diff --git a/Dockerfile b/Dockerfile index 6f04c60baa3394d8f852fcd6c292ca8f58b1b078..5f963a6714d85fca62f8a2c1a388a53c37ef1e60 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,19 +1,19 @@ -FROM nextcloud:24.0.10-fpm AS nextcloud +FROM nextcloud:25.0.6-fpm AS nextcloud ARG BASE_DIR="/usr/src/nextcloud" ARG TMP_PATCH_DIR="/tmp/build_patches" -ARG THEME_HELPER_JOB_ID="515506" -ARG NOTES_VERSION="4.5.1" -ARG CONTACTS_JOB_ID="525457" -ARG CALENDAR_JOB_ID="525449" -ARG EMAIL_RECOVERY_JOB_ID="525467" -ARG EA_JOB_ID="526684" -ARG ECLOUD_LAUNCHER_JOB_ID="522867" +ARG THEME_HELPER_JOB_ID="582464" +ARG NOTES_VERSION="4.7.2" +ARG CONTACTS_JOB_ID="582012" +ARG CALENDAR_JOB_ID="582001" +ARG EMAIL_RECOVERY_JOB_ID="582038" +ARG EA_JOB_ID="582028" +ARG LAUNCHER_JOB_ID="582666" ARG GOOGLE_INTEGRATION_VERSION="1.0.9" -ARG ECLOUD_DASHBOARD_JOB_ID="525503" -ARG SNAPPY_VERSION="2.26.3" -ARG SNAPPY_THEME_VERSION="1.2.3" +ARG DASHBOARD_JOB_ID="582062" +ARG SNAPPY_VERSION="2.27.2" +ARG SNAPPY_THEME_VERSION="1.2.7" -RUN sed -i 's/24,0,10,1/24,0,10,10/' ${BASE_DIR}/version.php +RUN sed -i 's/25,0,6,1/25,0,6,4/' ${BASE_DIR}/version.php COPY custom_entrypoint.sh / RUN chmod +x /custom_entrypoint.sh RUN mkdir -p /var/www/skeleton/Documents && mkdir -p /var/www/skeleton/Images @@ -52,7 +52,7 @@ RUN curl -fsSL -o ecloud-theme-helper.zip \ rm ecloud-theme-helper.zip; RUN curl -fsSL -o murena_launcher.zip \ - "https://gitlab.e.foundation/e/infra/ecloud/nextcloud-apps/launcher/-/jobs/${ECLOUD_LAUNCHER_JOB_ID}/artifacts/download" && \ + "https://gitlab.e.foundation/e/infra/ecloud/nextcloud-apps/launcher/-/jobs/${LAUNCHER_JOB_ID}/artifacts/download" && \ unzip murena_launcher.zip && \ mv dist/murena_launcher ${BASE_DIR}/custom_apps/ && \ rm murena_launcher.zip; @@ -70,9 +70,9 @@ RUN curl -fsSL -o ecloud-accounts.zip \ rm ecloud-accounts.zip; RUN curl -fsSL -o ecloud-dashboard.zip \ - "https://gitlab.e.foundation/e/infra/ecloud/nextcloud-apps/ecloud-dashboard/-/jobs/${ECLOUD_DASHBOARD_JOB_ID}/artifacts/download" && \ + "https://gitlab.e.foundation/e/infra/ecloud/nextcloud-apps/murena-dashboard/-/jobs/${DASHBOARD_JOB_ID}/artifacts/download" && \ unzip ecloud-dashboard.zip && \ - mv dist/ecloud-dashboard ${BASE_DIR}/custom_apps/ && \ + mv dist/murena-dashboard ${BASE_DIR}/custom_apps/ && \ rm ecloud-dashboard.zip; RUN curl -fsSL -o snappymail.tar.gz \ @@ -80,11 +80,15 @@ RUN curl -fsSL -o snappymail.tar.gz \ tar -xf snappymail.tar.gz -C ${BASE_DIR}/custom_apps/ && \ rm snappymail.tar.gz; +# Fix snappymail icon +RUN sed -i 's/logo-white-64x64.png/app.svg/' ${BASE_DIR}/custom_apps/snappymail/appinfo/info.xml + # Snappy theme RUN curl -fsSL -o Murena-snappymail-theme.tar.gz \ "https://gitlab.e.foundation/e/infra/ecloud/nextcloud-apps/snappymail-theme/-/archive/${SNAPPY_THEME_VERSION}/snappymail-theme-${SNAPPY_THEME_VERSION}.tar.gz" && \ tar -xf Murena-snappymail-theme.tar.gz -C /tmp/ && \ - mv /tmp/snappymail-theme-${SNAPPY_THEME_VERSION}/ ${BASE_DIR}/themes/Murena && \ + mkdir -p ${BASE_DIR}/themes/Murena/snappymail && \ + mv /tmp/snappymail-theme-${SNAPPY_THEME_VERSION}/ ${BASE_DIR}/themes/Murena/snappymail && \ chown -R www-data:www-data ${BASE_DIR}/themes/Murena/ && \ rm -rf Murena-snappymail-theme.tar.gz @@ -94,6 +98,9 @@ RUN apt-get -y remove unzip # force eCloud theme not to be disabled even when there is an upgrade process launched RUN sed -i "s/\$systemConfig->setValue('theme', '');/\$systemConfig->setValue('theme', 'eCloud');/g" ${BASE_DIR}/lib/base.php +# Disable editor feature of media viewer +RUN sed -i 's/!this.isMobile/!this.isMobile\&\&false/' ${BASE_DIR}/apps/viewer/js/viewer-main.js + ENTRYPOINT ["/custom_entrypoint.sh"] CMD ["php-fpm"] @@ -108,8 +115,6 @@ COPY patches/ ${TMP_PATCH_DIR}/ RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/002-login-without-domain.patch RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/006-recovery-email-changes.patch RUN patch -u ${BASE_DIR}/apps/settings/lib/Settings/Personal/ServerDevNotice.php -i ${TMP_PATCH_DIR}/007-remove-dev-notice.patch -RUN patch -u ${BASE_DIR}/lib/private/Template/IconsCacher.php -i ${TMP_PATCH_DIR}/008-icons-cacher-theme-svgs.patch -RUN patch -u ${BASE_DIR}/core/Controller/SvgController.php -i ${TMP_PATCH_DIR}/008-svg-controller-theme-svgs.patch RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/009-help-links.patch RUN patch -u ${BASE_DIR}/lib/private/Updater.php -i ${TMP_PATCH_DIR}/010-disable-app-store-upgrade.patch RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/011-privacy-settings.patch @@ -121,6 +126,7 @@ RUN patch -u ${BASE_DIR}/apps/settings/lib/Sections/Personal/Groupware.php -i ${ RUN patch -u ${BASE_DIR}/apps/files/js/files.js -i ${TMP_PATCH_DIR}/021-repeated-storage-dialog-fix.patch RUN cd ${BASE_DIR} && patch -u ${BASE_DIR}/3rdparty/sabre/vobject/lib/ITip/Broker.php -i ${TMP_PATCH_DIR}/022-significantchange.patch RUN patch -u ${BASE_DIR}/apps/dav/lib/CalDAV/Reminder/ReminderService.php -i ${TMP_PATCH_DIR}/024-reminder-service-handle-exception.patch +RUN patch -u ${BASE_DIR}/apps/theming/lib/Themes/CommonThemeTrait.php -i ${TMP_PATCH_DIR}/026-primary-color-fix.patch RUN rm -rf ${TMP_PATCH_DIR} @@ -140,8 +146,6 @@ RUN curl -fsSL -o user_backend_sql_raw.tar.gz \ # Set default class of hidden to settings-hint RUN sed -i 's/settings-hint/settings-hint hidden/' ${BASE_DIR}/apps/settings/templates/settings/personal/security/twofactor.php -# change notifications icon src -RUN sed -i 's/(0,Ud.imagePath)("notifications",e)/"\/themes\/"+OC.theme.folder+"\/apps\/notifications\/img\/"+e+".svg"/' ${BASE_DIR}/apps/notifications/js/notifications-main.js RUN sed -i 's/ in Nextcloud/ /' ${BASE_DIR}/custom_apps/integration_google/js/integration_google-personalSettings.js RUN sed -i 's/Nextcloud administrator/administrator/' ${BASE_DIR}/custom_apps/integration_google/js/integration_google-personalSettings.js @@ -149,23 +153,26 @@ RUN sed -i 's/Nextcloud administrator/administrator/' ${BASE_DIR}/custom_apps/in #replace error class in schedule response error file to fix error color RUN sed -i 's/update/error/g' ${BASE_DIR}/apps/dav/templates/schedule-response-error.php +# Fix the navbar entries +RUN sed -i 's/this.appLimit=e/this.appLimit=this.appList.length/' ${BASE_DIR}/dist/core-main.js + From selfhost as ecloud ARG BASE_DIR="/usr/src/nextcloud" ARG TMP_PATCH_DIR="/tmp/build_patches" -ARG THEME_VERSION="24.0.4" -ARG LDAP_WRITE_SUPPORT_VERSION="1.6.0" -ARG OIDC_LOGIN_VERSION="2.4.0" +ARG THEME_VERSION="25.0.6" +ARG LDAP_WRITE_SUPPORT_VERSION="1.7.0" +ARG OIDC_LOGIN_VERSION="2.5.1" # Patches COPY patches/ ${TMP_PATCH_DIR}/ RUN patch -u ${BASE_DIR}/core/templates/layout.user.php -i ${TMP_PATCH_DIR}/003-contact-search-removal.patch RUN patch -u ${BASE_DIR}/core/Controller/ContactsMenuController.php -i ${TMP_PATCH_DIR}/004-contact-search-controller-removal.patch RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-core.patch -RUN cd ${BASE_DIR}/custom_apps && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-custom-app.patch RUN patch -u ${BASE_DIR}/core/templates/layout.guest.php -i ${TMP_PATCH_DIR}/016-login-screen.patch RUN patch -u ${BASE_DIR}/lib/private/Notification/Manager.php -i ${TMP_PATCH_DIR}/020-fairuse-notification-fix.patch RUN cd ${BASE_DIR} && patch -u ${BASE_DIR}/apps/user_ldap/lib/User_LDAP.php -i ${TMP_PATCH_DIR}/023-ldap-check-pwd-optimization.patch RUN patch -u ${BASE_DIR}/lib/private/User/Manager.php -i ${TMP_PATCH_DIR}/025-optimize-get-by-email.patch +RUN patch -u ${BASE_DIR}/apps/dav/lib/Connector/Sabre/Principal.php -i ${TMP_PATCH_DIR}/027-displayname-user-leak-dav.patch RUN rm -rf ${TMP_PATCH_DIR} RUN curl -fsSL -o ldap_write_support.tar.gz \ @@ -182,13 +189,15 @@ RUN curl -fsSL -o oidc_login.tar.gz \ RUN sed -i 's/https:\/\/nextcloud.com\/signup\//https:\/\/e\.foundation\/\/e-email-invite\//' ${BASE_DIR}/core/templates/layout.public.php # show reset pwd page with a query param -RUN cd ${BASE_DIR}/dist && sed -i 's/resetPassword:!1/resetPassword:!1||Z.showResetPassword==="1"/' core-login.js +# RUN cd ${BASE_DIR}/dist && sed -i 's/resetPassword:!1/resetPassword:!1||Z.showResetPassword==="1"/' core-login.js # hide oidc login button RUN sed -i 's/$context->registerAlternativeLogin(OIDCLoginOption::class);/\/\/$context->registerAlternativeLogin(OIDCLoginOption::class);/' ${BASE_DIR}/custom_apps/oidc_login/lib/AppInfo/Application.php -# change notifications icon src -RUN sed -i 's/(0,zd.imagePath)("notifications",e)/"\/themes\/"+OC.theme.folder+"\/apps\/notifications\/img\/"+e+".svg"/' ${BASE_DIR}/apps/notifications/js/notifications-main.js +# add attr about how many notifications to notif icon +RUN sed -i 's/attrs:{id:"notifications",/attrs:{id:"notifications","data-has-notifications":0!