we only run 1 job at a time
This is bit hacky but a start to lock the SCSS compiler properly
Retry during 10s then give up
Properly get error message
Do not clear locks and properly debug scss caching

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-12 16:18:02 +02:00
Joas Schilling
092d34d9df
Add a unit test for guests as well
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-07-11 10:24:27 +02:00
Christoph Wurst
d058ef2b6c
Make it possible to wipe all tokens/devices of a user
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-07-09 13:57:04 +02:00
Christoph Wurst
1c261675ad
Refactor: move remote wipe token logic to RW service
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-07-09 13:39:27 +02:00
Roeland Jago Douma
5cef8957b5
Merge pull request #15730 from nextcloud/enh/14179/event_for_csp
Add an event to edit the CSP
2019-07-09 10:59:15 +02:00
Roeland Jago Douma
5ac857bcdc
Add an event to edit the CSP
This introduces and event that can be listend to when we actually use
the CSP. This means that apps no longer have to always inject their CSP
but only do so when it is required. Yay for being lazy.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-08 20:35:15 +02:00
Morris Jobke
53d2d95478
Remove one time repair steps that have already run when updating to 17
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-07-08 14:47:26 +02:00
John Molakvoæ
5a03189ce7
Mimetype list integrity check should not fail if it's changed (#15810)
Mimetype list integrity check should not fail if it's changed
2019-07-07 20:01:58 +02:00
Xheni Myrtaj
9211e34aec
Added Tests for modified mimetypelist
Signed-off-by: Xheni Myrtaj <myrtajxheni@gmail.com>
2019-07-04 09:35:36 +01:00
Julius Härtl
857fae288c
Always set the display name for user shares
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-07-03 21:34:18 +02:00
Joas Schilling
85a80b05ac
Unify the permission checking in one place only
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-07-03 16:34:00 +02:00
Joas Schilling
e4addbae3e
Better check reshare permissions when creating a share
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-07-03 14:00:13 +02:00
Christoph Wurst
c50fe2a9c9
Send emails when remote wipe starts/finishes
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-07-02 21:59:23 +02:00
Greta Doci
5898e87e0f Remove deleted groups from app restrictions fixes #15823
Signed-off-by: Greta Doci <gretadoci@gmail.com>
2019-06-27 20:17:50 +02:00
Christoph Wurst
aa6622ccef Decouple remote wipe notifcation channels with events
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-06-27 17:16:18 +02:00
Jan-Christoph Borchardt
b466127b1f
Merge pull request #16055 from nextcloud/design/native-fonts
Use native font stack
2019-06-26 00:08:16 +02:00
Roeland Jago Douma
d4a44d9b78
Merge pull request #15870 from nextcloud/preview-provider-v2
Add new Provider interface for preview providers
2019-06-25 15:05:54 +02:00
Roeland Jago Douma
5fbf304c2a
Merge pull request #15777 from nextcloud/feature/ocp-event-dispatcher
Add event dispatcher to OCP
2019-06-25 11:48:16 +02:00