10.1 - Changelog Test Results

[davitol]

Changelog

All notable changes to this project will be documented in this file.

Items based on https://github.com/owncloud/core/blob/stable10/CHANGELOG.md

[Unreleased]

Added

• Allow loading JSON files in setups with pretty URLs - #32835 @davitol phoenix.owncloud.com is running this patch and it works
• Support global CORS domains for public pages - #33139 @davitol phoenix.owncloud.com is running this patch and it works
• New tag scope "static tags", editable but not assignable - #33420 @davitol See test steps in the following comment: [stable10] Backport of new tag editable added to systemtag #33420 (comment) Issues related: Static tags are shown in the searchbox "Select tags to filter by" even when they do not belong to the user's group #34002 https://github.com/owncloud/systemtags_management/issues/40
• Added "getBucket" method to HomeObjectStore to fix S3 issue - #33513 @davitol Tests steps in: transfer ownership of shared files deletes the share files_primary_s3#152 (comment)

Changed

• Set shipped apps max version to 10 in preparation for Semver switch - #33496 @davitol Tested: Quick OC check and see that files app still displays all sidebar tabs which means the apps were loaded correctly. Increase version.php and check that occ upgrade is not confused by max-version.
• Disable browser autocomplete for password fields - #32590 @davitol Test steps: Check with Browser Developer tools that autocomplete field is set to "off"
• Bump punic 3.1.0 => 3.2.0 - #33462 @davitol CI tests works
• Bump symfony/polyfill components v1.9.0 => v1.10.0 - #33377 @davitol Not related to the release
• Bump symfony/translation from 3.4.17 to 3.4.18 - #33429 Translations keeps working
• Bump jakub-onderka/php-console-highlighter from 0.3.2 to 0.4 - #32944 => not related to released code @PVince81
• Bump handlebars from 4.0.11 to 4.0.12 in /build - #32661 => handlebars template are used in versions sidebar and that worked fine @PVince81
• Bump sinon from 6.2.0 to 7.1.1 - #32825 #33073 #33306 #33373 => not related to released code @PVince81
• Bump league/flysystem from 1.0.46 to 1.0.48 - #33199 => change will not affect OC. unit tests prove that ext storage still works @PVince81
• Bump composer/xdebug-handler to 1.3.0 - #32977 => not related to released code @PVince81
• Bump sabre/dav from 3.2.2 to 3.2.3 - #33276 => see PROPFIND infinity fix test result
• Bump friendsofphp/php-cs-fixer (v2.13.0 => v2.13.1) - #33290 => not related to released code @PVince81

Removed

• Deprecate Sharing 1.0 APIs which will be removed in ownCloud 11 - #33220 @davitol Test steps: a) Quick test in the web UI, sharing still seems to work, so does "unshare from self". b) Retest fed sharing. Tested 10.1 <-> 10.0.9 using HTTP and 'sharing.federation.allowHttpFallback' => true,in config.php