==e.notifications.length,/' ${BASE_DIR}/apps/notifications/js/notifications-main.js +# Add data-object-type to notification +RUN sed -i 's/"data-id":e.notificationId,/"data-id":e.notificationId,"data-object-type":e.objectType,/' ${BASE_DIR}/apps/notifications/js/notifications-main.js # autocomplete leak tweak apps frontend with sed, disable group suggestion @@ -202,6 +211,7 @@ RUN sed -i 's/$this->header, \[$this->themingDefaults->getColorPrimary()/$this-> # Remove changeAvatar in changeUserHook of ldap_write_support as it throws errors RUN sed -i 's/$this->changeAvatar/\/\/ $this->changeAvatar/' ${BASE_DIR}/custom_apps/ldap_write_support/lib/LDAPUserManager.php + # Remove 'fix broken values of calendar objects' repair step RUN sed -i '/OCA\\DAV\\Migration\\CalDAVRemoveEmptyValue<\/step>/d' ${BASE_DIR}/apps/dav/appinfo/info.xml diff --git a/custom_entrypoint.sh b/custom_entrypoint.sh index d7f347b73e0b33747ea342bbf588f270a60308f8..c4dbbcc260da9b6193061cf09e8175cec002d1ff 100644 --- a/custom_entrypoint.sh +++ b/custom_entrypoint.sh @@ -22,7 +22,6 @@ if version_greater "$image_version" "$installed_version"; then rsync $rsync_options --include "/calendar/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/ rsync $rsync_options --include "/contacts/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/ rsync $rsync_options --include "/user_backend_sql_raw/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/ - rsync $rsync_options --include "/rainloop/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/ rsync $rsync_options --include "/email-recovery/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/ rsync $rsync_options --include "/ecloud-accounts/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/ rsync $rsync_options --include "/ecloud-theme-helper/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/ diff --git a/patches/002-login-without-domain.patch b/patches/002-login-without-domain.patch index b857597885783171c5730f6afd70ee736c6c4871..0d61eb88598c316f61acba7333c18750080c76d3 100644 --- a/patches/002-login-without-domain.patch +++ b/patches/002-login-without-domain.patch @@ -7,85 +7,75 @@ This patch auto append the domain handled by nc, configured in env var. only the admin user (also configured in env var) will not have his login appended with a @domain suffix diff --git ./core/Controller/LoginController.php ./core/Controller/LoginController-new.php ---- ./core/Controller/LoginController.php 2022-05-11 11:09:58.346364031 +0530 -+++ ./core/Controller/LoginController-new.php 2022-05-30 19:32:45.195279817 +0530 -@@ -303,6 +303,27 @@ - return $this->generateRedirect($redirect_url); +--- ./core/Controller/LoginController.php 2023-04-21 15:08:54.979407062 +0530 ++++ ./core/Controller/LoginController-new.php 2023-04-21 15:16:48.582366408 +0530 +@@ -318,6 +318,26 @@ + $this->l10n->t('Please try again') + ); } - + $user = trim($user); -+ $user = mb_strtolower($user, 'UTF-8'); -+ $domain = $this->config->getSystemValue('mail_domain', ''); -+ $domain_suffix = !empty($domain) ? '@' . $domain : ''; -+ $alt_domain = $this->config->getSystemValue('alt_mail_domain', ''); -+ $alt_domain_suffix = !empty($alt_domain) ? '@' . $alt_domain : ''; -+ $admin_username = $_ENV["NEXTCLOUD_ADMIN_USER"]; -+ $is_admin = strcmp($user, $admin_username) === 0; -+ -+ if(!$is_admin && stristr($user, $domain_suffix) !== FALSE) { -+ $user = str_replace($domain_suffix, '', $user); -+ } ++ $user = mb_strtolower($user, 'UTF-8'); ++ $legacyDomain = $this->config->getSystemValue('legacy_domain', ''); ++ $legacyDomainSuffix = !empty($legacyDomain) ? '@' . $legacyDomain : ''; ++ $mainDomain = $this->config->getSystemValue('main_domain', ''); ++ $mainDomainSuffix = !empty($mainDomain) ? '@' . $mainDomain : ''; ++ $admin_username = $_ENV["NEXTCLOUD_ADMIN_USER"]; ++ $is_admin = strcmp($user, $admin_username) === 0; ++ ++ if (!$is_admin && str_ends_with($user, $legacyDomainSuffix)) { ++ $user = str_replace($legacyDomainSuffix, '', $user); ++ } + -+ if (!$is_admin && stristr($user, $alt_domain_suffix) !== FALSE) { -+ $user = str_replace($alt_domain_suffix, '', $user); -+ } -+ -+ if(!$this->userManager->userExists($user)) { -+ $user = $user . $domain_suffix; -+ } ++ if (!$is_admin && str_ends_with($user, $mainDomainSuffix)) { ++ $user = str_replace($mainDomainSuffix, '', $user); ++ } + ++ if (!$this->userManager->userExists($user)) { ++ $user = $user . $legacyDomainSuffix; ++ } + $data = new LoginData( $this->request, - trim($user), ---- ./core/Controller/WebAuthnController.php 2022-08-18 10:33:16.150199100 +0530 -+++ ./core/Controller/WebAuthnController-new.php 2022-08-18 10:34:31.880199100 +0530 -@@ -37,6 +37,7 @@ - use OCP\ISession; - use OCP\Util; - use Webauthn\PublicKeyCredentialRequestOptions; -+use OCP\IUserManager; - - class WebAuthnController extends Controller { - private const WEBAUTHN_LOGIN = 'webauthn_login'; -@@ -73,6 +74,25 @@ - +--- ./core/Controller/WebAuthnController.php 2023-04-21 15:18:58.813220092 +0530 ++++ ./core/Controller/WebAuthnController-new.php 2023-04-21 15:24:40.036538414 +0530 +@@ -66,6 +66,27 @@ + $this->logger->debug('Converting login name to UID'); $uid = $loginName; -+ $uid = trim($uid); -+ $uid = mb_strtolower($uid, 'UTF-8'); -+ $domain = \OC::$server->getConfig()->getSystemValue('mail_domain', ''); -+ $domain_suffix = !empty($domain) ? '@' . $domain : ''; -+ $alt_domain = \OC::$server->getConfig()->getSystemValue('alt_mail_domain', ''); -+ $alt_domain_suffix = !empty($alt_domain) ? '@' . $alt_domain : ''; -+ $admin_username = $_ENV["NEXTCLOUD_ADMIN_USER"]; -+ $is_admin = strcmp($uid, $admin_username) === 0; + -+ if(!