Commit Graph

1539 Commits

Author SHA1 Message Date
Ralf Becker
502d423885 fix PHP Warning: substr() expects parameter 1 to be string, array given 2020-07-10 11:08:38 +02:00
Ralf Becker
7428e2d7cd do not add path of url to CSP 2020-07-07 13:18:28 +02:00
nathangray
4c7709d49f Etemplate: Get vfsUpload values to use expose so they work like links 2020-07-03 14:23:41 -06:00
nathangray
ee498f703d Etemplate: Fix password widget could not be cleared entirely 2020-07-03 09:25:51 -06:00
Hadi Nategh
6ba8210d83 Avoid requesting external images with mixed content 2020-06-30 15:54:21 +02:00
Ralf Becker
27ad7772de add AGPL license for smallpart 2020-06-28 11:35:44 +02:00
Ralf Becker
4959281164 fix optional SAML/Shibboleth login fails when proxying as form field with name "auth=saml" get lost 2020-06-24 08:56:13 +02:00
nathangray
f0e074093c Ralf's fix for Saml for PHP 7.2 2020-06-23 10:21:07 -06:00
Ralf Becker
08b039c4fb fix some SAML/Shibboleth problems caused by EGroupware running in container behind proxy on host 2020-06-21 08:17:00 +02:00
Hadi Nategh
b95e9be02a Cleanup widget browser 2020-06-18 14:58:24 +02:00
Ralf Becker
7e81b733e1 fix typo in directory permissions 2020-06-18 10:48:56 +02:00
nathangray
b56a8f9901 Default password customfield plaintext attribute to false 2020-06-16 09:23:54 -06:00
Ralf Becker
2c489ef5b8 change default for password attribute plaintext back to true, to not break every existing usage of that widget 2020-06-16 08:37:51 +02:00
nathangray
d7d5837ecf Nicer password widget on account edit dialog
- Added plain-text attribute to avoid encrypting password
- Suggest password now fills both fields the same
2020-06-15 16:08:24 -06:00
Ralf Becker
e996b2c0cf reverting 2 changes around sessions which break our installation
checking for the not existing (new) database runs into an invinit recursion
the checks not to use $_SESSION, if no session is active was added in an attempt to get SimpleSAMLphp discovery working, but seems unneccessary for what we currently use
2020-06-15 10:11:31 +02:00
nathangray
aab5415873 * Etemplate: Password widget improvements - suggest password button, added as custom field type (stored encrypted) 2020-06-12 10:56:53 -06:00
Ralf Becker
b7ed148371 * SAML: support joining a SAML account to an existing one, if configured in setup
notification of user does not yet work, as redirect on login page looses Api\Framework::message() :(
2020-06-11 16:03:54 +02:00
nathangray
a993938134 Etemplate: Fix VFS & file widgets were not properly handling files 2020-06-10 10:20:30 -06:00
Ralf Becker
19f52cd1de fix regular login, if optional SAML one is enabled for multiple IdP 2020-06-10 16:17:20 +02:00
Ralf Becker
4c131c1866 SAML/Shibboleth with multiple IdP or optional on regular login page 2020-06-10 15:19:24 +02:00
Ralf Becker
a0760f6b96 * Mail: fix creating a folder on level of inbox gave an error (if imap server supports it) 2020-06-08 11:59:49 +02:00
Ralf Becker
1ea45e6591 Mime-Type check can only work for the first chunk, further ones will always fail 2020-06-02 13:46:46 +02:00
Ralf Becker
4d2d14dd99 make running / generating SAML/Shibboleth config depending on an IPD configured 2020-05-29 10:25:31 +02:00
Ralf Becker
b1f79d1c40 * SAML/Shibboleth/SimpleSAMLphp authentication configurable through setup 2020-05-28 23:24:09 +02:00
Hadi Nategh
8d022c5908 do not try to push notifications for api.queue requests 2020-05-22 10:16:59 +02:00
Ralf Becker
7226f0f753 allow to set a css class on body tag for (different) styling of an embeded window 2020-05-19 09:43:53 +02:00
Ralf Becker
