Skip to content

Latest commit

 

History

History
4236 lines (2926 loc) · 222 KB

CHANGELOG.md

File metadata and controls

4236 lines (2926 loc) · 222 KB
Raw

Changelog for unreleased (UNRELEASED)

The following sections list the changes for unreleased.

Summary

  • Bugfix - Fix claim selector based routing for basic auth: #2779
  • Bugfix - Disallow creation of a group with empty name via the OCS api: #2825
  • Bugfix - Fix using s3ng as the metadata storage backend: #2807
  • Bugfix - Use the CS3api up- and download workflow for the accounts service: #2837
  • Change - Rename APP_PROVIDER_BASIC_* environment variables: #2812
  • Change - Restructure Configuration Parsing: #2708
  • Change - OIDC: fallback if IDP doesn't provide "preferred_username" claim: #2644
  • Enhancement - Cleanup ocis-pkg config: #2813
  • Enhancement - Support signature auth in the public share auth middleware: #2831
  • Enhancement - Correct shutdown of services under runtime: #2843
  • Enhancement - Update REVA to v1.17.0: #2849
  • Enhancement - Update ownCloud Web to v4.6.0: #2846

Details

  • Bugfix - Fix claim selector based routing for basic auth: #2779

    We've fixed the claim selector based routing for requests using basic auth. Previously requests using basic auth have always been routed to the DefaultPolicy when using the claim selector despite the set cookie because the basic auth middleware fakes some OIDC claims.

    Now the cookie is checked before routing to the DefaultPolicy and therefore set cookie will also be respected for requests using basic auth.

    owncloud#2779

  • Bugfix - Disallow creation of a group with empty name via the OCS api: #2825

    We've fixed the behavior for group creation on the OCS api, where it was possible to create a group with an empty name. This was is not possible on oC10 and is therefore also forbidden on oCIS to keep compatibility. This PR forbids the creation and also ensures the correct status code for both OCS v1 and OCS v2 apis.

    owncloud#2823 owncloud#2825

  • Bugfix - Fix using s3ng as the metadata storage backend: #2807

    It is now possible to use s3ng as the metadata storage backend.

    owncloud#2668 owncloud#2807

  • Bugfix - Use the CS3api up- and download workflow for the accounts service: #2837

    We've fixed the interaction of the accounts service with the metadata storage after bypassing the InitiateUpload and InitiateDownload have been removed from various storage drivers. The accounts service now uses the proper CS3apis workflow for up- and downloads.

    owncloud#2837 cs3org/reva#2309

  • Change - Rename APP_PROVIDER_BASIC_* environment variables: #2812

    We've renamed the APP_PROVIDER_BASIC_* to APP_PROVIDER_* since the _BASIC_ part is a copy and paste error. Now all app provider environment variables are consistently starting with APP_PROVIDER_*.

    owncloud#2812 owncloud#2811

  • Change - Restructure Configuration Parsing: #2708

    Tags: ocis

    CLI flags are no longer needed for subcommands, as we rely solely on env variables and config files. This greatly simplifies configuration and deployment.

    owncloud#2708

  • Change - OIDC: fallback if IDP doesn't provide "preferred_username" claim: #2644

    Some IDPs don't add the "preferred_username" claim. Fallback to the "email" claim in that case

    owncloud#2644

  • Enhancement - Cleanup ocis-pkg config: #2813

    Certain values were of no use when configuring the ocis runtime.

    owncloud#2813

  • Enhancement - Support signature auth in the public share auth middleware: #2831

    Enabled public share requests to be authenticated using the public share signature.

    owncloud#2831

  • Enhancement - Correct shutdown of services under runtime: #2843

    Supervised goroutines now shut themselves down on context cancellation propagation.

    owncloud#2843

  • Enhancement - Update REVA to v1.17.0: #2849

    Updated REVA to v1.17.0 This update includes:

    owncloud#2849 owncloud#2835 owncloud#2837

  • Enhancement - Update ownCloud Web to v4.6.0: #2846

    Tags: web

    We updated ownCloud Web to v4.6.0. Please refer to the changelog (linked) for details on the web release.

    owncloud#2846 https://github.com/owncloud/web/releases/tag/v4.6.0

Changelog for 1.15.0 (2021-11-19)

The following sections list the changes for 1.15.0.

Summary

  • Bugfix - Don't allow empty password: #197
  • Bugfix - Fix basic auth config: #2719
  • Bugfix - Fix basic auth with custom user claim: #2755
  • Bugfix - Fix oCIS startup ony systems with IPv6: #2698
  • Bugfix - Fix opening images in media viewer for some usernames: #2738
  • Bugfix - Fix error logging when there is no thumbnail for a file: #2702
  • Bugfix - Don't announce resharing via capabilities: #2690
  • Change - Make all insecure options configurable and change the default to false: #2700
  • Change - Update ownCloud Web to v4.5.0: #2780
  • Enhancement - Add API to list all spaces: #2692
  • Enhancement - Update REVA to v1.16.0: #2737

Details

  • Bugfix - Don't allow empty password: #197

    It was allowed to create users with empty or spaces-only password. This is fixed

    owncloud/product#197

  • Bugfix - Fix basic auth config: #2719

    Users could authenticate using basic auth even though PROXY_ENABLE_BASIC_AUTH was set to false.

    owncloud#2466 owncloud#2719

  • Bugfix - Fix basic auth with custom user claim: #2755

    We've fixed authentication with basic if oCIS is configured to use a non-standard claim as user claim (PROXY_USER_OIDC_CLAIM). Prior to this bugfix the authentication always failed and is now working.

    owncloud#2755

  • Bugfix - Fix oCIS startup ony systems with IPv6: #2698

    We've fixed failing startup of oCIS on systems with IPv6 addresses.

    owncloud#2300 owncloud#2698

  • Bugfix - Fix opening images in media viewer for some usernames: #2738

    We've fixed the opening of images in the media viewer for user names containing special characters (eg. @) which will be URL-escaped. Before this fix users could not see the image in the media viewer. Now the user name is correctly escaped and the user can view the image in the media viewer.

    owncloud#2738

  • Bugfix - Fix error logging when there is no thumbnail for a file: #2702

    We've fixed the behavior of the logging when there is no thumbnail for a file (because the filetype is not supported for thumbnail generation). Previously the WebDAV service always issues an error log in this case. Now, we don't log this event any more.

    owncloud#2702

  • Bugfix - Don't announce resharing via capabilities: #2690

    OCIS / Reva is not capable of resharing, yet. We've set the resharing capability to false, so that clients have a chance to react accordingly.

    owncloud#2690

  • Change - Make all insecure options configurable and change the default to false: #2700

    We had several hard-coded 'insecure' flags. These options are now configurable and default to false. Also we changed all other 'insecure' flags with a previous default of true to false.

    In development environments using self signed certs (the default) you now need to set these flags:

    STORAGE_FRONTEND_ARCHIVER_INSECURE=true STORAGE_FRONTEND_OCDAV_INSECURE=true
STORAGE_HOME_DATAPROVIDER_INSECURE=true
STORAGE_METADATA_DATAPROVIDER_INSECURE=true STORAGE_OIDC_INSECURE=true
STORAGE_USERS_DATAPROVIDER_INSECURE=true THUMBNAILS_CS3SOURCE_INSECURE=true
THUMBNAILS_WEBDAVSOURCE_INSECURE=true ```

