v9.0.53

Increase version to 9.0.52

.drone.yml

@@ -0,0 +1,35 @@
+build:
+  integration:
+    image: morrisjobke/nextcloud-ci-php7:1.0.3
+    commands:
+      - git submodule update --init
+      - ./occ maintenance:install --admin-pass=admin
+      - cd build/integration
+      - ./run.sh
+  jsunit:
+    image: morrisjobke/nextcloud-ci-jsunit:1.0.2
+    commands:
+      - ./autotest-js.sh
+  sqlite:
+    image: morrisjobke/nextcloud-ci-php7:1.0
+    commands:
+      - rm -rf data/* config/config.php # TODO: remove this - temporary fix for CI issues
+      - git submodule update --init
+      - ./occ maintenance:install --database-name oc_autotest --database-user oc_autotest --admin-user admin --admin-pass admin --database sqlite --database-pass=''
+      - ./autotest.sh sqlite
+  postgres:
+    image: morrisjobke/nextcloud-ci-php7:1.0
+    commands:
+      - sleep 10 # gives the database enough time to initialize
+      - rm -rf data/* config/config.php # TODO: remove this - temporary fix for CI issues
+      - git submodule update --init
+      - ./autotest.sh pgsql
+
+compose:
+  cache:
+    image: redis
+  postgres:
+    image: postgres
+    environment:
+      - POSTGRES_USER=oc_autotest
+      - POSTGRES_PASSWORD=oc_autotest

.gitignore

@@ -22,7 +22,9 @@
 !/apps/user_ldap
 !/apps/provisioning_api
 !/apps/systemtags
+!/apps/admin_audit
 !/apps/updatenotification
+!/apps/theming
 /apps/files_external/3rdparty/irodsphp/PHPUnitTest
 /apps/files_external/3rdparty/irodsphp/web
 /apps/files_external/3rdparty/irodsphp/prods/test

.gitmodules

@@ -1,3 +1,3 @@
 [submodule "3rdparty"]
 	path = 3rdparty
-	url = https://github.com/owncloud/3rdparty.git
+	url = https://github.com/nextcloud/3rdparty.git

.htaccess

@@ -37,6 +37,17 @@
     SetEnv htaccessWorking true
   </IfModule>
 </IfModule>
+<IfModule mod_php7.c>
+  php_value upload_max_filesize 513M
+  php_value post_max_size 513M
+  php_value memory_limit 512M
+  php_value mbstring.func_overload 0
+  php_value default_charset 'UTF-8'
+  php_value output_buffering 0
+  <IfModule mod_env.c>
+    SetEnv htaccessWorking true
+  </IfModule>
+</IfModule>
 <IfModule mod_rewrite.c>
   RewriteEngine on
   RewriteRule .* - [env=HTTP_AUTHORIZATION:%{HTTP:Authorization}]
@@ -48,24 +59,6 @@
   RewriteRule ^(build|tests|config|lib|3rdparty|templates)/.* - [R=404,L]
   RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*
   RewriteRule ^(\.|autotest|occ|issue|indie|db_|console).* - [R=404,L]
-
-  # Rewrite rules for `front_controller_active`
-  Options -MultiViews
-  RewriteRule ^core/js/oc.js$ index.php/core/js/oc.js [PT,E=PATH_INFO:$1]
-  RewriteRule ^core/preview.png$ index.php/core/preview.png [PT,E=PATH_INFO:$1]
-  RewriteCond %{REQUEST_FILENAME} !\.(css|js|svg|gif|png|html|ttf|woff|ico)$
-  RewriteCond %{REQUEST_FILENAME} !core/img/favicon.ico$
-  RewriteCond %{REQUEST_FILENAME} !/remote.php
-  RewriteCond %{REQUEST_FILENAME} !/public.php
-  RewriteCond %{REQUEST_FILENAME} !/cron.php
-  RewriteCond %{REQUEST_FILENAME} !/core/ajax/update.php
-  RewriteCond %{REQUEST_FILENAME} !/status.php
-  RewriteCond %{REQUEST_FILENAME} !/ocs/v1.php
-  RewriteCond %{REQUEST_FILENAME} !/ocs/v2.php
-  RewriteCond %{REQUEST_FILENAME} !/updater/
-  RewriteCond %{REQUEST_FILENAME} !/ocs-provider/
-  RewriteCond %{REQUEST_URI} !^/.well-known/acme-challenge/.*
-  RewriteRule .* index.php [PT,E=PATH_INFO:$1]
 </IfModule>
 <IfModule mod_mime.c>
   AddType image/svg+xml svg svgz

.lgtm

@@ -0,0 +1,2 @@
+pattern = "(?i):shipit:|:\\+1:|LGTM"
+self_approval_off=true

.travis.yml

@@ -13,7 +13,7 @@ env:
 branches:
   only:
     - master
-#    - /^stable\d+(\.\d+)?$/
+    - /^stable\d+(\.\d+)?$/
 
 addons:
   apt:
@@ -29,6 +29,7 @@ install:
 
 
 script:
+  - sh -c "if [ '$TC' = 'syntax' ]; then composer install && vendor/bin/parallel-lint --exclude vendor/jakub-onderka/ --exclude 3rdparty/symfony/polyfill-php70/Resources/stubs/ --exclude 3rdparty/patchwork/utf8/src/Patchwork/Utf8/Bootup/ --exclude 3rdparty/paragonie/random_compat/lib/ --exclude vendor/composer/autoload_static.php --exclude 3rdparty/composer/autoload_static.php .; fi"
   - sh -c "if [ '$TEST_DAV' != '1' ]; then echo \"Not testing DAV\"; fi"
   - sh -c "if [ '$TEST_DAV' = '1' ]; then echo \"Testing DAV\"; fi"
 
@@ -42,5 +43,13 @@ matrix:
       env: DB=sqlite;TC=carddav
     - php: 5.4
       env: DB=sqlite;TC=caldav
+    - php: 5.4
+      env: DB=sqlite;TC=syntax;TEST_DAV=0
+    - php: 5.5
+      env: DB=sqlite;TC=syntax;TEST_DAV=0
+    - php: 5.6
+      env: DB=sqlite;TC=syntax;TEST_DAV=0
+    - php: 7.0
+      env: DB=sqlite;TC=syntax;TEST_DAV=0
 
   fast_finish: true

CONTRIBUTING.md

@@ -1,6 +1,6 @@
 ## Submitting issues
 
-If you have questions about how to install or use ownCloud, please direct these to the [mailing list][mailinglist] or our [forum][forum]. We are also available on [IRC][irc].
+If you have questions about how to install or use Nextcloud, please direct these to our [forum][forum]. We are also available on [IRC][irc].
 
 ### Short version
 
@@ -11,40 +11,31 @@ If you have questions about how to install or use ownCloud, please direct these
   - Go to one of the repositories, click "issues" and type any word in the top search/command bar.
   - You can also filter by appending e. g. "state:open" to the search string.
   - More info on [search syntax within github](https://help.github.com/articles/searching-issues)
-* This repository ([core](https://github.com/owncloud/core/issues)) is *only* for issues within the ownCloud core code. This also includes the apps: files, encryption, external storage, sharing, deleted files, versions, LDAP, and WebDAV Auth
-* __SECURITY__: Report any potential security bug to us via [our HackerOne page](https://hackerone.com/owncloud) or security@owncloud.com following our [security policy](https://owncloud.org/security/) instead of filing an issue in our bug tracker
-* The issues in other components should be reported in their respective repositories: 
-  - [Android client](https://github.com/owncloud/android/issues)
-  - [iOS client](https://github.com/owncloud/ios/issues)
-  - [Desktop client](https://github.com/owncloud/client/issues)
-  - [Documentation](https://github.com/owncloud/documentation/issues)
-  - [ownCloud apps](https://github.com/owncloud/core/wiki/Maintainers#apps-repo)
+* This repository ([core](https://github.com/nextcloud/core/issues)) is *only* for issues within the Nextcloud Server code. This also includes the apps: files, encryption, external storage, sharing, deleted files, versions, LDAP, and WebDAV Auth
+* __SECURITY__: Report any potential security bug to us via security@nextcloud.com following our [security policy](https://nextcloud.com/security/) instead of filing an issue in our bug tracker-
+* The issues in other components should be reported in their respective repositories: You will find them in our [GitHub Organization](https://github.com/nextcloud/)
 
 * Report the issue using our [template][template], it includes all the information we need to track down the issue.
 
 Help us to maximize the effort we can spend fixing issues and adding new features, by not reporting duplicate issues.
 
-[template]: https://raw.github.com/owncloud/core/master/issue_template.md
-[mailinglist]: https://mailman.owncloud.org/mailman/listinfo/owncloud
-[forum]: https://forum.owncloud.org/
-[irc]: https://webchat.freenode.net/?channels=owncloud&uio=d4
+[template]: https://raw.github.com/nextcloud/core/master/issue_template.md
+[forum]: https://help.nextcloud.com/
+[irc]: https://webchat.freenode.net/?channels=nextcloud
 
 ## Contributing to Source Code
 
-Thanks for wanting to contribute source code to ownCloud. That's great!
+Thanks for wanting to contribute source code to Nextcloud. That's great!
 
-Before we're able to merge your code into the ownCloud core, you need to sign our [Contributor Agreement][agreement].
-
-Please read the [Developer Manuals][devmanual] to learn how to create your first application or how to test the ownCloud code with PHPUnit.
+Please read the [Developer Manuals][devmanual] to learn how to create your first application or how to test the Nextcloud code with PHPUnit.
 
 In order to constantly increase the quality of our software we can no longer accept pull request which submit un-tested code.
 It is a must have that changed and added code segments are unit tested.
 In some areas unit testing is hard (aka almost impossible) as of today - in these areas refactoring WHILE fixing a bug is encouraged to enable unit testing.
 
