Merge branch 'main' of https://gitlab.e.foundation/e/infra/ecloud/nextcloud

ARG NOTES_VERSION="4.9.4"

ARG CONTACTS_JOB_ID="881946"

ARG CALENDAR_JOB_ID="872766"

ARG EMAIL_RECOVERY_JOB_ID="882525"

ARG EA_JOB_ID="882534"

ARG EMAIL_RECOVERY_JOB_ID="940904"

ARG EA_JOB_ID="940912"

ARG LAUNCHER_JOB_ID="881954"

ARG GOOGLE_INTEGRATION_VERSION="2.2.0"

ARG DASHBOARD_JOB_ID="881962"

ARG MEMORIES_VERSION="6.2.2"

ARG DROP_ACCOUNT_VERSION="2.3.2"

RUN sed -i 's/27,1,8,1/27,1,8,3/' ${BASE_DIR}/version.php

RUN sed -i 's/27,1,8,2/27,1,8,4/' ${BASE_DIR}/version.php

COPY custom_entrypoint.sh /

RUN chmod +x /custom_entrypoint.sh

RUN mkdir -p /var/www/skeleton/Documents && mkdir -p /var/www/skeleton/Images

RUN patch -u ${BASE_DIR}/apps/theming/lib/Themes/CommonThemeTrait.php -i ${TMP_PATCH_DIR}/026-primary-color-fix.patch

RUN patch -u ${BASE_DIR}/lib/private/Template/JSResourceLocator.php -i ${TMP_PATCH_DIR}/031-theme-custom-app-translations.patch

RUN patch -u ${BASE_DIR}/lib/private/L10N/Factory.php -i ${TMP_PATCH_DIR}/032-select-lang-from-session.patch

# UserConfigChangedEvent Ref: https://github.com/nextcloud/server/pull/42039

RUN cd ${BASE_DIR} && patch -p1 < ${TMP_PATCH_DIR}/036-user-config-change-event.patch

RUN rm -rf ${TMP_PATCH_DIR}

# Custom theme

ARG OIDC_LOGIN_VERSION="3.0.2"

ARG IS_SELFHOST=false

RUN curl -fsSL -o ldap_write_support.tar.gz \

    "https://github.com/nextcloud-releases/ldap_write_support/releases/download/v${LDAP_WRITE_SUPPORT_VERSION}/ldap_write_support-v${LDAP_WRITE_SUPPORT_VERSION}.tar.gz" && \

    tar -xf ldap_write_support.tar.gz -C ${BASE_DIR}/custom_apps && \

    rm ldap_write_support.tar.gz

RUN curl -fsSL -o oidc_login.tar.gz \

    "https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v${OIDC_LOGIN_VERSION}/oidc_login.tar.gz" && \

    tar -xf oidc_login.tar.gz -C ${BASE_DIR}/custom_apps && \

    rm oidc_login.tar.gz

# Patches

COPY patches/ ${TMP_PATCH_DIR}/

RUN patch -u ${BASE_DIR}/core/templates/layout.user.php -i ${TMP_PATCH_DIR}/003-contact-search-removal.patch

RUN patch -u ${BASE_DIR}/apps/dav/lib/HookManager.php -i ${TMP_PATCH_DIR}/028-default-task-calendar.patch

RUN patch -u ${BASE_DIR}/apps/provisioning_api/lib/Controller/UsersController.php -i ${TMP_PATCH_DIR}/029-restrict-user-to-change-primary-email.patch

RUN patch -u ${BASE_DIR}/lib/private/Security/VerificationToken/VerificationToken.php -i ${TMP_PATCH_DIR}/033-verification-token-private.patch

RUN patch -u ${BASE_DIR}/lib/private/AppFramework/Middleware/Security/CORSMiddleware.php -i ${TMP_PATCH_DIR}/034-oidc-bearer-token-auth.patch