As an alternative you also can set a single flag, which configures all options together:

``` OCIS_INSECURE=true ```

https://github.com/owncloud/ocis/issues/2700
https://github.com/owncloud/ocis/pull/2745

  • Change - Update ownCloud Web to v4.5.0: #2780

    Tags: web

    We updated ownCloud Web to v4.5.0. Please refer to the changelog (linked) for details on the web release.

    owncloud#2780 https://github.com/owncloud/web/releases/tag/v4.5.0

  • Enhancement - Add API to list all spaces: #2692

    Added a graph endpoint to enable users with the list-all-spaces permission to list all spaces.

    owncloud#2692

  • Enhancement - Update REVA to v1.16.0: #2737

    Updated REVA to v1.16.0 This update includes:

    owncloud#2737 owncloud#2726 owncloud#2790 owncloud#2797

Changelog for 1.14.0 (2021-10-27)

The following sections list the changes for 1.14.0.

Summary

  • Security - Don't expose services by default: #2612
  • Bugfix - Create parent directories for idp configuration: #2667
  • Change - Configurable default quota: #2621
  • Change - New default data paths and easier configuration of the data path: #2590
  • Change - Split spaces webdav url and graph url in base and path: #2660
  • Change - Update ownCloud Web to v4.4.0: #2681
  • Enhancement - Add user setting capability: #2655
  • Enhancement - Broaden bufbuild/Buf usage: #2630
  • Enhancement - Replace fileb0x with go-embed: #1199
  • Enhancement - Upgrade to go-micro v4.1.0: #2616
  • Enhancement - Review and correct http header: #2666
  • Enhancement - Lower TUS max chunk size: #2584
  • Enhancement - Add sharees additional info paramater config to ocs: #2637
  • Enhancement - Add a middleware to authenticate public share requests: #2536
  • Enhancement - Report quota states: #2628
  • Enhancement - Start up a new machine auth provider in the storage service: #2528
  • Enhancement - Enforce permission on update space quota: #2650
  • Enhancement - Update lico to v0.51.1: #2654
  • Enhancement - Update reva to v1.15: #2658

Details

  • Security - Don't expose services by default: #2612

    We've changed the bind behaviour for all non public facing services. Before this PR all services would listen on all interfaces. After this PR, all services listen on 127.0.0.1 only, except the proxy which is listening on 0.0.0.0:9200.

    owncloud#2612

  • Bugfix - Create parent directories for idp configuration: #2667

    The parent directories of the identifier-registration.yaml config file might not exist when starting idp. Create them, when that is the case.

    owncloud#2667

  • Change - Configurable default quota: #2621

    When creating a new space a (configurable) default quota will be used (instead the hardcoded one). One can set the EnvVar GRAPH_SPACES_DEFAULT_QUOTA to configure it

    owncloud#2621 https://jira.owncloud.com/browse/OCIS-2070

  • Change - New default data paths and easier configuration of the data path: #2590

    We've changed the default data path for our release artifacts: - oCIS docker images will now store all data in /var/lib/ocis instead in /var/tmp/ocis - binary releases will now store all data in ~/.ocis instead of /var/tmp/ocis

    Also if you're a developer and you run oCIS from source, it will store all data in ~/.ocis from now on.

    You can now easily change the data path for all extensions by setting the environment variable OCIS_BASE_DATA_PATH.

    If you want to package oCIS, you also can set the default data path at compile time, eg. by passing -X "github.com/owncloud/ocis/ocis-pkg/config/defaults.BaseDataPathType=path" -X "github.com/owncloud/ocis/ocis-pkg/config/defaults.BaseDataPathValue=/var/lib/ocis" to your go build step.

    owncloud#2590

  • Change - Split spaces webdav url and graph url in base and path: #2660

    We've fixed the behavior for the spaces webdav url and graph explorer graph url settings, so that they respect the environment variable OCIS_URL. Previously oCIS admins needed to set these URLs manually to make spaces and the graph explorer work.

    owncloud#2659 owncloud#2660

  • Change - Update ownCloud Web to v4.4.0: #2681

    Tags: web

    We updated ownCloud Web to v4.4.0. Please refer to the changelog (linked) for details on the web release.

    owncloud#2681 https://github.com/owncloud/web/releases/tag/v4.4.0

  • Enhancement - Add user setting capability: #2655

    We've added a capability to communicate the existance of a user settings service to clients.

    owncloud/web#5926 owncloud#2655

  • Enhancement - Broaden bufbuild/Buf usage: #2630

    We've switched the usage of bufbuild/Buf from a protoc replacement only to also using it to confige the outputs and pinning dependencies.

    owncloud#2630 owncloud#2616

  • Enhancement - Replace fileb0x with go-embed: #1199

    Go-embed already brings the functionality we need but with less code. We decided to use it instead of 3rd party fileb0x

    owncloud#1199 owncloud#2631 owncloud#2649

  • Enhancement - Upgrade to go-micro v4.1.0: #2616

    We've upgraded to go-micro v4.1.0

    owncloud#2616

  • Enhancement - Review and correct http header: #2666

    Reviewed and corrected the necessary http headers. Made CORS configurable.

    owncloud#2666

  • Enhancement - Lower TUS max chunk size: #2584

    We've lowered the TUS max chunk size from infinite to 0.1GB so that chunking actually happens.

    owncloud#2584 cs3org/reva#2136

  • Enhancement - Add sharees additional info paramater config to ocs: #2637

    owncloud#2637

  • Enhancement - Add a middleware to authenticate public share requests: #2536

    Added a new middleware to authenticate public share requests. This makes it possible to use APIs which require an authenticated context with public shares.

    owncloud#2479 owncloud#2536 owncloud#2652

  • Enhancement - Report quota states: #2628

    When listing the available spaces via the GraphAPI we now return quota states to make it easier for the clients to add visual indicators.

    owncloud#2628

  • Enhancement - Start up a new machine auth provider in the storage service: #2528

    This PR also adds the config to skip encoding user groups in reva tokens

    owncloud#2528 owncloud#2529

  • Enhancement - Enforce permission on update space quota: #2650

    Added a check that only users with the set-space-quota permission can update the space quota.

    owncloud#2650

  • Enhancement - Update lico to v0.51.1: #2654

    Updated lico to v0.51.1 This update includes: * Apply LibreGraph naming treewide * move to go1.17 * Update 3rd party Go dependencies

    owncloud#2654

  • Enhancement - Update reva to v1.15: #2658

    Updated reva to v1.15 This update includes:

    owncloud#2658 owncloud#2536 owncloud#2650 owncloud#2680

Changelog for 1.13.0 (2021-10-13)

The following sections list the changes for 1.13.0.

Summary

  • Bugfix - Fix the account resolver middleware: #2557
  • Bugfix - Fix version information for extensions: #2575
  • Bugfix - Add the gatewaysvc to all shared configuration in REVA services: #2597
  • Bugfix - Use proper url path decode on the username: #2511
  • Bugfix - Remove notifications placeholder: #2514
  • Bugfix - Remove asset path configuration option from proxy: #2576
  • Bugfix - Race condition in config parsing: #2574
  • Change - Configure users and metadata storage separately: #2598
  • Change - Make the drives create method odata compliant: #2531
  • Change - Unify Envvar names configuring REVA gateway address: #2587
  • Change - Update ownCloud Web to v4.3.0: #2589
  • Enhancement - Updated MimeTypes configuration for AppRegistry: #2603
  • Enhancement - Add maximum files and size to archiver capabilities: #2544
  • Enhancement - Reduced repository size: #2579
  • Enhancement - Return the newly created space: #2610
  • Enhancement - Expose the reva archiver in OCIS: #2509
  • Enhancement - Favorites capability: #2599
  • Enhancement - Upgrade to GO 1.17: #2605
  • Enhancement - Make mimetype allow list configurable for app provider: #2553
  • Enhancement - Add allow_creation parameter to mime type config: #2591
  • Enhancement - Add option to skip generation of demo users and groups: #2495
  • Enhancement - Allow overriding the cookie based route by claim: #2508
  • Enhancement - Redirect invalid links to oC Web: #2493
  • Enhancement - Use reva's Authenticate method instead of spawning token managers: #2528
  • Enhancement - TLS config options for ldap in reva: #2492
  • Enhancement - Set reva JWT token expiration time to 24 hours by default: #2527
  • Enhancement - Update reva to v1.14.0: #2615

Details

  • Bugfix - Fix the account resolver middleware: #2557

    The accounts resolver middleware put an empty token into the request when the user was already present. Added a step to get the token for the user.

    owncloud#2557

  • Bugfix - Fix version information for extensions: #2575

    We've fixed the behavior for ocis version which previously always showed 0.0.0 as version for extensions. Now the real version of the extensions are shown.

    owncloud#2575

  • Bugfix - Add the gatewaysvc to all shared configuration in REVA services: #2597

    We've fixed the configuration for REVA services which didn't have a gatewaysvc in their shared configuration. This could lead to default gatewaysvc addresses in the auth middleware. Now it is set everywhere.

    owncloud#2597

  • Bugfix - Use proper url path decode on the username: #2511

    We now properly decode the username when reading it from a url parameter

    owncloud#2511

  • Bugfix - Remove notifications placeholder: #2514

    Since Reva was communicating its notification capabilities incorrectly, oCIS relied on a hardcoded string to overwrite them. This has been fixed in reva#1819 so we now removed the hardcoded string and don't modify Reva's notification capabilities anymore in order to fix clients having to poll a (non-existent) notifications endpoint.

    owncloud#2514

  • Bugfix - Remove asset path configuration option from proxy: #2576

    We've remove the asset path configuration option (--asset-path or PROXY_ASSET_PATH) since it didn't do anything at all.

    owncloud#2576

  • Bugfix - Race condition in config parsing: #2574

    There was a race condition in the config parsing when configuring the storage services caused by services overwriting a pointer to a config value. We fixed it by setting sane defaults.

    owncloud#2574

  • Change - Configure users and metadata storage separately: #2598

    We've fixed the configuration behaviour of the user and metadata service writing in the same directory when using oCIS storage.

    Therefore we needed to separate the configuration of the users and metadata storage so that they now can be configured totally separate.

    owncloud#2598

  • Change - Make the drives create method odata compliant: #2531

    When creating a space on the graph API we now use the POST Body to provide the parameters.

    owncloud#2531 owncloud#2535 https://www.odata.org/getting-started/basic-tutorial/#modifyData

  • Change - Unify Envvar names configuring REVA gateway address: #2587

    We've renamed all envvars configuring REVA gateway address to REVA_GATEWAY, additionally we renamed the cli parameters to --reva-gateway-addr and adjusted the description

    owncloud#2091 owncloud#2587

  • Change - Update ownCloud Web to v4.3.0: #2589

    Tags: web

    We updated ownCloud Web to v4.3.0. Please refer to the changelog (linked) for details on the web release.

    owncloud#2589 https://github.com/owncloud/web/releases/tag/v4.3.0

  • Enhancement - Updated MimeTypes configuration for AppRegistry: #2603

    We updated the type of the mime types config to a list, to keep the order of mime types from the config.

    owncloud#2603

  • Enhancement - Add maximum files and size to archiver capabilities: #2544

    We added the maximum files count and maximum archive size of the archiver to the capabilities endpoint. Clients can use this to generate warnings before the actual archive creation fails.

    owncloud#2537 owncloud#2544 cs3org/reva#2105

  • Enhancement - Reduced repository size: #2579

    We removed leftover artifacts from the migration to a single repository.

    owncloud#2579

  • Enhancement - Return the newly created space: #2610

    Changed the response of the CreateSpace method to include the newly created space.

    owncloud#2610 cs3org/reva#2158

  • Enhancement - Expose the reva archiver in OCIS: #2509

    The reva archiver can now be accessed through the storage frontend service

    owncloud#2509

  • Enhancement - Favorites capability: #2599

    We've added a capability for the storage frontend which can be used to announce to clients whether or not favorites are supported. By default this is disabled because the listing of favorites doesn't survive service restarts at the moment.

    owncloud#2599

  • Enhancement - Upgrade to GO 1.17: #2605

    We've upgraded the used GO version from 1.16 to 1.17.

    owncloud#2605

  • Enhancement - Make mimetype allow list configurable for app provider: #2553

    We've added a configuration option to configure the mimetype allow list introduced in cs3org/reva#2095. This also makes it possible to set one application per mime type as a default.

    owncloud#2563 owncloud#2553 cs3org/reva#2095

  • Enhancement - Add allow_creation parameter to mime type config: #2591

    owncloud#2591

  • Enhancement - Add option to skip generation of demo users and groups: #2495

    We've added a new environment variable to decide whether we should generate the demo users and groups or not. This environment variable is set to true by default, so the demo users and groups will get generated by default as long as oCIS is in its "technical preview" stage.

    In any case, there are still some users and groups automatically generated: for users: Reva IOP, Kopano IDP, admin; for groups: sysusers and users.

    owncloud#2495

  • Enhancement - Allow overriding the cookie based route by claim: #2508

    When determining the routing policy we now let the claim override the cookie so that users are routed to the correct backend after login.

    owncloud#2508

  • Enhancement - Redirect invalid links to oC Web: #2493

    Invalid links (eg. https://foo.bar/index.php/apps/pdfviewer) will be redirect to ownCloud Web instead of displaying a blank page with a "not found" message.

    owncloud#2493 owncloud#2512

  • Enhancement - Use reva's Authenticate method instead of spawning token managers: #2528

    When using the CS3 proxy backend, we previously obtained the user from reva's userprovider service and minted the token ourselves. This required maintaining a shared JWT secret between ocis and reva, as well duplication of logic. This PR delegates this logic by using the Authenticate method provided by the reva gateway service to obtain this token, making it an arbitrary, indestructible entry. Currently, the changes have been made to the proxy service but will be extended to others as well.

    owncloud#2528

  • Enhancement - TLS config options for ldap in reva: #2492

    We added the new config options "ldap-cacert" and "ldap-insecure" to the auth-, users- and groups-provider services to be able to do proper TLS configuration for the LDAP clients. "ldap-cacert" is by default configured to add the bundled glauth LDAP servers certificate to the trusted set for the LDAP clients. "ldap-insecure" is set to "false" by default and can be used to disable certificate checks (only advisable for development and test enviroments).

    owncloud#2492

  • Enhancement - Set reva JWT token expiration time to 24 hours by default: #2527

    owncloud#2527

  • Enhancement - Update reva to v1.14.0: #2615

    This update includes:

    owncloud#2615 owncloud#2566 owncloud#2520

Changelog for 1.12.0 (2021-09-14)

The following sections list the changes for 1.12.0.

Summary

  • Bugfix - Remove non working proxy route and fix cs3 users example: #2474
  • Bugfix - Set English as default language in the dropdown in the settings page: #2465
  • Change - Remove OnlyOffice extension: #2433
  • Change - Remove OnlyOffice extension: #2433
  • Change - Update ownCloud Web to v4.2.0: #2501
  • Enhancement - Add app provider and app provider registry: #2204
  • Enhancement - Add the create space permission: #2461
  • Enhancement - Add set space quota permission: #2459
  • Enhancement - Create a Space using the Graph API: #2471
  • Enhancement - Update go-chi/chi to version 5.0.3: #2429
  • Enhancement - Upgrade go micro to v3.6.0: #2451
  • Enhancement - Update reva to v1.13.0: #2477

Details

  • Bugfix - Remove non working proxy route and fix cs3 users example: #2474

    We removed a non working route from the proxy default configuration and fixed the cs3 users deployment example since it still used the accounts service. It now only uses the configured LDAP.

    owncloud#2474

  • Bugfix - Set English as default language in the dropdown in the settings page: #2465

    The language dropdown didn't have a default language selected, and it was showing an empty value. Now it shows English instead.

    owncloud#2465

  • Change - Remove OnlyOffice extension: #2433

    Tags: OnlyOffice

    We've removed the OnlyOffice extension in oCIS. OnlyOffice has their own web extension for OC10 backend now with a dedicated guide. In oCIS, we will follow up with a guide on how to start a WOPI server providing OnlyOffice soon.

    owncloud#2433

  • Change - Remove OnlyOffice extension: #2433

    Tags: OnlyOffice

    We've removed the OnlyOffice extension in oCIS. OnlyOffice has their own web extension for OC10 backend now with a dedicated guide. In oCIS, we will follow up with a guide on how to start a WOPI server providing OnlyOffice soon.

    owncloud#2433

  • Change - Update ownCloud Web to v4.2.0: #2501

    Tags: web

    We updated ownCloud Web to v4.2.0. Please refer to the changelog (linked) for details on the web release.

    owncloud#2501 https://github.com/owncloud/web/releases/tag/v4.2.0

  • Enhancement - Add app provider and app provider registry: #2204

    We added the app provider and app provider registry. Now the CS3org WOPI server can be registered and OpenInApp requests can be done.

    owncloud#2204 cs3org/reva#1785

  • Enhancement - Add the create space permission: #2461

    In preparation for the upcoming spaces features a Create Space permission was added.

    owncloud#2461

  • Enhancement - Add set space quota permission: #2459

    In preparation for the upcoming spaces features a SetSpaceQuota permission was added.

    owncloud#2459

  • Enhancement - Create a Space using the Graph API: #2471

    Spaces can now be created on POST /drives/{drive-name}. Only users with the create-space permissions can perform this operation.

    Allowed body form values are:

    • quota (bytes) maximum amount of bytes stored in the space. - maxQuotaFiles (integer) maximum amount of files supported by the space.

    owncloud#2471

  • Enhancement - Update go-chi/chi to version 5.0.3: #2429

    Updated go-chi/chi to the latest release

    owncloud#2429

  • Enhancement - Upgrade go micro to v3.6.0: #2451

    Go micro and all go micro plugins are now on v3.6.0

    owncloud#2451

  • Enhancement - Update reva to v1.13.0: #2477

    This update includes:

    owncloud#2477

Changelog for 1.11.0 (2021-08-24)

The following sections list the changes for 1.11.0.

Summary

  • Bugfix - Specify primary user type for all accounts: #2364
  • Bugfix - Fix naming of the user- and groupprovider services: #2388
  • Change - Update ownCloud Web to v4.1.0: #2426
  • Enhancement - Use non root user for the owncloud/ocis docker image: #2380
