summaryrefslogtreecommitdiffstats
path: root/lib/private
Commit message (Collapse)AuthorAgeFilesLines
* Clean pending 2FA authentication on password resetRoeland Jago Douma2019-01-301-0/+9
| | | | | | | | | | | When a password is reste we should make sure that all users are properly logged in. Pending states should be cleared. For example a session where the 2FA code is not entered yet should be cleared. The token is now removed so the session will be killed the next time this is checked (within 5 minutes). Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Merge pull request #13707 from ↵Morris Jobke2019-01-251-0/+3
|\ | | | | | | | | nextcloud/backport/13473/dont-log-parameters-on-user-creation-in-case-of-error [stable13] Don't log parameters on user creation in case of error/exception
| * Don't log parameters on user creation in case of error/exceptionJoas Schilling2019-01-211-0/+3
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | cleanup shared lock if changing to exclusive lock failedRobin Appelman2019-01-221-1/+7
|/ | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* Only execute query in propagateChange onceRoeland Jago Douma2018-12-051-2/+2
| | | | | | | The second execute statement should be inside the if block. Else it gets executed twice which makes no sense. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Do not update child all child shares on group share updateRoeland Jago Douma2018-12-041-0/+1
| | | | | | | Else we overwrite the whole share for link shares. Basically breaking them. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* PHP module is named mbstringMorris Jobke2018-12-041-1/+1
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Bearer tokens are app tokenRoeland Jago Douma2018-11-201-0/+4
| | | | | | | | | | Fixes #12498 This means that we set that it is a proper app token once it is validated. This will allow the 2FA middleware to just run the same check. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* forward object not found error in swift as dav 404Robin Appelman2018-11-192-8/+22
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* Merge pull request #12376 from nextcloud/backport/12284/stable13Roeland Jago Douma2018-11-131-1/+1
|\ | | | | [13] Properly search the root of a shared external storage
| * Properly search the root of a shared external storageRoeland Jago Douma2018-11-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | Fixes #1020 When an external storage is shared with you in full the root is '' (empty). This adds an extra check for an empty jail basically. Because if the jail is on the empty string. It matches all paths. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Fix UniqueConstraintViolationException while insert into oc_file_locksMorris Jobke2018-11-131-1/+12
| | | | | | | | | | | | | | | | | | * fixes #9305 by not being prone to the race condition in insertIfNotExists * fixes #6899 by not using a query that can result in a deadlock * replaces the insertIfNotExists call with an insert which is wrapped into a try-catch block * followup to #12371 Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* | Fix UniqueConstraintViolationException while insert into oc_filecacheMorris Jobke2018-11-131-7/+18
|/ | | | | | | | * fixes #6160 by not being prone to the race condition in insertIfNotExists * fixes #12228 by not using a query that can result in a deadlock * replaces the insertIfNotExists call with an insert which is wrapped into a try-catch block Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Error out early on an expired tokenRoeland Jago Douma2018-11-021-1/+11
| | | | | | | | | | | | | Fixes #12131 If we hit an expired token there is no need to continue checking. Since we know it is a token. We also should not register this with the bruteforce throttler as it is actually a valid token. Just expired. Instead the authentication should fail. And buisness continues as usual. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Move ExpiredTokenException to the correct namespaceRoeland Jago Douma2018-11-023-2/+4
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Reset bruteforce on token refresh OAuthRoeland Jago Douma2018-11-021-1/+2
| | | | | | | | | | When using atoken obtained via OAuth the token expires. Resulting in brute force attempts hitting the requesting IP. This resets the brute force attempts for that UID on a valid refresh of the token. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Actually return the root folder when traversing up the treeRoeland Jago Douma2018-10-261-1/+5
| | | | | | | | If you now keep calling $node->getParent() you will at some point get the RootFolder back. This is a nice termination check and will prevent endless loops if an exit condition is slightly off. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Merge pull request #11978 from ↵Roeland Jago Douma2018-10-231-1/+5
|\ | | | | | | | | nextcloud/bugfix-stable13/9326/make_sure_usermanager_getByEmail_only_returns_IUser [stable13] filter null values for UserManager::getByEmail
| * filter null values for UserManager::getByEmailGeorg Ehrke2018-10-221-1/+5
| | | | | | | | Signed-off-by: Georg Ehrke <developer@georgehrke.com>
* | Load apps/APP/l10n/*.js and themes/THEME/apps/APP/l10n/*.jsMorris Jobke2018-10-231-0/+1
|/ | | | | | Before it quit right after finding the theme version of the l10n file which results in a not translated part of the UI. Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Allow the creationg of previews of files stored in appdataRoeland Jago Douma2018-10-092-12/+10