RUN rm -rf ${TMP_PATCH_DIR}

RUN curl -fsSL -o ldap_write_support.tar.gz \

    "https://github.com/nextcloud-releases/ldap_write_support/releases/download/v${LDAP_WRITE_SUPPORT_VERSION}/ldap_write_support-v${LDAP_WRITE_SUPPORT_VERSION}.tar.gz" && \

    tar -xf ldap_write_support.tar.gz -C ${BASE_DIR}/custom_apps && \

    rm ldap_write_support.tar.gz

RUN curl -fsSL -o oidc_login.tar.gz \

    "https://github.com/pulsejet/nextcloud-oidc-login/releases/download/v${OIDC_LOGIN_VERSION}/oidc_login.tar.gz" && \

    tar -xf oidc_login.tar.gz -C ${BASE_DIR}/custom_apps && \

    rm oidc_login.tar.gz

# Remove user avatar generation for system addressbook card

RUN sed -i 's/$this->getAvatarImage($user)/null/' ${BASE_DIR}/apps/dav/lib/CardDAV/Converter.php

RUN cd ${BASE_DIR}/apps/theming && sed -i 's/<step>OCA\\Theming\\Migration\\MigrateUserConfig<\/step>//g' appinfo/info.xml

# sharing search by email

RUN cd ${BASE_DIR}/custom_apps/contacts && sed -i 's/$S.principalPropertySearchByDisplayname(t);/$S.principalPropertySearch(\[{name:\["http:\/\/sabredav.org\/ns","email-address"\]\}],t,"anyof");/g' js/contacts-main.js

RUN cd ${BASE_DIR}/custom_apps/contacts && sed -i 's/kM.principalPropertySearchByDisplayname(t);/kM.principalPropertySearch(\[{name:\["http:\/\/sabredav.org\/ns","email-address"\]\}],t,"anyof");/g' js/contacts-main.js

# Remove colored background from email template logo

RUN sed -i 's/$this->header, \[$this->themingDefaults->getDefaultColorPrimary()/$this->header, \["none"/' ${BASE_DIR}/lib/private/Mail/EMailTemplate.php

only the admin user (also configured in env var) will not have his login appended with a @domain suffix

diff --git ./core/Controller/LoginController.php ./core/Controller/LoginController-new.php

--- ./core/Controller/LoginController.php	2023-04-21 15:08:54.979407062 +0530

+++ ./core/Controller/LoginController-new.php	2023-04-21 15:16:48.582366408 +0530

@@ -318,6 +318,26 @@

 				$this->l10n->t('Please try again')

--- ./core/Controller/LoginController.php	2024-04-26 15:08:54.979407062 +0530

+++ ./core/Controller/LoginController-new.php	2024-04-26 15:16:48.582366408 +0530

@@ -315,7 +315,28 @@

 				self::LOGIN_MSG_CSRFCHECKFAILED

 			);

 		}

+		$user = trim($user);

+		$user = mb_strtolower($user, 'UTF-8');

+		$actualUser = $user;

+		$legacyDomain = $this->config->getSystemValue('legacy_domain', '');

+		$legacyDomainSuffix = !empty($legacyDomain) ? '@' . $legacyDomain : '';

+		$mainDomain = $this->config->getSystemValue('main_domain', '');

+		$mainDomainSuffix = !empty($mainDomain) ? '@'  . $mainDomain : '';

+		$admin_username = $_ENV["NEXTCLOUD_ADMIN_USER"];

+		$is_admin = strcmp($user, $admin_username) === 0;

+        

+		if (!$is_admin && str_ends_with($user, $legacyDomainSuffix)) {

+			$user = str_replace($legacyDomainSuffix, '', $user);

+		}

+		if (!$this->userManager->userExists($user)) {

+			$user = $user . $legacyDomainSuffix;

+		}

+

 		$data = new LoginData(

 			$this->request,

 			trim($user),

@@ -328,7 +349,7 @@

 		if (!$result->isSuccess()) {

 			return $this->createLoginFailedResponse(

 				$data->getUsername(),

-				$user,

+				$actualUser,

 				$redirect_url,

 				$result->getErrorMessage()

 			);

--- ./core/Controller/WebAuthnController.php	2023-04-21 15:18:58.813220092 +0530

+++ ./core/Controller/WebAuthnController-new.php	2023-04-21 15:24:40.036538414 +0530

@@ -66,6 +66,27 @@

 		$ownerDisplayName = '';

 		$owner = \OC::$server->getUserManager()->get($ownerId);

 		if ($owner) {

 No newline at end of file

--- lib/private/Files/Storage/Wrapper/Quota.php	2024-02-28 23:45:03.136041704 +0530

