When "session_lifetime" can not be converted to a number the interval
becomes a NaN due to dividing it by 2. This NaN was "dragged" over all
the other mathematical operations and caused the csrftoken to be got
again and again due to an infinite loop with no pauses in "setInterval".
Now, the interval is set to the default value instead if the
"session_lifetime" can not be converted to a number.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
The check is based on the HTTP status returned by the URL, and different
URLs may return different status (for example, DAV returns 207, while
a service like WebFinger would return 200), so the expected status needs
to be set depending on the URL.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Fixes#11029
For https://github.com/orgs/nextcloud/projects/18
Ship the compiled handlebars templates. This makes it possible to have a
scricter CSP.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This will make easier to check if both directories and files should be
pickable.
This also removes an unused assignment to the mime type.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
When the mime type is an empty array no filter should be applied.
However, the filter was loosely compared to an empty array, but as
arrays are objects then it became an implicit strict equality comparison
which always failed due to being different objects. Now the length of
the array is compared instead, and also moved outside the loop as it is
not needed to check it for each file.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
When "enter" is pressed in the file picker a "click" event is triggered
on the primary action button. However, in some cases, like when the file
picker is in "Choose" mode and the current directory in the file picker
is the root folder, the primary action button is disabled. In those
cases pressing enter should not trigger a click action on the button and
be ignored instead.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Like done for other types of shares, room shares are now explicitly
described as such in the UI.
The avatar used is the image provided in the "shareWithAvatar" property
of the share. If none is given then the avatar is the first letter of
the display name of the room share with a coloured background seeded
from the room token. If the display name of the room is empty then no
letter is shown in the avatar; no special handling is done in that case.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Until now the password to be sent by mail was set by enabling a checkbox
in the share menu and then entering the password in an input field shown
below. Now, when Talk is enabled, another item is added to the share
menu to do the same for a password to be sent by Talk.
Sending the password by mail and sending it by Talk are mutually
exclusive actions, so when one of the checkboxes is enabled the other
one is automatically disabled.
Note that the icon set for the field, "icon-passwordtalk", does not
currently exist; it simply mimics the "icon-passwordmail" (which does
not exist either) used for the field of the password protect by mail to
get the right padding in the menu.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Fix sidebar and scrollbar on content
Sidebar fixes, and sidebar-width + header-height variables
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
Improved the speed of isOpcacheProperlySetup() (instant return instead of continuing when we're already failed), added a check for the opcache extension itself. Potentially fixes#9410
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Added OC.getLanguage() to get Language
<html lang=''> still gets language, though according to IETF BCP47 locale should be good.
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
\\b matches any non-word character, including \@ and \-
In order to not detect urls in the middle of email-addresses,
we need to check for white space characters and beginning of the
message instead.
Signed-off-by: Joas Schilling <coding@schilljs.com>
Now this is in core so the basics (that 99% of the app will want to
use) looks always the same.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* gives the admin a chance to discover the missing indexes and improve the performance of the instance without digging through the manual
* nicely integrated in the setup checks where this kind of hints belong to
* also adds an option to integrate this from an app based on events
* fix style of setting warnings
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
The escaping of special characters was needed when the ids of the
permission checkboxes for shares were based on the "shareWith" field.
Since they are based on the "shareId" field the escaping is no longer
needed, as the "sharedId" is expected to always contain compatible
characters.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
The ids of permission checkboxes for shares were generated using the
"shareWith" field of the share. The "shareWith" field can contain spaces
(as spaces are allowed, for example, in user or circle names), so this
could cause the id attribute of the HTML element to contain spaces too,
which is forbidden by the HTML specification.
It is not just a "formal" issue, though; when the list was rendered, if
the id contained a space the selector to get the checkbox element was
wrong (as it ended being something like
"#canEdit-view1-name with spaces") and thus the initial state of the
checkbox was not properly set.
Besides that, "shareWith" can contain too single quotes, which would
even cause the jQuery selector to abort the search and leave the UI in
an invalid state.
Instead of adding more cases to the regular expression to escape special
characters and apply it too when the ids are created now the ids of
permission checkboxes for shares are based on the "shareId" field
instead of on "shareWith", as "shareId" is expected to always contain
compatible characters.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Before, whenever a pending operation (getting the suggestions,
confirming a share or selecting a recipient) finished the working icon
was hidden and the confirm button was shown again, even if there were
other pending operations (the most common case is typing slowly on the
input field, as several operations to get the suggestions could pile if
the server response is not received fast enough). Now, the working icon
is not hidden until the last pending operation finishes.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
The suggestions depend on the results returned by the server, but also
on the sharees already shared with. Due to that adding a share changes
the suggestions, so now the cached suggestions are discarded when a
share is added.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
When a share is confirmed the suggestions are got to check if there is
an exact match. Usually the suggestions were already got with the same
parameters in order to fill the autocomplete dropdown, so to avoid a
superfluous request now the last suggestions are reused when got again,
although only if the same parameters as the last time are used.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Besides confirming a share by clicking on the confirm button now it is
possible to do it by pressing enter on the input field.
