aboutsummaryrefslogtreecommitdiffstats
path: root/apps/dav/lib/Connector
Commit message (Collapse)AuthorAgeFilesLines
* Revert "perf(base): Stop setting up the FS for every basic auth request"John Molakvoæ10 days1-14/+3
|
* fix(dav): Initialize the FS for the user right after authenticatingprovokateurin13 days1-3/+14
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* chore: apply new CSFixer rulesFerdinand Thiessen2025-07-0114-25/+32
| | | | | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de> # Conflicts: # apps/settings/lib/SetupChecks/PhpOpcacheSetup.php
* perf(dav): Preload dav search with tags/favoritesperf/dav-preload-search-tagsJulius Knorr2025-06-271-13/+31
| | | | Signed-off-by: Julius Knorr <jus@bitgrid.net>
* fix(dav): catch exception on non local accountfix/noid/ignore-missing-ownerMaxence Lange2025-06-251-1/+8
| | | | Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
* fix: log error when writing stream to dav filedav-file-write-logRobin Appelman2025-05-301-1/+3
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* Merge pull request #52810 from ↵Louis2025-05-221-10/+25
|\ | | | | | | nextcloud/artonge/feat/do_not_require_samesite_strict_cookie_on_public.php
| * fix: Move CSRF check from base to PublicAuth for public.phpLouis Chemineau2025-05-211-10/+25
| | | | | | | | | | | | | | | | | | | | | | | | | | | | This currently prevent directly accessing a ressource when clicking on a link on a third party site. Example, clicking on `https://example.com/public.php/dav/files/pqLWcA269zfzXez/?accept=zip` in a GitHub comment. Skipping the check is an issue with password protected shares, as it allows third party sites to request the ressource when the user already entered the password, aka CSRF. So after removing the check from `base.php`, we need to add the it again in the `PublicAuth` plugin. We also add a redirect to be helpful to the user. **Warning**: this adds the limitation that clicking on a direct download link for password protected shares will redirect you to the password form, and then to the main share view. Fix #52482 Signed-off-by: Louis Chemineau <louis@chmn.me>
* | chore: move streamCopy implementation from `OC_Helper` to `OCP\Files`Ferdinand Thiessen2025-05-161-1/+2
|/ | | | | | | | | The function was already there but called the legacy version. So moved the implementation and migrated all usages of it. Sadly the interface was slightly different so adjusted it to be compatible with both legacy and the OCP one. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* refactor: Apply rector refactoringschore/deps/rector-2.0provokateurin2025-05-142-6/+3
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* fix(dav): remove unnecessary plugin getHTTPMethodsfeat/file-drop-recursiveJohn Molakvoæ (skjnldsv)2025-05-131-14/+0
| | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* feat(dav): allow uploading folders to public sharesJohn Molakvoæ (skjnldsv)2025-05-132-15/+16
| | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* Merge pull request #52586 from nextcloud/bugfix/noid/remove-sleep-from-throttlerDaniel2025-05-061-3/+6
|\ | | | | fix(throttler): Always use the sleepDelayOrThrowOnMax instead of deprecated sleepDelay
| * fix(throttler): Remove the sleep from the throttler that throwsbugfix/noid/remove-sleep-from-throttlerJoas Schilling2025-05-021-3/+6
| | | | | | | | | | | | | | The sleep is not adding benefit when it's being aborted with 429 in other cases anyway. Signed-off-by: Joas Schilling <coding@schilljs.com>
* | feat(dav): Enable chunked upload for public sharesprovokateurin2025-05-051-0/+12
| | | | | | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* | refactor(dav): Replace baseuri manipulation with RootCollection for public ↵provokateurin2025-05-053-22/+78
| | | | | | | | | | | | shares Signed-off-by: provokateurin <kate@provokateurin.de>
* | feat(dav): Allow share principalsprovokateurin2025-05-051-0/+5
|/ | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* fix(dav): check the owner displayName scope before giving attributeskjnldsv2025-04-302-1/+22
| | | | Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
* fix(dav): allow uploading of files with long filenamesfix/path-lengthFerdinand Thiessen2025-04-221-3/+9
| | | | | | | | | | A filename must be less or equal 255 characters, but when adding the `.part` and `.ocfiletransfer` extensions we might overflow this limit. So we should also use filename hashes for uploading when the file has a long filename, similar like when we are uploading to the user storage directly. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* refactor(dav): simplify length header handlingFerdinand Thiessen2025-04-221-31/+25
| | | | | | Reduce nesting and drop duplicated sections. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* feat(files_sharing): add WebDAV property for the `hide-download` state of sharesFerdinand Thiessen2025-04-161-2/+15
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* Merge pull request #51845 from nextcloud/zip-download-no-sabre-responseFerdinand Thiessen2025-04-011-0/+17
