nextcloud

mirror of https://github.com/nextcloud/server.git synced 2026-06-15 19:49:38 -04:00

Author	SHA1	Message	Date
Anna	e29038414d	Merge pull request #59677 from nextcloud/fix/57340/owncloud-migration-appconfig-userconfig fix(appconfig,userconfig): restore pre-migration fallback for ownCloud migration	2026-05-28 20:42:29 +02:00
Andy Scherzinger	0a297f4b2b	Merge pull request #60026 from nextcloud/rakekniven-patch-2 chore(i18n): Remove space in word1/word2	2026-05-28 16:53:42 +02:00
rakekniven	5de1357c09	chore(i18n): Remove space in word1/word2 Signed-off-by: rakekniven <2069590+rakekniven@users.noreply.github.com>	2026-05-28 16:21:22 +02:00
rakekniven	ae17a4d2bc	chore(i18n): Remove space in word1/word2 Signed-off-by: rakekniven <2069590+rakekniven@users.noreply.github.com>	2026-05-28 16:21:22 +02:00
rakekniven	cf3c1edb0a	chore(i18n): Remove space in FTP/FTPS Signed-off-by: rakekniven <2069590+rakekniven@users.noreply.github.com>	2026-05-28 16:21:22 +02:00
Anna	781eb630c4	Merge pull request #60751 from nextcloud/fix/noid/checkbox-tests-share20 test(share20): replace addToAssertionCount checkbox tests in Share20 ManagerTest	2026-05-28 15:59:35 +02:00
Stephan Orbaugh	72f5eea531	Merge pull request #60734 from nextcloud/feat/user/avatar-url-getters feat(UserManager): Add getters for avatar URLs	2026-05-28 15:51:42 +02:00
Andy Scherzinger	f23eec632f	Merge pull request #60027 from nextcloud/rakekniven-patch-3 chore(l10n): Plural needed to support multiplural languages	2026-05-28 14:10:48 +02:00
Louis	1e8b4a051e	Merge pull request #60741 from nextcloud/fix/reverse-logic fix(encryption): recovery keys should be shown when user keys are used	2026-05-28 13:51:03 +02:00
Stephan Orbaugh	4cad192bcd	Merge pull request #60102 from nextcloud/automated/noid/rector-changes	2026-05-28 12:31:17 +02:00
nextcloud-command	1a87e64fda	chore(assets): Recompile assets Signed-off-by: nextcloud-command <nextcloud-command@users.noreply.github.com>	2026-05-28 10:15:05 +00:00
Ferdinand Thiessen	e763a7d661	fix(encryption): recovery keys should be shown when user keys are used - fixes https://github.com/nextcloud/server/pull/57515/changes?diff=unified#r3305155382 Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2026-05-28 10:09:04 +00:00
Kate	b165048074	Merge pull request #60733 from nextcloud/fix/db/sqlite-foreign-key-constraints fix(DB): Enforce foreign key constraints in SQLite	2026-05-28 12:04:52 +02:00
github-actions[bot]	353a560956	Merge pull request #60788 from nextcloud/dependabot/composer/vendor-bin/behat/symfony/yaml-7.4.13 chore(deps-dev): Bump symfony/yaml from 7.4.8 to 7.4.13 in /vendor-bin/behat	2026-05-28 09:04:39 +00:00
Anna Larch	b2c9273e5f	fix(appconfig,userconfig): restore pre-migration fallback for ownCloud migration AppConfig and UserConfig unconditionally queried NC-only columns (type, lazy, flags, indexed) that don't exist in ownCloud's database schema, breaking ownCloud → Nextcloud upgrades entirely before the schema migration steps could run. Restore the fallback pattern in both classes: on first loadConfig() call, if a DBException with REASON_INVALID_FIELD_NAME is thrown, set $migrationCompleted = false and retry selecting only the columns present in ownCloud's schema. INSERT and UPDATE statements also omit NC-only columns when $migrationCompleted is false. The catch block also guards against infinite recursion: if $migrationCompleted is already false when the exception fires, the exception is re-thrown instead of triggering another recursive call. Fixes: https://github.com/nextcloud/server/issues/57340 Signed-off-by: Anna Larch <anna@nextcloud.com> AI-Assisted-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-28 09:46:49 +02:00