-[agreement]: https://owncloud.org/about/contributor-agreement/
-[devmanual]: https://owncloud.org/dev
+[devmanual]: https://docs.nextcloud.org/server/10/developer_manual/
 
 ## Translations
 Please submit translations via [Transifex][transifex].
 
-[transifex]: https://www.transifex.com/projects/p/owncloud/
+[transifex]: https://www.transifex.com/nextcloud

apps/admin_audit/appinfo/app.php

@@ -0,0 +1,27 @@
+<?php
+/**
+ * @author Lukas Reschke <lukas@statuscode.ch>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+$logger = \OC::$server->getLogger();
+$userSession = \OC::$server->getUserSession();
+$groupManager = \OC::$server->getGroupManager();
+
+$auditLogger = new \OCA\Admin_Audit\AuditLogger($logger, $userSession, $groupManager);
+$auditLogger->registerHooks();

apps/admin_audit/appinfo/info.xml

@@ -0,0 +1,18 @@
+<?xml version="1.0"?>
+<info>
+	<id>admin_audit</id>
+	<name>Auditing / Logging</name>
+	<description>Provides logging abilities for Nextcloud such as logging file
+				accesses or otherwise sensitive actions.
+	</description>
+	<licence>AGPL</licence>
+	<author>Nextcloud</author>
+	<version>1.0.0</version>
+	<dependencies>
+		<owncloud min-version="9.0" max-version="9.1" />
+	</dependencies>
+	<types>
+		<logging/>
+	</types>
+	<default_enable/>
+</info>

apps/admin_audit/lib/actions/action.php

@@ -0,0 +1,76 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+namespace OCA\Admin_Audit\Actions;
+
+use OCP\ILogger;
+
+class Action {
+	/** @var ILogger */
+	private $logger;
+
+	/**
+	 * @param ILogger $logger
+	 */
+	public function __construct(ILogger $logger) {
+		$this->logger = $logger;
+	}
+
+	/**
+	 * Log a single action with a log level of info
+	 *
+	 * @param string $text
+	 * @param array $params
+	 * @param array $elements
+	 */
+	public function log($text,
+						array $params,
+						array $elements) {
+		foreach($elements as $element) {
+			if(!isset($params[$element])) {
+				$this->logger->critical(
+					sprintf(
+						'$params["'.$element.'"] was missing. Transferred value: %s',
+						print_r($params, true)
+					)
+				);
+				return;
+			}
+		}
+
+		$replaceArray = [];
+		foreach($elements as $element) {
+			if($params[$element] instanceof \DateTime) {
+				$params[$element] = $params[$element]->format('Y-m-d H:i:s');
+			}
+			$replaceArray[] = $params[$element];
+		}
+
+		$this->logger->info(
+			vsprintf(
+				$text,
+				$replaceArray
+			),
+			[
+				'app' => 'admin_audit'
+			]
+		);
+	}
+}

apps/admin_audit/lib/actions/auth.php

@@ -0,0 +1,56 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+namespace OCA\Admin_Audit\Actions;
+
+/**
+ * Class Auth logs all auth related actions
+ *
+ * @package OCA\Admin_Audit\Actions
+ */
+class Auth extends Action {
+	public function loginAttempt(array $params) {
+		$this->log(
+			'Login attempt: "%s"',
+			$params,
+			[
+				'uid',
+			]
+		);
+	}
+
+	public function loginSuccessful(array $params) {
+		$this->log(
+			'Login successful: "%s"',
+			$params,
+			[
+				'uid',
+			]
+		);
+	}
+
+	public function logout(array $params) {
+		$this->log(
+			'Logout occurred',
+			[],
+			[]
+		);
+	}
+}

apps/admin_audit/lib/actions/files.php

@@ -0,0 +1,135 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+namespace OCA\Admin_Audit\Actions;
+
+/**
+ * Class Files logs the actions to files
+ *
+ * @package OCA\Admin_Audit\Actions
+ */
+class Files extends Action {
+	/**
+	 * Logs file read actions
+	 *
+	 * @param array $params
+	 */
+	public function read(array $params) {
+		$this->log(
+			'File accessed: "%s"',
+			$params,
+			[
+				'path',
+			]
+		);
+	}
+
+	/**
+	 * Logs rename actions of files
+	 *
+	 * @param array $params
+	 */
+	public function rename(array $params) {
+		$this->log(
+			'File renamed: "%s" to "%s"',
+			$params,
+			[
+				'oldpath',
+				'newpath',
+			]
+		);
+	}
+
+	/**
+	 * Logs creation of files
+	 *
+	 * @param array $params
+	 */
+	public function create(array $params) {
+		$this->log(
+			'File created: "%s"',
+			$params,
+			[
+				'path',
+			]
+		);
+	}
+
+	/**
+	 * Logs copying of files
+	 *
+	 * @param array $params
+	 */
+	public function copy(array $params) {
+		$this->log(
+			'File copied: "%s" to "%s"',
+			$params,
+			[
+				'oldpath',
+				'newpath',
+			]
+		);
+	}
+
+	/**
+	 * Logs writing of files
+	 *
+	 * @param array $params
+	 */
+	public function write(array $params) {
+		$this->log(
+			'File written to: "%s"',
+			$params,
+			[
+				'path',
+			]
+		);
+	}
+
+	/**
+	 * Logs update of files
+	 *
+	 * @param array $params
+	 */
+	public function update(array $params) {
+		$this->log(
+			'File updated: "%s"',
+			$params,
+			[
+				'path',
+			]
+		);
+	}
+
+	/**
+	 * Logs deletions of files
+	 *
+	 * @param array $params
+	 */
+	public function delete(array $params) {
+		$this->log(
+			'File deleted: "%s"',
+			$params,
+			[
+				'path',
+			]
+		);
+	}
+}

apps/admin_audit/lib/actions/groupmanagement.php

@@ -0,0 +1,73 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016 Bjoern Schiessle <bjoern@schiessle.org>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+
+namespace OCA\Admin_Audit\Actions;
+
+
+use OCA\Admin_Audit\Actions\Action;
+use OCP\IGroup;
+use OCP\IUser;
+
+/**
+ * Class GroupManagement logs all group manager related events
+ *
+ * @package OCA\Admin_Audit
+ */
+class GroupManagement extends Action {
+
+	/**
+	 * log add user to group event
+	 *
+	 * @param IGroup $group
+	 * @param IUser $user
+	 */
+	public function addUser(IGroup $group, IUser $user) {
+		$this->log('User "%s" added to group "%s"',
+			[
+				'group' => $group->getGID(),
+				'user' => $user->getUID()
+			],
+			[
+				'user', 'group'
+			]
+		);
+	}
+
+	/**
+	 * log remove user from group event
+	 *
+	 * @param IGroup $group
+	 * @param IUser $user
+	 */
+	public function removeUser(IGroup $group, IUser $user) {
+		$this->log('User "%s" removed from group "%s"',
+			[
+				'group' => $group->getGID(),
+				'user' => $user->getUID()
+			],
+			[
+				'user', 'group'
+			]
+		);
+	}
+
+}

apps/admin_audit/lib/actions/sharing.php

@@ -0,0 +1,189 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+namespace OCA\Admin_Audit\Actions;
+use OCP\Share;
+
+/**
+ * Class Sharing logs the sharing actions
+ *
+ * @package OCA\Admin_Audit\Actions
+ */
+class Sharing extends Action {
+	/**
+	 * Logs sharing of data
+	 *
+	 * @param array $params
+	 */
+	public function shared(array $params) {
+		if($params['shareType'] === Share::SHARE_TYPE_LINK) {
+			$this->log(
+				'The %s "%s" with ID "%s" has been shared via link with permissions "%s" (Share ID: %s)',
+				$params,
+				[
+					'itemType',
+					'itemTarget',
+					'itemSource',
+					'permissions',
+					'id',
+				]
+			);
+		} elseif($params['shareType'] === Share::SHARE_TYPE_USER) {
+			$this->log(
+				'The %s "%s" with ID "%s" has been shared to the user "%s" with permissions "%s"  (Share ID: %s)',
+				$params,
+				[
+					'itemType',
+					'itemTarget',
+					'itemSource',
+					'shareWith',
+					'permissions',
+					'id',
+				]
+			);
+		} elseif($params['shareType'] === Share::SHARE_TYPE_GROUP) {
+			$this->log(
+				'The %s "%s" with ID "%s" has been shared to the group "%s" with permissions "%s"  (Share ID: %s)',
+				$params,
+				[
+					'itemType',
+					'itemTarget',
+					'itemSource',
+					'shareWith',
+					'permissions',
+					'id',
+				]
+			);
+		}
+	}
+
+	/**
+	 * Logs unsharing of data
+	 *
+	 * @param array $params
+	 */
+	public function unshare(array $params) {
+		if($params['shareType'] === Share::SHARE_TYPE_LINK) {
+			$this->log(
+				'The %s "%s" with ID "%s" has been unshared (Share ID: %s)',
+				$params,
+				[
+					'itemType',
+					'fileTarget',
+					'itemSource',
+					'id',
+				]
+			);
+		} elseif($params['shareType'] === Share::SHARE_TYPE_USER) {
+			$this->log(
+				'The %s "%s" with ID "%s" has been unshared from the user "%s" (Share ID: %s)',
+				$params,
+				[
+					'itemType',
+					'fileTarget',
+					'itemSource',
+					'shareWith',
+					'id',
+				]
+			);
+		} elseif($params['shareType'] === Share::SHARE_TYPE_GROUP) {
+			$this->log(
+				'The %s "%s" with ID "%s" has been unshared from the group "%s" (Share ID: %s)',
+				$params,
+				[
+					'itemType',
+					'fileTarget',
+					'itemSource',
+					'shareWith',
+					'id',
+				]
+			);
+		}
+	}
+
+	/**
+	 * Logs the updating of permission changes for shares
+	 *
+	 * @param array $params
+	 */
+	public function updatePermissions(array $params) {
+		$this->log(
+			'The permissions of the shared %s "%s" with ID "%s" have been changed to "%s"',
+			$params,
+			[
+				'itemType',
+				'path',
+				'itemSource',
+				'permissions',
+			]
+		);
+	}
+
+	/**
+	 * Logs the password changes for a share
+	 *
+	 * @param array $params
+	 */
+	public function updatePassword(array $params) {
+		$this->log(
+			'The password of the publicly shared %s "%s" with ID "%s" has been changed',
+			$params,
+			[
+				'itemType',
+				'token',
+				'itemSource',
+			]
+		);
+	}
+
+	/**
+	 * Logs the expiration date changes for a share
+	 *
+	 * @param array $params
+	 */
+	public function updateExpirationDate(array $params) {
+		$this->log(
+			'The expiration date of the publicly shared %s with ID "%s" has been changed to "%s"',
+			$params,
+			[
+				'itemType',
+				'itemSource',
+				'date',
+			]
+		);
+	}
+
+	/**
+	 * Logs access of shared files
+	 *
+	 * @param array $params
+	 */
+	public function shareAccessed(array $params) {
+		$this->log(
+			'The shared %s with the token "%s" by "%s" has been accessed.',
+			$params,
+			[
+				'itemType',
+				'token',
+				'uidOwner',
+			]
+		);
+	}
+}