|\ | | | | fix: don't have sabre/dav send it's own reponse if we already send the zip response
| * fix: don't have sabre/dav send it's own reponse if we already send the zip ↵zip-download-no-sabre-responseRobin Appelman2025-04-011-0/+17
| | | | | | | | | | | | response Signed-off-by: Robin Appelman <robin@icewind.nl>
* | fix(oauth2): retain support for legacy ownCloud clientsfix/oauth2/retain-legacy-oc-client-supportRichard Steinmetz2025-04-011-0/+10
|/ | | | Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
* fix(dav): Give proper HTTP status code on MKCOL when quota exceededfix/mkcol-quota-exceeded-responseMarcel Klehr2025-03-311-1/+33
| | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
* fix(dav): do not require CSRF for safe and indempotent HTTP methodsfix/dav-csrfFerdinand Thiessen2025-03-131-2/+3
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* feat: Support deleting metadata from WebDAVartonge/feat/allow_deleting_metadataLouis Chemineau2025-03-041-0/+6
| | | | | | The `$value` will be `null` if the update is wrapped inside a `<d:remove>...</d:remove>` block. Signed-off-by: Louis Chemineau <louis@chmn.me>
* fix(dav): Handle end of stream in `File::put`fix/dav-harden-stream-handlingFerdinand Thiessen2025-02-181-16/+11
| | | | | | | | If the stream is aborted and the callback wrapper returns false (or null as it happened in some cases), we should not try to write to the storage but abort the operation. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* chore: Apply new rector configuration to apps folderCôme Chilliet2025-02-134-27/+36
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* chore: re-apply current rector configuration to apps folderCôme Chilliet2025-02-132-2/+4
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix: Replace isInstalled calls with isEnabledForAnyone or isEnabledForUserCôme Chilliet2025-02-131-1/+1
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix: use relative paths for upload locksbug/48678/restore-dav-error-response-2Robin Appelman2025-02-111-2/+2
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* fix: Replace the TypeError to prevent exposing the installation pathDaniel Kesselberg2025-02-111-10/+8
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* fix: block moving files to it's own parent with davblock-dav-move-parentRobin Appelman2025-01-031-0/+5
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* refactor: Use Http framework where possibleuseHttpFrameworkGit'Fellow2024-12-146-18/+21
| | | | Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
* Merge pull request #48612 from nextcloud/fix/activity-log-for-favorites-in-davJulius Knorr2024-12-122-2/+6
|\ | | | | add activity logging for favorites in dav
| * refactor(tags): move favorite event dispatching to tags.phpgrnd-alt2024-12-031-4/+0
| | | | | | | | Signed-off-by: grnd-alt <salimbelakkaf@outlook.de>
| * fix(dav): add activity logging for favorites in davgrnd-alt2024-12-032-2/+10
| | | | | | | | Signed-off-by: grnd-alt <salimbelakkaf@outlook.de>
* | fix: log which file cannot be openedRobin Appelman2024-12-041-2/+7
| | | | | | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* | fix: Throw exception when copy failedLouis Chemineau2024-12-041-1/+7
|/ | | | Signed-off-by: Louis Chemineau <louis@chmn.me>
* chore(config): set min supported desktop to `2.7.0`John Molakvoæ2024-11-271-1/+1
| | | | | Signed-off-by: John Molakvoæ <skjnldsv@users.noreply.github.com> Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
* feat(config): add `maximum.supported.desktop.version`skjnldsv2024-11-271-3/+15
| | | | Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
* fix: Re-throwing the TypeError to prevent exposing the installation pathbug/48678/restore-dav-error-responseDaniel Kesselberg2024-11-221-0/+92
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Revert "fix(dav): Always respond custom error page on exceptions"Daniel Kesselberg2024-11-221-2/+4
| | | | | | This reverts commit 9992e7d4395a773fec7148cf5b4111f894cb40b7. Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Revert "fix: Override start method of \Sabre\DAV\Server to remove exception ↵Daniel Kesselberg2024-11-221-23/+0
| | | | | | | | output" This reverts commit e202896a7476f6c3ad74793e6524293fd8a93224. Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* fix(Federation): Show some icon for federated users on sharesfenn-cs2024-11-091-0/+7
| | | | Signed-off-by: nfebe <fenn25.fn@gmail.com>
* fix: smuggle storage id to metadata insert queriesRobin Appelman2024-11-071-0/+3
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* fix(psalm): Fix some newly detected issuesrefactor/apps/constructor-property-promotionprovokateurin2024-10-211-4/+0
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* refactor(apps): Use constructor property promotion when possibleprovokateurin2024-10-2122-264/+132
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* chore(apps): Apply new rector configuration to autouse classesCôme Chilliet2024-10-1515-77/+95
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-21 14:42:59 +0000