diff options
Diffstat (limited to 'apps/settings/lib')
51 files changed, 397 insertions, 134 deletions
diff --git a/apps/settings/lib/Activity/GroupProvider.php b/apps/settings/lib/Activity/GroupProvider.php index 72c9ca0d719..2d492265cf4 100644 --- a/apps/settings/lib/Activity/GroupProvider.php +++ b/apps/settings/lib/Activity/GroupProvider.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later diff --git a/apps/settings/lib/Activity/GroupSetting.php b/apps/settings/lib/Activity/GroupSetting.php index 9433bdb25d2..917f4a7ef26 100644 --- a/apps/settings/lib/Activity/GroupSetting.php +++ b/apps/settings/lib/Activity/GroupSetting.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later diff --git a/apps/settings/lib/Activity/SecurityFilter.php b/apps/settings/lib/Activity/SecurityFilter.php index 5ff6685f449..9a32e82a984 100644 --- a/apps/settings/lib/Activity/SecurityFilter.php +++ b/apps/settings/lib/Activity/SecurityFilter.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later diff --git a/apps/settings/lib/Activity/SecuritySetting.php b/apps/settings/lib/Activity/SecuritySetting.php index 997e63a97b1..9226b5aea5b 100644 --- a/apps/settings/lib/Activity/SecuritySetting.php +++ b/apps/settings/lib/Activity/SecuritySetting.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later diff --git a/apps/settings/lib/Activity/Setting.php b/apps/settings/lib/Activity/Setting.php index 621dadda11d..f9c659594d6 100644 --- a/apps/settings/lib/Activity/Setting.php +++ b/apps/settings/lib/Activity/Setting.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later diff --git a/apps/settings/lib/AppInfo/Application.php b/apps/settings/lib/AppInfo/Application.php index 2841b181d1a..6e59e56fe82 100644 --- a/apps/settings/lib/AppInfo/Application.php +++ b/apps/settings/lib/AppInfo/Application.php @@ -70,6 +70,7 @@ use OCA\Settings\SetupChecks\SchedulingTableSize; use OCA\Settings\SetupChecks\SecurityHeaders; use OCA\Settings\SetupChecks\SupportedDatabase; use OCA\Settings\SetupChecks\SystemIs64bit; +use OCA\Settings\SetupChecks\TaskProcessingPickupSpeed; use OCA\Settings\SetupChecks\TempSpaceAvailable; use OCA\Settings\SetupChecks\TransactionIsolation; use OCA\Settings\SetupChecks\WellKnownUrls; @@ -131,15 +132,6 @@ class Application extends App implements IBootstrap { /** * Core class wrappers */ - /** FIXME: Remove once OC_SubAdmin is non-static and mockable */ - $context->registerService('isSubAdmin', function () { - $userObject = \OC::$server->getUserSession()->getUser(); - $isSubAdmin = false; - if ($userObject !== null) { - $isSubAdmin = \OC::$server->getGroupManager()->getSubAdmin()->isSubAdmin($userObject); - } - return $isSubAdmin; - }); $context->registerService(IProvider::class, function (IAppContainer $appContainer) { /** @var IServerContainer $serverContainer */ $serverContainer = $appContainer->query(IServerContainer::class); @@ -215,6 +207,7 @@ class Application extends App implements IBootstrap { $context->registerSetupCheck(SchedulingTableSize::class); $context->registerSetupCheck(SupportedDatabase::class); $context->registerSetupCheck(SystemIs64bit::class); + $context->registerSetupCheck(TaskProcessingPickupSpeed::class); $context->registerSetupCheck(TempSpaceAvailable::class); $context->registerSetupCheck(TransactionIsolation::class); $context->registerSetupCheck(PushService::class); diff --git a/apps/settings/lib/BackgroundJobs/VerifyUserData.php b/apps/settings/lib/BackgroundJobs/VerifyUserData.php index 62b7c44c8ef..eb66644ad91 100644 --- a/apps/settings/lib/BackgroundJobs/VerifyUserData.php +++ b/apps/settings/lib/BackgroundJobs/VerifyUserData.php @@ -120,9 +120,11 @@ class VerifyUserData extends Job { } protected function verifyViaLookupServer(array $argument, string $dataType): bool { - if (empty($this->lookupServerUrl) || - $this->config->getAppValue('files_sharing', 'lookupServerUploadEnabled', 'yes') !== 'yes' || - $this->config->getSystemValue('has_internet_connection', true) === false) { + // TODO: Consider to enable for non-global-scale setups by checking 'files_sharing', 'lookupServerUploadEnabled' + if (!$this->config->getSystemValueBool('gs.enabled', false) + || empty($this->lookupServerUrl) + || $this->config->getSystemValue('has_internet_connection', true) === false + ) { return true; } diff --git a/apps/settings/lib/Controller/AISettingsController.php b/apps/settings/lib/Controller/AISettingsController.php index e08ec616e80..114cbf61514 100644 --- a/apps/settings/lib/Controller/AISettingsController.php +++ b/apps/settings/lib/Controller/AISettingsController.php @@ -12,20 +12,15 @@ use OCA\Settings\Settings\Admin\ArtificialIntelligence; use OCP\AppFramework\Controller; use OCP\AppFramework\Http\Attribute\AuthorizedAdminSetting; use OCP\AppFramework\Http\DataResponse; -use OCP\IConfig; +use OCP\IAppConfig; use OCP\IRequest; class AISettingsController extends Controller { - /** - * @param string $appName - * @param IRequest $request - * @param IConfig $config - */ public function __construct( $appName, IRequest $request, - private IConfig $config, + private IAppConfig $appConfig, ) { parent::__construct($appName, $request); } @@ -38,12 +33,12 @@ class AISettingsController extends Controller { */ #[AuthorizedAdminSetting(settings: ArtificialIntelligence::class)] public function update($settings) { - $keys = ['ai.stt_provider', 'ai.textprocessing_provider_preferences', 'ai.taskprocessing_provider_preferences','ai.taskprocessing_type_preferences', 'ai.translation_provider_preferences', 'ai.text2image_provider']; + $keys = ['ai.stt_provider', 'ai.textprocessing_provider_preferences', 'ai.taskprocessing_provider_preferences','ai.taskprocessing_type_preferences', 'ai.translation_provider_preferences', 'ai.text2image_provider', 'ai.taskprocessing_guests']; foreach ($keys as $key) { if (!isset($settings[$key])) { continue; } - $this->config->setAppValue('core', $key, json_encode($settings[$key])); + $this->appConfig->setValueString('core', $key, json_encode($settings[$key]), lazy: in_array($key, \OC\TaskProcessing\Manager::LAZY_CONFIG_KEYS, true)); } return new DataResponse(); diff --git a/apps/settings/lib/Controller/AdminSettingsController.php b/apps/settings/lib/Controller/AdminSettingsController.php index 2b731c5cdde..15e2c392148 100644 --- a/apps/settings/lib/Controller/AdminSettingsController.php +++ b/apps/settings/lib/Controller/AdminSettingsController.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later diff --git a/apps/settings/lib/Controller/AppSettingsController.php b/apps/settings/lib/Controller/AppSettingsController.php index 4d34b7678d7..a85ee8cc20a 100644 --- a/apps/settings/lib/Controller/AppSettingsController.php +++ b/apps/settings/lib/Controller/AppSettingsController.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors * SPDX-FileCopyrightText: 2016 ownCloud, Inc. @@ -15,13 +16,13 @@ use OC\App\AppStore\Version\VersionParser; use OC\App\DependencyAnalyzer; use OC\App\Platform; use OC\Installer; +use OCA\AppAPI\Service\ExAppsPageService; use OCP\App\AppPathNotFoundException; use OCP\AppFramework\Controller; use OCP\AppFramework\Http; use OCP\AppFramework\Http\Attribute\NoCSRFRequired; use OCP\AppFramework\Http\Attribute\OpenAPI; use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired; -use OCP\AppFramework\Http\Attribute\PublicPage; use OCP\AppFramework\Http\ContentSecurityPolicy; use OCP\AppFramework\Http\FileDisplayResponse; use OCP\AppFramework\Http\JSONResponse; @@ -38,11 +39,14 @@ use OCP\Files\SimpleFS\ISimpleFolder; use OCP\Http\Client\IClientService; use OCP\IConfig; use OCP\IGroup; +use OCP\IGroupManager; use OCP\IL10N; use OCP\INavigationManager; use OCP\IRequest; use OCP\IURLGenerator; +use OCP\IUserSession; use OCP\L10N\IFactory; +use OCP\Security\RateLimiting\ILimiter; use OCP\Server; use OCP\Util; use Psr\Log\LoggerInterface; @@ -92,9 +96,9 @@ class AppSettingsController extends Controller { $this->initialState->provideInitialState('appstoreDeveloperDocs', $this->urlGenerator->linkToDocs('developer-manual')); $this->initialState->provideInitialState('appstoreUpdateCount', count($this->getAppsWithUpdates())); - if ($this->appManager->isInstalled('app_api')) { + if ($this->appManager->isEnabledForAnyone('app_api')) { try { - Server::get(\OCA\AppAPI\Service\ExAppsPageService::class)->provideAppApiState($this->initialState); + Server::get(ExAppsPageService::class)->provideAppApiState($this->initialState); } catch (\Psr\Container\NotFoundExceptionInterface|\Psr\Container\ContainerExceptionInterface $e) { } } @@ -126,10 +130,11 @@ class AppSettingsController extends Controller { * @param string $image * @throws \Exception */ - #[PublicPage] #[NoCSRFRequired] - public function getAppDiscoverMedia(string $fileName): Response { - $etag = $this->discoverFetcher->getETag() ?? date('Y-m'); + public function getAppDiscoverMedia(string $fileName, ILimiter $limiter, IUserSession $session): Response { + $getEtag = $this->discoverFetcher->getETag() ?? date('Y-m'); + $etag = trim($getEtag, '"'); + $folder = null; try { $folder = $this->appData->getFolder('app-discover-cache'); @@ -156,6 +161,26 @@ class AppSettingsController extends Controller { $file = reset($file); // If not found request from Web if ($file === false) { + $user = $session->getUser(); + // this route is not public thus we can assume a user is logged-in + assert($user !== null); + // Register a user request to throttle fetching external data + // this will prevent using the server for DoS of other systems. + $limiter->registerUserRequest( + 'settings-discover-media', + // allow up to 24 media requests per hour + // this should be a sane default when a completely new section is loaded + // keep in mind browsers request all files from a source-set + 24, + 60 * 60, + $user, + ); + + if (!$this->checkCanDownloadMedia($fileName)) { + $this->logger->warning('Tried to load media files for app discover section from untrusted source'); + return new NotFoundResponse(Http::STATUS_BAD_REQUEST); + } + try { $client = $this->clientService->newClient(); $fileResponse = $client->get($fileName); @@ -177,6 +202,31 @@ class AppSettingsController extends Controller { return $response; } + private function checkCanDownloadMedia(string $filename): bool { + $urlInfo = parse_url($filename); + if (!isset($urlInfo['host']) || !isset($urlInfo['path'])) { + return false; + } + + // Always allowed hosts + if ($urlInfo['host'] === 'nextcloud.com') { + return true; + } + + // Hosts that need further verification + // Github is only allowed if from our organization + $ALLOWED_HOSTS = ['github.com', 'raw.githubusercontent.com']; + if (!in_array($urlInfo['host'], $ALLOWED_HOSTS)) { + return false; + } + + if (str_starts_with($urlInfo['path'], '/nextcloud/') || str_starts_with($urlInfo['path'], '/nextcloud-gmbh/')) { + return true; + } + + return false; + } + /** * Remove orphaned folders from the image cache that do not match the current etag * @param ISimpleFolder $folder The folder to clear @@ -440,7 +490,7 @@ class AppSettingsController extends Controller { } $currentVersion = ''; - if ($this->appManager->isInstalled($app['id'])) { + if ($this->appManager->isEnabledForAnyone($app['id'])) { $currentVersion = $this->appManager->getAppVersion($app['id']); } else { $currentVersion = $app['releases'][0]['version']; @@ -519,7 +569,7 @@ class AppSettingsController extends Controller { // Check if app is already downloaded /** @var Installer $installer */ - $installer = \OC::$server->get(Installer::class); + $installer = Server::get(Installer::class); $isDownloaded = $installer->isDownloaded($appId); if (!$isDownloaded) { @@ -545,7 +595,7 @@ class AppSettingsController extends Controller { } private function getGroupList(array $groups) { - $groupManager = \OC::$server->getGroupManager(); + $groupManager = Server::get(IGroupManager::class); $groupsList = []; foreach ($groups as $group) { $groupItem = $groupManager->get($group); diff --git a/apps/settings/lib/Controller/AuthorizedGroupController.php b/apps/settings/lib/Controller/AuthorizedGroupController.php index ad01b590440..82a1ca4703e 100644 --- a/apps/settings/lib/Controller/AuthorizedGroupController.php +++ b/apps/settings/lib/Controller/AuthorizedGroupController.php @@ -57,7 +57,7 @@ class AuthorizedGroupController extends Controller { $this->authorizedGroupService->create($groupData['gid'], $class); } } - + return new DataResponse(['valid' => true]); } } diff --git a/apps/settings/lib/Controller/ChangePasswordController.php b/apps/settings/lib/Controller/ChangePasswordController.php index 2154a9ab11b..a874a47c16a 100644 --- a/apps/settings/lib/Controller/ChangePasswordController.php +++ b/apps/settings/lib/Controller/ChangePasswordController.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later @@ -125,9 +126,9 @@ class ChangePasswordController extends Controller { $currentUser = $this->userSession->getUser(); $targetUser = $this->userManager->get($username); - if ($currentUser === null || $targetUser === null || - !($this->groupManager->isAdmin($this->userId) || - $this->groupManager->getSubAdmin()->isUserAccessible($currentUser, $targetUser)) + if ($currentUser === null || $targetUser === null + || !($this->groupManager->isAdmin($this->userId) + || $this->groupManager->getSubAdmin()->isUserAccessible($currentUser, $targetUser)) ) { return new JSONResponse([ 'status' => 'error', diff --git a/apps/settings/lib/Controller/CommonSettingsTrait.php b/apps/settings/lib/Controller/CommonSettingsTrait.php index 56760c10f81..75d2b1f2f9e 100644 --- a/apps/settings/lib/Controller/CommonSettingsTrait.php +++ b/apps/settings/lib/Controller/CommonSettingsTrait.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later @@ -144,6 +145,14 @@ trait CommonSettingsTrait { $this->declarativeSettingsManager->loadSchemas(); $declarativeSettings = $this->declarativeSettingsManager->getFormsWithValues($user, $type, $section); + foreach ($declarativeSettings as &$form) { + foreach ($form['fields'] as &$field) { + if (isset($field['sensitive']) && $field['sensitive'] === true && !empty($field['value'])) { + $field['value'] = 'dummySecret'; + } + } + } + if ($type === 'personal') { $settings = array_values($this->settingsManager->getPersonalSettings($section)); if ($section === 'theming') { diff --git a/apps/settings/lib/Controller/DeclarativeSettingsController.php b/apps/settings/lib/Controller/DeclarativeSettingsController.php index eb9d45839de..4e4bee4043c 100644 --- a/apps/settings/lib/Controller/DeclarativeSettingsController.php +++ b/apps/settings/lib/Controller/DeclarativeSettingsController.php @@ -15,6 +15,7 @@ use OC\AppFramework\Middleware\Security\Exceptions\NotLoggedInException; use OCA\Settings\ResponseDefinitions; use OCP\AppFramework\Http; use OCP\AppFramework\Http\Attribute\NoAdminRequired; +use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired; use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\OCS\OCSBadRequestException; use OCP\AppFramework\OCSController; @@ -53,6 +54,45 @@ class DeclarativeSettingsController extends OCSController { */ #[NoAdminRequired] public function setValue(string $app, string $formId, string $fieldId, mixed $value): DataResponse { + return $this->saveValue($app, $formId, $fieldId, $value); + } + + /** + * Sets a declarative settings value. + * Password confirmation is required for sensitive values. + * + * @param string $app ID of the app + * @param string $formId ID of the form + * @param string $fieldId ID of the field + * @param mixed $value Value to be saved + * @return DataResponse<Http::STATUS_OK, null, array{}> + * @throws NotLoggedInException Not logged in or not an admin user + * @throws NotAdminException Not logged in or not an admin user + * @throws OCSBadRequestException Invalid arguments to save value + * + * 200: Value set successfully + */ + #[NoAdminRequired] + #[PasswordConfirmationRequired] + public function setSensitiveValue(string $app, string $formId, string $fieldId, mixed $value): DataResponse { + return $this->saveValue($app, $formId, $fieldId, $value); + } + + /** + * Sets a declarative settings value. + * + * @param string $app ID of the app + * @param string $formId ID of the form + * @param string $fieldId ID of the field + * @param mixed $value Value to be saved + * @return DataResponse<Http::STATUS_OK, null, array{}> + * @throws NotLoggedInException Not logged in or not an admin user + * @throws NotAdminException Not logged in or not an admin user + * @throws OCSBadRequestException Invalid arguments to save value + * + * 200: Value set successfully + */ + private function saveValue(string $app, string $formId, string $fieldId, mixed $value): DataResponse { $user = $this->userSession->getUser(); if ($user === null) { throw new NotLoggedInException(); diff --git a/apps/settings/lib/Controller/MailSettingsController.php b/apps/settings/lib/Controller/MailSettingsController.php index 13871bc13b6..f1e3b8032dc 100644 --- a/apps/settings/lib/Controller/MailSettingsController.php +++ b/apps/settings/lib/Controller/MailSettingsController.