From 98b489d13856f08f42660a66cf979a3b65fef728 Mon Sep 17 00:00:00 2001
From: Akhil <akhil.potukuchi@gmail.com>
Date: Fri, 18 Mar 2022 11:29:13 +0000
Subject: [PATCH] Revert "Merge branch 'privacy-fixes-patch' into 'nc-21'"

This reverts merge request !68
---
 .gitlab-ci.yml                         |  49 +-----
 Dockerfile                             | 207 ++++++++++++++++++-------
 README.md                              |  11 --
 patches/002-login-without-domain.patch |   2 +-
 patches/011-privacy-settings.patch     |  57 ++-----
 5 files changed, 168 insertions(+), 158 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 3e0a8000..1e9fa46e 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -10,56 +10,23 @@ default:
   services:
     - docker:19.03.12-dind
   before_script:
+    - docker info
     - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
   tags:
     - generic_privileged
 
 build-branch:
+  except:
+    - tags
   stage: build
-  variables:
-    TARGET: ecloud
-  rules:
-    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
-      when: never
-    - if: $CI_COMMIT_TAG != null
-      when: never
-    - if: $CI_COMMIT_REF_SLUG =~ /^selfhost/
-      variables:
-        TARGET: "selfhost"
-    - if: $CI_COMMIT_REF_SLUG != null
-      when: on_success
-  allow_failure: true
   script:
-    - echo "TARGET $TARGET, BRANCH $CI_COMMIT_BRANCH, COMMIT_REF_SLUG $CI_COMMIT_REF_SLUG, COMMIT_TAG $CI_COMMIT_TAG"
-    - docker build --target $TARGET  --pull -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG" .
+    - docker build --pull -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG" .
     - docker push "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"
 
 build-tag:
+  only:
+    - tags
   stage: build
-  variables:
-    TARGET: ecloud
-  allow_failure: true
-  rules:
-    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
-      when: never
-    - if: $CI_COMMIT_TAG == null
-      when: never
-    - if: $CI_COMMIT_REF_SLUG =~ /^selfhost/
-      variables:
-        TARGET: "selfhost"
-    - if: $CI_COMMIT_TAG != null
-      when: on_success
   script:
-    - echo "TARGET $TARGET, BRANCH $CI_COMMIT_BRANCH, COMMIT_REF_SLUG $CI_COMMIT_REF_SLUG, COMMIT_TAG $CI_COMMIT_TAG"
-    - docker build --target $TARGET  --pull -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG" .
-    - docker push "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"
-
-docker-tag:
-  stage: .post
-  rules:
-    - when: manual
-  script:
-    - echo "SOURCE $SOURCE, TARGET $TARGET"
-    - docker pull $CI_REGISTRY_IMAGE:$SOURCE
-    - docker tag $CI_REGISTRY_IMAGE:$SOURCE $CI_REGISTRY_IMAGE:$TARGET
-    - docker push $CI_REGISTRY_IMAGE:$TARGET
\ No newline at end of file
+    - docker build --pull -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_TAG" .
+    - docker push "$CI_REGISTRY_IMAGE:$CI_COMMIT_TAG"
diff --git a/Dockerfile b/Dockerfile
index 941b735d..d06aae4e 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,13 +1,14 @@
-FROM nextcloud:20.0.12-fpm as base
+FROM nextcloud:21.0.9-fpm AS nextcloud
 ARG BASE_DIR="/usr/src/nextcloud"
-ARG THEME_VERSION="20.1.3"
-ARG THEME_HELPER_VERSION="1.0.1"
-ARG NEWS_VERSION="16.0.1"
-ARG QUOTA_WARN_VERSION="1.9.1"
-ARG NOTES_VERSION="4.1.1"
-ARG CONTACTS_VERSION="4.0.1"
-ARG CALENDAR_VERSION="2.3.3"
-ARG USER_BACKEND_RAW_SQL_VERSION="1.1.0"
+ARG TMP_PATCH_DIR="/tmp/build_patches"
+ARG THEME_VERSION="21.1.1"
+ARG THEME_HELPER_VERSION="1.0.2"
+ARG NEWS_VERSION="17.0.1"
+ARG QUOTA_WARN_VERSION="1.13.0"
+ARG NOTES_VERSION="4.3.1"
+ARG CONTACTS_VERSION="4.0.8"
+ARG CALENDAR_VERSION="3.1.0"
+ARG USER_BACKEND_RAW_SQL_VERSION="1.1.1"
 ARG EMAIL_RECOVERY_JOB_ID="199763"
 ARG RAINLOOP_VERSION="7.1.2"
 ARG RAINLOOP_COMMIT_SHA="e9da581c"
@@ -15,10 +16,7 @@ ARG EA_TAG="1.0.0"
 ARG ECLOUD_LAUNCHER_JOB_ID="222001"
 ARG GOOGLE_INTEGRATION_VERSION="1.0.6"
 
