| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
When a password is reste we should make sure that all users are properly
logged in. Pending states should be cleared. For example a session where
the 2FA code is not entered yet should be cleared.
The token is now removed so the session will be killed the next time
this is checked (within 5 minutes).
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|\
| |
| |
| |
| | |
nextcloud/backport/13473/dont-log-parameters-on-user-creation-in-case-of-error
[stable13] Don't log parameters on user creation in case of error/exception
|
| |
| |
| |
| | |
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
|/
|
|
| |
Signed-off-by: Robin Appelman <robin@icewind.nl>
|
|
|
|
|
|
|
| |
The second execute statement should be inside the if block. Else it gets
executed twice which makes no sense.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
|
|
|
|
|
| |
Else we overwrite the whole share for link shares. Basically breaking
them.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
|
|
| |
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
|
|
|
|
|
|
|
|
|
| |
Fixes #12498
This means that we set that it is a proper app token once it is
validated. This will allow the 2FA middleware to just run the same
check.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
|
|
| |
Signed-off-by: Robin Appelman <robin@icewind.nl>
|
|\
| |
| | |
[13] Properly search the root of a shared external storage
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Fixes #1020
When an external storage is shared with you in full the root is ''
(empty). This adds an extra check for an empty jail basically.
Because if the jail is on the empty string. It matches all paths.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* fixes #9305 by not being prone to the race condition in insertIfNotExists
* fixes #6899 by not using a query that can result in a deadlock
* replaces the insertIfNotExists call with an insert which is wrapped into a try-catch block
* followup to #12371
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
|/
|
|
|
|
|
|
| |
* fixes #6160 by not being prone to the race condition in insertIfNotExists
* fixes #12228 by not using a query that can result in a deadlock
* replaces the insertIfNotExists call with an insert which is wrapped into a try-catch block
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes #12131
If we hit an expired token there is no need to continue checking. Since
we know it is a token.
We also should not register this with the bruteforce throttler as it is
actually a valid token. Just expired. Instead the authentication should
fail. And buisness continues as usual.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
|
|
| |
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
|
|
|
|
|
|
|
|
| |
When using atoken obtained via OAuth the token expires. Resulting in
brute force attempts hitting the requesting IP.
This resets the brute force attempts for that UID on a valid refresh of
the token.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
|
|
|
|
|
|
| |
If you now keep calling $node->getParent() you will at some point get
the RootFolder back. This is a nice termination check and will prevent
endless loops if an exit condition is slightly off.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|\
| |
| |
| |
| | |
nextcloud/bugfix-stable13/9326/make_sure_usermanager_getByEmail_only_returns_IUser
[stable13] filter null values for UserManager::getByEmail
|
| |
| |
| |
| | |
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
|
|/
|
|
|
|
| |
Before it quit right after finding the theme version of the l10n file which results in a not translated part of the UI.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
|
|
|
|
|
|
| |
To allow us to create previews of files stored in appdata we need to
construct the view differently.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
|
|
|
|
| |
this saves searching for shares on non-public link dav requests
Signed-off-by: Robin Appelman <robin@icewind.nl>
|
|
|
|
| |
Signed-off-by: Robin Appelman <robin@icewind.nl>
|
|
|
|
| |
Signed-off-by: Robin Appelman <robin@icewind.nl>
|
|
|
|
| |
Signed-off-by: Robin Appelman <robin@icewind.nl>
|
|
|
|
| |
Signed-off-by: Robin Appelman <robin@icewind.nl>
|
|
|
|
| |
Signed-off-by: Robin Appelman <robin@icewind.nl>
|
|
|
|
| |
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
|\
| |
| |
| |
| | |
nextcloud/backport/10260/improved-sql-for-fetching-quota
[stable13] Use the path_hash instead of the path to query the filecache
|
| |
| |
| |
| | |
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
|/
|
|
| |
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
|
|
|
|
|
| |
We have the token anyway. So better the scope as well.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|\
| |
| | |
[13] use insertIfNotExists to store new mimetypes.
|
| |
| |
| |
| |
| |
| | |
Also throw an error if we can't find the mimetype after insert
Signed-off-by: Robin Appelman <robin@icewind.nl>
|
|/
|
|
|
|
| |
only update the encrypted version after the write operation is finished and the stream is closed
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
|
|
|
|
| |
Signed-off-by: Robin Appelman <robin@icewind.nl>
|
|
|
|
| |
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
|\
| |
| | |
[stable13] Allow updating the token on session regeneration
|
| |
| |
| |
| |
| |
| |
| | |
Sometimes when we force a session regeneration we want to update the
current token for this session.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|\ \
| | |
| | | |
[stable13] Request a valid property for DAV opendir
|
| |/
| |
| |
| |
| |
| |
| |
| | |
Apperently Sabre and Onedrive are not friends when requesting a single
404 property. I need to dig deeper on why this is. Anyways requesting a
valid property makes it work like a charm.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|\ \
| |/
|/| |
[13] prevent lock values from going negative with memcache backend
|
| |
| |
| |
| |
| |
| |
| |
| | |
This can be caused by the code releasing more locks then it acquires,
once the lock value becomes negative it's likely that it will never be able
to change into an exclusive lock again.
Signed-off-by: Robin Appelman <robin@icewind.nl>
|
|\ \
| |/
|/| |
[stable13] allow to disable encryption
|
| |
| |
| |
| | |
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
|
| |
| |
| |
| |
| |
| |
| | |
Some bad databases don't respect the default null apprently.
Now even if they cast it to 0 it should work just fine.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
| |
| |
| |
| | |
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
| |
| |
| |
| | |
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
If a PUT request comes in that is not JSON or from encoded. Then we can
only read it (exactly) once. If that is the case we must assume no
shared secret is set.
If we don't then we either are the first to read it, thus causing the
real read of the data to fail.
Or we are later and then it throws an exception (also failing the
request).
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
| |
| |
| |
| | |
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|