Clicking on the confirm button implicitly hides the autocomplete
dropdown. On the other hand, pressing enter on the input field does not,
so the autocompletion must be disabled and closed when the confirmation
begins and then enabled again once it finishes. Otherwise the
autocomplete dropdown would be visible and it would be possible to
interact with it while the share is being confirmed.
The order in which the input field and the autompletion are disabled is
important. Internally, the autocompletion sets a timeout when the input
field is modified that requests the suggestions to the server and then
shows them in the dropdown. That timeout is not cancelled when the
autocompletion is disabled, but when the input field loses its focus and
the autocompletion is not disabled. Therefore, the input field has to be
disabled (which causes it to lose the focus) before the autocompletion
is disabled. Otherwise it could happen that while a share is being
confirmed the timeout ends, so an autocompletion request is sent and
then, once the share is successfully confirmed and thus the
autocompletion is enabled again, the request is received and the
autocomplete dropdown is shown with the old suggestions. Strange, but
possible nevertheless ;-)
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Clicking on the confirm button now adds a share, but only if there is
just a single exact match. If there are no exact matches or there is
more than one exact match no share is added, and the autocomplete
dropdown is shown again with all the suggestions.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
"_getSuggestions" returned all the suggestions from the server, which
are composed by exact matches and partial matches. Now the exact matches
are also returned on their own parameter. This will be used by the
button to confirm a share.
Note that until now the order of the suggestions was "exact users,
partial users, exact groups, partial groups, exact..."; this commit also
changes that order to become "exact users, exact groups, exact...,
partial users, partial groups, partial...". This is not a problem, as
the suggestions were used in the autocomplete dropdown, and this new
order is arguably better than the old one, as all exact matches appear
now at the beginning.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Instead of silently failing now an error is shown to the user when the
ajax call to get the suggestions succeeds yet it returns failure content
(for example, if an "OCSBadRequestException" was thrown in the server).
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
"OC.Notification.hide" expects the notification to be hidden to be
passed as an argument. As it was being used to show a temporary
notification the combination of "OC.Notification.show" and
"OC.Notification.hide" was replaced by a single call to
"OC.Notification.showTemporary".
The timeout could have been specified in the options of the call, but it
was left to the default value (7 seconds) for consistency with other
notifications.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Stubs should be restored outside the test method in which they are used
to ensure that they are properly restored no matter the result of the
test (for example, if an exception is thrown).
Besides that, this will make possible to reuse the stub in other sibling
tests without having to explicitly setup it in them.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
As the server response is faked the search term is ignored in the tests.
However, it is clearer to use a search term that would make the server
return what the faked response contains.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
The confirmation button right now is just an icon; its behaviour will be
added in the following commits.
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
Before, the avatar for a circle share was generated using the
"share_with" field as the seed for "imageplaceholder". Due to this, when
the "share_with" field is set to the circle ID the character shown in
the avatar was just a random character instead of the first character of
the display name. Now the "share_with" is still used as the seed for the
colour, but the display name is used as the text of the avatar.
This adds support for "share_with" fields set to the circle ID while
being backwards compatible with "share_with" fields set to the circle
name.
Note that when "share_with" fields is set to the circle name the colour
of the avatar is different in the list of suggested sharees and in the
list of current sharees, but that also happened before these changes
(due to a different seed being used in each place).
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Also, the checkbox is updated to the correct state while a
permission change is in progress.
should fix issue #8371
Signed-off-by: Maximilian Wende <dasisdormax@secure.mailbox.org>
Fixes#7106
- Echoing the current server time via a JS variable and storing the current time on page load in JS.
- Calculating the diff and taking it into account when deciding whether to show the password confirmation.
Signed-off-by: Abijeet <abijeetpatro@gmail.com>
The avatar plugin should not change the display element, since the
avatar is always shown by default and the display value is up to the
developers
Signed-off-by: Julius Härtl <jus@bitgrid.net>
When finishing the setup of Nextcloud through the WebUI (setting admin
user and database) Firefox offers to save the username and password.
However, the password was shown in both the username and password fields
of the Firefox password manager dialog.
The problem was that the password input element (in the HTML form) is
cloned in a text input element, which is used to show the password in
plain text when clicking on the "Show password" button. As it was a text
input immediately followed by a password input Firefox seemed to assume
that it had to be the username and ignored the real username field, no
matter the value set for the "autocomplete" attribute. Now the cloned
text input is added after the password input, so Firefox no longer
thinks that the cloned text input is the username field and the password
manager dialog shows the proper username instead.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
With the new avatar endpoint there is no difference between unknown
users and errors when generating the placeholder avatar. Therefore the
avatar function will now show the old placeholder if both a user and
displayname was given as parameters.