$is_admin && stristr($uid, $domain_suffix) !== FALSE) { -+ $uid = str_replace($domain_suffix, '', $uid); -+ } -+ if (!$is_admin && stristr($uid, $alt_domain_suffix) !== FALSE) { -+ $uid = str_replace($alt_domain_suffix, '', $uid); -+ } ++ $uid = trim($uid); ++ $uid = mb_strtolower($uid, 'UTF-8'); ++ $legacyDomain = \OC::$server->getConfig()->getSystemValue('legacy_domain', ''); ++ $legacyDomainSuffix = !empty($legacyDomain) ? '@' . $legacyDomain : ''; ++ $mainDomain = \OC::$server->getConfig()->getSystemValue('main_domain', ''); ++ $mainDomainSuffix = !empty($mainDomain) ? '@' . $mainDomain : ''; ++ $admin_username = $_ENV["NEXTCLOUD_ADMIN_USER"]; ++ $is_admin = strcmp($uid, $admin_username) === 0; ++ ++ if (!$is_admin && str_ends_with($uid, $legacyDomainSuffix)) { ++ $uid = str_replace($legacyDomainSuffix, '', $uid); ++ } ++ ++ if (!$is_admin && str_ends_with($uid, $mainDomainSuffix)) { ++ $uid = str_replace($mainDomainSuffix, '', $uid); ++ } + -+ if(!\OC::$server->get(IUserManager::class)->userExists($uid)) { -+ $uid = $uid . $domain_suffix; -+ } ++ if (!\OC::$server->get(\OCP\IUserManager::class)->userExists($uid)) { ++ $uid = $uid . $legacyDomainSuffix; ++ } Util::emitHook( '\OCA\Files_Sharing\API\Server2Server', 'preLoginNameUsedAsUserName', - ---- ./lib/private/User/Session.php 2022-08-10 15:39:33.131890282 +0530 -+++ ./lib/private/User/Session-new.php 2022-08-10 15:48:23.236165783 +0530 -@@ -438,7 +438,11 @@ - IRequest $request, - OC\Security\Bruteforce\Throttler $throttler) { - $currentDelay = $throttler->sleepDelay($request->getRemoteAddress(), 'login'); -- -+ -+ $altDomain = $this->config->getSystemValue('alt_mail_domain', ''); -+ $altDomainSuffix = !empty($altDomain) ? '@' . $altDomain : ''; -+ $user = str_replace($altDomainSuffix, '', $user); +--- ./lib/private/User/Session.php 2023-04-21 15:27:00.417034490 +0530 ++++ ./lib/private/User/Session-new.php 2023-04-21 15:28:18.309111435 +0530 +@@ -430,6 +430,10 @@ + $remoteAddress = $request->getRemoteAddress(); + $currentDelay = $throttler->sleepDelay($remoteAddress, 'login'); + ++ $mainDomain = $this->config->getSystemValue('main_domain', ''); ++ $mainDomainSuffix = !empty($mainDomain) ? '@' . $mainDomain : ''; ++ $user = str_replace($mainDomainSuffix, '', $user); + if ($this->manager instanceof PublicEmitter) { $this->manager->emit('\OC\User', 'preLogin', [$user, $password]); diff --git a/patches/003-contact-search-removal.patch b/patches/003-contact-search-removal.patch index 6449e213a10cc69636313024a385d1cc2b4f766b..aef513aa0fa8c8cd328a7b840706b3e13aa700ef 100644 --- a/patches/003-contact-search-removal.patch +++ b/patches/003-contact-search-removal.patch @@ -5,20 +5,13 @@ Subject: [PATCH] remove user search icon in header tab This patch removes the top right icon enabling the global user search function available to all in nextcloud. diff --git layout.user.php layout.user.php-new ---- layout.user.php 2021-06-22 14:06:34.786843164 +0530 -+++ layout.user.php-new 2021-06-22 14:07:45.938569109 +0530 -@@ -103,14 +103,6 @@ - +--- ./core/templates/layout.user.php 2023-03-28 14:54:05.873566570 +0530 ++++ ./core/templates/layout.user-new.php 2023-03-28 14:54:35.044218831 +0530 +@@ -76,7 +76,6 @@
--
-- -- --
-
- +-
+
+
+ diff --git a/patches/004-contact-search-controller-removal.patch b/patches/004-contact-search-controller-removal.patch index d4dc24da37d1ed46fe6186d48e19037b1477894a..5c6d7d2e978498d78537fb19f04a22e9069805ea 100644 --- a/patches/004-contact-search-controller-removal.patch +++ b/patches/004-contact-search-controller-removal.patch @@ -5,21 +5,21 @@ Subject: [PATCH] do not return these results in user search This patch removes some results from the contact menu controller, not to leak user informations diff --git ContactsMenuController.php ContactsMenuController-new.php ---- ContactsMenuController.php 2021-02-04 10:20:18.000000000 +0100 -+++ ContactsMenuController-new.php 2021-02-04 10:30:13.000000000 +0100 -@@ -58,7 +58,7 @@ - * @return \JsonSerializable[] +--- ./core/Controller/ContactsMenuController.php 2023-02-01 21:40:07.515628276 +0530 ++++ ./core/Controller/ContactsMenuController-new.php 2023-02-01 21:39:07.398140201 +0530 +@@ -49,7 +49,7 @@ + * @throws Exception */ - public function index($filter = null) { + public function index(?string $filter = null): array { - return $this->manager->getEntries($this->userSession->getUser(), $filter); + return []; } /** -@@ -69,11 +69,6 @@ - * @return JSONResponse|\JsonSerializable +@@ -59,11 +59,6 @@ + * @throws Exception */ - public function findOne($shareType, $shareWith) { + public function findOne(int $shareType, string $shareWith) { - $contact = $this->manager->findOne($this->userSession->getUser(), $shareType, $shareWith); - - if ($contact) { diff --git a/patches/005-autocomplete-user-leak-core.patch b/patches/005-autocomplete-user-leak-core.patch index a50b4f79ba737b35ac4824f5c982b3b37ea54587..a1a781a396e170c65fd22da228363bb27a0c41f4 100644 --- a/patches/005-autocomplete-user-leak-core.patch +++ b/patches/005-autocomplete-user-leak-core.patch @@ -29,17 +29,17 @@ diff --git lib/private/Collaboration/Collaborators/UserPlugin.php lib/private/Co $foundUserById = true; diff --git lib/private/Collaboration/Collaborators/MailPlugin.php lib/private/Collaboration/Collaborators/MailPlugin-new.php ---- lib/private/Collaboration/Collaborators/MailPlugin.php 2022-11-23 15:20:44.460495300 +0530 -+++ lib/private/Collaboration/Collaborators/MailPlugin-new.php 2022-11-23 16:55:17.540495300 +0530 -@@ -36,6 +36,7 @@ - use OCP\IConfig; - use OCP\IGroupManager; - use OCP\IUser; -+use OCP\IUserManager; +--- lib/private/Collaboration/Collaborators/MailPlugin.php 2023-02-01 21:43:07.661060529 +0530 ++++ lib/private/Collaboration/Collaborators/MailPlugin-new.php 2023-02-01 21:51:00.382603635 +0530 +@@ -39,6 +39,7 @@ use OCP\IUserSession; use OCP\Share\IShare; use OCP\Mail\IMailer; -@@ -76,13 +77,15 @@ ++use OCP\IUserManager; + + class MailPlugin implements ISearchPlugin { + /* @var bool */ +@@ -76,7 +77,8 @@ IGroupManager $groupManager, KnownUserService $knownUserService, IUserSession $userSession, @@ -49,61 +49,60 @@ diff --git lib/private/Collaboration/Collaborators/MailPlugin.php lib/private/Co $this->contactsManager = $contactsManager; $this->cloudIdManager = $cloudIdManager; $this->config = $config; - $this->groupManager = $groupManager; +@@ -84,6 +86,7 @@ $this->knownUserService = $knownUserService; $this->userSession = $userSession; -+ $this->userManager = $userManager; $this->mailer = $mailer; - ++ $this->userManager = $userManager; + $this->shareeEnumeration = $this->config->getAppValue('core', 'shareapi_allow_share_dialog_user_enumeration', 'yes') === 'yes'; -@@ -224,27 +227,63 @@ + $this->shareWithGroupOnly = $this->config->getAppValue('core', 'shareapi_only_share_with_group_members', 'no') === 'yes'; +@@ -230,27 +233,61 @@ if ($exactEmailMatch) { $searchResult->markExactIdMatch($emailType); } - $result['exact'][] = [ - 'label' => $displayName, -- 'uuid' => $contact['UID'], -- 'name' => $contact['FN'], +- 'uuid' => $contact['UID'] ?? $emailAddress, +- 'name' => $contact['FN'] ?? $displayName, - 'type' => $emailAddressType ?? '', - 'value' => [ - 'shareType' => IShare::TYPE_EMAIL, - 'shareWith' => $emailAddress, - ], - ]; -+ + $isUserinInstance = $this->userManager->get($emailAddress); + if ($isUserinInstance === null) { -+ // /e/ user is not in ecloud -+ ++ // /e/ user is not in ecloud + $result['exact'][] = [ -+ 'label' => $displayName, -+ 'uuid' => $contact['UID'], -+ 'name' => $contact['FN'], -+ 'type' => $emailAddressType ?? '', -+ 'value' => [ -+ 'shareType' => IShare::TYPE_EMAIL, -+ 'shareWith' => $emailAddress, -+ ], -+ ]; ++ 'label' => $displayName, ++ 'uuid' => $contact['UID'], ++ 'name' => $contact['FN'], ++ 'type' => $emailAddressType ?? '', ++ 'value' => [ ++ 'shareType' => IShare::TYPE_EMAIL, ++ 'shareWith' => $emailAddress, ++ ], ++ ]; + } else { -+ // /e/ user IS an ecloud user, convert to user share type -+ if (!$isUserinInstance->isEnabled()) { -+ // Ignore disabled users -+ continue; -+ } -+ $result['exact'][] = [ -+ 'label' => $displayName, -+ 'value' => [ -+ 'shareType' => IShare::TYPE_USER, -+ 'shareWith' => $emailAddress, -+ ], -+ ]; ++ // /e/ user IS an ecloud user, convert to user share type ++ if (!$isUserinInstance->isEnabled()) { ++ // Ignore disabled users ++ continue; ++ } ++ $result['exact'][] = [ ++ 'label' => $displayName, ++ 'value' => [ ++ 'shareType' => IShare::TYPE_USER, ++ 'shareWith' => $emailAddress, ++ ], ++ ]; + } } else { - $result['wide'][] = [ - 'label' => $displayName, -- 'uuid' => $contact['UID'], -- 'name' => $contact['FN'], +- 'uuid' => $contact['UID'] ?? $emailAddress, +- 'name' => $contact['FN'] ?? $displayName, - 'type' => $emailAddressType ?? '', - 'value' => [ - 'shareType' => IShare::TYPE_EMAIL, @@ -113,30 +112,31 @@ diff --git lib/private/Collaboration/Collaborators/MailPlugin.php lib/private/Co + $isUserinInstance = $this->userManager->get($emailAddress); + if ($isUserinInstance === null) { + // /e/ user is not in ecloud -+ $result['wide'][] = [ -+ 'label' => $displayName, -+ 'uuid' => $contact['UID'], -+ 'name' => $contact['FN'], -+ 'type' => $emailAddressType ?? '', -+ 'value' => [ ++ $result['wide'][] = [ ++ 'label' => $displayName, ++ 'uuid' => $contact['UID'], ++ 'name' => $contact['FN'], ++ 'type' => $emailAddressType ?? '', ++ 'value' => [ + 'shareType' => IShare::TYPE_EMAIL, + 'shareWith' => $emailAddress, -+ ], -+ ]; -+ } else { -+ // /e/ user IS an ecloud user, convert to user share type -+ if (!