0ae83d6183
Merge pull request #46760 from nextcloud/fix/appframework/csrf-custom-header
2024-07-27 16:27:52 +07:00
4f2a29adf9
Merge pull request #46672 from nextcloud/fix/preview-invalid-id
...
Avoid using partial file info as valid one
2024-07-25 19:37:30 +07:00
9d1705259c
fix(AppFramework): Allow requests with OCS-APIRequest header to pass CSRF checks
...
Signed-off-by: provokateurin <kate@provokateurin.de>
2024-07-25 17:31:49 +07:00
799ee8fd51
feat(TaskProcessing): Implement enums and default values
...
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
2024-07-25 10:10:31 +07:00
57ed738af2
Merge pull request #46644 from nextcloud/cast-bigint
...
fix: cast to bigint on postgresql
2024-07-24 20:39:04 +07:00
7266a9ef33
Merge pull request #46418 from nextcloud/artonge/feat/user_admin_delegation
...
feat(users): Add users and group management to admin delegation
2024-07-24 11:15:54 +07:00
fc0b694d37
feat: mail provider backend
...
Signed-off-by: SebastianKrupinski <krupinskis05@gmail.com>
2024-07-23 16:20:36 +07:00
16c184e2cb
fix: cast to bigint on postgresql
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2024-07-23 14:41:13 +07:00
6c1e896a03
fix: Ignore preview requests for invalid file ids
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2024-07-22 22:32:34 +07:00
dff8815449
feat(users): Add support for admin delegation for users and groups management
...
Signed-off-by: Louis Chemineau <louis@chmn.me>
2024-07-22 17:17:35 +07:00
fffc784769
feat(taskprocessing): add support for webhooks (http or AppAPI) in the task processing API
...
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
2024-07-22 11:34:29 +07:00
9ed2d3e495
Merge pull request #46571 from nextcloud/chore/migrate-to-filenamevalidator
...
refactor: Migrate some legacy and core functions to `IFilenameValidator`
2024-07-22 10:40:50 +07:00
c2a571e435
Merge pull request #46473 from nextcloud/feat/restrict_admin_to_ips
...
feat(security): restrict admin actions to IP ranges
2024-07-22 10:10:42 +07:00
9716b0d735
refactor: Migrate some legacy and core functions to `IFilenameValidator`
...
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-07-19 19:41:46 +07:00
7395211c1a
Merge pull request #46605 from nextcloud/bugfix/noid/test-more-oracle-versions
...
fix(deps): Deprecate functionality deprecated by doctrine and test on more oracle versions
2024-07-19 16:40:49 +07:00
047479ccf9
feat(security): Add public API to allow validating IP Ranges and checking for "in range"
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2024-07-19 16:28:03 +07:00
202e5b1e95
feat(security): restrict admin actions to IP ranges
...
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2024-07-19 16:28:03 +07:00
a3c3eab09c
Merge pull request #46368 from nextcloud/fix/task-processing
...
TaskProcessing follow-up
2024-07-19 12:38:30 +07:00
f6238d35bd
fix(test): Make the test less flaky
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2024-07-19 11:21:16 +07:00
eeb6ddb176
fix(db): Deprecate `IExpressionBuilder::or()` and `IExpressionBuilder::and()` without parameters
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2024-07-19 11:21:16 +07:00
829f2b9bc7
fix(db): Promote the use of `getDatabaseProvider` to reduce the impage of removed upstream platforms
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2024-07-19 11:21:14 +07:00
a4c1d7291f
fix(db): Use `createSchemaManager()` method as `getSchemaManager()` is deprecated
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2024-07-19 11:21:11 +07:00
64ca4b832d
Merge pull request #46583 from nextcloud/filecache-sharding-compat
...
Make filecache queries compatible with sharding
2024-07-19 09:49:45 +07:00
e5dcdfb9e0
feat(Security): Warn about using annotations instead of attributes
...
Signed-off-by: provokateurin <kate@provokateurin.de>
2024-07-18 11:25:32 +07:00
c5b687271b
fix: make batch propagator work with sharding restrictions
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2024-07-17 19:16:07 +07:00
0931492ff0
fix: make usermountcache compatible with sharding
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2024-07-17 19:16:05 +07:00
718ef5dea5
Merge pull request #46510 from nextcloud/feat/info-xml-backends
...
feat: hide caldav server settings if no app uses the caldav backend
2024-07-17 18:57:08 +07:00
d37dd4b9a9
feat(settings/admin/ai): fix tests
...