-RUN mkdir -p /var/www/skeleton/Documents && mkdir -p /var/www/skeleton/Images
-COPY custom_entrypoint.sh /
-RUN chmod +x /custom_entrypoint.sh
-RUN sed -i 's/20,0,12,1/20,0,12,17/' ${BASE_DIR}/version.php
+RUN sed -i 's/21,0,9,1/21,0,9,4/' ${BASE_DIR}/version.php
 
 # Install unzip for unzipping artifacts
 RUN apt-get update && apt-get install unzip 
@@ -97,62 +95,23 @@ RUN apt-get -y remove unzip
 # force eCloud theme not to be disabled even when there is an upgrade process launched
 RUN sed -i "s/\$systemConfig->setValue('theme', '');/\$systemConfig->setValue('theme', 'eCloud');/g" ${BASE_DIR}/lib/base.php
 
-# fix min version of google data migration app
-RUN sed -i "s/min-version=\"22\"/min-version=\"20\"/" ${BASE_DIR}/custom_apps/integration_google/appinfo/info.xml
-
-# Remove colored background from email template logo
-RUN sed -i 's/$this->header, \[$this->themingDefaults->getColorPrimary()/$this->header, \["none"/' ${BASE_DIR}/lib/private/Mail/EMailTemplate.php
-
-# Ignore OS dark mode for all users
-# Don't use user-specific dark theme css for non-logged in users
-RUN sed -i 's/OCA.Accessibility.theme="dark"/OCA.Accessibility.theme="light"/' ${BASE_DIR}/apps/accessibility/js/accessibilityoca.js
-RUN sed -i "s/$userValues = \['dark'\]/$userValues = \[\]/" ${BASE_DIR}/apps/accessibility/lib/Controller/AccessibilityController.php
-
-# Custom theme
-RUN curl -fsSL -o eCloud-theme.tar.gz \
-    "https://gitlab.e.foundation/e/infra/nextcloud-theme/-/archive/${THEME_VERSION}/nextcloud-theme-${THEME_VERSION}.tar.gz" && \
-    tar -xf eCloud-theme.tar.gz -C /tmp/ && \
-    mv /tmp/nextcloud-theme-${THEME_VERSION}/ ${BASE_DIR}/themes/eCloud && \
-    chown -R www-data:www-data ${BASE_DIR}/themes/eCloud/ && \
-    rm -rf eCloud-theme.tar.gz ${BASE_DIR}/themes/example/
-
-# Replace "Get your own free account" NC link with /e/ Account link in public pages
-RUN sed -i 's/https:\/\/nextcloud.com\/signup\//https:\/\/e\.foundation\/<?php p(\$_\[\x27language\x27\]); ?>\/e-email-invite\//' ${BASE_DIR}/core/templates/layout.public.php 
-
-ENTRYPOINT ["/custom_entrypoint.sh"]
-CMD ["php-fpm"]
-
-
-FROM base as selfhost
-ARG BASE_DIR="/usr/src/nextcloud"
-ARG TMP_PATCH_DIR="/tmp/build_patches"
-
-COPY patches/ ${TMP_PATCH_DIR}/
-
 # Patches
 COPY patches/ ${TMP_PATCH_DIR}/
 RUN patch -u ${BASE_DIR}/core/Controller/LoginController.php -i ${TMP_PATCH_DIR}/002-login-without-domain.patch
