diff --git a/Dockerfile b/Dockerfile index 64a024e406f348327ee74585bfbf31ec96fae83c..e1927cd9ecf89d907e894ff0f84e0af3441f51e2 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,39 +1,25 @@ -FROM nextcloud:24.0.8-fpm AS nextcloud +FROM nextcloud:24.0.10-fpm AS nextcloud ARG BASE_DIR="/usr/src/nextcloud" ARG TMP_PATCH_DIR="/tmp/build_patches" -ARG THEME_HELPER_JOB_ID="446245" -ARG NEWS_VERSION="20.0.0" -ARG QUOTA_WARN_VERSION="1.15.0" +ARG THEME_HELPER_JOB_ID="515506" ARG NOTES_VERSION="4.5.1" -ARG CONTACTS_JOB_ID="471108" -ARG CALENDAR_JOB_ID="471116" -ARG USER_BACKEND_RAW_SQL_VERSION="1.3.0" -ARG EMAIL_RECOVERY_JOB_ID="445958" -ARG RAINLOOP_VERSION="7.2.5" -ARG RAINLOOP_COMMIT_SHA="523518ba" -ARG EA_JOB_ID="445966" -ARG ECLOUD_LAUNCHER_JOB_ID="458901" -ARG GOOGLE_INTEGRATION_VERSION="1.0.8" -ARG ECLOUD_DASHBOARD_JOB_ID="485170" - -RUN sed -i 's/24,0,8,2/24,0,8,7/' ${BASE_DIR}/version.php +ARG CONTACTS_JOB_ID="525457" +ARG CALENDAR_JOB_ID="525449" +ARG EMAIL_RECOVERY_JOB_ID="525467" +ARG EA_JOB_ID="526684" +ARG ECLOUD_LAUNCHER_JOB_ID="522867" +ARG GOOGLE_INTEGRATION_VERSION="1.0.9" +ARG ECLOUD_DASHBOARD_JOB_ID="525503" +ARG SNAPPY_VERSION="2.26.3" +ARG SNAPPY_THEME_VERSION="1.2.2" + +RUN sed -i 's/24,0,10,1/24,0,10,7/' ${BASE_DIR}/version.php COPY custom_entrypoint.sh / RUN chmod +x /custom_entrypoint.sh RUN mkdir -p /var/www/skeleton/Documents && mkdir -p /var/www/skeleton/Images # Install unzip for unzipping artifacts RUN apt-get update && apt-get install unzip -# Custom apps -RUN curl -fsSL -o news.tar.gz \ - "https://github.com/nextcloud/news/releases/download/${NEWS_VERSION}/news.tar.gz" && \ - tar -xf news.tar.gz -C ${BASE_DIR}/custom_apps/ && \ - rm news.tar.gz; - -RUN curl -fsSL -o quota_warning.tar.gz \ - "https://github.com/nextcloud-releases/quota_warning/releases/download/v${QUOTA_WARN_VERSION}/quota_warning-v${QUOTA_WARN_VERSION}.tar.gz" && \ - tar -xf quota_warning.tar.gz -C ${BASE_DIR}/custom_apps/ && \ - rm quota_warning.tar.gz; - RUN curl -fsSL -o notes.tar.gz \ "https://github.com/nextcloud/notes/releases/download/v${NOTES_VERSION}/notes.tar.gz" && \ tar -xf notes.tar.gz -C ${BASE_DIR}/custom_apps/ && \ @@ -46,29 +32,18 @@ RUN curl -fsSL -o contacts.zip \ mv dist/contacts ${BASE_DIR}/custom_apps/ && \ rm contacts.zip; -# custom Calendar 3.2.4 RUN curl -fsSL -o calendar.zip \ "https://gitlab.e.foundation/e/infra/ecloud/nextcloud-apps/calendar/-/jobs/${CALENDAR_JOB_ID}/artifacts/download" && \ unzip calendar.zip && \ mv dist/calendar ${BASE_DIR}/custom_apps/ && \ rm calendar.zip; -RUN curl -fsSL -o user_backend_sql_raw.tar.gz \ - "https://github.com/PanCakeConnaisseur/user_backend_sql_raw/releases/download/v${USER_BACKEND_RAW_SQL_VERSION}/user_backend_sql_raw.tar.gz" && \ - tar -xf user_backend_sql_raw.tar.gz -C ${BASE_DIR}/custom_apps/ && \ - rm user_backend_sql_raw.tar.gz; - RUN curl -fsSL -o email-recovery.zip \ "https://gitlab.e.foundation/e/infra/ecloud/nextcloud-apps/email-recovery/-/jobs/${EMAIL_RECOVERY_JOB_ID}/artifacts/download" && \ unzip email-recovery.zip && \ mv dist/email-recovery ${BASE_DIR}/custom_apps/ && \ rm email-recovery.zip; -RUN curl -fsSL -o rainloop.tar.gz \ - "https://gitlab.e.foundation/e/infra/ecloud/nextcloud-apps/rainloop-nextcloud/-/archive/${RAINLOOP_VERSION}-${RAINLOOP_COMMIT_SHA}/rainloop-nextcloud-${RAINLOOP_VERSION}-${RAINLOOP_COMMIT_SHA}.tar.gz" && \ - tar -xf rainloop.tar.gz -C ${BASE_DIR}/custom_apps/ && \ - mv "${BASE_DIR}/custom_apps/rainloop-nextcloud-${RAINLOOP_VERSION}-${RAINLOOP_COMMIT_SHA}" "${BASE_DIR}/custom_apps/rainloop" && \ - rm rainloop.tar.gz; RUN curl -fsSL -o ecloud-theme-helper.zip \ "https://gitlab.e.foundation/e/infra/ecloud/nextcloud-apps/ecloud-theme-helper/-/jobs/${THEME_HELPER_JOB_ID}/artifacts/download" && \ @@ -100,6 +75,19 @@ RUN curl -fsSL -o ecloud-dashboard.zip \ mv dist/ecloud-dashboard ${BASE_DIR}/custom_apps/ && \ rm ecloud-dashboard.zip; +RUN curl -fsSL -o snappymail.tar.gz \ + "https://snappymail.eu/repository/nextcloud/snappymail-${SNAPPY_VERSION}-nextcloud.tar.gz" && \ + tar -xf snappymail.tar.gz -C ${BASE_DIR}/custom_apps/ && \ + rm snappymail.tar.gz; + +# Snappy theme +RUN curl -fsSL -o Murena-snappymail-theme.tar.gz \ + "https://gitlab.e.foundation/e/infra/ecloud/nextcloud-apps/snappymail-theme/-/archive/${SNAPPY_THEME_VERSION}/snappymail-theme-${SNAPPY_THEME_VERSION}.tar.gz" && \ + tar -xf Murena-snappymail-theme.tar.gz -C /tmp/ && \ + mv /tmp/snappymail-theme-${SNAPPY_THEME_VERSION}/ ${BASE_DIR}/themes/Murena && \ + chown -R www-data:www-data ${BASE_DIR}/themes/Murena/ && \ + rm -rf Murena-snappymail-theme.tar.gz + # Remove unzip when unzipping is done RUN apt-get -y remove unzip @@ -113,6 +101,7 @@ From nextcloud as selfhost ARG BASE_DIR="/usr/src/nextcloud" ARG TMP_PATCH_DIR="/tmp/build_patches" ARG THEME_VERSION="selfhost-22.0.0" +ARG USER_BACKEND_RAW_SQL_VERSION="1.3.0" # Patches COPY patches/ ${TMP_PATCH_DIR}/ @@ -131,6 +120,8 @@ RUN patch -u ${BASE_DIR}/core/Command/User/Setting.php -i ${TMP_PATCH_DIR}/018-o RUN patch -u ${BASE_DIR}/apps/settings/lib/Sections/Personal/Groupware.php -i ${TMP_PATCH_DIR}/019-groupware.patch RUN patch -u ${BASE_DIR}/apps/files/js/files.js -i ${TMP_PATCH_DIR}/021-repeated-storage-dialog-fix.patch RUN cd ${BASE_DIR} && patch -u ${BASE_DIR}/3rdparty/sabre/vobject/lib/ITip/Broker.php -i ${TMP_PATCH_DIR}/022-significantchange.patch +RUN patch -u ${BASE_DIR}/apps/dav/lib/CalDAV/Reminder/ReminderService.php -i ${TMP_PATCH_DIR}/024-reminder-service-handle-exception.patch + RUN rm -rf ${TMP_PATCH_DIR} # Custom theme @@ -141,6 +132,12 @@ RUN curl -fsSL -o eCloud-theme.tar.gz \ chown -R www-data:www-data ${BASE_DIR}/themes/eCloud/ && \ rm -rf eCloud-theme.tar.gz ${BASE_DIR}/themes/example/ +# User Backend +RUN curl -fsSL -o user_backend_sql_raw.tar.gz \ + "https://github.com/PanCakeConnaisseur/user_backend_sql_raw/releases/download/v${USER_BACKEND_RAW_SQL_VERSION}/user_backend_sql_raw.tar.gz" && \ + tar -xf user_backend_sql_raw.tar.gz -C ${BASE_DIR}/custom_apps/ && \ + rm user_backend_sql_raw.tar.gz; + # Set default class of hidden to settings-hint RUN sed -i 's/settings-hint/settings-hint hidden/' ${BASE_DIR}/apps/settings/templates/settings/personal/security/twofactor.php # change notifications icon src @@ -155,7 +152,7 @@ RUN sed -i 's/update/error/g' ${BASE_DIR}/apps/dav/templates/schedule-response-e From selfhost as ecloud ARG BASE_DIR="/usr/src/nextcloud" ARG TMP_PATCH_DIR="/tmp/build_patches" -ARG THEME_VERSION="24.0.1" +ARG THEME_VERSION="24.0.3" ARG LDAP_WRITE_SUPPORT_VERSION="1.6.0" ARG OIDC_LOGIN_VERSION="2.4.0" @@ -165,9 +162,10 @@ RUN patch -u ${BASE_DIR}/core/templates/layout.user.php -i ${TMP_PATCH_DIR}/003- RUN patch -u ${BASE_DIR}/core/Controller/ContactsMenuController.php -i ${TMP_PATCH_DIR}/004-contact-search-controller-removal.patch RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-core.patch RUN cd ${BASE_DIR}/custom_apps && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-custom-app.patch -RUN cd ${BASE_DIR} && patch -u ${BASE_DIR}/apps/dashboard/lib/Controller/DashboardController.php -i ${TMP_PATCH_DIR}/012-remove-user-status-widget.patch RUN patch -u ${BASE_DIR}/core/templates/layout.guest.php -i ${TMP_PATCH_DIR}/016-login-screen.patch RUN patch -u ${BASE_DIR}/lib/private/Notification/Manager.php -i ${TMP_PATCH_DIR}/020-fairuse-notification-fix.patch +RUN cd ${BASE_DIR} && patch -u ${BASE_DIR}/apps/user_ldap/lib/User_LDAP.php -i ${TMP_PATCH_DIR}/023-ldap-check-pwd-optimization.patch +RUN patch -u ${BASE_DIR}/lib/private/User/Manager.php -i ${TMP_PATCH_DIR}/025-optimize-get-by-email.patch RUN rm -rf ${TMP_PATCH_DIR} RUN curl -fsSL -o ldap_write_support.tar.gz \ @@ -198,9 +196,6 @@ RUN cd ${BASE_DIR}/custom_apps/contacts && sed -i 's/"GROUP","INDIVIDUAL"/"INDIV RUN cd ${BASE_DIR}/custom_apps/calendar && sed -i 's/"GROUP","INDIVIDUAL"/"INDIVIDUAL"/g' js/calendar-main.js RUN cd ${BASE_DIR}/custom_apps/calendar && sed -i 's/{name:\[o,"displayname"\]},//' js/calendar-main.js -# Set default widgets to calendar, tasks and notes -RUN sed -i 's/recommendations,spreed,mail,calendar/calendar,tasks,notes/' ${BASE_DIR}/apps/dashboard/lib/Controller/DashboardController.php - # Remove colored background from email template logo RUN sed -i 's/$this->header, \[$this->themingDefaults->getColorPrimary()/$this->header, \["none"/' ${BASE_DIR}/lib/private/Mail/EMailTemplate.php @@ -222,4 +217,3 @@ RUN rm -rf ${BASE_DIR}/themes/eCloud && \ # Seds to fix displayname save regression RUN sed -i "s/'email' ||/'email'/" ${BASE_DIR}/apps/settings/js/federationsettingsview.js RUN sed -i "s/field === 'displayname'//" ${BASE_DIR}/apps/settings/js/federationsettingsview.js - diff --git a/custom_entrypoint.sh b/custom_entrypoint.sh index ad2911c50d90504e63df09711b7c955cad1f11b6..f7fe265811b701e9e74bfc6db6bb71bfe858401c 100644 --- a/custom_entrypoint.sh +++ b/custom_entrypoint.sh @@ -18,9 +18,7 @@ fi image_version="$(php -r 'require "/usr/src/nextcloud/version.php"; echo implode(".", $OC_Version);')" if version_greater "$image_version" "$installed_version"; then - rsync $rsync_options --include "/news/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/ rsync $rsync_options --include "/notes/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/ - rsync $rsync_options --include "/quota_warning/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/ rsync $rsync_options --include "/calendar/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/ rsync $rsync_options --include "/contacts/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/ rsync $rsync_options --include "/user_backend_sql_raw/" --exclude '/*' $SRC_DIR/custom_apps/ $DST_DIR/custom_apps/ diff --git a/patches/012-remove-user-status-widget.patch b/patches/012-remove-user-status-widget.patch deleted file mode 100644 index 40e0d3a57d87e4a6d13b4a2da1ce32aa70ea1ec0..0000000000000000000000000000000000000000 --- a/patches/012-remove-user-status-widget.patch +++ /dev/null @@ -1,18 +0,0 @@ -From: Akhil -Date: Fri, 17 Sep 2021 13:00 +0530 -Subject: [PATCH] Removes user status widget from Dashboard - -This patch removes user status widget from available widgets in dashboard - ---- DashboardController.php 2021-09-17 12:56:19.691685082 +0530 -+++ DashboardController-new.php 2021-09-17 12:59:18.906502554 +0530 -@@ -108,6 +108,9 @@ - 'url' => $widget->getUrl() - ]; - }, $this->dashboardManager->getWidgets()); -+ $widgets = array_filter($widgets, function($widget) { -+ return($widget['id'] !