| | | | | | | To allow us to create previews of files stored in appdata we need to construct the view differently. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* tokens can't be valid local user namesRobin Appelman2018-08-272-11/+13
| | | | | | this saves searching for shares on non-public link dav requests Signed-off-by: Robin Appelman <robin@icewind.nl>
* more efficient way to detect added and removed mountsRobin Appelman2018-08-271-9/+23
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* cache OC\Files\Mount\Manager::findIn resultsRobin Appelman2018-08-271-0/+1
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* cache OC\Files\Mount\Manager::findIn resultsRobin Appelman2018-08-271-7/+18
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* use more efficient method to find mountpoint for pathRobin Appelman2018-08-271-15/+16
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* remove double loop for detecting changed mountsRobin Appelman2018-08-271-9/+12
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* MySQL 8.0+ and MariaDB 10.3+ are large prefix and barracuda by defaultJoas Schilling2018-08-231-4/+23
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Merge pull request #10762 from ↵blizzz2018-08-201-1/+1
|\ | | | | | | | | nextcloud/backport/10260/improved-sql-for-fetching-quota [stable13] Use the path_hash instead of the path to query the filecache
| * Use the path_hash instead of the path to query the filecacheMorris Jobke2018-08-201-1/+1
| | | | | | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* | Make sure error_log() always receives a stringJoas Schilling2018-08-201-0/+3
|/ | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Update the scope of the lockdownmanagerRoeland Jago Douma2018-08-141-0/+3
| | | | | | We have the token anyway. So better the scope as well. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Merge pull request #10620 from nextcloud/mimetype-insert-if-not-exists-13blizzz2018-08-131-14/+7
|\ | | | | [13] use insertIfNotExists to store new mimetypes.
| * use insertIfNotExists to store new mimetypes.Robin Appelman2018-08-091-14/+7
| | | | | | | | | | | | Also throw an error if we can't find the mimetype after insert Signed-off-by: Robin Appelman <robin@icewind.nl>
* | make file cache updates more robustBjoern Schiessle2018-08-081-2/+17
|/ | | | | | only update the encrypted version after the write operation is finished and the stream is closed Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
* Do scan the root storage in background scanRobin Appelman2018-07-241-5/+0
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* Sanitize parameters in createSessionToken() while loggingMorris Jobke2018-07-111-0/+1
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Merge pull request #10170 from nextcloud/backport/9823/stable13Morris Jobke2018-07-114-4/+38
|\ | | | | [stable13] Allow updating the token on session regeneration
| * Allow updating the token on session regenerationRoeland Jago Douma2018-07-094-4/+38
| | | | | | | | | | | | | | Sometimes when we force a session regeneration we want to update the current token for this session. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Merge pull request #10169 from nextcloud/backport/9955/stable13John Molakvoæ2018-07-111-1/+1
|\ \ | | | | | | [stable13] Request a valid property for DAV opendir
| * | Request a valid property for DAV opendirRoeland Jago Douma2018-07-091-1/+1
| |/ | | | | | | | | | | | | | | Apperently Sabre and Onedrive are not friends when requesting a single 404 property. I need to dig deeper on why this is. Anyways requesting a valid property makes it work like a charm. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Merge pull request #10180 from nextcloud/lock-negative-13Morris Jobke2018-07-111-2/+8
|\ \ | |/ |/| [13] prevent lock values from going negative with memcache backend
| * prevent lock values from going negative with memcache backendRobin Appelman2018-07-101-2/+8
| | | | | | | | | | | | | | | | This can be caused by the code releasing more locks then it acquires, once the lock value becomes negative it's likely that it will never be able to change into an exclusive lock again. Signed-off-by: Robin Appelman <robin@icewind.nl>
* | Merge pull request #10121 from nextcloud/stable13-allow-disable-encryptionMorris Jobke2018-07-091-2/+6
|\ \ | |/ |/| [stable13] allow to disable encryption
| * allow to disable encryptionBjoern Schiessle2018-07-051-2/+6
| | | | | | | | Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
* | Make the token expiration also work for autocasting 0Roeland Jago Douma2018-06-081-1/+1
| | | | | | | | | | | | | | Some bad databases don't respect the default null apprently. Now even if they cast it to 0 it should work just fine. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Fix syntax for php5.6Christoph Wurst2018-06-041-1/+1
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Fix local users check in contacts menuChristoph Wurst2018-06-041-1/+2
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Make sure the log doesn't try to read from PUT if it can'tRoeland Jago Douma2018-05-301-1/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | If a PUT request comes in that is not JSON or from encoded. Then we can only read it (exactly) once. If that is the case we must assume no shared secret is set. If we don't then we either are the first to read it, thus causing the real read of the data to fail. Or we are later and then it throws an exception (also failing the request). Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Make sure the file is readable before attempting to create a previewRoeland Jago Douma2018-05-291-0/+6
| | | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>