Directory entry file names are now normalized in getMetaData(),
getDirectoryContents() and opendir().
This makes the scanner work properly as it assumes pre-normalized names.
In case the names were not normalized, the scanner will now skip the
entries and display a warning when applicable.
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
Using escapeshellcmd to get current locale causes error
if the function is disabled.
Add fallbacks to prevent the error.
Signed-off-by: Naoto Kobayashi <naoto.kobayashi4c@gmail.com>
When php version = 8, basename('§') does not bug even if LC_ALL is non-UTF-8 locale.
This cause OC_Util::isSetLocaleWorking() to skip setlocale("C.UTF-8").
Fix it by using escapeshellcmd instead of basename.
Signed-off-by: Naoto Kobayashi <naoto.kobayashi4c@gmail.com>
We want to keep offering our push notification service for free, but large
users overload our infrastructure. For this reason we have to rate-limit the
use of push notifications. If you need this feature, consider setting up your
own push server or using Nextcloud Enterprise.
Signed-off-by: Joas Schilling <coding@schilljs.com>
- both $userData and $defaultUserData have numeric indices
- each element contains at least the name and other fields
- appending the missing data array is sufficient
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
The auth token activity logic works as follows
* Read auth token
* Compare last activity time stamp to current time
* Update auth token activity if it's older than x seconds
This works fine in isolation but with concurrency that means that
occasionally the same token is read simultaneously by two processes and
both of these processes will trigger an update of the same row.
Affectively the second update doesn't add much value. It might set the
time stamp to the exact same time stamp or one a few seconds later. But
the last activity is no precise science, we don't need this accuracy.
This patch changes the UPDATE query to include the expected value in a
comparison with the current data. This results in an affected row when
the data in the DB still has an old time stamp, but won't affect a row
if the time stamp is (nearly) up to date.
This is a micro optimization and will possibly not show any significant
performance improvement. Yet in setups with a DB cluster it means that
the write node has to send fewer changes to the read nodes due to the
lower number of actual changes.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
- New properties
- Organisation
- Role
- Headline
- Biography
- Profile Enabled property
- Fix errors with building default account properties
- Fix L10N factory method `getLanguage` not public error
- Update tests
Signed-off-by: Christopher Ng <chrng8@gmail.com>
What we get from the registration context are only the class names. We
still have to load the classes before we can use them.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
The existing `findLanguage` method tries its best to find the best
language for the current users. For some tasks we don't want this but
rather determine the most generic language for *another* user, e.g. when
the current user trigger an email notifiaction to someone else. In this
case the current user's language is a bad guess in many multi-language
environments.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
- specific getters and setters on IUser and implementation
- new notify_email field in provisioning API
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
- mails added by (sub)admins are automatically verified
- provisioning_api controller as verification endpoint
- IAccountProperty gets a locallyVerified property
- IPropertyCollection gets a method to fetch an IAccountProperty by value
- an remove equivalent was already present
- AccountManager always initiates mail verification on update if necessary
- add core success template for arbitrary title and message
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
avoid unlimited quota as default_quota fallback value if unlimited quota is not allowed
avoid getting/setting/displaying unlimited default quota if not allowed
implement tests for unlimited quota restrictions
Signed-off-by: Julien Veyssier <eneiluj@posteo.net>
Signed-off-by: npmbuildbot-nextcloud[bot] <npmbuildbot-nextcloud[bot]@users.noreply.github.com>
For security reasons, we may want to monitor failures of 2FA challenges in order to ban attackers who might try to access compromised accounts but are stopped by the 2FA challenge.
Right now, the only hindrance is rate-limiting, but it's probably not enough.
Added dependency injection.
Signed-off-by: pjft <paulo.j.tavares@gmail.com>
The at() matcher has been deprecated. It will be removed in PHPUnit 10.
Please refactor your test to not rely on the order in which methods are
invoked.
Signed-off-by: François Freitag <mail@franek.fr>
- Drop reliance on deprecated global jQuery object.
- Allow testing user interactions.
