Revert "Merge branch 'privacy-fixes-patch' into 'nc-21'"

  services:

    - docker:19.03.12-dind

  before_script:

    - docker info

    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY

  tags:

    - generic_privileged

build-branch:

  except:

    - tags

  stage: build

  variables:

    TARGET: ecloud

  rules:

    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'

      when: never

    - if: $CI_COMMIT_TAG != null

      when: never

    - if: $CI_COMMIT_REF_SLUG =~ /^selfhost/

      variables:

        TARGET: "selfhost"

    - if: $CI_COMMIT_REF_SLUG != null

      when: on_success

  allow_failure: true

  script:

    - echo "TARGET $TARGET, BRANCH $CI_COMMIT_BRANCH, COMMIT_REF_SLUG $CI_COMMIT_REF_SLUG, COMMIT_TAG $CI_COMMIT_TAG"

    - docker build --target $TARGET  --pull -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG" .

    - docker build --pull -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG" .

    - docker push "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"

build-tag:

  only:

    - tags

  stage: build

  variables:

    TARGET: ecloud

  allow_failure: true

  rules:

    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'

      when: never

    - if: $CI_COMMIT_TAG == null

      when: never

    - if: $CI_COMMIT_REF_SLUG =~ /^selfhost/

      variables:

        TARGET: "selfhost"

    - if: $CI_COMMIT_TAG != null

      when: on_success

  script:

    - echo "TARGET $TARGET, BRANCH $CI_COMMIT_BRANCH, COMMIT_REF_SLUG $CI_COMMIT_REF_SLUG, COMMIT_TAG $CI_COMMIT_TAG"

    - docker build --target $TARGET  --pull -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG" .

    - docker push "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"

docker-tag:

  stage: .post

  rules:

    - when: manual

  script:

    - echo "SOURCE $SOURCE, TARGET $TARGET"

    - docker pull $CI_REGISTRY_IMAGE:$SOURCE

    - docker tag $CI_REGISTRY_IMAGE:$SOURCE $CI_REGISTRY_IMAGE:$TARGET

    - docker push $CI_REGISTRY_IMAGE:$TARGET

 No newline at end of file

    - docker build --pull -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_TAG" .

    - docker push "$CI_REGISTRY_IMAGE:$CI_COMMIT_TAG"

FROM nextcloud:20.0.12-fpm as base

FROM nextcloud:21.0.9-fpm AS nextcloud

ARG BASE_DIR="/usr/src/nextcloud"

ARG THEME_VERSION="20.1.3"

ARG THEME_HELPER_VERSION="1.0.1"

ARG NEWS_VERSION="16.0.1"

ARG QUOTA_WARN_VERSION="1.9.1"

ARG NOTES_VERSION="4.1.1"

ARG CONTACTS_VERSION="4.0.1"

ARG CALENDAR_VERSION="2.3.3"

ARG USER_BACKEND_RAW_SQL_VERSION="1.1.0"

ARG TMP_PATCH_DIR="/tmp/build_patches"

ARG THEME_VERSION="21.1.1"

ARG THEME_HELPER_VERSION="1.0.2"

ARG NEWS_VERSION="17.0.1"

ARG QUOTA_WARN_VERSION="1.13.0"

ARG NOTES_VERSION="4.3.1"

ARG CONTACTS_VERSION="4.0.8"

ARG CALENDAR_VERSION="3.1.0"

ARG USER_BACKEND_RAW_SQL_VERSION="1.1.1"

ARG EMAIL_RECOVERY_JOB_ID="199763"

ARG RAINLOOP_VERSION="7.1.2"

ARG RAINLOOP_COMMIT_SHA="e9da581c"

ARG ECLOUD_LAUNCHER_JOB_ID="222001"

ARG GOOGLE_INTEGRATION_VERSION="1.0.6"