d04e6ebdec do NOT check eT2 popups for missing framework 2020-05-19 09:02:47 +02:00
Ralf Becker
9b17fa7871 fix typo 2020-05-18 20:56:50 +02:00
Ralf Becker
46a3818e92 * ActiveDirectory: consider security local groups as groups too 2020-05-13 13:16:08 +02:00
Ralf Becker
319ae2637c an other case of not automatic fixed ambigious auto-id 2020-05-08 12:35:09 +02:00
Ralf Becker
c50fd8e6bf * API: new data-minimizing account display options "Firstname Inital" and "Firstname [ID]" 2020-05-04 09:25:32 +02:00
Ralf Becker
474d63a79b support hashes generated by password_hash($pwd, PASSWORD_BCRYPT) 2020-05-04 09:01:11 +02:00
Ralf Becker
cdf5d939e9 docu update 2020-05-04 08:56:32 +02:00
Ralf Becker
b4db228c96 fix typo 2020-04-30 17:33:37 +02:00
Ralf Becker
7bf6b33ab2 move adding CSP frame-src of OpenIDConnect clients managed as apps to OpenID app 2020-04-30 17:32:30 +02:00
Ralf Becker
9a548dca68 fix csp-*-source hook not run, if Api\Header\ContenSecurity::add() was called 2020-04-30 17:31:46 +02:00
Ralf Becker
ab20dbb70c * Mail: automatic remove some invisible Unicode chars breaking email addresses: zero width space, variation selectors 2020-04-30 10:16:24 +02:00
nathangray
0fdd8f87cb Api: Fix out of memory error when deleting users and filesystem is large
Fixed by not deleting the files, just changing owner
2020-04-28 14:16:09 -06:00
Ralf Becker
42b78ab708 quiten warning in login / no user-apps 2020-04-28 10:15:01 +02:00
nathangray
631be5769d Api: Switch double quotes to single quotes to be standard SQL and avoid Postresql errors 2020-04-27 09:17:16 -06:00
Ralf Becker
4d4eb5e654 remove left over (unnecessary) call to addGeneric adding an empty push 2020-04-22 22:19:58 +02:00
Ralf Becker
9817d25a47 move who is available via push to push class and backends 2020-04-20 13:07:58 +02:00
Ralf Becker
1ac0ff826e missed commit from SimpleSAMLphp 2020-04-20 12:55:19 +02:00
Ralf Becker
9211d81732 suppress warning and trace (containing passwords) if userPassword attribute is not accessible 2020-04-16 12:16:04 +02:00
nathangray
a3c6eba952 Fix sharing of of a file inside a symlinked directory failed. 2020-04-14 11:19:12 -06:00
Ralf Becker
e3ede597dc * API: add SimpleSAMLphp for SAML/Shibboleth authentication and many more 2020-04-14 14:10:33 +02:00
Ralf Becker
655f1f1f6a fix wrong Gravatar URL 2020-04-11 10:11:10 +02:00
nathangray
0fb4176067 Fix sharing a single file gave 404
Added test to check that this works for a single file
2020-04-08 11:39:12 -06:00
Ralf Becker
a6e6393943 disable avatar sharing link, as it currently destroys sessions for already logged in users, plus some more fixes for VC 2020-04-07 16:16:49 +02:00
Ralf Becker
1c135b2da3 some fixes around videoconference avatars and adding an automatic alarm 5min before the conference 2020-04-07 11:10:49 +02:00
Ralf Becker
72116b9587 Jitsi avatars: shareing url for pictures, anonymous letter-avatar or gravatar if none 2020-04-06 20:15:00 +02:00
nathangray
b1cb9c10ef Case insensitive check for vCard BEGIN & END flags fixes lowercase vcards would not import
https://tools.ietf.org/id/draft-ietf-vcarddav-vcardrev-02.html#anchor3
2020-04-06 10:54:59 -06:00
Ralf Becker
8c0fb193e1 fix wrong condition 2020-04-06 09:05:50 +02:00
nathangray
fb4e6c0dfe Some improvements to sharing when multiple shares are involved 2020-04-03 16:20:47 -06:00
nathangray
6664aea901 Etemplate: Register time_or_date widget, fixes wrong timestamps in mobile template mail list 2020-04-01 15:03:58 -04:00
Ralf Becker
d830e048e4 loading filemanager translations for sharing 2020-04-01 10:46:32 +02:00
nathangray
