Commit graph

3570 commits

Author SHA1 Message Date
Roeland Jago Douma
c257cd57d4
Handle SameSiteCookie check for index.php in AppFramework Middleware
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-09-24 21:07:16 +02:00
Morris Jobke
38568c362b Merge pull request #6605 from nextcloud/oc_ocs_response_is_dep
OC_OCS_Response is deprecated
2017-09-21 20:38:18 +02:00
Roeland Jago Douma
eb00dbb593
Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-09-21 18:30:20 +02:00
Roeland Jago Douma
87e10f9e6a
OC_OCS_Response is deprecated
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-09-21 17:56:00 +02:00
Lukas Reschke
53057f2bd0 Merge pull request #5462 from nextcloud/add-frameancestor-support
Add CSP frame-ancestors support
2017-09-18 14:25:44 +02:00
Lukas Reschke
705432ca6f
Add filter for shareapi_allow_share_dialog_user_enumeration
This adjusts the contacts menu to also support searching by email address which is relevant in scenarios where no UID is known such as LDAP, etc.

Furthermore, if `shareapi_allow_share_dialog_user_enumeration` is disabled only results are shown that match the full user ID or email address.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-09-15 15:58:04 +02:00
Thomas Citharel
ecf347bd1a Add CSP frame-ancestors support
Didn't set the @since annotation yet.

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2017-09-15 15:23:10 +02:00
Tobia De Koninck
fa402c74d2
Add tests
Signed-off-by: Tobia De Koninck <tobia@ledfan.be>
2017-09-15 14:31:40 +02:00
Tobia De Koninck
473a1ecad1
Fix tests
Signed-off-by: Tobia De Koninck <tobia@ledfan.be>
2017-09-15 14:31:39 +02:00
Roeland Jago Douma
9163cf9241
Fix AppPassword 2FA auth
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-09-12 22:28:43 +02:00
Morris Jobke
8a79d0cc70 Merge pull request #6414 from nextcloud/share-notification-wrong-language
Use the language of the recipient for the share notification
2017-09-08 19:15:05 +02:00
Leon Klingele
8e46e6b827
Improve text: 'you have now' -> 'you now have'
Signed-off-by: Leon Klingele <leon@struktur.de>
2017-09-08 13:47:11 +02:00
Joas Schilling
7e625a8d22
Use the language of the recipient for the share notification
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-08 10:48:16 +02:00
Morris Jobke
5d4540f179 Merge pull request #6364 from nextcloud/fix_login_loop
Fix login with basic auth
2017-09-06 17:04:00 +02:00
Morris Jobke
15cd21d252 Merge pull request #6358 from nextcloud/fix-mixup-of-id-and-name
Set the meta data before everything
2017-09-05 16:08:57 +02:00
Morris Jobke
4e3c39c1d1
Fix tests
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-09-05 13:55:36 +02:00
Roeland Jago Douma
b96485b6bd
Fix login with basic auth
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-09-05 12:24:41 +02:00
Joas Schilling
dea011243e
Fix unit tests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-04 17:01:31 +02:00
Morris Jobke
4fd3240b5f Merge pull request #6254 from nextcloud/async-bus-split
Allow configuring different command bus backends
2017-09-04 14:22:06 +02:00
Morris Jobke
1ebf91ec16
Add proper EOL
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-09-04 14:21:44 +02:00
Roeland Jago Douma
84ea66dca8 Merge pull request #6296 from nextcloud/improve_2fa
Improve 2FA
2017-08-31 10:52:40 +02:00
Roeland Jago Douma
84b7022118
Improve 2FA
* Store the auth state in the session so we don't have to query it every
time.
* Added some tests

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-29 20:27:36 +02:00
Morris Jobke
0b652648cc Merge pull request #6177 from nextcloud/properly-add-slo-url
Properly allow \OCP\Authentication\IApacheBackend to specify logout URL
2017-08-26 18:50:52 +02:00
Björn Schießle
60ee450809 Merge pull request #5870 from nextcloud/generate-system-wide-key-pair
extend the identity proof manager to allow system wide key pairs
2017-08-24 18:36:35 +02:00
Robin Appelman
9731350ace split async test bus for easier subclassing 2017-08-24 16:06:37 +02:00
Roeland Jago Douma
9357cf735a Merge pull request #6164 from nextcloud/dont-show-error-message-when-sql-failed
Prevent SQL error message in case of error
2017-08-23 16:49:57 +02:00
Lukas Reschke
2e4cd44556
Inject \OCP\IURLGenerator to make tests work
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-18 15:32:40 +02:00
Lukas Reschke
a04feff9a7
Properly allow \OCP\Authentication\IApacheBackend to specify logout URL
Any `\OCP\Authentication\IApacheBackend` previously had to implement `getLogoutAttribute` which returns a string.
This string is directly injected into the logout `<a>` tag, so returning something like `href="foo"` would result
in `<a href="foo">`.