RUN mkdir -p /var/www/skeleton/Documents && mkdir -p /var/www/skeleton/Images

COPY custom_entrypoint.sh /

RUN chmod +x /custom_entrypoint.sh

RUN sed -i 's/20,0,12,1/20,0,12,17/' ${BASE_DIR}/version.php

RUN sed -i 's/21,0,9,1/21,0,9,4/' ${BASE_DIR}/version.php

# Install unzip for unzipping artifacts

RUN apt-get update && apt-get install unzip 

# force eCloud theme not to be disabled even when there is an upgrade process launched

RUN sed -i "s/\$systemConfig->setValue('theme', '');/\$systemConfig->setValue('theme', 'eCloud');/g" ${BASE_DIR}/lib/base.php

# fix min version of google data migration app

RUN sed -i "s/min-version=\"22\"/min-version=\"20\"/" ${BASE_DIR}/custom_apps/integration_google/appinfo/info.xml

# Remove colored background from email template logo

RUN sed -i 's/$this->header, \[$this->themingDefaults->getColorPrimary()/$this->header, \["none"/' ${BASE_DIR}/lib/private/Mail/EMailTemplate.php

# Ignore OS dark mode for all users

# Don't use user-specific dark theme css for non-logged in users

RUN sed -i 's/OCA.Accessibility.theme="dark"/OCA.Accessibility.theme="light"/' ${BASE_DIR}/apps/accessibility/js/accessibilityoca.js

RUN sed -i "s/$userValues = \['dark'\]/$userValues = \[\]/" ${BASE_DIR}/apps/accessibility/lib/Controller/AccessibilityController.php

# Custom theme

RUN curl -fsSL -o eCloud-theme.tar.gz \

    "https://gitlab.e.foundation/e/infra/nextcloud-theme/-/archive/${THEME_VERSION}/nextcloud-theme-${THEME_VERSION}.tar.gz" && \

    tar -xf eCloud-theme.tar.gz -C /tmp/ && \

    mv /tmp/nextcloud-theme-${THEME_VERSION}/ ${BASE_DIR}/themes/eCloud && \

    chown -R www-data:www-data ${BASE_DIR}/themes/eCloud/ && \

    rm -rf eCloud-theme.tar.gz ${BASE_DIR}/themes/example/

# Replace "Get your own free account" NC link with /e/ Account link in public pages

RUN sed -i 's/https:\/\/nextcloud.com\/signup\//https:\/\/e\.foundation\/<?php p(\$_\[\x27language\x27\]); ?>\/e-email-invite\//' ${BASE_DIR}/core/templates/layout.public.php 

ENTRYPOINT ["/custom_entrypoint.sh"]

CMD ["php-fpm"]

FROM base as selfhost

ARG BASE_DIR="/usr/src/nextcloud"

ARG TMP_PATCH_DIR="/tmp/build_patches"

COPY patches/ ${TMP_PATCH_DIR}/

# Patches

COPY patches/ ${TMP_PATCH_DIR}/

RUN patch -u ${BASE_DIR}/core/Controller/LoginController.php -i ${TMP_PATCH_DIR}/002-login-without-domain.patch

RUN patch -u ${BASE_DIR}/core/templates/layout.user.php -i ${TMP_PATCH_DIR}/003-contact-search-removal.patch

RUN patch -u ${BASE_DIR}/core/Controller/ContactsMenuController.php -i ${TMP_PATCH_DIR}/004-contact-search-controller-removal.patch

RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-core.patch

RUN cd ${BASE_DIR}/custom_apps && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-custom-app.patch

RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/006-recovery-email-changes.patch

RUN patch -u ${BASE_DIR}/apps/settings/lib/Settings/Personal/ServerDevNotice.php -i ${TMP_PATCH_DIR}/007-remove-dev-notice.patch

RUN patch -u ${BASE_DIR}/lib/private/Template/IconsCacher.php -i ${TMP_PATCH_DIR}/008-icons-cacher-theme-svgs.patch

RUN patch -u ${BASE_DIR}/core/Controller/SvgController.php -i ${TMP_PATCH_DIR}/008-svg-controller-theme-svgs.patch

RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/009-help-links.patch

RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/011-privacy-settings.patch