174737cc67 English translation of 'share filemanager directory' 2020-03-31 10:49:36 -06:00
nathangray
0664df4921 Add some hints to sharing actions 2020-03-31 10:36:50 -06:00
nathangray
d24c6f2b7d Avoid error if extra parameter is not set 2020-03-31 10:21:26 -06:00
Ralf Becker
3750711cdf * OpenIdConnect/OAuth: manage access and display OAuth apps inside EGroupware 2020-03-30 21:03:19 +02:00
nathangray
c937f50193 Make sure share cleanup job doesn't remove shares just because of access rights 2020-03-30 09:35:59 -06:00
nathangray
d3eb2d9b22 Change the hidden upload message 2020-03-27 13:40:48 -06:00
nathangray
93a7166710 Add hidden upload directory as mail action 2020-03-26 13:20:20 -06:00
Ralf Becker
aa566e12fa translation for "Hidden uploads" and move it between readonly and writable shares 2020-03-26 10:38:34 +01:00
nathangray
895b1ebee9 Cleanup, bugfix & refactoring of hidden upload folder. 2020-03-25 11:39:40 -06:00
nathangray
7163acfe1d * Add action to share filemanager folder (readonly) with hidden upload folder 2020-03-24 20:34:04 -06:00
nathangray
6aec7858cc * Api: If addressbook event column is disabled, disable next / last dates in edit dialog as well. 2020-03-24 09:42:10 -06:00
Hadi Nategh
3330bb6747 Use svg icon version for sidebox bullet points 2020-03-23 14:13:44 +01:00
Ralf Becker
e9c3533c93 avoid misconfiguration of user "anonymous" NOT flaged as such 2020-03-21 11:43:54 +01:00
nathangray
7631eb83aa Fix some account changes were not saved 2020-03-20 10:31:46 -06:00
nathangray
a7593b2f83 Add some comment so we know what's going on 2020-03-19 10:41:45 -06:00
nathangray
4078154237 Remove permanent error_log 2020-03-09 15:29:51 -06:00
nathangray
173b695cf2 Api: Sharing listens to Vfs hooks to stay up-to-date with deleted or renamed files 2020-03-06 14:48:26 -07:00
Ralf Becker
4fe466f4f9 deals with some rows share_path have "vfs://default" prefix, some are just path 2020-03-06 15:08:34 +01:00
Ralf Becker
4c987e7dd8 fix all shares (not files) got deletes, if one was expired 2020-03-06 14:33:50 +01:00
nathangray
9b2e6b5012 Api: Fix Sharing missing temp file cleanup 2020-03-05 15:03:34 -07:00
nathangray
1fcd502d57 Api: Fix sharing lost session ID causing logout 2020-03-05 14:08:57 -07:00
nathangray
0df0777484 Revert "Api: Fix sharing lost session ID causing logout"
This reverts commit 07561bf01d.
2020-03-05 14:07:24 -07:00
nathangray
07561bf01d Api: Fix sharing lost session ID causing logout 2020-03-05 13:58:09 -07:00
Ralf Becker
7283d33a93 fold Apache error.log and ignored PHP syntax errors, plus remove some warnings 2020-03-05 11:53:26 +01:00
Ralf Becker
5154bc2f70 fix warnings, if headers are already sent, eg. in phpUnit/Travis 2020-03-05 10:23:29 +01:00
Ralf Becker
b448f9a021 adding phpUnit 8.x as dev-requirement and try staring Apache in Travis for CalDAV tests 2020-03-04 22:43:09 +01:00
Ralf Becker
e360932bdf fix warning in tests 2020-03-04 22:31:30 +01:00
Ralf Becker
df263c22a3 some fixes for warnings during phpUnit about session+translation 2020-03-04 20:28:30 +01:00
Ralf Becker
c85f1f3d05 some fixes for warnings during phpUnit about caching 2020-03-04 20:27:10 +01:00
Ralf Becker
19a7894269 some pending changes 2020-03-04 20:19:08 +01:00
Ralf Becker
44d9fcc790 Revert "* CalDAV/OutlookSynchronizer: reject invitations when client deletes then without appropriate rights in his calendar"
This reverts commit 4c6e41d479.
2020-03-04 19:16:50 +01:00
Ralf Becker
cbb1391c37 Revert "revert using files cache for cli change in order to fix failing install in Travis"
This reverts commit 1367463e6b.