  • Enhancement - Replace unmaintained jwt library: #2386
  • Enhancement - Update bleve to version 2.1.0: #2391
  • Enhancement - Update github.com/coreos/go-oidc to v3.0.0: #2393
  • Enhancement - Update reva to v1.12: #2423

Details

Changelog for 1.10.0 (2021-08-06)

The following sections list the changes for 1.10.0.

Summary

  • Bugfix - Improve IDP Login Accessibility: #5376
  • Bugfix - Forward basic auth to OpenID connect token authentication endpoint: #2095
  • Bugfix - Log all requests in the proxy access log: #2301
  • Bugfix - Update glauth to 20210729125545-b9aecdfcac31: #2336
  • Change - Update ownCloud Web to v4.0.0: #2353
  • Enhancement - Proxy: Add claims policy selector: #2248
  • Enhancement - Add ocs cache warmup config and warn on protobuf ns conflicts: #2328
  • Enhancement - Refactor graph API: #2277
  • Enhancement - Update REVA: #2355
  • Enhancement - Use only one go.mod file for project dependencies: #2344

Details

  • Bugfix - Improve IDP Login Accessibility: #5376

    We have addressed the feedback from the a11y audit and improved the IDP login screen accordingly.

    owncloud/web#5376 owncloud/web#5377

  • Bugfix - Forward basic auth to OpenID connect token authentication endpoint: #2095

    When using PROXY_ENABLE_BASIC_AUTH=true we now forward request to the idp instead of trying to authenticate the request ourself.

    owncloud#2095 owncloud#2094

  • Bugfix - Log all requests in the proxy access log: #2301

    We now use a dedicated middleware to log all requests, regardless of routing selector outcome. While the log now includes the remote address, the selected routing policy is only logged when log level is set to debug because the request context cannot be changed in the directorSelectionDirector, as per the ReverseProxy.Director documentation.

    owncloud#2301

  • Bugfix - Update glauth to 20210729125545-b9aecdfcac31: #2336

    • Fixes the backend config not being passed correctly in ocis
    • Fixes a mutex being copied, leading to concurrent writes
    • Fixes UTF8 chars in filters
    • Fixes case insensitive strings

    owncloud#2336 glauth/glauth#198 glauth/glauth#194

  • Change - Update ownCloud Web to v4.0.0: #2353

    Tags: web

    We updated ownCloud Web to v4.0.0. Please refer to the changelog (linked) for details on the web release.

    owncloud#2353 https://github.com/owncloud/web/releases/tag/v4.0.0

  • Enhancement - Proxy: Add claims policy selector: #2248

    Using the proxy config file, it is now possible to let let the IdP determine the routing policy by sending an ocis.routing.policy claim. Its value will be used to determine the set of routes for the logged in user.

    owncloud#2248

  • Enhancement - Add ocs cache warmup config and warn on protobuf ns conflicts: #2328

    owncloud#2328

  • Enhancement - Refactor graph API: #2277

    We refactored the /graph/v1.0/ endpoint which now relies on the internal acces token fer authentication, getting rid of any LDAP or OIDC code to authenticate requests. This allows using the graph api when using basic auth or any other auth mechanism provided by the CS3 auth providers / reva gateway / ocis proxy.

    owncloud#2277

  • Enhancement - Update REVA: #2355

    Update REVA from v1.10.1-0.20210730095301-fcb7a30a44a6 to v1.11.1-0.20210809134415-3fe79c870fb5 * Fix cs3org/reva#1978: Fix owner type is optional

    owncloud#2355 owncloud#2295 owncloud#2314

  • Enhancement - Use only one go.mod file for project dependencies: #2344

    We now use one single go.mod file at the root of the repository rather than one per core extension.

    owncloud#2344

Changelog for 1.9.0 (2021-07-13)

The following sections list the changes for 1.9.0.

Summary

  • Bugfix - Panic when service fails to start: #2252
  • Bugfix - Dont use port 80 as debug for GroupsProvider: #2271
  • Change - Update ownCloud Web to v3.4.0: #2276
  • Change - Update WEB to v3.4.1: #2283
  • Enhancement - Runtime support for cherry picking extensions: #2229
  • Enhancement - Add readonly mode for storagehome and storageusers: #2230
  • Enhancement - Remove unnecessary Service.Init(): #1705
  • Enhancement - Update REVA to v1.9.1-0.20210628143859-9d29c36c0c3f: #2227
  • Enhancement - Update REVA to v1.9.1: #2280

Details

  • Bugfix - Panic when service fails to start: #2252

    Tags: runtime

    When attempting to run a service through the runtime that is currently running and fails to start, a race condition still redirect os Interrupt signals to a closed channel.

    owncloud#2252

  • Bugfix - Dont use port 80 as debug for GroupsProvider: #2271

    A copy/paste error where the configuration for the groupsprovider's debug address was not present leaves go-micro to start the debug service in port 80 by default.

    owncloud#2271

  • Change - Update ownCloud Web to v3.4.0: #2276

    Tags: web

    We updated ownCloud Web to v3.4.0. Please refer to the changelog (linked) for details on the web release.

    owncloud#2276 https://github.com/owncloud/web/releases/tag/v3.4.0

  • Change - Update WEB to v3.4.1: #2283

    • Fix 5501: loading previews in the right sidebar
    • Fix 5493: view options position

    owncloud#2283 https://github.com/owncloud/web/releases/tag/v3.4.1

  • Enhancement - Runtime support for cherry picking extensions: #2229

    Support for running certain extensions supervised via cli flags. Example usage:

    > ocis server --extensions="proxy, idp, storage-metadata, accounts"

    owncloud#2229

  • Enhancement - Add readonly mode for storagehome and storageusers: #2230

    To enable the readonly mode use STORAGE_HOME_READ_ONLY=true and STORAGE_USERS_READ_ONLY=true. Alternative: use OCIS_STORAGE_READ_ONLY=true

    owncloud#2230

  • Enhancement - Remove unnecessary Service.Init(): #1705

    As it turns out oCIS already calls this method. Invoking it twice would end in accidentally resetting values.

    owncloud#1705

  • Enhancement - Update REVA to v1.9.1-0.20210628143859-9d29c36c0c3f: #2227

    owncloud#2227

  • Enhancement - Update REVA to v1.9.1: #2280

    owncloud#2280

Changelog for 1.8.0 (2021-06-28)

The following sections list the changes for 1.8.0.

Summary

  • Bugfix - External storage registration used wrong config: #2120
  • Bugfix - Remove authentication from /status.php completely: #2188
  • Bugfix - Make webdav namespace configurable across services: #2198
  • Change - Update ownCloud Web to v3.3.0: #2187
  • Enhancement - Properly configure graph-explorer client registration: #2118
  • Enhancement - Use system default location to store TLS artefacts: #2129
  • Enhancement - Update REVA to v1.9: #2205

Details

Changelog for 1.7.0 (2021-06-04)

The following sections list the changes for 1.7.0.

Summary

  • Bugfix - Change the groups index to be case sensitive: #2109
  • Change - Update ownCloud Web to v3.2.0: #2096
  • Enhancement - Enable the s3ng storage driver: #1886
  • Enhancement - Color contrasts on IDP/OIDC login pages: #2088
  • Enhancement - Announce user profile picture capability: #2036
  • Enhancement - Update reva to v1.7.1-0.20210531093513-b74a2b156af6: #2104

Details

Changelog for 1.6.0 (2021-05-12)

The following sections list the changes for 1.6.0.

Summary

  • Bugfix - Fix STORAGE_METADATA_ROOT default value override: #1956
  • Bugfix - Stop the supervisor if a service fails to start: #1963
  • Change - Update ownCloud Web to v3.1.0: #2045
  • Enhancement - Added dictionary files: #2003
  • Enhancement - Introduce login form with h1 tag for screen readers only: #1991
  • Enhancement - User Deprovisioning for the OCS API: #1962
  • Enhancement - Support thumbnails for txt files: #1988
  • Enhancement - Update reva to v1.7.1-0.20210430154404-69bd21f2cc97: #2010
  • Enhancement - Update reva to v1.7.1-0.20210507160327-e2c3841d0dbc: #2044
  • Enhancement - Use oc-select: #1979
  • Enhancement - Set SameSite settings to Strict for Web: #2019

Details

  • Bugfix - Fix STORAGE_METADATA_ROOT default value override: #1956

    The way the value was being set ensured that it was NOT being overridden where it should have been. This patch ensures the correct loading order of values.

    owncloud#1956

  • Bugfix - Stop the supervisor if a service fails to start: #1963

    Steps to make the supervisor fail:

    PROXY_HTTP_ADDR=0.0.0.0:9144 bin/ocis server

    owncloud#1963

  • Change - Update ownCloud Web to v3.1.0: #2045

    Tags: web

    We updated ownCloud Web to v3.1.0. Please refer to the changelog (linked) for details on the web release.

    owncloud#2045 https://github.com/owncloud/web/releases/tag/v3.1.0

  • Enhancement - Added dictionary files: #2003

    Added the dictionary.js file for package settings and accounts which contains strings that should be synced to transifex but not exist in the UI directly.

    owncloud#2003

  • Enhancement - Introduce login form with h1 tag for screen readers only: #1991

    owncloud#1991

  • Enhancement - User Deprovisioning for the OCS API: #1962

    Use the CS3 API and Reva to deprovision users completely.

    Two new environment variables introduced: ``` OCS_IDM_ADDRESS OCS_STORAGE_USERS_DRIVER

    
`OCS_IDM_ADDRESS` is also an alias for `OCIS_URL`; allows the OCS service to mint jwt tokens
for the authenticated user that will be read by the reva authentication middleware.

`OCS_STORAGE_USERS_DRIVER` determines how a user is deprovisioned. This kind of behavior is
needed since every storage driver deals with deleting differently.

https://github.com/owncloud/ocis/pull/1962

  • Enhancement - Support thumbnails for txt files: #1988

    Implemented support for thumbnails for txt files in the thumbnails service.

    owncloud#1988

  • Enhancement - Update reva to v1.7.1-0.20210430154404-69bd21f2cc97: #2010

    owncloud#2010

  • Enhancement - Update reva to v1.7.1-0.20210507160327-e2c3841d0dbc: #2044

    owncloud#2044

  • Enhancement - Use oc-select: #1979

    Replace oc-drop with oc select in settings

    owncloud#1979

  • Enhancement - Set SameSite settings to Strict for Web: #2019

    Changed SameSite settings to Strict for Web to prevent warnings in Firefox

    owncloud#2019

Changelog for 1.5.0 (2021-04-21)

The following sections list the changes for 1.5.0.

Summary

  • Bugfix - Fixes "unaligned 64-bit atomic operation" panic on 32-bit ARM: #1888
  • Change - Make Protobuf package names unique: #1875
  • Change - Update ownCloud Web to v3.0.0: #1938
  • Enhancement - Change default path for thumbnails: #1892
  • Enhancement - Parse config on supervised mode with run subcommand: #1931
  • Enhancement - Update ODS in accounts & settings extension: #1934
  • Enhancement - Add config for public share SQL driver: #1916
  • Enhancement - Remove dead runtime code: #1923
  • Enhancement - Add option to reading registry rules from json file: #1917
  • Enhancement - Update reva to v1.6.1-0.20210414111318-a4b5148cbfb2: #1872

Details

  • Bugfix - Fixes "unaligned 64-bit atomic operation" panic on 32-bit ARM: #1888

    Sync/cache had uint64s that were not 64-bit aligned causing panics on 32-bit systems during atomic access

    owncloud#1887 owncloud#1888

  • Change - Make Protobuf package names unique: #1875

    Introduce unique package and go_package names for our Protobuf definitions

    owncloud#1875

  • Change - Update ownCloud Web to v3.0.0: #1938

    Tags: web

    We updated ownCloud Web to v3.0.0. Please refer to the changelog (linked) for details on the web release.

    owncloud#1938 https://github.com/owncloud/web/releases/tag/v3.0.0

  • Enhancement - Change default path for thumbnails: #1892

    Changes the default path for thumbnails from <os tmp dir>/ocis-thumbnails to /var/tmp/ocis/thumbnails

    owncloud#1891 owncloud#1892

  • Enhancement - Parse config on supervised mode with run subcommand: #1931

    Currenntly it is not possible to parse a single config file from an extension when running on supervised mode.

    owncloud#1931

  • Enhancement - Update ODS in accounts & settings extension: #1934

    The accounts and settings extensions were updated to reflect the latest changes in the ownCloud design system. In addition, a couple of quick wins in terms of accessibility are included.

    owncloud#1934

  • Enhancement - Add config for public share SQL driver: #1916

    owncloud#1916

  • Enhancement - Remove dead runtime code: #1923

    When moving from the old runtime to the new one there were lots of files left behind that are essentially dead code and should be removed. The original code lives here github.com/refs/pman/ if someone finds it interesting to read.

    owncloud#1923

  • Enhancement - Add option to reading registry rules from json file: #1917

    owncloud#1917

  • Enhancement - Update reva to v1.6.1-0.20210414111318-a4b5148cbfb2: #1872

    owncloud#1872

Changelog for 1.4.0 (2021-03-30)

The following sections list the changes for 1.4.0.

Summary

  • Bugfix - Fix thumbnail generation for jpegs: #1785
  • Change - Update ownCloud Web to v2.1.0: #1870
  • Enhancement - Add focus to input elements on login page: #1792
  • Enhancement - Improve accessibility to input elements on login page: #1794
  • Enhancement - Add new build targets: #1824
  • Enhancement - Clarify expected failures: #1790
  • Enhancement - Replace special character in login page title with a regular minus: #1813
  • Enhancement - File Logging: #1816
  • Enhancement - Runtime Hostname and Port are now configurable: #1822
  • Enhancement - Generate thumbnails for .gif files: #1791
  • Enhancement - Tracing Refactor: #1819
  • Enhancement - Update reva to v1.6.1-0.20210326165326-e8a00d9b2368: #1683

Details

Changelog for 1.3.0 (2021-03-09)

The following sections list the changes for 1.3.0.

Summary

  • Bugfix - Purposely delay accounts service startup: #1734
  • Bugfix - Add missing gateway config: #1716
  • Bugfix - Fix accounts initialization: #1696
  • Bugfix - Fix the ttl of the authentication middleware cache: #1699
  • Change - Update ownCloud Web to v2.0.1: #1683
  • Change - Update ownCloud Web to v2.0.2: #1776
  • Enhancement - Remove the JWT from the log: #1758
  • Enhancement - Update go-micro to v3.5.1-0.20210217182006-0f0ace1a44a9: #1670
  • Enhancement - Update reva to v1.6.1-0.20210223065028-53f39499762e: #1683
  • Enhancement - Add initial nats and kubernetes registry support: #1697

Details

  • Bugfix - Purposely delay accounts service startup: #1734

    As it turns out the race condition between accounts <-> storage-metadata still remains. This PR is a hotfix, and it should be followed up with a proper fix. Either:

    • block the accounts' initialization until the storage metadata is ready (using the registry) or - allow the accounts service to initialize and use a message broker to signal the accounts the metadata storage is ready to receive requests.

    owncloud#1734

  • Bugfix - Add missing gateway config: #1716

    The auth provider ldap and oidc drivers now need to be able talk to the reva gateway. We added the gatewayscv to the config that is passed to reva.

    owncloud#1716

  • Bugfix - Fix accounts initialization: #1696

    Originally the accounts service relies on both the settings and storage-metadata to be up and running at the moment it starts. This is an antipattern as it will cause the entire service to panic if the dependants are not present.

    We inverted this dependency and moved the default initialization data (i.e: creating roles, permissions, settings bundles) and instead of notifying the settings service that the account has to provide with such options, the settings is instead initialized with the options the accounts rely on. Essentially saving bandwith as there is no longer a gRPC call to the settings service.

    For the storage-metadata a retry mechanism was added that retries by default 20 times to fetch the com.owncloud.storage.metadata from the service registry every 500 miliseconds. If this retry expires the accounts panics, as its dependency on the storage-metadata service cannot be resolved.

    We also introduced a client wrapper that acts as middleware between a client and a server. For more information on how it works further read here

    owncloud#1696

  • Bugfix - Fix the ttl of the authentication middleware cache: #1699

    The authentication cache ttl was multiplied with time.Second multiple times. This resulted in a ttl that was not intended.

    owncloud#1699

  • Change - Update ownCloud Web to v2.0.1: #1683

    Tags: web

    We updated ownCloud Web to v2.0.1. Please refer to the changelog (linked) for details on the web release.

    owncloud#1683 https://github.com/owncloud/web/releases/tag/v2.0.1

  • Change - Update ownCloud Web to v2.0.2: #1776

    Tags: web

    We updated ownCloud Web to v2.0.2. Please refer to the changelog (linked) for details on the web release.

    owncloud#1776 https://github.com/owncloud/web/releases/tag/v2.0.2

  • Enhancement - Remove the JWT from the log: #1758

    We were logging the JWT in some places. Secrets should not be exposed in logs so it got removed.

    owncloud#1758

  • Enhancement - Update go-micro to v3.5.1-0.20210217182006-0f0ace1a44a9: #1670

    • We updated from go micro v2 (v2.9.1) go-micro v3 (v3.5.1 edge). - oCIS runtime is now aware of MICRO_LOG_LEVEL and is set to error by default. This decision was made because ownCloud, as framework builders, want to log everything oCIS related and hide everything unrelated by default. It can be re-enabled by setting it to a log level other than error. i.e: MICRO_LOG_LEVEL=info. - Updated protoc-gen-micro to the latest version. - We're using Prometheus wrappers from go-micro.

    owncloud#1670 micro/go-micro#2126

  • Enhancement - Update reva to v1.6.1-0.20210223065028-53f39499762e: #1683

    owncloud#1683 cs3org/reva#1405

  • Enhancement - Add initial nats and kubernetes registry support: #1697

    We added initial support to use nats and kubernetes as a service registry using MICRO_REGISTRY=nats and MICRO_REGISTRY=kubernetes respectively. Multiple nodes can be given with MICRO_REGISTRY_ADDRESS=1.2.3.4,5.6.7.8,9.10.11.12.

    owncloud#1697

Changelog for 1.2.0 (2021-02-17)

The following sections list the changes for 1.2.0.

Summary

  • Bugfix - Check if roles are present in user object before looking those up: #1388
  • Bugfix - Fix etcd address configuration: #1546
  • Bugfix - Remove unimplemented config file option for oCIS root command: #1636
  • Bugfix - Fix thumbnail generation when using different idp: #1624
  • Change - Initial release of graph and graph explorer: #1594
  • Change - Move runtime code on refs/pman over to owncloud/ocis/ocis: #1483
  • Change - Update ownCloud Web to v2.0.0: #1661
  • Enhancement - Make use of new design-system oc-table: #1597
  • Enhancement - Use a default protocol parameter instead of explicitly disabling tus: #1331
  • Enhancement - Functionality to map home directory to different storage providers: #1186
  • Enhancement - Introduce ADR: #1042
  • Enhancement - Switch to opencontainers annotation scheme: #1381
  • Enhancement - Migrate ocis-graph-explorer to ocis monorepo: #1596
  • Enhancement - Migrate ocis-graph to ocis monorepo: #1594
  • Enhancement - Enable group sharing and add config for sharing SQL driver: #1626
  • Enhancement - Update reva to v1.5.2-0.20210125114636-0c10b333ee69: #1482

Details

  • Bugfix - Check if roles are present in user object before looking those up: #1388

    owncloud#1388

  • Bugfix - Fix etcd address configuration: #1546

    The etcd server address in MICRO_REGISTRY_ADDRESS was not picked up when etcd was set as service discovery registry MICRO_REGISTRY=etcd. Therefore etcd was only working if available on localhost / 127.0.0.1.

    owncloud#1546