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
2024-07-17 15:24:19 +07:00
969cc52851
fix(TaskProcessing): Run cs:fix
...
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
2024-07-17 13:55:55 +07:00
61ebfad724
fix(TaskProcessing): fix tests
...
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
2024-07-17 13:55:55 +07:00
f1bb43dd55
test(TaskProcessing): Add test for setTaskResult with fileIds
...
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
2024-07-17 13:55:55 +07:00
05888991d7
Merge pull request #46419 from nextcloud/bugfix/noid/limit-logo-size-for-outlook
...
fix(mail): Fix big logos in mail templates for Outlook
2024-07-17 11:54:47 +07:00
693a81bfa3
fix(mail): Fix big logos in mail templates for Outlook
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2024-07-17 09:24:55 +07:00
1b41e8f566
Merge pull request #46538 from nextcloud/fix/use-filename-validator
...
refactor: Migrate filename validation from `Storage` and `Util` to `FilenameValidator`
2024-07-16 17:42:40 +07:00
decae5a45a
Merge pull request #46547 from nextcloud/query-builder-connection
...
feat: allow running QueryBuilder queries on different connections
2024-07-16 17:38:28 +07:00
322b3946d9
fix(dav): Verify target path in `setName` instead of source path
...
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-07-16 12:57:11 +07:00
f4ede27cdb
refactor: Remove deprecated `Util` function for filename validation to `FilenameValidator`
...
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-07-16 12:49:10 +07:00
69341e4306
refactor: Migrate filename validation logic from `Storage` to `FilenameValidator`
...
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-07-16 12:49:09 +07:00
e42bceac9f
feat: hide caldav server settings if no app uses the caldav backend
...
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
2024-07-16 09:18:33 +07:00
9de6190ec4
feat: allow running QueryBuilder queries on different connections
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2024-07-15 22:41:04 +07:00
bdbeabafa7
feat: Add `forbidden_filename_basenames` config option
...
This allows to configure forbidden filenames (the full filename like `.htaccess`)
and also forbidden basenames like `com0` where `com0`, `com0.txt` and `com0.tar.gz` will match.
We need this as only using basenames was too restrictive and will cause problems on some systems when updating.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-07-15 19:39:18 +07:00
967b3848e0
fix(files_sharing): phpunit & openapi fixes
...
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
2024-07-12 20:14:30 +07:00
cf935e33ae
fix: `OCP\Files\Node\Folder::search` was not setting the owner
...
The owner was not set on the file info causing e.g. webdav searches to never return the known owner.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-07-11 15:46:44 +07:00
e5275dbada
feat: don't count failed CSRF as failed login attempt
...
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2024-07-11 09:27:33 +07:00
46f1efac41
feat: Add `IFilenameValidator` to have one consistent place for filename validation
...
Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de>
Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-07-09 15:04:34 +07:00
48b69c53dc
test: Test hash validation
...
Signed-off-by: Christopher Ng <chrng8@gmail.com>
2024-07-04 17:05:50 +07:00
9a2f026bd6
feat: support excalidraw file
...
Signed-off-by: Hoang Pham <hoangmaths96@gmail.com>
2024-07-04 11:09:21 +07:00
a1d3b5f1a3
fix(tests): Remove output when running tests
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2024-07-03 15:51:36 +07:00
0f95c6e471
Merge pull request #46185 from nextcloud/debt/noid/migrate-background-commands-to-iappconfig
...
refactor: simplify background commands
2024-07-02 11:21:55 +07:00
92acbb0d39
Merge pull request #45766 from nextcloud/feat/ooo-replacement
...
Feat: Allow users to select another user as their out-of-office replacement
2024-07-01 23:25:43 +07:00
a9774741e8
Feat: Allow users to select another user as their out-of-office replacement
...
Signed-off-by: Hamza Mahjoubi <hamzamahjoubi221@gmail.com>
2024-07-01 15:10:16 +07:00
5aefdc399e
feat(AppFramework): Add ExAppRequired attribute
...
