wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
35582 commits 157 branches 562 tags 714 MiB
Commit graph

6443 commits

Author SHA1 Message Date
Joas Schilling
2c4035e806
Inject config and logger 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2016-11-02 20:30:37 +01:00
Joas Schilling
cd13f50a3f
Log the queries of the QueryBuilder as well 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2016-11-02 20:30:36 +01:00
Joas Schilling
2cd92d0abb
Fix missing update of session, when it was already used. 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2016-11-02 20:30:36 +01:00
Lukas Reschke
f7d681d038 Merge pull request #1958 from harry-7/1428issue 
Added Exception catch and ignore for DBuser exists
 2016-11-02 20:22:48 +01:00
Morris Jobke
e6b52ef4cd Merge pull request #1347 from nextcloud/bring-back-remember-me 
fix remember me login
 2016-11-02 18:32:38 +01:00
Bjoern Schiessle
f556c58c22
remove 'send mail notification' option from sharing, replaced by send-by-mail feature 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2016-11-02 18:30:38 +01:00
Michael Grosser
e81d04cd8d Merge pull request #1940 from nextcloud/new-appstore 
Use new appstore API
 2016-11-02 17:00:24 +00:00
Christoph Wurst
4da6b20e76 document what the method does 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2016-11-02 17:42:46 +01:00
Lukas Reschke
9d6e01ef40
Add missing tests and fix PHPDoc 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-11-02 13:39:17 +01:00
Lukas Reschke
271f2a4cff
Fix typ in constant name 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-11-02 13:39:17 +01:00
Lukas Reschke
b269ed5a7b
Fix invalid PHPDocs 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-11-02 13:39:17 +01:00
Christoph Wurst
6f86e468d4
inject ISecureRandom into user session and use injected config too 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2016-11-02 13:39:16 +01:00
Christoph Wurst
d907666232
bring back remember-me 
* try to reuse the old session token for remember me login
* decrypt/encrypt token password and set the session id accordingly
* create remember-me cookies only if checkbox is checked and 2fa solved
* adjust db token cleanup to store remembered tokens longer
* adjust unit tests

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2016-11-02 13:39:16 +01:00
Roeland Jago Douma
370123b8b0 Merge pull request #1966 from nextcloud/fix-csrf-token-generation 
Fix CSRF token generation / validation
 2016-11-02 12:09:30 +01:00
Leon Klingele
e5d78a3523
Fix CSRF token generation / validation 
Operate on raw bytes instead of base64-encoded strings.
Issue was introduced in a977465

Signed-off-by: Leon Klingele <git@leonklingele.de>
 2016-11-02 10:38:05 +01:00
Joas Schilling
9b66e8f7d9
Throw an exception when a shipped app was not replaced before the update 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2016-11-02 10:00:14 +01:00
Bjoern Schiessle
1e930df91f
find and show share-by mail links 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2016-11-01 19:54:41 +01:00
Bjoern Schiessle
31c8c38bd6
send mail for share-by-mail shares 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2016-11-01 19:54:40 +01:00
Bjoern Schiessle
318160647a
add method to check if a share provider for a given type is loaded 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2016-11-01 19:54:39 +01:00
Bjoern Schiessle
a17c6a485d
add share by mail share provider 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2016-11-01 19:51:11 +01:00
Bjoern Schiessle
0a6f02801f
introduce share by mail, ui part 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2016-11-01 19:51:11 +01:00
Roeland Jago Douma
fc4d0a86ef
Fix merging backend results 
* Merge share types correctly
* Filter share types
* Order share types

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-11-01 12:16:05 +01:00
Roeland Jago Douma
5a00870a2b
Stricter signature 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-10-31 20:19:14 +01:00
Lukas Reschke
0eeef26a8e
Add tests for installer method 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-31 19:39:35 +01:00
Lukas Reschke
1a676bacb4
Remove non-required getter 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-31 18:45:13 +01:00
Lukas Reschke
086d43f26d
Move to non-static version 
The static version is used nowhere in the code and just decreases coverage

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-31 18:42:19 +01:00
Lukas Reschke
d805df7bb3
Use findAppInDirectories 
The other function doesn't work if the appstore is disabled

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-31 17:30:02 +01:00
Lukas Reschke
8acb54aa0b
Add update support 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-31 17:17:47 +01:00
Lukas Reschke
df7fd2b57c
Query the timefactory instead of creating it 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-31 17:17:46 +01:00
Lukas Reschke
3e6dd86ee4
Add support for CRL 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-31 17:17:46 +01:00
Lukas Reschke
0e2aee2be6
Replace with exception instead of boolean return value 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-31 17:17:46 +01:00
Lukas Reschke
01c566883e
%d instead %s 
These are only numbers. THX @nickvergessen