  • Bugfix - Remove unimplemented config file option for oCIS root command: #1636

    owncloud#1636

  • Bugfix - Fix thumbnail generation when using different idp: #1624

    The thumbnail service was relying on a konnectd specific field in the access token. This logic was now replaced by a service parameter for the username.

    owncloud#1624 owncloud#1628

  • Change - Initial release of graph and graph explorer: #1594

    Tags: graph, graph-explorer

    We brought initial basic Graph and Graph-Explorer support for the ownCloud Infinite Scale project.

    owncloud#1594 https://github.com/owncloud/ocis-graph-explorer/pull/3

  • Change - Move runtime code on refs/pman over to owncloud/ocis/ocis: #1483

    Tags: ocis, runtime

    Currently, the runtime is under the private account of an oCIS developer. For future-proofing we don't want oCIS mission critical components to depend on external repositories, so we're including refs/pman module as an oCIS package instead.

    owncloud#1483

  • Change - Update ownCloud Web to v2.0.0: #1661

    Tags: web

    We updated ownCloud Web to v2.0.0. Please refer to the changelog (linked) for details on the web release.

    owncloud#1661 https://github.com/owncloud/web/releases/tag/v2.0.0

  • Enhancement - Make use of new design-system oc-table: #1597

    Tags: ui, accounts

    The design-system table component has changed the way it's used. We updated accounts-ui to use the new 'oc-table-simple' component.

    owncloud#1597

  • Enhancement - Use a default protocol parameter instead of explicitly disabling tus: #1331

    cs3org/reva#1331 owncloud#1374

  • Enhancement - Functionality to map home directory to different storage providers: #1186

    We added a parameter in reva that allows us to redirect /home requests to different storage providers based on a mapping derived from the user attributes, which was previously not possible since we hardcode the /home path for all users. For example, having its value as /home/{{substr 0 1 .Username}} can be used to redirect home requests for different users to different storage providers.

    owncloud#1186 cs3org/reva#1142

  • Enhancement - Introduce ADR: #1042

    We will keep track of Architectual Decision Records using Markdown in /docs/adr.

    owncloud#1042

  • Enhancement - Switch to opencontainers annotation scheme: #1381

    Switch docker image annotation scheme to org.opencontainers standard because org.label-schema is depreciated.

    owncloud#1381

  • Enhancement - Migrate ocis-graph-explorer to ocis monorepo: #1596

    Tags: ocis, ocis-graph-explorer

    Ocis-graph-explorer was not migrated during the monorepo conversion.

    owncloud#1596

  • Enhancement - Migrate ocis-graph to ocis monorepo: #1594

    Tags: ocis, ocis-graph

    Ocis-graph was not migrated during the monorepo conversion.

    owncloud#1594

  • Enhancement - Enable group sharing and add config for sharing SQL driver: #1626

    This PR adds config to support sharing with groups. It also introduces a breaking change for the CS3APIs definitions since grantees can now refer to both users as well as groups. Since we store the grantee information in a json file, /var/tmp/ocis/storage/shares.json, its previous version needs to be removed as we won't be able to unmarshal data corresponding to the previous definitions.

    owncloud#1626 cs3org/reva#1453

  • Enhancement - Update reva to v1.5.2-0.20210125114636-0c10b333ee69: #1482

    owncloud#1482 cs3org/reva#1400 cs3org/reva#1416 cs3org/reva#1415 cs3org/reva#1408

Changelog for 1.1.0 (2021-01-22)

The following sections list the changes for 1.1.0.

Summary

  • Change - Disable pretty logging by default: #1133
  • Change - Add "volume" declaration to docker images: #1375
  • Change - Add "expose" information to docker images: #1366
  • Change - Generate cryptographically secure state token: #1203
  • Change - Move k6 to cdperf: #1358
  • Change - Update go version: #1364
  • Change - Update ownCloud Web to v1.0.1: #1191
  • Enhancement - Add OCIS_URL env var: #1148
  • Enhancement - Use sync.cache for roles cache: #1367
  • Enhancement - Add named locks and refactor cache: #1212
  • Enhancement - Update reva to v1.5.1: #1372
  • Enhancement - Update reva to v1.4.1-0.20210111080247-f2b63bfd6825: #1194

Details

  • Change - Disable pretty logging by default: #1133

    Tags: ocis

    Disable pretty logging default for performance reasons.

    owncloud#1133

  • Change - Add "volume" declaration to docker images: #1375

    Tags: docker

    Add "volume" declaration to docker images. This makes it easier for Docker users to see where oCIS stores data.

    owncloud#1375

  • Change - Add "expose" information to docker images: #1366

    Tags: docker

    Add "expose" information to docker images. Docker users will now see that we offer services on port 9200.

    owncloud#1366

  • Change - Generate cryptographically secure state token: #1203

    Replaced Math.random with a cryptographically secure way to generate the oidc state token using the javascript crypto api.

    owncloud#1203 https://developer.mozilla.org/en-US/docs/Web/API/Crypto/getRandomValues https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Math/random

  • Change - Move k6 to cdperf: #1358

    Tags: performance, testing, k6

    The ownCloud performance tests can not only be used to test oCIS. This is why we have decided to move the k6 tests to https://github.com/owncloud/cdperf

    owncloud#1358

  • Change - Update go version: #1364

    Tags: go

    Update go from 1.13 to 1.15

    owncloud#1364

  • Change - Update ownCloud Web to v1.0.1: #1191

    Tags: web

    We updated ownCloud Web to v1.0.1. Please refer to the changelog (linked) for details on the web release.

    owncloud#1191 https://github.com/owncloud/web/releases/tag/v1.0.1

  • Enhancement - Add OCIS_URL env var: #1148

    Tags: ocis

    We introduced a new environment variable OCIS_URL that expects a URL including protocol, host and optionally port to simplify configuring all the different services. These existing environment variables still take precedence, but will also fall back to OCIS_URL: STORAGE_LDAP_IDP, STORAGE_OIDC_ISSUER, PROXY_OIDC_ISSUER, STORAGE_FRONTEND_PUBLIC_URL, KONNECTD_ISS, WEB_OIDC_AUTHORITY, and WEB_UI_CONFIG_SERVER.

    Some environment variables are now built dynamically if they are not set: - STORAGE_DATAGATEWAY_PUBLIC_URL defaults to <STORAGE_FRONTEND_PUBLIC_URL>/data, also falling back to OCIS_URL - WEB_OIDC_METADATA_URL defaults to <WEB_OIDC_AUTHORITY>/.well-known/openid-configuration, also falling back to OCIS_URL

    Furthermore, the built in konnectd will generate an identifier-registration.yaml that uses the KONNECTD_ISS in the allowed redirect_uris and origins. It simplifies the default https://localhost:9200 and remote deployment with OCIS_URL which is evaluated as a fallback if KONNECTD_ISS is not set.

    An oCIS server can now be started on a remote machine as easy as OCIS_URL=https://cloud.ocis.test PROXY_HTTP_ADDR=0.0.0.0:443 ocis server.

    Note that the OCIS_DOMAIN environment variable is not used by oCIS, but by the docker containers.

    owncloud#1148

  • Enhancement - Use sync.cache for roles cache: #1367

    Tags: ocis-pkg

    Update ocis-pkg/roles cache to use ocis-pkg/sync cache

    owncloud#1367

  • Enhancement - Add named locks and refactor cache: #1212

    Tags: ocis-pkg, accounts

    We had the case that we needed kind of a named locking mechanism which enables us to lock only under certain conditions. It's used in the indexer package where we do not need to lock everything, instead just lock the requested parts and differentiate between reads and writes.

    This made it possible to entirely remove locks from the accounts service and move them to the ocis-pkg indexer. Another part of this refactor was to make the cache atomic and write tests for it.

    • remove locking from accounts service - add sync package with named mutex - add named locking to indexer - move cache to sync package

    owncloud#966 owncloud#1212

  • Enhancement - Update reva to v1.5.1: #1372

    Summary -------

    • Fix #1401: Use the user in request for deciding the layout for non-home DAV requests
    • Fix #1413: Re-include the '.git' dir in the Docker images to pass the version tag
    • Fix #1399: Fix ocis trash-bin purge
    • Enh #1397: Bump the Copyright date to 2021
    • Enh #1398: Support site authorization status in Mentix
    • Enh #1393: Allow setting favorites, mtime and a temporary etag
    • Enh #1403: Support remote cloud gathering metrics

    Details -------

    • Bugfix #1401: Use the user in request for deciding the layout for non-home DAV requests

    For the incoming /dav/files/userID requests, we have different namespaces depending on whether the request is for the logged-in user's namespace or not. Since in the storage drivers, we specify the layout depending only on the user whose resources are to be accessed, this fails when a user wants to access another user's namespace when the storage provider depends on the logged in user's namespace. This PR fixes that.

    For example, consider the following case. The owncloud fs uses a layout {{substr 0 1 .Id.OpaqueId}}/{{.Id.OpaqueId}}. The user einstein sends a request to access a resource shared with him, say /dav/files/marie/abcd, which should be allowed. However, based on the way we applied the layout, there's no way in which this can be translated to /m/marie/.

    Https://github.com/cs3org/reva/pull/1401

    • Bugfix #1413: Re-include the '.git' dir in the Docker images to pass the version tag

    And git SHA to the release tool.

    Https://github.com/cs3org/reva/pull/1413

    • Bugfix #1399: Fix ocis trash-bin purge

    Fixes the empty trash-bin functionality for ocis-storage

    Https://github.com/owncloud/product/issues/254 cs3org/reva#1399

    • Enhancement #1397: Bump the Copyright date to 2021

    Https://github.com/cs3org/reva/pull/1397

    • Enhancement #1398: Support site authorization status in Mentix

    This enhancement adds support for a site authorization status to Mentix. This way, sites registered via a web app can now be excluded until authorized manually by an administrator.

    Furthermore, Mentix now sets the scheme for Prometheus targets. This allows us to also support monitoring of sites that do not support the default HTTPS scheme.

    Https://github.com/cs3org/reva/pull/1398

    • Enhancement #1393: Allow setting favorites, mtime and a temporary etag

    We now let the oCIS driver persist favorites, set temporary etags and the mtime as arbitrary metadata.

    Https://github.com/owncloud/ocis/issues/567 cs3org/reva#1394 cs3org/reva#1393

    • Enhancement #1403: Support remote cloud gathering metrics

    The current metrics package can only gather metrics either from json files. With this feature, the metrics can be gathered polling the http endpoints exposed by the owncloud/nextcloud sciencemesh apps.

    Https://github.com/cs3org/reva/pull/1403

    owncloud#1372

  • Enhancement - Update reva to v1.4.1-0.20210111080247-f2b63bfd6825: #1194

    owncloud#1194 cs3org/reva#1368 cs3org/reva#1388

Changelog for [1.0.0] (2020-12-17)

The following sections list the changes for 1.0.0.

Summary

  • Bugfix - Enable scrolling in accounts list: #909
  • Bugfix - Add missing env vars to docker compose: #392
  • Bugfix - Don't enforce empty external apps slice: #473
  • Bugfix - Lower Bound was not working for the cs3 api index implementation: #741
  • Bugfix - Accounts config sometimes being overwritten: #808
  • Bugfix - Make settings service start without go coroutines: #835
  • Bugfix - Fix button layout after phoenix update: #625
  • Bugfix - Fix choose account dialogue: #846
  • Bugfix - Fix id or username query handling: #745
  • Bugfix - Fix konnectd build: #809
  • Bugfix - Fix path of files shared with me in ocs api: #204
  • Bugfix - Use micro default client: #718
  • Bugfix - Allow consent-prompt with switch-account: #788
  • Bugfix - Mint token with uid and gid: #737
  • Bugfix - Serve index.html for directories: #912
  • Bugfix - Don't create account if id/mail/username already taken: #709
  • Bugfix - Fix director selection in proxy: #521
  • Bugfix - Permission checks for settings write access: #1092
  • Bugfix - Fix minor ui bugs: #1043
  • Bugfix - Disable public link expiration by default: #987
  • Bugfix - Build docker images with alpine:latest instead of alpine:edge: #416
  • Change - Accounts UI shows message when no permissions: #656
  • Change - Cache password validation: #958
  • Change - Filesystem based index: #709
  • Change - Rebuild index command for accounts: #748
  • Change - Add the thumbnails command: #156
  • Change - CS3 can be used as accounts-backend: #1020
  • Change - Use bcrypt to hash the user passwords: #510
  • Change - Replace the library which scales the images: #910
  • Change - Choose disk or cs3 storage for accounts and groups: #623
  • Change - Enable OpenID dynamic client registration: #811
  • Change - Integrate import command from ocis-migration: #249
  • Change - Improve reva service descriptions: #536
  • Change - Initial release of basic version: #2
  • Change - Add cli-commands to manage accounts: #115
  • Change - Start ocis-accounts with the ocis server command: #25
  • Change - Properly style konnectd consent page: #754
  • Change - Make all paths configurable and default to a common temp dir: #1080
  • Change - Move the indexer package from ocis/accounts to ocis/ocis-pkg: #794
  • Change - Switch over to a new custom-built runtime: #287
  • Change - Move ocis default config to root level: #842
  • Change - Remove username field in OCS: #709
  • Change - Account management permissions for Admin role: #124
  • Change - Update phoenix to v0.18.0: #651
  • Change - Default apps in ownCloud Web: #688
  • Change - Proxy allow insecure upstreams: #1007
  • Change - Make ocis-settings available: #287
  • Change - Start ocis-proxy with the ocis server command: #119
  • Change - Theme welcome and choose account pages: #887
  • Change - Bring oC theme: #698
  • Change - Unify Configuration Parsing: #675
  • Change - Update phoenix to v0.20.0: #674
  • Change - Update phoenix to v0.21.0: #728
  • Change - Update phoenix to v0.22.0: #757
  • Change - Update phoenix to v0.23.0: #785
  • Change - Update phoenix to v0.24.0: #817
  • Change - Update phoenix to v0.25.0: #868
  • Change - Update phoenix to v0.26.0: #935
  • Change - Update phoenix to v0.27.0: #943
  • Change - Update phoenix to v0.28.0: #1027
  • Change - Update phoenix to v0.29.0: #1034
  • Change - Update reva config: #336
  • Change - Update reva to v1.4.1-0.20201209113234-e791b5599a89: #1089
  • Change - Clarify storage driver env vars: #729
  • Change - Update ownCloud Web to v1.0.0-beta3: #1105
  • Change - Update ownCloud Web to v1.0.0-beta4: #1110
  • Change - Settings and accounts appear in the user menu: #656
  • Enhancement - Add tracing to the accounts service: #1016
  • Enhancement - Add the accounts service: #244
  • Enhancement - Add basic auth option: #627
  • Enhancement - Document how to run OCIS on top of EOS: #172
  • Enhancement - Add the glauth service: #244
  • Enhancement - Add k6: #941
  • Enhancement - Add the konnectd service: #244
  • Enhancement - Add the ocis-phoenix service: #244
  • Enhancement - Add the ocis-pkg package: #244
  • Enhancement - Add the ocs service: #244
  • Enhancement - Add the proxy service: #244
  • Enhancement - Add the settings service: #244
  • Enhancement - Add the storage service: #244
  • Enhancement - Add the store service: #244
  • Enhancement - Add the thumbnails service: #244
  • Enhancement - Add a command to list the versions of running instances: #226
  • Enhancement - Add the webdav service: #244
  • Enhancement - Better adopt Go-Micro: #840
  • Enhancement - Add permission check when assigning and removing roles: #879
  • Enhancement - Create OnlyOffice extension: #857
  • Enhancement - Show basic-auth warning only once: #886
  • Enhancement - Add glauth fallback backend: #649
  • Enhancement - Tidy dependencies: #845
  • Enhancement - Launch a storage to store ocis-metadata: #602
  • Enhancement - Add a version command to ocis: #915
  • Enhancement - Create a proxy access-log: #889
  • Enhancement - Cache userinfo in proxy: #877
  • Enhancement - Update reva to v1.4.1-0.20201125144025-57da0c27434c: #1320
  • Enhancement - Runtime Cleanup: #1066
  • Enhancement - Update OCIS Runtime: #1108
  • Enhancement - Simplify tracing config: #92
  • Enhancement - Update glauth to dev fd3ac7e4bbdc93578655d9a08d8e23f105aaa5b2: #834
  • Enhancement - Update glauth to dev 4f029234b2308: #786
  • Enhancement - Update konnectd to v0.33.8: #744
  • Enhancement - Update reva to v1.4.1-0.20201123062044-b2c4af4e897d: #823
  • Enhancement - Update reva to v1.4.1-0.20201130061320-ac85e68e0600: #980
  • Enhancement - Update reva to cdb3d6688da5: #748
  • Enhancement - Update reva to dd3a8c0f38: #725
  • Enhancement - Update reva to v1.4.1-0.20201127111856-e6a6212c1b7b: #971
  • Enhancement - Update reva to 063b3db9162b: #1091
  • Enhancement - Add www-authenticate based on user agent: #1009

Details

  • Bugfix - Enable scrolling in accounts list: #909

    Tags: accounts

    We've fixed the accounts list to enable scrolling.

    owncloud#909

  • Bugfix - Add missing env vars to docker compose: #392

    Tags: docker

    Without setting REVA_FRONTEND_URL and REVA_DATAGATEWAY_URL uploads would default to locahost and fail if OCIS_DOMAIN was used to run ocis on a remote host.

    owncloud#392

  • Bugfix - Don't enforce empty external apps slice: #473

    Tags: web

    The command for ocis-phoenix enforced an empty external apps configuration. This was removed, as it was blocking a new set of default external apps in ocis-phoenix.

    owncloud#473

  • Bugfix - Lower Bound was not working for the cs3 api index implementation: #741

    Tags: accounts

    Lower bound working on the cs3 index implementation

    owncloud#741

  • Bugfix - Accounts config sometimes being overwritten: #808

    Tags: accounts

    Sometimes when running the accounts extensions flags were not being taken into consideration.

    owncloud#808

  • Bugfix - Make settings service start without go coroutines: #835

    The go routines cause a race condition that sometimes causes the tests to fail. The ListRoles request would not return all permissions.

    owncloud#835

  • Bugfix - Fix button layout after phoenix update: #625

    Tags: accounts

    With the phoenix update to v0.17.0 a new ODS version was released which has a breaking change for buttons regarding their layouting. We adjusted the button layout in the accounts UI accordingly.

    owncloud#625

  • Bugfix - Fix choose account dialogue: #846

    Tags: konnectd

    We've fixed the choose account dialogue in konnectd bug that the user hasn't been logged in after selecting account.

    owncloud#846

  • Bugfix - Fix id or username query handling: #745

    Tags: accounts

    The code was stopping execution when encountering an error while loading an account by id. But for or queries we can continue execution.

    owncloud#745

  • Bugfix - Fix konnectd build: #809

    Tags: konnectd

    We fixed the default config for konnectd and updated the Makefile to include the yarn installand yarn build steps if the static assets are missing.

    owncloud#809

  • Bugfix - Fix path of files shared with me in ocs api: #204

    The path of files shared with me using the ocs api was pointing to an incorrect location.

    owncloud/product#204 owncloud#994

  • Bugfix - Use micro default client: #718

    Tags: glauth

