a18e61a1e5
feat(files_sharing): add config option for extending link-share permissions
...
This allows the admin to control the behavior whether link shares with
READ permissions should be extended to also gain SHARE permissions,
allowing users (public share receivers) to add the share to their cloud.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2025-07-17 16:59:36 +07:00
2b50d9b2c5
Revert "perf(base): Stop setting up the FS for every basic auth request"
2025-07-11 17:07:44 +07:00
6f0255d82a
Merge pull request #53141 from nextcloud/perf/files/setup-fs-basic-auth-request
2025-07-11 15:25:10 +07:00
01766b18f8
fix: Fix theming for disabled accounts
...
The Theming app injects the stylesheets for the different themes in the
"<header>" element of the page, and those stylesheets are then loaded by
the browser from a "Controller" (a plain "Controller", not an
"OCSController"). The stylesheets, in turn, may also get some images
(like the background) also from the "Controller".
When handling a request to "index.php" it is checked whether the user is
logged in and, if not, a login is tried. A disabled user is explicitly
seen as not logged in, so a login is always tried in that case, but
disabled users are also explicitly prevented to log in, so the login
also fails. Due to that trying to get any of the themed stylesheets or
images with a disabled account (to be able to show the "Account
disabled" error page) fails with an HTTP status 401.
To solve that, and to avoid touching this basic logic as much as
possible, the login exception is now ignored (if the user is disabled)
for some specific requests to the Theming app.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2025-07-10 15:19:01 +07:00
24f7a2e680
fix(core): Stop abusing the cache for avatar upload
...
Signed-off-by: provokateurin <kate@provokateurin.de>
2025-07-08 11:38:59 +07:00
5981b7eb51
chore: apply new CSFixer rules
...
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
# Conflicts:
# apps/settings/lib/SetupChecks/PhpOpcacheSetup.php
2025-07-01 16:26:50 +07:00
bd00b75b29
Merge pull request #53671 from nextcloud/fix/read-only-share-download
2025-07-01 15:11:06 +07:00
2e5ccc7123
fix(files): Always transfer incoming shares when doing ownership transfer to prevent broken reshares
...
Signed-off-by: provokateurin <kate@provokateurin.de>
2025-07-01 08:23:53 +07:00
9806a9830c
feat(files_sharing): allow viewing files with download disabled
...
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
2025-06-26 11:47:53 +07:00
b6af06d2e0
fix: revive always storing lowercased email addresses
...
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
2025-06-24 13:53:08 +07:00
6254354f27
test(dav): add integration test for principal property search
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2025-06-17 11:19:24 +07:00
a15c473ae2
feat(tests): Test application enabling/disabling and routes
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-06-05 15:12:28 +07:00
1b273b8c2c
chore(IAccountManager): remove deprecated visibility constants
...
Those constants are not used anywhere anymore and are deprecated for
more than ten versions. So its time to cleanup the interface.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2025-05-14 19:15:24 +07:00
4495794a0b
feat(dav): allow uploading folders to public shares
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2025-05-13 16:03:20 +07:00
9ed33cf6aa
feat(profile): Add an API to get the profile field data
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2025-04-23 12:38:18 +07:00
fbb77270c2
Merge pull request #50905 from nextcloud/fix/rate-limit-share-creation
2025-04-15 10:57:50 +07:00
75063cd71b
test: enable rate limiting for ratelimiting.feature
...
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
2025-04-15 10:31:02 +07:00
6a0d92dedf
fix(files_sharing): expireDate null tests
...
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
2025-04-14 22:46:52 +07:00
da9b6e376d
fix(tests): Sort activities by id to get the last one
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-03-25 15:43:09 +07:00
140aba1f16
feat: Add context and test steps for activity in sharing
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-03-25 15:43:09 +07:00
c2f2f21673
feat: Support deleting metadata from WebDAV
...
The `$value` will be `null` if the update is wrapped inside a `<d:remove>...</d:remove>` block.
Signed-off-by: Louis Chemineau <louis@chmn.me>
2025-03-04 12:34:11 +07:00
2a0f81da53
fix(provisioning_api): Correct limit for `editUser`
...
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2025-02-06 11:58:24 +07:00
0baab8fd98
test: Reset sharing app config after test
...
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2025-01-28 16:40:50 +07:00
19ce362896
chore: add file conversion integration tests
...
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
2025-01-16 18:55:44 +07:00
669e6cadd6
chore(federation): cleanup SettingsController and legacy AddServerMiddleware
...