In case there is no displayname provided we cannot build the proper
placeholder so the unknown user placeholder is shown.
The displayname is not required for the avatar anymore, so we can
get rid of the old code path for placeholders.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
The js and php code differ ever so slightly. So having the placeholder
for a second and then the image is just weird.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Fixes#7574
During some refactoring the event linked to password reset got removed.
This ment that we just submitted a normal POST but without the CSRF
token. And none of the js magic to redirect afterwards.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
When a Snap was disabled it stopped listening to the events, but if a
drag gesture was being performed it was kept as active. Thus, when the
Snap was enabled again move events were handled as if the Snap had never
been disabled, causing the gesture handling to continue where it was
left.
When the Snap for the navigation bar is disabled by an app it could be
as a result of a different gesture being recognized by the app (for
example, a vertical swipe) once both gestures have started. In that case
when the other gesture ends and the Snap is enabled again any pointer
movement will cause the navigation bar to slide until an "up" event is
triggered again (obviously not the desired behaviour).
Due to all this now when the Snap for the navigation bar is disabled by
an app the current drag gesture for the navigation bar is ended.
Note that this was added as a parameter to "Snap.disable()" instead of
done unconditionally to keep back-compatibility with the previous
behaviour (probably not really needed as it is unlikely that any app is
using the Snap library relying on that behaviour... but just in case).
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
On narrow screens a slide gesture can be used to open or close the
navigation bar. However that gesture could conflict at times with the
gestures used by certain apps (for example, if the right sidebar is open
the user may expect to close it by dragging it to the right, but that
could open the navigation bar instead depending on how the events are
handled). This commit makes possible for apps to disallow and allow
again that slide gesture.
In any case, note that applications can only disallow the gesture,
but they can not enable it. That is, they can prevent the gesture from
being used on narrow screens, but they can not make the gesture work on
wide screens; they are always limited by the base rules set by the core.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
The slide gesture is enabled or disabled depending on the width of the
browser window. In order to easily control that width the karma-viewport
plugin is now used in the unit tests.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
fileInfo is composed of data from sharing, however additional data is
pulled when sidebar opens, e.g. the size. Then, existing data is
overwritten by data from the other source (files). The data points that
would be lost are not dirty however and still used, so we keep them.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
the contacts popovermenu is also present and is being replaces, ending
up in two permission popupmenus with checkboxes duplicating the id,
breaking further permission changes.
plus, fixing a selector
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
In case of error, instead of a generic error message, an upload will
display whichever message is returned in the Sabre Exception, if
applicable.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Fixed transition bug of grouptop
Fix password submit and error handling
Fixed multiple form send
Fix submit loading state
fix login form sending state
Replace loader type
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
This commit adds chunked uploads in the Web UI (for authenticated users,
but not for public uploads). To do that the server endpoint used by the
uploader is changed from WebDAV v1 to WebDAV v2. The chunking itself is
done automatically by the jQuery-File-Upload plugin when the
"maxChunkSize" parameter is set; in "fileuploadchunksend" the request is
adjusted to adapt the behaviour of the plugin to the one expected by
"uploads/" in WebDAV v2.
The chunk size to be used by the Web UI can be set in the
"max_chunk_size" parameter of the Files app configuration. By default it
is set to 10MiB.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Now that the permissions returned by the server specify whether a file
is readable or not the frontend no longer needs to assume that every
file is readable.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Now that these tests are executed they are revealed to be partially
obsolete; they were fixed to match the current parsing behaviour.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
The first parameter of "apply" must be the object to act as "this", and
the Promise callback gets the parameters provided in the "resolve".
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Now a file gets its directory permissions only if it contained no
permissions (they were undefined or null), but not if its permissions
were set to "NONE".
Besides that, now file actions that do not require any permission on the
file to be performed can be used on files that have no permissions.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
IE11 triggers an 'input' event whenever an input is focussed
or loses focus. Thus this causes an endless loading loop as soon
as the view is re-rendered. To prevent this, this remembers the
previous search term and ignores events where the term has not
changed.
Fixes https://github.com/nextcloud/server/issues/5281
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
The seed of the image placeholder is needed to generate the background
color of the image, but as the background color is later overriden any
seed could be used. When no text is explicitly given the seed is used as
text too, so there is no need to pass the user ID and simply using "?"
as seed is enough.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
When calling the jQuery avatar plugin with a user that did not exist
(that is, users for which "/avatar/{user}/{size}" return a JSON response
with an empty "displayname" value) "?" on a grey background was shown.
However, if the jQuery avatar plugin was called with an undefined
JavaScript value then "?" was shown on a bluish background. This commit
unifies both cases to use the grey background.