apps/admin_audit/lib/actions/trashbin.php

@@ -0,0 +1,43 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016 Bjoern Schiessle <bjoern@schiessle.org>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+
+namespace OCA\Admin_Audit\Actions;
+
+
+use OCP\ILogger;
+use OCP\IUserSession;
+
+class Trashbin extends Action {
+
+	public function delete($params) {
+		$this->log('File "%s" deleted from trash bin.',
+			['path' => $params['path']], ['path']
+		);
+	}
+
+	public function restore($params) {
+		$this->log('File "%s" restored from trash bin.',
+			['path' => $params['filePath']], ['path']
+		);
+	}
+
+}

apps/admin_audit/lib/actions/usermanagement.php

@@ -0,0 +1,78 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016 Lukas Reschke <lukas@statuscode.ch>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+namespace OCA\Admin_Audit\Actions;
+use OCP\IUser;
+
+/**
+ * Class UserManagement logs all user management related actions.
+ *
+ * @package OCA\Admin_Audit\Actions
+ */
+class UserManagement extends Action {
+	/**
+	 * Log creation of users
+	 *
+	 * @param array $params
+	 */
+	public function create(array $params) {
+		$this->log(
+			'User created: "%s"',
+			$params,
+			[
+				'uid',
+			]
+		);
+	}
+
+	/**
+	 * Log deletion of users
+	 *
+	 * @param array $params
+	 */
+	public function delete(array $params) {
+		$this->log(
+			'User deleted: "%s"',
+			$params,
+			[
+				'uid',
+			]
+		);
+	}
+
+	/**
+	 * Logs changing of the user scope
+	 *
+	 * @param IUser $user
+	 */
+	public function setPassword(IUser $user) {
+		if($user->getBackendClassName() === 'Database') {
+			$this->log(
+				'Password of user "%s" has been changed',
+				[
+					'user' => $user->getUID(),
+				],
+				[
+					'user',
+				]
+			);
+		}
+	}
+}

apps/admin_audit/lib/actions/versions.php

@@ -0,0 +1,45 @@
+<?php
+/**
+ * @copyright Bjoern Schiessle <bjoern@schiessle.org>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+
+namespace OCA\Admin_Audit\Actions;
+
+
+class Versions extends Action {
+
+	public function rollback($params) {
+		$this->log('Version "%s" of "%s" was restored.',
+			[
+				'version' => $params['revision'],
+				'path' => $params['path']
+			],
+			['version', 'path']
+		);
+	}
+
+	public function delete($params) {
+		$this->log('Version "%s" was deleted.',
+			['path' => $params['path']],
+			['path']
+		);
+	}
+
+}

apps/admin_audit/lib/auditlogger.php

@@ -0,0 +1,186 @@
+<?php
+/**
+ * @copyright Copyright (c) 2016 Bjoern Schiessle <bjoern@schiessle.org>
+ *
+ * @license GNU AGPL version 3 or any later version
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as
+ * published by the Free Software Foundation, either version 3 of the
+ * License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+
+namespace OCA\Admin_Audit;
+
+
+use OC\Files\Filesystem;
+use OCA\Admin_Audit\Actions\Auth;
+use OCA\Admin_Audit\Actions\Files;
+use OCA\Admin_Audit\Actions\GroupManagement;
+use OCA\Admin_Audit\Actions\Sharing;
+use OCA\Admin_Audit\Actions\Trashbin;
+use OCA\Admin_Audit\Actions\UserManagement;
+use OCA\Admin_Audit\Actions\Versions;
+use OCP\IGroupManager;
+use OCP\ILogger;
+use OCP\IUserSession;
+use OCP\Util;
+
+class AuditLogger {
+
+	/** @var ILogger */
+	private $logger;
+
+	/** @var IUserSession */
+	private $userSession;
+	
+	/** @var IGroupManager */
+	private $groupManager;
+
+	/**
+	 * AuditLogger constructor.
+	 *
+	 * @param ILogger $logger
+	 * @param IUserSession $userSession
+	 * @param IGroupManager $groupManager
+	 */
+	public function __construct(ILogger $logger,
+								IUserSession $userSession, 
+								IGroupManager $groupManager) {
+		$this->logger = $logger;
+		$this->userSession = $userSession;
+		$this->groupManager = $groupManager;
+	}
+
+	/**
+	 * register hooks in order to log them
+	 */
+	public function registerHooks() {
+		$this->userManagementHooks();
+		$this->groupHooks();
+		$this->sharingHooks();
+		$this->authHooks();
+		$this->fileHooks();
+		$this->trashbinHooks();
+		$this->versionsHooks();
+	}
+
+	/**
+	 * connect to user management hooks
+	 */
+	private function userManagementHooks() {
+		$userActions = new UserManagement($this->logger);
+
+		Util::connectHook('OC_User', 'post_createUser',	$userActions, 'create');
+		Util::connectHook('OC_User', 'post_deleteUser',	$userActions, 'delete');
+		$this->userSession->listen('\OC\User', 'postSetPassword', [$userActions, 'setPassword']);
+	}
+	
+	private function groupHooks()  {
+		$groupActions = new GroupManagement($this->logger);
+		$this->groupManager->listen('\OC\Group', 'postRemoveUser',  [$groupActions, 'removeUser']);
+		$this->groupManager->listen('\OC\Group', 'postAddUser',  [$groupActions, 'addUser']);
+	}
+
+	/**
+	 * connect to sharing events
+	 */
+	private function sharingHooks() {
+		$shareActions = new Sharing($this->logger);
+
+		Util::connectHook('OCP\Share', 'post_shared', $shareActions, 'shared');
+		Util::connectHook('OCP\Share', 'post_unshare', $shareActions, 'unshare');
+		Util::connectHook('OCP\Share', 'post_update_permissions', $shareActions, 'updatePermissions');
+		Util::connectHook('OCP\Share', 'post_update_password', $shareActions, 'updatePassword');
+		Util::connectHook('OCP\Share', 'post_set_expiration_date', $shareActions, 'updateExpirationDate');
+		Util::connectHook('OCP\Share', 'share_link_access', $shareActions, 'shareAccessed');
+	}
+
+	/**
+	 * connect to authentication event and related actions
+	 */
+	private function authHooks() {
+		$authActions = new Auth($this->logger);
+
+		Util::connectHook('OC_User', 'pre_login', $authActions, 'loginAttempt');
+		Util::connectHook('OC_User', 'post_login', $authActions, 'loginSuccessful');
+		Util::connectHook('OC_User', 'logout', $authActions, 'logout');
+	}
+
+
+	/**
+	 * connect to file hooks
+	 */
+	private function fileHooks() {
+		$fileActions = new Files($this->logger);
+
+		Util::connectHook(
+			Filesystem::CLASSNAME,
+			Filesystem::signal_post_rename,
+			$fileActions,
+			'rename'
+		);
+		Util::connectHook(
+			Filesystem::CLASSNAME,
+			Filesystem::signal_post_create,
+			$fileActions,
+			'create'
+		);
+		Util::connectHook(
+			Filesystem::CLASSNAME,
+			Filesystem::signal_post_copy,
+			$fileActions,
+			'copy'
+		);
+		Util::connectHook(
+			Filesystem::CLASSNAME,
+			Filesystem::signal_post_write,
+			$fileActions,
+			'write'
+		);
+		Util::connectHook(
+			Filesystem::CLASSNAME,
+			Filesystem::signal_post_update,
+			$fileActions,
+			'update'
+		);
+		Util::connectHook(
+			Filesystem::CLASSNAME,
+			Filesystem::signal_read,
+			$fileActions,
+			'read'
+		);
+		Util::connectHook(
+			Filesystem::CLASSNAME,
+			Filesystem::signal_delete,
+			$fileActions,
+			'delete'
+		);
+	}
+
+	public function versionsHooks() {
+		$versionsActions = new Versions($this->logger);
+		Util::connectHook('\OCP\Versions', 'rollback', $versionsActions, 'rollback');
+		Util::connectHook('\OCP\Versions', 'delete',$versionsActions, 'delete');
+	}
+
+	/**
+	 * connect to trash bin hooks
+	 */
+	private function trashbinHooks() {
+		$trashActions = new Trashbin($this->logger);
+		Util::connectHook('\OCP\Trashbin', 'preDelete', $trashActions, 'delete');
+		Util::connectHook('\OCA\Files_Trashbin\Trashbin', 'post_restore', $trashActions, 'restore');
+	}
+
+}

apps/comments/activity/extension.php

@@ -105,7 +105,7 @@ class Extension implements IExtension {
 	public function getTypeIcon($type) {
 		switch ($type) {
 			case self::APP_NAME:
-				return false;
+				return 'icon-comment';
 		}
 
 		return false;
@@ -150,6 +150,9 @@ class Extension implements IExtension {
 
 		switch ($text) {
 			case self::ADD_COMMENT_SUBJECT:
+				if ($this->authorIsCurrentUser($params[0])) {
+					return (string) $l->t('You commented');
+				}
 				return (string) $l->t('%1$s commented', $params);
 			case self::ADD_COMMENT_MESSAGE:
 				return $this->convertParameterToComment($params[0], 120);
@@ -168,6 +171,9 @@ class Extension implements IExtension {
 
 		switch ($text) {
 			case self::ADD_COMMENT_SUBJECT:
+				if ($this->authorIsCurrentUser($params[0])) {
+					return (string) $l->t('You commented on %2$s', $params);
+				}
 				return (string) $l->t('%1$s commented on %2$s', $params);
 			case self::ADD_COMMENT_MESSAGE:
 				return $this->convertParameterToComment($params[0]);
@@ -176,6 +182,21 @@ class Extension implements IExtension {
 		return false;
 	}
 
