Remove unused OC\Share\Share::checkPasswordProtectedShare

Signed-off-by: Morris Jobke <hey@morrisjobke.de>

Merge pull request #16582 from nextcloud/enh/split_up_security_middleware

Split up security middleware

Merge pull request #16563 from nextcloud/enh/lostcontroller/better_exceptions

Use proper exception in lostController

Merge pull request #16581 from nextcloud/dep/strict_csps_can_go

No need to have these classes we tighten the default CSP from time to time

Merge pull request #16570 from nextcloud/enh/supress_touch_error

Supress warnings touch can generate

Merge pull request #16571 from nextcloud/enh/update_preview_controller

Update PreviewController

[tx-robot] updated from transifex

Merge pull request #16573 from nextcloud/fix-default-timeouts-in-oc-notification

Fix default timeouts in OC.Notification

Merge pull request #16583 from nextcloud/dependabot/npm_and_yarn/webpack-4.38.0

Bump webpack from 4.36.1 to 4.38.0

[tx-robot] updated from transifex

Bump webpack from 4.36.1 to 4.38.0

Bumps [webpack](https://github.com/webpack/webpack) from 4.36.1 to 4.38.0.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v4.36.1...v4.38.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Use proper exception in lostController

There is no need to log the expcetion of most of the stuff here.
We should properly log them but an exception is excessive.

This moves it to a proper exception which we can catch and then log.
The other exceptions will still be fully logged.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Split up security middleware

With upcoming work for the feature policy header. Splitting this in
smaller classes that just do 1 thing makes sense.

I rather have a few small classes that are tiny and do 1 thing right
(and we all understand what is going on) than have big ones.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

No need to have these classes we tighten the default CSP from time to
time

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Merge pull request #16560 from nextcloud/bugfix/noid/fix_cutype_reporting

fix calendar-user-type reporting

Merge pull request #16558 from nextcloud/enh/less_verbose_locked_logging

Do not log all locked exceptions

[tx-robot] updated from transifex

Add unit tests for "OC.Notification.hide()"

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>

Fix default timeouts in OC.Notification

When no timeout was given "show()" used the default timeout of
"OCP.Toast", which is 7 seconds instead of indefinitely as stated in the
documentation of "show()". "showHtml()" should also indefinitely show
the notification if no timeout is given, but due to the strict
comparison the notification was indefinitely shown only when a timeout
of 0 was explicitly given. Now both methods show the notification
indefinitely (or until it is explicitly hidden) when no timeout is
given.

The unit tests did not catch this error because "showHtml()" had no
tests (as before the move to Toastify it was called from "show()" and
thus implicitly tested), and because "show()" verified that "hide()" was
not called after some time; "hide()" is no longer called from "show()"
since "OCP.Toast" is used internally, so the test always passed even if
the notification was indeed hidden. Now the test is based on whether the
element is found or not, and explicit tests were added too for
"showHtml()".

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>

Fix mixed test for "show" and "showTemporary"

"showTemporary()" when a timeout was given was being tested along with
the "show()" tests; now there are two separate tests when a timeout is
given, one for "showTemporary()" and one for "show()".

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>

Check number of elements instead of if the jQuery object is defined

Tje jQuery object created through "$('#testArea .toastify')" will be
always defined even if no elements were found, so the check does not
really work; instead, it should be checked the number of elements found.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>

Update PreviewController

The constructor is called with the userId. However if a user is not
logged in this is null. Which means that we get an exception instead of
this being handled gracefully in the middleware.

There are cleaner solutions. But this is the solution that is the
easiest to apply without lots of work and risk of breaking things
(handling the logged in middleware before initializing the controller
etc).

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Supress warnings touch can generate

We already catch the result value. Having the warning being logged
explicitly doesn't help and polutes the log.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Merge pull request #16556 from nextcloud/feature/16554_adminAuditShareByMail/wiswedel

log email shares in admin_audit log

Merge pull request #16557 from nextcloud/enh/do_not_log_locked_files

Do not log locked files

Merge pull request #16555 from nextcloud/fix/16529/mask-keys

use a pattern to identify sensitive config keys

Merge pull request #16551 from nextcloud/fix/12735/displayname-email

supresses disclosing the userid for LDAP users in the welcome mail

Merge pull request #16456 from nextcloud/dep/searchByTag

Remove deprecated searchByTag

fix CUType reporting

Signed-off-by: Georg Ehrke <developer@georgehrke.com>

Do not log all locked exceptions

This can happen for valid reasons (multiple users writing at the same
time) with for example the text app. Apps should properly handle it. No
reason to log it by default.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

log email shares in admin_audit log

Signed-off-by: Sascha Wiswedel <sascha.wiswedel@nextcloud.com>

Do not log locked files

This is the code doing its job. There is no need to spam the log file
with this.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

treat sensitive config keys by pattern

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

Merge pull request #16461 from nextcloud/fix/noid/pgsql-version

fixes the check for postgresql

Remove deprecated searchByTag

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

supresses disclosing the userid for LDAP users in the welcome mail

The userid is not relevant here, and by default cannot be used to login
with. Typically, there is a common type of login names in organizations
(LDAP username or email most often) that does not need to be disclosed.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