Julius Knorr	50ddee1070	Merge pull request #60776 from nextcloud/feat/office-app-shipped Some checks failed Integration sqlite / changes (push) Has been cancelled Details Psalm static code analysis / changes (push) Has been cancelled Details Integration sqlite / integration-sqlite (master, main, 8.4, main, --tags ~@large files_features) (push) Has been cancelled Details Integration sqlite / integration-sqlite (master, main, 8.4, main, capabilities_features) (push) Has been cancelled Details Integration sqlite / integration-sqlite (master, main, 8.4, main, collaboration_features) (push) Has been cancelled Details Integration sqlite / integration-sqlite (master, main, 8.4, main, comments_features) (push) Has been cancelled Details Integration sqlite / integration-sqlite (master, main, 8.4, main, dav_features) (push) Has been cancelled Details Integration sqlite / integration-sqlite (master, main, 8.4, main, features) (push) Has been cancelled Details Integration sqlite / integration-sqlite (master, main, 8.4, main, federation_features) (push) Has been cancelled Details Integration sqlite / integration-sqlite (master, main, 8.4, main, file_conversions) (push) Has been cancelled Details Integration sqlite / integration-sqlite (master, main, 8.4, main, files_reminders) (push) Has been cancelled Details Integration sqlite / integration-sqlite (master, main, 8.4, main, filesdrop_features) (push) Has been cancelled Details Integration sqlite / integration-sqlite (master, main, 8.4, main, guests_features) (push) Has been cancelled Details Integration sqlite / integration-sqlite (master, main, 8.4, main, ldap_features) (push) Has been cancelled Details Integration sqlite / integration-sqlite (master, main, 8.4, main, openldap_features) (push) Has been cancelled Details Integration sqlite / integration-sqlite (master, main, 8.4, main, openldap_numerical_features) (push) Has been cancelled Details Integration sqlite / integration-sqlite (master, main, 8.4, main, remoteapi_features) (push) Has been cancelled Details Integration sqlite / integration-sqlite (master, main, 8.4, main, routing_features) (push) Has been cancelled Details Integration sqlite / integration-sqlite (master, main, 8.4, main, setup_features) (push) Has been cancelled Details Integration sqlite / integration-sqlite (master, main, 8.4, main, sharees_features) (push) Has been cancelled Details Integration sqlite / integration-sqlite (master, main, 8.4, main, sharing_features) (push) Has been cancelled Details Integration sqlite / integration-sqlite (master, main, 8.4, main, theming_features) (push) Has been cancelled Details Integration sqlite / integration-sqlite (master, main, 8.4, main, videoverification_features) (push) Has been cancelled Details Integration sqlite / integration-sqlite-summary (push) Has been cancelled Details Psalm static code analysis / static-code-analysis (push) Has been cancelled Details Psalm static code analysis / static-code-analysis-security (push) Has been cancelled Details Psalm static code analysis / static-code-analysis-ocp (push) Has been cancelled Details Psalm static code analysis / static-code-analysis-ncu (push) Has been cancelled Details Psalm static code analysis / static-code-analysis-strict (push) Has been cancelled Details Psalm static code analysis / static-code-analysis-summary (push) Has been cancelled Details feat: Add office as shipped app	2026-05-28 09:43:54 +02:00
Anna	29e93a9550	Merge pull request #60763 from nextcloud/fix/noid/behat-scenario-state-isolation test(behat): reset per-scenario state in BasicStructure and Sharing	2026-05-28 09:41:53 +02:00
dependabot[bot]	5678245d3a	chore(deps-dev): Bump symfony/yaml in /vendor-bin/behat Bumps [symfony/yaml](https://github.com/symfony/yaml) from 7.4.8 to 7.4.13. - [Release notes](https://github.com/symfony/yaml/releases) - [Changelog](https://github.com/symfony/yaml/blob/8.1/CHANGELOG.md) - [Commits](https://github.com/symfony/yaml/compare/v7.4.8...v7.4.13) --- updated-dependencies: - dependency-name: symfony/yaml dependency-version: 7.4.13 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-28 02:35:01 +00:00
Nextcloud bot	3f7721b996	fix(l10n): Update translations from Transifex Signed-off-by: Nextcloud bot <bot@nextcloud.com>	2026-05-28 00:23:06 +00:00