+RUN patch -u ${BASE_DIR}/core/templates/layout.user.php -i ${TMP_PATCH_DIR}/003-contact-search-removal.patch
+RUN patch -u ${BASE_DIR}/core/Controller/ContactsMenuController.php -i ${TMP_PATCH_DIR}/004-contact-search-controller-removal.patch
+RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-core.patch
+RUN cd ${BASE_DIR}/custom_apps && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-custom-app.patch
 RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/006-recovery-email-changes.patch
 RUN patch -u ${BASE_DIR}/apps/settings/lib/Settings/Personal/ServerDevNotice.php -i ${TMP_PATCH_DIR}/007-remove-dev-notice.patch
 RUN patch -u ${BASE_DIR}/lib/private/Template/IconsCacher.php -i ${TMP_PATCH_DIR}/008-icons-cacher-theme-svgs.patch
 RUN patch -u ${BASE_DIR}/core/Controller/SvgController.php -i ${TMP_PATCH_DIR}/008-svg-controller-theme-svgs.patch
 RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/009-help-links.patch
-RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/011-privacy-settings.patch
-RUN rm -rf ${TMP_PATCH_DIR}
-
-FROM selfhost as ecloud
-ARG BASE_DIR="/usr/src/nextcloud"
-ARG TMP_PATCH_DIR="/tmp/build_patches"
-
-COPY patches/ ${TMP_PATCH_DIR}/
-
-# Privacy specific patches
-RUN patch -u ${BASE_DIR}/core/templates/layout.user.php -i ${TMP_PATCH_DIR}/003-contact-search-removal.patch
-RUN patch -u ${BASE_DIR}/core/Controller/ContactsMenuController.php -i ${TMP_PATCH_DIR}/004-contact-search-controller-removal.patch
-RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-core.patch
-RUN cd ${BASE_DIR}/custom_apps && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-custom-app.patch
 RUN patch -u ${BASE_DIR}/lib/private/Updater.php -i ${TMP_PATCH_DIR}/010-disable-app-store-upgrade.patch
+RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/011-privacy-settings.patch
 RUN cd ${BASE_DIR} && patch -u ${BASE_DIR}/apps/dashboard/lib/Controller/DashboardController.php -i ${TMP_PATCH_DIR}/012-remove-user-status-widget.patch
+RUN patch -u ${BASE_DIR}/lib/private/Authentication/Token/PublicKeyTokenProvider.php -i ${TMP_PATCH_DIR}/013-revert-token-password-update.patch
+RUN rm -rf ${TMP_PATCH_DIR}
 
 # autocomplete leak tweak apps frontend with sed, disable group suggestion
 
@@ -163,4 +122,132 @@ RUN cd ${BASE_DIR}/custom_apps/calendar && sed -i 's/{name:\[a,"displayname"\]},
 