+	/**
+	 * Check if the author is the current user
+	 *
+	 * @param string $user Parameter e.g. `<user display-name="admin">admin</user>`
+	 * @return bool
+	 */
+	protected function authorIsCurrentUser($user) {
+		try {
+			return strip_tags($user) === $this->activityManager->getCurrentUserId();
+		} catch (\UnexpectedValueException $e) {
+			// FIXME this is awkward, but we have no access to the current user in emails
+			return false;
+		}
+	}
+
 	/**
 	 * The extension can define the type of parameters for translation
 	 *

apps/comments/l10n/cs_CZ.js

@@ -16,6 +16,7 @@ OC.L10N.register(
     "Save" : "Uložit",
     "Allowed characters {count} of {max}" : "Povolených znaků {count} z {max}",
     "{count} unread comments" : "{count} nepřečtených komentářů",
-    "Comment" : "Komentář"
+    "Comment" : "Komentář",
+    "<strong>Comments</strong> for files" : "<strong>Komentáře</strong> souborů"
 },
 "nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;");

apps/comments/l10n/cs_CZ.json

@@ -14,6 +14,7 @@
     "Save" : "Uložit",
     "Allowed characters {count} of {max}" : "Povolených znaků {count} z {max}",
     "{count} unread comments" : "{count} nepřečtených komentářů",
-    "Comment" : "Komentář"
+    "Comment" : "Komentář",
+    "<strong>Comments</strong> for files" : "<strong>Komentáře</strong> souborů"
 },"pluralForm" :"nplurals=3; plural=(n==1) ? 0 : (n>=2 && n<=4) ? 1 : 2;"
 }

apps/comments/l10n/de.js

@@ -16,6 +16,7 @@ OC.L10N.register(
     "Save" : "Speichern",
     "Allowed characters {count} of {max}" : "Erlaubte Zeichen {count} von {max}",
     "{count} unread comments" : "{count} ungelesene Kommentare",
-    "Comment" : "Kommentar"
+    "Comment" : "Kommentar",
+    "<strong>Comments</strong> for files" : "<strong>Kommentare</strong> für Dateien"
 },
 "nplurals=2; plural=(n != 1);");

apps/comments/l10n/de.json

@@ -14,6 +14,7 @@
     "Save" : "Speichern",
     "Allowed characters {count} of {max}" : "Erlaubte Zeichen {count} von {max}",
     "{count} unread comments" : "{count} ungelesene Kommentare",
-    "Comment" : "Kommentar"
+    "Comment" : "Kommentar",
+    "<strong>Comments</strong> for files" : "<strong>Kommentare</strong> für Dateien"
 },"pluralForm" :"nplurals=2; plural=(n != 1);"
 }

apps/comments/l10n/de_DE.js

@@ -16,6 +16,7 @@ OC.L10N.register(
     "Save" : "Speichern",
     "Allowed characters {count} of {max}" : "{count} von {max} Zeichen benutzt",
     "{count} unread comments" : "[count] ungelesene Kommentare",
-    "Comment" : "Kommentar"
+    "Comment" : "Kommentar",
+    "<strong>Comments</strong> for files" : "<strong>Kommentare</strong> für Dateien"
 },
 "nplurals=2; plural=(n != 1);");

apps/comments/l10n/de_DE.json

@@ -14,6 +14,7 @@
     "Save" : "Speichern",
     "Allowed characters {count} of {max}" : "{count} von {max} Zeichen benutzt",
     "{count} unread comments" : "[count] ungelesene Kommentare",
-    "Comment" : "Kommentar"
+    "Comment" : "Kommentar",
+    "<strong>Comments</strong> for files" : "<strong>Kommentare</strong> für Dateien"
 },"pluralForm" :"nplurals=2; plural=(n != 1);"
 }

apps/comments/l10n/en_GB.js

@@ -16,6 +16,7 @@ OC.L10N.register(
     "Save" : "Save",
     "Allowed characters {count} of {max}" : "Allowed characters {count} of {max}",
     "{count} unread comments" : "{count} unread comments",
-    "Comment" : "Comment"
+    "Comment" : "Comment",
+    "<strong>Comments</strong> for files" : "<strong>Comments</strong> for files"
 },
 "nplurals=2; plural=(n != 1);");

apps/comments/l10n/en_GB.json

@@ -14,6 +14,7 @@
     "Save" : "Save",
     "Allowed characters {count} of {max}" : "Allowed characters {count} of {max}",
     "{count} unread comments" : "{count} unread comments",
-    "Comment" : "Comment"
+    "Comment" : "Comment",
+    "<strong>Comments</strong> for files" : "<strong>Comments</strong> for files"
 },"pluralForm" :"nplurals=2; plural=(n != 1);"
 }

apps/comments/l10n/eo.js

@@ -16,6 +16,7 @@ OC.L10N.register(
     "Save" : "Konservi",
     "Allowed characters {count} of {max}" : "Permesataj karakteroj: {count} el {max}",
     "{count} unread comments" : "{count} nelegitaj komentoj",
-    "Comment" : "Komento"
+    "Comment" : "Komento",
+    "<strong>Comments</strong> for files" : "<strong>Komentoj</strong> por dosieroj"
 },
 "nplurals=2; plural=(n != 1);");

apps/comments/l10n/eo.json

@@ -14,6 +14,7 @@
     "Save" : "Konservi",
     "Allowed characters {count} of {max}" : "Permesataj karakteroj: {count} el {max}",
     "{count} unread comments" : "{count} nelegitaj komentoj",
-    "Comment" : "Komento"
+    "Comment" : "Komento",
+    "<strong>Comments</strong> for files" : "<strong>Komentoj</strong> por dosieroj"
 },"pluralForm" :"nplurals=2; plural=(n != 1);"
 }

apps/comments/l10n/es.js

@@ -16,6 +16,7 @@ OC.L10N.register(
     "Save" : "Guardar",
     "Allowed characters {count} of {max}" : "Caracteres permitidos {count} de {max}",
     "{count} unread comments" : "{count} comentarios no leídos",
-    "Comment" : "Comentario"
+    "Comment" : "Comentario",
+    "<strong>Comments</strong> for files" : "<strong>Comentarios</strong> en archivos"
 },
 "nplurals=2; plural=(n != 1);");

apps/comments/l10n/es.json

@@ -14,6 +14,7 @@
     "Save" : "Guardar",
     "Allowed characters {count} of {max}" : "Caracteres permitidos {count} de {max}",
     "{count} unread comments" : "{count} comentarios no leídos",
-    "Comment" : "Comentario"
+    "Comment" : "Comentario",
+    "<strong>Comments</strong> for files" : "<strong>Comentarios</strong> en archivos"
 },"pluralForm" :"nplurals=2; plural=(n != 1);"
 }

apps/comments/l10n/fi_FI.js

@@ -16,6 +16,7 @@ OC.L10N.register(
     "Save" : "Tallenna",
     "Allowed characters {count} of {max}" : "Sallittujen merkkien määrä {count}/{max}",
     "{count} unread comments" : "{count} lukematonta kommenttia",
-    "Comment" : "Kommentti"
+    "Comment" : "Kommentti",
+    "<strong>Comments</strong> for files" : "<strong>Kommentit</strong> tiedostoille"
 },
 "nplurals=2; plural=(n != 1);");

apps/comments/l10n/fi_FI.json

@@ -14,6 +14,7 @@
     "Save" : "Tallenna",
     "Allowed characters {count} of {max}" : "Sallittujen merkkien määrä {count}/{max}",
     "{count} unread comments" : "{count} lukematonta kommenttia",
-    "Comment" : "Kommentti"
+    "Comment" : "Kommentti",
+    "<strong>Comments</strong> for files" : "<strong>Kommentit</strong> tiedostoille"
 },"pluralForm" :"nplurals=2; plural=(n != 1);"
 }

apps/comments/l10n/fr.js

@@ -16,6 +16,7 @@ OC.L10N.register(
     "Save" : "Enregistrer",
     "Allowed characters {count} of {max}" : "{count} sur {max} caractères autorisés",
     "{count} unread comments" : "{count} commentaires non lus",
-    "Comment" : "Commenter"
+    "Comment" : "Commenter",
+    "<strong>Comments</strong> for files" : "<strong>Commentaires</strong> pour les fichiers"
 },
 "nplurals=2; plural=(n > 1);");

apps/comments/l10n/fr.json

@@ -14,6 +14,7 @@
     "Save" : "Enregistrer",
     "Allowed characters {count} of {max}" : "{count} sur {max} caractères autorisés",
     "{count} unread comments" : "{count} commentaires non lus",
-    "Comment" : "Commenter"
+    "Comment" : "Commenter",
+    "<strong>Comments</strong> for files" : "<strong>Commentaires</strong> pour les fichiers"
 },"pluralForm" :"nplurals=2; plural=(n > 1);"
 }