== "user_status"); -+ }); - $configStatuses = $this->config->getUserValue($this->userId, 'dashboard', 'statuses', ''); - $statuses = json_decode($configStatuses, true); - // We avoid getting an empty array as it will not produce an object in UI's JS diff --git a/patches/023-ldap-check-pwd-optimization.patch b/patches/023-ldap-check-pwd-optimization.patch new file mode 100644 index 0000000000000000000000000000000000000000..60bbe61d7be728dc5982722335d3abf613d943c8 --- /dev/null +++ b/patches/023-ldap-check-pwd-optimization.patch @@ -0,0 +1,59 @@ +From: Akhil +Date: Wed, 04 Jan 2023 16:24 +0530 +Subject: [PATCH] This patch optimize the ldap checkPassword function to reduce number of LDAP binds and SQL UPDATE operations per password check + +--- ./apps/user_ldap/lib/User_LDAP.php 2023-01-04 16:20:02.747181606 +0530 ++++ ./apps/user_ldap/lib/User_LDAP-new.php 2023-01-17 19:22:51.776857415 +0530 +@@ -114,11 +114,12 @@ + * @return string|false + * @throws \Exception + */ +- public function loginName2UserName($loginName) { ++ public function loginName2UserName($loginName, bool $forceLdapRefetch = false) { + $cacheKey = 'loginName2UserName-' . $loginName; + $username = $this->access->connection->getFromCache($cacheKey); + +- if ($username !== null) { ++ $ignoreCache = ($username === false && $forceLdapRefetch); ++ if ($username !== null && !$ignoreCache) { + return $username; + } + +@@ -133,6 +134,9 @@ + } + $username = $user->getUsername(); + $this->access->connection->writeToCache($cacheKey, $username); ++ if($forceLdapRefetch) { ++ $user->processAttributes($ldapRecord); ++ } + return $username; + } catch (NotOnLDAP $e) { + $this->access->connection->writeToCache($cacheKey, false); +@@ -176,16 +180,11 @@ + * @return false|string + */ + public function checkPassword($uid, $password) { +- try { +- $ldapRecord = $this->getLDAPUserByLoginName($uid); +- } catch (NotOnLDAP $e) { +- $this->logger->debug( +- $e->getMessage(), +- ['app' => 'user_ldap', 'exception' => $e] +- ); ++ $username = $this->loginName2UserName($uid, true); ++ if(!$username) { + return false; + } +- $dn = $ldapRecord['dn'][0]; ++ $dn = $this->access->username2dn($username); + $user = $this->access->userManager->get($dn); + + if (!$user instanceof User) { +@@ -203,7 +202,6 @@ + } + + $this->access->cacheUserExists($user->getUsername()); +- $user->processAttributes($ldapRecord); + $user->markLogin(); + + return $user->getUsername(); diff --git a/patches/023-patch_getbyemail.patch b/patches/023-patch_getbyemail.patch new file mode 100644 index 0000000000000000000000000000000000000000..96fa4d4d729ea10b5efc8dc81e3bcbeda2a4f5a1 --- /dev/null +++ b/patches/023-patch_getbyemail.patch @@ -0,0 +1,29 @@ +--- lib/private/User/Manager.php 2023-02-03 17:18:44.729561986 +0530 ++++ lib/private/User/Manager-new.php 2023-02-03 17:20:18.929562546 +0530 +@@ -705,16 +705,18 @@ + * @since 9.1.0 + */ + public function getByEmail($email) { +- // looking for 'email' only (and not primary_mail) is intentional +- $userIds = $this->config->getUsersForUserValueCaseInsensitive('settings', 'email', $email); ++ $uid=$email; // get first part of email if it contains alt domain, otherwise it is just $email ++ $alt_domain = $this->config->getSystemValue('alt_mail_domain', ''); ++ $alt_domain_suffix = !empty($alt_domain) ? '@' . $alt_domain : ''; + +- $users = array_map(function ($uid) { +- return $this->get($uid); +- }, $userIds); ++ if (stristr($email, $alt_domain_suffix) !