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-31 17:17:46 +01:00
Lukas Reschke
89fc4358ba
Use substr and explode instead of a regex 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-31 17:17:45 +01:00
Lukas Reschke
067fb18670
Read array elements instead of substr 
Otherwise this would break with 11.0.0

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-31 17:17:45 +01:00
Lukas Reschke
ca7f6dec55
Make non-static 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-31 17:17:45 +01:00
Lukas Reschke
32cf661215
Use new appstore API 
This change introduces the new appstore API in Nextcloud.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-31 17:17:44 +01:00
Robin Appelman
3692769b0a
Add getShareTypesInFolder to optimize folder listening 
Signed-off-by: Robin Appelman <icewind@owncloud.com>
 2016-10-31 15:55:40 +01:00
Hemanth Kumar Veeranki
2b7d63f565 Added Exception catch in case of DB User exists 
Signed-off-by: Hemanth Kumar Veeranki <hemanthveeranki@gmail.com>
 2016-10-31 16:32:22 +05:30
Roeland Jago Douma
e416ee7b74 Merge pull request #1937 from nextcloud/ros-for-notification-message 
Allow rich object strings in messages as well
 2016-10-31 11:51:02 +01:00
Joas Schilling
54c0501ffa
Type hints already make sure it is an array 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2016-10-31 10:37:40 +01:00
Joas Schilling
2c0b5dee19
Allow rich object strings in messages as well 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2016-10-31 10:37:37 +01:00
Roeland Jago Douma
e55e6f1f14
Cleanup usages 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-10-29 14:29:50 +02:00
Roeland Jago Douma
94d09141f8
Remove legacy l10n 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-10-28 22:16:33 +02:00
Roeland Jago Douma
83e7cfd13a
Fix more tests 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-10-28 22:16:28 +02:00
Roeland Jago Douma
740659a04c
Move away from OC_L10N 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-10-28 21:46:28 +02:00
Roeland Jago Douma
f722640a32
Proper DI of config 
* Fixed comments

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-10-28 10:13:35 +02:00
Morris Jobke
e7ec4601a3
Use callForSeenUsers for avatar migration 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2016-10-28 08:44:05 +02:00
Jörn Friedrich Dreyer
f8352fcb8d
introduce callForSeenUsers and countSeenUsers (#26361) 
* introduce callForSeenUsers and countSeenUsers

* add tests

* oracle should support not null on clob

* since 9.2.0
 2016-10-28 08:44:05 +02:00
Morris Jobke
d4969abc9d Merge pull request #1800 from nextcloud/nextcloud-rich-object-strings 
Nextcloud rich object strings
 2016-10-27 15:30:58 +02:00
Lukas Reschke
0a2e2f70f6 Merge pull request #1929 from nextcloud/share_email_to_OCS 
Remove notify recipient function
 2016-10-27 09:03:29 +02:00
Roeland Jago Douma
b05fe45d52
Fix avatar on exif rotated images 
Fixes #1928

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-10-26 21:37:11 +02:00
Roeland Jago Douma
b7046d390f
Remove internal share mail function 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-10-26 20:52:41 +02:00
Roeland Jago Douma
b98dfaccd9 Merge pull request #1920 from nextcloud/legacy-pages-should-also-receive-the-nonce 
Add nonce also to legacy CSP
 2016-10-26 16:41:34 +02:00
Morris Jobke
cde7f535bd Merge pull request #1738 from nextcloud/comments-provide-displaynames-with-mentions 
comment mentions: show displayname not uid
 2016-10-26 14:02:49 +02:00
Joas Schilling
c20ab0049f
Identify Chromium as Chrome 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2016-10-26 12:07:10 +02:00
Lukas Reschke
fdcb8edd78
Add nonce also to legacy CSP 
Pages that do not use the AppFramework have its CSP inherited from `\OC_Response::addSecurityHeaders`. While those are not many anymore, there are some examples such as the "Help" page.

To stay completely backwards-compatible we should also add the nonce to the legacy CSP response.

To test that open your browser console and open the help page. Without this you will get a JS error. With this you won't.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-26 09:41:18 +02:00
Lukas Reschke
015affb082
Missing returns + autoloader file 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-25 22:13:09 +02:00
Roeland Jago Douma
6dbe417c51
Inlince oc.js if possible! 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-10-25 22:03:18 +02:00
Roeland Jago Douma
e351ba56f1
Move browserSupportsCspV3 to CSPNonceManager 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-10-25 22:03:10 +02:00
Roeland Jago Douma
d5589a15d5
Move oc.js to a proper class 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-10-25 22:03:02 +02:00
Lukas Reschke
08268bca39 Merge pull request #1891 from nextcloud/downstream-26430 
add upgrade command before repair, handle NeedsUpgradeException better
 2016-10-25 18:42:44 +02:00
Morris Jobke
89574367bc Merge pull request #1871 from nextcloud/use-csp-nonces 
Use CSP nonces
 2016-10-25 14:46:00 +02:00
Morris Jobke
27ba46c40e Merge pull request #1890 from nextcloud/downstream-25428 
fixing php 32 bit (arm) filemtime on large file issue (#18971) (#25428)
 2016-10-25 14:44:27 +02:00
Lukas Reschke
62bb991050
Add check for linux os 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-25 12:01:03 +02:00
Lukas Reschke
459477e2c3
Move function to LargeFileHelper 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-25 12:00:57 +02:00
Boris Rybalkin
cfc0d9249b
fixing php 32 bit (arm) filemtime on large file issue (#18971) (#25428) 
* fixing php 32 bit (arm) filemtime on large file issue (#18971)