apps/comments/l10n/he.js

@@ -16,6 +16,7 @@ OC.L10N.register(
     "Save" : "שמירה",
     "Allowed characters {count} of {max}" : "תווים מותרים {count} מתוך {max}",
     "{count} unread comments" : "{count} תגובות שלא נקראו",
-    "Comment" : "תגובה"
+    "Comment" : "תגובה",
+    "<strong>Comments</strong> for files" : "<strong>תגובות</strong> לקבצים"
 },
 "nplurals=2; plural=(n != 1);");

apps/comments/l10n/he.json

@@ -14,6 +14,7 @@
     "Save" : "שמירה",
     "Allowed characters {count} of {max}" : "תווים מותרים {count} מתוך {max}",
     "{count} unread comments" : "{count} תגובות שלא נקראו",
-    "Comment" : "תגובה"
+    "Comment" : "תגובה",
+    "<strong>Comments</strong> for files" : "<strong>תגובות</strong> לקבצים"
 },"pluralForm" :"nplurals=2; plural=(n != 1);"
 }

apps/comments/l10n/hu_HU.js

@@ -3,6 +3,11 @@ OC.L10N.register(
     {
     "Cancel" : "Mégsem",
     "Save" : "Mentés",
-    "Comment" : "Komment"
+    "Comment" : "Komment",
+    "<strong>Comments</strong> for files" : "<strong>Hozzászólások</strong> a fájlokhoz",
+    "Delete comment" : "Hozzászólás törlése",
+    "Edit comment" : "Hozzászólás szerkesztése",
+    "No other comments available" : "Nincs több hozzászólás.",
+    "Post" : "Küldés"
 },
 "nplurals=2; plural=(n != 1);");

apps/comments/l10n/hu_HU.json

@@ -1,6 +1,11 @@
 { "translations": {
     "Cancel" : "Mégsem",
     "Save" : "Mentés",
-    "Comment" : "Komment"
+    "Comment" : "Komment",
+    "<strong>Comments</strong> for files" : "<strong>Hozzászólások</strong> a fájlokhoz",
+    "Delete comment" : "Hozzászólás törlése",
+    "Edit comment" : "Hozzászólás szerkesztése",
+    "No other comments available" : "Nincs több hozzászólás.",
+    "Post" : "Küldés"
 },"pluralForm" :"nplurals=2; plural=(n != 1);"
 }

apps/comments/l10n/id.js

@@ -16,6 +16,7 @@ OC.L10N.register(
     "Save" : "Simpan",
     "Allowed characters {count} of {max}" : "Karakter yang diizinkan {count} dari {max}",
     "{count} unread comments" : "{count} komentar belum dibaca",
-    "Comment" : "Komentar"
+    "Comment" : "Komentar",
+    "<strong>Comments</strong> for files" : "<strong>Komentar</strong> untuk berkas"
 },
 "nplurals=1; plural=0;");

apps/comments/l10n/id.json

@@ -14,6 +14,7 @@
     "Save" : "Simpan",
     "Allowed characters {count} of {max}" : "Karakter yang diizinkan {count} dari {max}",
     "{count} unread comments" : "{count} komentar belum dibaca",
-    "Comment" : "Komentar"
+    "Comment" : "Komentar",
+    "<strong>Comments</strong> for files" : "<strong>Komentar</strong> untuk berkas"
 },"pluralForm" :"nplurals=1; plural=0;"
 }

apps/comments/l10n/is.js

@@ -3,6 +3,11 @@ OC.L10N.register(
     {
     "Cancel" : "Hætta við",
     "Save" : "Vista",
-    "Comment" : "Athugasemd"
+    "Comment" : "Athugasemd",
+    "<strong>Comments</strong> for files" : "<strong>Athugasemdir</strong> við skrár",
+    "Delete comment" : "Eyða athugasemd",
+    "Edit comment" : "Breyta athugasemd",
+    "No other comments available" : "Engar aðrar athugasemdir eru tiltækar",
+    "Post" : "Senda"
 },
 "nplurals=2; plural=(n % 10 != 1 || n % 100 == 11);");

apps/comments/l10n/is.json

@@ -1,6 +1,11 @@
 { "translations": {
     "Cancel" : "Hætta við",
     "Save" : "Vista",
-    "Comment" : "Athugasemd"
+    "Comment" : "Athugasemd",
+    "<strong>Comments</strong> for files" : "<strong>Athugasemdir</strong> við skrár",
+    "Delete comment" : "Eyða athugasemd",
+    "Edit comment" : "Breyta athugasemd",
+    "No other comments available" : "Engar aðrar athugasemdir eru tiltækar",
+    "Post" : "Senda"
 },"pluralForm" :"nplurals=2; plural=(n % 10 != 1 || n % 100 == 11);"
 }

apps/comments/l10n/it.js

@@ -16,6 +16,7 @@ OC.L10N.register(
     "Save" : "Salva",
     "Allowed characters {count} of {max}" : "Caratteri consentiti {count} di {max}",
     "{count} unread comments" : "{count} commenti non letti",
-    "Comment" : "Commento"
+    "Comment" : "Commento",
+    "<strong>Comments</strong> for files" : "<strong>Commenti</strong> sui file"
 },
 "nplurals=2; plural=(n != 1);");

apps/comments/l10n/it.json

@@ -14,6 +14,7 @@
     "Save" : "Salva",
     "Allowed characters {count} of {max}" : "Caratteri consentiti {count} di {max}",
     "{count} unread comments" : "{count} commenti non letti",
-    "Comment" : "Commento"
+    "Comment" : "Commento",
+    "<strong>Comments</strong> for files" : "<strong>Commenti</strong> sui file"
 },"pluralForm" :"nplurals=2; plural=(n != 1);"
 }

apps/comments/l10n/ja.js

@@ -16,6 +16,7 @@ OC.L10N.register(
     "Save" : "保存",
     "Allowed characters {count} of {max}" : "入力文字数  {count} / {max}",
     "{count} unread comments" : "未読コメント数 {count}",
-    "Comment" : "コメント"
+    "Comment" : "コメント",
+    "<strong>Comments</strong> for files" : "ファイルについての<strong>コメント</strong>"
 },
 "nplurals=1; plural=0;");

apps/comments/l10n/ja.json

@@ -14,6 +14,7 @@
     "Save" : "保存",
     "Allowed characters {count} of {max}" : "入力文字数  {count} / {max}",
     "{count} unread comments" : "未読コメント数 {count}",
-    "Comment" : "コメント"
+    "Comment" : "コメント",
+    "<strong>Comments</strong> for files" : "ファイルについての<strong>コメント</strong>"
 },"pluralForm" :"nplurals=1; plural=0;"
 }

apps/comments/l10n/ko.js

@@ -3,6 +3,11 @@ OC.L10N.register(
     {
     "Cancel" : "취소",
     "Save" : "저장",
-    "Comment" : "설명"
+    "Comment" : "설명",
+    "<strong>Comments</strong> for files" : "파일에 <strong>댓글</strong> 남기기",
+    "Delete comment" : "댓글 삭제",
+    "Edit comment" : "댓글 편집",
+    "No other comments available" : "더 이상 댓글 없음",
+    "Post" : "게시"
 },
 "nplurals=1; plural=0;");

apps/comments/l10n/ko.json

@@ -1,6 +1,11 @@
 { "translations": {
     "Cancel" : "취소",
     "Save" : "저장",
-    "Comment" : "설명"
+    "Comment" : "설명",
+    "<strong>Comments</strong> for files" : "파일에 <strong>댓글</strong> 남기기",
+    "Delete comment" : "댓글 삭제",
+    "Edit comment" : "댓글 편집",
+    "No other comments available" : "더 이상 댓글 없음",
+    "Post" : "게시"
 },"pluralForm" :"nplurals=1; plural=0;"
 }

apps/comments/l10n/nb_NO.js

@@ -16,6 +16,7 @@ OC.L10N.register(
     "Save" : "Lagre",
     "Allowed characters {count} of {max}" : "Antall tegn tillatt {count} av {max}",
     "{count} unread comments" : "{count} uleste kommentarer",
-    "Comment" : "Kommentar"
+    "Comment" : "Kommentar",
+    "<strong>Comments</strong> for files" : "<strong>Kommentarer</strong> for filer"
 },
 "nplurals=2; plural=(n != 1);");

apps/comments/l10n/nb_NO.json

@@ -14,6 +14,7 @@
     "Save" : "Lagre",
     "Allowed characters {count} of {max}" : "Antall tegn tillatt {count} av {max}",
     "{count} unread comments" : "{count} uleste kommentarer",
-    "Comment" : "Kommentar"
+    "Comment" : "Kommentar",
+    "<strong>Comments</strong> for files" : "<strong>Kommentarer</strong> for filer"
 },"pluralForm" :"nplurals=2; plural=(n != 1);"
 }

apps/comments/l10n/nl.js

@@ -16,6 +16,7 @@ OC.L10N.register(
     "Save" : "Bewaren",
     "Allowed characters {count} of {max}" : "{count} van de {max} toegestane tekens",
     "{count} unread comments" : "{count} ongelezen reacties",
-    "Comment" : "Reactie"
+    "Comment" : "Reactie",
+    "<strong>Comments</strong> for files" : "<strong>Reacties</strong> voor bestanden"
 },
 "nplurals=2; plural=(n != 1);");

apps/comments/l10n/nl.json

@@ -14,6 +14,7 @@
     "Save" : "Bewaren",
     "Allowed characters {count} of {max}" : "{count} van de {max} toegestane tekens",
     "{count} unread comments" : "{count} ongelezen reacties",
-    "Comment" : "Reactie"
+    "Comment" : "Reactie",
+    "<strong>Comments</strong> for files" : "<strong>Reacties</strong> voor bestanden"
 },"pluralForm" :"nplurals=2; plural=(n != 1);"
 }

