Commit graph

8323 commits

Author SHA1 Message Date
Stephan Orbaugh
fb9a073571
Merge pull request #61916 from nextcloud/carl/fetch-groups-optimization
feat: Fetch groups in batch in getUserGroups
2026-07-09 13:10:49 +02:00
Carl Schwan
30291ff591
feat: Fetch groups in batch in getUserGroups
Signed-off-by: Carl Schwan <carlschwan@kde.org>
2026-07-09 11:23:54 +02:00
Ferdinand Thiessen
08b04d9ac5
Merge pull request #61658 from nextcloud/fix/files-node-name
fix(files): proper accessible row name and title for overflow
2026-07-09 01:51:38 +02:00
Ferdinand Thiessen
bca2c7f229
fix(files): proper accessible row name and title for overflow
- resolves https://github.com/nextcloud/server/issues/59203
- resolves https://github.com/nextcloud/server/issues/56611

In the files list before this the accessible name of the button (default
action) was overridden to the default action display name.
But this causes problem for screen readers because then the whole table
row is just called "view" or "download" instead of using the inner text
(e.g. "filename.txt").

This fixes it to rename it `ACTION: FILENAME` instead.

Also when long names were truncated there were no useful title (tooltip)
for it, so it was not possible to get the real name.
This is fixed by always provide a proper tooltip including the full
name.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2026-07-08 21:33:47 +02:00
skjnldsv
84a8e5b1f2
fix(systemtags): remove duplicates, prevent and sanitize existing tags
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
Assisted-by: ClaudeCode:claude-opus-4-8
2026-07-08 12:16:50 +02:00
Andy Scherzinger
a256d7eecc
Merge pull request #61615 from nextcloud/fix/lostpassword-throttle-reset-form
Some checks are pending
CodeQL Advanced / Analyze (actions) (push) Waiting to run
CodeQL Advanced / Analyze (javascript-typescript) (push) Waiting to run
Psalm static code analysis / changes (push) Waiting to run
Psalm static code analysis / static-code-analysis (push) Blocked by required conditions
Psalm static code analysis / static-code-analysis-security (push) Blocked by required conditions
Psalm static code analysis / static-code-analysis-ocp (push) Blocked by required conditions
Psalm static code analysis / static-code-analysis-ncu (push) Blocked by required conditions
Psalm static code analysis / static-code-analysis-strict (push) Blocked by required conditions
Psalm static code analysis / static-code-analysis-summary (push) Blocked by required conditions
fix(core): Throttle lost-password reset form when link is disabled
2026-07-07 18:56:24 +02:00
Andy Scherzinger
65736e5598
Merge pull request #61686 from nextcloud/bug-dont-throttle-csrf
fix(bruteforce): Don't throttle requests with failing CSRF
2026-07-07 18:34:31 +02:00
Stephen Cuppett
507c0a78f5
Merge pull request #60002 from cuppett/cuppett/migrate-appconfig-keys-to-bool
refactor(encryption): Migrate appconfig keys to typed bool IAppConfig with repair step
2026-07-07 11:06:57 -04:00
Daniel Kesselberg
58b21c0709
fix(bruteforce): Don't throttle requests with failing CSRF
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2026-07-07 17:02:08 +02:00
nfebe
f9e274dfe3
fix(core): Throttle lost-password reset form when link is disabled
When password reset links were disabled, the reset form did not rate-limit
failed token attempts, leaving that endpoint open to unthrottled token
guessing. Failed attempts on the form are now always throttled, consistent
with the other reset steps.

Signed-off-by: nfebe <fenn25.fn@gmail.com>
2026-07-07 16:53:02 +02:00
Andy Scherzinger
39d2dc253e
Merge pull request #61845 from nextcloud/fix/declarative-settings-delegation
fix(DeclarativeManager): Fix admin delegation
2026-07-07 15:57:26 +02:00
Kate
2eaad341b4
Merge pull request #61870 from nextcloud/kano-ocm-token-confinement
fix(auth): confine OCM access token to the masked share endpoint
2026-07-07 15:54:49 +02:00
Kate
bc162c7706
Merge pull request #61858 from nextcloud/test/heic
test: fix HEIC tests
2026-07-07 15:10:08 +02:00
Micke Nordin
db96073459 fix(auth): confine OCM access token to the masked share endpoint
Gate the temporary-token bearer auth behind an allowOcmAccessToken flag
that only the public, share-masked webdav endpoints set, and drop the
BearerAuth backend from the CalDAV/CardDAV entrypoints. The token is now
honored only on /public.php/webdav, where per-share masking applies.