Signed-off-by: provokateurin <kate@provokateurin.de>
2024-07-01 14:41:20 +07:00
a773a8b915
refactor: simplify background commands
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2024-07-01 12:52:06 +07:00
aceb4d776c
feat: reduce available languages per config value "reduce_to_languages"
...
Example: restrict to en, de, es, fr, it' languages
./occ config:system:set reduce_to_languages 0 --value en
./occ config:system:set reduce_to_languages 1 --value de
./occ config:system:set reduce_to_languages 2 --value es
./occ config:system:set reduce_to_languages 3 --value fr
./occ config:system:set reduce_to_languages 4 --value it
Signed-off-by: Misha M.-Kupriyanov <kupriyanov@strato.de>
2024-07-01 09:34:11 +07:00
14778811b4
refactor: Use `IAppConfig` for setting cron type
...
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-06-28 18:00:39 +07:00
00aa8f5438
Merge pull request #46133 from nextcloud/bugfix/noid/fix-missing-protocol-on-remotes
...
fix(federation): Fix missing protocol on CloudID remote
2024-06-27 14:59:19 +07:00
ff499a6baa
Merge pull request #45951 from nextcloud/chore/comments-event-legacy
...
chore: Move comments event handler to use proper event dispatcher
2024-06-27 12:40:06 +07:00
280d70a5f4
fix(federation): Fix missing protocol on CloudID remote
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2024-06-27 11:26:08 +07:00
2482688fa0
Merge pull request #45655 from nextcloud/feat/mysql_ignore_conflics
2024-06-27 11:19:12 +07:00
9713dd3fa9
chore: Move comments event handler to use proper event dispatcher
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2024-06-26 18:13:07 +07:00
6121325310
Merge pull request #45532 from nextcloud/feat/publish-resources-room-update
...
feat: implement public OCP api to update resources and rooms
2024-06-25 16:48:30 +07:00
b7243681dd
feat(dbal): add proper insert ignore conflict method for SQLite
...
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2024-06-25 16:21:01 +07:00
957a00b9de
chore: remove chunking-v1
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2024-06-19 16:57:42 +07:00
441dfd6646
Merge pull request #45930 from nextcloud/repair-mimetype-expensive
...
fix: move repair mimetype repair step to the expensive steps
2024-06-19 11:09:15 +07:00
c3354e9c84
Merge pull request #45228 from smokris/heartbeat-route
...
fix(settings): define a 'heartbeat' route, so SecurityHeaders can handle redirected root
2024-06-18 17:29:30 +07:00
5d744456f6
fix(tests): Strong type property $router in RouterTest
...
Co-authored-by: Kate <26026535+provokateurin@users.noreply.github.com>
Signed-off-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
2024-06-18 16:33:31 +07:00
e74f71b32e
feat: add setup check for needed mimetype migrations
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2024-06-18 14:46:19 +07:00
de6bb33d99
fix(tests): Fix tests with new LazyUser usage in DefaultShareProvider
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2024-06-17 18:09:59 +07:00
642cffd4dd
Merge pull request #45582 from nextcloud/joblist-cleanup-by-id
...
delete background jobs by id when cleaning up
2024-06-17 13:21:21 +07:00
e5a6698ec0
Merge pull request #45811 from nextcloud/add-test-for-profile-page-controller
...
test: add tests for ProfilePageController
2024-06-12 14:49:03 +07:00
98eb190e04
test: add tests for ProfilePageController
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2024-06-12 11:46:12 +07:00
8bed23288b
fix(files_sharing): dark avatar support
...
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
2024-06-12 10:27:29 +07:00
19bc3ed1e3
chore(webhooks): Rename webhooks application to webhook_listeners
...
There is already a webhooks application in the appstore
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2024-06-11 14:10:29 +07:00
aa974a4322
feat: Add webhooks application
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2024-06-11 14:10:29 +07:00
98b5cdc43d
Merge pull request #43942 from nextcloud/fix/43612/avoid-pwd-confirm-sso
...
fix(Session): avoid password confirmation on SSO
2024-06-07 11:25:36 +07:00
f6d6efef3a
refactor(Token): introduce scope constants
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2024-06-05 19:01:14 +07:00
340939e688
fix(Session): avoid password confirmation on SSO
...
SSO backends like SAML and OIDC tried a trick to suppress password
confirmations as they are not possible by design. At least for SAML it was
not reliable when existing user backends where used as user repositories.