$isUserinInstance->isEnabled()) { -+ // Ignore disabled users -+ continue; -+ } -+ $result['wide'][] = [ -+ 'label' => $displayName, -+ 'value' => [ -+ 'shareType' => IShare::TYPE_USER, -+ 'shareWith' => $emailAddress, -+ ], -+ ]; ++ ], ++ ]; ++ } else { ++ // /e/ user IS an ecloud user, convert to user share type ++ if (!$isUserinInstance->isEnabled()) { ++ // Ignore disabled users ++ continue; + } ++ $result['wide'][] = [ ++ 'label' => $displayName, ++ 'value' => [ ++ 'shareType' => IShare::TYPE_USER, ++ 'shareWith' => $emailAddress, ++ ], ++ ]; ++ } } } } + diff --git a/patches/005-autocomplete-user-leak-custom-app.patch b/patches/005-autocomplete-user-leak-custom-app.patch deleted file mode 100644 index d686b2a238b7d8c715813539f9df16ad7e32becc..0000000000000000000000000000000000000000 --- a/patches/005-autocomplete-user-leak-custom-app.patch +++ /dev/null @@ -1,25 +0,0 @@ -From: diroots -Date: Tue, 02 Mar 2021 15:43:12 +0100 -Subject: [PATCH] filter user search results during file sharing - user_backend_sql_raw app changes - -This patch filter results from user search not to return users by their displayname, but only return users with full username, -ie. username@ecloud_domain so no user leaks with their display name which could be username - -this filtering works in conjunction with the autocomplete feature disabled in nextcloud settings - -this patch is applied to the user_backend_sql_raw app as this application superseeds the nextcloud's core UserBackend class - - -diff --git user_backend_sql_raw/lib/UserBackend.php user_backend_sql_raw/lib/UserBackend-new.php ---- user_backend_sql_raw/lib/UserBackend.php 2020-10-06 01:56:49.000000000 +0200 -+++ user_backend_sql_raw/lib/UserBackend-new.php 2021-03-02 15:43:12.615868478 +0100 -@@ -108,7 +108,8 @@ - // Because MariaDB can not handle string parameters for LIMIT/OFFSET we have to bind the - // values "manually" instead of passing an array to execute(). This is another instance of - // MariaDB making the code "uglier". -- $statement->bindValue(':search', '%' . $searchString . '%', \PDO::PARAM_STR); -+ $statement->bindValue(':search', $searchString , \PDO::PARAM_STR); -+ - if (isset($limit)) { - $statement->bindValue(':limit', intval($limit), \PDO::PARAM_INT); - } \ No newline at end of file diff --git a/patches/006-recovery-email-changes.patch b/patches/006-recovery-email-changes.patch index bffaf5b39cf0d96f1826f681e61f2ac3f9e0915b..a424dd06e44ac80480b897266e971b9b3567f60a 100644 --- a/patches/006-recovery-email-changes.patch +++ b/patches/006-recovery-email-changes.patch @@ -1,50 +1,51 @@ ---- ./core/Controller/LostController.php 2022-05-25 15:07:44.582984541 +0530 -+++ ./core/Controller/LostController-new.php 2022-05-28 15:29:43.418394746 +0530 -@@ -174,8 +174,23 @@ +--- ./core/Controller/LostController.php 2023-05-05 18:38:07.080445742 +0530 ++++ ./core/Controller/LostController-new.php 2023-05-05 18:48:27.385043088 +0530 +@@ -172,8 +172,23 @@ */ protected function checkPasswordResetToken(string $token, string $userId): void { try { -+ $domain = $this->config->getSystemValue('mail_domain', ''); -+ $domainSuffix = !empty($domain) ? '@' . $domain : ''; -+ $altDomain = $this->config->getSystemValue('alt_mail_domain', ''); -+ $altDomainSuffix = !empty($altDomain) ? '@' . $altDomain : ''; -+ if(stristr($userId, $domainSuffix) !== FALSE) { -+ $userId = str_replace($domainSuffix, '', $userId); ++ $legacyDomain = $this->config->getSystemValue('legacy_domain', ''); ++ $legacyDomainSuffix = !empty($legacyDomain) ? '@' . $legacyDomain : ''; ++ $mainDomain = $this->config->getSystemValue('main_domain', ''); ++ $mainDomainSuffix = !empty($mainDomain) ? '@' . $mainDomain : ''; ++ if(str_ends_with($userId, $legacyDomainSuffix)) { ++ $userId = str_replace($legacyDomainSuffix, '', $userId); + } -+ if(stristr($userId, $altDomainSuffix) !== FALSE) { -+ $userId = str_replace($altDomainSuffix, '', $userId); ++ if(str_ends_with($userId, $mainDomainSuffix)) { ++ $userId = str_replace($mainDomainSuffix, '', $userId); + } ++ + if(!