Commit graph

8939 commits

Author SHA1 Message Date
Roeland Jago Douma
51e96dc3f6
Normalize getUnjailedPath
Fixes 

If we do not normalize the unjailed path we might end up with a path
like files/user/folder/. which can break on objectstores

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-11 14:43:48 +02:00
Morris Jobke
0acae1d4aa
Merge pull request from nextcloud/techdebt/noid/allow-to-mock-new-datetime
Allow to inject/mock `new \DateTime()` similar to time()
2018-10-10 14:54:15 +02:00
Roeland Jago Douma
d5bf2c4523
Move normalizePath to regexes instead of looping
This is IMO a bit more readable and it seems to make the code faster.
Tested it on the company instance where there are over 3k calls to this
function. It shaves off around 10ms.

The advantage here is that the pattern gets optimized by php itsel and
cached.
Also looking for all patterns at the same time and especially no longer
looping for /./ patterns should save time.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-10 13:23:59 +02:00
Roeland Jago Douma
a9f4817b65
Merge pull request from nextcloud/feature/11617
Add function to generate urls for OCS routes
2018-10-09 20:50:37 +02:00
Roeland Jago Douma
c97b4274cc
Add function to generate urls for OCS routes
fixes 

The OCS routes are only absolute for now as they are often exposed to
the outside anyway and are on a different endpoint than index.php in
anyway.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-09 15:41:50 +02:00
Joas Schilling
840dd4b39c
Allow to inject/mock new \DateTime() similar to time()
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-10-09 15:38:31 +02:00
Joas Schilling
ea21aa3f7a
Use numeric placeholders if there are multiple, so that RTL languages can operate better
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-10-09 14:32:14 +02:00
Morris Jobke
ea411ccec4
Merge pull request from nextcloud/feature/appdata_previews
Allow the creationg of previews of files stored in appdata
2018-10-09 11:47:14 +02:00
Roeland Jago Douma
ade61d8b43
Allow the creationg of previews of files stored in appdata
To allow us to create previews of files stored in appdata we need to
construct the view differently.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-08 19:37:45 +02:00
Morris Jobke
db345e4c6d
Deprecate unused, private OC_Helper::linkToPublic
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-10-08 18:29:52 +02:00
Morris Jobke
fe2a600823
Merge pull request from nextcloud/bugfix/10212/use_class_implementation
adjust Calendar resource / room interfaces to use class implementation
2018-10-08 17:00:50 +02:00
Morris Jobke
bae3ba3b25
Merge pull request from nextcloud/refactor/rename-admin-security-section
Rename admin security section
2018-10-08 13:57:38 +02:00
Christoph Wurst
f29189f200
Rename admin security settings template
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-10-08 10:45:28 +02:00
Morris Jobke
7971ba5cc6
Merge pull request from nextcloud/feature/10684/default-logo-color-theme-colors
Switches the default logo color depending on the primary color
2018-10-08 10:33:22 +02:00
Christoph Wurst
5d2fdfe0b5
Rename admin security section
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-10-08 10:31:51 +02:00
Georg Ehrke
970242b6ca
RoomManager/ResourceManager: Inject IServerContainer instead of using OC Server
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2018-10-08 01:50:17 +02:00
Georg Ehrke
1c6f666bbf
adjust Calendar resource / room interfaces to use class implementation
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2018-10-08 01:25:20 +02:00
Roeland Jago Douma
60a34179c9
Remove deprecated publishActivity function
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-05 12:55:45 +02:00
Morris Jobke
e0ed64366c
Merge pull request from nextcloud/add-missing-throw-statement
add missing throw statement to doc block
2018-10-04 16:28:08 +02:00
Bjoern Schiessle
1d4a80f37d
add missing throw statement to doc block
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-10-04 15:23:07 +02:00
Morris Jobke
cdb3ffb293
Remove unused code in legacy classes
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-10-03 22:07:51 +02:00
Morris Jobke
213d43f043
Merge pull request from nextcloud/fix/11097/just_update_password_hash
Just update password hash without validating
2018-10-03 12:08:49 +02:00
Roeland Jago Douma
f9e201adfe
Merge pull request from nextcloud/feature/consolidated-2fa-settings
Consolidate personal two-factor provider settings
2018-10-03 09:56:21 +02:00
Roeland Jago Douma
0c9a3de68f
Just update password hash without validating
Fixes 