Fixed

• Fix for some upgrade path that led to DAV tables missing bigint conversion - #33603 @davitol Test steps: Setup OC from scratch and check that every id column of the affected tables now appears as BIGINT on MySQL. List of tables checked here: Columns that used to be bigint are int in some setup scenarios #32555 (comment)
• Fix checksum verify command verbose mode and path argument handling - #33610 Test result: https://github.com/owncloud/enterprise/issues/2952#issuecomment-451145760
• Fix form to enter initial password to properly display error message - #33453 @davitol Test steps detailed in [stable10] Display error message in new password form #33453 (comment)
• File cache corruption check now only reports storage id once - #33539 Unit test
• Fix escaping of public share names - #33419 @davitol Test steps from [stable10] Backport of Escape urlencoding of strings to allow them re… #33419 (comment)
• Update config.sample.php to fix a broken link - #33518 @davitol Test: Check new tocker page url and the quotes are now in config.sample.php file. Tocker URL works fine
• Add "uid" argument to Symfony login events for consistency - #33470 @davitol Test steps: add line \OC::$server->getLogger()->warning('I am here with uid = ' . $params['uid'] . ' post login'); To see if the uid is passed via symfony events in the method post_login(), after line https://github.com/owncloud/admin_audit/blob/master/handlers/session.php#L55
• Prevent deletion of calendar group shares during cleanup - #33394 @davitol Test steps: Deleting Calendar Sharing #33216 (comment)
• Fix upload avatar for LDAP users - #33369 @davitol Test: Configure an LDAP backend in oC, log in with an LDAP user and upload an avatar via webUI
• Fix double escaping in email subject - #33342 @davitol Test: Create a file called !@£$%^&*()_.txt and share it, notify by email. Check escaping in email.
• Add missing type hints in code - #33314 @davitol Test: Test success in Drone, fixed https://drone.owncloud.com/owncloud/core/12056/107
• Increase versions list performance by ignoring shared storages - #33291 @davitol Automated tests
• Fix PROPFIND with Depth infinity requests through Sabre update - #28341 PropFind depth 3 and check it works??
• Adjust "has never logged in" text in occ command - #33275 @davitol Test steps: Wording of "User has never logged in" #33268 (comment)
• Don't remove temporary file on failure when creating office file preview - #33234 @davitol Test steps: Don't remove temp file on fail when creating office preview #33232 (comment)
• Warning log about oc_readonly storage wrapper is now logged in debug level - #33212 @davitol Test steps: "Storage wrapper" message no longer appears in warning level but it appears in debug level
• Fix occ encrypt-all command to not attempt re-encrypting already encrypted files - #33206 @davitol Test steps: Encrypt-all should not touch already encrypted files encryption#52 (comment)
• Register areCredentialsValid as a sensitive logging method - #32713 @davitol Test steps: connect oC to ldap and cut the connection to the ldap server and try to log in. Check in the owncloud.log that the pwd is not shown OC\\\\User\\\\Session->loginWithPassword(*** sensitive parameters replaced ***)\\n#12 \\\/var\\\/www\\\/owncloud\\\/core\\\/Controller\\\/LoginController.php(203): OC\\\\User\\\\Session->login(*** sensitive parameters replaced ***)
• Deletion of user now also updates storages applicable fields - #32906 @davitol Test steps: [10.0.10RC1] Deleting user doesn't delete them from external storages #32637 (comment)
• Blacklist the method "setPassword" in stack traces - #33176 @davitol Test steps: connect oC to ldap and cut the connection to the ldap server and try to log in. Check in the owncloud.log that the pwd is not shown
• Fix wording in occ command help - #33179 @davitol Test: run occ app:list --help and the command output is like the one shown in Remove default is plain from occ command help #33169 (comment)
• Fix preLogin hook parameter inconsistencies - #33185 @davitol *Unit test in the PR

[ownclouders]

GitMate.io thinks the contributors most likely able to help are @ownclouders, and @PVince81.

Possibly related issues are #32566 (10.0.10 - Changelog Test Results), #22492 (test), #22485 (test), #31579 (test), and #30152 (Testing 10.0.5RC3 Changelog).

[PVince81]

• persistent locking backend + frontend 🤖
• OCM 🤖

[PVince81]

edited by @davitol
Added new entries:

Added

• Federated sharing new spec OCM 1.0-proposal1 - #33027 @davitol Automated test in the PR

Changed

• Bump karma from 3.0.0 to 3.1.3 in /build - #33256 #33343 #33737 => @PVince81 automated tests
• Bump hoek from 4.2.0 to 4.2.1 in /build - #33574 JS tests passed
• Bump stringstream from 0.0.5 to 0.0.6 in /build - #33755
• Update moment JS to 2.22.2 - #33650 CI tests works