2020-03-04 19:15:43 +01:00
Ralf Becker
1367463e6b revert using files cache for cli change in order to fix failing install in Travis 2020-03-04 19:08:42 +01:00
Ralf Becker
4c6e41d479 * CalDAV/OutlookSynchronizer: reject invitations when client deletes then without appropriate rights in his calendar 2020-03-04 16:58:38 +01:00
Ralf Becker
deb482aca3 suppress warning if session already active (trace logs the password) 2020-02-26 13:51:58 +01:00
Ralf Becker
4a14e0d36b ignore exception, as it blocks session creation, if database is not writable 2020-02-19 15:39:29 +01:00
Hadi Nategh
12c2984acf Fix default login logo url 2020-02-19 12:14:26 +01:00
Ralf Becker
42e62cb3eb fix one error with sharing-links having passwords (no HTML tags in Headers!) 2020-02-14 13:43:50 +01:00
Ralf Becker
90c55e013d try "PLAIN" first, in case IMAP wrongly reports some digest, it does not (correctly) implement 2020-02-05 10:58:34 +01:00
Ralf Becker
9cc0eaccd4 try "PLAIN" first, in case IMAP wrongly reports some digest, it does not (correctly) implement 2020-02-05 10:51:38 +01:00
Ralf Becker
abd6f7d669 allow to specify the root for lang-files 2020-02-01 17:50:56 +01:00
Hadi Nategh
faca76f6a9 Do not run restrict validation check for type taglist-account if free entries are allowed 2020-01-31 16:13:45 +01:00
Ralf Becker
1559b017d7 validate IP address in X-Forwarded-For header 2020-01-30 13:21:56 +01:00
Ralf Becker
39be6e0b89 * Sharing: temporary disable cleaning of deleted files, causing all shares to get deleted 2020-01-29 16:30:22 +01:00
Ralf Becker
b65b21fe9c allow images and media in mail via http: and https:, but remove object tags (already forbiden via CSP) 2020-01-29 14:40:30 +01:00
Ralf Becker
cc8258cb3c use random_bytes(32) which throws for not enought entropy 2020-01-29 11:12:21 +01:00
Ralf Becker
d95894d530 use etemplate-exec-id as CSRF token for ajax requests 2020-01-29 11:08:44 +01:00
nathangray
2045c08e54 * Api: Fix SQL error from doubled table name in group statement
"Unknown column 'egw_tracker.egw_tracker.tr_id' in 'group statement'"
2020-01-28 14:05:44 -07:00
Ralf Becker
ec31d93af2 do NOT load categories.php?app=phpgw for login page
It gives an error as no user is logged in, which is served as text/html, which then gives an error in browser, as it conflicts with X-Content-Type-Options: nosniff
2020-01-28 18:56:54 +01:00
Ralf Becker
57ab6f667c adding CSP frame-ancestors 'self' policy to mitigate clickjacking 2020-01-28 18:19:40 +01:00
Ralf Becker
2ea9549dcf stricter CSP policy for mail body 2020-01-28 17:45:36 +01:00
Ralf Becker
d8289ef29d stricter CSP policy 2020-01-28 17:14:51 +01:00
Ralf Becker
e9c4d3f07e complete push implementation for timesheet incl. ACL check 2020-01-24 13:31:56 +01:00
Ralf Becker
2bae92f066 ALL and SESSION constants for push 2020-01-23 16:05:32 +01:00
Ralf Becker
6e0936bd98 first take on pushing app-changes to all clients 2020-01-23 11:26:44 +01:00
nathangray
c88bf3c4a0 Fix typo 2020-01-15 08:14:04 -07:00
Ralf Becker
f7c653832f add an iterator for objects with a get_rows method 2020-01-13 14:41:46 +01:00
Ralf Becker
257fa50a1f fix PHP Warning: Use of undefined constant EGW_ACL_READ - assumed 'EGW_ACL_READ' 2020-01-09 14:41:07 +01:00
Ralf Becker
7b30bb7b0d * Admin: optional session-action column in access-log and sessions
also no longer update access-log in session-class destructor, as it fails with skipping permanent logging for WebDAV and others
2019-12-14 13:09:22 +02:00
Hadi Nategh
4276ebbe5f * Mobile theme: fix mobile theme sidebar not showing notifications 2019-12-10 14:18:05 +01:00
nathangray
1064759020 Fix /apps/projectmanager threw SQL error Unknown column 'hash' in 'order clause' 2019-12-09 14:11:55 -07:00
Ralf Becker
2df0095579 fix typo 2019-12-05 08:57:26 +02:00
Hadi Nategh
cf2d626bca Fix replying to some mails with broken pre tags would cause infinite loop 2019-12-03 14:34:32 +01:00
Ralf Becker
e305ba1d23 ignore logging of session dla only for max. of 15 min, so session status is displayed correct 2019-12-02 16:27:17 +02:00
nathangray
83e2d70222 Mail: Fix bullet & number to text conversion failed with non-ascii characters 2019-11-22 09:44:27 -07:00
nathangray
