nextcloud · LukasReschke · Jun 11, 2016 · Mar 17, 2016 · Mar 21, 2016 · Mar 21, 2016
diff --git a/apps/files_versions/lib/storage.php b/apps/files_versions/lib/storage.php
@@ -532,13 +532,15 @@ private static function getAllVersions($uid) {
 			$files = $view->getDirectoryContent($dir);
 
 			foreach ($files as $file) {
+				$fileData = $file->getData();
+				$filePath = $dir . '/' . $fileData['name'];
 				if ($file['type'] === 'dir') {
-					array_push($dirs, $file['path']);
+					array_push($dirs, $filePath);
 				} else {
-					$versionsBegin = strrpos($file['path'], '.v');
+					$versionsBegin = strrpos($filePath, '.v');
 					$relPathStart = strlen(self::VERSIONS_ROOT);
-					$version = substr($file['path'], $versionsBegin + 2);
-					$relpath = substr($file['path'], $relPathStart, $versionsBegin - $relPathStart);
+					$version = substr($filePath, $versionsBegin + 2);
+					$relpath = substr($filePath, $relPathStart, $versionsBegin - $relPathStart);
 					$key = $version . '#' . $relpath;
 					$versions[$key] = array('path' => $relpath, 'timestamp' => $version);
 				}

diff --git a/apps/user_ldap/group_ldap.php b/apps/user_ldap/group_ldap.php
@@ -473,16 +473,17 @@ public function getUserGroups($uid) {
 					// apply filter via ldap search to see if this user is in this
 					// dynamic group
 					$userMatch = $this->access->readAttribute(
-						$uid,
+						$userDN,
 						$this->access->connection->ldapUserDisplayName,
 						$memberUrlFilter
 					);
 					if ($userMatch !== false) {
 						// match found so this user is in this group
-						$pos = strpos($dynamicGroup['dn'][0], ',');
-						if ($pos !== false) {
-							$membershipGroup = substr($dynamicGroup['dn'][0],3,$pos-3);
-							$groups[] = $membershipGroup;
+						$groupName = $this->access->dn2groupname($dynamicGroup['dn'][0]);
+						if(is_string($groupName)) {
+							// be sure to never return false if the dn could not be
+							// resolved to a name, for whatever reason.
+							$groups[] = $groupName;
 						}
 					}
 				} else {
@@ -534,11 +535,12 @@ public function getUserGroups($uid) {
 		}
 
 		if(isset($this->cachedGroupsByMember[$uid])) {
-			$groups = $this->cachedGroupsByMember[$uid];
+			$groups = array_merge($groups, $this->cachedGroupsByMember[$uid]);
 		} else {
-			$groups = array_values($this->getGroupsByMember($uid));
-			$groups = $this->access->ownCloudGroupNames($groups);
-			$this->cachedGroupsByMember[$uid] = $groups;
+			$groupsByMember = array_values($this->getGroupsByMember($uid));
+			$groupsByMember = $this->access->ownCloudGroupNames($groupsByMember);
+			$this->cachedGroupsByMember[$uid] = $groupsByMember;
+			$groups = array_merge($groups, $groupsByMember);
 		}
 
 		if($primaryGroup !== false) {

diff --git a/apps/user_ldap/tests/group_ldap.php b/apps/user_ldap/tests/group_ldap.php
@@ -455,4 +455,57 @@ public function testGetUserGroupsMemberOfDisabled() {
 		$groupBackend->getUserGroups('userX');
 	}
 
