Commit graph

30382 commits

Author SHA1 Message Date
Vincent Petry
f79fafcf06 Revert back to non-webdav download link for public URLs
Fixes issues with browsers not happy with the token.
Fixes activities which were not sent.
2016-02-10 19:09:52 +01:00
Thomas Müller
6b836325cf Merge pull request #22276 from owncloud/harden-updater-auth
Harden updater authentication
2016-02-10 17:31:38 +01:00
Thomas Müller
6ffb83ae19 Merge pull request #22269 from owncloud/issue-22243-avoid-deadlock-with-lots-of-entries-to-cleanup
Chunk the cleanup queries to make sure they don't time out
2016-02-10 17:26:11 +01:00
Thomas Müller
39e6a1897b Merge pull request #22271 from owncloud/remember-login-state
Remember previous state of remember login checkbox
2016-02-10 17:25:34 +01:00
Thomas Müller
10613f7265 Merge pull request #22273 from owncloud/versions-fixpathasrecipient
Fix versions path as share recipient when different than owner path
2016-02-10 17:25:14 +01:00
Lukas Reschke
5680743c2b Harden updater authentication
- Reset tokens after 2 hours as discussed at https://github.com/owncloud/updater/issues/220#issuecomment-182033453
- Used BCrypt for storing the password in the config.php. This makes it substantially harder in case of a leakage of the token to bruteforce it. In the future we can evaluate also an HMAC including the IP. That's a bit tricker though at the moment considering that we support reverse proxies. Didn't feel brave enough to touch that dragon now as well ;)
2016-02-10 16:31:11 +01:00
Vincent Chan
06b2f11e57 refactoring code 2016-02-10 15:28:14 +01:00
Thomas Müller
5c89cf9565 Merge pull request #22267 from owncloud/fix_encryption2
calculate and update the version of the encryption signature correctly
2016-02-10 15:14:52 +01:00
Thomas Müller
159a0eb597 Merge pull request #20073 from owncloud/files-should-add-download-disposition
Serve files with an attachment disposition for new DAV endpoint
2016-02-10 14:35:50 +01:00
Thomas Müller
c4d2f6bb25 Merge pull request #22270 from owncloud/use-cache-directly
Use cache directly instead of QueryBuilder
2016-02-10 14:23:04 +01:00
Thomas Müller
9e07fe289d Merge pull request #22274 from owncloud/fix_21710
Updated davclient.js to support MKCOL in edge
2016-02-10 14:22:36 +01:00
Thomas Müller
c1d21cf873 Merge pull request #22263 from owncloud/fix-group-principals
Fix group principal
2016-02-10 14:22:18 +01:00
Roeland Jago Douma
c201982598 Updated davclient.js
Fix for MKCOL in edge
2016-02-10 13:52:54 +01:00
Vincent Petry
63b99b614c Merge pull request #22266 from owncloud/fix_21726
Only show link spinner if the share exists
2016-02-10 13:46:15 +01:00
Vincent Petry
1b9e291913 Use full path of known file when handling versions
Instead of relying on the versions API response, use the known file path
when populating version models.
2016-02-10 13:39:25 +01:00
Vincent Petry
a6f997ddae Remove path from versions response
The path attribute contains the path relative to the owner's home
folder, not the one from the recipient, which is useless for the client
and needlessly discloses the owner's original path.