* cast to int
 2016-10-25 11:43:17 +02:00
Lukas Reschke
df3444493b
Remove not existent function call 
- Removes a not existent function call
- Removes a fallback for Windows

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-25 11:37:16 +02:00
Lukas Reschke
740ff9108b Merge pull request #1884 from nextcloud/downstream-26292 
Fix logClientIn for non-existing users (#26292)
 2016-10-25 11:24:13 +02:00
Joas Schilling
890f752a6b Merge pull request #1452 from nextcloud/appconfig-endpoint 
Appconfig endpoint
 2016-10-25 10:57:48 +02:00
Lukas Reschke
79706e0ddc Merge pull request #1283 from nextcloud/us_files-ui-webdav-upload 
Use Webdav PUT for uploads
 2016-10-25 10:31:03 +02:00
Vincent Petry
6d1e858aa4
Fix logClientIn for non-existing users (#26292) 
The check for two factor enforcement would return true for non-existing
users. This fix makes it return false in order to be able to perform
the regular login which will then fail and return false.

This prevents throwing PasswordLoginForbidden for non-existing users.
 2016-10-25 09:34:27 +02:00
Roeland Jago Douma
e73a11d106
Fix permision mask 
If we move a file from the temp part file to the original file we don't
need update permissions.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-10-24 21:45:00 +02:00
Morris Jobke
8a231a4223 Merge pull request #1829 from nextcloud/downstream-26256 
Fix login page handling for disabled users
 2016-10-24 21:35:53 +02:00
Morris Jobke
567e28b01a Merge pull request #1885 from nextcloud/downstream-26295 
App dependencies are now analysed on app enable as well - not only on…
 2016-10-24 21:26:50 +02:00
Jörn Friedrich Dreyer
817729dc3f
add upgrade command before repair, handle NeedsUpgradeExcaption better 2016-10-24 17:52:49 +02:00
Lukas Reschke
38b3ac8213
Add ContentSecurityPolicyNonceManager 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-24 16:35:31 +02:00
RealRancor
14b1d946a8
Remove checks whether OC is running on Windows pt. 2 2016-10-24 16:12:17 +02:00
Thomas Müller
03ec052b4e
App dependencies are now analysed on app enable as well - not only on app install. 2016-10-24 15:59:46 +02:00
Lukas Reschke
9e6634814e
Add support for CSP nonces 
CSP nonces are a feature available with CSP v2. Basically instead of saying "JS resources from the same domain are ok to be served" we now say "Ressources from everywhere are allowed as long as they add a `nonce` attribute to the script tag with the right nonce.

At the moment the nonce is basically just a `<?php p(base64_encode($_['requesttoken'])) ?>`, we have to decode the requesttoken since `:` is not an allowed value in the nonce. So if somebody does on their own include JS files (instead of using the `addScript` public API, they now must also include that attribute.)

IE does currently not implement CSP v2, thus there is a whitelist included that delivers the new CSP v2 policy to newer browsers. Check http://caniuse.com/#feat=contentsecuritypolicy2 for the current browser support list. An alternative approach would be to just add `'unsafe-inline'` as well as `'unsafe-inline'` is ignored by CSPv2 when a nonce is set. But this would make this security feature unusable at all in IE. Not worth it at the moment IMO.

Implementing this offers the following advantages:

1. **Security:** As we host resources from the same domain by design we don't have to worry about 'self' anymore being in the whitelist
2. **Performance:** We can move oc.js again to inline JS. This makes the loading way quicker as we don't have to load on every load of a new web page a blocking dynamically non-cached JavaScript file.

If you want to toy with CSP see also https://csp-evaluator.withgoogle.com/

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-10-24 12:27:50 +02:00
Morris Jobke
169faf8c32
Remove sensible information from exception message 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2016-10-24 11:42:04 +02:00
Olivier Mehani
19ad058d06
Add message to NotSquareException thrown from Avatar 
This prevents cryptic messages such as the following, from `user_ldap`:

     Could not set avatar for uid=user,ou=People,dc=example,dc=net, because:

Signed-off-by: Olivier Mehani <shtrom@ssji.net>

Add message to NotPermittedException thrown from Files\Nodes\Folder

Ditto.