Merge pull request #16542 from nextcloud/dependabot/npm_and_yarn/build/fstream-1.0.12

[Security] Bump fstream from 1.0.11 to 1.0.12 in /build

[tx-robot] updated from transifex

Merge pull request #16532 from nextcloud/bugfix/14776/maxcontrast-fix

Fix max contrast retrieval to limit minimum color for relative time

[Security] Bump fstream from 1.0.11 to 1.0.12 in /build

Bumps [fstream](https://github.com/npm/fstream) from 1.0.11 to 1.0.12. **This update includes a security fix.**
- [Release notes](https://github.com/npm/fstream/releases)
- [Commits](https://github.com/npm/fstream/compare/v1.0.11...v1.0.12)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Merge pull request #16503 from nextcloud/bugfix/5504/create_new_birthday_calendars_with_VEVENT_only

allow to provide supported calendar component set internally as a string

Trigger fallback code to get max contrast value and use integer there

Signed-off-by: Morris Jobke <hey@morrisjobke.de>

[tx-robot] updated from transifex

Fix max contrast retrieval to limit minimum color for relative time

Signed-off-by: Morris Jobke <hey@morrisjobke.de>

Merge pull request #16528 from nextcloud/shipped-texteditor

Remove files_texteditor from shipped apps

Remove files_texteditor from shipped apps

Signed-off-by: Julius Härtl <jus@bitgrid.net>

Merge pull request #15637 from nextcloud/bugfix/15567/ignore-hidden-share

Allow hidden smb shares

Merge pull request #16523 from nextcloud/bugfix/noid/nested-recursion-breaking-max-nested-level-for-parent-comment

Nested recursion breaking max nested level for parent comment calculation

PHPStorm code cleanup

Signed-off-by: Joas Schilling <coding@schilljs.com>

Get the topmost parent for the parent instead of doing endless recursion

Signed-off-by: Joas Schilling <coding@schilljs.com>

Merge pull request #16493 from nextcloud/enh/remove-curly-braces

The array and string offset access syntax using curly braces is depre…

[tx-robot] updated from transifex

Merge pull request #16505 from nextcloud/enh/nitpicks-14954

Dont assign $options to $options and cleanup doc

Merge pull request #16514 from nextcloud/dependabot/npm_and_yarn/babel/preset-env-7.5.5

Bump @babel/preset-env from 7.5.4 to 7.5.5

Merge pull request #16492 from nextcloud/enh/exclude-rnd-files

Exclude .rnd files from integrity check

Merge pull request #16497 from nextcloud/dependabot/npm_and_yarn/babel/core-7.5.5

Bump @babel/core from 7.5.4 to 7.5.5

[tx-robot] updated from transifex

Dont assign $options to $options and cleanup doc

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>

allow to provide supported calendar component set internally as a string

Signed-off-by: Georg Ehrke <developer@georgehrke.com>

Merge pull request #16450 from nextcloud/tech-debt/noid/cleanup-unused-OC_API-methods

Removes unused OC_API::register

Merge pull request #16495 from nextcloud/fix/16378-cannot-get-key-from-parameter

Pass $configargs to openssl_pkey_export

Fix wrong indentation

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>

Fix 1px jump when selecting multi table entries (#16475)

Fix 1px jump when selecting multi table entries

Adjust deprecation tests

Signed-off-by: Morris Jobke <hey@morrisjobke.de>

Bump @babel/core from 7.5.4 to 7.5.5

Bumps [@babel/core](https://github.com/babel/babel) from 7.5.4 to 7.5.5.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.5.4...v7.5.5)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>

Merge pull request #16483 from nextcloud/dependabot/npm_and_yarn/css-loader-3.1.0

Bump css-loader from 3.0.0 to 3.1.0

Merge pull request #16482 from nextcloud/dependabot/npm_and_yarn/url-loader-2.1.0

Bump url-loader from 2.0.1 to 2.1.0

Merge pull request #16489 from nextcloud/dependabot/npm_and_yarn/lodash-4.17.15

Bump lodash from 4.17.14 to 4.17.15

Merge pull request #16487 from nextcloud/dependabot/npm_and_yarn/blueimp-md5-2.11.0

Bump blueimp-md5 from 2.10.0 to 2.11.0

[tx-robot] updated from transifex

Fix invalid recursion

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>

Pass $configargs to openssl_pkey_export

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>

Bump css-loader from 3.0.0 to 3.1.0

Bumps [css-loader](https://github.com/webpack-contrib/css-loader) from 3.0.0 to 3.1.0.
- [Release notes](https://github.com/webpack-contrib/css-loader/releases)
- [Changelog](https://github.com/webpack-contrib/css-loader/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/css-loader/compare/v3.0.0...v3.1.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Merge pull request #16488 from nextcloud/dependabot/npm_and_yarn/file-loader-4.1.0

Bump file-loader from 4.0.0 to 4.1.0

The array and string offset access syntax using curly braces is deprecated.