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors * SPDX-FileCopyrightText: 2016 ownCloud, Inc. diff --git a/apps/settings/lib/Controller/PersonalSettingsController.php b/apps/settings/lib/Controller/PersonalSettingsController.php index 0a87181c7d7..340ca3f93eb 100644 --- a/apps/settings/lib/Controller/PersonalSettingsController.php +++ b/apps/settings/lib/Controller/PersonalSettingsController.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later diff --git a/apps/settings/lib/Controller/UsersController.php b/apps/settings/lib/Controller/UsersController.php index 5af16878e8e..8efd3eeb8ca 100644 --- a/apps/settings/lib/Controller/UsersController.php +++ b/apps/settings/lib/Controller/UsersController.php @@ -32,6 +32,7 @@ use OCP\AppFramework\Http\Attribute\NoAdminRequired; use OCP\AppFramework\Http\Attribute\NoCSRFRequired; use OCP\AppFramework\Http\Attribute\OpenAPI; use OCP\AppFramework\Http\Attribute\PasswordConfirmationRequired; +use OCP\AppFramework\Http\Attribute\UserRateLimit; use OCP\AppFramework\Http\DataResponse; use OCP\AppFramework\Http\JSONResponse; use OCP\AppFramework\Http\TemplateResponse; @@ -39,9 +40,12 @@ use OCP\AppFramework\Services\IInitialState; use OCP\BackgroundJob\IJobList; use OCP\Encryption\IManager; use OCP\EventDispatcher\IEventDispatcher; +use OCP\Group\ISubAdmin; use OCP\IConfig; +use OCP\IGroup; use OCP\IGroupManager; use OCP\IL10N; +use OCP\INavigationManager; use OCP\IRequest; use OCP\IUser; use OCP\IUserSession; @@ -52,6 +56,8 @@ use function in_array; #[OpenAPI(scope: OpenAPI::SCOPE_IGNORE)] class UsersController extends Controller { + /** Limit for counting users for subadmins, to avoid spending too much time */ + private const COUNT_LIMIT_FOR_SUBADMINS = 999; public function __construct( string $appName, @@ -83,8 +89,8 @@ class UsersController extends Controller { */ #[NoAdminRequired] #[NoCSRFRequired] - public function usersListByGroup(): TemplateResponse { - return $this->usersList(); + public function usersListByGroup(INavigationManager $navigationManager, ISubAdmin $subAdmin): TemplateResponse { + return $this->usersList($navigationManager, $subAdmin); } /** @@ -94,13 +100,13 @@ class UsersController extends Controller { */ #[NoAdminRequired] #[NoCSRFRequired] - public function usersList(): TemplateResponse { + public function usersList(INavigationManager $navigationManager, ISubAdmin $subAdmin): TemplateResponse { $user = $this->userSession->getUser(); $uid = $user->getUID(); $isAdmin = $this->groupManager->isAdmin($uid); $isDelegatedAdmin = $this->groupManager->isDelegatedAdmin($uid); - \OC::$server->getNavigationManager()->setActiveEntry('core_users'); + $navigationManager->setActiveEntry('core_users'); /* SORT OPTION: SORT_USERCOUNT or SORT_GROUPNAME */ $sortGroupsBy = MetaData::SORT_USERCOUNT; @@ -109,8 +115,8 @@ class UsersController extends Controller { $sortGroupsBy = MetaData::SORT_GROUPNAME; } else { if ($this->appManager->isEnabledForUser('user_ldap')) { - $isLDAPUsed = - $this->groupManager->isBackendUsed('\OCA\User_LDAP\Group_Proxy'); + $isLDAPUsed + = $this->groupManager->isBackendUsed('\OCA\User_LDAP\Group_Proxy'); if ($isLDAPUsed) { // LDAP user count can be slow, so we sort by group name here $sortGroupsBy = MetaData::SORT_GROUPNAME; @@ -129,8 +135,15 @@ class UsersController extends Controller { $this->userSession ); - $groupsInfo->setSorting($sortGroupsBy); - [$adminGroup, $groups] = $groupsInfo->get(); + $adminGroup = $this->groupManager->get('admin'); + $adminGroupData = [ + 'id' => $adminGroup->getGID(), + 'name' => $adminGroup->getDisplayName(), + 'usercount' => $sortGroupsBy === MetaData::SORT_USERCOUNT ? $adminGroup->count() : 0, + 'disabled' => $adminGroup->countDisabled(), + 'canAdd' => $adminGroup->canAddUser(), + 'canRemove' => $adminGroup->canRemoveUser(), + ]; if (!$isLDAPUsed && $this->appManager->isEnabledForUser('user_ldap')) { $isLDAPUsed = (bool)array_reduce($this->userManager->getBackends(), function ($ldapFound, $backend) { @@ -149,20 +162,12 @@ class UsersController extends Controller { }, 0); } else { // User is subadmin ! - // Map group list to ids to retrieve the countDisabledUsersOfGroups - $userGroups = $this->groupManager->getUserGroups($user); - $groupsIds = []; - - foreach ($groups as $key => $group) { - // $userCount += (int)$group['usercount']; - $groupsIds[] = $group['id']; - } - - $userCount += $this->userManager->countUsersOfGroups($groupsInfo->getGroups()); - $disabledUsers = $this->userManager->countDisabledUsersOfGroups($groupsIds); + [$userCount,$disabledUsers] = $this->userManager->countUsersAndDisabledUsersOfGroups($groupsInfo->getGroups(), self::COUNT_LIMIT_FOR_SUBADMINS); } - $userCount -= $disabledUsers; + if ($disabledUsers > 0) { + $userCount -= $disabledUsers; + } } $recentUsersGroup = [ @@ -177,6 +182,14 @@ class UsersController extends Controller { 'usercount' => $disabledUsers ]; + if (!$isAdmin && !$isDelegatedAdmin) { + $subAdminGroups = array_map( + fn (IGroup $group) => ['id' => $group->getGID(), 'name' => $group->getDisplayName()], + $subAdmin->getSubAdminsGroups($user), + ); + $subAdminGroups = array_values($subAdminGroups); + } + /* QUOTAS PRESETS */ $quotaPreset = $this->parseQuotaPreset($this->config->getAppValue('files', 'quota_preset', '1 GB, 5 GB, 10 GB')); $allowUnlimitedQuota = $this->config->getAppValue('files', 'allow_unlimited_quota', '1') === '1'; @@ -199,7 +212,8 @@ class UsersController extends Controller { /* FINAL DATA */ $serverData = []; // groups - $serverData['groups'] = array_merge_recursive($adminGroup, [$recentUsersGroup, $disabledUsersGroup], $groups); + $serverData['systemGroups'] = [$adminGroupData, $recentUsersGroup, $disabledUsersGroup]; + $serverData['subAdminGroups'] = $subAdminGroups ?? []; // Various data $serverData['isAdmin'] = $isAdmin; $serverData['isDelegatedAdmin'] = $isDelegatedAdmin; @@ -305,6 +319,8 @@ class UsersController extends Controller { * @param string|null $addressScope * @param string|null $twitter * @param string|null $twitterScope + * @param string|null $bluesky + * @param string|null $blueskyScope * @param string|null $fediverse * @param string|null $fediverseScope * @param string|null $birthdate @@ -314,6 +330,7 @@ class UsersController extends Controller { */ #[NoAdminRequired] #[PasswordConfirmationRequired] + #[UserRateLimit(limit: 5, period: 60)] public function setUserSettings(?string $avatarScope = null, ?string $displayname = null, ?string $displaynameScope = null, @@ -327,6 +344,8 @@ class UsersController extends Controller { ?string $addressScope = null, ?string $twitter = null, ?string $twitterScope = null, + ?string $bluesky = null, + ?string $blueskyScope = null, ?string $fediverse = null, ?string $fediverseScope = null, ?string $birthdate = null, @@ -371,6 +390,7 @@ class UsersController extends Controller { IAccountManager::PROPERTY_ADDRESS => ['value' => $address, 