Don't use translation macros here as this seems to be pretty low-level
errors that generally get caught and prettified, and I don't want to
unduly clog down the lower layers.

Signed-off-by: Olivier Mehani <shtrom@ssji.net>

fixup! Add message to NotPermittedException thrown from Files\Nodes\Folder
 2016-10-24 11:27:27 +02:00
Roeland Jago Douma
ab91fa2660 Merge pull request #1820 from nextcloud/4byte-filenames 
Allow 4byte unicode filenames on supported platforms
 2016-10-24 10:38:25 +02:00
Roeland Jago Douma
7998689bc9
Added method to DB and fix test 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-10-24 09:45:04 +02:00
Lukas Reschke
1be6213ba4 Merge pull request #1832 from nextcloud/select2-into-core 
Select2 into core
 2016-10-22 14:35:07 +02:00
John Molakvoæ
3e5e07aa64
Template css order 
Select2 systemtags removal
Settings again
Fix Script

Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2016-10-21 16:56:31 +02:00
Joas Schilling
0b1fb180a5
Make AppConfig part of the public API 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2016-10-21 09:09:23 +02:00
Morris Jobke
2799b0a821 Merge pull request #1835 from nextcloud/downstream-24948 
Move OC\Files\Storage\Shared to the right namespace
 2016-10-20 23:48:15 +02:00
Vincent Petry
9e9fef46d9
Get rid of very old oc:// stream wrapper (#26381) 2016-10-20 20:46:30 +02:00
Morris Jobke
d9aeee2aa1 Merge pull request #1826 from nextcloud/downstream-26391 
Fix post_unshareFromSelf hook parameter format
 2016-10-20 20:44:05 +02:00
Vincent Petry
fca8bd44ab
Fix shared storage namespace in DecryptAll class 2016-10-20 20:36:50 +02:00
Joas Schilling
246bb9f33d
Move OC\Files\Storage\Shared to the right namespace 2016-10-20 20:27:44 +02:00
Sergio Bertolín
0417cbafd0
Changed request to not add a prefix to the url (#26256) 
* Changed request to not add a prefix to the url

* Expecting forbidden instead of service unavailable

* Handling login exceptions
 2016-10-20 17:21:08 +02:00
Vincent Petry
d4976e5554
Fix post_unshareFromSelf hook parameter format 
When unsharing from self in a group share situation, the share items
passed to the post_unshareFromSelf hook were using the wrong format in
which the attribute names (ex: "share_type") have non camel-case format.

This fix makes sure that in group sharing case we use the correct
format. It looks like the code was already producing it but in
array_merge it was not using it and adding the unprocessed one.
 2016-10-20 16:09:08 +02:00
Thomas Müller
ef842ef20a
Ensure $commands being an array - fixes #26073 2016-10-20 15:40:27 +02:00
Robin Appelman
3a8e75a814
Allow 4byte unicode filenames on supported platforms 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2016-10-20 14:26:09 +02:00
Joas Schilling
b35d2fd8f2
Allow rich object subjects for Notifications 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2016-10-20 12:14:59 +02:00
Joas Schilling
2098648850
Add Rich Object Definitions and a validator 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2016-10-20 12:14:51 +02:00
Morris Jobke
f7ca3ec201
Remove unneeded compatibility polyfills 
- `Object.create` supported with IE9+: https://developer.mozilla.org/de/docs/Web/JavaScript/Reference/Global_Objects/Object/create#Browser_compatibility
- `Object.keys` supported with IE9+: https://developer.mozilla.org/de/docs/Web/JavaScript/Reference/Global_Objects/Object/keys#Browser_compatibility
- `Array.prototype.filter` supported in IE9+: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/filter#Browser_compatibility
- `Array.prototype.indexOf` supported in IE9+: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/indexOf#Browser_compatibility
- `Array.prototype.map` supported in IE9+: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/map#Browser_compatibility
- `Function.prototype.bind` supported in IE9+: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function/bind#Browser_compatibility
- `String.prototype.trim` supported with IE9+: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/Trim#Browser_compatibility
- `outerHTML` supported with Firefox 11+: https://developer.mozilla.org/en-US/docs/Web/API/Element/outerHTML#Browser_compatibility
- `window.devicePixelRatio` supported in IE11+: http://caniuse.com/#feat=devicepixelratio

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2016-10-20 10:17:18 +02:00
Morris Jobke
a8cf110ec6
Remove unneeded placeholder polyfill 
* placeholders are supported in IE11+
* http://caniuse.com/#feat=input-placeholder

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2016-10-20 00:00:25 +02:00
Arthur Schiwon
5d98ab83e9
resolve displayname via manager and registerable resolvers 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2016-10-19 00:34:00 +02:00