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>

Bump lodash from 4.17.14 to 4.17.15

Bumps [lodash](https://github.com/lodash/lodash) from 4.17.14 to 4.17.15.
- [Release notes](https://github.com/lodash/lodash/releases)
- [Commits](https://github.com/lodash/lodash/compare/4.17.14...4.17.15)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>

Bump blueimp-md5 from 2.10.0 to 2.11.0

Bumps [blueimp-md5](https://github.com/blueimp/JavaScript-MD5) from 2.10.0 to 2.11.0.
- [Release notes](https://github.com/blueimp/JavaScript-MD5/releases)
- [Commits](https://github.com/blueimp/JavaScript-MD5/compare/v2.10.0...v2.11.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>

Bump url-loader from 2.0.1 to 2.1.0

Bumps [url-loader](https://github.com/webpack-contrib/url-loader) from 2.0.1 to 2.1.0.
- [Release notes](https://github.com/webpack-contrib/url-loader/releases)
- [Changelog](https://github.com/webpack-contrib/url-loader/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/url-loader/compare/v2.0.1...v2.1.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Merge pull request #16485 from nextcloud/dependabot/npm_and_yarn/webpack-4.36.1

Bump webpack from 4.35.3 to 4.36.1

Exclude .rnd files from integrity check

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>

Bump webpack from 4.35.3 to 4.36.1

Bumps [webpack](https://github.com/webpack/webpack) from 4.35.3 to 4.36.1.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v4.35.3...v4.36.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Merge pull request #16486 from nextcloud/dependabot/npm_and_yarn/vue-loader-15.7.1

Bump vue-loader from 15.7.0 to 15.7.1

Merge pull request #16480 from nextcloud/dependabot/npm_and_yarn/build/jsdoc-3.6.3

Bump jsdoc from 3.6.2 to 3.6.3 in /build

Bump vue-loader from 15.7.0 to 15.7.1

Bumps [vue-loader](https://github.com/vuejs/vue-loader) from 15.7.0 to 15.7.1.
- [Release notes](https://github.com/vuejs/vue-loader/releases)
- [Changelog](https://github.com/vuejs/vue-loader/blob/master/CHANGELOG.md)
- [Commits](https://github.com/vuejs/vue-loader/compare/v15.7.0...v15.7.1)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Merge pull request #16490 from nextcloud/dependabot/npm_and_yarn/webpack-cli-3.3.6

Bump webpack-cli from 3.3.5 to 3.3.6

[tx-robot] updated from transifex

Bump webpack-cli from 3.3.5 to 3.3.6

Bumps [webpack-cli](https://github.com/webpack/webpack-cli) from 3.3.5 to 3.3.6.
- [Release notes](https://github.com/webpack/webpack-cli/releases)
- [Changelog](https://github.com/webpack/webpack-cli/blob/v3.3.6/CHANGELOG.md)
- [Commits](https://github.com/webpack/webpack-cli/compare/v3.3.5...v3.3.6)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump file-loader from 4.0.0 to 4.1.0

Bumps [file-loader](https://github.com/webpack-contrib/file-loader) from 4.0.0 to 4.1.0.
- [Release notes](https://github.com/webpack-contrib/file-loader/releases)
- [Changelog](https://github.com/webpack-contrib/file-loader/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/file-loader/compare/v4.0.0...v4.1.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump @babel/preset-env from 7.5.4 to 7.5.5

Bumps [@babel/preset-env](https://github.com/babel/babel) from 7.5.4 to 7.5.5.
- [Release notes](https://github.com/babel/babel/releases)
- [Changelog](https://github.com/babel/babel/blob/master/CHANGELOG.md)
- [Commits](https://github.com/babel/babel/compare/v7.5.4...v7.5.5)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Bump jsdoc from 3.6.2 to 3.6.3 in /build

Bumps [jsdoc](https://github.com/jsdoc/jsdoc) from 3.6.2 to 3.6.3.
- [Release notes](https://github.com/jsdoc/jsdoc/releases)
- [Changelog](https://github.com/jsdoc/jsdoc/blob/master/CHANGES.md)
- [Commits](https://github.com/jsdoc/jsdoc/compare/3.6.2...3.6.3)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>

Merge pull request #16470 from nextcloud/bugfix/noid/settings-menu-border-top_new

Add border-top to settings menu when its open

Fix 1px jump when selecting multi table entries

Signed-off-by: Michael Weimann <mail@michael-weimann.eu>

[tx-robot] updated from transifex

Merge pull request #14954 from tacruc/searchPatterns

Allow to search for real pattern in contacts

Merge pull request #14540 from army1349/master

LDAP Password Modify Extended Operation support

Add border-top to settings menu when its open

Signed-off-by: Greta Doci <gretadoci@gmail.com>

[tx-robot] updated from transifex

Merge pull request #16366 from nextcloud/bugfix/noid/filelist-overlap

Fix filelist overlap with header ref #16076

Merge pull request #16452 from nextcloud/bug/noid/error-with-exception-on-ssl-error

Error with exception on SSL error

Merge pull request #16455 from nextcloud/enh/noid/ldap-update-user-cmd

adds an --update flag to check-user for manual sync of the ldap record