Assisted-by: ClaudeCode:claude-fable-5

Signed-off-by: Micke Nordin <kano@sunet.se>
2026-07-07 13:56:32 +02:00
Stephan Orbaugh
7c41ebcd80
Merge pull request #61751 from nextcloud/test/files-pw
Some checks are pending
CodeQL Advanced / Analyze (actions) (push) Waiting to run
CodeQL Advanced / Analyze (javascript-typescript) (push) Waiting to run
Psalm static code analysis / changes (push) Waiting to run
Psalm static code analysis / static-code-analysis (push) Blocked by required conditions
Psalm static code analysis / static-code-analysis-security (push) Blocked by required conditions
Psalm static code analysis / static-code-analysis-ocp (push) Blocked by required conditions
Psalm static code analysis / static-code-analysis-ncu (push) Blocked by required conditions
Psalm static code analysis / static-code-analysis-strict (push) Blocked by required conditions
Psalm static code analysis / static-code-analysis-summary (push) Blocked by required conditions
test(files): migrate end-to-end tests to PlayWright
2026-07-07 13:49:26 +02:00
Ferdinand Thiessen
1479eba07b
test: fix HEIC tests
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2026-07-07 13:30:58 +02:00
Marcel Klehr
6d2a98a5d3 fix(DeclarativeManagerTest): Fix testAdminFormUserUnauthorized
Assisted-by: ClaudeCode:claude-opus-4-8
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
2026-07-07 08:55:18 +02:00
provokateurin
fb17121065
refactor(files_sharing,Share20): Use Interaction API to apply restrictions
Signed-off-by: provokateurin <kate@provokateurin.de>
2026-07-07 08:19:15 +02:00
provokateurin
65366c98ca
refactor(Share20\Manager): Rename generalChecks method and remove unused parameter
Signed-off-by: provokateurin <kate@provokateurin.de>
2026-07-07 08:19:15 +02:00
provokateurin
6cfda6849c
feat(Interaction): Implement all existing restrictions
Signed-off-by: provokateurin <kate@provokateurin.de>
2026-07-07 08:19:15 +02:00
provokateurin
1838fb7e79
feat(OCP): Add Interaction API
Signed-off-by: provokateurin <kate@provokateurin.de>
2026-07-07 08:19:15 +02:00
Ferdinand Thiessen
d2e9b78e2c
test(files): migrate end-to-end tests to PlayWright
Assisted-by: ClaudeCode:claude-opus-4-8
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2026-07-06 18:22:10 +02:00
Stephen Cuppett
b86fa0d0df fix(tests): Migrate EncryptionTrait and test files to typed IAppConfig
Update EncryptionTrait, EncryptionMasterKeyUploadTest, EncryptionUploadTest,
and EncryptedSizePropagationTest to use typed IAppConfig::setValueBool/
getValueBool for encryption_enabled and useMasterKey, preventing
AppConfigTypeConflictException when the keys are stored as BOOL type.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Stephen Cuppett <steve@cuppett.com>
2026-07-04 08:19:10 -04:00
Stephen Cuppett
7637213b03 fix(tests): Update tests/lib/Encryption/ManagerTest.php
Update to annotation from docblock comment

Co-authored-by: Kate <26026535+provokateurin@users.noreply.github.com>
Signed-off-by: Stephen Cuppett <steve@cuppett.com>
2026-07-04 08:19:10 -04:00
Stephen Cuppett
ee6f177b43 refactor(encryption): Drop RetypeEncryptionConfigKeys repair step
The IAppConfig API converts stored values to bool on read (getValueBool)
and re-stamps the type on write (setValueBool), so legacy string-typed
encryption config keys migrate lazily without an explicit repair step.
Per PR review feedback, drop the repair step, its test, and the related
AppConfigTypeConflictException fallback in Encryption\Manager::isEnabled
that only existed to bridge the now-unneeded migration window.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Signed-off-by: Stephen Cuppett <steve@cuppett.com>
2026-07-04 08:19:10 -04:00
Stephen Cuppett
1b2b4cb660 refactor(encryption): Migrate appconfig keys to typed bool IAppConfig with repair step
Switch all encryption config reads/writes from deprecated string-typed IConfig to
bool-typed IAppConfig (getValueBool/setValueBool). Adds RetypeEncryptionConfigKeys
repair step to retype existing string values to bool on upgrade. Includes lazy
IAppConfig resolution in Manager and AppConfigTypeConflictException fallbacks
throughout for safety during the upgrade window.

Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com>
Signed-off-by: Stephen Cuppett <steve@cuppett.com>
2026-07-04 08:19:10 -04:00
Cristian Scheid
1f1928df94 feat: add frontend test for custom custom background selection from file picker
Signed-off-by: Cristian Scheid <cristianscheid@gmail.com>
Signed-off-by: nextcloud-command <nextcloud-command@users.noreply.github.com>
2026-07-03 14:57:53 +00:00
Kostiantyn Miakshyn
ae3434579b feat: Add support for NOT ILIKE in query builder expressions
Signed-off-by: Kostiantyn Miakshyn <molodchick@gmail.com>
2026-07-03 10:53:55 +03:00
Ferdinand Thiessen
6c6aab514a
test: stablize playwright tests
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2026-07-02 22:49:15 +02:00
Ferdinand Thiessen
519c475138
test(files_external): migrate end-to-end tests to PlayWright
Assisted-by: ClaudeCode:claude-opus-4-8
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2026-07-02 21:44:35 +02:00
Joas Schilling
8659690509
test: Don't fail due to deprecations from guzzlehttp 7.12
Signed-off-by: Joas Schilling <coding@schilljs.com>
2026-07-02 13:57:17 +02:00
Carl Schwan
da0928827a refactor: Expose a public exception when no user is found
And use this new exception everywhere outside of where the old one was
throw.