Anna	f67b908c42	Merge pull request #60742 from nextcloud/test/noid/remove-checkbox-tests Some checks are pending Integration sqlite / changes (push) Waiting to run Details Integration sqlite / integration-sqlite (master, main, 8.4, main, --tags ~@large files_features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, capabilities_features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, collaboration_features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, comments_features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, dav_features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, federation_features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, file_conversions) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, files_reminders) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, filesdrop_features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, guests_features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, ldap_features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, openldap_features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, openldap_numerical_features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, remoteapi_features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, routing_features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, setup_features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, sharees_features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, sharing_features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, theming_features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, videoverification_features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite-summary (push) Blocked by required conditions Details Psalm static code analysis / changes (push) Waiting to run Details Psalm static code analysis / static-code-analysis (push) Blocked by required conditions Details Psalm static code analysis / static-code-analysis-security (push) Blocked by required conditions Details Psalm static code analysis / static-code-analysis-ocp (push) Blocked by required conditions Details Psalm static code analysis / static-code-analysis-ncu (push) Blocked by required conditions Details Psalm static code analysis / static-code-analysis-strict (push) Blocked by required conditions Details Psalm static code analysis / static-code-analysis-summary (push) Blocked by required conditions Details test: replace checkbox assertions with real assertions or DoesNotPerformAssertions	2026-05-27 19:47:57 +02:00
Stephan Orbaugh	e753718196	Merge pull request #60757 from nextcloud/fix/59888-current-app-label-responsive fix(core): Hide current-app label at narrower viewports	2026-05-27 19:28:57 +02:00
Louis	da7c4ef3ce	Merge pull request #60316 from Justinzobel/work/justinzobel/spellingfixes Spelling fixes	2026-05-27 18:47:51 +02:00
Anna	1ce066ba79	Merge pull request #60738 from nextcloud/perf/noid/cypress-dependency-caching perf(ci): cache npm dependencies in Cypress init job using buildjet cache	2026-05-27 18:28:08 +02:00
Anna	1272068293	Merge pull request #60739 from nextcloud/perf/noid/phpunit-test-timeouts test(ci): enforce PHPUnit time limits with sensible timeout values	2026-05-27 18:24:50 +02:00
Anna Larch	d58e55ad63	test(behat): reset per-scenario state in BasicStructure and Sharing Add @BeforeScenario hooks to reset auth/server state and sharing state between scenarios, preventing state bleed across test runs. - BasicStructure: reset currentUser, currentServer, baseUrl, apiVersion, requestToken and cookieJar (baseUrl and currentServer go together via usingServer(), so both must be reset) - Sharing: reset lastShareData, storedShareData and savedShareId Signed-off-by: Anna Larch <anna@nextcloud.com> AI-Assisted-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-27 16:06:54 +02:00