If your password hash changed (becuse your are on 7.2 and we moved to
ARGON2). Then we shold not 'set a new password' but just update the
hash. As else we invoke the password policy again which might lock out
users.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-03 00:37:20 +02:00
Morris Jobke
8ede3f6346
Merge pull request from nextcloud/bugfix/10678/pretty-urls-dont-work
Allow overwrite.cli.url without trailing slash
2018-10-02 23:39:30 +02:00
Christoph Wurst
79a0ee4f4a
Consolidate personal two-factor provider settings
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-10-02 22:56:33 +02:00
Daniel Kesselberg
a4eb3ee508
Validate email in occ command
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-10-02 22:24:30 +02:00
Daniel Kesselberg
13877c2d20
Use setUserValue instead setEMailAddress because latter omits an changeUser events.
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-10-02 22:24:30 +02:00
Daniel Kesselberg
6c805ec9ba
Add --admin-email to cli installer
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-10-02 22:24:30 +02:00
Morris Jobke
6b730b4c47
Merge pull request from nextcloud/feature/11043/apptoken_v3
Apptoken v3: imrpove token handling on external password change
2018-10-02 21:45:10 +02:00
Morris Jobke
19d552e00b
Merge pull request from nextcloud/bugfix/3342/database-name-prefix-sqlite
Allow --database-name and --database-table-prefix for sqlite from occ
2018-10-02 21:44:03 +02:00
Roeland Jago Douma
19f84f7b54
Add tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-02 19:50:54 +02:00
Roeland Jago Douma
d9febae5b2
Update all the publickey tokens if needed on web login
* On weblogin check if we have invalid public key tokens
* If so update them all with the new token

This ensures that your marked as invalid tokens work again if you once
login on the web.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-02 19:50:54 +02:00
Roeland Jago Douma
00e99af586
Mark token as invalid if the password doesn't match
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-02 19:50:44 +02:00
Roland Tapken
d17856a1e9
Make logfile's mode configurable.
The file logger currently resets the mode of the logfile to 0640.

When the webserver is running as a different user than the cron job
(but both are in the same group) the files mode has to be 0660. The
current implementation breaks logging for the user that is not the
owner of the logfile.

This patch introduces a new config option 'logfilemode' that expects
an octal value (defaults to 0640). Unless the value is lower or equal
than 0 the logfiles mode will be resetted to this value.

Signed-off-by: Roland Tapken <roland@bitarbeiter.net>
2018-10-02 18:27:06 +02:00
Christoph Wurst
d01905200a
Merge pull request from nextcloud/feature/all_lax_cookies2
Make authenticated cookies lax
2018-10-02 10:28:05 +02:00
Michael Weimann
d855c38e07
Moves the logo files to logo
Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
2018-10-02 08:37:54 +02:00
Roeland Jago Douma
a95154642d
Emit event on enablign or disabling of 2FA provider
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-01 15:35:24 +02:00
Morris Jobke
1034efd640
Merge pull request from nextcloud/feature/noid/drop-find-and-pass-additional-paths
Dont use find to lookup binaries
2018-10-01 11:47:07 +02:00
Christoph Wurst
259c0ce11d
Add mandatory 2FA service/class
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-09-30 11:47:29 +02:00
Daniel Kesselberg
d4dec43f8f
Dont use find to lookup binaries
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-09-29 20:25:19 +02:00
Daniel Kesselberg
c275beeceb
Allow url without / for overwrite.cli.url
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-09-28 22:32:19 +02:00
Roeland Jago Douma
9a7265babf
Make authenticated cookies lax
This protects our cookies a bit more. It makes sure that when a 3rdparty
websites embededs a public alendar for example. That all the users see
this in anonymous mode there.

It adds a small helper function.

In the future we can think about protecting other cookies like this as
well. But for now this is sufficient to not have the user logged in at
all when doing 3rdparty requests.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-09-28 16:44:37 +02:00
Roeland Jago Douma
c9e93b8084
Compile contactmenu handlebars templates
Fixes 
For https://github.com/orgs/nextcloud/projects/18

Ship the compiled handlebars templates. This makes it possible to have a
scricter CSP.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-09-27 20:33:58 +02:00
Christoph Wurst
f71ffc73db
Remove unused constructor argument
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-09-27 09:44:21 +02:00
Christoph Wurst
0259792614
Reduce settings manager complexity by loading sections via DI
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-09-27 09:44:21 +02:00
blizzz
ff55bcdad5
Merge pull request from nextcloud/feature/noid/unit-test-find-webroot
Extract logic for webroot into method and add test
2018-09-26 15:22:30 +02:00
Morris Jobke
ee73f6c416
Merge pull request from nextcloud/feature/noid/consider-openssl-settings-from-config.php
Consider openssl settings from config.php
2018-09-25 18:04:20 +02:00
Roeland Jago Douma
b8418b502d
Merge pull request from nextcloud/container-queryexception-only
only catch QueryException when trying to build class
2018-09-25 16:21:55 +02:00
Christoph Wurst
7586b19e52
Only allow 2FA state changs if providers support the operation
Ref https://github.com/nextcloud/server/issues/11019.

Add `twofactorauth:cleanup` command

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-09-25 09:54:20 +02:00