Now we are setting a special scope with the token, and also make sure that
the scope is taken over when tokens are regenerated.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2024-06-05 19:01:13 +07:00
c1661b6023
Merge pull request #45570 from nextcloud/fix/strict-email-verification
...
fix(Mailer): Allow to enforce strict email format
2024-06-04 14:03:54 +07:00
1a27314530
fix(Mailer): Allow to enforce strict email format
...
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-05-31 14:18:06 +07:00
7f745a1ed0
Merge branch 'master' into refactor/OC-Server-getSecureRandom
...
Signed-off-by: John Molakvoæ <skjnldsv@users.noreply.github.com>
2024-05-30 19:13:53 +07:00
4d9199fb88
Merge branch 'master' into refactor/OC-Server-getL10NFactory
...
Signed-off-by: John Molakvoæ <skjnldsv@users.noreply.github.com>
2024-05-30 17:52:14 +07:00
85b9552617
test: update DummyJobList
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2024-05-30 15:07:39 +07:00
258bb03cf5
Merge branch 'master' into refactor/OC-Server-getSecureRandom
...
Signed-off-by: John Molakvoæ <skjnldsv@users.noreply.github.com>
2024-05-30 14:24:22 +07:00
91227c908b
Merge branch 'master' into refactor/OC-Server-getHTTPClientService
...
Signed-off-by: John Molakvoæ <skjnldsv@users.noreply.github.com>
2024-05-30 14:21:45 +07:00
99af78cd66
Merge branch 'master' into refactor/OC-Server-getL10NFactory
...
Signed-off-by: John Molakvoæ <skjnldsv@users.noreply.github.com>
2024-05-30 14:19:51 +07:00
f863290572
feat(ldap): sync additional properties to profile and SAB
...
Synced from LDAP to profile:
- Date of birth
Synced from LDAP to SAB (via the profile):
- Biography
- Date of birth
Original code by Jake Nabasny (GitHub: @slapcat)
Co-authored-by: Jake Nabasny <jake@nabasny.com>
Co-authored-by: Richard Steinmetz <richard@steinmetz.cloud>
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
2024-05-30 12:01:13 +07:00
3fb0aa40cd
feat(db): add mapping for lock wait timeout
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2024-05-29 11:10:43 +07:00
3bfba2042c
fix(db): Prevent two connections for single node databases
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2024-05-28 10:38:36 +07:00
69e0158030
feat: implement public OCP api to update resources and rooms
...
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
2024-05-27 18:45:52 +07:00
0b20dd6755
chore: Add SPDX header
...
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
2024-05-22 19:58:12 +07:00
e630e4b983
Merge pull request #44763 from nextcloud/fix/group_name_length_db
2024-05-16 14:22:30 +07:00
4286660983
fix: Extend SVG reference check
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2024-05-16 10:01:33 +07:00
715245a21a
fix: run cs:fix
...
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
2024-05-14 11:38:42 +07:00
9cc1a01ea0
test: Put input files in user storage
...
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
2024-05-14 11:38:42 +07:00
19a0aaeb5e
fix(TextToImage): Allow leaving the resources open
...
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
2024-05-14 11:38:41 +07:00
f6f4965294
fix: fix tests
...
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
2024-05-14 11:38:41 +07:00
5de42a53e2
fix: Don't use dynamic property
...
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
2024-05-14 11:38:40 +07:00
a5053d33c2
fix: Run cs:fix
...
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
2024-05-14 11:38:40 +07:00
ef44af1f48
test: Test file authorization check
...
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
2024-05-14 11:38:40 +07:00
bd5dfd0b5f
test: Add more tests for legacy pass-through
...
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
2024-05-14 11:38:40 +07:00
John Molakvoæ
Andy Scherzinger
provokateurin
Marcel Klehr
Ferdinand Thiessen
Louis
SebastianKrupinski
Robin Appelman
Julius Härtl
Julien Veyssier
Stephan Orbaugh
Joas Schilling
Joas Schilling
Benjamin Gaussorgues
Richard Steinmetz
skjnldsv
Christopher Ng
Hoang Pham
Daniel
Hamza Mahjoubi
Misha M.-Kupriyanov
Arthur Schiwon
Côme Chilliet
Côme Chilliet
Jake Nabasny
Christoph Wurst