Micke Nordin	5ffde0370b	Merge pull request #60136 from nextcloud/kano-dual-stack-rfc-9421-http-sig Some checks are pending Integration sqlite / changes (push) Waiting to run Details Integration sqlite / integration-sqlite (master, main, 8.4, main, --tags ~@large files_features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, capabilities_features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, collaboration_features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, comments_features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, dav_features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, federation_features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, file_conversions) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, files_reminders) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, filesdrop_features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, guests_features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, ldap_features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, openldap_features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, openldap_numerical_features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, remoteapi_features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, routing_features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, setup_features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, sharees_features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, sharing_features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, theming_features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite (master, main, 8.4, main, videoverification_features) (push) Blocked by required conditions Details Integration sqlite / integration-sqlite-summary (push) Blocked by required conditions Details Psalm static code analysis / changes (push) Waiting to run Details Psalm static code analysis / static-code-analysis (push) Blocked by required conditions Details Psalm static code analysis / static-code-analysis-security (push) Blocked by required conditions Details Psalm static code analysis / static-code-analysis-ocp (push) Blocked by required conditions Details Psalm static code analysis / static-code-analysis-ncu (push) Blocked by required conditions Details Psalm static code analysis / static-code-analysis-strict (push) Blocked by required conditions Details Psalm static code analysis / static-code-analysis-summary (push) Blocked by required conditions Details feat(http-sig): Dual stack http-sig	2026-05-27 15:59:52 +02:00
Julius Knorr	f535a1d268	feat: Add office as shipped app Signed-off-by: Julius Knorr <jus@bitgrid.net>	2026-05-27 15:55:55 +02:00
Peter Ringelmann	a210455c33	chore(assets): Recompile assets Signed-off-by: Peter Ringelmann <peter.ringelmann@nextcloud.com>	2026-05-27 15:55:05 +02:00
Peter Ringelmann	57df565cb9	fix(core): Hide current-app label at narrower viewports Signed-off-by: Peter Ringelmann <peter.ringelmann@nextcloud.com>	2026-05-27 15:52:43 +02:00
Andy Scherzinger	496662e9a5	Merge pull request #60258 from nextcloud/dependabot/npm_and_yarn/build/frontend-legacy/webpack-5.106.2 chore(deps-dev): Bump webpack from 5.105.3 to 5.106.2 in /build/frontend-legacy	2026-05-27 13:47:29 +02:00
nextcloud-command	c2e95d118b	chore(assets): Recompile assets Signed-off-by: nextcloud-command <nextcloud-command@users.noreply.github.com>	2026-05-27 11:21:38 +00:00
Anna Larch	0bb8081842	test(share20): replace addToAssertionCount checkbox tests in Share20 ManagerTest Signed-off-by: Anna Larch <anna@nextcloud.com> AI-Assisted-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-27 12:22:02 +02:00
Anna Larch	18c5c0711e	test: remove no-op checkbox assertions Replace assertTrue(true), addToAssertionCount(1) and delete-without-assert patterns with meaningful assertions or proper test removal. Signed-off-by: Anna Larch <anna@nextcloud.com> AI-Assisted-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-27 12:12:44 +02:00
dependabot[bot]	3c514484a9	chore(deps-dev): Bump webpack in /build/frontend-legacy Bumps [webpack](https://github.com/webpack/webpack) from 5.105.3 to 5.106.2. - [Release notes](https://github.com/webpack/webpack/releases) - [Changelog](https://github.com/webpack/webpack/blob/main/CHANGELOG.md) - [Commits](https://github.com/webpack/webpack/compare/v5.105.3...v5.106.2) --- updated-dependencies: - dependency-name: webpack dependency-version: 5.106.2 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-27 12:05:34 +02:00
