The webserver lighttpd rejected POST requests without a Content-length
header with "411 Length Required".
See: https://github.com/nextcloud/desktop/issues/1473
Signed-off-by: Michael Schuster <michael@schuster.ms>
Sanitize URL paths to elaminate double-slashes in the URL path string,
used for the first connection by the account setup wizard.
Example: https://cloud.example.com/remote.php/webdav//
Signed-off-by: Michael Schuster <michael@schuster.ms>
(cherry picked from commit 67107a4f5d)
Signed-off-by: Michael Schuster <michael@schuster.ms>
There in no "return" in
PropagateUploadFileCommon::slotStartUpload in if (prevModtime != _item-
>_modtime) {... }
There is possibility that
PropagateItemJob::done(status, errorString)
maybe called two times from PropagateUploadFileCommon::slotStartUpload
1. in if (prevModtime != _item->_modtime) {... }
2. in if (fileIsStillChanging(*_item)) {..}
if changes in files are frequent the second call is possible.
This two calls has effect in PropagatorCompositeJob::slotSubJobFinished
and job is removed two times in _runningJobs.remove(i);
(the second time with argumetnt -1 (because first call removed job).
This return was removed in commit
efc039863b - by accident I think.
Good simulation is to synchronize firefox profile with frequent page
refresh.
Signed-off-by: Mariusz Wasak <mawasak@gmail.com>
Qt 5.12.4 seems to introduce a new bug on Windows, causing the settings window
to not be redrawn when re-opening it, for example by clicking at the tray icon.
As a workaround this fix starts a 100 ms timer to be fired once upon
QDialog::showEvent is called.
Signed-off-by: Michael Schuster <michael@schuster.ms>
Removes the right-click function for the "Re-open browser" buttons because
they are not intuitive for the user.
Adds a dedicated "Copy link" button.
Implements Qt 5.5 fixes based on: https://github.com/nextcloud/desktop/pull/1392
Signed-off-by: Michael Schuster <michael@schuster.ms>
MD5 has been broken for a long time now and SHA1 has been
deprecated as well. SHA1 is not used when issuing new
publicly trusted certificates since 1 January 2016[1] and
there are more and more effective attacks[2][3] against it,
so display SHA1 fingerprint only for old certificates
to encourage use of safer digests by users.
So, we display SHA-256 and SHA-512 fingerprints instead in
the common case.
[1] https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-1.6.5.pdf
[2] https://shattered.io/static/shattered.pdf
[3] https://eprint.iacr.org/2019/459.pdf
Signed-off-by: Martin Sucha <git@mm.ms47.eu>
Return value determines which theme is applied for monochrome variant.
Fixes#1276 but only when monochrome option is toggled or nc starts, not automatically when changing windows theme.
Signed-off-by: Dominique Fuchs <32204802+DominiqueFuchs@users.noreply.github.com>
Saving all client CA's within one credential may result in:
Error: "Credential size exceeds maximum size of 2560"
Client CA certificates are now being stored in separate slots
within the keychain and are being processed by a queue mechanism.
IMPORTANT TODO:
forgetSensitiveData(): Invoked by "Log out" & "Remove account"
- Remove client CA certs and KEY!
(uncomment "//deleteKeychainEntries();" )
Disabled as long as selecting another cert is not supported by the UI.
Signed-off-by: Michael Schuster <michael@schuster.ms>
The previous commit 50cd6af394 - Build a webflowcredentials
changed:
src/gui/wizard/flow2authcredspage.cpp in line 135 to use WebFlowCredentials
instead of HttpCredentials.
But the WebFlowCredentials class didn't include code to store and load SSL client
certificates and keys from the keychain.
This commit migrates the useful stuff from the old HttpCredentials class
into WebFlowCredentials.
Successfully tested on Windows. Please test on other systems and verify it's safe! :)
Signed-off-by: Michael Schuster <michael@schuster.ms>
- Implements re-auth upon logout -> login
- Improves UI and security
TODO:
- SSL: Client certificate login is possible at the first time only but missing after relaunch
Signed-off-by: Michael Schuster <michael@schuster.ms>
This is the first draft of the Login Flow V2 authorization method.
See: https://docs.nextcloud.com/server/latest/developer_manual/client_apis/LoginFlow/index.html#login-flow-v2
- Adds the Login Fĺow V2 auth method
- Adds ability to reinitiate a new request via UI
TODO:
- Implement re-auth upon logout -> login
- Improve UI
- SSL: Client certificate login is possible at the first time only but missing after relaunch
Signed-off-by: Michael Schuster <michael@schuster.ms>
`clearContents()` will leave the number of rows as is. This was causing
a segfault when trying to loop over the items of the widget.
Signed-off-by: Samir Benmendil <me@rmz.io>
It filters the error out of the list of blocking errors. It now shows up
in the Activities and Notificattions list as a warning.
Signed-off-by: Camila San <hello@camila.codes>
If the initiator or the recipient is not the current user,
show the list of sharees without any options to edit it.
Minor change: updates api to v2.
Signed-off-by: Camila San <hello@camila.codes>
The path returned from the server encodes a space in the username with `+` and if the username contains a `+` sign it is encoded as `%2B` (cf. https://www.php.net/manual/function.urlencode.php).
Fix: Don't (double) decode the URL path and then replace `+` with space (introduced in issue #279 resp. commit 9ec61a84ce). Instead first replace `+` with space, then decode percent encoding.
Tested with a username containing a space, a username containing a `+`sign and a username containing just A-Za-z0-9- (with Nextcloud 16).
(fixes issue #1266)
Signed-off-by: Sven Strickroth <email@cs-ware.de>
- Text changed to "Enable..." instead of "Setup"
- The close icon follows NC style
- "end-to-end" instead of "end to end"
Signed-off-by: Ivan Čukić <ivan.cukic@kde.org>
Instead of immediately popping up the mnemonic dialogue,
only show a notification bar on the account setup page.
For the cases where the user does not want to use E2E,
this is significantly less intrusive than the old approach.
This is a quick hack to make self signed certificates work.
I'm not to fond of it the real solution should be to request the url
with QNAM and then see if it fails.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
I must admit why this works is puzzling me. However if I just use a system
proxy without this it doesn't work. I suspect a Qt bug but will have to
dig deeper to find out if that is the case.
For now this little hack will have to do.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Stylesheet String was not correctly defined (missing ";" after "%2") and caused an error in logging output.
After checking the fixed Style I removed it since it does not really look good.
We should stop fetching the moment the activity stream is empty when
fetched. It doesn't matter if the current list is empty.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
For #566
Since we only showed the user exclude list (and some extra items) the
system exclude list was still used.
This copies over the system exclude list (if it isn't there).
If it fails we use the system one still.
However if you now remove items from your own list it will really be
gone.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Fixes#788Fixes#834
If the activity app is not enabled we should not try to fetch the
activities at all.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
NOTE: The progress indicator is temporarily moved one line up to avoid
inserting it on its own line, which would cause the content pushed down
and the dialog size jump back and forth.
Remove hard-coded fixed sizes, size constraints, and other unnecessary
property assignments. This works with any dialog width, meaning that
the width can be defined in one place higher up in the widget hierachy.
SettingsDialog::accountAdded() uses the height of the toolbar to
calculate the desired default size for toolbuttons. Make sure to have
the "General" and "Network" tool buttons in place before calling
accountAdded() to avoid cramped first button.
