chore: Update smb-kerberos workflow

Signed-off-by: Louis Chemineau <louis@chmn.me>

fix: Use hashed password in files_external settings

Signed-off-by: Louis Chemineau <louis@chmn.me>

Merge pull request #48377 from nextcloud/backport/48142/stable26

[stable26] feat(share): ensure unique share tokens with dynamic length adjustment

fix(share): Ensure unique share tokens

- check for token collisions and retry up to three times.
- throw after 3 attempts without finding a unique token.

Signed-off-by: ernolf <raphael.gradenwitz@googlemail.com>

Merge pull request #48338 from nextcloud/automated/noid/stable26-update-ca-cert-bundle

[stable26] fix(security): Update CA certificate bundle

fix(security): Update CA certificate bundle

Signed-off-by: GitHub <noreply@github.com>

Merge pull request #48290 from nextcloud/backport/48282/stable26

[stable26] chore: add .git-blame-ignore-revs

chore: add .git-blame-ignore-revs

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>

Merge pull request #47520 from nextcloud/backport/47325/stable26

chore: Remove test not compatible with 27 and below

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>

fix: Remove call to non-existing method in 28 and add missing use in test

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>

fix(tests): Fix PHP 8.0 compatibility

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>

fix(tests): Adapt tests to change of DefaultShareProvider constructor

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>

fix: Remove shares only if there are no more common groups between users

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>

chore(tests): Test limiting sharing to same group

Signed-off-by: Louis Chemineau <louis@chmn.me>

fix(files_sharing): Delete user shares if needed when user is removed from a group

Signed-off-by: Louis Chemineau <louis@chmn.me>

Merge pull request #46666 from nextcloud/backport/46640/stable26

[stable26] fix(Token): take over scope in token refresh with login by cookie

fix(Token): take over scope in token refresh with login by cookie

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

Merge pull request #46420 from nextcloud/backport/46398/stable26

[stable26] fix(Session): avoid race conditions on clustered setups

Merge pull request #46409 from nextcloud/backport/46388/stable26

[stable26] fix(workflows): Fix file systemtag cache

fix(workflows): Fix file systemtag cache

Signed-off-by: Joas Schilling <coding@schilljs.com>

fix(Session): avoid race conditions on clustered setups

- re-stablishes old behaviour with cache to return null instead of throwing
  an InvalidTokenException when the token is cached as non-existing
- token invalidation and re-generation are bundled in a DB transaction now

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

Merge pull request #46261 from nextcloud/automated/noid/stable26-update-ca-cert-bundle

[stable26] fix(security): Update CA certificate bundle

fix(security): Update CA certificate bundle

Signed-off-by: GitHub <noreply@github.com>

Merge pull request #46153 from nextcloud/automated/noid/stable26-update-code-signing-crl

[stable26] fix(security): Update code signing revocation list

fix(security): Update code signing revocation list

Signed-off-by: GitHub <noreply@github.com>

Merge pull request #46086 from nextcloud/backport/46075/stable26

[stable26] fix(Token): add FILESYSTEM scope with SCOPE_SKIP_PASSWORD_VALIDATION

fix(Token): add FILESYSTEM scope with SCOPE_SKIP_PASSWORD_VALIDATION

The scope design requires scopes to be either not specified, or
specified explicitely. Therefore, when setting the
skip-password-validation scope for user authentication from mechanisms
like SAML, we also have to set the filesystem scope, otherwise they will
lack access to the filesystem.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

Merge pull request #45925 from nextcloud/backport/45912/stable26

[stable26] ci: use precise ref for 3rdparty check

Merge pull request #45812 from nextcloud/backport/43942/stable26

[stable26] fix(Session): avoid password confirmation on SSO

Merge pull request #45759 from nextcloud/backport/45355/stable26

[stable26] fix: delete user credentials stored in storages_credentials when user gets deleted

Merge pull request #45822 from nextcloud/backport/45811/stable26

[stable26] test: add tests for ProfilePageController

ci: use precise ref for 3rdparty check

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

test: add tests for ProfilePageController

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>

test(unit): adjust testSSO scenario and test class

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

Merge pull request #45805 from nextcloud/backport/45768/stable26

[stable26] Use isRetryable to catch retryable exceptions

style(PHP): remove unacceptable empty lines

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

fix(Token): make new scope future compatible

- "password-unconfirmable" is the effective name for 30, but a draft
  name was backported.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

fix(Session): avoid password confirmation on SSO

SSO backends like SAML and OIDC tried a trick to suppress password
confirmations as they are not possible by design. At least for SAML it was
not reliable when existing user backends where used as user repositories.

Now we are setting a special scope with the token, and also make sure that
the scope is taken over when tokens are regenerated.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

fix(files): Use isRetryable to catch retryable exceptions

Signed-off-by: Louis Chemineau <louis@chmn.me>

fix: added missing ICredentialsManager

fix: added missing ICredentialsManager

Signed-off-by: yemkareems <yemkareems@gmail.com>

fix: delete user credentials stored in storages_credentials when user gets deleted

Signed-off-by: yemkareems <yemkareems@gmail.com>
[skip ci]