+++ lib/private/Files/Storage/Wrapper/Quota-new.php	2024-02-28 23:49:24.518192286 +0530

@@ -117,7 +117,10 @@

 				return FileInfo::SPACE_NOT_COMPUTED;

 			} else {

 				$free = $this->storage->free_space($path);

-				$quotaFree = max($this->getQuota() - $used, 0);

+				$ownerId = $this->storage->getOwner($path);

+				$mailQuotaUsage = (int) \OC::$server->getConfig()->getUserValue($ownerId, 'ecloud-accounts', 'mailQuotaUsage', 0);

+				$mailQuotaUsage = max($mailQuotaUsage, 0); // to avoid negative mail quota usage value

+				$quotaFree = max($this->getQuota() - $used - $mailQuotaUsage, 0);

 				// if free space is known

 				$free = $free >= 0 ? min($free, $quotaFree) : $quotaFree;

 				return $free;

From: Avinash <avinashg@e.email>

Date: Friday, 17 May 2024 19:45:00 +0530

Subject: [PATCH] In the invitation modifying a recurring event highlight whether the modification is for one occurrence or all future occurrences

This patch helps in indentifying that For a recurring event, the invitee knows without a doubt whether the modification pushed by the updated invitation is a one time thing or a modification of all future events.

--- ./apps/dav/lib/CalDAV/Schedule/IMipPlugin.php	2024-03-18 11:18:20

+++ ./apps/dav/lib/CalDAV/Schedule/IMipPlugin-new.php	2024-03-11 11:18:22

@@ -242,6 +242,13 @@

@@ -174,7 +174,29 @@

 		/** @var VEvent $oldVevent */

 		$oldVevent = !empty($modified['old']) && is_array($modified['old']) ? array_pop($modified['old']) : null;

 		$isModified = isset($oldVevent);

-

+		$recurrenceId = $vEvent->{'RECURRENCE-ID'};	

+		if (isset($recurrenceId) && $modified['sentOld'] === 1 && !empty($oldVevent)) {

+			$dateTime = $recurrenceId->getValue();

+			$recurrenceArray = explode('T', $dateTime);

+		

+			$oldVEventStart = $oldVevent->DTSTART;

+			$oldStartDateTime = $oldVEventStart->getValue();

+			$startDateTimeArray = explode('T', $oldStartDateTime);

+			$finalStartTime = $recurrenceArray[0] . 'T' . $startDateTimeArray[1];

+		

+			$timeZoneId = (string) $recurrenceId['TZID'];

+			$oldVevent->DTSTART->setDateTime(

+				new \DateTime($finalStartTime, new \DateTimeZone($timeZoneId))

+			);

+		

+			$oldVEventEnd = $oldVevent->DTEND;

+			$oldEndDateTime = $oldVEventEnd->getValue();

+			$endDateTimeArray = explode('T', $oldEndDateTime);

+			$finalEndTime = $recurrenceArray[0] . 'T' . $endDateTimeArray[1];

+			$oldVevent->DTEND->setDateTime(

+				new \DateTime($finalEndTime, new \DateTimeZone($timeZoneId))

+			);

+		}

 		// No changed events after all - this shouldn't happen if there is significant change yet here we are

 		// The scheduling status is debatable

 		if(empty($vEvent)) {

@@ -242,6 +266,13 @@

 		$data['invitee_name'] = ($senderName ?: $sender);

 		$fromEMail = Util::getDefaultEmailAddress('invitations-noreply');

 		$fromName = $this->imipService->getFrom($senderName, $this->defaults->getName());

 		$message = $this->mailer->createMessage()

@@ -262,7 +269,22 @@

@@ -262,7 +293,22 @@

 		$template = $this->mailer->createEMailTemplate('dav.calendarInvite.' . $method, $data);

 		$template->addHeader();

+			$template->addHeadingBanner('#EFFFDB','#293618',$l10n->t('This recurring event has been updated, please review the information below:'));

+		}

+		$sequence = $vEvent->SEQUENCE ? $vEvent->SEQUENCE->getValue() : NULL;

+		if ($sequence && $method !== self::METHOD_CANCEL && $method !== self::METHOD_REPLY && count($vEvent)==1 && ($sequence > 2)) {