    We found a file descriptor leak in the glauth connections to the accounts service. Fixed it by using the micro default client.

    owncloud#718

  • Bugfix - Allow consent-prompt with switch-account: #788

    Multiple prompt values are allowed and this change fixes the check for select_account if it was used together with other prompt values. Where select_account previously was ignored, it is now processed as required, fixing the use case when a RP wants to trigger select_account first while at the same time wants also to request interactive consent.

    owncloud#788

  • Bugfix - Mint token with uid and gid: #737

    Tags: accounts

    The eos driver expects the uid and gid from the opaque map of a user. While the proxy does mint tokens correctly, the accounts service wasn't.

    owncloud#737

  • Bugfix - Serve index.html for directories: #912

    The static middleware in ocis-pkg now serves index.html instead of returning 404 on paths with a trailing /.

    owncloud/ocis-pkg#63 owncloud#912

  • Bugfix - Don't create account if id/mail/username already taken: #709

    Tags: accounts

    We don't allow anymore to create a new account if the provided id/mail/username is already taken.

    owncloud#709

  • Bugfix - Fix director selection in proxy: #521

    Tags: proxy

    We fixed a bug in ocis-proxy where simultaneous requests could be executed on the wrong backend.

    owncloud#521 owncloud/ocis-proxy#99

  • Bugfix - Permission checks for settings write access: #1092

    Tags: settings

    There were several endpoints with write access to the settings service that were not protected by permission checks. We introduced a generic settings management permission to fix this for now. Will be more fine grained later on.

    owncloud#1092

  • Bugfix - Fix minor ui bugs: #1043

    • the ui haven't updated the language of the items in the settings view menu. Now we listen to the selected language and update the ui - deduplicate resetMenuItems call

    owncloud#1043 owncloud#1044

  • Bugfix - Disable public link expiration by default: #987

    Tags: storage

    The public link expiration was enabled by default and didn't have a default expiration span by default, which resulted in already expired public links coming from the public link quick action. We fixed this by disabling the public link expiration by default.

    owncloud#987 owncloud#1035

  • Bugfix - Build docker images with alpine:latest instead of alpine:edge: #416

    Tags: docker

    ARM builds were failing when built on alpine:edge, so we switched to alpine:latest instead.

    owncloud#416

  • Change - Accounts UI shows message when no permissions: #656

    We improved the UX of the accounts UI by showing a message information the user about missing permissions when the accounts or roles fail to load. This was showing an indeterminate progress bar before.

    owncloud#656

  • Change - Cache password validation: #958

    Tags: accounts

    The password validity check for requests like login eq '%s' and password eq '%s' is now cached for 10 minutes. This improves the performance for basic auth requests.

    owncloud#958

  • Change - Filesystem based index: #709

    Tags: accounts, storage

    We replaced bleve with a new filesystem based index implementation. There is an indexer which is capable of orchestrating different index types to build indices on documents by field. You can choose from the index types unique, non-unique or autoincrement. Indices can be utilized to run search queries (full matches or globbing) on document fields. The accounts service is using this index internally to run the search queries coming in via ListAccounts and ListGroups and to generate UIDs for new accounts as well as GIDs for new groups.

    The accounts service can be configured to store the index on the local FS / a NFS (disk implementation of the index) or to use an arbitrary storage ( cs3 implementation of the index). cs3 is the new default, which is configured to use the metadata storage.

    owncloud#709

  • Change - Rebuild index command for accounts: #748

    Tags: accounts

    The index for the accounts service can now be rebuilt by running the cli command ./bin/ocis accounts rebuild. It deletes all configured indices and rebuilds them from the documents found on storage. For this we also introduced a LoadAccounts and LoadGroups function on storage for loading all existing documents.

    owncloud#748

  • Change - Add the thumbnails command: #156

    Tags: thumbnails

    Added the thumbnails command so that the thumbnails service can get started via ocis.

    owncloud#156

  • Change - CS3 can be used as accounts-backend: #1020

    Tags: proxy

    PROXY_ACCOUNT_BACKEND_TYPE=cs3 PROXY_ACCOUNT_BACKEND_TYPE=accounts (default)

    By using a backend which implements the CS3 user-api (currently provided by reva/storage) it is possible to bypass the ocis-accounts service and for example use ldap directly.

    owncloud#1020

  • Change - Use bcrypt to hash the user passwords: #510

    Change the hashing algorithm from SHA-512 to bcrypt since the latter is better suitable for password hashing. This is a breaking change. Existing deployments need to regenerate the accounts folder.

    owncloud#510

  • Change - Replace the library which scales the images: #910

    The library went out of support. Also did some refactoring of the thumbnails service code.

    owncloud#910

  • Change - Choose disk or cs3 storage for accounts and groups: #623

    Tags: accounts

    The accounts service now has an abstraction layer for the storage. In addition to the local disk implementation we implemented a cs3 storage, which is the new default for the accounts service.

    owncloud#623

  • Change - Enable OpenID dynamic client registration: #811

    Enable OpenID dynamic client registration

    owncloud#811 owncloud#813

  • Change - Integrate import command from ocis-migration: #249

    Tags: migration

    owncloud#249 https://github.com/owncloud/ocis-migration

  • Change - Improve reva service descriptions: #536

    Tags: docs

    The descriptions make it clearer that the services actually represent a mount point in the combined storage. Each mount point can have a different driver.

    owncloud#536

  • Change - Initial release of basic version: #2

    Just prepared an initial basic version which simply embeds the minimum of required services in the context of the ownCloud Infinite Scale project.

    owncloud#2

  • Change - Add cli-commands to manage accounts: #115

    Tags: accounts

    COMMANDS:

    • list, ls List existing accounts
    • add, create Create a new account
    • update Make changes to an existing account
    • remove, rm Removes an existing account
    • inspect Show detailed data on an existing account
    • help, h Shows a list of commands or help for one command

    owncloud/product#115

  • Change - Start ocis-accounts with the ocis server command: #25

    Tags: accounts

    Starts ocis-accounts in single binary mode (./ocis server). This service stores the user-account information.

    owncloud/product#25 https://github.com/owncloud/ocis/pull/239/files

  • Change - Properly style konnectd consent page: #754

    Tags: konnectd

    After bringing our theme into konnectd, we've had to adjust the styles of the consent page so the text is visible and button reflects our theme.

    owncloud#754

  • Change - Make all paths configurable and default to a common temp dir: #1080

    Aligned all services to use a dir following/var/tmp/ocis/<service>/... by default. Also made some missing temp paths configurable via env vars and config flags.

    owncloud#1080

  • Change - Move the indexer package from ocis/accounts to ocis/ocis-pkg: #794

    We are making that change for semantic reasons. So consumers of any index don't necessarily need to know of the accounts service.

    owncloud#794

  • Change - Switch over to a new custom-built runtime: #287

    We moved away from using the go-micro runtime and are now using our own runtime. This allows us to spawn service processes even when they are using different versions of go-micro. On top of that we now have the commands ocis list, ocis kill and ocis run available for service runtime management.

    owncloud#287

  • Change - Move ocis default config to root level: #842

    Tags: ocis

    We moved the tracing config to the root flagset so that they are parsed on all commands. We also introduced a JWTSecret flag in the root flagset, in order to apply a common default JWTSecret to all services that have one.

    owncloud#842 owncloud#843

  • Change - Remove username field in OCS: #709

    Tags: ocs

    We use the incoming userid as both the id and the on_premises_sam_account_name for new accounts in the accounts service. The userid in OCS requests is in fact the username, not our internal account id. We need to enforce the userid as our internal account id though, because the account id is part of various path formats.

    owncloud#709 owncloud#816

  • Change - Account management permissions for Admin role: #124

    Tags: accounts, settings

    We created an AccountManagement permission and added it to the default admin role. There are permission checks in place to protected http endpoints in ocis-accounts against requests without the permission. All existing default users (einstein, marie, richard) have the default user role now (doesn't have the AccountManagement permission). Additionally, there is a new default Admin user with credentials moss:vista.

    Known issue: for users without the AccountManagement permission, the accounts UI extension is still available in the ocis-web app switcher, but the requests for loading the users will fail (as expected). We are working on a way to hide the accounts UI extension if the user doesn't have the AccountManagement permission.

    owncloud/product#124 owncloud/ocis-settings#59 owncloud/ocis-settings#66 owncloud/ocis-settings#67 owncloud/ocis-settings#69 owncloud/ocis-proxy#95 owncloud/ocis-pkg#59 owncloud/ocis-accounts#95 owncloud/ocis-accounts#100 owncloud/ocis-accounts#102

  • Change - Update phoenix to v0.18.0: #651

    Tags: web

    We updated phoenix to v0.18.0. Please refer to the changelog (linked) for details on the phoenix release. With the ODS release brought in by phoenix we now have proper oc-checkbox and oc-radio components for the settings and accounts UI.

    owncloud#651 https://github.com/owncloud/phoenix/releases/tag/v0.18.0 https://github.com/owncloud/owncloud-design-system/releases/tag/v1.12.1

  • Change - Default apps in ownCloud Web: #688

    Tags: web

    We changed the default apps for ownCloud Web to be only files and media-viewer. Markdown-editor and draw-io have been removed as defaults.

    owncloud#688

  • Change - Proxy allow insecure upstreams: #1007

    Tags: proxy

    We can now configure the proxy if insecure upstream servers are allowed. This was added since you need to disable certificate checks fore some situations like testing.

    owncloud#1007

  • Change - Make ocis-settings available: #287

    Tags: settings

    This version delivers settings as a new service. It is part of the array of services in the server command.

    owncloud#287

  • Change - Start ocis-proxy with the ocis server command: #119

    Tags: proxy

    Starts the proxy in single binary mode (./ocis server) on port 9200. The proxy serves as a single-entry point for all http-clients.

    owncloud#119 owncloud#136

  • Change - Theme welcome and choose account pages: #887

    Tags: konnectd

    We've themed the konnectd pages Welcome and Choose account. All text has a white color now to be easily readable on the dark background.

    owncloud#887

  • Change - Bring oC theme: #698

    Tags: konnectd

    We've styled our konnectd login page to reflect ownCloud theme.

    owncloud#698

  • Change - Unify Configuration Parsing: #675

    Tags: ocis

    • responsibility for config parsing should be on the subcommand - if there is a config file in the environment location, env var should take precedence - general rule of thumb: the more explicit the config file is that would be picked up. Order from less to more explicit: - config location (/etc/ocis) - environment variable - cli flag

    owncloud#675

  • Change - Update phoenix to v0.20.0: #674

    Tags: web

    We updated phoenix to v0.20.0. Please refer to the changelog (linked) for details on the phoenix release.

    owncloud#674 https://github.com/owncloud/phoenix/releases/tag/v0.20.0

  • Change - Update phoenix to v0.21.0: #728

    Tags: web

    We updated phoenix to v0.21.0. Please refer to the changelog (linked) for details on the phoenix release.

    owncloud#728 https://github.com/owncloud/phoenix/releases/tag/v0.21.0

  • Change - Update phoenix to v0.22.0: #757

    Tags: web

    We updated phoenix to v0.22.0. Please refer to the changelog (linked) for details on the phoenix release.

    owncloud#757 https://github.com/owncloud/phoenix/releases/tag/v0.22.0

  • Change - Update phoenix to v0.23.0: #785

    Tags: web

    We updated phoenix to v0.23.0. Please refer to the changelog (linked) for details on the phoenix release.

    owncloud#785 https://github.com/owncloud/phoenix/releases/tag/v0.23.0

  • Change - Update phoenix to v0.24.0: #817

    Tags: web

    We updated phoenix to v0.24.0. Please refer to the changelog (linked) for details on the phoenix release.

    owncloud#817 https://github.com/owncloud/phoenix/releases/tag/v0.24.0

  • Change - Update phoenix to v0.25.0: #868

    Tags: web

    We updated phoenix to v0.25.0. Please refer to the changelog (linked) for details on the phoenix release.

    owncloud#868 https://github.com/owncloud/phoenix/releases/tag/v0.25.0

  • Change - Update phoenix to v0.26.0: #935

    Tags: web

    We updated phoenix to v0.26.0. Please refer to the changelog (linked) for details on the phoenix release.

    owncloud#935 https://github.com/owncloud/phoenix/releases/tag/v0.26.0

  • Change - Update phoenix to v0.27.0: #943

    Tags: web

    We updated phoenix to v0.27.0. Please refer to the changelog (linked) for details on the phoenix release.

    owncloud#943 https://github.com/owncloud/phoenix/releases/tag/v0.27.0

  • Change - Update phoenix to v0.28.0: #1027

    Tags: web

    We updated phoenix to v0.28.0. Please refer to the changelog (linked) for details on the phoenix release.

    owncloud#1027 https://github.com/owncloud/phoenix/releases/tag/v0.28.0

  • Change - Update phoenix to v0.29.0: #1034

    Tags: web

    We updated phoenix to v0.29.0. Please refer to the changelog (linked) for details on the phoenix release.

    owncloud#1034 https://github.com/owncloud/phoenix/releases/tag/v0.29.0

  • Change - Update reva config: #336

    • EOS homes are not configured with an enable-flag anymore, but with a dedicated storage driver.
    • We're using it now and adapted default configs of storages

    owncloud#336 owncloud#337 owncloud#338 https://github.com/owncloud/ocis-reva/pull/891

  • Change - Update reva to v1.4.1-0.20201209113234-e791b5599a89: #1089

    Updated reva to v1.4.1-0.20201209113234-e791b5599a89

    owncloud#1089

  • Change - Clarify storage driver env vars: #729

    After renaming ocsi-reva to storage and combining the storage and data providers some env vars were confusingly named STORAGE_STORAGE_.... We are changing the prefix for driver related env vars to STORAGE_DRIVER_.... This makes changing the storage driver using eg.: STORAGE_HOME_DRIVER=eos and setting driver options using STORAGE_DRIVER_EOS_LAYOUT=... less confusing.

    owncloud#729

  • Change - Update ownCloud Web to v1.0.0-beta3: #1105

    Tags: web

    We updated ownCloud Web to v1.0.0-beta3. Please refer to the changelog (linked) for details on the web release.

    owncloud#1105 https://github.com/owncloud/phoenix/releases/tag/v1.0.0-beta3

  • Change - Update ownCloud Web to v1.0.0-beta4: #1110

    Tags: web

    We updated ownCloud Web to v1.0.0-beta4. Please refer to the changelog (linked) for details on the web release.

    owncloud#1110 https://github.com/owncloud/phoenix/releases/tag/v1.0.0-beta4

  • Change - Settings and accounts appear in the user menu: #656

    We moved settings and accounts to the user menu.

    owncloud#656

  • Enhancement - Add tracing to the accounts service: #1016

    Added tracing to the accounts service.

    owncloud#1016

  • Enhancement - Add the accounts service: #244

    Tags: accounts

    • Bugfix - Initialize roleService client in GRPC server: #114
    • Bugfix - Cleanup separated indices in memory: #224
    • Change - Set user role on builtin users: #102
    • Change - Add new builtin admin user: #102
    • Change - We make use of the roles cache to enforce permission checks: #100
    • Change - We make use of the roles manager to enforce permission checks: #108
    • Enhancement - Add create account form: #148
    • Enhancement - Add delete accounts action: #148
    • Enhancement - Add enable/disable capabilities to the WebUI: #118
    • Enhancement - Improve visual appearance of accounts UI: #222
    • Bugfix - Adapting to new settings API for fetching roles: #96
    • Change - Create account api-call implicitly adds "default-user" role: #173
    • Change - Add role selection to accounts UI: #103
    • Bugfix - Atomic Requests: #82
    • Bugfix - Unescape value for prefix query: #76
    • Change - Adapt to new ocis-settings data model: #87
    • Change - Add permissions for language to default roles: #88
    • Bugfix - Add write mutexes: #71
    • Bugfix - Fix the accountId and groupId mismatch in DeleteGroup Method: #60
    • Bugfix - Fix index mapping: #73
    • Bugfix - Use NewNumericRangeInclusiveQuery for numeric literals: #28
    • Bugfix - Prevent segfault when no password is set: #65
    • Bugfix - Update account return value not used: #70
    • Bugfix - Build docker images with alpine:latest instead of alpine:edge: #64
    • Change - Align structure of this extension with other extensions: #51
    • Change - Change api errors: #11
    • Change - Enable accounts on creation: #43
    • Change - Fix index update on create/update: #57
    • Change - Pass around the correct logger throughout the code: #41
    • Change - Remove timezone setting: #33
    • Change - Tighten screws on usernames and email addresses: #65
    • Enhancement - Add early version of cli tools for user-management: #69
    • Enhancement - Update accounts API: #30
    • Enhancement - Add simple user listing UI: #51
    • Enhancement - Logging is configurable: #24
    • Change - Initial release of basic version: #1
    • Enhancement - Configuration: #15

    owncloud/product#244

  • Enhancement - Add basic auth option: #627

    We added a new enable-basic-auth option and PROXY_ENABLE_BASIC_AUTH environment variable that can be set to true to make the proxy verify the basic auth header with the accounts service. This should only be used for testing and development and is disabled by default.

    owncloud/product#198 owncloud#627

  • Enhancement - Document how to run OCIS on top of EOS: #172

    Tags: eos

    We have added rules to the Makefile that use the official eos docker images to boot an eos cluster and configure OCIS to use it.

    owncloud#172

  • Enhancement - Add the glauth service: #244

    Tags: glauth

    • Bugfix - Return invalid credentials when user was not found: #30
    • Bugfix - Query numeric attribute values without quotes: #28
    • Bugfix - Use searchBaseDN if already a user/group name: #214
    • Bugfix - Fix LDAP substring startswith filters: #31
    • Enhancement - Add build information to the metrics: #226
    • Enhancement - Reenable configuring backends: #600