Anna Larch	2c86e1dccb	test(ci): enforce PHPUnit time limits with sensible timeout values PHPUnit's enforceTimeLimit was disabled, meaning the timeoutForSmallTests, timeoutForMediumTests and timeoutForLargeTests config values had no effect. Enable enforcement and set realistic limits: 60s/300s/600s for small/medium/large, with a 300s default for unannotated tests. Also clear disable_functions in the PHP development ini preset across all PHPUnit workflows so pcntl_signal is available — without it the signal handler that drives timeout enforcement cannot be registered. Signed-off-by: Anna Larch <anna@nextcloud.com> AI-Assisted-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Anna Larch <anna@nextcloud.com>	2026-05-27 11:42:02 +02:00
Kate	f1915e0dd4	Merge pull request #60744 from nextcloud/test/noid/phpunit-db-test-isolation test(db): call parent::tearDown() in DB test classes that skipped it	2026-05-27 11:37:51 +02:00
F. E Noel Nfebe	9ecf114443	Merge pull request #60665 from nextcloud/feat/59888-nav-redesign-header-search-launcher feat(core): Add centered search input to top bar	2026-05-27 10:27:22 +01:00
Anna Larch	ff0225dca5	perf(ci): cache npm dependencies in Cypress init job using buildjet cache The Cypress init job ran npm ci from scratch on every invocation. Add buildjet cache restore/save steps around npm ci, keyed on package-lock.json hash, so subsequent runs with unchanged dependencies skip the registry download entirely. Uses buildjet/cache (v4.0.2) to match the existing context caching already in this workflow. Signed-off-by: Anna Larch <anna@nextcloud.com> AI-Assisted-By: Claude Sonnet 4.6 <noreply@anthropic.com> Signed-off-by: Anna Larch <anna@nextcloud.com>	2026-05-27 11:13:05 +02:00
Micke Nordin	0dbb611203	chore: Move 3rdparty to master Signed-off-by: Micke Nordin <kano@sunet.se>	2026-05-27 11:11:47 +02:00
Micke Nordin	cc9e0ba582	fix(http-sig): make setSignature public and skip third-party-dependent test Two CI failures introduced by the test additions in this PR: 1. testEd25519VerifyAcceptedWhenSodiumLoaded calls setSignature() to inject an externally-produced Ed25519 signature (since Algorithm::sign() rejects Ed25519 by design). setSignature was declared protected, so the test couldn't call it from outside the class hierarchy. Make it public — SignedRequest lives in the OC\ private namespace, so this widens internal-only visibility, not the public API surface. 2. testParseKeyRejectsContradictoryAlg expected firebase/php-jwt's JWK::parseKey() to throw on a kty=OKP/crv=Ed25519/alg=ES256 key. The current firebase/php-jwt version does not validate that coherence at parse time, so the test now fails to see any throwable. The actual security check happens at Algorithm::verify() time and is covered by testVerifyEd25519KeyAgainstES256Alg right above it. Skip the parse-time test with a comment pointing at the verify-time coverage. Signed-off-by: Micke Nordin <kano@sunet.se>	2026-05-27 11:03:55 +02:00
Micke Nordin	c753aad9e3	refactor(ocm): expose confirmRequestOrigin as a function on ocmDiscoveryService Apps implementing OCM endpoints via OCMEndpointRequestEvent (e.g. SUNET/nextcloud-ocm_request_share for request-share, nextcloud/contacts for invite-accepted) need to apply the same identity check that the built-in addShare and receiveNotification handlers apply, so it makes sense to make it publicly accessible. It also allows us to refactor RequestHandlerController::confirmSignedOrigin to use the new public method and drop the confirmNotificationIdentity helper. Signed-off-by: Micke Nordin <kano@sunet.se>	2026-05-27 11:03:55 +02:00
Micke Nordin	1bad4fe238	fix: Make sodium optional This commit switches the default signature algorithm to ecdsa-p256-sha256 instead of Ed25519. This allows us to make sodium optional again, and we only pull it in to use it for verifying incomming signatures. If sodium is not installed, we throw on Ed25519 signatures instead. At least it is easy for most people to make their Nextcloud install fully RFC compliant by installing sodium. I also renamed all the Ed25519 function names to be more precis, using Jwks for the JSON Web Keys, and RFC9421 for the http-signature code, where it is needed to distinguish from draft-cavage signatures. Signed-off-by: Micke Nordin <kano@sunet.se>	2026-05-27 11:03:55 +02:00