apps/comments/l10n/pl.js

@@ -3,6 +3,11 @@ OC.L10N.register(
     {
     "Cancel" : "Anuluj",
     "Save" : "Zapisz",
-    "Comment" : "Komentarz"
+    "Comment" : "Komentarz",
+    "<strong>Comments</strong> for files" : "<strong>Komentarze</strong> dla plików",
+    "Delete comment" : "Skasuj komentarz",
+    "Edit comment" : "Edytuj komentarz",
+    "No other comments available" : "Nie ma więcej komentarzy",
+    "Post" : "Zapisz"
 },
 "nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);");

apps/comments/l10n/pl.json

@@ -1,6 +1,11 @@
 { "translations": {
     "Cancel" : "Anuluj",
     "Save" : "Zapisz",
-    "Comment" : "Komentarz"
+    "Comment" : "Komentarz",
+    "<strong>Comments</strong> for files" : "<strong>Komentarze</strong> dla plików",
+    "Delete comment" : "Skasuj komentarz",
+    "Edit comment" : "Edytuj komentarz",
+    "No other comments available" : "Nie ma więcej komentarzy",
+    "Post" : "Zapisz"
 },"pluralForm" :"nplurals=3; plural=(n==1 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);"
 }

apps/comments/l10n/pt_BR.js

@@ -16,6 +16,7 @@ OC.L10N.register(
     "Save" : "Salvar",
     "Allowed characters {count} of {max}" : "Caracteres permitidos  {count} de {max}",
     "{count} unread comments" : "{count} comentários não lidos",
-    "Comment" : "Comentário"
+    "Comment" : "Comentário",
+    "<strong>Comments</strong> for files" : "<strong>Comentários</strong> por arquivos"
 },
 "nplurals=2; plural=(n > 1);");

apps/comments/l10n/pt_BR.json

@@ -14,6 +14,7 @@
     "Save" : "Salvar",
     "Allowed characters {count} of {max}" : "Caracteres permitidos  {count} de {max}",
     "{count} unread comments" : "{count} comentários não lidos",
-    "Comment" : "Comentário"
+    "Comment" : "Comentário",
+    "<strong>Comments</strong> for files" : "<strong>Comentários</strong> por arquivos"
 },"pluralForm" :"nplurals=2; plural=(n > 1);"
 }

apps/comments/l10n/pt_PT.js

@@ -16,6 +16,7 @@ OC.L10N.register(
     "Save" : "Guardar",
     "Allowed characters {count} of {max}" : "{count} de {max} caracteres restantes",
     "{count} unread comments" : "{count} comentários não lidos",
-    "Comment" : "Comentário"
+    "Comment" : "Comentário",
+    "<strong>Comments</strong> for files" : "<strong>Comentários</strong> para ficheiros"
 },
 "nplurals=2; plural=(n != 1);");

apps/comments/l10n/pt_PT.json

@@ -14,6 +14,7 @@
     "Save" : "Guardar",
     "Allowed characters {count} of {max}" : "{count} de {max} caracteres restantes",
     "{count} unread comments" : "{count} comentários não lidos",
-    "Comment" : "Comentário"
+    "Comment" : "Comentário",
+    "<strong>Comments</strong> for files" : "<strong>Comentários</strong> para ficheiros"
 },"pluralForm" :"nplurals=2; plural=(n != 1);"
 }

apps/comments/l10n/ru.js

@@ -16,6 +16,7 @@ OC.L10N.register(
     "Save" : "Сохранить",
     "Allowed characters {count} of {max}" : "Допустимых символов {count} из {max}",
     "{count} unread comments" : "{count} непрочитанных комментариев",
-    "Comment" : "Коментарий"
+    "Comment" : "Коментарий",
+    "<strong>Comments</strong> for files" : "<strong>Комментарии</strong> к файлам"
 },
 "nplurals=4; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<12 || n%100>14) ? 1 : n%10==0 || (n%10>=5 && n%10<=9) || (n%100>=11 && n%100<=14)? 2 : 3);");

apps/comments/l10n/ru.json

@@ -14,6 +14,7 @@
     "Save" : "Сохранить",
     "Allowed characters {count} of {max}" : "Допустимых символов {count} из {max}",
     "{count} unread comments" : "{count} непрочитанных комментариев",
-    "Comment" : "Коментарий"
+    "Comment" : "Коментарий",
+    "<strong>Comments</strong> for files" : "<strong>Комментарии</strong> к файлам"
 },"pluralForm" :"nplurals=4; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<12 || n%100>14) ? 1 : n%10==0 || (n%10>=5 && n%10<=9) || (n%100>=11 && n%100<=14)? 2 : 3);"
 }

apps/comments/l10n/sl.js

@@ -16,6 +16,7 @@ OC.L10N.register(
     "Save" : "Shrani",
     "Allowed characters {count} of {max}" : "Dovoljeni znaki: {count} od {max}",
     "{count} unread comments" : "{count} neprebranih opomb",
-    "Comment" : "Opomba"
+    "Comment" : "Opomba",
+    "<strong>Comments</strong> for files" : "<strong>Opombe</strong> datotek"
 },
 "nplurals=4; plural=(n%100==1 ? 0 : n%100==2 ? 1 : n%100==3 || n%100==4 ? 2 : 3);");

apps/comments/l10n/sl.json

@@ -14,6 +14,7 @@
     "Save" : "Shrani",
     "Allowed characters {count} of {max}" : "Dovoljeni znaki: {count} od {max}",
     "{count} unread comments" : "{count} neprebranih opomb",
-    "Comment" : "Opomba"
+    "Comment" : "Opomba",
+    "<strong>Comments</strong> for files" : "<strong>Opombe</strong> datotek"
 },"pluralForm" :"nplurals=4; plural=(n%100==1 ? 0 : n%100==2 ? 1 : n%100==3 || n%100==4 ? 2 : 3);"
 }

apps/comments/l10n/sq.js

@@ -16,6 +16,7 @@ OC.L10N.register(
     "Save" : "Ruaje",
     "Allowed characters {count} of {max}" : "Shenja të lejuara {count} nga {max}",
     "{count} unread comments" : "{count} komente të palexuar",
-    "Comment" : "Koment"
+    "Comment" : "Koment",
+    "<strong>Comments</strong> for files" : "<strong>Komente</strong> për kartela"
 },
 "nplurals=2; plural=(n != 1);");

apps/comments/l10n/sq.json

@@ -14,6 +14,7 @@
     "Save" : "Ruaje",
     "Allowed characters {count} of {max}" : "Shenja të lejuara {count} nga {max}",
     "{count} unread comments" : "{count} komente të palexuar",
-    "Comment" : "Koment"
+    "Comment" : "Koment",
+    "<strong>Comments</strong> for files" : "<strong>Komente</strong> për kartela"
 },"pluralForm" :"nplurals=2; plural=(n != 1);"
 }

apps/comments/l10n/sr.js

@@ -3,6 +3,11 @@ OC.L10N.register(
     {
     "Cancel" : "Одустани",
     "Save" : "Сачувај",
-    "Comment" : "Коментар"
+    "Comment" : "Коментар",
+    "<strong>Comments</strong> for files" : "<strong>Коментари</strong> фајлова",
+    "Delete comment" : "Обриши коментар",
+    "Edit comment" : "Уреди коментар",
+    "No other comments available" : "Нема других коментара",
+    "Post" : "Објави"
 },
 "nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);");

apps/comments/l10n/sr.json

@@ -1,6 +1,11 @@
 { "translations": {
     "Cancel" : "Одустани",
     "Save" : "Сачувај",
-    "Comment" : "Коментар"
+    "Comment" : "Коментар",
+    "<strong>Comments</strong> for files" : "<strong>Коментари</strong> фајлова",
+    "Delete comment" : "Обриши коментар",
+    "Edit comment" : "Уреди коментар",
+    "No other comments available" : "Нема других коментара",
+    "Post" : "Објави"
 },"pluralForm" :"nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);"
 }

apps/comments/l10n/sv.js

@@ -16,6 +16,7 @@ OC.L10N.register(
     "Save" : "Spara",
     "Allowed characters {count} of {max}" : "Tillåtet antal tecken {count} av {max}",
     "{count} unread comments" : "{count} olästa kommentarer",
-    "Comment" : "Kommentar"
+    "Comment" : "Kommentar",
+    "<strong>Comments</strong> for files" : "<strong>Kommentarer</strong> till filer"
 },
 "nplurals=2; plural=(n != 1);");

apps/comments/l10n/sv.json

@@ -14,6 +14,7 @@
     "Save" : "Spara",
     "Allowed characters {count} of {max}" : "Tillåtet antal tecken {count} av {max}",
     "{count} unread comments" : "{count} olästa kommentarer",
-    "Comment" : "Kommentar"
+    "Comment" : "Kommentar",
+    "<strong>Comments</strong> for files" : "<strong>Kommentarer</strong> till filer"
 },"pluralForm" :"nplurals=2; plural=(n != 1);"
 }

apps/comments/l10n/th_TH.js

@@ -12,6 +12,7 @@ OC.L10N.register(
     "Edit comment" : "แก้ไขความคิดเห็น",
     "[Deleted user]" : "[ผู้ใช้ถูกลบไปแล้ว]",
     "Save" : "บันทึก",
-    "Comment" : "แสดงความคิดเห็น"
+    "Comment" : "แสดงความคิดเห็น",
+    "<strong>Comments</strong> for files" : "<strong>แสดงความคิดเห็น</strong> สำหรับไฟล์"
 },
 "nplurals=1; plural=0;");

apps/comments/l10n/th_TH.json

@@ -10,6 +10,7 @@
     "Edit comment" : "แก้ไขความคิดเห็น",
     "[Deleted user]" : "[ผู้ใช้ถูกลบไปแล้ว]",
     "Save" : "บันทึก",
-    "Comment" : "แสดงความคิดเห็น"
+    "Comment" : "แสดงความคิดเห็น",
+    "<strong>Comments</strong> for files" : "<strong>แสดงความคิดเห็น</strong> สำหรับไฟล์"
 },"pluralForm" :"nplurals=1; plural=0;"
 }