The unit tests were also modified to ensure that the grey background is
used in both cases.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
If the share input field is unfocused, the autocomplete list is closed. Once
the field was focused again it was not properly opened again. This adds a
trigger to redo the search and show the results again.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
The pure CSS loading icon uses an ::after pseudo-element, and thus it
can only be used on container elements; the input element is not a
container element, so when the class "icon-loading-small" is set on an
input element it falls back to a loading icon GIF.
This commit modifies the markup of the login button to add a div element
that holds the confirm icon and the loading icon (depending on the
case). In order to position the icon in the same place as before the
input and the icon are both wrapped by another div making possible to
set the absolute position of the icon relative to the input.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
"select2-toggleselect.js" provides an extension to Select2 that makes
possible to unselect items in a multi-select dropdown by clicking on
them. It seems that its load slipped through when moving things around
in commit 6a470e59356b8c52115fe2790666027f38977604; this commit adds it
to the JavaScript files to be loaded in the same position that it should
have had in that commit (based on how the other declarations were
moved).
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
The sort comparator checks the "isFavorite" property of the FileInfo
objects to compare. That property is set when the file list is loaded
and the response from the server is parsed, and thus a freshly loaded
file list has the proper sorting for favorite files. However, the
property is not set in other cases, like when the FileInfo objects are
derived from FileInfoModels due to a file being marked as a favorite or
a text editor being closed, which causes the file to be sorted in the
wrong position.
There is no need to add the property in those situations, though; in all
cases the TagsPlugin adds a "tags" array property that contains an
OC.TAG_FAVORITE tag, so that tag can be checked instead of "isFavorite".
Moreover, although "isFavorite" was added by the main "_parseFileInfo"
function it did not really belong there but to the "FileInfoParser" from
the TagsPlugin; however, as that property now is not used anywhere it
was removed altogether.
A cleaner solution would have been to make the sort comparator
extensible by plugins like other behaviours of the file list and then
add the sorting logic related to favorite files to the TagsPlugin.
However, right now only the TagsPlugin would need to alter the main
sorting logic, and it seems like a corner case anyway. Even if it is
implemented as a plugin, favorite files is a core feature, so for the
time being it will be taken into account directly in the main sorting
logic; making the sort comparator extensible by plugins is defered until
there are other use cases for that.
Fixes#5410
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Fixed typo and removed doclink symbol.
Reported at transifex
Update util.php
Another l10n improvement from transifex.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* share a file/fodler by public link and click the
copy to clipboard icon and watch the tooltip
* before: it said "Copy"
* after: it now says "Copied" after clicking the button
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* they do calls against core/ajax/share.php which doesn't exist anymore
* also the methods are not called in any of our apps or any of the apps in the appstore
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
We do not want to have sensitive information in the URL and
therefore also not in the access log. Thus the GET request is
replaced by a POST request.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
When we test wheter action menus in the contacts menu close
when clicking other ones, we have to provide test data
that actually causes the view to render the menu.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
This implements the basics for the new app-password based authentication flow for our clients.
The current implementation tries to keep it as simple as possible and works the following way:
1. Unauthenticated client opens `/index.php/login/flow`
2. User will be asked whether they want to grant access to the client
3. If accepted the user has the chance to do so using existing App Token or automatically generate an app password.
If the user chooses to use an existing app token then that one will simply be redirected to the `nc://` protocol handler.
While we can improve on that in the future, I think keeping this smaller at the moment has its advantages. Also, in the
near future we have to think about an automatic migration endpoint so there's that anyways :-)
If the user chooses to use the regular login the following happens:
1. A session state token is written to the session
2. User is redirected to the login page
3. If successfully authenticated they will be redirected to a page redirecting to the POST controller
4. The POST controller will check if the CSRF token as well as the state token is correct, if yes the user will be redirected to the `nc://` protocol handler.
This approach is quite simple but also allows to be extended in the future. One could for example allow external websites to consume this authentication endpoint as well.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Before, the icon appeared below the text input for the password. Now, it
appears inside the text input, to the right end.
The CSS was adjusted based on other icons shown in that position for
other text inputs in the Share tab view, like the information icon or
the clipboard icon.
Fixes#4135
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
When a request to set the password of a shared link is sent a working
icon is shown. However, as there was no "success" callback, the icon was
never hidden again after successfully setting the password (it worked
fine if there was an error, though).
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Calls to `sinon.stub(obj, 'meth', fn)` are deprecated and therefore
replaced by `sinon.stub(obj, 'meth).callsFake(fn)` as instructed by
the deprecation warning.
This makes the js unit testing output readable again.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Fixes#1330
userA shares a file to userB
userB shares that file to userC
userA can see both userB and userC.
Now they can also see that userB shared it to user C
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>