 # Set default widgets to calendar, tasks and notes
 RUN sed -i 's/recommendations,spreed,mail,calendar/calendar,tasks,notes/' ${BASE_DIR}/apps/dashboard/lib/Controller/DashboardController.php
-RUN rm -rf ${TMP_PATCH_DIR}
+
+# Remove colored background from email template logo
+RUN sed -i 's/$this->header, \[$this->themingDefaults->getColorPrimary()/$this->header, \["none"/' ${BASE_DIR}/lib/private/Mail/EMailTemplate.php
+
+# fix min version of google data migration app
+RUN sed -i "s/min-version=\"22\"/min-version=\"21\"/" ${BASE_DIR}/custom_apps/integration_google/appinfo/info.xml
+RUN sed -i 's/ in Nextcloud/ /' ${BASE_DIR}/custom_apps/integration_google/js/integration_google-personalSettings.js
+RUN sed -i 's/Nextcloud administrator/administrator/' ${BASE_DIR}/custom_apps/integration_google/js/integration_google-personalSettings.js
+
+# Custom theme
+RUN curl -fsSL -o eCloud-theme.tar.gz \
+    "https://gitlab.e.foundation/e/infra/nextcloud-theme/-/archive/${THEME_VERSION}/nextcloud-theme-${THEME_VERSION}.tar.gz" && \
+    tar -xf eCloud-theme.tar.gz -C /tmp/ && \
+    mv /tmp/nextcloud-theme-${THEME_VERSION}/ ${BASE_DIR}/themes/eCloud && \
+    chown -R www-data:www-data ${BASE_DIR}/themes/eCloud/ && \
+    rm -rf eCloud-theme.tar.gz ${BASE_DIR}/themes/example/
+
+# Replace "Get your own free account" NC link with /e/ Account link in public pages
+RUN sed -i 's/https:\/\/nextcloud.com\/signup\//https:\/\/e\.foundation\/<?php p(\$_\[\x27language\x27\]); ?>\/e-email-invite\//' ${BASE_DIR}/core/templates/layout.public.php 
+
+# Use php 8 image
+FROM php:8.0.12-fpm-bullseye
+RUN mkdir -p /var/www/skeleton/Documents && mkdir -p /var/www/skeleton/Images
+
+# Copy all the required files from the nextcloud stage
+COPY --from=nextcloud /usr/src/nextcloud /usr/src/nextcloud
+COPY --from=nextcloud /usr/local/etc/php/conf.d/ /usr/local/etc/php/conf.d/
+COPY --from=nextcloud /*.sh /
+COPY --from=nextcloud /upgrade.exclude /
+COPY --from=nextcloud /var/spool/cron/crontabs /var/spool/cron/crontabs
+COPY --from=nextcloud /entrypoint.sh /
+
+# Copy entrypoints and add correct permissions
+COPY custom_entrypoint.sh /
+RUN chmod +x /custom_entrypoint.sh
+RUN chmod +x /entrypoint.sh
+
+# Install required dependencies of nextcloud
+RUN set -ex; \
+    \
+    apt-get update; \
+    apt-get install -y --no-install-recommends \
+        rsync \
+        bzip2 \
+        busybox-static \
+        libldap-common \
+    ; \
+    rm -rf /var/lib/apt/lists/*;
+
+# install the PHP extensions we need
+# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
+ENV PHP_MEMORY_LIMIT 512M
+ENV PHP_UPLOAD_LIMIT 512M
+RUN set -ex; \
+    \
+    savedAptMark="$(apt-mark showmanual)"; \
+    \
+    apt-get update; \
+    apt-get install -y --no-install-recommends \
+        libcurl4-openssl-dev \
+        libevent-dev \
+        libfreetype6-dev \
+        libicu-dev \
+        libjpeg-dev \
+        libldap2-dev \
+        libmcrypt-dev \
+        libmemcached-dev \
+        libpng-dev \
+        libpq-dev \
+        libxml2-dev \
+        libmagickwand-dev \
+        libzip-dev \
+        libwebp-dev \
+        libgmp-dev \
+    ; \
+    \
+    debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \
+    docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \
+    docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \
+    docker-php-ext-install -j "$(nproc)" \
+        bcmath \
+        exif \
+        gd \
+        intl \
+        ldap \
+        opcache \
+        pcntl \
+        pdo_mysql \
+        pdo_pgsql \
+        zip \
+        gmp \
+    ; \
+    \
+# pecl will claim success even if one install fails, so we need to perform each install separately
+    pecl install APCu-5.1.21; \
+    pecl install memcached-3.1.5; \
+    pecl install redis-5.3.4; \
+    pecl install imagick-3.5.1; \
+    \
+    docker-php-ext-enable \
+        apcu \
+        memcached \
+        redis \
+        imagick \
+    ; \
+    rm -r /tmp/pear; \
+    \
+# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
+    apt-mark auto '.*' > /dev/null; \
+    apt-mark manual $savedAptMark; \
+    ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
+        | awk '/=>/ { print $3 }' \
+        | sort -u \
+        | xargs -r dpkg-query -S \
+        | cut -d: -f1 \
+        | sort -u \
+        | xargs -rt apt-mark manual; \
+    \
+    apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; 
+
+# Install imagemagick
+RUN apt-get -y install imagemagick;\
+    rm -rf /var/lib/apt/lists/*;
+
+VOLUME /var/www/html
+ENV NEXTCLOUD_VERSION 21.0.9
+
+ENTRYPOINT ["/custom_entrypoint.sh"]
+CMD ["php-fpm"]
diff --git a/README.md b/README.md
index 684b091f..16d13869 100644
--- a/README.md
+++ b/README.md
@@ -61,14 +61,3 @@ We suggest you use our [ecloud-selfhosting](https://gitlab.e.foundation/e/infra/
 ## Contributing
 