- Use newer technology stack.
---
Test user interactions with the groupware dav settings
Add infrastructure to test Vue components:
- Use recommended libraries:
- https://vuejs.org/v2/guide/testing.html#Recommendations
- Use jest-dom for robust assertions on the DOM state
- Use user-event to be more representative of user actions
- Code is transpiled by Jest, with the help of vue-jest.
Ignore test files for no-unpublished-import. Prevent ESLint from
flagging:
```
/home/runner/work/server/server/apps/dav/src/views/CalDavSettings.spec.js
Error: 1:24 error "@testing-library/vue" is not published node/no-unpublished-import
Error: 2:23 error "@testing-library/user-event" is not published node/no-unpublished-import
```
Signed-off-by: François Freitag <mail@franek.fr>
- in fact the API could be done in a nicer way and it might be possible to
work without IAccountPropertyCollection, but only with the
IAccountProperties.
- To keep it simple at first and not overengineer the blunt attempt is
followed
- If necessary helpful in the further cause of development adjustements or
extensions can be done quickly with this base
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
[Jest](https://jestjs.io/) is a test runner that focuses on simplicity.
It instruments babel to transform modules and test them.
Using Jest simplifies the existing configuration and allows dropping a
bunch of workarounds, as well as following the shared Babel
configuration for new code.
Signed-off-by: François Freitag <mail@franek.fr>
- extends IAccountProperty for verificationData getters and setters
- implementation thereof ^
- and of course adaption of UsersController
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2) Test\Support\Subscription\RegistryTest::testDelegateIsHardUserLimitReachedWithoutSupportAppAndUserCount with data set #0 (35, 15, 2, false)
Cannot stub or mock class or interface "Test\Support\Subscription\UserInterface" which does not exist
3) Test\Support\Subscription\RegistryTest::testDelegateIsHardUserLimitReachedWithoutSupportAppAndUserCount with data set #1 (35, 45, 15, false)
Cannot stub or mock class or interface "Test\Support\Subscription\UserInterface" which does not exist
4) Test\Support\Subscription\RegistryTest::testDelegateIsHardUserLimitReachedWithoutSupportAppAndUserCount with data set #2 (35, 45, 5, true)
Cannot stub or mock class or interface "Test\Support\Subscription\UserInterface" which does not exist
5) Test\Support\Subscription\RegistryTest::testDelegateIsHardUserLimitReachedWithoutSupportAppAndUserCount with data set #3 (35, 45, 55, false)
Cannot stub or mock class or interface "Test\Support\Subscription\UserInterface" which does not exist
Had to use the Database user backend, as using multiple interfaces is deprecated:
https://github.com/sebastianbergmann/phpunit/issues/3955
> This functionality should be deprecated as "having to use it" is almost always a symptom of bad design.
> More importantly, though, the support for the creation of test doubles that implement multiple interfaces
> resulted in code that is hard to maintain.
Signed-off-by: Joas Schilling <coding@schilljs.com>
In the WebDriver protocol, when a command fails because it can not
interact with the target element, an "element not interactable" error is
generated. It can be a transitive issue (for example, due to an
animation), so when the error is received the command should be tried
again, just like done, for example, with "ElementNotVisible" exceptions.
However, the last version of the "instaclick/php-webdriver" library
compatible with the Selenium Driver of Mink did not support yet that
WebDriver error. And even if Chrome is run using the old protocol an
unknown "element not interactable" error can be received anyway in some
cases. When an unknown error is received by the
"instaclick/php-webdriver" library it is thrown as a generic Exception
so, until the library can be updated, the message of generic exceptions
is checked and the command is retried if it matched.
For the time being "element not interactable" errors are handled like
"ElementNotVisible" exceptions; this may need to change once the error
is better understood.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
The acceptance tests used the last Selenium 2 Docker container
available, which provides a rather old Firefox version (Firefox 47).
Nevertheless, despite some rendering issues, most things still worked as
expected due to the JavaScript files being built with support for older
browsers. However, now that support for Internet Explorer 11 and older
browsers will be dropped things could start to fail, so a newer browser
(and thus a newer Selenium version) should be used in the acceptance
tests.