$this->userManager->userExists($userId)) { -+ $userId = $userId . $domainSuffix; ++ $userId = $userId . $legacyDomainSuffix; + } $user = $this->userManager->get($userId); - $this->verificationToken->check($token, $user, 'lostpassword', $user ? $user->getEMailAddress() : '', true); -+ $recoveryEmail = $this->config->getUserValue($userId, 'email-recovery', 'recovery-email'); -+ $mailAddress = is_null($recoveryEmail) ? '' : $recoveryEmail; -+ $this->verificationToken->check($token, $user, 'lostpassword', $mailAddress, true); ++ $recoveryEmail = $this->config->getUserValue($userId, 'email-recovery', 'recovery-email', ''); ++ $this->verificationToken->check($token, $user, 'lostpassword', $user ? $recoveryEmail : '', true); } catch (InvalidTokenException $e) { $error = $e->getCode() === InvalidTokenException::TOKEN_EXPIRED ? $this->l10n->t('Could not reset password because the token is expired') -@@ -287,8 +302,21 @@ +@@ -273,9 +288,22 @@ * @throws \OCP\PreConditionNotMetException */ - protected function sendEmail($input) { -+ $domain = $this->config->getSystemValue('mail_domain', ''); -+ $domainSuffix = !empty($domain) ? '@' . $domain : ''; -+ $altDomain = $this->config->getSystemValue('alt_mail_domain', ''); -+ $altDomainSuffix = !empty($altDomain) ? '@' . $altDomain : ''; -+ if (stristr($input, $domainSuffix) !== FALSE) { -+ $input = str_replace($domainSuffix, '', $input); + protected function sendEmail(string $input): void { ++ $legacyDomain = $this->config->getSystemValue('legacy_domain', ''); ++ $legacyDomainSuffix = !empty($legacyDomain) ? '@' . $legacyDomain : ''; ++ $mainDomain = $this->config->getSystemValue('main_domain', ''); ++ $mainDomainSuffix = !empty($mainDomain) ? '@' . $mainDomain : ''; ++ if (str_ends_with($input, $legacyDomainSuffix)) { ++ $input = str_replace($legacyDomainSuffix, '', $input); + } -+ if(stristr($input, $altDomainSuffix) !== FALSE) { -+ $input = str_replace($altDomainSuffix, '', $input); ++ if(str_ends_with($input, $mainDomainSuffix)) { ++ $input = str_replace($mainDomainSuffix, '', $input); + } + if(!$this->userManager->userExists($input) ) { -+ $input = $input . $domainSuffix; ++ $input = $input . $legacyDomainSuffix; + } $user = $this->findUserByIdOrMail($input); -- $email = $user->getEMailAddress(); -+ $email = $this->config->getUserValue($user->getUID(), 'email-recovery', 'recovery-email'); - + $email = $user->getEMailAddress(); +- ++ $email = $this->config->getUserValue($user->getUID(), 'email-recovery', 'recovery-email', ''); if (empty($email)) { throw new ResetPasswordException('Could not send reset e-mail since there is no email for username ' . $input); + } diff --git a/patches/008-icons-cacher-theme-svgs.patch b/patches/008-icons-cacher-theme-svgs.patch deleted file mode 100644 index 76ce275688af90e56d0c630970c8cef330a7f0b2..0000000000000000000000000000000000000000 --- a/patches/008-icons-cacher-theme-svgs.patch +++ /dev/null @@ -1,46 +0,0 @@ -From: ArnauVP -Date: Thu, 23 Mar 2022 11:30:00 +0000 -Subject: [PATCH] Caches SVGs added via theme - -This patch modifies Icons Cacher to check theme for icons and if they exist, -cache them instead of the icons in core or apps directories - -diff --git ./lib/private/Template/IconsCacher.php ./lib/private/Template/IconsCacher-new.php ---- ./lib/private/Template/IconsCacher.php 2022-03-23 12:30:24.000000000 +0100 -+++ ./lib/private/Template/IconsCacher-new.php 2022-03-23 12:32:37.000000000 +0100 -@@ -161,21 +161,28 @@ - $color = ''; - $base = $this->getRoutePrefix() . '/svg/'; - $cleanUrl = \substr($url, \strlen($base)); -+ $theme = \OC::$server->getConfig()->getSystemValue("theme"); - if (\strpos($url, $base . 'core') === 0) { - $cleanUrl = \substr($cleanUrl, \strlen('core')); - if (\preg_match('/\/([a-zA-Z0-9-_\~\/\.\=\:\;\+\,]+)\?color=([0-9a-fA-F]{3,6})/', $cleanUrl, $matches)) { - [,$cleanUrl,$color] = $matches; -- $location = \OC::$SERVERROOT . '/core/img/' . $cleanUrl . '.svg'; -+ $location = \OC::$SERVERROOT . '/themes/'. $theme . '/core/img/' . $cleanUrl . '.svg'; -+ if (!file_exists($location)) { -+ $location = \OC::$SERVERROOT . '/core/img/' . $cleanUrl . '.svg'; -+ } - } - } elseif (\strpos($url, $base) === 0) { - if (\preg_match('/([A-z0-9\_\-]+)\/([a-zA-Z0-9-_\~\/\.\=\:\;\+\,]+)\?color=([0-9a-fA-F]{3,6})/', $cleanUrl, $matches)) { - [,$app,$cleanUrl, $color] = $matches; -- $appPath = \OC_App::getAppPath($app); -- if ($appPath !== false) { -- $location = $appPath . '/img/' . $cleanUrl . '.svg'; -- } -- if ($app === 'settings') { -- $location = \OC::$SERVERROOT . '/settings/img/' . $cleanUrl . '.svg'; -+ $location = \OC::$SERVERROOT . '/themes/' . $theme . '/apps/' . $app . '/img/' . $cleanUrl . '.svg'; -+ if (!file_exists($location)) { -+ $appPath = \OC_App::getAppPath($app); -+ if ($appPath !