+	public function testGetGroupsByMember() {
+		$access = $this->getAccessMock();
+
+		$access->connection->expects($this->any())
+			->method('__get')
+			->will($this->returnCallback(function($name) {
+				if($name === 'useMemberOfToDetectMembership') {
+					return 0;
+				} else if($name === 'ldapDynamicGroupMemberURL') {
+					return '';
+				} else if($name === 'ldapNestedGroups') {
+					return false;
+				}
+				return 1;
+			}));
+
+		$dn = 'cn=userX,dc=foobar';
+
+		$access->connection->hasPrimaryGroups = false;
+
+		$access->expects($this->exactly(2))
+			->method('username2dn')
+			->will($this->returnValue($dn));
+
+		$access->expects($this->never())
+			->method('readAttribute')
+			->with($dn, 'memberOf');
+
+		$group1 = [
+			'cn' => 'group1',
+			'dn' => ['cn=group1,ou=groups,dc=domain,dc=com'],
+		];
+		$group2 = [
+			'cn' => 'group2',
+			'dn' => ['cn=group2,ou=groups,dc=domain,dc=com'],
+		];
+
+		$access->expects($this->once())
+			->method('ownCloudGroupNames')
+			->with([$group1, $group2])
+			->will($this->returnValue(['group1', 'group2']));
+
+		$access->expects($this->once())
+			->method('fetchListOfGroups')
+			->will($this->returnValue([$group1, $group2]));
+
+		$groupBackend = new GroupLDAP($access);
+		$groups = $groupBackend->getUserGroups('userX');
+		$this->assertEquals(['group1', 'group2'], $groups);
+
+		$groupsAgain = $groupBackend->getUserGroups('userX');
+		$this->assertEquals(['group1', 'group2'], $groupsAgain);
+	}
 }
diff --git a/core/js/js.js b/core/js/js.js
@@ -752,7 +752,8 @@ var OC={
 			// sometimes "beforeunload" happens later, so need to defer the reload a bit
 			setTimeout(function() {
 				if (!self._userIsNavigatingAway && !self._reloadCalled) {
-					OC.reload();
+					OC.Notification.show(t('core', 'Problem loading page, reloading in 5 seconds'));
+					setTimeout(OC.reload, 5000);
 					// only call reload once
 					self._reloadCalled = true;
 				}

diff --git a/core/js/setupchecks.js b/core/js/setupchecks.js
@@ -197,7 +197,7 @@
 			}
 			var afterCall = function(xhr) {
 				var messages = [];
-				if (xhr.status !== 403 && xhr.status !== 307 && xhr.status !== 301 && xhr.responseText === '') {
+				if (xhr.status !== 403 && xhr.status !== 307 && xhr.status !== 301 && xhr.responseText !== '') {
 					messages.push({
 						msg: t('core', 'Your data directory and your files are probably accessible from the Internet. The .htaccess file is not working. We strongly suggest that you configure your web server in a way that the data directory is no longer accessible or you move the data directory outside the web server document root.'),
 						type: OC.SetupChecks.MESSAGE_TYPE_ERROR
@@ -208,7 +208,7 @@
 
 			$.ajax({
 				type: 'GET',
-				url: OC.linkTo('', oc_dataURL+'/.ocdata'),
+				url: OC.linkTo('', oc_dataURL+'/htaccesstest.txt?t=' + (new Date()).getTime()),
 				complete: afterCall
 			});
 			return deferred.promise();

diff --git a/core/js/tests/specs/coreSpec.js b/core/js/tests/specs/coreSpec.js
@@ -935,17 +935,21 @@ describe('Core base tests', function() {
 	});
 	describe('global ajax errors', function() {
 		var reloadStub, ajaxErrorStub, clock;
+		var notificationStub;
+		var waitTimeMs = 6000;
 
 		beforeEach(function() {
 			clock = sinon.useFakeTimers();
 			reloadStub = sinon.stub(OC, 'reload');
+			notificationStub = sinon.stub(OC.Notification, 'show');
 			// unstub the error processing method
 			ajaxErrorStub = OC._processAjaxError;
 			ajaxErrorStub.restore();
 			window.initCore();
 		});
 		afterEach(function() {
 			reloadStub.restore();
+			notificationStub.restore();
 			clock.restore();
 		});
 