This is rather error prone and also in Nextcloud 12 broken as the logout entry has been moved with
054e161eb5 inside the navigation manager where one cannot simply inject attributes.

Thus this feature is broken in Nextcloud 12 which effectively leads to the bug described at nextcloud/user_saml#112,
people cannot logout anymore when using SAML using SLO. Basically in case of SAML you have a SLO url which redirects
you to the IdP and properly logs you out there as well.

Instead of monkey patching the Navigation manager I decided to instead change `\OCP\Authentication\IApacheBackend` to
use `\OCP\Authentication\IApacheBackend::getLogoutUrl` instead where it can return a string with the appropriate logout
URL. Since this functionality is only prominently used in the SAML plugin. Any custom app would need a small change but
I'm not aware of any and there's simply no way to fix this properly otherwise.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-18 12:22:44 +02:00
Lukas Reschke
ed8a98eaa1
Prevent SQL error message in case of error
`\OC\User\Database::createUser` can throw a PHP exception in case the UID is longer than
permitted in the database. This is against it's PHPDocs and we should cast this to `false`,
so that the regular error handling triggers in.

The easiest way to reproduce is on MySQL:

1. Create user `aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa` in admin panel
2. Create user `aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa` in admin panel again
3. See SQL exception as error message

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-17 12:08:40 +02:00
Morris Jobke
1c38a83927 Always log cron execution
There was a setting to disable the last execution of cron. There is no known
problem with this write access and it was also questioned when this feature
was build in https://github.com/owncloud/core/pull/7689#issuecomment-38264707

Recently there was also a bug report about a non-visible last cron execution
(#6088) - let's better remove this.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-08-17 09:45:11 +02:00
Morris Jobke
a55e794bfd Cleanup unused methods
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-08-15 14:29:26 +02:00
Morris Jobke
cf7c4a4439 Merge pull request #6123 from nextcloud/cleanup-shareItem
Cleanup usage of shareItem in internal code base
2017-08-15 13:57:00 +02:00
Morris Jobke
c5f14ac884 Merge pull request #6121 from nextcloud/cleanup-registerBackend
Use proper methods for registerBackend
2017-08-15 13:52:49 +02:00
Morris Jobke
8366dfa50b Cleanup usage of shareItem in internal code base
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-08-15 11:57:18 +02:00
Morris Jobke
895b9c2309 Use proper methods for registerBackend
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-08-15 11:29:15 +02:00
Morris Jobke
3e13e94254 Use proper methods for checkPasswordProtectedShare
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-08-15 11:28:05 +02:00
Morris Jobke
f640b56bfa Cleanup unused methods
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-08-15 10:09:47 +02:00
Bjoern Schiessle
bae5be3dc1
add prefix to user and system keys to avoid name collisions
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-08-10 14:27:35 +02:00
Bjoern Schiessle
9524badccc
extend the identity proof manager to allow system wide key pairs
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-08-10 14:27:35 +02:00
Roeland Jago Douma
1ea7f14f0a
Fix SessionTest
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-09 16:13:54 +02:00
Roeland Jago Douma
26bf0ca9d4
Fix RepairMimeTypeTest
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-09 16:04:57 +02:00
Roeland Jago Douma
db27bbf90d
Fix CacheTest
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-09 16:01:09 +02:00
Roeland Jago Douma
8b0051eb40
Fix encryption test
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-09 15:51:08 +02:00
Roeland Jago Douma
ed3b391e47
Use symfony/translation for L10N plurals
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-07 19:53:36 +02:00
Roeland Jago Douma
4633717f04
Move pre_shared and post_shared events to EventDispatcher
* Now listeners for those events get proper share objects.
* Legacy hooks still fired
* Updated tests

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-03 15:14:29 +02:00
Joas Schilling
2f8756754f
Fix last failures with oracle
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-02 09:48:16 +02:00
Joas Schilling
293dea0625
Fix querybuilder and functionbuilder tests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-02 09:48:16 +02:00
Joas Schilling
20f8d1094a
Can not insert auto increment on oracle
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-02 09:48:16 +02:00
Joas Schilling
106df7bc33
Fix missing escape on column and table name
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-02 09:48:16 +02:00
Lukas Reschke
f93a82b8b0
Remove explicit type hints for Controller
This is public API and breaks the middlewares of existing apps. Since this also requires maintaining two different code paths for 12 and 13 I'm at the moment voting for reverting this change.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-01 17:32:03 +02:00