    • Bugfix - Ignore case when comparing objectclass values: #26
    • Bugfix - Build docker images with alpine:latest instead of alpine:edge: #24
    • Enhancement - Handle ownCloudUUID attribute: #27
    • Enhancement - Implement group queries: #22
    • Enhancement - Configuration: #11
    • Enhancement - Improve default settings: #12
    • Enhancement - Generate temporary ldap certificates if LDAPS is enabled: #12
    • Enhancement - Provide additional tls-endpoint: #12
    • Change - Use physicist demo users: #5
    • Change - Default to config based user backend: #6

    owncloud/product#244

  • Enhancement - Add k6: #941

    Tags: tests

    Add k6 as a performance testing framework

    owncloud#941 owncloud#983

  • Enhancement - Add the konnectd service: #244

    Tags: konnectd

    • Enhancement - Add version command: #226
    • Bugfix - Add silent redirect url: #69
    • Bugfix - Build docker images with alpine:latest instead of alpine:edge: #71
    • Bugfix - Include the assets for #62: #64
    • Bugfix - Redirect to the provided uri: #26
    • Change - Add a trailing slash to trusted redirect uris: #26
    • Change - Improve client identifiers for end users: #62
    • Enhancement - Use upstream version of konnect library: #14
    • Enhancement - Change default config for single-binary: #55
    • Bugfix - Generate a random CSP-Nonce in the webapp: #17
    • Change - Dummy index.html is not required anymore by upstream: #25
    • Change - Initial release of basic version: #1
    • Change - Use glauth as ldap backend, default to running behind ocis-proxy: #52

    owncloud/product#244

  • Enhancement - Add the ocis-phoenix service: #244

    Tags: web

    • Bugfix - Fix external app URLs: #218
    • Change - Remove pdf-viewer from default apps: #85
    • Change - Enable Settings and Accounts apps by default: #80
    • Bugfix - Exit when assets or config are not found: #76
    • Bugfix - Build docker images with alpine:latest instead of alpine:edge: #73
    • Change - Hide searchbar by default: #116
    • Bugfix - Allow silent refresh of access token: #69
    • Change - Update Phoenix: #60
    • Enhancement - Configuration: #57
    • Bugfix - Config file value not being read: #45
    • Change - Default to running behind ocis-proxy: #55

    owncloud/product#244

  • Enhancement - Add the ocis-pkg package: #244

    Tags: ocis-pkg

    • Change - Unwrap roleIDs from access-token into metadata context: #59
    • Change - Provide cache for roles: #59
    • Change - Roles manager: #60
    • Change - Use go-micro's metadata context for account id: #56
    • Bugfix - Remove redigo 2.0.0+incompatible dependency: #33
    • Change - Add middleware for x-access-token distmantling: #46
    • Enhancement - Add ocis.id and numeric id claims: #50
    • Bugfix - Pass flags to micro service: #44
    • Change - Add header to cors handler: #41
    • Enhancement - Tracing middleware: #35
    • Enhancement - Allow http services to register handlers: #33
    • Change - Upgrade the micro libraries: #22
    • Bugfix - Fix Module Path: #25
    • Bugfix - Change import paths to ocis-pkg/v2: #27
    • Bugfix - Fix serving static assets: #14
    • Change - Add TLS support for http services: #19
    • Enhancement - Introduce OpenID Connect middleware: #8
    • Change - Add root path to static middleware: #9
    • Change - Better log level handling within micro: #2

    owncloud/product#244

  • Enhancement - Add the ocs service: #244

    Tags: ocs

    • Bugfix - Match the user response to the OC10 format: #181
    • Enhancement - Add version command: #226
    • Bugfix - Add the top level response structure to json responses: #181
    • Enhancement - Update ocis-accounts: #42
    • Bugfix - Mimic oc10 user enabled as string in provisioning api: #39
    • Bugfix - Use opaque ID of a user for signing keys: #436
    • Enhancement - Add option to create user with uidnumber and gidnumber: #34
    • Bugfix - Fix file descriptor leak: #79
    • Enhancement - Add Group management for OCS Povisioning API: #25
    • Enhancement - Basic Support for the User Provisioning API: #23
    • Bugfix - Build docker images with alpine:latest instead of alpine:edge: #20
    • Change - Initial release of basic version: #1
    • Change - Upgrade micro libraries: #11
    • Enhancement - Configuration: #14
    • Enhancement - Support signing key: #18

    owncloud/product#244

  • Enhancement - Add the proxy service: #244

    Tags: proxy

    • Bugfix - Fix director selection: #99
    • Bugfix - Add settings API and app endpoints to example config: #93
    • Change - Remove accounts caching: #100
    • Enhancement - Add autoprovision accounts flag: #219
    • Enhancement - Add hello API and app endpoints to example config and builtin config: #96
    • Enhancement - Add roleIDs to the access token: #95
    • Enhancement - Add version command: #226
    • Enhancement - Add numeric uid and gid to the access token: #89
    • Enhancement - Add configuration options for the pre-signed url middleware: #91
    • Bugfix - Enable new accounts by default: #79
    • Bugfix - Lookup user by id for presigned URLs: #85
    • Bugfix - Build docker images with alpine:latest instead of alpine:edge: #78
    • Change - Add settings and ocs group routes: #81
    • Change - Add route for user provisioning API in ocis-ocs: #80
    • Bugfix - Provide token configuration from config: #69
    • Bugfix - Provide token configuration from config: #76
    • Change - Add OIDC config flags: #66
    • Change - Mint new username property in the reva token: #62
    • Enhancement - Add Accounts UI routes: #65
    • Enhancement - Add option to disable TLS: #71
    • Enhancement - Only send create home request if an account has been migrated: #52
    • Enhancement - Create a root span on proxy that propagates down to consumers: #64
    • Enhancement - Support signed URLs: #73
    • Bugfix - Accounts service response was ignored: #43
    • Bugfix - Fix x-access-token in header: #41
    • Change - Point /data endpoint to reva frontend: #45
    • Change - Send autocreate home request to reva gateway: #51
    • Change - Update to new accounts API: #39
    • Enhancement - Retrieve Account UUID From User Claims: #36
    • Enhancement - Create account if it doesn't exist in ocis-accounts: #55
    • Enhancement - Disable keep-alive on server-side OIDC requests: #268
    • Enhancement - Make jwt secret configurable: #41
    • Enhancement - Respect account_enabled flag: #53
    • Change - Update ocis-pkg: #30
    • Change - Insecure http-requests are now redirected to https: #29
    • Enhancement - Configurable OpenID Connect client: #27
    • Enhancement - Add policy selectors: #4
    • Bugfix - Set TLS-Certificate correctly: #25
    • Change - Route requests based on regex or query parameters: #21
    • Enhancement - Proxy client urls in default configuration: #19
    • Enhancement - Make TLS-Cert configurable: #14
    • Enhancement - Load Proxy Policies at Runtime: #17

    owncloud/product#244

  • Enhancement - Add the settings service: #244

    Tags: settings

    • Bugfix - Fix loading and saving system scoped values: #66
    • Bugfix - Complete input validation: #66
    • Change - Add filter option for bundle ids in ListBundles and ListRoles: #59
    • Change - Reuse roleIDs from the metadata context: #69
    • Change - Update ocis-pkg/v2: #72
    • Enhancement - Add version command: #226
    • Bugfix - Fix fetching bundles in settings UI: #61
    • Change - Filter settings by permissions: #99
    • Change - Add role service: #110
    • Change - Rename endpoints and message types: #36
    • Change - Use UUIDs instead of alphanumeric identifiers: #46
    • Bugfix - Adjust UUID validation to be more tolerant: #41
    • Bugfix - Fix runtime error when type asserting on nil value: #38
    • Bugfix - Fix multiple submits on string and number form elements: #745
    • Bugfix - Build docker images with alpine:latest instead of alpine:edge: #39
    • Change - Dynamically add navItems for extensions with settings bundles: #25
    • Change - Introduce input validation: #22
    • Change - Use account uuid from x-access-token: #14
    • Change - Use server config variable from ocis-web: #34
    • Enhancement - Remove paths from Makefile: #33
    • Enhancement - Extend the docs: #11
    • Enhancement - Update ocis-pkg/v2: #42

    owncloud/product#244

  • Enhancement - Add the storage service: #244

    Tags: storage, reva

    • Enhancement - Enable ocis driver treetime accounting: #620
    • Enhancement - Launch a storage to store ocis-metadata: #602

    In the future accounts, settings etc. should be stored in a dedicated metadata storage. The services should talk to this storage directly, bypassing reva-gateway.

    Https://github.com/owncloud/ocis/pull/602

    • Enhancement - Update reva to v1.2.2-0.20200924071957-e6676516e61e: #601
    • Update reva to v1.2.2-0.20200924071957-e6676516e61e - eos client: Handle eos EPERM as permission denied (reva/#1183) - ocis driver: synctime based etag propagation (reva/#1180) - ocis driver: fix litmus (reva/#1179) - ocis driver: fix move (reva/#1177) - ocs service: cache displaynames (reva/#1161)

    Https://github.com/owncloud/ocis-reva/issues/262 https://github.com/owncloud/ocis-reva/issues/357 https://github.com/owncloud/ocis-reva/issues/301 https://github.com/owncloud/ocis-reva/issues/302 owncloud#601

    • Bugfix - Fix default configuration for accessing shares: #205

    The storage provider mounted at /home should always have EnableHome set to true. The other storage providers should have it set to false.

    Https://github.com/owncloud/product/issues/205 owncloud/ocis-reva#461

    • Enhancement - Allow configuring arbitrary storage registry rules: #193

    We added a new config flag storage-registry-rule that can be given multiple times for the gateway to specify arbitrary storage registry rules. You can also use a comma separated list of rules in the REVA_STORAGE_REGISTRY_RULES environment variable.

    Https://github.com/owncloud/product/issues/193 owncloud/ocis-reva#461

    • Enhancement - Update reva to v1.2.1-0.20200826162318-c0f54e1f37ea: #454

    Https://github.com/owncloud/ocis-reva/pull/454

    • Enhancement - Update reva to v1.2.1-0.20200911111727-51649e37df2d: #466
    • Update reva to v1.2.1-0.20200911111727-51649e37df2d - Added new OCIS storage driver ocis (reva/#1155) - App provider: fallback to env. variable if 'iopsecret' unset (reva/#1146) - Add switch to database (reva/#1135) - Add the ocdav HTTP svc to the standalone config (reva/#1128)

    Https://github.com/owncloud/ocis-reva/pull/466

    • Enhancement - Separate user and auth providers, add config for rest user: #412

    Previously, the auth and user provider services used to have the same driver, which restricted using separate drivers and configs for both. This PR separates the two and adds the config for the rest user driver and the gatewaysvc parameter to EOS fs.

    Https://github.com/owncloud/ocis-reva/pull/412 cs3org/reva#995

    • Enhancement - Update reva to v1.1.1-0.20200819100654-dcbf0c8ea187: #447

    Https://github.com/owncloud/ocis-reva/pull/447

    • Bugfix - Update LDAP filters: #399

    With the separation of use and find filters we can now use a filter that taken into account a users uuid as well as his username. This is necessary to make sharing work with the new account service which assigns accounts an immutable account id that is different from the username. Furthermore, the separate find filters now allows searching users by their displayname or email as well.

    "(&(objectclass=posixAccount)(|(ownclouduuid={{.OpaqueId}})(cn={{.OpaqueId}})))"
findfilter =
"(&(objectclass=posixAccount)(|(cn={{query}}*)(displayname={{query}}*)(mail={{query}}*)))"

    Https://github.com/owncloud/ocis-reva/pull/399 cs3org/reva#996

    • Change - Environment updates for the username userid split: #420

    We updated the owncloud storage driver in reva to properly look up users by userid or username using the userprovider instead of taking the path segment as is. This requires the user service address as well as changing the default layout to the userid instead of the username. The latter is not considered a stable and persistent identifier.

    Https://github.com/owncloud/ocis-reva/pull/420 cs3org/reva#1033

    • Enhancement - Update storage documentation: #384

    We added details to the documentation about storage requirements known from ownCloud 10, the local storage driver and the ownCloud storage driver.

    Https://github.com/owncloud/ocis-reva/pull/384 owncloud/ocis-reva#390

    • Enhancement - Update reva to v0.1.1-0.20200724135750-b46288b375d6: #399
    • Update reva to v0.1.1-0.20200724135750-b46288b375d6 - Split LDAP user filters (reva/#996) - meshdirectory: Add invite forward API to provider links (reva/#1000) - OCM: Pass the link to the meshdirectory service in token mail (reva/#1002) - Update github.com/go-ldap/ldap to v3 (reva/#1004)

    Https://github.com/owncloud/ocis-reva/pull/399 cs3org/reva#996 cs3org/reva#1000 cs3org/reva#1002 cs3org/reva#1004

    • Enhancement - Update reva to v0.1.1-0.20200728071211-c948977dd3a0: #407
    • Update reva to v0.1.1-0.20200728071211-c948977dd3a0 - Use proper logging for ldap auth requests (reva/#1008) - Update github.com/eventials/go-tus to v0.0.0-20200718001131-45c7ec8f5d59 (reva/#1007) - Check if SMTP credentials are nil (reva/#1006)

    Https://github.com/owncloud/ocis-reva/pull/407 cs3org/reva#1008 cs3org/reva#1007 cs3org/reva#1006

    • Bugfix - Build docker images with alpine:latest instead of alpine:edge: #393

    ARM builds were failing when built on alpine:edge, so we switched to alpine:latest instead.

    Https://github.com/owncloud/ocis-reva/pull/393

    • Enhancement - Update reva to v0.1.1-0.20200710143425-cf38a45220c5: #371
    • Update reva to v0.1.1-0.20200710143425-cf38a45220c5 (#371) - Add wopi open (reva/#920) - Added a CS3API compliant data exporter to Mentix (reva/#955) - Read SMTP password from env if not set in config (reva/#953) - OCS share fix including file info after update (reva/#958) - Add flag to smtpclient for for unauthenticated SMTP (reva/#963)

    Https://github.com/owncloud/ocis-reva/pull/371 cs3org/reva#920 cs3org/reva#953 cs3org/reva#955 cs3org/reva#958 cs3org/reva#963

    • Enhancement - Update reva to v0.1.1-0.20200722125752-6dea7936f9d1: #392
    • Update reva to v0.1.1-0.20200722125752-6dea7936f9d1 - Added signing key capability (reva/#986) - Add functionality to create webdav references for OCM shares (reva/#974) - Added a site locations exporter to Mentix (reva/#972) - Add option to config to allow requests to hosts with unverified certificates (reva/#969)

    Https://github.com/owncloud/ocis-reva/pull/392 cs3org/reva#986 cs3org/reva#974 cs3org/reva#972 cs3org/reva#969

    • Enhancement - Make frontend prefixes configurable: #363

    We introduce three new environment variables and preconfigure them the following way:

    • REVA_FRONTEND_DATAGATEWAY_PREFIX="data"
    • REVA_FRONTEND_OCDAV_PREFIX=""
    • REVA_FRONTEND_OCS_PREFIX="ocs"

    This restores the reva defaults that were changed upstream.

    Https://github.com/owncloud/ocis-reva/pull/363 https://github.com/cs3org/reva/pull/936/files#diff-51bf4fb310f7362f5c4306581132fc3bR63

    • Enhancement - Update reva to v0.1.1-0.20200701152626-2f6cc60e2f66: #341
    • Update reva to v0.1.1-0.20200701152626-2f6cc60e2f66 (#341) - Added country information to Mentix (reva/#924) - Refactor metrics package to implement reader interface (reva/#934) - Fix OCS public link share update values logic (#252, #288, reva/#930)

    Https://github.com/owncloud/ocis-reva/issues/252 owncloud/ocis-reva#288 owncloud/ocis-reva#341 cs3org/reva#924 cs3org/reva#934 cs3org/reva#930

    • Enhancement - Update reva to v0.1.1-0.20200709064551-91eed007038f: #362
    • Update reva to v0.1.1-0.20200709064551-91eed007038f (#362) - Fix config for uploads when data server is not exposed (reva/#936) - Update OCM partners endpoints (reva/#937) - Update Ailleron endpoint (reva/#938) - OCS: Fix initialization of shares json file (reva/#940) - OCS: Fix returned public link URL (#336, reva/#945) - OCS: Share wrap resource id correctly (#344, reva/#951) - OCS: Implement share handling for accepting and listing shares (#11, reva/#929) - ocm: dynamically lookup IPs for provider check (reva/#946) - ocm: add functionality to mail OCM invite tokens (reva/#944) - Change percentagused to percentageused (reva/#903) - Fix file-descriptor leak (reva/#954)

    Https://github.com/owncloud/ocis-reva/issues/344 owncloud/ocis-reva#336 owncloud/ocis-reva#11 owncloud/ocis-reva#362 cs3org/reva#936 cs3org/reva#937 cs3org/reva#938 cs3org/reva#940 cs3org/reva#951 cs3org/reva#945 cs3org/reva#929 cs3org/reva#946 cs3org/reva#944 cs3org/reva#903 cs3org/reva#954

    • Enhancement - Add new config options for the http client: #330

    The internal certificates are checked for validity after cs3org/reva#914, which causes the acceptance tests to fail. This change sets new hardcoded defaults.

    Https://github.com/owncloud/ocis-reva/pull/330

    • Enhancement - Allow datagateway transfers to take 24h: #323
    • Increase transfer token life time to 24h (PR #323)

    Https://github.com/owncloud/ocis-reva/pull/323

    • Enhancement - Update reva to v0.1.1-0.20200630075923-39a90d431566: #320
    • Update reva to v0.1.1-0.20200630075923-39a90d431566 (#320) - Return special value for public link password (#294, reva/#904) - Fix public stat and listcontainer response to contain the correct prefix (#310, reva/#902)

    Https://github.com/owncloud/ocis-reva/issues/310 owncloud/ocis-reva#294 owncloud/ocis-reva#320 cs3org/reva#902 cs3org/reva#904

    • Enhancement - Update reva to v0.1.1-0.20200701152626-2f6cc60e2f66: #328
    • Update reva to v0.1.1-0.20200701152626-2f6cc60e2f66 (#328) - Use sync.Map on pool package (reva/#909) - Use mutex instead of sync.Map (reva/#915) - Use gatewayProviders instead of storageProviders on conn pool (reva/#916) - Add logic to ls and stat to process arbitrary metadata keys (reva/#905) - Preliminary implementation of Set/UnsetArbitraryMetadata (reva/#912) - Make datagateway forward headers (reva/#913, reva/#926) - Add option to cmd upload to disable tus (reva/#911) - OCS Share Allow date-only expiration for public shares (#288, reva/#918) - OCS Share Remove array from OCS Share update response (#252, reva/#919) - OCS Share Implement GET request for single shares (#249, reva/#921)

    Https://github.com/owncloud/ocis-reva/issues/288 owncloud/ocis-reva#252 owncloud/ocis-reva#249 owncloud/ocis-reva#328 cs3org/reva#909 cs3org/reva#915 cs3org/reva#916 cs3org/reva#905 cs3org/reva#912 cs3org/reva#913 cs3org/reva#926 cs3org/reva#911 cs3org/reva#918 cs3org/reva#919 cs3org/reva#921

    • Enhancement - Update reva to v0.1.1-0.20200629131207-04298ea1c088: #309
    • Update reva to v0.1.1-0.20200629094927-e33d65230abc (#309) - Fix public link file share (#278, reva/#895, reva/#900) - Delete public share (reva/#899) - Updated reva to v0.1.1-0.20200629131207-04298ea1c088 (#313)

    Https://github.com/owncloud/ocis-reva/issues/278 owncloud/ocis-reva#309 cs3org/reva#895 cs3org/reva#899 cs3org/reva#900 owncloud/ocis-reva#313

    • Enhancement - Update reva to v0.1.1-0.20200626111234-e21c32db9614: #261
    • Updated reva to v0.1.1-0.20200626111234-e21c32db9614 (#304) - TUS upload support through datagateway (#261, reva/#878, reva/#888) - Added support for differing metrics path for Prometheus to Mentix (reva/#875) - More data exported by Mentix (reva/#881) - Implementation of file operations in public folder shares (#49, #293, reva/#877) - Make httpclient trust local certificates for now (reva/#880) - EOS homes are not configured with an enable-flag anymore, but with a dedicated storage driver. We're using it now and adapted default configs of storages (reva/#891, #304)

