Commit graph

50190 commits

Author SHA1 Message Date
Roeland Jago Douma
b6dd2ebd39
Use proper exception in lostController
There is no need to log the expcetion of most of the stuff here.
We should properly log them but an exception is excessive.

This moves it to a proper exception which we can catch and then log.
The other exceptions will still be fully logged.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-27 20:12:16 +02:00
Roeland Jago Douma
37a4282c7a
Split up security middleware
With upcoming work for the feature policy header. Splitting this in
smaller classes that just do 1 thing makes sense.

I rather have a few small classes that are tiny and do 1 thing right
(and we all understand what is going on) than have big ones.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-27 16:11:45 +02:00
Roeland Jago Douma
cd243b0876
No need to have these classes we tighten the default CSP from time to
time

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-27 14:59:48 +02:00
Roeland Jago Douma
1ec98af3e0
Merge pull request #16560 from nextcloud/bugfix/noid/fix_cutype_reporting
fix calendar-user-type reporting
2019-07-27 12:23:25 +02:00
Roeland Jago Douma
9ef23e2362
Merge pull request #16558 from nextcloud/enh/less_verbose_locked_logging
Do not log all locked exceptions
2019-07-27 10:39:11 +02:00
Nextcloud bot
2827b0ba31
[tx-robot] updated from transifex 2019-07-27 02:14:37 +00:00
Daniel Calviño Sánchez
abd5d10253 Add unit tests for "OC.Notification.hide()"
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2019-07-26 18:46:59 +02:00
Daniel Calviño Sánchez
03f2e8a10e Fix default timeouts in OC.Notification
When no timeout was given "show()" used the default timeout of
"OCP.Toast", which is 7 seconds instead of indefinitely as stated in the
documentation of "show()". "showHtml()" should also indefinitely show
the notification if no timeout is given, but due to the strict
comparison the notification was indefinitely shown only when a timeout
of 0 was explicitly given. Now both methods show the notification
indefinitely (or until it is explicitly hidden) when no timeout is
given.

The unit tests did not catch this error because "showHtml()" had no
tests (as before the move to Toastify it was called from "show()" and
thus implicitly tested), and because "show()" verified that "hide()" was
not called after some time; "hide()" is no longer called from "show()"
since "OCP.Toast" is used internally, so the test always passed even if
the notification was indeed hidden. Now the test is based on whether the
element is found or not, and explicit tests were added too for
"showHtml()".

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2019-07-26 18:46:59 +02:00
Daniel Calviño Sánchez
14006b548e Fix mixed test for "show" and "showTemporary"
"showTemporary()" when a timeout was given was being tested along with
the "show()" tests; now there are two separate tests when a timeout is
given, one for "showTemporary()" and one for "show()".

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2019-07-26 18:46:58 +02:00
Daniel Calviño Sánchez
2b1c80ea3f Check number of elements instead of if the jQuery object is defined
Tje jQuery object created through "$('#testArea .toastify')" will be
always defined even if no elements were found, so the check does not
really work; instead, it should be checked the number of elements found.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2019-07-26 18:46:51 +02:00
Roeland Jago Douma
a2a53848b0
Update PreviewController
The constructor is called with the userId. However if a user is not
logged in this is null. Which means that we get an exception instead of
this being handled gracefully in the middleware.

There are cleaner solutions. But this is the solution that is the
easiest to apply without lots of work and risk of breaking things
(handling the logged in middleware before initializing the controller
etc).