'scope' => $addressScope], IAccountManager::PROPERTY_PHONE => ['value' => $phone, 'scope' => $phoneScope], IAccountManager::PROPERTY_TWITTER => ['value' => $twitter, 'scope' => $twitterScope], + IAccountManager::PROPERTY_BLUESKY => ['value' => $bluesky, 'scope' => $blueskyScope], IAccountManager::PROPERTY_FEDIVERSE => ['value' => $fediverse, 'scope' => $fediverseScope], IAccountManager::PROPERTY_BIRTHDATE => ['value' => $birthdate, 'scope' => $birthdateScope], IAccountManager::PROPERTY_PRONOUNS => ['value' => $pronouns, 'scope' => $pronounsScope], @@ -413,6 +433,8 @@ class UsersController extends Controller { 'addressScope' => $userAccount->getProperty(IAccountManager::PROPERTY_ADDRESS)->getScope(), 'twitter' => $userAccount->getProperty(IAccountManager::PROPERTY_TWITTER)->getValue(), 'twitterScope' => $userAccount->getProperty(IAccountManager::PROPERTY_TWITTER)->getScope(), + 'bluesky' => $userAccount->getProperty(IAccountManager::PROPERTY_BLUESKY)->getValue(), + 'blueskyScope' => $userAccount->getProperty(IAccountManager::PROPERTY_BLUESKY)->getScope(), 'fediverse' => $userAccount->getProperty(IAccountManager::PROPERTY_FEDIVERSE)->getValue(), 'fediverseScope' => $userAccount->getProperty(IAccountManager::PROPERTY_FEDIVERSE)->getScope(), 'birthdate' => $userAccount->getProperty(IAccountManager::PROPERTY_BIRTHDATE)->getValue(), diff --git a/apps/settings/lib/Hooks.php b/apps/settings/lib/Hooks.php index 8a68aed106e..f59013ca5e1 100644 --- a/apps/settings/lib/Hooks.php +++ b/apps/settings/lib/Hooks.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later @@ -111,8 +112,8 @@ class Hooks { * @throws \BadMethodCallException */ public function onChangeEmail(IUser $user, $oldMailAddress) { - if ($oldMailAddress === $user->getEMailAddress() || - $user->getLastLogin() === 0) { + if ($oldMailAddress === $user->getEMailAddress() + || $user->getLastLogin() === 0) { // Email didn't really change or user didn't login, // so don't create activities and emails. return; @@ -123,6 +124,7 @@ class Hooks { ->setType('personal_settings') ->setAffectedUser($user->getUID()); + $instanceName = $this->defaults->getName(); $instanceUrl = $this->urlGenerator->getAbsoluteURL('/'); $language = $this->languageFactory->getUserLanguage($user); $l = $this->languageFactory->get('settings', $language); @@ -159,7 +161,7 @@ class Hooks { 'instanceUrl' => $instanceUrl, ]); - $template->setSubject($l->t('Email address for %1$s changed on %2$s', [$user->getDisplayName(), $instanceUrl])); + $template->setSubject($l->t('Email address for %1$s changed on %2$s', [$user->getDisplayName(), $instanceName])); $template->addHeader(); $template->addHeading($l->t('Email address changed for %s', [$user->getDisplayName()]), false); $template->addBodyText($text . ' ' . $l->t('If you did not request this, please contact an administrator.')); diff --git a/apps/settings/lib/Listener/MailProviderListener.php b/apps/settings/lib/Listener/MailProviderListener.php index 974378c0006..61446f1e6cb 100644 --- a/apps/settings/lib/Listener/MailProviderListener.php +++ b/apps/settings/lib/Listener/MailProviderListener.php @@ -38,11 +38,11 @@ class MailProviderListener implements IEventListener { $this->handleSetValue($event); return; } - + } private function handleGetValue(DeclarativeSettingsGetValueEvent $event): void { - + if ($event->getFieldId() === 'mail_providers_enabled') { $event->setValue((int)$this->config->getValueBool('core', 'mail_providers_enabled', true)); } diff --git a/apps/settings/lib/Mailer/NewUserMailHelper.php b/apps/settings/lib/Mailer/NewUserMailHelper.php index bd4de2b2087..202495a020e 100644 --- a/apps/settings/lib/Mailer/NewUserMailHelper.php +++ b/apps/settings/lib/Mailer/NewUserMailHelper.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later diff --git a/apps/settings/lib/Middleware/SubadminMiddleware.php b/apps/settings/lib/Middleware/SubadminMiddleware.php index fe92661d24e..02d68e138da 100644 --- a/apps/settings/lib/Middleware/SubadminMiddleware.php +++ b/apps/settings/lib/Middleware/SubadminMiddleware.php @@ -1,9 +1,13 @@ <?php + +declare(strict_types=1); + /** * SPDX-FileCopyrightText: 2019-2024 Nextcloud GmbH and Nextcloud contributors/** * SPDX-FileCopyrightText: 2016 ownCloud, Inc. * SPDX-License-Identifier: AGPL-3.0-only */ + namespace OCA\Settings\Middleware; use OC\AppFramework\Http; @@ -12,27 +16,29 @@ use OC\AppFramework\Utility\ControllerMethodReflector; use OCP\AppFramework\Controller; use OCP\AppFramework\Http\TemplateResponse; use OCP\AppFramework\Middleware; +use OCP\Group\ISubAdmin; use OCP\IL10N; +use OCP\IUserSession; /** * Verifies whether an user has at least subadmin rights. * To bypass use the `@NoSubAdminRequired` annotation */ class SubadminMiddleware extends Middleware { - /** @var ControllerMethodReflector */ - protected $reflector; - - /** - * @param ControllerMethodReflector $reflector - * @param bool $isSubAdmin - * @param IL10N $l10n - */ public function __construct( - ControllerMethodReflector $reflector, - protected $isSubAdmin, + protected ControllerMethodReflector $reflector, + protected IUserSession $userSession, + protected ISubAdmin $subAdminManager, private IL10N $l10n, ) { - $this->reflector = $reflector; + } + + private function isSubAdmin(): bool { + $userObject = $this->userSession->getUser(); + if ($userObject === null) { + return false; + } + return $this->subAdminManager->isSubAdmin($userObject); } /** @@ -43,8 +49,8 @@ class SubadminMiddleware extends Middleware { */ public function beforeController($controller, $methodName) { if (!$this->reflector->hasAnnotation('NoSubAdminRequired') && !$this->reflector->hasAnnotation('AuthorizedAdminSetting')) { - if (!$this->isSubAdmin) { - throw new NotAdminException($this->l10n->t('Logged in account must be a subadmin')); + if (!$this->isSubAdmin()) { + throw new NotAdminException($this->l10n->t('Logged in account must be a sub admin')); } } } diff --git a/apps/settings/lib/ResponseDefinitions.php b/apps/settings/lib/ResponseDefinitions.php index 0f3d6bffccf..12adefda91f 100644 --- a/apps/settings/lib/ResponseDefinitions.php +++ b/apps/settings/lib/ResponseDefinitions.php @@ -20,6 +20,7 @@ namespace OCA\Settings; * default: mixed, * options?: list<string|array{name: string, value: mixed}>, * value: string|int|float|bool|list<string>, + * sensitive?: boolean, * } * * @psalm-type SettingsDeclarativeForm = array{ diff --git a/apps/settings/lib/Search/AppSearch.php b/apps/settings/lib/Search/AppSearch.php index fbc799e6f04..19c2bce5451 100644 --- a/apps/settings/lib/Search/AppSearch.php +++ b/apps/settings/lib/Search/AppSearch.php @@ -47,8 +47,8 @@ class AppSearch implements IProvider { $result = []; foreach ($entries as $entry) { if ( - stripos($entry['name'], $term) === false && - stripos($entry['id'], $term) === false + stripos($entry['name'], $term) === false + && stripos($entry['id'], $term) === false ) { continue; } diff --git a/apps/settings/lib/Search/SectionSearch.php b/apps/settings/lib/Search/SectionSearch.php index 08a6f9f76b0..52f0c9b08db 100644 --- a/apps/settings/lib/Search/SectionSearch.php +++ b/apps/settings/lib/Search/SectionSearch.php @@ -110,8 +110,8 @@ class SectionSearch implements IProvider { foreach ($sections as $priority => $sectionsByPriority) { foreach ($sectionsByPriority as $section) { if ( - stripos($section->getName(), $query->getTerm()) === false && - stripos($section->getID(), $query->getTerm()) === false + stripos($section->getName(), $query->getTerm()) === false + && stripos($section->getID(), $query->getTerm()) === false ) { continue; } diff --git a/apps/settings/lib/Sections/Admin/ArtificialIntelligence.php b/apps/settings/lib/Sections/Admin/ArtificialIntelligence.php index ab43dfd2eef..2a300c260c0 100644 --- a/apps/settings/lib/Sections/Admin/ArtificialIntelligence.php +++ b/apps/settings/lib/Sections/Admin/ArtificialIntelligence.php @@ -29,7 +29,7 @@ class ArtificialIntelligence implements IIconSection { } public function getName(): string { - return $this->l->t('Artificial Intelligence'); + return $this->l->t('Assistant'); } public function getPriority(): int { diff --git a/apps/settings/lib/Sections/Admin/Delegation.php b/apps/settings/lib/Sections/Admin/Delegation.php index 2a455f1e549..0dd3b48c20b 100644 --- a/apps/settings/lib/Sections/Admin/Delegation.php +++ b/apps/settings/lib/Sections/Admin/Delegation.