 Anyone can fork a project on our GitLab instance, but to prevent abuse it's disabled by default. Get in touch with us [by e-mail](mailto:join@e.email) or through our support channels and we will let you create a fork and submit MRs.
-
-## Pipeline-Jobs
-
-By default pipeline builds image based on $CI_COMMIT_REF_SLUG. Any branch or tag starting with `selfhost` will build an image for selfhost target. And in all other cases image is built for `ecloud` target. The image is tagged with $CI_COMMIT_REF_SLUG and pushed to registry
-
-
-**Re-tagging**
-
-There is a provision to create a new tag from an existing image by simply running docker-tag job (manual action). It requires two input parameters, SOURCE and TARGET.
-
-Example: To publish a given image to production you can tag ecloud-21.x.x as ecloud-production, we just have to run `docker-tag` job by providing `SOURCE: ecloud-20.12.10` `TARGET: ecloud-production`. Ref : [this job](https://gitlab.e.foundation/e/infra/ecloud/nextcloud/-/jobs/219782)
\ No newline at end of file
diff --git a/patches/002-login-without-domain.patch b/patches/002-login-without-domain.patch
index 477bd803..6e670628 100644
--- a/patches/002-login-without-domain.patch
+++ b/patches/002-login-without-domain.patch
@@ -17,7 +17,7 @@ diff --git files/LoginController.php files/LoginController-new.php
 +		$user = mb_strtolower($user, 'UTF-8');
 +		$domain = $this->config->getSystemValue("mail_domain");
 +		$domain_suffix = "@$domain";
-+		$admin_username = mb_strtolower($_ENV["NEXTCLOUD_ADMIN_USER"], 'UTF-8');
++		$admin_username = $_ENV["NEXTCLOUD_ADMIN_USER"];
 +		if (stristr($user, $domain_suffix) === FALSE && strcmp($user, $admin_username) != 0) {
 +			$user = $user . $domain_suffix;
 +		}
diff --git a/patches/011-privacy-settings.patch b/patches/011-privacy-settings.patch
index 7fb8225c..dfb46a59 100644
--- a/patches/011-privacy-settings.patch
+++ b/patches/011-privacy-settings.patch
@@ -40,54 +40,21 @@ This patch removes certain unnecessary sections from the "privacy" section in pe
  	<h3><?php p($l->t('Who has access to your data?')) ?></h3>
  	<h4><?php p($l->t('Administrators')); ?></h4>
 