Signed-off-by: Carl Schwan <carlschwan@kde.org>
2026-06-30 21:56:10 +02:00
Kate
599500d8f1
Merge pull request #61493 from nextcloud/carl/addStorageWrapper
feat: Make it possible to add a storage wrapper using public APIs
2026-06-30 15:15:20 +02:00
Joas Schilling
6a739c0ad2
Merge pull request #61608 from nextcloud/bugfix/noid/decrypt-sensitive-values
fix(config): Decrypt sensitive appconfigs when requested
2026-06-29 18:47:54 +02:00
Ferdinand Thiessen
fb18576244
refactor(tests): cleanup PlayWright tests
reuse fixtures where possible to deduplicate logic.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2026-06-27 18:41:21 +02:00
Joas Schilling
c94bea0a1b
fix(config): Decrypt sensitive appconfigs when requested
Signed-off-by: Joas Schilling <coding@schilljs.com>
2026-06-26 13:20:46 +02:00
Ferdinand Thiessen
2ccab88ef7
Merge pull request #61147 from brlin-tw/add-tsv-support
fix(mimetype): Add TSV support in mimetype aliases, mapping, and names
2026-06-25 13:13:48 +02:00
Ferdinand Thiessen
5fa2c42862
chore(tests): adjust PlayWright tests to follow ESLint rules
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2026-06-24 13:16:04 +02:00
Ferdinand Thiessen
f95f3e7895
test(settings): migrate personal settings tests to PlayWright
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2026-06-23 18:30:14 +02:00
Ferdinand Thiessen
b842cbb364
test: fix useless waiting for app config cache
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2026-06-23 18:30:14 +02:00
Ferdinand Thiessen
b245d2dcc9
test(settings): migrate end-to-end tests to PlayWright
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2026-06-23 18:30:14 +02:00
Carl Schwan
b6a23f0268
refactor: Call IStorageFactory::addStorageFactory directly
Remove call to deprecated Filesystem api and allow to reuse instead of
the mounts points between addStorageFactory.

Signed-off-by: Carl Schwan <carlschwan@kde.org>
2026-06-23 15:49:09 +02:00
Carl Schwan
e76d290b67
Merge pull request #61440 from nextcloud/carl/findIn-mount-point
perf(View):  don't sort twice the same array
2026-06-23 14:00:21 +02:00
Carl Schwan
e6b5f763a4
perf: Avoid sorting an already sorted array
Improve performance a bit as this is in the hotpath and take ~2s in
prod.

Signed-off-by: Carl Schwan <carlschwan@kde.org>
2026-06-23 13:11:42 +02:00
Carl Schwan
a213e6bb1d
Merge pull request #61011 from nextcloud/carl/cleanup-preview
Some checks are pending
CodeQL Advanced / Analyze (actions) (push) Waiting to run
CodeQL Advanced / Analyze (javascript-typescript) (push) Waiting to run
Psalm static code analysis / changes (push) Waiting to run
Psalm static code analysis / static-code-analysis (push) Blocked by required conditions
Psalm static code analysis / static-code-analysis-security (push) Blocked by required conditions
Psalm static code analysis / static-code-analysis-ocp (push) Blocked by required conditions
Psalm static code analysis / static-code-analysis-ncu (push) Blocked by required conditions
Psalm static code analysis / static-code-analysis-strict (push) Blocked by required conditions
Psalm static code analysis / static-code-analysis-summary (push) Blocked by required conditions
fix(preview): First cleanup from filecache and then from preview table
2026-06-23 11:08:57 +02:00
Ferdinand Thiessen
a430a14019
chore: adjust code to comply with ESLint rules
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2026-06-22 21:40:38 +02:00
Peter Ringelmann
c02772761f
test(files_trashbin): migrate trashbin e2e from Cypress to Playwright
Signed-off-by: Peter Ringelmann <peter.ringelmann@nextcloud.com>
2026-06-22 20:45:25 +02:00
Carl Schwan
09aea6312b
fix(preview): Don't abort cleanup of previews too early
If we don't find previews in the filecache, this is now normal. Don't
abort and instead delete previews from the new preview table instead.

Signed-off-by: Carl Schwan <carlschwan@kde.org>
2026-06-22 16:35:33 +02:00
Côme Chilliet
32f8ff2445
fix: Remove uses of deprecated service string names
Use the class/interface name instead to avoid logging.
This was breaking in some cases as logging would trigger a deprecation
 warning, resulting in an infinite loop.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2026-06-22 11:19:00 +02:00
Carl Schwan
f1d26355ce fix(tests): Fix tests for mimetypes
Signed-off-by: Carl Schwan <carlschwan@kde.org>
2026-06-21 22:00:27 +02:00