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later diff --git a/apps/settings/lib/Service/AuthorizedGroupService.php b/apps/settings/lib/Service/AuthorizedGroupService.php index 20966446d61..15aca94198a 100644 --- a/apps/settings/lib/Service/AuthorizedGroupService.php +++ b/apps/settings/lib/Service/AuthorizedGroupService.php @@ -42,8 +42,8 @@ class AuthorizedGroupService { * @throws NotFoundException */ private function handleException(\Exception $e): void { - if ($e instanceof DoesNotExistException || - $e instanceof MultipleObjectsReturnedException) { + if ($e instanceof DoesNotExistException + || $e instanceof MultipleObjectsReturnedException) { throw new NotFoundException('AuthorizedGroup not found'); } else { throw $e; diff --git a/apps/settings/lib/Settings/Admin/ArtificialIntelligence.php b/apps/settings/lib/Settings/Admin/ArtificialIntelligence.php index 555d3c27313..aaec0049b20 100644 --- a/apps/settings/lib/Settings/Admin/ArtificialIntelligence.php +++ b/apps/settings/lib/Settings/Admin/ArtificialIntelligence.php @@ -10,7 +10,7 @@ namespace OCA\Settings\Settings\Admin; use OCP\AppFramework\Http\TemplateResponse; use OCP\AppFramework\Services\IInitialState; -use OCP\IConfig; +use OCP\IAppConfig; use OCP\IL10N; use OCP\Settings\IDelegatedSettings; use OCP\SpeechToText\ISpeechToTextManager; @@ -28,7 +28,7 @@ use Psr\Log\LoggerInterface; class ArtificialIntelligence implements IDelegatedSettings { public function __construct( - private IConfig $config, + private IAppConfig $appConfig, private IL10N $l, private IInitialState $initialState, private ITranslationManager $translationManager, @@ -125,6 +125,7 @@ class ArtificialIntelligence implements IDelegatedSettings { $taskProcessingTypeSettings[$taskTypeId] = true; } + $this->initialState->provideInitialState('ai-stt-providers', $sttProviders); $this->initialState->provideInitialState('ai-translation-providers', $translationProviders); $this->initialState->provideInitialState('ai-text-processing-providers', $textProcessingProviders); @@ -140,10 +141,11 @@ class ArtificialIntelligence implements IDelegatedSettings { 'ai.text2image_provider' => count($text2imageProviders) > 0 ? $text2imageProviders[0]['id'] : null, 'ai.taskprocessing_provider_preferences' => $taskProcessingSettings, 'ai.taskprocessing_type_preferences' => $taskProcessingTypeSettings, + 'ai.taskprocessing_guests' => false, ]; foreach ($settings as $key => $defaultValue) { $value = $defaultValue; - $json = $this->config->getAppValue('core', $key, ''); + $json = $this->appConfig->getValueString('core', $key, '', lazy: in_array($key, \OC\TaskProcessing\Manager::LAZY_CONFIG_KEYS, true)); if ($json !== '') { try { $value = json_decode($json, true, flags: JSON_THROW_ON_ERROR); @@ -158,7 +160,7 @@ class ArtificialIntelligence implements IDelegatedSettings { } continue; } - + switch ($key) { case 'ai.taskprocessing_provider_preferences': case 'ai.taskprocessing_type_preferences': diff --git a/apps/settings/lib/Settings/Admin/Mail.php b/apps/settings/lib/Settings/Admin/Mail.php index ca0f4ef33ad..8bf2342a59c 100644 --- a/apps/settings/lib/Settings/Admin/Mail.php +++ b/apps/settings/lib/Settings/Admin/Mail.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later @@ -27,9 +28,11 @@ class Mail implements IDelegatedSettings { * @return TemplateResponse */ public function getForm() { + $finder = Server::get(IBinaryFinder::class); + $parameters = [ // Mail - 'sendmail_is_available' => (bool)Server::get(IBinaryFinder::class)->findBinaryPath('sendmail'), + 'sendmail_is_available' => $finder->findBinaryPath('sendmail') !== false, 'mail_domain' => $this->config->getSystemValue('mail_domain', ''), 'mail_from_address' => $this->config->getSystemValue('mail_from_address', ''), 'mail_smtpmode' => $this->config->getSystemValue('mail_smtpmode', ''), diff --git a/apps/settings/lib/Settings/Admin/Overview.php b/apps/settings/lib/Settings/Admin/Overview.php index 5db9d9533c4..355200372f1 100644 --- a/apps/settings/lib/Settings/Admin/Overview.php +++ b/apps/settings/lib/Settings/Admin/Overview.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later diff --git a/apps/settings/lib/Settings/Admin/Security.php b/apps/settings/lib/Settings/Admin/Security.php index 72485b8f8f3..c4efdb478c7 100644 --- a/apps/settings/lib/Settings/Admin/Security.php +++ b/apps/settings/lib/Settings/Admin/Security.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later diff --git a/apps/settings/lib/Settings/Admin/Server.php b/apps/settings/lib/Settings/Admin/Server.php index 8071d812076..c0f29ce8f34 100644 --- a/apps/settings/lib/Settings/Admin/Server.php +++ b/apps/settings/lib/Settings/Admin/Server.php @@ -55,7 +55,7 @@ class Server implements IDelegatedSettings { $this->initialStateService->provideInitialState('profileEnabledByDefault', $this->isProfileEnabledByDefault($this->config)); // Basic settings - $this->initialStateService->provideInitialState('restrictSystemTagsCreationToAdmin', $this->appConfig->getValueString('systemtags', 'restrict_creation_to_admin', 'true')); + $this->initialStateService->provideInitialState('restrictSystemTagsCreationToAdmin', $this->appConfig->getValueBool('systemtags', 'restrict_creation_to_admin', false)); return new TemplateResponse('settings', 'settings/admin/server', [ 'profileEnabledGlobally' => $this->profileManager->isProfileEnabled(), diff --git a/apps/settings/lib/Settings/Admin/Sharing.php b/apps/settings/lib/Settings/Admin/Sharing.php index e001a7d00ea..e038b2a6231 100644 --- a/apps/settings/lib/Settings/Admin/Sharing.php +++ b/apps/settings/lib/Settings/Admin/Sharing.php @@ -1,14 +1,17 @@ <?php + /** * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later */ namespace OCA\Settings\Settings\Admin; +use OC\Core\AppInfo\ConfigLexicon; use OCP\App\IAppManager; use OCP\AppFramework\Http\TemplateResponse; use OCP\AppFramework\Services\IInitialState; use OCP\Constants; +use OCP\IAppConfig; use OCP\IConfig; use OCP\IL10N; use OCP\IURLGenerator; @@ -19,6 +22,7 @@ use OCP\Util; class Sharing implements IDelegatedSettings { public function __construct( private IConfig $config, + private IAppConfig $appConfig, private IL10N $l, private IManager $shareManager, private IAppManager $appManager, @@ -46,6 +50,7 @@ class Sharing implements IDelegatedSettings { 'allowPublicUpload' => $this->getHumanBooleanConfig('core', 'shareapi_allow_public_upload', true), 'allowResharing' => $this->getHumanBooleanConfig('core', 'shareapi_allow_resharing', true), 'allowShareDialogUserEnumeration' => $this->getHumanBooleanConfig('core', 'shareapi_allow_share_dialog_user_enumeration', true), + 'allowFederationOnPublicShares' => $this->appConfig->getValueBool('core', ConfigLexicon::SHAREAPI_ALLOW_FEDERATION_ON_PUBLIC_SHARES), 'restrictUserEnumerationToGroup' => $this->getHumanBooleanConfig('core', 'shareapi_restrict_user_enumeration_to_group'), 'restrictUserEnumerationToPhone' => $this->getHumanBooleanConfig('core', 'shareapi_restrict_user_enumeration_to_phone'), 'restrictUserEnumerationFullMatch' => $this->getHumanBooleanConfig('core', 'shareapi_restrict_user_enumeration_full_match', true), @@ -72,6 +77,7 @@ class Sharing implements IDelegatedSettings { 'remoteExpireAfterNDays' => $this->config->getAppValue('core', 'shareapi_remote_expire_after_n_days', '7'), 'enforceRemoteExpireDate' => $this->getHumanBooleanConfig('core', 'shareapi_enforce_remote_expire_date'), 'allowCustomTokens' => $this->shareManager->allowCustomTokens(), + 'allowViewWithoutDownload' => $this->shareManager->allowViewWithoutDownload(), ]; $this->initialState->provideInitialState('sharingAppEnabled', $this->appManager->isEnabledForUser('files_sharing')); diff --git a/apps/settings/lib/Settings/Personal/Additional.php b/apps/settings/lib/Settings/Personal/Additional.php index c8b3fc66450..58fe08a63b7 100644 --- a/apps/settings/lib/Settings/Personal/Additional.php +++ b/apps/settings/lib/Settings/Personal/Additional.