---- ./apps/privacy/templates/who-has-access.php	2022-03-17 16:48:46.124670200 +0530
-+++ ./apps/privacy/templates/who-has-access-new.php	2022-03-17 16:41:15.624670200 +0530
-@@ -4,20 +4,27 @@
- ?>
+--- ./apps/privacy/templates/who-has-access.php	2022-03-10 18:22:26.498511800 +0530
++++ ./apps/privacy/templates/who-has-access-new.php	2022-03-10 18:16:10.028511800 +0530
+@@ -5,11 +5,13 @@
  
  <div id="themes" class="section">
--	<h3><?php p($l->t('Who has access to your data?')) ?></h3>
+ 	<h3><?php p($l->t('Who has access to your data?')) ?></h3>
 -	<h4><?php p($l->t('Administrators')); ?></h4>
 -	<div id="privacy_access_admins"></div>
-+    <h3><?php p($l->t('Who has access to your data?')) ?></h3>
-+    <h4><?php p($l->t('People you shared documents or folders with')) ?>:</h4>
-+    <div id="privacy_access_shares"></div>
-+    <p>&nbsp;</p>
-+    <p><?php p($l->t('Like in most cloud services, a reduced number of administrators can see your files and all the information in the database as they need to make backups, perform upgrades, reset passwords, etc.')); ?>
-+    </p>
-+    <p><a href="https://doc.e.foundation/support-topics/services#can-the-ecloud-admin-access-my-data" target="_blank"
-+            title="" rel="noreferrer noopener"><?php p($l->t('Learn more about this topic here.')); ?> ↗</a>
-+    </p>
++	
  
--	<h4><?php p($l->t('People you shared with')) ?></h4>
--	<div id="privacy_access_shares"></div>
-+    <?php if (!empty($_['privacyPolicyUrl'])): ?>
-+    <h4><?php p($l->t('Privacy policy')) ?></h4>
-+    <p>
-+        <a href="<?php print_unescaped($_['privacyPolicyUrl']) ?>"><?php p($l->t('Read the privacy policy.')) ?></a>
-+    </p>
-+    <?php endif; ?>
+ 	<h4><?php p($l->t('People you shared with')) ?></h4>
+ 	<div id="privacy_access_shares"></div>
++	<h4><?php p($l->t('Administrators')); ?></h4>
++	<p><?php p($l->t('Like in most cloud services, administrators can see your files and all the information in the database as they need to make backups, perform upgrades, reset passwords, etc.')); ?></p>
++	<p><a href="https://doc.e.foundation/support-topics/services#can-the-ecloud-admin-access-my-data" target="_blank" title="" rel="noreferrer noopener"><?php p($l->t('Learn more about this topic here.')); ?> ↗</a></p>
  
--	<?php if (!empty($_['privacyPolicyUrl'])): ?>
--	<h4><?php p($l->t('Privacy policy')) ?></h4>
--	<p>
--		<a href="<?php print_unescaped($_['privacyPolicyUrl']) ?>"><?php p($l->t('Read the privacy policy.')) ?></a>
--	</p>
--	<?php endif; ?>
--
--	<h4><?php p($l->t('Encryption')) ?></h4>
--	<div id="privacy_access_encryption"></div>
--</div>
-+    <h4><?php p($l->t('Encryption')) ?></h4>
-+    <p>
-+        <a href="https://nextcloud.com/blog/encryption-in-nextcloud/" target="_blank" title=""
-+            rel="noreferrer noopener"><?php p($l->t('To protect your data, we have implemented server-side-encryption on our servers which hides by default the content of your files and notes even to these administrators.')); ?>
-+            ↗</a>
-+    </p>
-+</div>
-\ No newline at end of file
-
-
-
-
-
+ 	<?php if (!empty($_['privacyPolicyUrl'])): ?>
+ 	<h4><?php p($l->t('Privacy policy')) ?></h4>
-- 
GitLab