The requested already has access to the full path of the file, so no
need to add it to the response.
2016-02-10 13:38:38 +01:00
Bjoern Schiessle
9dc759b4dc remember signature version and only set it on update to make sure that other
apps like files_versions still get the old signature version
2016-02-10 13:27:32 +01:00
Joas Schilling
0ebb205010 Chunk the queries to make sure they don't time out 2016-02-10 13:04:37 +01:00
Vincent Chan
e7859f705c Remember previous state of remember login checkbox
fixes #22205
2016-02-10 12:37:38 +01:00
Lukas Reschke
762636efcd Use cache directly instead of QB
In case somebody does not use oc_filecache
2016-02-10 12:30:39 +01:00
Roeland Jago Douma
630bee749b Only show link spinner if the share exists
If there is no share to delete do not set the spinner.
Fixes #21726
2016-02-10 11:08:15 +01:00
Bjoern Schiessle
43ed86313c use the version of the original file if we write the part file to have a proper version if we move the file over to the original location 2016-02-10 11:08:03 +01:00
Thomas Müller
2e94d34dfd Fix group principal 2016-02-10 10:43:32 +01:00
Thomas Müller
9a2c517ca8 Merge pull request #22253 from owncloud/notifications-for-remote-shares
Notifications for remote shares
2016-02-10 10:06:14 +01:00
Thomas Müller
a8d9eb5320 Merge pull request #22256 from owncloud/hide-updater-secret
Hide updater.secret from occ output by default
2016-02-10 08:58:46 +01:00
Joas Schilling
fa893762a2 Fix oracle by using less quotes 2016-02-10 08:40:45 +01:00
Joas Schilling
75d552b29e Listen to the notification event to reload the file list 2016-02-10 08:40:45 +01:00
Joas Schilling
65e1e4a202 Mark the accept button as primary 2016-02-10 08:40:45 +01:00
Joas Schilling
c769f5775d Create the actions with the correct ID 2016-02-10 08:40:45 +01:00
Joas Schilling
31cf3b8288 Make sure the share ID is an integer 2016-02-10 08:40:45 +01:00
Joas Schilling
cb8024ca14 Fix action paths 2016-02-10 08:40:45 +01:00
Joas Schilling
49dd693d8f Bring the messages inline 2016-02-10 08:40:45 +01:00
Joas Schilling
a4a7cf40a1 Fix the notification API usage 2016-02-10 08:40:45 +01:00
Joas Schilling
3ff88c8c84 Revert "Disable the remote sharing notifications until they work properly"
This reverts commit 6bc93c7401.

Conflicts:
	apps/files_sharing/lib/external/manager.php
2016-02-10 08:40:44 +01:00
Jenkins for ownCloud
9ebcc4ce31 [tx-robot] updated from transifex 2016-02-10 01:56:05 -05:00
Lukas Reschke
53d57bffed Merge pull request #21557 from owncloud/use-hmac-over-encryption
Add integrity protection using Encrypt-Then-MAC to default encryption module
2016-02-09 23:45:27 +01:00
Lukas Reschke
ca350294a6 Add tests for setVersion 2016-02-09 23:43:28 +01:00
Vincent Petry
45c78476f5 Use cache update instead of put for encryption version
Saves a call to fetch the file id which didn't even work for a reason.

This fix properly sets the version in the database.
2016-02-09 23:43:28 +01:00
Lukas Reschke
6724f76573 Use cache and add tests 2016-02-09 23:43:27 +01:00
Bjoern Schiessle
377d7fb8a8 don't decrease ->version for part files but only a local variable, otherwise it can happen that we decrease it twice and end up with the wrong value 2016-02-09 23:43:27 +01:00
Vincent Petry
3736f13826 Check if partial cache entry or not in encryption wrapper 2016-02-09 23:43:27 +01:00
Bjoern Schiessle
966eb4b084 realPath should contain the path to the file we want to read, e.g. the version and not the original file 2016-02-09 23:43:27 +01:00
Lukas Reschke
5ccb9dfa7e Use database for keeping track of the version 2016-02-09 23:43:27 +01:00
Lukas Reschke
3badf5caf5 Use number of chunk for HMAC as well
Prevents switching single blocks within the encrypted file.
2016-02-09 23:43:26 +01:00
Lukas Reschke
b5824f024a Keep track of file version
This way it is not possible anymore for an external storage admin to put up old versions of the file.
2016-02-09 23:43:26 +01:00
Lukas Reschke
d5c1596887 Clarify documentation 2016-02-09 23:43:26 +01:00
Lukas Reschke
3b62459c41 Use hash with appended "a" of the original password for the authentication 2016-02-09 23:43:26 +01:00
Björn Schießle
9bb97c714b fixing unit tests 2016-02-09 23:43:26 +01:00
Lukas Reschke
b9ff16498b Use random_bytes instead OpenSSL 2016-02-09 23:43:26 +01:00
Björn Schießle
61dd191253 meta data are at the end of the file 2016-02-09 23:43:25 +01:00