@@ -970,7 +974,7 @@ describe('Core base tests', function() {
 				$(document).trigger(new $.Event('ajaxError'), xhr);
 
 				// trigger timers
-				clock.tick(1000);
+				clock.tick(waitTimeMs);
 
 				if (expectedCall) {
 					expect(reloadStub.calledOnce).toEqual(true);
@@ -986,7 +990,7 @@ describe('Core base tests', function() {
 			$(document).trigger(new $.Event('ajaxError'), xhr);
 
 			// trigger timers
-			clock.tick(1000);
+			clock.tick(waitTimeMs);
 
 			expect(reloadStub.calledOnce).toEqual(true);
 		});
@@ -997,9 +1001,17 @@ describe('Core base tests', function() {
 
 			$(document).trigger(new $.Event('ajaxError'), xhr);
 
-			clock.tick(1000);
+			clock.tick(waitTimeMs);
 			expect(reloadStub.notCalled).toEqual(true);
 		});
+		it('displays notification', function() {
+			var xhr = { status: 401 };
+
+			$(document).trigger(new $.Event('ajaxError'), xhr);
+
+			clock.tick(waitTimeMs);
+			expect(notificationStub.calledOnce).toEqual(true);
+		});
 	});
 });
 
diff --git a/core/js/tests/specs/setupchecksSpec.js b/core/js/tests/specs/setupchecksSpec.js
@@ -103,7 +103,7 @@ describe('OC.SetupChecks tests', function() {
 		it('should return an error if data directory is not protected', function(done) {
 			var async = OC.SetupChecks.checkDataProtected();
 
-			suite.server.requests[0].respond(200);
+			suite.server.requests[0].respond(200, {'Content-Type': 'text/plain'}, 'file contents');
 
 			async.done(function( data, s, x ){
 				expect(data).toEqual([

diff --git a/lib/private/files/utils/scanner.php b/lib/private/files/utils/scanner.php
@@ -148,7 +148,12 @@ public function scan($dir = '') {
 			if ($storage->instanceOfStorage('\OC\Files\Storage\Home') and
 				(!$storage->isCreatable('') or !$storage->isCreatable('files'))
 			) {
-				throw new ForbiddenException();
+				if ($storage->file_exists('') or $storage->getCache()->inCache('')) {
+					throw new ForbiddenException();
+				} else {// if the root exists in neither the cache nor the storage the user isn't setup yet
+					break;
+				}
+
 			}
 			$relativePath = $mount->getInternalPath($dir);
 			$scanner = $storage->getScanner();

diff --git a/lib/private/repair.php b/lib/private/repair.php
@@ -35,6 +35,7 @@
 use OC\Repair\Collation;
 use OC\Repair\CopyRewriteBaseToConfig;
 use OC\Repair\DropOldJobs;
+use OC\Repair\EncryptionCompatibility;
 use OC\Repair\OldGroupMembershipShares;
 use OC\Repair\RemoveGetETagEntries;
 use OC\Repair\SqliteAutoincrement;
@@ -139,6 +140,7 @@ public static function getExpensiveRepairSteps() {
 	public static function getBeforeUpgradeRepairSteps() {
 		$connection = \OC::$server->getDatabaseConnection();
 		$steps = [
+			new EncryptionCompatibility(),
 			new InnoDB(),
 			new Collation(\OC::$server->getConfig(), $connection),
 			new SqliteAutoincrement($connection),