    Https://github.com/owncloud/ocis-reva/issues/49 owncloud/ocis-reva#293 owncloud/ocis-reva#261 owncloud/ocis-reva#261 cs3org/reva#875 cs3org/reva#877 cs3org/reva#878 cs3org/reva#881 cs3org/reva#880 cs3org/reva#888 owncloud/ocis-reva#304 cs3org/reva#891

    • Enhancement - Update reva to v0.1.1-0.20200624063447-db5e6635d5f0: #279
    • Updated reva to v0.1.1-0.20200624063447-db5e6635d5f0 (#279) - Local storage: URL-encode file ids to ease integration with other microservices like WOPI (reva/#799) - Mentix fixes (reva/#803, reva/#817) - OCDAV: fix returned timestamp format (#116, reva/#805) - OCM: add default prefix (#814) - add the content-length header to the responses (reva/#816) - Deps: clean (reva/#818) - Fix trashbin listing (#112, #253, #254, reva/#819) - Make the json publicshare driver configurable (reva/#820) - TUS: Return metadata headers after direct upload (ocis/#216, reva/#813) - Set mtime to storage after simple upload (#174, reva/#823, reva/#841) - Configure grpc client to allow for insecure conns and skip server certificate verification (reva/#825) - Deployment: simplify config with more default values (reva/#826, reva/#837, reva/#843, reva/#848, reva/#842) - Separate local fs into home and with home disabled (reva/#829) - Register reflection after other services (reva/#831) - Refactor EOS fs (reva/#830) - Add ocs-share-permissions to the propfind response (#47, reva/#836) - OCS: Properly read permissions when creating public link (reva/#852) - localfs: make normalize return associated error (reva/#850) - EOS grpc driver (reva/#664) - OCS: Add support for legacy public link arg publicUpload (reva/#853) - Add cache layer to user REST package (reva/#849) - Meshdirectory: pass query params to selected provider (reva/#863) - Pass etag in quotes from the fs layer (#269, reva/#866, reva/#867) - OCM: use refactored cs3apis provider definition (reva/#864)

    Https://github.com/owncloud/ocis-reva/issues/116 owncloud/ocis-reva#112 owncloud/ocis-reva#253 owncloud/ocis-reva#254 owncloud#216 owncloud/ocis-reva#174 https://github.com/owncloud/ocis-reva/issues/47 owncloud/ocis-reva#269 owncloud/ocis-reva#279 https://github.com/owncloud/cs3org/reva/pull/799 https://github.com/owncloud/cs3org/reva/pull/803 https://github.com/owncloud/cs3org/reva/pull/817 https://github.com/owncloud/cs3org/reva/pull/805 https://github.com/owncloud/cs3org/reva/pull/814 https://github.com/owncloud/cs3org/reva/pull/816 https://github.com/owncloud/cs3org/reva/pull/818 https://github.com/owncloud/cs3org/reva/pull/819 https://github.com/owncloud/cs3org/reva/pull/820 https://github.com/owncloud/cs3org/reva/pull/823 https://github.com/owncloud/cs3org/reva/pull/841 https://github.com/owncloud/cs3org/reva/pull/813 https://github.com/owncloud/cs3org/reva/pull/825 https://github.com/owncloud/cs3org/reva/pull/826 https://github.com/owncloud/cs3org/reva/pull/837 https://github.com/owncloud/cs3org/reva/pull/843 https://github.com/owncloud/cs3org/reva/pull/848 https://github.com/owncloud/cs3org/reva/pull/842 https://github.com/owncloud/cs3org/reva/pull/829 https://github.com/owncloud/cs3org/reva/pull/831 https://github.com/owncloud/cs3org/reva/pull/830 https://github.com/owncloud/cs3org/reva/pull/836 https://github.com/owncloud/cs3org/reva/pull/852 https://github.com/owncloud/cs3org/reva/pull/850 https://github.com/owncloud/cs3org/reva/pull/664 https://github.com/owncloud/cs3org/reva/pull/853 https://github.com/owncloud/cs3org/reva/pull/849 https://github.com/owncloud/cs3org/reva/pull/863 https://github.com/owncloud/cs3org/reva/pull/866 https://github.com/owncloud/cs3org/reva/pull/867 https://github.com/owncloud/cs3org/reva/pull/864

    • Enhancement - Add TUS global capability: #177

    The TUS global capabilities from Reva are now exposed.

    The advertised max chunk size can be configured using the "--upload-max-chunk-size" CLI switch or "REVA_FRONTEND_UPLOAD_MAX_CHUNK_SIZE" environment variable. The advertised http method override can be configured using the "--upload-http-method-override" CLI switch or "REVA_FRONTEND_UPLOAD_HTTP_METHOD_OVERRIDE" environment variable.

    Https://github.com/owncloud/ocis-reva/issues/177 owncloud/ocis-reva#228

    • Enhancement - Update reva to v0.1.1-0.20200603071553-e05a87521618: #244
    • Updated reva to v0.1.1-0.20200603071553-e05a87521618 (#244) - Add option to disable TUS on OC layer (#177, reva/#791) - Dataprovider now supports method override (#177, reva/#792) - OCS fixes for create public link (reva/#798)

    Https://github.com/owncloud/ocis-reva/issues/244 owncloud/ocis-reva#177 cs3org/reva#791 cs3org/reva#792 cs3org/reva#798

    • Enhancement - Add public shares service: #49

    Added Public Shares service with CRUD operations and File Public Shares Manager

    Https://github.com/owncloud/ocis-reva/issues/49 owncloud/ocis-reva#232

    • Enhancement - Update reva to v0.1.1-0.20200529120551-4f2d9c85d3c9: #49
    • Updated reva to v0.1.1-0.20200529120551 (#232) - Public Shares CRUD, File Public Shares Manager (#49, #232, reva/#681, reva/#788) - Disable HTTP-KeepAlives to reduce fd count (ocis/#268, reva/#787) - Fix trashbin listing (#229, reva/#782) - Create PUT wrapper for TUS uploads (reva/#770) - Add security access headers for ocdav requests (#66, reva/#780) - Add option to revad cmd to specify logging level (reva/#772) - New metrics package (reva/#740) - Remove implicit data member from memory store (reva/#774) - Added TUS global capabilities (#177, reva/#775) - Fix PROPFIND with Depth 1 for cross-storage operations (reva/#779)

    Https://github.com/owncloud/ocis-reva/issues/49 owncloud/ocis-reva#229 owncloud/ocis-reva#66 owncloud/ocis-reva#177 owncloud#268 owncloud/ocis-reva#232 cs3org/reva#787 cs3org/reva#681 cs3org/reva#788 cs3org/reva#782 cs3org/reva#770 cs3org/reva#780 cs3org/reva#772 cs3org/reva#740 cs3org/reva#774 cs3org/reva#775 cs3org/reva#779

    • Enhancement - Update reva to v0.1.1-0.20200520150229: #161
    • Update reva to v0.1.1-0.20200520150229 (#161, #180, #192, #207, #221) - Return arbitrary metadata with stat, upload without TUS (reva/#766) - Stat file before returning datagateway URL when initiating download (reva/#765) - REST driver for user package (reva/#747) - Sharing behavior now consistent with the old backend (#20, #26, #43, #44, #46, #94 ,reva/#748) - Mentix service (reva/#755) - meshdirectory: add mentix driver for gocdb sites integration (reva/#754) - Add functionality to commit to storage for OCM shares (reva/#760) - Add option in config to disable tus (reva/#759) - ocdav: fix custom property XML parsing in PROPPATCH handler (#203, reva/#743) - ocdav: fix PROPPATCH response for removed properties (#186, reva/#742) - ocdav: implement PROPFIND infinity depth (#212, reva/#758) - Local fs: Allow setting of arbitrary metadata, minor bug fixes (reva/#764) - Local fs: metadata handling and share persistence (reva/#732) - Local fs: return file owner info in stat (reva/#750) - Fixed regression when uploading empty files to OCFS or EOS with PUT and TUS (#188, reva/#734) - On delete move the file versions to the trashbin (#94, reva/#731) - Fix OCFS move operation (#182, reva/#729) - Fix OCFS custom property / xattr removal (reva/#728) - Retry trashbin in case of timestamp collision (reva/#730) - Disable chunking v1 by default (reva/#678) - Implement ocs to http status code mapping (#26, reva/#696, reva/#707, reva/#711) - Handle the case if directory already exists (reva/#695) - Added TUS upload support (reva/#674, reva/#725, reva/#717) - Always return file sizes in Webdav PROPFIND (reva/#712) - Use default mime type when none was detected (reva/#713) - Fixed Webdav shallow COPY (reva/#714) - Fixed arbitrary namespace usage for custom properties in PROPFIND (#57, reva/#720) - Implement returning Webdav custom properties from xattr (#57, reva/#721) - Minor fix in OCM share pkg (reva/#718)

    Https://github.com/owncloud/ocis-reva/issues/20 owncloud/ocis-reva#26 owncloud/ocis-reva#43 owncloud/ocis-reva#44 owncloud/ocis-reva#46 owncloud/ocis-reva#94 owncloud/ocis-reva#26 owncloud/ocis-reva#67 owncloud/ocis-reva#57 owncloud/ocis-reva#94 owncloud/ocis-reva#188 owncloud/ocis-reva#182 owncloud/ocis-reva#212 owncloud/ocis-reva#186 owncloud/ocis-reva#203 owncloud/ocis-reva#161 owncloud/ocis-reva#180 owncloud/ocis-reva#192 owncloud/ocis-reva#207 owncloud/ocis-reva#221 cs3org/reva#766 cs3org/reva#765 cs3org/reva#755 cs3org/reva#754 cs3org/reva#747 cs3org/reva#748 cs3org/reva#760 cs3org/reva#759 cs3org/reva#678 cs3org/reva#696 cs3org/reva#707 cs3org/reva#711 cs3org/reva#695 cs3org/reva#674 cs3org/reva#725 cs3org/reva#717 cs3org/reva#712 cs3org/reva#713 cs3org/reva#720 cs3org/reva#718 cs3org/reva#731 cs3org/reva#734 cs3org/reva#729 cs3org/reva#728 cs3org/reva#730 cs3org/reva#758 cs3org/reva#742 cs3org/reva#764 cs3org/reva#743 cs3org/reva#732 cs3org/reva#750

    • Bugfix - Stop advertising unsupported chunking v2: #145

    Removed "chunking" attribute in the DAV capabilities. Please note that chunking v2 is advertised as "chunking 1.0" while chunking v1 is the attribute "bigfilechunking" which is already false.

    Https://github.com/owncloud/ocis-reva/pull/145

    • Enhancement - Allow configuring the gateway for dataproviders: #136

    This allows using basic or bearer auth when directly talking to dataproviders.

    Https://github.com/owncloud/ocis-reva/pull/136

    • Enhancement - Use a configured logger on reva runtime: #153

    For consistency reasons we need a configured logger that is inline with an ocis logger, so the log cascade can be easily parsed by a human.

    Https://github.com/owncloud/ocis-reva/pull/153

    • Bugfix - Fix eos user sharing config: #127

    We have added missing config options for the user sharing manager and added a dedicated eos storage command with pre configured settings for the eos-docker container. It configures a Shares folder in a users home when using eos as the storage driver.

    Https://github.com/owncloud/ocis-reva/pull/127

    • Enhancement - Update reva to v1.1.0-20200414133413: #127

    Adds initial public sharing and ocm implementation.

    Https://github.com/owncloud/ocis-reva/pull/127

    • Bugfix - Fix eos config: #125

    We have added missing config options for the home layout to the config struct that is passed to eos.

    Https://github.com/owncloud/ocis-reva/pull/125

    • Bugfix - Set correct flag type in the flagsets: #75

    While upgrading to the micro/cli version 2 there where two instances of StringFlag which had not been changed to StringSliceFlag. This caused ocis-reva users and ocis-reva storage-root to fail on startup.

    Https://github.com/owncloud/ocis-reva/issues/75 owncloud/ocis-reva#76

    • Bugfix - We fixed a typo in the REVA_LDAP_SCHEMA_MAIL environment variable: #113

    It was misspelled as REVA_LDAP_SCHEMA_Mail.

    Https://github.com/owncloud/ocis-reva/pull/113

    • Bugfix - Allow different namespaces for /webdav and /dav/files: #68

    After fbf131c the path for the "new" webdav path does not contain a username /remote.php/dav/files/textfile0.txt. It used to be /remote.php/dav/files/oc/einstein/textfile0.txt So it lost oc/einstein.

    This PR allows setting up different namespaces for /webav and /dav/files:

    /webdav is jailed into /home - which uses the home storage driver and uses the logged in user to construct the path /dav/files is jailed into /oc - which uses the owncloud storage driver and expects a username as the first path segment

    This mimics oc10

    The WEBDAV_NAMESPACE_JAIL environment variable is split into - WEBDAV_NAMESPACE and - DAV_FILES_NAMESPACE accordingly.

    Https://github.com/owncloud/ocis-reva/pull/68 related:

    • Change - Use /home as default namespace: #68

    Currently, cross storage etag propagation is not yet implemented, which prevents the desktop client from detecting changes via the PROPFIND to /. / is managed by the root storage provider which is independend of the home and oc storage providers. If a file changes in /home/foo, the etag change will only be propagated to the root of the home storage provider.

    This change jails users into the /home namespace, and allows configuring the namespace to use for the two webdav endpoints using the new environment variable WEBDAV_NAMESPACE_JAIL which affects both endpoints /dav/files and /webdav.

    This will allow us to focus on getting a single storage driver like eos or owncloud tested and better resembles what owncloud 10 does.

    To get back the global namespace, which ultimately is the goal, just set the above environment variable to /.

    Https://github.com/owncloud/ocis-reva/pull/68

    • Change - Initial release of basic version: #1

    Just prepared an initial basic version to start a reva server and start integrating with the go-micro base dextension framework of ownCloud Infinite Scale.

    Https://github.com/owncloud/ocis-reva/issues/1

    • Change - Start multiple services with dedicated commands: #6

    The initial version would only allow us to use a set of reva configurations to start multiple services. We use a more opinionated set of commands to start dedicated services that allows us to configure them individually. It allows us to switch eg. the user backend to LDAP and fully use it on the cli.

    Https://github.com/owncloud/ocis-reva/issues/6

    • Change - Storage providers now default to exposing data servers: #89

    The flags that let reva storage providers announce that they expose a data server now defaults to true:

    REVA_STORAGE_HOME_EXPOSE_DATA_SERVER=1 REVA_STORAGE_OC_EXPOSE_DATA_SERVER=1

    Https://github.com/owncloud/ocis-reva/issues/89

    • Change - Default to running behind ocis-proxy: #113

    We changed the default configuration to integrate better with ocis.

    • We use ocis-glauth as the default ldap server on port 9125 with base dc=example,dc=org. - We use a dedicated technical reva user to make ldap binds - Clients are supposed to use the ocis-proxy endpoint https://localhost:9200 - We removed unneeded ocis configuration from the frontend which no longer serves an oidc provider. - We changed the default user OpaqueID attribute from sub to preferred_username. The latter is a claim populated by konnectd that can also be used by the reva ldap user manager to look up users by their OpaqueId

    Https://github.com/owncloud/ocis-reva/pull/113

    • Enhancement - Expose owncloud storage driver config in flagset: #87

    Three new flags are now available:

    • scan files on startup to generate missing fileids default: true env var: REVA_STORAGE_OWNCLOUD_SCAN cli option: --storage-owncloud-scan

    • autocreate home path for new users default: true env var: REVA_STORAGE_OWNCLOUD_AUTOCREATE cli option: --storage-owncloud-autocreate

    • the address of the redis server default: :6379 env var: REVA_STORAGE_OWNCLOUD_REDIS_ADDR cli option: --storage-owncloud-redis

    Https://github.com/owncloud/ocis-reva/issues/87

    • Enhancement - Update reva to v0.0.2-0.20200212114015-0dbce24f7e8b: #91

    Reva has seen a lot of changes that allow us to - reduce the configuration overhead - use the autocreato home folder option - use the home folder path layout option - no longer start the root storage

    Https://github.com/owncloud/ocis-reva/pull/91 related:

    • Enhancement - Allow configuring user sharing driver: #115

    We now default to json which persists shares in the sharing manager in a json file instead of an in memory db.

    Https://github.com/owncloud/ocis-reva/pull/115

    owncloud/product#244

  • Enhancement - Add the store service: #244

    Tags: store

    • Enhancement - Add version command: #226
    • Bugfix - Removed code from other service: #7
    • Bugfix - Build docker images with alpine:latest instead of alpine:edge: #5
    • Change - Initial release of basic version: #1

    owncloud/product#244

  • Enhancement - Add the thumbnails service: #244

    Tags: thumbnails

    • Enhancement - Add version command: #226
    • Bugfix - Build docker images with alpine:latest instead of alpine:edge: #35
    • Enhancement - Serve the metrics endpoint: #37
    • Change - Add more default resolutions: #23
    • Change - Refactor code to remove code smells: #21
    • Change - Use micro service error api: #31
    • Enhancement - Limit users to access own thumbnails: #5
    • Bugfix - Fix usage of context.Context: #18
    • Bugfix - Fix execution when passing program flags: #15
    • Change - Initial release of basic version: #1
    • Change - Use predefined resolutions for thumbnail generation: #7
    • Change - Implement the first working version: #3

    owncloud/product#244

  • Enhancement - Add a command to list the versions of running instances: #226

    Tags: accounts

    Added a micro command to list the versions of running accounts services.

    owncloud/product#226

  • Enhancement - Add the webdav service: #244

    Tags: webdav

    • Enhancement - Add version command: #226
    • Bugfix - Build docker images with alpine:latest instead of alpine:edge: #22
    • Change Change status not found on missing thumbnail: #20
    • Change - Initial release of basic version: #1
    • Change - Update ocis-pkg to version 2.2.0: #16
    • Enhancement - Configuration: #14
    • Enhancement - Implement preview API: #13

    owncloud/product#244

  • Enhancement - Better adopt Go-Micro: #840

    Tags: ocis

    There are a few building blocks that we were relying on default behavior, such as micro.Registry and the go-micro client. In order for oCIS to work in any environment and not relying in black magic configuration or running daemons we need to be able to:

    • Provide with a configurable go-micro registry. - Use our own go-micro client adjusted to our own needs (i.e: custom timeout, custom dial timeout, custom transport...)

    This PR is relying on 2 env variables from Micro: MICRO_REGISTRY and MICRO_REGISTRY_ADDRESS. The latter does not make sense to provide if the registry is not etcd.

    The current implementation only accounts for mdns and etcd registries, defaulting to mdns when not explicitly defined to use etcd.

    owncloud#840

  • Enhancement - Add permission check when assigning and removing roles: #879

    Everyone could add and remove roles from users. Added a new permission and a check so that only users with the role management permissions can assign and unassign roles.

    owncloud#879

  • Enhancement - Create OnlyOffice extension: #857

    Tags: OnlyOffice

    We've created an OnlyOffice extension which enables users to create and edit docx documents and open spreadsheets and presentations.

    owncloud#857

  • Enhancement - Show basic-auth warning only once: #886

    Show basic-auth warning only on startup instead on every request.

    owncloud#886

  • Enhancement - Add glauth fallback backend: #649

    We introduced the fallback-datastore config option and the corresponding options to allow configuring a simple chain of two handlers.

    Simple, because it is intended for bind and single result search queries. Merging large sets of results is currently out of scope. For now, the implementation will only search the fallback backend if the default backend returns an error or the number of results is 0. This is sufficient to allow an IdP to authenticate users from ocis as well as owncloud 10 as described in the bridge scenario.

    owncloud/ocis-glauth#18 owncloud#649

  • Enhancement - Tidy dependencies: #845

    Methodology:

    -name go.mod -print | sed 's:/go.mod$::' } ```