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-26 17:37:11 +02:00
Roeland Jago Douma
1cc8a2f5d2
Supress warnings touch can generate
We already catch the result value. Having the warning being logged
explicitly doesn't help and polutes the log.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-26 17:26:59 +02:00
Morris Jobke
4986241873
Merge pull request #16556 from nextcloud/feature/16554_adminAuditShareByMail/wiswedel
log email shares in admin_audit log
2019-07-26 16:14:47 +02:00
Morris Jobke
3ba33cab5b
Merge pull request #16557 from nextcloud/enh/do_not_log_locked_files
Do not log locked files
2019-07-26 15:44:52 +02:00
Morris Jobke
2e803dc3d3
Merge pull request #16555 from nextcloud/fix/16529/mask-keys
use a pattern to identify sensitive config keys
2019-07-26 15:15:56 +02:00
Morris Jobke
71e5300f84
Merge pull request #16551 from nextcloud/fix/12735/displayname-email
supresses disclosing the userid for LDAP users in the welcome mail
2019-07-26 15:14:59 +02:00
Roeland Jago Douma
cdc43cd39b
Merge pull request #16456 from nextcloud/dep/searchByTag
Remove deprecated searchByTag
2019-07-26 15:07:04 +02:00
Georg Ehrke
6a2a5465cf
fix CUType reporting
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2019-07-26 15:04:58 +02:00
Roeland Jago Douma
4cc41cb4c7
Do not log all locked exceptions
This can happen for valid reasons (multiple users writing at the same
time) with for example the text app. Apps should properly handle it. No
reason to log it by default.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-26 14:55:13 +02:00
Sascha Wiswedel
e98b2cb461
log email shares in admin_audit log
Signed-off-by: Sascha Wiswedel <sascha.wiswedel@nextcloud.com>
2019-07-26 14:37:50 +02:00
Roeland Jago Douma
22f9a95814
Do not log locked files
This is the code doing its job. There is no need to spam the log file
with this.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-26 14:29:13 +02:00
Arthur Schiwon
78201bcb72
treat sensitive config keys by pattern
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-07-26 13:31:14 +02:00
Roeland Jago Douma
323f40a493
Merge pull request #16461 from nextcloud/fix/noid/pgsql-version
fixes the check for postgresql
2019-07-26 12:32:04 +02:00
Roeland Jago Douma
0487144b26
Remove deprecated searchByTag
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-26 12:29:19 +02:00
Arthur Schiwon
898430b6b1
supresses disclosing the userid for LDAP users in the welcome mail
The userid is not relevant here, and by default cannot be used to login
with. Typically, there is a common type of login names in organizations
(LDAP username or email most often) that does not need to be disclosed.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-07-26 10:48:34 +02:00
Roeland Jago Douma
b2341cdfd0
Merge pull request #16542 from nextcloud/dependabot/npm_and_yarn/build/fstream-1.0.12
[Security] Bump fstream from 1.0.11 to 1.0.12 in /build
2019-07-26 08:08:34 +02:00
Nextcloud bot
0e54f59b24
[tx-robot] updated from transifex 2019-07-26 02:14:42 +00:00
Morris Jobke
e51c269dbe
Merge pull request #16532 from nextcloud/bugfix/14776/maxcontrast-fix
Fix max contrast retrieval to limit minimum color for relative time
2019-07-25 17:07:22 +02:00
dependabot-preview[bot]
0d278eddf6
[Security] Bump fstream from 1.0.11 to 1.0.12 in /build
Bumps [fstream](https://github.com/npm/fstream) from 1.0.11 to 1.0.12. **This update includes a security fix.**
- [Release notes](https://github.com/npm/fstream/releases)
- [Commits](https://github.com/npm/fstream/compare/v1.0.11...v1.0.12)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2019-07-25 14:01:22 +00:00
Roeland Jago Douma
c504ed66b7
Merge pull request #16503 from nextcloud/bugfix/5504/create_new_birthday_calendars_with_VEVENT_only
allow to provide supported calendar component set internally as a string
2019-07-25 13:36:01 +02:00
Morris Jobke
003e23520d
Trigger fallback code to get max contrast value and use integer there
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-07-25 09:45:09 +02:00
Nextcloud bot
569cf31cd6
[tx-robot] updated from transifex 2019-07-25 02:14:40 +00:00
Morris Jobke
5e02d71588
Fix max contrast retrieval to limit minimum color for relative time
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-07-24 21:48:52 +02:00
Morris Jobke
80b71ddbfa
Merge pull request #16528 from nextcloud/shipped-texteditor
Remove files_texteditor from shipped apps
2019-07-24 15:15:56 +02:00
Julius Härtl
2e8d52f354
Remove files_texteditor from shipped apps
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-07-24 14:16:17 +02:00
Julius Härtl
e43b341b04
Add additional check for read permissions
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-07-24 14:01:24 +02:00
Julius Härtl
3674f6fa2d
Check the if we can actually access the storage cache for recent files
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-07-24 14:01:24 +02:00
blizzz
7e8dfd404e
Merge pull request #15637 from nextcloud/bugfix/15567/ignore-hidden-share
Allow hidden smb shares
2019-07-24 12:43:29 +02:00
blizzz
babe1333ad
Merge pull request #16523 from nextcloud/bugfix/noid/nested-recursion-breaking-max-nested-level-for-parent-comment
Nested recursion breaking max nested level for parent comment calculation
2019-07-24 11:50:40 +02:00
Joas Schilling
7d3a349d8f
PHPStorm code cleanup
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-07-24 10:39:57 +02:00
Joas Schilling
3b334169a8
Get the topmost parent for the parent instead of doing endless recursion
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-07-24 10:39:22 +02:00
Roeland Jago Douma
59d8c92b64
Merge pull request #16493 from nextcloud/enh/remove-curly-braces
The array and string offset access syntax using curly braces is depre…
2019-07-24 09:35:20 +02:00
Nextcloud bot
3a3bcf43ca
[tx-robot] updated from transifex 2019-07-24 02:15:37 +00:00
Roeland Jago Douma
41f97411ac
Merge pull request #16505 from nextcloud/enh/nitpicks-14954
Dont assign $options to $options and cleanup doc
2019-07-23 19:57:10 +02:00
Roeland Jago Douma
4a66e95530
Merge pull request #16514 from nextcloud/dependabot/npm_and_yarn/babel/preset-env-7.5.5
Bump @babel/preset-env from 7.5.4 to 7.5.5
2019-07-23 15:15:33 +02:00
Morris Jobke
d5b524ae07
Merge pull request #16492 from nextcloud/enh/exclude-rnd-files
Exclude .rnd files from integrity check
2019-07-23 14:57:55 +02:00
Roeland Jago Douma
4902e84346
Merge pull request #16497 from nextcloud/dependabot/npm_and_yarn/babel/core-7.5.5
Bump @babel/core from 7.5.4 to 7.5.5
2019-07-23 12:19:17 +02:00
Nextcloud bot
9a61d5fb72
[tx-robot] updated from transifex 2019-07-23 02:15:28 +00:00
Daniel Kesselberg
77c09252d5
Dont assign $options to $options and cleanup doc
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-07-22 18:48:47 +02:00
Georg Ehrke
dce1787b9a
allow to provide supported calendar component set internally as a string
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2019-07-22 16:58:54 +02:00