diff --git a/lib/private/repair/encryptioncompatibility.php b/lib/private/repair/encryptioncompatibility.php
@@ -0,0 +1,63 @@
+<?php
+/**
+ * @author Victor Dubiniuk <dubiniuk@owncloud.com>
+ *
+ * @copyright Copyright (c) 2016, ownCloud, Inc.
+ * @license AGPL-3.0
+ *
+ * This code is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License, version 3,
+ * as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License, version 3,
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>
+ *
+ */
+
+namespace OC\Repair;
+
+use OC\Hooks\BasicEmitter;
+use OC\RepairStep;
+use OCP\App;
+
+
+class EncryptionCompatibility extends BasicEmitter implements RepairStep {
+	private $affectedMd5 = ['19efc6cf053d0248e45407e7cc39b39b', '6752909b79ffe71237a5db5d1f8f1b65'];
+	private $targetPath = 'encryption/lib/crypto/encryption.php';
+
+	public function getName() {
+		return 'Repair encryption app incompatibility';
+	}
+
+	public function run() {
+		$filePath = \OC::$SERVERROOT . '/__apps/' . $this->targetPath;
+		if ($this->isAffected($filePath)){
+			$resourceDir = __DIR__ . '/../../../resources/updater-fixes/apps/';
+			$isCopied = copy($resourceDir . $this->targetPath, $filePath);
+			if ($isCopied){
+				$this->emit('\OC\Repair', 'info', ['Successfully replaced ' . $filePath . ' with new version.']);
+			} else {
+				$this->emit('\OC\Repair', 'warning', ['Could not replace ' . $filePath . ' with new version.']);
+			}
+		} else {
+			$this->emit('\OC\Repair', 'info', ['No repair necessary']);
+		}
+	}
+
+	/**
+	 * @param string $filePath
+	 * Checks whether encryption is enabled and target revisions exist
+	 * @return bool
+	 */
+	protected function isAffected($filePath){
+		return App::isEnabled('encryption')
+			&& file_exists($filePath)
+			&& in_array(md5_file($filePath), $this->affectedMd5)
+		;
+	}
+}
diff --git a/lib/private/util.php b/lib/private/util.php
@@ -1160,27 +1160,16 @@ public static function encodePath($component) {
 		return $encoded;
 	}
 
-	/**
-	 * Check if the .htaccess file is working
-	 * @param \OCP\IConfig $config
-	 * @return bool
-	 * @throws Exception
-	 * @throws \OC\HintException If the test file can't get written.
-	 */
-	public function isHtaccessWorking(\OCP\IConfig $config) {
-
-		if (\OC::$CLI || !$config->getSystemValue('check_for_working_htaccess', true)) {
-			return true;
-		}
 
+	public function createHtaccessTestFile(\OCP\IConfig $config) {
 		// php dev server does not support htaccess
 		if (php_sapi_name() === 'cli-server') {
 			return false;
 		}
 
 		// testdata
 		$fileName = '/htaccesstest.txt';
-		$testContent = 'testcontent';
+		$testContent = 'This is used for testing whether htaccess is properly enabled to disallow access from the outside. This file can be safely removed.';
 
 		// creating a test file
 		$testFile = $config->getSystemValue('datadirectory', OC::$SERVERROOT . '/data') . '/' . $fileName;
@@ -1196,6 +1185,28 @@ public function isHtaccessWorking(\OCP\IConfig $config) {
 		}
 		fwrite($fp, $testContent);
 		fclose($fp);
+	}
+
+	/**
+	 * Check if the .htaccess file is working
+	 * @param \OCP\IConfig $config
+	 * @return bool
+	 * @throws Exception
+	 * @throws \OC\HintException If the test file can't get written.
+	 */
+	public function isHtaccessWorking(\OCP\IConfig $config) {
+
+		if (\OC::$CLI || !$config->getSystemValue('check_for_working_htaccess', true)) {
+			return true;
+		}
+
+		$testContent = $this->createHtaccessTestFile($config);
+		if ($testContent === false) {
+			return false;
+		}
+
+		$fileName = '/htaccesstest.txt';
+		$testFile = $config->getSystemValue('datadirectory', OC::$SERVERROOT . '/data') . '/' . $fileName;
 
 		// accessing the file via http
 		$url = \OC::$server->getURLGenerator()->getAbsoluteURL(OC::$WEBROOT . '/data' . $fileName);