== false) { -+ $location = $appPath . '/img/' . $cleanUrl . '.svg'; -+ } -+ if ($app === 'settings') { -+ $location = \OC::$SERVERROOT . '/settings/img/' . $cleanUrl . '.svg'; -+ } - } - } - } diff --git a/patches/008-svg-controller-theme-svgs.patch b/patches/008-svg-controller-theme-svgs.patch deleted file mode 100644 index 4e86543e4319cc477b9a6e5e640879d2bd85b1c2..0000000000000000000000000000000000000000 --- a/patches/008-svg-controller-theme-svgs.patch +++ /dev/null @@ -1,38 +0,0 @@ -From: Akhil -Date: Tue, 22 Jul 2021 18:15:00 +0530 -Subject: [PATCH] Serves SVGs added via theme through SVG Controller - -This patch modifies SVG Controllers to check theme for icons and if they exist, return them before checking -app or core directories in their respective methods - -diff --git ./lib/private/Template/IconsCacher.php ./lib/private/Template/IconsCacher-new.php ---- ./core/Controller/SvgController.php 2021-07-22 18:00:30.575284496 +0530 -+++ ./core/Controller/SvgController-new.php 2021-07-22 18:07:55.927091362 +0530 -@@ -81,7 +81,13 @@ - * @return DataDisplayResponse|NotFoundResponse - */ - public function getSvgFromCore(string $folder, string $fileName, string $color = 'ffffff') { -- $path = $this->serverRoot . "/core/img/$folder/$fileName.svg"; -+ $theme = \OC::$server->getConfig()->getSystemValue("theme"); -+ $path = $this->serverRoot . '/themes/' . $theme .'/core/img/' . $folder . '/' . $fileName . '.svg'; -+ if(file_exists($path)) { -+ return $this->getSvg($path, $color, $fileName); -+ } -+ -+ $path = $this->serverRoot . "/core/img/$folder/$fileName.svg"; - return $this->getSvg($path, $color, $fileName); - } - -@@ -103,7 +109,11 @@ - } catch (AppPathNotFoundException $e) { - return new NotFoundResponse(); - } -- -+ $theme = \OC::$server->getConfig()->getSystemValue("theme"); -+ $path = $this->serverRoot . '/themes/' . $theme .'/apps/' . $app . '/img/'. $fileName . '.svg'; -+ if(file_exists($path)) { -+ return $this->getSvg($path, $color, $fileName); -+ } - $path = $appPath . "/img/$fileName.svg"; - return $this->getSvg($path, $color, $fileName); - } diff --git a/patches/009-help-links.patch b/patches/009-help-links.patch index 43bd732b6696397c11b14fd0899e35a28300f4a8..d414f91c7bc3a858f2748c8fe9527118f40de5c0 100644 --- a/patches/009-help-links.patch +++ b/patches/009-help-links.patch @@ -5,30 +5,28 @@ Subject: [PATCH] Changes help links to point to the correct links This patch adds changes to the "Settings" app's help template, controller and stylesheet to make sure the correct help links are shown ---- ./apps/settings/lib/Controller/HelpController.php 2021-08-10 16:54:15.844898527 +0530 -+++ ./apps/settings/lib/Controller/HelpController-new.php 2021-08-10 16:54:42.541807384 +0530 -@@ -89,7 +89,8 @@ - 'url' => $documentationUrl, - 'urlUserDocs' => $urlUserDocs, +--- ./apps/settings/lib/Controller/HelpController.php 2023-02-01 18:59:44.491700506 +0530 ++++ ./apps/settings/lib/Controller/HelpController-new.php 2023-02-01 21:01:10.933837383 +0530 +@@ -98,6 +98,7 @@ 'urlAdminDocs' => $urlAdminDocs, -- 'mode' => $mode, -+ 'mode' => $mode, -+ 'ncVersion' => \OCP\Util::getVersion()[0] + 'mode' => $mode, + 'pageTitle' => $pageTitle, ++ 'ncVersion' => \OCP\Util::getVersion()[0], ]); $policy = new ContentSecurityPolicy(); $policy->addAllowedFrameDomain('\'self\''); ---- ./apps/settings/templates/help.php 2021-07-01 15:13:08.000000000 +0530 -+++ ./apps/settings/templates/help-new.php 2021-08-10 17:22:42.771569854 +0530 -@@ -4,45 +4,25 @@ -
+--- ./apps/settings/templates/help.php 2023-02-01 20:49:47.625123858 +0530 ++++ ./apps/settings/templates/help-new.php 2023-02-01 20:55:46.533199855 +0530 +@@ -4,45 +4,26 @@ + - -
-- -
diff --git a/patches/016-login-screen.patch b/patches/016-login-screen.patch index 67cef3ce5a67359a081344470370b5cb2cf9562c..4bf803b78d7b30cbf501cc6b685578237c714a7c 100644 --- a/patches/016-login-screen.patch +++ b/patches/016-login-screen.patch @@ -1,14 +1,20 @@ ---- ./core/templates/layout.guest.php 2022-09-12 14:16:28.724884600 +0530 -+++ ./core/templates/layout.guest-new.php 2022-09-12 14:03:12.924884600 +0530 -@@ -20,6 +20,7 @@ - - +From: Akhil +Date: Thu, 28 Mar 2023 15:05:00 +0530 +Subject: [PATCH] Login page patch to apply Murena login page + +This patch applies the Murena login page changes to the login page + +--- ./core/templates/layout.guest.php 2023-03-28 14:56:52.130616847 +0530 ++++ ./core/templates/layout.guest-new.php 2023-03-28 15:01:34.973604329 +0530 +@@ -22,6 +22,7 @@ + + + -@@ -28,8 +29,29 @@ +@@ -30,12 +31,37 @@ $initialState) { ?> @@ -40,10 +46,7 @@
+ + + + @@ -51,7 +54,9 @@
-
+@@ -44,13 +70,24 @@ + getName()); ?> + + +