Changes in 1.15.0

Summary

• Bugfix - Don't allow empty password: #197
• Bugfix - Fix basic auth config: #2719
• Bugfix - Fix basic auth with custom user claim: #2755
• Bugfix - Fix oCIS startup ony systems with IPv6: #2698
• Bugfix - Fix opening images in media viewer for some usernames: #2738
• Bugfix - Fix error logging when there is no thumbnail for a file: #2702
• Bugfix - Don't announce resharing via capabilities: #2690
• Change - Make all insecure options configurable and change the default to false: #2700
• Change - Update ownCloud Web to v4.5.0: #2780
• Enhancement - Add API to list all spaces: #2692
• Enhancement - Update REVA to v1.16.0: #2737

Details

• Bugfix - Don't allow empty password: #197

  It was allowed to create users with empty or spaces-only password. This is fixed

  owncloud/product#197

• Bugfix - Fix basic auth config: #2719

  Users could authenticate using basic auth even though PROXY_ENABLE_BASIC_AUTH was set to
  false.

  #2466
  #2719

• Bugfix - Fix basic auth with custom user claim: #2755

  We've fixed authentication with basic if oCIS is configured to use a non-standard claim as user
  claim (PROXY_USER_OIDC_CLAIM). Prior to this bugfix the authentication always failed and
  is now working.

  #2755

• Bugfix - Fix oCIS startup ony systems with IPv6: #2698

  We've fixed failing startup of oCIS on systems with IPv6 addresses.

  #2300
  #2698

• Bugfix - Fix opening images in media viewer for some usernames: #2738

  We've fixed the opening of images in the media viewer for user names containing special
  characters (eg. @) which will be URL-escaped. Before this fix users could not see the image in
  the media viewer. Now the user name is correctly escaped and the user can view the image in the
  media viewer.

  #2738

• Bugfix - Fix error logging when there is no thumbnail for a file: #2702

  We've fixed the behavior of the logging when there is no thumbnail for a file (because the
  filetype is not supported for thumbnail generation). Previously the WebDAV service always
  issues an error log in this case. Now, we don't log this event any more.

  #2702

• Bugfix - Don't announce resharing via capabilities: #2690

  OCIS / Reva is not capable of resharing, yet. We've set the resharing capability to false, so
  that clients have a chance to react accordingly.

  #2690

• Change - Make all insecure options configurable and change the default to false: #2700

  We had several hard-coded 'insecure' flags. These options are now configurable and default to
  false. Also we changed all other 'insecure' flags with a previous default of true to false.

  In development environments using self signed certs (the default) you now need to set these
  flags:

  STORAGE_FRONTEND_ARCHIVER_INSECURE=true STORAGE_FRONTEND_OCDAV_INSECURE=true
  STORAGE_HOME_DATAPROVIDER_INSECURE=true
  STORAGE_METADATA_DATAPROVIDER_INSECURE=true STORAGE_OIDC_INSECURE=true
  STORAGE_USERS_DATAPROVIDER_INSECURE=true THUMBNAILS_CS3SOURCE_INSECURE=true
  THUMBNAILS_WEBDAVSOURCE_INSECURE=true ```
  
  As an alternative you also can set a single flag, which configures all options together:
  
  ``` OCIS_INSECURE=true ```
  
  https://github.com/owncloud/ocis/issues/2700
  https://github.com/owncloud/ocis/pull/2745
  
  

• Change - Update ownCloud Web to v4.5.0: #2780

  Tags: web

  We updated ownCloud Web to v4.5.0. Please refer to the changelog (linked) for details on the web
  release.

  #2780
  https://github.com/owncloud/web/releases/tag/v4.5.0

• Enhancement - Add API to list all spaces: #2692

  Added a graph endpoint to enable users with the list-all-spaces permission to list all
  spaces.

  #2692

• Enhancement - Update REVA to v1.16.0: #2737

  Updated REVA to v1.16.0 This update includes:

  • Fix cs3org/reva#2245: Don't announce search-files capability
  • Fix cs3org/reva#2247: Merge user ACLs from EOS to sys ACLs
  • Fix cs3org/reva#2279: Return the inode of the version folder for files when listing in EOS
  • Fix cs3org/reva#2294: Fix HTTP return code when path is invalid
  • Fix cs3org/reva#2231: Fix share permission on a single file in sql share driver (cbox pkg)
  • Fix cs3org/reva#2230: Fix open by default app and expose default app
  • Fix cs3org/reva#2265: Fix nil pointer exception when resolving members of a group (rest driver)
  • Fix cs3org/reva#1214: Fix restoring versions
  • Fix cs3org/reva#2254: Fix spaces propfind
  • Fix cs3org/reva#2260: Fix unset quota xattr on darwin
  • Fix cs3org/reva#5776: Enforce permissions in public share apps
  • Fix cs3org/reva#2767: Fix status code for WebDAV mkcol requests where an ancestor is missing
  • Fix cs3org/reva#2287: Add public link access via mount-ID:token/relative-path to the scope
  • Fix cs3org/reva#2244: Fix the permissions response for shared files in the cbox sql driver
  • Enh cs3org/reva#2219: Add virtual view tests
  • Enh cs3org/reva#2230: Add priority to app providers
  • Enh cs3org/reva#2258: Improved error messages from the AppProviders
  • Enh cs3org/reva#2119: Add authprovider owncloudsql
  • Enh cs3org/reva#2211: Enhance the cbox share sql driver to store accepted group shares
  • Enh cs3org/reva#2212: Filter root path according to the agent that makes the request
  • Enh cs3org/reva#2237: Skip get user call in eosfs in case previous ones also failed
  • Enh cs3org/reva#2266: Callback for the EOS UID cache to retry fetch for failed keys
  • Enh cs3org/reva#2215: Aggregrate resource info properties for virtual views
  • Enh cs3org/reva#2271: Revamp the favorite manager and add the cbox sql driver
  • Enh cs3org/reva#2248: Cache whether a user home was created or not
  • Enh cs3org/reva#2282: Return a proper NOT_FOUND error when a user or group is not found
  • Enh cs3org/reva#2268: Add the reverseproxy http service
  • Enh cs3org/reva#2207: Enable users to list all spaces
  • Enh cs3org/reva#2286: Add trace ID to middleware loggers
  • Enh cs3org/reva#2251: Mentix service inference
  • Enh cs3org/reva#2218: Allow filtering of mime types supported by app providers
  • Enh cs3org/reva#2213: Add public link share type to propfind response
  • Enh cs3org/reva#2253: Support the file editor role for public links
  • Enh cs3org/reva#2208: Reduce redundant stat calls when statting by resource ID
  • Enh cs3org/reva#2235: Specify a list of allowed folders/files to be archived
  • Enh cs3org/reva#2267: Restrict the paths where share creation is allowed
  • Enh cs3org/reva#2252: Add the xattr sys.acl to SysACL (eosgrpc)
  • Enh cs3org/reva#2239: Update toml configs

  #2737
  #2726
  #2790
  #2797