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
2025-01-09 15:39:01 +07:00
b434750cb2
chore(federation): add trusted server auto accept integration tests
...
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
2025-01-09 12:54:51 +07:00
63f3309993
fix(logger): Prevent infinite recursion with log.condition => matches
...
When we need to check the log condition for a user matches,
there is a risk that something on the way checks the log level
and would result in an infinite loop.
So we simply check if it's a nested call and use the default
warning level in that case.
Signed-off-by: Joas Schilling <coding@schilljs.com>
2025-01-03 10:04:51 +07:00
22051a73c1
feat(login): add origin check at login
...
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2024-12-05 09:51:53 +07:00
f08d053290
fix(ocm): switching to IdentityProof
...
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2024-12-04 09:30:55 +07:00
d6fa2100e1
test(ExternalStorage): Send basic auth during integrations tests
...
Signed-off-by: Louis Chemineau <louis@chmn.me>
2024-11-28 11:12:29 +07:00
158299b3d7
fix(profile): make sure the app cannot be disabled as it was in core
...
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
2024-11-14 10:25:10 +07:00
bbc5d32c8e
fix(dav): Public WebDAV endpoint should allow `GET` requests
...
`GET` should be allowed even without Ajax header to allow downloading files,
or show files in the viewer. All other requests could be guarded, but this should not.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-10-09 17:10:52 +07:00
9be2f060f9
fix: provision api's status codes
...
Signed-off-by: Hamza Mahjoubi <hamzamahjoubi221@gmail.com>
2024-09-30 17:19:32 +07:00
0f6760c810
feat(files): Make the files download action use WebDAV zip download
...
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-09-28 13:18:29 +07:00
d66e16b07e
feat(dav): New `ZipFolderPlugin` which allows to download folders using GET requests
...
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-09-28 13:18:23 +07:00
9836e9b164
chore(deps): Update nextcloud/coding-standard to v1.3.1
...
Signed-off-by: provokateurin <kate@provokateurin.de>
2024-09-19 14:21:20 +07:00
b24e02e5df
fix(core): profile design and pronouns support
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2024-09-18 00:15:19 +07:00
26abc86eca
feat: add profile pronouns
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2024-09-17 22:20:36 +07:00
8af7ecb257
chore: adjust code to adhere to coding standard
...
Signed-off-by: Anna Larch <anna@nextcloud.com>
2024-09-05 21:23:38 +07:00
8350aef723
test: Add integration tests for saving external userglobal storages
...
As the external storage uses the Nextcloud server itself the number of
workers of the PHP process running the Nextcloud server had to be
increased. Otherwise if a request is sent for the external storage while
handling a request from the integration tests a deadlock would occur.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2024-09-04 09:46:17 +07:00
54e6103d31
fix(test): Fix provisioning enabled apps
...
Signed-off-by: provokateurin <kate@provokateurin.de>
2024-08-29 09:43:03 +07:00
af6de04e9e
style: update codestyle for coding-standard 1.2.3
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2024-08-25 19:34:58 +07:00
cb1b366baf
fix(dav): Ensure share properties are also set on public remote endpoint
...
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-08-12 11:28:03 +07:00
725736a754
chore(integration): add file request tests
...
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
2024-07-19 07:35:51 +07:00
9b84831c8d
fix(files_sharing): adjust IAttributes API and files_versions
...
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
2024-07-12 20:14:30 +07:00
a229723b8c
feat: Add new forbidden filename options to Capabilities
...
Allow clients to access the new filename validation options
and make frontend name validation possible.
Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de>
Co-authored-by: Kate <26026535+provokateurin@users.noreply.github.com>
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-07-11 13:31:54 +07:00
957a00b9de
chore: remove chunking-v1
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2024-06-19 16:57:42 +07:00
1e04619675
chore: Add SPDX header
...
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
2024-06-06 22:53:41 +07:00
91227c908b
Merge branch 'master' into refactor/OC-Server-getHTTPClientService
...
Signed-off-by: John Molakvoæ <skjnldsv@users.noreply.github.com>
2024-05-30 14:21:45 +07:00
4bd9bc7b06
feat(files): Use receiving users language for the ownership transfer target folder
...
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-05-29 20:19:58 +07:00
Ferdinand Thiessen
John Molakvoæ
Daniel Calviño Sánchez
provokateurin
skjnldsv
Richard Steinmetz
Daniel Kesselberg
Côme Chilliet
Joas Schilling
Louis Chemineau
Benjamin Gaussorgues
Maxence Lange
Hamza Mahjoubi
Anna Larch
Robin Appelman
Andy Scherzinger