``` for m in $(go-modules); do (cd $m && go mod tidy); done ```

https://github.com/owncloud/ocis/pull/845

  • Enhancement - Launch a storage to store ocis-metadata: #602

    Tags: metadata, accounts, settings

    In the future accounts, settings etc. should be stored in a dedicated metadata storage. The services should talk to this storage directly, bypassing reva-gateway.

    owncloud#602

  • Enhancement - Add a version command to ocis: #915

    The version command was only implemented in the extensions. This adds the version command to ocis to list all services in the ocis namespace.

    owncloud#915

  • Enhancement - Create a proxy access-log: #889

    Logs client access at the proxy

    owncloud#889

  • Enhancement - Cache userinfo in proxy: #877

    Tags: proxy

    We introduced caching for the userinfo response. The token expiration is used for cache invalidation if available. Otherwise we fall back to a preconfigured TTL (default 10 seconds).

    owncloud#877

  • Enhancement - Update reva to v1.4.1-0.20201125144025-57da0c27434c: #1320

    Mostly to bring fixes to pressing changes.

    cs3org/reva#1320 cs3org/reva#1338

  • Enhancement - Runtime Cleanup: #1066

    Small runtime cleanup prior to Tech Preview release

    owncloud#1066

  • Enhancement - Update OCIS Runtime: #1108

    • enhances the overall behavior of our runtime - runtime db file configurable - two new env variables to deal with the runtime - RUNTIME_DB_FILE and RUNTIME_KEEP_ALIVE - RUNTIME_KEEP_ALIVE defaults to false to provide backwards compatibility - if RUNTIME_KEEP_ALIVE is set to true, if a supervised process terminates the runtime will attempt to start with the same environment provided.

    owncloud#1108

  • Enhancement - Simplify tracing config: #92

    We now apply the oCIS tracing config to all services which have tracing. With this it is possible to set one tracing config for all services at the same time.

    owncloud/product#92 owncloud#329 owncloud#409

  • Enhancement - Update glauth to dev fd3ac7e4bbdc93578655d9a08d8e23f105aaa5b2: #834

    We updated glauth to dev commit fd3ac7e4bbdc93578655d9a08d8e23f105aaa5b2, which allows to skip certificate checks for the owncloud backend.

    owncloud#834

  • Enhancement - Update glauth to dev 4f029234b2308: #786

    Includes a bugfix, don't mix graph and provisioning api.

    owncloud#786

  • Enhancement - Update konnectd to v0.33.8: #744

    This update adds options which allow the configuration of oidc-token expiration parameters: KONNECTD_ACCESS_TOKEN_EXPIRATION, KONNECTD_ID_TOKEN_EXPIRATION and KONNECTD_REFRESH_TOKEN_EXPIRATION.

    Other changes from upstream:

    • Generate random endsession state for external authority - Update dependencies in Dockerfile - Set prompt=None to avoid loops with external authority - Update Jenkins reporting plugin from checkstyle to recordIssues - Remove extra kty key from JWKS top level document - Fix regression which encodes URL fragments twice - Avoid generating fragmet/query URLs with wrong order - Return state for oidc endsession response redirects - Use server provided username to avoid case mismatch - Use signed-out-uri if set as fallback for goodbye redirect on saml slo - Add checks to ensure post_logout_redirect_uri is not empty - Fix SAML2 logout request parsing - Cure panic when no state is found in saml esr - Use SAML IdP Issuer value from meta data entityID - Allow configuration of expiration of oidc access, id and refresh tokens - Implement trampolin for external OIDC authority end session - Update ca-certificates version

    owncloud#744

  • Enhancement - Update reva to v1.4.1-0.20201123062044-b2c4af4e897d: #823

    https://github.com/owncloud/ocis-reva/issues/260 https://github.com/owncloud/ocis-reva/issues/311 owncloud#823 cs3org/reva#1285 cs3org/reva#1302 cs3org/reva#1314 cs3org/reva#1316 cs3org/reva#1317 cs3org/reva#1323 cs3org/reva#1324 cs3org/reva#1326

  • Enhancement - Update reva to v1.4.1-0.20201130061320-ac85e68e0600: #980

    owncloud#975 owncloud#980 cs3org/reva#1343

  • Enhancement - Update reva to cdb3d6688da5: #748

    • let the gateway filter invalid references

    owncloud#748 cs3org/reva#1274

  • Enhancement - Update reva to dd3a8c0f38: #725

    • fixes etag propagation in the ocis driver

    owncloud#725 cs3org/reva#1264

  • Enhancement - Update reva to v1.4.1-0.20201127111856-e6a6212c1b7b: #971

    Tags: reva

    owncloud#971 cs3org/reva#1331 cs3org/reva#1342

  • Enhancement - Update reva to 063b3db9162b: #1091

    • bring public link removal changes to OCIS. - fix subcommand name collision from renaming phoenix -> web.

    owncloud#1098 owncloud#1091

  • Enhancement - Add www-authenticate based on user agent: #1009

    Tags: reva, proxy

    We now comply with HTTP spec by adding Www-Authenticate headers on every 401 request. Furthermore, we not only take care of such a thing at the Proxy but also Reva will take care of it. In addition, we now are able to lock-in a set of User-Agent to specific challenges.

    Admins can use this feature by configuring oCIS + Reva following this approach:

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:83.0) Gecko/20100101
Firefox/83.0:bearer" \
PROXY_MIDDLEWARE_AUTH_CREDENTIALS_BY_USER_AGENT="mirall:basic, Mozilla/5.0
(Macintosh; Intel Mac OS X 10.15; rv:83.0) Gecko/20100101 Firefox/83.0:bearer" \
PROXY_ENABLE_BASIC_AUTH=true \ go run cmd/ocis/main.go server ```

We introduced two new environment variables:

`STORAGE_FRONTEND_MIDDLEWARE_AUTH_CREDENTIALS_BY_USER_AGENT` as well as
`PROXY_MIDDLEWARE_AUTH_CREDENTIALS_BY_USER_AGENT`, The reason they have the same value
is not to rely on the os env on a distributed environment, so in redundancy we trust. They both
configure the same on the backend storage and oCIS Proxy.

https://github.com/owncloud/ocis/pull/1009