RUN rm -rf ${TMP_PATCH_DIR}

FROM selfhost as ecloud

ARG BASE_DIR="/usr/src/nextcloud"

ARG TMP_PATCH_DIR="/tmp/build_patches"

COPY patches/ ${TMP_PATCH_DIR}/

# Privacy specific patches

RUN patch -u ${BASE_DIR}/core/templates/layout.user.php -i ${TMP_PATCH_DIR}/003-contact-search-removal.patch

RUN patch -u ${BASE_DIR}/core/Controller/ContactsMenuController.php -i ${TMP_PATCH_DIR}/004-contact-search-controller-removal.patch

RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-core.patch

RUN cd ${BASE_DIR}/custom_apps && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-custom-app.patch

RUN patch -u ${BASE_DIR}/lib/private/Updater.php -i ${TMP_PATCH_DIR}/010-disable-app-store-upgrade.patch

RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/011-privacy-settings.patch

RUN cd ${BASE_DIR} && patch -u ${BASE_DIR}/apps/dashboard/lib/Controller/DashboardController.php -i ${TMP_PATCH_DIR}/012-remove-user-status-widget.patch

RUN patch -u ${BASE_DIR}/lib/private/Authentication/Token/PublicKeyTokenProvider.php -i ${TMP_PATCH_DIR}/013-revert-token-password-update.patch

RUN rm -rf ${TMP_PATCH_DIR}

# autocomplete leak tweak apps frontend with sed, disable group suggestion

# Set default widgets to calendar, tasks and notes

RUN sed -i 's/recommendations,spreed,mail,calendar/calendar,tasks,notes/' ${BASE_DIR}/apps/dashboard/lib/Controller/DashboardController.php

RUN rm -rf ${TMP_PATCH_DIR}

# Remove colored background from email template logo

RUN sed -i 's/$this->header, \[$this->themingDefaults->getColorPrimary()/$this->header, \["none"/' ${BASE_DIR}/lib/private/Mail/EMailTemplate.php

# fix min version of google data migration app

RUN sed -i "s/min-version=\"22\"/min-version=\"21\"/" ${BASE_DIR}/custom_apps/integration_google/appinfo/info.xml

RUN sed -i 's/ in Nextcloud/ /' ${BASE_DIR}/custom_apps/integration_google/js/integration_google-personalSettings.js

RUN sed -i 's/Nextcloud administrator/administrator/' ${BASE_DIR}/custom_apps/integration_google/js/integration_google-personalSettings.js

# Custom theme

RUN curl -fsSL -o eCloud-theme.tar.gz \

    "https://gitlab.e.foundation/e/infra/nextcloud-theme/-/archive/${THEME_VERSION}/nextcloud-theme-${THEME_VERSION}.tar.gz" && \

    tar -xf eCloud-theme.tar.gz -C /tmp/ && \

    mv /tmp/nextcloud-theme-${THEME_VERSION}/ ${BASE_DIR}/themes/eCloud && \

    chown -R www-data:www-data ${BASE_DIR}/themes/eCloud/ && \

    rm -rf eCloud-theme.tar.gz ${BASE_DIR}/themes/example/

# Replace "Get your own free account" NC link with /e/ Account link in public pages

RUN sed -i 's/https:\/\/nextcloud.com\/signup\//https:\/\/e\.foundation\/<?php p(\$_\[\x27language\x27\]); ?>\/e-email-invite\//' ${BASE_DIR}/core/templates/layout.public.php 

# Use php 8 image

FROM php:8.0.12-fpm-bullseye

RUN mkdir -p /var/www/skeleton/Documents && mkdir -p /var/www/skeleton/Images

# Copy all the required files from the nextcloud stage

COPY --from=nextcloud /usr/src/nextcloud /usr/src/nextcloud

COPY --from=nextcloud /usr/local/etc/php/conf.d/ /usr/local/etc/php/conf.d/

COPY --from=nextcloud /*.sh /

COPY --from=nextcloud /upgrade.exclude /

COPY --from=nextcloud /var/spool/cron/crontabs /var/spool/cron/crontabs

COPY --from=nextcloud /entrypoint.sh /

# Copy entrypoints and add correct permissions

COPY custom_entrypoint.sh /

RUN chmod +x /custom_entrypoint.sh

RUN chmod +x /entrypoint.sh

# Install required dependencies of nextcloud

RUN set -ex; \

    \

    apt-get update; \

    apt-get install -y --no-install-recommends \

        rsync \

        bzip2 \

        busybox-static \

        libldap-common \

    ; \

    rm -rf /var/lib/apt/lists/*;