Fixed

• Fix system tags object mapper for Oracle - #33772 @davitol Unit test included in the PR
• Adjust last login time when using auth modules - #33752 @davitol Test steps: Log in with oAuth and check that lastLoginTime is updated in oc_accounts
• Disable share autocomplete endpoint for members of groups excluded from sharing - #33736 @davitol Test steps: 1) Exclude a group from Sharing e.g. guest_app. 2) Add User to excluded group. Check the User is not able to share anything or use the autocomplete
• Fix issues with expiration date validation in public link dialog - #33735 @davitol Test steps: empty Expiration date results in "invalid date" entry #32056 (comment)
• List compatible apps instead of missing ones in occ upgrade process - #33730 @davitol Test steps: 1) Upgrade from 10.1 to daily master and check the list of apps after the colon are the compatible apps
• Add background job to clean up orphaned DAV properties - #33722 @davitol Test steps: Delete Custom Dav Properties on file delete #33413 (comment)

[davitol]

Added new entries from PR https://github.com/owncloud/core/pull/33928/files

Added

• Added mime types for sharedlib and executable - #33893 @davitol Test steps: Add mime types for sharedlib and executable #33595 (comment)
• Update activity listener for static tags #33864 @davitol Test result: Creation, updation activity of the static tags are seen in the activity app, just like other tags: restricted, visible and invisible.
• Add sharing scope to enable addressbook sharing with custom groups - #33849 @davitol Test steps: Add customgroup sharing for contacts app #33712 (comment)
• Bump symfony 3.4.15 to 3.4.20 - #33001 #33460 #33667 #33821 @davitol Test: Manual test of occ exit status
• Patch bumps punic pear-core-minimal xdebug-handler - #33830 @davitol CI works

Fixed

• Return 403 instead of 500 status when uploading into share without write permissions - #33640 @davitol Test steps from Unexpected error code with chunk upload of files to folders with no edit permissions #33416 (comment) and check the return code
• Fix performance issue when fetching versions: do not iterate over all storages when only first is needed - #33859 @davitol Test steps: tested this scenario https://github.com/owncloud/enterprise/issues/3021#issuecomment-448659533
• Correction to default apps folder in config.sample.php - #33912 @davitol Test: Check fix appears in config.sample.php file

Changed

• Bypass apps max-version check for daily/git release channels - #33861 @davitol Test steps: Check Max-version check still works for stable/testing release
• Changed default link share name to be "Public link" - #33879 @davitol Test steps: Share a file/folder using a Public Link and check it is used Public link instead of file name.

[davitol]

Added new entries from PR #33958

Added

• Introduce persistent and explicit locking of file and folders (Webdav locks) - #33266 #33785 #33843 #33957 Test steps: Don't apply persistent lock on received declined shares #33885 (comment)
• Add minimal frontend in files app for persistent locks (Webdav locks) - #33951
• Add X-Request-ID to header Access-Control-Allow-Headers - #33926 @davitol PR contains automated tests

Changed

• Use new DAV endpoint in web UI file list and upload - #33544 @davitol Test steps: Use new DAV endpoint in web UI #28874 (comment)
• Changed default link share name to be "Public link" - #33879 #33955
• Bump composer/xdebug-handler to 1.3.0 - #32977
• Bump lodash from 4.17.4 to 4.17.11 in /build - #33754
• Bump phpseclib/phpseclib from 2.0.11 to 2.0.13 - #33433 #33922
• Bump squizlabs/php_codesniffer 3.3.2=>3.4.0 - #33940 No directly related to the release
• Bump zendframework/zend-inputfilter from 2.8.2 to 2.9.0 - #33920 No directly related to the release

Fixed

• Fix up grammar mistake in console output - #33947 @davitol Test steps: run occ user:sync "NotExists" and check the command output
• Expand occ user reset password email validation - #33945 @davitol Test question here: Expand occ user reset password email validation #32569 (comment)
• Config sample fixes - #33870 #33954 @davitol Tested checking config sample changes. Small typo in the PR Small config sample fixes #33953 (review)

[PVince81]

effort for testing was estimated to 5md

[mmattel]

Added

• show a short list of mount infos: files_external:list --short show a short list of mount infos: files_external:list --short #32178 @davitol Test Result: show a short list of mount infos: files_external:list --short #32178 (comment)

[davitol]