Selenium has been standardized by the W3C, and the protocol to
communicate between the Selenium server and the browser has changed due
to that. Firefox >= 48 only supports the new W3C protocol, but the
Selenium driver for Mink does not support it yet.
The old protocol can still be used in recent Chromium/Chrome versions by
explicitly forcing it, so for the time being the acceptance tests will
need to be run on Chrome instead (although Firefox provides some
interesting features like the fake streams that would be needed to test
calls in Talk, so they should be moved again to Firefox once possible).
Finally, the default shm size of Docker is 64 MiB. This does not seem
enough to run newer Chrome releases and causes the browser to randomly
crash during the tests ("unknown error: session deleted because of page
crash" is shown in the logs). Due to this "disable-dev-shm-usage" needs
to be used so Chrome writes shared memory files into "/tmp" instead of
"/dev/shm" (the default shm size of Docker could have been increased
instead using "docker run --shm-size...", but that seems to be
problematic when the container is run in current Drone releases).
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
When the value is set in some input fields a carriage return was sent to
simulate pressing the enter key and thus confirming the input. However,
different browsers use different keys (Firefox uses "\r", but Chrome
uses "\n"), so the carriage return was replaced with the WebDriver
"ENTER" constant which is common to both browsers.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Sending the "enter" key is not needed in those input fields that auto
save while the user is typing or when the focus is lost (which since
version 1.4.0 the Selenium driver for Mink is automatically done after
setting the value).
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Whilst we currently state that SSRF is generally outside of our threat model, this is something where we should invest to improve this.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Since version 1.8.0 of Mink "Mink::getSession()" no longer starts the
session automatically (see https://github.com/minkphp/Mink/pull/705), so
it now needs to be explicitly started.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Since version 1.4.0 the Selenium driver for Mink uses again the element
on which the value was set (see
https://github.com/minkphp/MinkSelenium2Driver/pull/286). When creating
a new folder or renaming one sending a new line ("\r") caused the
element on which the value was set to be removed, so the element was no
longer attached to the DOM when the driver tried to use it again, and
thus a "StaleElementReference" exception was thrown.
Due to this now it is needed to explicitly click the confirm button when
creating a new folder. In the case of the renaming, on the other hand,
nothing else besides not sending the new line is needed, as the Selenium
driver now unfocuses the element (that is why it uses again the element
after setting the value) which triggers the renaming.
Besides that, the Selenium driver for Mink uses a library to simulate
certain events, bitovi/syn. In version 1.4.0 that library was updated to
version 0.0.3, which seems to somehow break pressing the "escape" key.
Due to this now the sharing menu has to be closed by pressing "enter" on
the share menu button instead.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
The PHPUnit update also required an update of "symfony/yaml", so besides
the changes needed for PHPUnit the "behat.yml" file also had to be
adjusted.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
When avatar scope is private, the PlaceholderAvatar is used to deliver a
placeholder avatar based on the user's initials.
This was implemented as a separate class for now to avoid messing with
the existing UserAvatar implementation and its generated vs
non-generated logic.
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
Use new scope values in settings page.
Adjust all consumers to use the new constants.
Map old scope values to new ones in account property getter.
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
Added new v2-private account manager scope that restricts the scope
further by excluding public link access.
Avatars with v2-private account scope are now showing the guest avatar
instead of the real avatar.
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
Remove "ocs-provider" test folder reference as it doesn't exist any
more.
Added back "Test" test subdir and fixed the tests inside.
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
It seems Phpunit < 9 was case insensitive.
Fixed the phpunit config to target the correct name for the "Core" test
directory.
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
Updating a user or group share now uses the correct method for the
validation of the expiration date. Instead of using the one from links
it uses the one for internal shares.
To avoid future confusion, the method "validateExpirationDate" has been
renamed to "validateExpirationDateLink".
Signed-off-by: Vincent Petry <vincent@nextcloud.com>