# install the PHP extensions we need

# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html

ENV PHP_MEMORY_LIMIT 512M

ENV PHP_UPLOAD_LIMIT 512M

RUN set -ex; \

    \

    savedAptMark="$(apt-mark showmanual)"; \

    \

    apt-get update; \

    apt-get install -y --no-install-recommends \

        libcurl4-openssl-dev \

        libevent-dev \

        libfreetype6-dev \

        libicu-dev \

        libjpeg-dev \

        libldap2-dev \

        libmcrypt-dev \

        libmemcached-dev \

        libpng-dev \

        libpq-dev \

        libxml2-dev \

        libmagickwand-dev \

        libzip-dev \

        libwebp-dev \

        libgmp-dev \

    ; \

    \

    debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \

    docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \

    docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \

    docker-php-ext-install -j "$(nproc)" \

        bcmath \

        exif \

        gd \

        intl \

        ldap \

        opcache \

        pcntl \

        pdo_mysql \

        pdo_pgsql \

        zip \

        gmp \

    ; \

    \

# pecl will claim success even if one install fails, so we need to perform each install separately

    pecl install APCu-5.1.21; \

    pecl install memcached-3.1.5; \

    pecl install redis-5.3.4; \

    pecl install imagick-3.5.1; \

    \

    docker-php-ext-enable \

        apcu \

        memcached \

        redis \

        imagick \

    ; \

    rm -r /tmp/pear; \

    \

# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies

    apt-mark auto '.*' > /dev/null; \

    apt-mark manual $savedAptMark; \

    ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \

        | awk '/=>/ { print $3 }' \

        | sort -u \

        | xargs -r dpkg-query -S \

        | cut -d: -f1 \

        | sort -u \

        | xargs -rt apt-mark manual; \

    \

    apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; 

# Install imagemagick

RUN apt-get -y install imagemagick;\

    rm -rf /var/lib/apt/lists/*;

VOLUME /var/www/html

ENV NEXTCLOUD_VERSION 21.0.9

ENTRYPOINT ["/custom_entrypoint.sh"]

CMD ["php-fpm"]

## Contributing

Anyone can fork a project on our GitLab instance, but to prevent abuse it's disabled by default. Get in touch with us [by e-mail](mailto:join@e.email) or through our support channels and we will let you create a fork and submit MRs.

## Pipeline-Jobs

By default pipeline builds image based on $CI_COMMIT_REF_SLUG. Any branch or tag starting with `selfhost` will build an image for selfhost target. And in all other cases image is built for `ecloud` target. The image is tagged with $CI_COMMIT_REF_SLUG and pushed to registry

**Re-tagging**

There is a provision to create a new tag from an existing image by simply running docker-tag job (manual action). It requires two input parameters, SOURCE and TARGET.

Example: To publish a given image to production you can tag ecloud-21.x.x as ecloud-production, we just have to run `docker-tag` job by providing `SOURCE: ecloud-20.12.10` `TARGET: ecloud-production`. Ref : [this job](https://gitlab.e.foundation/e/infra/ecloud/nextcloud/-/jobs/219782)

 No newline at end of file

+		$user = mb_strtolower($user, 'UTF-8');

+		$domain = $this->config->getSystemValue("mail_domain");

+		$domain_suffix = "@$domain";

+		$admin_username = mb_strtolower($_ENV["NEXTCLOUD_ADMIN_USER"], 'UTF-8');

+		$admin_username = $_ENV["NEXTCLOUD_ADMIN_USER"];