== FALSE) { ++ $uid = str_replace($alt_domain_suffix, '', $email); ++ } + +- return array_values(array_filter($users, function ($u) { +- return ($u instanceof IUser); +- })); ++ if($this->get($uid)) { ++ return([$this->get($uid)]); ++ } ++ return []; + } + + private function verifyUid(string $uid): bool { diff --git a/patches/024-reminder-service-handle-exception.patch b/patches/024-reminder-service-handle-exception.patch new file mode 100644 index 0000000000000000000000000000000000000000..ed5c276de31256020c12e42ad95d7433ca3009ec --- /dev/null +++ b/patches/024-reminder-service-handle-exception.patch @@ -0,0 +1,17 @@ +--- ./apps/dav/lib/CalDAV/Reminder/ReminderService.php 2023-03-06 21:26:20.835422901 +0530 ++++ ./apps/dav/lib/CalDAV/Reminder/ReminderService-new.php 2023-03-06 21:28:49.325422185 +0530 +@@ -143,7 +143,13 @@ + continue; + } + +- $vevent = $this->getVEventByRecurrenceId($vcalendar, $reminder['recurrence_id'], $reminder['is_recurrence_exception']); ++ try { ++ $vevent = $this->getVEventByRecurrenceId($vcalendar, $reminder['recurrence_id'], $reminder['is_recurrence_exception']); ++ } catch (MaxInstancesExceededException $e) { ++ $this->logger->debug('Recurrence with too many instances detected, skipping VEVENT', ['exception' => $e]); ++ $this->backend->removeReminder($reminder['id']); ++ continue; ++ } + if (!$vevent) { + $this->backend->removeReminder($reminder['id']); + continue; diff --git a/patches/025-optimize-get-by-email.patch b/patches/025-optimize-get-by-email.patch new file mode 100644 index 0000000000000000000000000000000000000000..7673feb2e5223680ee11cf30d8ab8f110a223187 --- /dev/null +++ b/patches/025-optimize-get-by-email.patch @@ -0,0 +1,44 @@ +From: Akhil +Date: Tue, 10 Mar 2023 10:00 +0530 +Subject: [PATCH] To optimize getByEmail as we have boundary conditions that email is unique per-user and can only match one of the two domains + +--- ./lib/private/User/Manager.php 2023-03-10 10:01:44.729561986 +0530 ++++ ./lib/private/User/Manager-new.php 2023-03-10 10:05:18.767230727 +0530 +@@ -706,11 +706,33 @@ + */ + public function getByEmail($email) { + // looking for 'email' only (and not primary_mail) is intentional +- $userIds = $this->config->getUsersForUserValueCaseInsensitive('settings', 'email', $email); ++ $mailDomain = $this->config->getSystemValue('mail_domain', ''); ++ $altMailDomain = $this->config->getSystemValue('alt_mail_domain', ''); ++ $users = []; ++ ++ if(empty($mailDomain) && empty($altMailDomain)) { ++ $userIds = $this->config->getUsersForUserValueCaseInsensitive('settings', 'email', $email); + +- $users = array_map(function ($uid) { +- return $this->get($uid); +- }, $userIds); ++ $users = array_map(function ($uid) { ++ return $this->get($uid); ++ }, $userIds); ++ } else { ++ $uid = ''; ++ $mailDomainSuffix = empty($mailDomain) ? '' : '@' . $mailDomain; ++ $altMailDomainSuffix = empty($altMailDomain) ? '' : '@' . $altMailDomain; ++ ++ if (!empty($mailDomainSuffix) && stristr($email, $mailDomainSuffix) !== FALSE) { ++ // In case of mail_domain, username is email ++ $uid = $email; ++ } else if (!empty($altMailDomainSuffix) && stristr($email, $altMailDomainSuffix) !== FALSE) { ++ // In case of alt_mail_domain, username is email without domain suffix ++ $uid = str_replace($altMailDomainSuffix, '', $email); ++ } ++ // If no match of domain, no user ++ if(!empty($uid)) { ++ $users = [$this->get($uid)]; ++ } ++ } + + return array_values(array_filter($users, function ($u) { + return ($u instanceof IUser);