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later diff --git a/apps/settings/lib/Settings/Personal/PersonalInfo.php b/apps/settings/lib/Settings/Personal/PersonalInfo.php index aa8a0baa49f..9a12b18bb5e 100644 --- a/apps/settings/lib/Settings/Personal/PersonalInfo.php +++ b/apps/settings/lib/Settings/Personal/PersonalInfo.php @@ -27,7 +27,9 @@ use OCP\IUser; use OCP\IUserManager; use OCP\L10N\IFactory; use OCP\Notification\IManager; +use OCP\Server; use OCP\Settings\ISettings; +use OCP\Util; class PersonalInfo implements ISettings { @@ -55,7 +57,7 @@ class PersonalInfo implements ISettings { $lookupServerUploadEnabled = false; if ($federatedFileSharingEnabled) { /** @var FederatedShareProvider $shareProvider */ - $shareProvider = \OC::$server->query(FederatedShareProvider::class); + $shareProvider = Server::get(FederatedShareProvider::class); $lookupServerUploadEnabled = $shareProvider->isLookupServerUploadEnabled(); } @@ -70,7 +72,7 @@ class PersonalInfo implements ISettings { if ($storageInfo['quota'] === FileInfo::SPACE_UNLIMITED) { $totalSpace = $this->l->t('Unlimited'); } else { - $totalSpace = \OC_Helper::humanFileSize($storageInfo['total']); + $totalSpace = Util::humanFileSize($storageInfo['total']); } $messageParameters = $this->getMessageParameters($account); @@ -87,7 +89,7 @@ class PersonalInfo implements ISettings { 'groups' => $this->getGroups($user), 'quota' => $storageInfo['quota'], 'totalSpace' => $totalSpace, - 'usage' => \OC_Helper::humanFileSize($storageInfo['used']), + 'usage' => Util::humanFileSize($storageInfo['used']), 'usageRelative' => round($storageInfo['relative']), 'displayName' => $this->getProperty($account, IAccountManager::PROPERTY_DISPLAYNAME), 'emailMap' => $this->getEmailMap($account), @@ -96,6 +98,7 @@ class PersonalInfo implements ISettings { 'location' => $this->getProperty($account, IAccountManager::PROPERTY_ADDRESS), 'website' => $this->getProperty($account, IAccountManager::PROPERTY_WEBSITE), 'twitter' => $this->getProperty($account, IAccountManager::PROPERTY_TWITTER), + 'bluesky' => $this->getProperty($account, IAccountManager::PROPERTY_BLUESKY), 'fediverse' => $this->getProperty($account, IAccountManager::PROPERTY_FEDIVERSE), 'languageMap' => $this->getLanguageMap($user), 'localeMap' => $this->getLocaleMap($user), @@ -113,6 +116,7 @@ class PersonalInfo implements ISettings { $accountParameters = [ 'avatarChangeSupported' => $user->canChangeAvatar(), 'displayNameChangeSupported' => $user->canChangeDisplayName(), + 'emailChangeSupported' => $user->canChangeEmail(), 'federationEnabled' => $federationEnabled, 'lookupServerUploadEnabled' => $lookupServerUploadEnabled, ]; diff --git a/apps/settings/lib/Settings/Personal/Security/WebAuthn.php b/apps/settings/lib/Settings/Personal/Security/WebAuthn.php index b0bd16a0dc7..a6ba4e9522a 100644 --- a/apps/settings/lib/Settings/Personal/Security/WebAuthn.php +++ b/apps/settings/lib/Settings/Personal/Security/WebAuthn.php @@ -40,8 +40,7 @@ class WebAuthn implements ISettings { $this->mapper->findAllForUid($this->userId) ); - return new TemplateResponse('settings', 'settings/personal/security/webauthn', [ - ]); + return new TemplateResponse('settings', 'settings/personal/security/webauthn'); } public function getSection(): ?string { diff --git a/apps/settings/lib/Settings/Personal/ServerDevNotice.php b/apps/settings/lib/Settings/Personal/ServerDevNotice.php index 71c83740b92..c9993484abd 100644 --- a/apps/settings/lib/Settings/Personal/ServerDevNotice.php +++ b/apps/settings/lib/Settings/Personal/ServerDevNotice.php @@ -1,4 +1,5 @@ <?php + /** * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors * SPDX-License-Identifier: AGPL-3.0-or-later diff --git a/apps/settings/lib/SetupChecks/AllowedAdminRanges.php b/apps/settings/lib/SetupChecks/AllowedAdminRanges.php index 87e11b06be7..5116676dd43 100644 --- a/apps/settings/lib/SetupChecks/AllowedAdminRanges.php +++ b/apps/settings/lib/SetupChecks/AllowedAdminRanges.php @@ -36,7 +36,7 @@ class AllowedAdminRanges implements ISetupCheck { $allowedAdminRanges === false || (is_array($allowedAdminRanges) && empty($allowedAdminRanges)) ) { - return SetupResult::success($this->l10n->t('Admin IP filtering isn’t applied.')); + return SetupResult::success($this->l10n->t('Admin IP filtering isn\'t applied.')); } if (!is_array($allowedAdminRanges)) { diff --git a/apps/settings/lib/SetupChecks/DataDirectoryProtected.php b/apps/settings/lib/SetupChecks/DataDirectoryProtected.php index 4280457ced0..e572c345079 100644 --- a/apps/settings/lib/SetupChecks/DataDirectoryProtected.php +++ b/apps/settings/lib/SetupChecks/DataDirectoryProtected.php @@ -66,6 +66,6 @@ class DataDirectoryProtected implements ISetupCheck { return SetupResult::warning($this->l10n->t('Could not check that the data directory is protected. Please check manually that your server does not allow access to the data directory.') . "\n" . $this->serverConfigHelp()); } return SetupResult::success(); - + } } diff --git a/apps/settings/lib/SetupChecks/DatabaseHasMissingIndices.php b/apps/settings/lib/SetupChecks/DatabaseHasMissingIndices.php index 9854a039dd1..97e80c2aaa9 100644 --- a/apps/settings/lib/SetupChecks/DatabaseHasMissingIndices.php +++ b/apps/settings/lib/SetupChecks/DatabaseHasMissingIndices.php @@ -85,7 +85,7 @@ class DatabaseHasMissingIndices implements ISetupCheck { } } return SetupResult::warning( - $this->l10n->t('Detected some missing optional indices. Occasionally new indices are added (by Nextcloud or installed applications) to improve database performance. Adding indices can sometimes take awhile and temporarily hurt performance so this is not done automatically during upgrades. Once the indices are added, queries to those tables should be faster. Use the command `occ db:add-missing-indices` to add them. ') . $list . '.', + $this->l10n->t('Detected some missing optional indices. Occasionally new indices are added (by Nextcloud or installed applications) to improve database performance. Adding indices can sometimes take awhile and temporarily hurt performance so this is not done automatically during upgrades. Once the indices are added, queries to those tables should be faster. Use the command `occ db:add-missing-indices` to add them.') . "\n" . $list, $this->urlGenerator->linkToDocs('admin-long-running-migration-steps') ); } diff --git a/apps/settings/lib/SetupChecks/JavaScriptModules.php b/apps/settings/lib/SetupChecks/JavaScriptModules.php index e09dc459dc8..72f58405811 100644 --- a/apps/settings/lib/SetupChecks/JavaScriptModules.php +++ b/apps/settings/lib/SetupChecks/JavaScriptModules.php @@ -55,6 +55,6 @@ class JavaScriptModules implements ISetupCheck { return SetupResult::warning($this->l10n->t('Unable to run check for JavaScript support. Please remedy or confirm manually if your webserver serves `.mjs` files using the JavaScript MIME type.') . "\n" . $this->serverConfigHelp()); } return SetupResult::error($this->l10n->t('Your webserver does not serve `.mjs` files using the JavaScript MIME type. This will break some apps by preventing browsers from executing the JavaScript files. You should configure your webserver to serve `.mjs` files with either the `text/javascript` or `application/javascript` MIME type.')); - + } } diff --git a/apps/settings/lib/SetupChecks/LoggingLevel.php b/apps/settings/lib/SetupChecks/LoggingLevel.php new file mode 100644 index 00000000000..b9e1dbe700d --- /dev/null +++ b/apps/settings/lib/SetupChecks/LoggingLevel.php @@ -0,0 +1,55 @@ +<?php + +declare(strict_types=1); + +/** + * SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ +namespace OCA\Settings\SetupChecks; + +use OCP\IConfig; +use OCP\IL10N; +use OCP\ILogger; +use