Exposing the encrypted property is required for E2E. However, there is
no need to expose this on files as then it is server side encryption
(which the clients don't care about).
Better to not confuse the output.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Add a "searchPrincipals" function to the NC principal backend.
Fix the "findByUri" function to respect the prefixPath.
Signed-off-by: Christoph Seitz <christoph.seitz@posteo.de>
We have to double check. Since getting the info of the root returns a
generic entry. But actually the stroage is not available. Else we get
very weird sync and web behavior.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
There was only one call, that actually needed the parameter to be set to true. So this change moved the print of the page to that location and replaces all other occurences with a direct call to the underlying OCP API.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
In PHP 7.X hexadecimal notation support was removed from "is_numeric",
so "sanitizeMtime" directly rejected those values; in PHP 5.X, on the
other hand, "sanitizeMtime" returned 0 when a string with hexadecimal
notation was given (as it was the behaviour of "intval"). To provide a
consistent behaviour between PHP versions, and given that it does not
make much sense to send X-OC-MTime in hexadecimal notation, now
X-OC-MTime is always rejected if given as a string with hexadecimal
notation.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Directly calling "header" in the PHPUnit process causes the "Cannot
modify header information - headers already sent by" error to be thrown.
Instead of running the test in a separate process, which is slower, this
commit wraps the call to "header" in a method that can be mocked in the
tests.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
This will be used in a following commit to test how the X-OC-MTime
header is handled.
This commit is based on the "make File::put() more testable" commit
(included in 018d45cad97e0) from ownCloud by Artur Neumann.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
This commit extends the changes introduced in pull request #3793 also to
chunked uploads.
The "sanitizeMTime" method name is the same used in the equivalent pull
request to this one from ownCloud (28066).
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Until now it was safe to assume that every file was readable by its
owner, so there was no need to return whether the file was readable or
not. However, with the introduction of end to end encryption that is no
longer the case, and it is now necessary to explicitly provide that
information.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Overrides \Sabre\DAV\Auth\Backend\AbstractBearer::challenge to prevent sending a second WWW-Authenticate header which is standard-compliant but most DAV clients simply fail hard.
Fixes https://github.com/nextcloud/server/issues/5088
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Sabre usually deletes the target node on MOVE before proceeding with the
actual move operation. This fix prevents this to happen in case the
source node is a FutureFile.
Need to fetch the node earlier because cancelling from within the
handler is not possible. Well, it is but it prevents other node types
using the same property names to run because the failure marks the
property with status 403.
If a group contains a slash the principal URI becomes
principals/groups/foo/bar. Now the URI is plit on '/' so this creates
issues ;)
Fixes#2957
* Add tests for groups with /
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Single user mode basically disables WebDAV, OCS and cron execution. Since
we heavily rely on WebDAV and OCS also in the web UI it's basically useless.
An admin only sees a broken interface and can't even change any settings nor
sees any files. Also sharing is not possible.
As this is at least the case since Nextcloud 9 and we haven't received any
reports for this it seems that this feature is not used at all so I removed it.
The encryption commands now rely on the well tested maintenance mode.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* fixed size issues on main detail view and disappearing of share recipients
* Changes due to code comments
* Moved reloadProperties() to FileInfoModel
* Solved Scrutinizer issues
* Bugfix: undefined value used on error
* check if options are set for FileInfoModel.initialize()
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
If a Content-Disposition header is already set by another plugin we don't need to set another one as this breaks clients.
Fixes https://github.com/nextcloud/server/issues/1992
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Update sabre/dav to 3.2.0
* Adjust code to work with sabre/dav 3.2.0 and it's dependencies
* Adding own CalDAV plugin to fix calendar home property
* Test if there is a user logged in when listing files home
* Update sabre version used by integration tests
* Disable unauthenticated DAV access
This is needed to make Sabre 3.2 behave like we did before.
Eventually we should integrate better with the ACL plugin which itself
should implement an auth failure when appropriate.
=====
* Fixed so cherry-pick was succesfull
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Removes the need for POST to collection which would hit against upload
limits.
The client tries to auto rename the file by adding a suffix "(2)".
It tries to use the file list on the client side to guess a
suitable name. In case a file still cannot be uploaded and creates a
conflict, which can happen when the file was concurrently uploaded, the
logic will continue increasing the suffix.
- uses PUT method with jquery.fileupload for regular and public file
lists
- for IE and browsers that don't support it, use POST with iframe
transport
- implemented Sabre plugin to handle iframe transport and redirect the
embedded PUT request to the proper handler
- added RFC5995 POST to file collection with "add-member" property to
make it possible to auto-rename conflicting file names
- remove obsolete ajax/upload.php and obsolete ajax routes
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