+		if (($sequence && $method !== self::METHOD_CANCEL && $method !== self::METHOD_REPLY  && ($sequence > 2)) || isset($vEvent->{'RECURRENCE-ID'})) {

+			$template->addHeadingBanner('#EFFFDB','#293618',$l10n->t('This event has been updated, please review the information below:'));

+		}

 		$this->imipService->addBulletList($template, $vEvent, $data);

 		// Only add response buttons to invitation requests: Fix Issue #11230

@@ -295,7 +317,6 @@

@@ -295,7 +341,6 @@

 				|| in_array(strtolower($recipientDomain), $invitationLinkRecipients)) {

 				$token = $this->imipService->createInvitationToken($iTipMessage, $vEvent, $lastOccurrence);

 				$this->imipService->addResponseButtons($template, $token);

 			}

 		}

--- ./apps/dav/lib/CalDAV/Schedule/IMipService.php	2024-03-18 11:40:39

+++ ./apps/dav/lib/CalDAV/Schedule/IMipService-new.php	2024-03-18 13:47:17

@@ -444,6 +444,51 @@

@@ -169,10 +169,30 @@

 			$oldUrl = self::readPropertyWithDefault($oldVEvent, 'URL', $defaultVal);

 			$data['meeting_url_html'] = !empty($oldUrl) && $oldUrl !== $data['meeting_url'] ? sprintf('<a href="%1$s">%1$s</a>', $oldUrl) : $data['meeting_url'];

-			$data['meeting_when_html'] =

+			if(isset($vEvent->RRULE)){

+				$RRule= (string) $vEvent->RRULE->getValue();

+				if (strpos($RRule, 'FREQ=DAILY') !== false) {

+					$timeTitle = $this->l10n->t('Repeats daily:');

+				}

+				if (strpos($RRule, 'FREQ=WEEKLY') !== false) {

+					$timeTitle = $this->l10n->t('Repeats weekly:');

+				}

+				if (strpos($RRule, 'FREQ=MONTHLY') !== false) {

+					$timeTitle = $this->l10n->t('Repeats monthly:');		

+				}

+				if (strpos($RRule, 'FREQ=YEARLY') !== false) {

+					$timeTitle = $this->l10n->t('Repeats yearly:');

+				}

+				$data['meeting_when_html'] =

 				($oldMeetingWhen !== $data['meeting_when'] && $oldMeetingWhen !== null)

-					? sprintf("<span style='text-decoration: line-through'>%s</span><br />%s", $oldMeetingWhen, $data['meeting_when'])

+					? sprintf("<span style='text-decoration: line-through'>%s</span><br /><span style='color:#6CA91C;font-weight:bold;'>%s</span> %s", $oldMeetingWhen,$timeTitle, $data['meeting_when'])

+					: $data['meeting_when'];	

+			} else {

+				$data['meeting_when_html'] =

+				($oldMeetingWhen !== $data['meeting_when'] && $oldMeetingWhen !== null)

+					? sprintf("<span style='text-decoration: line-through'>%s</span><br /><span style='color:#6CA91C;font-weight:bold;'>%s</span> %s", $oldMeetingWhen, $this->l10n->t('Time:'),$data['meeting_when'])

 					: $data['meeting_when'];

+			}

 		}

 		return $data;

 	}

@@ -444,6 +464,51 @@

 	}

 	/**

 	 * @param string $path

 	 * @return string

 	 */

@@ -541,8 +586,14 @@

@@ -537,12 +602,36 @@

 			$data['meeting_title_html'] ?? $data['meeting_title'], $this->l10n->t('Title:'),

 			$this->getAbsoluteImagePath('caldav/title.png'), $data['meeting_title'], '', IMipPlugin::IMIP_INDENT);

 		if ($data['meeting_when'] !== '') {

-			$template->addBodyListItem($data['meeting_when_html'] ?? $data['meeting_when'], $this->l10n->t('Time:'),

+			if(isset($vevent->RRULE)){

+				$RRule=(string) $vevent->RRULE->getValue();

+				if (strpos($RRule, 'FREQ=DAILY') !== false) {

+					$timeTitle = $this->l10n->t('Repeats daily:');