Micke Nordin	1b4c9b21d2	chore: Add review feedback Throw when one of the headers are empty Enumerate all the allowed algorithms in th NATIVE constant Co-authored-by: Carl Schwan <carl@carlschwan.eu> Signed-off-by: Micke Nordin <kano@sunet.se>	2026-05-27 11:03:55 +02:00
Micke Nordin	d8cafa1ba5	chore: Fix return values Use constants instead of 0/1 Also fix PHPDoc to use correct return values. Co-authored-by: Carl Schwan <carl@carlschwan.eu> Signed-off-by: Micke Nordin <kano@sunet.se>	2026-05-27 11:03:55 +02:00
Micke Nordin	166bc2c74b	feat(http-sig): occ commands to manage Ed25519 keys ocm:keys:list list known keys with their slot and kid ocm:keys:stage generate a pending key, advertise via JWKS ocm:keys:activate promote pending -> active, demote previous active ocm:keys:retire delete the retiring key (kid stops resolving) Plus the autoloader regen covering the new classes from this branch. Signed-off-by: Micke Nordin <kano@sunet.se>	2026-05-27 11:03:55 +02:00
Micke Nordin	3b5107bc96	feat(http-sig): OCM Ed25519 keys, JWKS endpoint, http-sig capability OCM dual-stack integration of RFC 9421 alongside the existing cavage publicKey path: - OCMSignatoryManager: Ed25519 active/pending/retiring slot rotation backed by numbered pool appkeys, getRemoteKey for inbound JWK lookup with per-origin cache + cache-miss refetch, and getLocalEd25519Jwks for the JWKS endpoint. - Rfc9421SignatoryManager: per-call wrapper that swaps in the Ed25519 signatory and toggles `rfc9421.format`. - OCMJwksHandler: serves /.well-known/jwks.json (RFC 7517) when signing is enabled. - OCMDiscoveryService: advertises `http-sig` in capabilities when signing is enabled, and picks the signature scheme on outbound based on the remote's advertised capabilities. - Application.php: register the JWKS well-known handler. Signed-off-by: Micke Nordin <kano@sunet.se>	2026-05-27 11:03:55 +02:00
Micke Nordin	3a99cf9a67	feat(identityproof): Ed25519 app keys Add Manager::generateEd25519AppKey: persist a sodium-generated Ed25519 keypair (raw 32-byte public, 64-byte secret) under the same appdata layout the existing RSA path uses. Used by OCMSignatoryManager for the slotted RFC 9421 signing keys. Signed-off-by: Micke Nordin <kano@sunet.se>	2026-05-27 11:03:55 +02:00
Micke Nordin	0eb927e617	feat(http-sig): RFC 9421 protocol primitives Add the RFC 9421 (HTTP Message Signatures) sign/verify path alongside the existing draft-cavage implementation: - Algorithm: sodium for Ed25519, JWT::sign for RSA / ECDSA, ecdsaRawToDer for the ECDSA wire format. JWK parsing via JWK::parseKey. - SignatureBase: RFC 9421 §2.5 base construction for the derived components OCM uses plus plain HTTP fields. - ContentDigest: RFC 9530 helpers used as a covered component. - Rfc9421IncomingSignedRequest / Rfc9421OutgoingSignedRequest: request models. Parsing of Signature-Input / Signature delegates to gapple\\StructuredFields\\Parser. - IJwkResolvingSignatoryManager: capability bit signatory managers advertise to participate in RFC 9421 verification. - OcmProfile: OCM-mandated dictionary label. - SignatureManager: dispatch to RFC 9421 inbound when Signature-Input is present, outbound when rfc9421.format is set. Plus tests for each primitive and a full round-trip across the model. Signed-off-by: Micke Nordin <kano@sunet.se>	2026-05-27 11:03:55 +02:00
Micke Nordin	ea9bbe64c1	chore: require ext-sodium Promote ext-sodium from recommended to required so RFC 9421 Ed25519 signing/verifying can rely on libsodium unconditionally. Add the matching openssl + sodium psalm stubs. Signed-off-by: Micke Nordin <kano@sunet.se>	2026-05-27 11:03:55 +02:00
Micke Nordin	a1991eca6e	chore(3rdparty): pin to nextcloud/3rdparty#2413 head (firebase/php-jwt + gapple/structured-fields) Signed-off-by: Micke Nordin <kano@sunet.se>	2026-05-27 11:03:55 +02:00

1 2 3 4 5 ...

87758 commits