OCP\IURLGenerator; +use OCP\SetupCheck\ISetupCheck; +use OCP\SetupCheck\SetupResult; + +class LoggingLevel implements ISetupCheck { + public function __construct( + private IL10N $l10n, + private IConfig $config, + private IURLGenerator $urlGenerator, + ) { + } + + public function getName(): string { + return $this->l10n->t('Logging level'); + } + + public function getCategory(): string { + return 'system'; + } + + public function run(): SetupResult { + $configLogLevel = $this->config->getSystemValue('loglevel', ILogger::WARN); + if (!is_int($configLogLevel) + || $configLogLevel < ILogger::DEBUG + || $configLogLevel > ILogger::FATAL + ) { + return SetupResult::error( + $this->l10n->t('The %1$s configuration option must be a valid integer value.', ['`loglevel`']), + $this->urlGenerator->linkToDocs('admin-logging'), + ); + } + + if ($configLogLevel === ILogger::DEBUG) { + return SetupResult::warning( + $this->l10n->t('The logging level is set to debug level. Use debug level only when you have a problem to diagnose, and then reset your log level to a less-verbose level as it outputs a lot of information, and can affect your server performance.'), + $this->urlGenerator->linkToDocs('admin-logging'), + ); + } + + return SetupResult::success($this->l10n->t('Logging level configured correctly.')); + } +} diff --git a/apps/settings/lib/SetupChecks/MimeTypeMigrationAvailable.php b/apps/settings/lib/SetupChecks/MimeTypeMigrationAvailable.php index 98c8eacbfda..cf237f68670 100644 --- a/apps/settings/lib/SetupChecks/MimeTypeMigrationAvailable.php +++ b/apps/settings/lib/SetupChecks/MimeTypeMigrationAvailable.php @@ -10,18 +10,15 @@ namespace OCA\Settings\SetupChecks; use OC\Repair\RepairMimeTypes; use OCP\IL10N; -use OCP\L10N\IFactory; use OCP\SetupCheck\ISetupCheck; use OCP\SetupCheck\SetupResult; class MimeTypeMigrationAvailable implements ISetupCheck { - private IL10N $l10n; public function __construct( - IFactory $l10nFactory, private RepairMimeTypes $repairMimeTypes, + private IL10N $l10n, ) { - $this->l10n = $l10nFactory->get('core'); } public function getCategory(): string { diff --git a/apps/settings/lib/SetupChecks/MysqlRowFormat.php b/apps/settings/lib/SetupChecks/MysqlRowFormat.php index 17e7fc6696b..3c27b73db89 100644 --- a/apps/settings/lib/SetupChecks/MysqlRowFormat.php +++ b/apps/settings/lib/SetupChecks/MysqlRowFormat.php @@ -56,11 +56,11 @@ class MysqlRowFormat implements ISetupCheck { * @return string[] */ private function getRowNotDynamicTables(): array { - $sql = 'SELECT table_name + $sql = "SELECT table_name FROM information_schema.tables WHERE table_schema = ? - AND table_name LIKE "*PREFIX*%" - AND row_format != "Dynamic";'; + AND table_name LIKE '*PREFIX*%' + AND row_format != 'Dynamic';"; return $this->connection->executeQuery( $sql, diff --git a/apps/settings/lib/SetupChecks/PhpModules.php b/apps/settings/lib/SetupChecks/PhpModules.php index 60c14757301..b0b4f106f4a 100644 --- a/apps/settings/lib/SetupChecks/PhpModules.php +++ b/apps/settings/lib/SetupChecks/PhpModules.php @@ -32,7 +32,6 @@ class PhpModules implements ISetupCheck { 'zlib', ]; protected const RECOMMENDED_MODULES = [ - 'bcmath', 'exif', 'gmp', 'intl', @@ -58,8 +57,7 @@ class PhpModules implements ISetupCheck { return match($module) { 'intl' => $this->l10n->t('increases language translation performance and fixes sorting of non-ASCII characters'), 'sodium' => $this->l10n->t('for Argon2 for password hashing'), - 'bcmath' => $this->l10n->t('for WebAuthn passwordless login'), - 'gmp' => $this->l10n->t('for WebAuthn passwordless login, and SFTP storage'), + 'gmp' => $this->l10n->t('required for SFTP storage and recommended for WebAuthn performance'), 'exif' => $this->l10n->t('for picture rotation in server and metadata extraction in the Photos app'), default => '', }; diff --git a/apps/settings/lib/SetupChecks/PhpOpcacheSetup.php b/apps/settings/lib/SetupChecks/PhpOpcacheSetup.php index 22605012058..83b7be1c390 100644 --- a/apps/settings/lib/SetupChecks/PhpOpcacheSetup.php +++ b/apps/settings/lib/SetupChecks/PhpOpcacheSetup.php @@ -57,7 +57,7 @@ class PhpOpcacheSetup implements ISetupCheck { } elseif ($this->iniGetWrapper->getBool('opcache.file_cache_only')) { $recommendations[] = $this->l10n->t('The shared memory based OPcache is disabled. For better performance, it is recommended to apply "opcache.file_cache_only=0" to your PHP configuration and use the file cache as second level cache only.'); } else { - // Check whether opcache_get_status has been explicitly disabled an in case skip usage based checks + // Check whether opcache_get_status has been explicitly disabled and in case skip usage based checks $disabledFunctions = $this->iniGetWrapper->getString('disable_functions'); if (isset($disabledFunctions) && str_contains($disabledFunctions, 'opcache_get_status')) { return [$level, $recommendations]; @@ -70,29 +70,27 @@ class PhpOpcacheSetup implements ISetupCheck { $level = 'error'; } - // Recommend to raise value, if more than 90% of max value is reached - if ( - empty($status['opcache_statistics']['max_cached_keys']) || - ($status['opcache_statistics']['num_cached_keys'] / $status['opcache_statistics']['max_cached_keys'] > 0.9) - ) { - $recommendations[] = $this->l10n->t('The maximum number of OPcache keys is nearly exceeded. To assure that all scripts can be kept in the cache, it is recommended to apply "opcache.max_accelerated_files" to your PHP configuration with a value higher than "%s".', [($this->iniGetWrapper->getNumeric('opcache.max_accelerated_files') ?: 'currently')]); - } - - if ( - empty($status['memory_usage']['free_memory']) || - ($status['memory_usage']['used_memory'] / $status['memory_usage']['free_memory'] > 9) - ) { - $recommendations[] = $this->l10n->t('The OPcache buffer is nearly full. To assure that all scripts can be hold in cache, it is recommended to apply "opcache.memory_consumption" to your PHP configuration with a value higher than "%s".', [($this->iniGetWrapper->getNumeric('opcache.memory_consumption') ?: 'currently')]); + // Check whether OPcache is full, which can be either the overall OPcache size or limit of cached keys reached. + // If the limit of cached keys has been reached, num_cached_keys equals max_cached_keys. The recommendation contains this value instead of opcache.max_accelerated_files, since the effective limit is a next higher prime number: https://www.php.net/manual/en/opcache.configuration.php#ini.opcache.max-accelerated-files + // Else, the remaining $status['memory_usage']['free_memory'] was too low to store another script. Aside of used_memory, this can be also due to wasted_memory, remaining cache keys from scripts changed on disk. + // Wasted memory is cleared only via opcache_reset(), or if $status['memory_usage']['current_wasted_percentage'] reached opcache.max_wasted_percentage, which triggers an engine restart and hence OPcache reset. Due to this complexity, we check for $status['cache_full'] only. + if ($status['cache_full'] === true) { + if ($status['opcache_statistics']['num_cached_keys'] === $status['opcache_statistics']['max_cached_keys']) { + $recommendations[] = $this->l10n->t('The maximum number of OPcache keys is nearly exceeded. To assure that all scripts can be kept in the cache, it is recommended to apply "opcache.max_accelerated_files" to your PHP configuration with a value higher than "%s".', [($status['opcache_statistics']['max_cached_keys'] ?: 'currently')]); + } else { + $recommendations[] = $this->l10n->t('The OPcache buffer is nearly full. To assure that all scripts can be hold in cache, it is recommended to apply "opcache.memory_consumption" to your PHP configuration with a value higher than "%s".', [($this->iniGetWrapper->getNumeric('opcache.memory_consumption') ?: 'currently')]); + } } + // Interned strings buffer: recommend to raise size if more than 90% is used $interned_strings_buffer = $this->iniGetWrapper->getNumeric('opcache.interned_strings_buffer') ?? 