+		if (stristr($user, $domain_suffix) === FALSE && strcmp($user, $admin_username) != 0) {

+			$user = $user . $domain_suffix;

+		}

 	<h3><?php p($l->t('Who has access to your data?')) ?></h3>

 	<h4><?php p($l->t('Administrators')); ?></h4>

--- ./apps/privacy/templates/who-has-access.php	2022-03-17 16:48:46.124670200 +0530

+++ ./apps/privacy/templates/who-has-access-new.php	2022-03-17 16:41:15.624670200 +0530

@@ -4,20 +4,27 @@

 ?>

--- ./apps/privacy/templates/who-has-access.php	2022-03-10 18:22:26.498511800 +0530

+++ ./apps/privacy/templates/who-has-access-new.php	2022-03-10 18:16:10.028511800 +0530

@@ -5,11 +5,13 @@

 <div id="themes" class="section">

-	<h3><?php p($l->t('Who has access to your data?')) ?></h3>

 	<h3><?php p($l->t('Who has access to your data?')) ?></h3>

-	<h4><?php p($l->t('Administrators')); ?></h4>

-	<div id="privacy_access_admins"></div>

+    <h3><?php p($l->t('Who has access to your data?')) ?></h3>

+    <h4><?php p($l->t('People you shared documents or folders with')) ?>:</h4>

+    <div id="privacy_access_shares"></div>

+    <p>&nbsp;</p>

+    <p><?php p($l->t('Like in most cloud services, a reduced number of administrators can see your files and all the information in the database as they need to make backups, perform upgrades, reset passwords, etc.')); ?>

+    </p>

+    <p><a href="https://doc.e.foundation/support-topics/services#can-the-ecloud-admin-access-my-data" target="_blank"

+            title="" rel="noreferrer noopener"><?php p($l->t('Learn more about this topic here.')); ?> ↗</a>

+    </p>

-	<h4><?php p($l->t('People you shared with')) ?></h4>

-	<div id="privacy_access_shares"></div>

+    <?php if (!empty($_['privacyPolicyUrl'])): ?>

+    <h4><?php p($l->t('Privacy policy')) ?></h4>

+    <p>

+        <a href="<?php print_unescaped($_['privacyPolicyUrl']) ?>"><?php p($l->t('Read the privacy policy.')) ?></a>

+    </p>

+    <?php endif; ?>

-	<?php if (!empty($_['privacyPolicyUrl'])): ?>

-	<h4><?php p($l->t('Privacy policy')) ?></h4>

-	<p>

-		<a href="<?php print_unescaped($_['privacyPolicyUrl']) ?>"><?php p($l->t('Read the privacy policy.')) ?></a>

-	</p>

-	<?php endif; ?>

-

-	<h4><?php p($l->t('Encryption')) ?></h4>

-	<div id="privacy_access_encryption"></div>

-</div>

+    <h4><?php p($l->t('Encryption')) ?></h4>

+    <p>

+        <a href="https://nextcloud.com/blog/encryption-in-nextcloud/" target="_blank" title=""

+            rel="noreferrer noopener"><?php p($l->t('To protect your data, we have implemented server-side-encryption on our servers which hides by default the content of your files and notes even to these administrators.')); ?>

+            ↗</a>

+    </p>

+</div>

\ No newline at end of file

+	

 	<h4><?php p($l->t('People you shared with')) ?></h4>

 	<div id="privacy_access_shares"></div>

+	<h4><?php p($l->t('Administrators')); ?></h4>

+	<p><?php p($l->t('Like in most cloud services, administrators can see your files and all the information in the database as they need to make backups, perform upgrades, reset passwords, etc.')); ?></p>

+	<p><a href="https://doc.e.foundation/support-topics/services#can-the-ecloud-admin-access-my-data" target="_blank" title="" rel="noreferrer noopener"><?php p($l->t('Learn more about this topic here.')); ?> ↗</a></p>

 	<?php if (!empty($_['privacyPolicyUrl'])): ?>

 	<h4><?php p($l->t('Privacy policy')) ?></h4>