apps/comments/l10n/tr.js

@@ -16,6 +16,7 @@ OC.L10N.register(
     "Save" : "Kaydet",
     "Allowed characters {count} of {max}" : "İzin verilen karakterler {count} {max}",
     "{count} unread comments" : "{count} okunmamış yorumlar",
-    "Comment" : "Yorum"
+    "Comment" : "Yorum",
+    "<strong>Comments</strong> for files" : "Dosyalar için <strong>Yorumlar</strong>"
 },
 "nplurals=2; plural=(n > 1);");

apps/comments/l10n/tr.json

@@ -14,6 +14,7 @@
     "Save" : "Kaydet",
     "Allowed characters {count} of {max}" : "İzin verilen karakterler {count} {max}",
     "{count} unread comments" : "{count} okunmamış yorumlar",
-    "Comment" : "Yorum"
+    "Comment" : "Yorum",
+    "<strong>Comments</strong> for files" : "Dosyalar için <strong>Yorumlar</strong>"
 },"pluralForm" :"nplurals=2; plural=(n > 1);"
 }

apps/comments/l10n/uk.js

@@ -16,6 +16,7 @@ OC.L10N.register(
     "Save" : "Зберегти",
     "Allowed characters {count} of {max}" : "Доступно символів {count} з {max}",
     "{count} unread comments" : "{count} непрочитаних коментарів",
-    "Comment" : "Коментар"
+    "Comment" : "Коментар",
+    "<strong>Comments</strong> for files" : "<strong>Коментарі</strong> до файлів"
 },
 "nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);");

apps/comments/l10n/uk.json

@@ -14,6 +14,7 @@
     "Save" : "Зберегти",
     "Allowed characters {count} of {max}" : "Доступно символів {count} з {max}",
     "{count} unread comments" : "{count} непрочитаних коментарів",
-    "Comment" : "Коментар"
+    "Comment" : "Коментар",
+    "<strong>Comments</strong> for files" : "<strong>Коментарі</strong> до файлів"
 },"pluralForm" :"nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n%10>=2 && n%10<=4 && (n%100<10 || n%100>=20) ? 1 : 2);"
 }

apps/comments/l10n/zh_CN.js

@@ -16,6 +16,7 @@ OC.L10N.register(
     "Save" : "保存",
     "Allowed characters {count} of {max}" : "当前字数： {count}，最大允许：{max}",
     "{count} unread comments" : "{count} 条未读评论",
-    "Comment" : "评论"
+    "Comment" : "评论",
+    "<strong>Comments</strong> for files" : "<strong>评论文件</strong>"
 },
 "nplurals=1; plural=0;");

apps/comments/l10n/zh_CN.json

@@ -14,6 +14,7 @@
     "Save" : "保存",
     "Allowed characters {count} of {max}" : "当前字数： {count}，最大允许：{max}",
     "{count} unread comments" : "{count} 条未读评论",
-    "Comment" : "评论"
+    "Comment" : "评论",
+    "<strong>Comments</strong> for files" : "<strong>评论文件</strong>"
 },"pluralForm" :"nplurals=1; plural=0;"
 }

apps/dav/appinfo/app.php

@@ -46,6 +46,8 @@ $eventDispatcher->addListener('OCP\Federation\TrustedServerEvent::remove',
 
 $cm = \OC::$server->getContactsManager();
 $cm->register(function() use ($cm, $app) {
-	$userId = \OC::$server->getUserSession()->getUser()->getUID();
-	$app->setupContactsProvider($cm, $userId);
+	$user = \OC::$server->getUserSession()->getUser();
+	if (!is_null($user)) {
+		$app->setupContactsProvider($cm, $user->getUID());
+	}
 });

apps/dav/appinfo/application.php

@@ -99,18 +99,24 @@ class Application extends App {
 		$container->registerService('MigrateAddressbooks', function($c) {
 			/** @var IAppContainer $c */
 			$db = $c->getServer()->getDatabaseConnection();
+			$logger = $c->getServer()->getLogger();
 			return new MigrateAddressbooks(
 				new AddressBookAdapter($db),
-				$c->query('CardDavBackend')
+				$c->query('CardDavBackend'),
+				$logger,
+				null
 			);
 		});
 
 		$container->registerService('MigrateCalendars', function($c) {
 			/** @var IAppContainer $c */
 			$db = $c->getServer()->getDatabaseConnection();
+			$logger = $c->getServer()->getLogger();
 			return new MigrateCalendars(
 				new CalendarAdapter($db),
-				$c->query('CalDavBackend')
+				$c->query('CalDavBackend'),
+				$logger,
+				null
 			);
 		});
 
@@ -204,4 +210,19 @@ class Application extends App {
 			$this->getContainer()->getServer()->getLogger()->logException($ex);
 		}
 	}
+
+	public function generateBirthdays() {
+		try {
+			/** @var BirthdayService $migration */
+			$migration = $this->getContainer()->query('BirthdayService');
+			$userManager = $this->getContainer()->getServer()->getUserManager();
+
+			$userManager->callForAllUsers(function($user) use($migration) {
+				/** @var IUser $user */
+				$migration->syncUser($user->getUID());
+			});
+		} catch (\Exception $ex) {
+			$this->getContainer()->getServer()->getLogger()->logException($ex);
+		}
+	}
 }

apps/dav/appinfo/database.xml

@@ -283,7 +283,7 @@ CREATE TABLE calendarobjects (
 		description TEXT,
 		calendarorder INT(11) UNSIGNED NOT NULL DEFAULT '0',
 		calendarcolor VARBINARY(10),
-		timezone TEXT,
+		timezone CLOB,
 		components VARBINARY(20),
 		transparent TINYINT(1) NOT NULL DEFAULT '0',
 		UNIQUE(principaluri, uri)
@@ -337,7 +337,7 @@ CREATE TABLE calendarobjects (
 		</field>
 		<field>
 			<name>timezone</name>
-			<type>text</type>
+			<type>clob</type>
 		</field>
 		<field>
 			<name>components</name>

apps/dav/appinfo/info.xml

@@ -2,10 +2,10 @@
 <info>
 	<id>dav</id>
 	<name>WebDAV</name>
-	<description>ownCloud WebDAV endpoint</description>
+	<description>WebDAV endpoint</description>
 	<licence>AGPL</licence>
 	<author>owncloud.org</author>
-	<version>0.1.4</version>
+	<version>0.1.6</version>
 	<default_enable/>
 	<types>
 		<filesystem/>

apps/dav/appinfo/install.php

@@ -25,3 +25,4 @@ $app = new Application();
 $app->setupCron();
 $app->migrateAddressbooks();
 $app->migrateCalendars();
+$app->generateBirthdays();

apps/dav/appinfo/register_command.php

@@ -29,7 +29,6 @@ use OCA\DAV\Command\SyncSystemAddressBook;
 $dbConnection = \OC::$server->getDatabaseConnection();
 $userManager = OC::$server->getUserManager();
 $groupManager = OC::$server->getGroupManager();
-$config = \OC::$server->getConfig();
 
 $app = new Application();
 
@@ -38,12 +37,5 @@ $application->add(new CreateCalendar($userManager, $groupManager, $dbConnection)
 $application->add(new CreateAddressBook($userManager, $app->getContainer()->query('CardDavBackend')));
 $application->add(new SyncSystemAddressBook($app->getSyncService()));
 $application->add(new SyncBirthdayCalendar($userManager, $app->getContainer()->query('BirthdayService')));
-
-// the occ tool is *for now* only available in debug mode for developers to test
-if ($config->getSystemValue('debug', false)){
-	$app = new \OCA\Dav\AppInfo\Application();
-	$migration = $app->getContainer()->query('MigrateAddressbooks');
-	$application->add(new MigrateAddressbooks($userManager, $migration));
-	$migration = $app->getContainer()->query('MigrateCalendars');
-	$application->add(new MigrateCalendars($userManager, $migration));
-}
+$application->add(new MigrateAddressbooks($userManager, $app->getContainer()->query('MigrateAddressbooks')));
+$application->add(new MigrateCalendars($userManager, $app->getContainer()->query('MigrateCalendars')));

apps/dav/appinfo/update.php

@@ -23,3 +23,4 @@ use OCA\Dav\AppInfo\Application;
 
 $app = new Application();
 $app->setupCron();
+$app->generateBirthdays();

apps/dav/appinfo/v1/caldav.php

@@ -23,11 +23,12 @@
 
 // Backends
 use OCA\DAV\CalDAV\CalDavBackend;
+use OCA\DAV\Connector\LegacyDAVACL;
+use OCA\DAV\CalDAV\CalendarRoot;
 use OCA\DAV\Connector\Sabre\Auth;
 use OCA\DAV\Connector\Sabre\ExceptionLoggerPlugin;
 use OCA\DAV\Connector\Sabre\MaintenancePlugin;
 use OCA\DAV\Connector\Sabre\Principal;
-use Sabre\CalDAV\CalendarRoot;
 
 $authBackend = new Auth(
 	\OC::$server->getSession(),
@@ -65,7 +66,7 @@ $server->addPlugin(new MaintenancePlugin());
 $server->addPlugin(new \Sabre\DAV\Auth\Plugin($authBackend, 'ownCloud'));
 $server->addPlugin(new \Sabre\CalDAV\Plugin());
 
-$acl = new \OCA\DAV\Connector\LegacyDAVACL();
+$acl = new LegacyDAVACL();
 $server->addPlugin($acl);
 