0; $memory_consumption = $this->iniGetWrapper->getNumeric('opcache.memory_consumption') ?? 0; if ( // Do not recommend to raise the interned strings buffer size above a quarter of the total OPcache size - ($interned_strings_buffer < ($memory_consumption / 4)) && - ( - empty($status['interned_strings_usage']['free_memory']) || - ($status['interned_strings_usage']['used_memory'] / $status['interned_strings_usage']['free_memory'] > 9) + ($interned_strings_buffer < ($memory_consumption / 4)) + && ( + empty($status['interned_strings_usage']['free_memory']) + || ($status['interned_strings_usage']['used_memory'] / $status['interned_strings_usage']['free_memory'] > 9) ) ) { $recommendations[] = $this->l10n->t('The OPcache interned strings buffer is nearly full. To assure that repeating strings can be effectively cached, it is recommended to apply "opcache.interned_strings_buffer" to your PHP configuration with a value higher than "%s".', [($this->iniGetWrapper->getNumeric('opcache.interned_strings_buffer') ?: 'currently')]); diff --git a/apps/settings/lib/SetupChecks/PhpOutdated.php b/apps/settings/lib/SetupChecks/PhpOutdated.php index 4c7ed5096c0..d0d8e03c705 100644 --- a/apps/settings/lib/SetupChecks/PhpOutdated.php +++ b/apps/settings/lib/SetupChecks/PhpOutdated.php @@ -14,6 +14,11 @@ use OCP\SetupCheck\ISetupCheck; use OCP\SetupCheck\SetupResult; class PhpOutdated implements ISetupCheck { + public const DEPRECATED_PHP_VERSION = '8.1'; + public const DEPRECATED_SINCE = '30'; + public const FUTURE_REQUIRED_PHP_VERSION = '8.2'; + public const FUTURE_REQUIRED_STARTING = '32'; + public function __construct( private IL10N $l10n, ) { @@ -29,7 +34,13 @@ class PhpOutdated implements ISetupCheck { public function run(): SetupResult { if (PHP_VERSION_ID < 80200) { - return SetupResult::warning($this->l10n->t('You are currently running PHP %s. PHP 8.1 is now deprecated in Nextcloud 30. Nextcloud 31 may require at least PHP 8.2. Please upgrade to one of the officially supported PHP versions provided by the PHP Group as soon as possible.', [PHP_VERSION]), 'https://secure.php.net/supported-versions.php'); + return SetupResult::warning($this->l10n->t('You are currently running PHP %1$s. PHP %2$s is deprecated since Nextcloud %3$s. Nextcloud %4$s may require at least PHP %5$s. Please upgrade to one of the officially supported PHP versions provided by the PHP Group as soon as possible.', [ + PHP_VERSION, + self::DEPRECATED_PHP_VERSION, + self::DEPRECATED_SINCE, + self::FUTURE_REQUIRED_STARTING, + self::FUTURE_REQUIRED_PHP_VERSION, + ]), 'https://secure.php.net/supported-versions.php'); } return SetupResult::success($this->l10n->t('You are currently running PHP %s.', [PHP_VERSION])); } diff --git a/apps/settings/lib/SetupChecks/SecurityHeaders.php b/apps/settings/lib/SetupChecks/SecurityHeaders.php index ed4e56218da..9cc6856a170 100644 --- a/apps/settings/lib/SetupChecks/SecurityHeaders.php +++ b/apps/settings/lib/SetupChecks/SecurityHeaders.php @@ -72,11 +72,6 @@ class SecurityHeaders implements ISetupCheck { } } - $xssFields = array_map('trim', explode(';', $response->getHeader('X-XSS-Protection'))); - if (!in_array('1', $xssFields) || !in_array('mode=block', $xssFields)) { - $msg .= $this->l10n->t('- The `%1$s` HTTP header does not contain `%2$s`. This is a potential security or privacy risk, as it is recommended to adjust this setting accordingly.', ['X-XSS-Protection', '1; mode=block']) . "\n"; - } - $referrerPolicy = $response->getHeader('Referrer-Policy'); if (!preg_match('/(no-referrer(-when-downgrade)?|strict-origin(-when-cross-origin)?|same-origin)(,|$)/', $referrerPolicy)) { $msg .= $this->l10n->t( diff --git a/apps/settings/lib/SetupChecks/SupportedDatabase.php b/apps/settings/lib/SetupChecks/SupportedDatabase.php index 31b907a825e..d083958d16e 100644 --- a/apps/settings/lib/SetupChecks/SupportedDatabase.php +++ b/apps/settings/lib/SetupChecks/SupportedDatabase.php @@ -21,7 +21,7 @@ use OCP\SetupCheck\SetupResult; class SupportedDatabase implements ISetupCheck { private const MIN_MARIADB = '10.6'; - private const MAX_MARIADB = '11.4'; + private const MAX_MARIADB = '11.8'; private const MIN_MYSQL = '8.0'; private const MAX_MYSQL = '8.4'; private const MIN_POSTGRES = '13'; diff --git a/apps/settings/lib/SetupChecks/TaskProcessingPickupSpeed.php b/apps/settings/lib/SetupChecks/TaskProcessingPickupSpeed.php new file mode 100644 index 00000000000..83168ac0f3e --- /dev/null +++ b/apps/settings/lib/SetupChecks/TaskProcessingPickupSpeed.php @@ -0,0 +1,63 @@ +<?php + +declare(strict_types=1); + +/** + * SPDX-FileCopyrightText: 2025 Nextcloud GmbH and Nextcloud contributors + * SPDX-License-Identifier: AGPL-3.0-or-later + */ + +namespace OCA\Settings\SetupChecks; + +use OCP\AppFramework\Utility\ITimeFactory; +use OCP\IL10N; +use OCP\SetupCheck\ISetupCheck; +use OCP\SetupCheck\SetupResult; +use OCP\TaskProcessing\IManager; + +class TaskProcessingPickupSpeed implements ISetupCheck { + public const MAX_SLOW_PERCENTAGE = 0.2; + public const TIME_SPAN = 24; + + public function __construct( + private IL10N $l10n, + private IManager $taskProcessingManager, + private ITimeFactory $timeFactory, + ) { + } + + public function getCategory(): string { + return 'ai'; + } + + public function getName(): string { + return $this->l10n->t('Task Processing pickup speed'); + } + + public function run(): SetupResult { + $tasks = $this->taskProcessingManager->getTasks(userId: '', scheduleAfter: $this->timeFactory->now()->getTimestamp() - 60 * 60 * self::TIME_SPAN); // userId: '' means no filter, whereas null would mean guest + $taskCount = count($tasks); + if ($taskCount === 0) { + return SetupResult::success($this->l10n->n('No scheduled tasks in the last %n hour.', 'No scheduled tasks in the last %n hours.', self::TIME_SPAN)); + } + $slowCount = 0; + foreach ($tasks as $task) { + if ($task->getStartedAt() === null) { + continue; // task was not picked up yet + } + if ($task->getScheduledAt() === null) { + continue; // task was not scheduled yet -- should not happen, but the API specifies null as return value + } + $pickupDelay = $task->getScheduledAt() - $task->getStartedAt(); + if ($pickupDelay > 60 * 4) { + $slowCount++; // task pickup took longer than 4 minutes + } + } + + if ($slowCount / $taskCount < self::MAX_SLOW_PERCENTAGE) { + return SetupResult::success($this->l10n->n('The task pickup speed has been ok in the last %n hour.', 'The task pickup speed has been ok in the last %n hours.', self::TIME_SPAN)); + } else { + return SetupResult::warning($this->l10n->n('The task pickup speed has been slow in the last %n hour. Many tasks took longer than 4 minutes to be picked up. Consider setting up a worker to process tasks in the background.', 'The task pickup speed has been slow in the last %n hours. Many tasks took longer than 4 minutes to be picked up. Consider setting up a worker to process tasks in the background.', self::TIME_SPAN), 'https://docs.nextcloud.com/server/latest/admin_manual/ai/overview.html#improve-ai-task-pickup-speed'); + } + } +} diff --git a/apps/settings/lib/UserMigration/AccountMigrator.php b/apps/settings/lib/UserMigration/AccountMigrator.php index 15ac06687b6..1c51aec5104 100644 --- a/apps/settings/lib/UserMigration/AccountMigrator.php +++ b/apps/settings/lib/UserMigration/AccountMigrator.php @@ -35,8 +35,6 @@ class AccountMigrator implements IMigrator, ISizeEstimationMigrator { private ProfileManager $profileManager; - private ProfileConfigMapper $configMapper; - private const PATH_ROOT = Application::APP_ID . '/'; private const PATH_ACCOUNT_FILE = AccountMigrator::PATH_ROOT . 'account.json'; @@ -49,11 +47,10 @@ class AccountMigrator implements IMigrator, ISizeEstimationMigrator { private IAccountManager $accountManager, private IAvatarManager $avatarManager, ProfileManager $profileManager, - ProfileConfigMapper $configMapper, + private ProfileConfigMapper $configMapper, private IL10N $l10n, ) { $this->profileManager = $profileManager; - $this->configMapper = $configMapper; } /** |