+				}

+				if (strpos($RRule, 'FREQ=WEEKLY') !== false) {

+					$timeTitle = $this->l10n->t('Repeats weekly:');

+				}

+				if (strpos($RRule, 'FREQ=MONTHLY') !== false) {

+					$timeTitle = $this->l10n->t('Repeats monthly:');		

+				}

+				if (strpos($RRule, 'FREQ=YEARLY') !== false) {

+					$timeTitle = $this->l10n->t('Repeats yearly:');

+				}

+				$template->addBodyListItem($data['meeting_when_html'] ?? $data['meeting_when'], $timeTitle,

 				$this->getAbsoluteImagePath('caldav/time.png'), $data['meeting_when'], '', IMipPlugin::IMIP_INDENT);

+			} else {

+				$template->addBodyListItem($data['meeting_when_html'] ?? $data['meeting_when'], $this->l10n->t('Time:'),

+				$this->getAbsoluteImagePath('caldav/time.png'), $data['meeting_when'], '', IMipPlugin::IMIP_INDENT);

+			}	

 		}

 		if ($data['meeting_location'] !== '') {

-			$template->addBodyListItem($data['meeting_location_html'] ?? $data['meeting_location'], $this->l10n->t('Location:'),

 		}

 		if ($data['meeting_url'] !== '') {

 			$template->addBodyListItem($data['meeting_url_html'] ?? $data['meeting_url'], $this->l10n->t('Link:'),

@@ -637,7 +688,7 @@

@@ -637,7 +726,7 @@

 	 * @param $token

 	 */

 	public function addResponseButtons(IEMailTemplate $template, $token) {

 			$this->l10n->t('Accept'),

 			$this->urlGenerator->linkToRouteAbsolute('dav.invitation_response.accept', [

 				'token' => $token,

@@ -645,20 +696,10 @@

@@ -645,20 +734,10 @@

 			$this->l10n->t('Decline'),

 			$this->urlGenerator->linkToRouteAbsolute('dav.invitation_response.decline', [

 				'token' => $token,

 	}

 	public function getReplyingAttendee(Message $iTipMessage): ?Property {

--- ./apps/dav/lib/CalDAV/EventComparisonService.php	2024-05-06 12:46:29

+++ ./apps/dav/lib/CalDAV/EventComparisonService-new.php	2024-05-06 12:47:11

@@ -100,11 +100,10 @@

 				unset($newEventComponents[$k]);

 			}

 		}

-

+		$sentOld = 0;

 		if(empty($old)) {

-			return ['old' => null, 'new' => $newEventComponents];

+			return ['old' => null, 'new' => $newEventComponents, 'sentOld' => $sentOld];

 		}

-

 		$oldEventComponents = $old->getComponents();

 		if(is_array($oldEventComponents) && !empty($oldEventComponents)) {

 			foreach ($oldEventComponents as $k => $event) {

@@ -113,11 +112,15 @@

 					continue;

 				}

 				if($this->removeIfUnchanged($event, $newEventComponents)) {

-					unset($oldEventComponents[$k]);

+                    if($k!=1){

+                        unset($oldEventComponents[$k]);

+                    } else {

+						$sentOld = 1;

+					}

 				}

 			}

 		}

-		return ['old' => array_values($oldEventComponents), 'new' => array_values($newEventComponents)];

+		return ['old' => array_values($oldEventComponents), 'new' => array_values($newEventComponents), 'sentOld' => $sentOld];

 	}

 }

\ No newline at end of file

--- lib/private/AppFramework/Middleware/Security/CORSMiddleware.php	2024-04-08 08:53:20.410444998 +0530

+++ lib/private/AppFramework/Middleware/Security/CORSMiddleware-new.php	2024-04-09 19:05:21.133629632 +0530

@@ -97,6 +97,10 @@

 			// Allow to use the current session if a CSRF token is provided

 			if ($this->request->passesCSRFCheck()) {

 				return;

+			}			

+			// Skip CORS check for requests with oidc token auth.

+			if ($this->session->getSession() instanceof ISession && $this->session->getSession()->get('is_oidc_token_login') === 1) {

+				return;

 			}

 			// Skip CORS check for requests with AppAPI auth.

 			if ($this->session->getSession() instanceof ISession && $this->session->getSession()->get('app_api') === true) {