• PROPFIND without any properties locks up the server https://github.com/owncloud/enterprise/issues/3071 Test steps: https://github.com/owncloud/enterprise/issues/3071#issue-395506878

[davitol]

Test Locking files:

1. Using Libre Office:

JFYI Files are locked for PUT (modifying) but not for GET (download)

curl -u admin -X PUT http://10.40.40.222:9681/remote.php/dav/files/admin/pedro.txt
Enter host password for user 'admin':
<?xml version="1.0" encoding="utf-8"?>
<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns">
  <s:exception>Sabre\DAV\Exception\Locked</s:exception>
  <s:message/>
  <d:lock-token-submitted>
    <d:href>files/admin/pedro.txt</d:href>
  </d:lock-token-submitted>
</d:error>
➜  ~ curl -v -u admin -X PUT http://10.40.40.222:9681/remote.php/dav/files/admin/pedro.txt
Enter host password for user 'admin':
*   Trying 10.40.40.222...
* TCP_NODELAY set
* Connected to 10.40.40.222 (10.40.40.222) port 9681 (#0)
* Server auth using Basic with user 'admin'
> PUT /remote.php/dav/files/admin/pedro.txt HTTP/1.1
> Host: 10.40.40.222:9681
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 423 Locked
< Date: Mon, 14 Jan 2019 11:12:03 GMT
< Server: Apache
< Strict-Transport-Security: max-age=15768000; preload
< Set-Cookie: octsafs3v5s3=2tr0ksdbknmn36toqjdknoe81n; path=/; HttpOnly
< Expires: Thu, 19 Nov 1981 08:52:00 GMT
< Cache-Control: no-store, no-cache, must-revalidate
< Pragma: no-cache
< Set-Cookie: oc_sessionPassphrase=8dWapbLDG9zt9p%2FQKo1ZRZy6mJWgu3aM%2BqZF0WyLJBNFgBQt1PD6%2F0T1fYUaXRK3uZ3ybL%2FduUshfPWbKkqLsQgip1v7GfR8O1NpznyCVOnm0iy858lFAcSxB49tSQvB; path=/; HttpOnly
< Content-Security-Policy: default-src 'none';
< Set-Cookie: octsafs3v5s3=m19uhgaela3vr967v90dn08ka2; path=/; HttpOnly
< Set-Cookie: cookie_test=test; expires=Mon, 14-Jan-2019 12:12:06 GMT; Max-Age=3600
< X-Content-Type-Options: nosniff
< X-XSS-Protection: 1; mode=block
< X-Robots-Tag: none
< X-Frame-Options: SAMEORIGIN
< X-Download-Options: noopen
< X-Permitted-Cross-Domain-Policies: none
< Content-Length: 277
< Content-Type: application/xml; charset=utf-8
<
<?xml version="1.0" encoding="utf-8"?>
<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns">
  <s:exception>Sabre\DAV\Exception\Locked</s:exception>
  <s:message/>
  <d:lock-token-submitted>
    <d:href>files/admin/pedro.txt</d:href>
  </d:lock-token-submitted>
</d:error>
* Connection #0 to host 10.40.40.222 left intact

Using latest ownCloud Android App version. Trying to modify the locked file we can see it is not possible:

Also we can see the lock in the Database:

select * from oc_persistent_locks;
+----+---------+------------------+-------------------------------------------+---------+------------+--------------------------------------+----------------------------------+-------+-------+
| id | file_id | owner_account_id | owner                                     | timeout | created_at | token                                | token_hash                       | scope | depth |
+----+---------+------------------+-------------------------------------------+---------+------------+--------------------------------------+----------------------------------+-------+-------+
|  1 |      17 |                1 | LibreOffice - http://www.libreoffice.org/ |    1800 | 1547463538 | ee52cd2e-6975-4593-b3e9-6de3ebe1101b | 6386a195e1cb5b97b929bc73db7fa6f4 |     1 |     0 |
+----+---------+------------------+-------------------------------------------+---------+------------+--------------------------------------+----------------------------------+-------+-------+

More scenarios tested in:

#34157

[davitol]

Added new entries from PR #34278

Added

• Added Symfony event for federation to provide apps with federated share receiver id - #34152 @davitol Test steps: [Stable10] Pass remote user to activity for dav1 anon requests #34152 (comment)
• New tag scope "static tags", editable but not assignable #34098 @davitol Tests steps here: [stable10] Backport of Add lock to the static tag in the input field … #34098 (comment)
• Introduce persistent and explicit locking of file and folders (Webdav locks) [stable10] Hide lock token in public webdav responses #34270]([stable10] Hide lock token in public webdav responses #34270) #34267 @davitol Test steps: Fix public link path for persistent locks #34229 (comment) #34227 #34208 Fix persistent lock timeout behavior #34100 (comment) #34203
• Federated sharing new spec OCM 1.0-proposal1 - #34252 @davitol Check that ocm-provider directory was added to the build
• If only the patch level of an app's version changes no migrations will run - #33218 #34138 @davitol It contains unit tests
• Bump handlebars from 4.0.11 to 4.0.12 in /build #34071
• Bump pear/archive_tar from 1.4.3 to 1.4.5 - #34080 @davitol @davitol CI works

Fixed

• Fix missing translations in the user settings module - #34234 #34261 @davitol Test steps: de_DE translation now is "förmlich" hhttps://github.com/owncloud/enterprise/issues/2937 and Email and WebUI for "change password during first login" are not available in german password_policy#199
• Skip preview expiry when owner cannot be determined - #34207 @davitol Test steps here: Skip preview expiry when owner cannot be determined #34118 (comment)
• Allow the testing app to not be in the default apps folder - #34196 @davitol Not directly related to the release but the tests. Tested running acceptance test with the testing app installed in apps-external

[davitol]

Added new entries from 10.1. RC2 PR #34373

• Introduce persistent and explicit locking of file and folders (Webdav locks) - @davitol ([stable10] Prevent LOCK/UNLOCK methods from public endpoint  #34355) Test steps here: Public webdav should not be able to lock read-only public links #34347 (comment)

curl -u nhMtO2QB1kGhee5: -X LOCK http://owncloudserver/public.php/webdav/abc -d "<?xml version='1.0' encoding='UTF-8'?><d:lockinfo xmlns:d='DAV:'> <d:lockscope><d:exclusive/></d:lockscope></d:lockinfo>" -H 'Depth: infinite'
<?xml version="1.0" encoding="utf-8"?>
<d:error xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns" xmlns:o="http://owncloud.org/ns">
  <s:exception>OCA\DAV\Connector\Sabre\Exception\Forbidden</s:exception>
  <s:message>Forbidden to lock from public endpoint</s:message>
  <o:retry xmlns:o="o:">false</o:retry>
  <o:reason xmlns:o="o:">Forbidden to lock from public endpoint</o:reason>
</d:error>

(#34350) Test steps here: #34342 (comment)

curl -u 6SCOlTNzxIEP3bB: -X PROPFIND http://owncloudserver/public.php/webdav/ -d "<?xml version='1.0' encoding='UTF-8'?> <d:propfind xmlns:d='DAV:'> <d:prop><d:lockdiscovery/></d:prop> </d:propfind>" | xmllint --format -
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100   408  100   292  100   116    129     51  0:00:02  0:00:02 --:--:--   129
<?xml version="1.0"?>
<d:multistatus xmlns:d="DAV:" xmlns:s="http://sabredav.org/ns" xmlns:oc="http://owncloud.org/ns">
  <d:response>
    <d:href>/public.php/webdav/</d:href>
    <d:propstat>
      <d:prop>
        <d:lockdiscovery/>
      </d:prop>
      <d:status>HTTP/1.1 200 OK</d:status>
    </d:propstat>
  </d:response>
</d:multistatus>

• Bump @bower_components/browser-update from 2.0.1 to v2.0.2 in /build - (Bump @bower_components/browser-update from 2.0.1 to v2.0.2 in /build #34290) @davitol Not directly related to the release