8b503dbae3 Admin: change delete user filemanager hook to move home dir, but only search /home for other files
- Translation from Birgit
2019-11-19 10:19:04 -07:00
Ralf Becker
93b1c7f1ab fix namespace issues 2019-11-19 14:02:37 +02:00
nathangray
a39d257eac Admin: change delete user home directory back to special case, getting actual file count takes way too long. 2019-11-18 14:02:38 -07:00
Ralf Becker
7cd4169768 * all apps: fixing serveral cases of wrong Url when proxying and terminating TLS on the proxy 2019-11-15 13:54:34 +01:00
Ralf Becker
056e5c053a use hostname from setup, only if webserver-url starts with a slash, closer to previous behavior 2019-11-13 18:28:33 +01:00
Ralf Becker
2fcdcb5afe * CalDAV/Calendar: iOS also no longer allowed to accept/reject invitations
now we skip encoding href attributes with mailto: urls independent of user-agent
2019-11-13 16:12:50 +01:00
Ralf Becker
302800b414 new class Api\Header\Http to handle X-Forwarded-Host and -Schema headers
also kope now with multiple comma-separated host-names in X-Forwarded-Host header happening with multiple proxys
2019-11-12 20:13:24 +01:00
Ralf Becker
c768c9cbf7 * CalDAV/Calendar: Lightning 68 no longer allowed to accept/reject invitations
Caused by calendar-user-address-set in principal had url encoded @ in email
--> now using a minimal url-encoding for Lightning, to not encode @
2019-11-11 18:02:20 +01:00
nathangray
5acd287e8d * Mail: keep number & bullet lists when converting to plain text 2019-11-08 11:42:25 -07:00
nathangray
d8faef3503 Admin: Extend Vfs::deleteAccount hook to all the files it can find, not just home dir. 2019-11-07 13:46:14 -07:00
Ralf Becker
bf844b7598 support for new Swoole push server 2019-11-04 09:29:49 +01:00
Ralf Becker
972ebf56f2 speed up restore of database by inserting up to 500 row in one statement (was only 10) 2019-10-30 17:15:23 +01:00
Ralf Becker
bdc8e71057 * Mail: stop logging of mails to webserver error-log 2019-10-30 15:09:11 +01:00
Ralf Becker
8f6df975fe also remove /api/thumbnail.php from access-log updates 2019-10-29 13:20:23 +01:00
Ralf Becker
b926ffc5c8 fix IDE warnings 2019-10-29 09:36:49 +01:00
Ralf Becker
aecea69519 extract logic of custom-field search method
process_search modifies the parameters so search calls this method and then its parent with the modified parameters
2019-10-22 17:07:21 +02:00
Ralf Becker
cad1ec2aaf fix regular expression to not update access-log for avatar 2019-10-22 09:58:18 +02:00
Ralf Becker
5a9bc1a98a UCS 4.4 Rest API gives an error creating group "Default"
claiming a user or group with that name exists, which is not the case
(probably because other LDAP objects with cn=Default exist)
we work around that by creating it as DefaultX and rename it in LDAP to Default for now
2019-10-18 16:23:50 +02:00
Hadi Nategh
414b169791 Add missing timezone selectbox in framework 2019-10-18 15:01:08 +02:00
Hadi Nategh
b13a3a4619 * Mail: fix mails consists of both multipart/mixed and multipart/related create duplicated content 2019-10-16 17:01:02 +02:00
Ralf Becker
df1909d8c1 skip mail-accounts is user editable check for password change
some stored credentials are not event linked to mail accounts or 
might belong to by user not editable accounts like smime on a mail account for all
2019-10-15 18:34:15 +02:00
Hadi Nategh
5a1fbe7049 Use letter avatar when user have no personal avatar is set in addressbook 2019-10-15 14:06:33 +02:00
nathangray
121d5f82ef Etemplate: Fix taglist-account would reject most values 2019-10-11 11:55:10 -06:00
nathangray
a05c66f32c Api: Cleanup by moving password check to its own function 2019-10-11 10:51:40 -06:00
nathangray
56989f338b Remove duplicate method 2019-10-08 14:44:35 -06:00
nathangray
8d58409211 Get Sharing to recognize editable Collabora shares for determining class 2019-10-08 14:43:17 -06:00
Ralf Becker
5dcf1e842f fix for stable Univention 4.4-2 REST API 2019-09-30 12:37:48 +02:00
nathangray
084d2f7ac7 Etemplate: Expand VFS path attribute, if present 2019-09-27 13:40:24 -06:00
Ralf Becker
71d3e3a80c ignore updates (session creation is written) of *dav and avatar, due to possible high volume of updates 2019-09-27 15:59:10 +02:00