Merge pull request #45545 from nextcloud/backport/44664/stable26

fix(dav): Rate limit address book creation

Signed-off-by: Hamza Mahjoubi <hamzamahjoubi221@gmail.com>

Merge pull request #45472 from nextcloud/fix/26-caldav-atomic

Merge pull request #45463 from nextcloud/backport/45340/stable26

[stable26] fix: Extend SVG reference check

Merge pull request #45460 from nextcloud/backport/45321/stable26

[stable26] fix: Correctly check result of function

fix(dav): Make `createCalendarObject` atomic

Partial backport of https://github.com/nextcloud/server/pull/36528

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>

fix: Correctly check result of function

Signed-off-by: Joas Schilling <coding@schilljs.com>

fix: Extend SVG reference check

Signed-off-by: Joas Schilling <coding@schilljs.com>

Merge pull request #44527 from nextcloud/backport/44504/stable26

feat(files)): Add retry logic to cover deadlock situations when moving many files

Signed-off-by: Louis Chemineau <louis@chmn.me>

Merge pull request #44955 from nextcloud/fix/noid/enable-expirt-not-set-link

[stable26] fix(sharing): store link expire date when enabling

Merge pull request #45007 from nextcloud/backport/44892/stable26

[stable26] fix(files): Also skip cross storage move with access control

fix(CI): Suppress psalm UndefinedClass

Signed-off-by: Joas Schilling <coding@schilljs.com>

fix(files): Also skip cross storage move with access control

Signed-off-by: Joas Schilling <coding@schilljs.com>

chore(assets): Recompile assets

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

fix(sharing): store link expire date when enabling

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

Merge pull request #44900 from nextcloud/fix/42060/enable-expire-not-set

[stable26] fix(sharing): store internal expire date when enabling

chore(assets): Recompile assets

Signed-off-by: nextcloud-command <nextcloud-command@users.noreply.github.com>

fix(sharing): store internal expire date when enabling

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

Merge pull request #44740 from nextcloud/backport/stable26/44736

[stable26] fix: Fix avatar images

test: Update tests

Signed-off-by: Christopher Ng <chrng8@gmail.com>

fix: Fix avatar images

Signed-off-by: Christopher Ng <chrng8@gmail.com>

Merge pull request #44689 from nextcloud/backport/44678/stable26

[stable26] fix(3rdparty): Add a CI job to check 3rdparty integrity

Merge pull request #44674 from nextcloud/backport/44662/stable26

[stable26] fix(deps): Update phpseclib from 2.0.45 to 2.0.47

fix(3rdparty): Add a CI job to check 3rdparty integrity

Signed-off-by: Joas Schilling <coding@schilljs.com>

fix(deps): Update phpseclib to 2.0.47

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>

fix: Update psalm baseline to ignore `setKey` being internal of `phpseclib`

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>

Merge pull request #44509 from nextcloud/backport/39367/stable26

[stable26] handle more exceptions in AmazonS3::fopen

Merge pull request #44523 from nextcloud/release/26.0.13

build(hub): 26.0.13

Signed-off-by: skjnldsv <skjnldsv@protonmail.com>

Merge pull request #44516 from nextcloud/automated/noid/stable26-update-code-signing-crl

[stable26] fix(security): Update code signing revocation list

fix(security): Update code signing revocation list

Signed-off-by: GitHub <noreply@github.com>

Fix(l10n): Update translations from Transifex

Signed-off-by: Nextcloud bot <bot@nextcloud.com>

fix SeekableHttpStream::stream_stat errors on failed open

Signed-off-by: Robin Appelman <robin@icewind.nl>

Fix(l10n): Update translations from Transifex

Signed-off-by: Nextcloud bot <bot@nextcloud.com>

Merge pull request #44466 from nextcloud/backport/44388/stable26

[stable26] chore(ci): update block merge EOL workflow

chore(ci): update block merge EOL workflow

See nextcloud/.github#329

Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>

Fix(l10n): Update translations from Transifex

Signed-off-by: Nextcloud bot <bot@nextcloud.com>

Fix(l10n): Update translations from Transifex

Signed-off-by: Nextcloud bot <bot@nextcloud.com>

Fix(l10n): Update translations from Transifex

Signed-off-by: Nextcloud bot <bot@nextcloud.com>

Fix(l10n): Update translations from Transifex

Signed-off-by: Nextcloud bot <bot@nextcloud.com>

Fix(l10n): Update translations from Transifex

Signed-off-by: Nextcloud bot <bot@nextcloud.com>

Merge pull request #44375 from nextcloud/release/26.0.13_rc1

Merge pull request #44283 from nextcloud/backport/44279/stable26

fix: ensure nested mount points are handled in the correct order

Signed-off-by: Robin Appelman <robin@icewind.nl>

Merge pull request #44384 from nextcloud/backport/44360/stable26

Merge pull request #44387 from nextcloud/backport/44381/stable26

[stable26] fix(workflowengine): Use correct event names to make search for groups work again

chore: Compile assets

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>

fix(workflowengine): Use correct event for searching for groups

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>

fix(caldav): add EXDATE and EXRULE to confidential object

Signed-off-by: Anna Larch <anna@nextcloud.com>

Merge pull request #44308 from nextcloud/backport/44299/stable26

[stable26] Forbid tagging readonly files

build(hub): 26.0.13 RC1

Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>

Fix(l10n): Update translations from Transifex

Signed-off-by: Nextcloud bot <bot@nextcloud.com>

Merge pull request #44348 from nextcloud/backport/44339/stable26

[stable26] fix(share): use share owner to get ownership

fix(share): use share owner to confirm reshare

Signed-off-by: Maxence Lange <maxence@artificial-owl.com>

Fix(l10n): Update translations from Transifex

Signed-off-by: Nextcloud bot <bot@nextcloud.com>

Merge pull request #44338 from nextcloud/backport/44276/stable26

[stable26] fix(config): Make sure user keys are strings

fix(config): Make sure user keys are strings

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>