 $server->addPlugin(new \Sabre\CalDAV\ICSExportPlugin());

apps/dav/appinfo/v1/publicwebdav.php

@@ -59,6 +59,7 @@ $server = $serverFactory->createServer($baseuri, $requestUri, $authBackend, func
 	$rootShare = \OCP\Share::resolveReShare($share);
 	$owner = $rootShare['uid_owner'];
 	$isWritable = $share['permissions'] & (\OCP\Constants::PERMISSION_UPDATE | \OCP\Constants::PERMISSION_CREATE);
+	$isReadable = $share['permissions'] & \OCP\Constants::PERMISSION_READ;
 	$fileId = $share['file_source'];
 
 	if (!$isWritable) {
@@ -66,6 +67,9 @@ $server = $serverFactory->createServer($baseuri, $requestUri, $authBackend, func
 			return new \OC\Files\Storage\Wrapper\PermissionsMask(array('storage' => $storage, 'mask' => \OCP\Constants::PERMISSION_READ + \OCP\Constants::PERMISSION_SHARE));
 		});
 	}
+	if (!$isReadable) {
+		return false;
+	}
 
 	OC_Util::setupFS($owner);
 	$ownerView = \OC\Files\Filesystem::getView();

apps/dav/command/migratecalendars.php

@@ -61,8 +61,8 @@ class MigrateCalendars extends Command {
 	protected function execute(InputInterface $input, OutputInterface $output) {
 		$this->service->setup();
 
-		if ($input->hasArgument('user')) {
-			$user = $input->getArgument('user');
+		$user = $input->getArgument('user');
+		if (!is_null($user)) {
 			if (!$this->userManager->userExists($user)) {
 				throw new \InvalidArgumentException("User <$user> in unknown.");
 			}

apps/dav/command/syncbirthdaycalendar.php

@@ -61,8 +61,8 @@ class SyncBirthdayCalendar extends Command {
 	 * @param OutputInterface $output
 	 */
 	protected function execute(InputInterface $input, OutputInterface $output) {
-		if ($input->hasArgument('user')) {
-			$user = $input->getArgument('user');
+		$user = $input->getArgument('user');
+		if (!is_null($user)) {
 			if (!$this->userManager->userExists($user)) {
 				throw new \InvalidArgumentException("User <$user> in unknown.");
 			}

apps/dav/lib/caldav/birthdayservice.php

@@ -50,8 +50,7 @@ class BirthdayService {
 
 		$book = $this->cardDavBackEnd->getAddressBookById($addressBookId);
 		$principalUri = $book['principaluri'];
-		$calendarUri = self::BIRTHDAY_CALENDAR_URI;
-		$calendar = $this->ensureCalendarExists($principalUri, $calendarUri, []);
+		$calendar = $this->ensureCalendarExists($principalUri);
 		$objectUri = $book['uri'] . '-' . $cardUri. '.ics';
 		$calendarData = $this->buildBirthdayFromContact($cardData);
 		$existing = $this->calDavBackEnd->getCalendarObject($calendar['id'], $objectUri);
@@ -77,27 +76,27 @@ class BirthdayService {
 	public function onCardDeleted($addressBookId, $cardUri) {
 		$book = $this->cardDavBackEnd->getAddressBookById($addressBookId);
 		$principalUri = $book['principaluri'];
-		$calendarUri = self::BIRTHDAY_CALENDAR_URI;
-		$calendar = $this->ensureCalendarExists($principalUri, $calendarUri, []);
+		$calendar = $this->ensureCalendarExists($principalUri);
 		$objectUri = $book['uri'] . '-' . $cardUri. '.ics';
 		$this->calDavBackEnd->deleteCalendarObject($calendar['id'], $objectUri);
 	}
 
 	/**
 	 * @param string $principal
-	 * @param string $id
-	 * @param array $properties
 	 * @return array|null
 	 * @throws \Sabre\DAV\Exception\BadRequest
 	 */
-	public function ensureCalendarExists($principal, $id, $properties) {
-		$book = $this->calDavBackEnd->getCalendarByUri($principal, $id);
+	public function ensureCalendarExists($principal) {
+		$book = $this->calDavBackEnd->getCalendarByUri($principal, self::BIRTHDAY_CALENDAR_URI);
 		if (!is_null($book)) {
 			return $book;
 		}
-		$this->calDavBackEnd->createCalendar($principal, $id, $properties);
+		$this->calDavBackEnd->createCalendar($principal, self::BIRTHDAY_CALENDAR_URI, [
+			'{DAV:}displayname' => 'Contact birthdays',
+			'{http://apple.com/ns/ical/}calendar-color' => '#FFFFCA',
+		]);
 
-		return $this->calDavBackEnd->getCalendarByUri($principal, $id);
+		return $this->calDavBackEnd->getCalendarByUri($principal, self::BIRTHDAY_CALENDAR_URI);
 	}
 
 	/**
@@ -156,7 +155,9 @@ class BirthdayService {
 	 * @param string $user
 	 */
 	public function syncUser($user) {
-		$books = $this->cardDavBackEnd->getAddressBooksForUser('principals/users/'.$user);
+		$principal = 'principals/users/'.$user;
+		$this->ensureCalendarExists($principal);
+		$books = $this->cardDavBackEnd->getAddressBooksForUser($principal);
 		foreach($books as $book) {
 			$cards = $this->cardDavBackEnd->getCards($book['id']);
 			foreach($cards as $card) {

apps/dav/lib/caldav/caldavbackend.php

@@ -138,6 +138,7 @@ class CalDavBackend extends AbstractBackend implements SyncSupport, Subscription
 	 * @return array
 	 */
 	function getCalendarsForUser($principalUri) {
+		$principalUriOriginal = $principalUri;
 		$principalUri = $this->convertPrincipal($principalUri, true);
 		$fields = array_values($this->propertyMap);
 		$fields[] = 'id';
@@ -184,7 +185,7 @@ class CalDavBackend extends AbstractBackend implements SyncSupport, Subscription
 		$stmt->closeCursor();
 
 		// query for shared calendars
-		$principals = $this->principalBackend->getGroupMembership($principalUri);
+		$principals = $this->principalBackend->getGroupMembership($principalUriOriginal, true);
 		$principals[]= $principalUri;
 
 		$fields = array_values($this->propertyMap);
@@ -194,6 +195,7 @@ class CalDavBackend extends AbstractBackend implements SyncSupport, Subscription
 		$fields[] = 'a.components';
 		$fields[] = 'a.principaluri';
 		$fields[] = 'a.transparent';
+		$fields[] = 's.access';
 		$query = $this->db->getQueryBuilder();
 		$result = $query->select($fields)
 			->from('dav_shares', 's')
@@ -221,6 +223,7 @@ class CalDavBackend extends AbstractBackend implements SyncSupport, Subscription
 				'{' . Plugin::NS_CALDAV . '}supported-calendar-component-set' => new SupportedCalendarComponentSet($components),
 				'{' . Plugin::NS_CALDAV . '}schedule-calendar-transp' => new ScheduleCalendarTransp($row['transparent']?'transparent':'opaque'),
 				'{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}owner-principal' => $row['principaluri'],
+				'{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}read-only' => (int)$row['access'] === Backend::ACCESS_READ,
 			];
 
 			foreach($this->propertyMap as $xmlName=>$dbName) {
@@ -815,9 +818,9 @@ class CalDavBackend extends AbstractBackend implements SyncSupport, Subscription
 	function getCalendarObjectByUID($principalUri, $uid) {
 
 		$query = $this->db->getQueryBuilder();
-		$query->select([$query->createFunction('c.`uri` AS `calendaruri`'), $query->createFunction('co.`uri` AS `objecturi`')])
+		$query->selectAlias('c.uri', 'calendaruri')->selectAlias('co.uri', 'objecturi')
 			->from('calendarobjects', 'co')
-			->leftJoin('co', 'calendars', 'c', 'co.`calendarid` = c.`id`')
+			->leftJoin('co', 'calendars', 'c', $query->expr()->eq('co.calendarid', 'c.id'))
 			->where($query->expr()->eq('c.principaluri', $query->createNamedParameter($principalUri)))
 			->andWhere($query->expr()->eq('co.uid', $query->createNamedParameter($uid)));
 
@@ -1294,7 +1297,7 @@ class CalDavBackend extends AbstractBackend implements SyncSupport, Subscription
 		if (!$componentType) {
 			throw new \Sabre\DAV\Exception\BadRequest('Calendar objects must have a VJOURNAL, VEVENT or VTODO component');
 		}
-		if ($componentType === 'VEVENT') {
+		if ($componentType === 'VEVENT' && $component->DTSTART) {
 			$firstOccurence = $component->DTSTART->getDateTime()->getTimeStamp();
 			// Finding the last occurence is a bit harder
 			if (!isset($component->RRULE)) {
@@ -1333,7 +1336,7 @@ class CalDavBackend extends AbstractBackend implements SyncSupport, Subscription
 				'etag' => md5($calendarData),
 				'size' => strlen($calendarData),
 				'componentType' => $componentType,
-				'firstOccurence' => $firstOccurence,
+				'firstOccurence' => is_null($firstOccurence) ? null : max(0, $firstOccurence),
 				'lastOccurence'  => $lastOccurence,
 				'uid' => $uid,
 		];

apps/dav/lib/caldav/calendar.php

@@ -22,7 +22,9 @@
 namespace OCA\DAV\CalDAV;
 
 use OCA\DAV\DAV\Sharing\IShareable;
+use Sabre\CalDAV\Backend\BackendInterface;
 use Sabre\DAV\Exception\Forbidden;
+use Sabre\DAV\PropPatch;
 
 class Calendar extends \Sabre\CalDAV\Calendar implements IShareable {
 
@@ -76,7 +78,33 @@ class Calendar extends \Sabre\CalDAV\Calendar implements IShareable {
 	}
 
 	function getACL() {
-		$acl = parent::getACL();
+		$acl =  [
+			[
+				'privilege' => '{DAV:}read',
+				'principal' => $this->getOwner(),
+				'protected' => true,
+			]];
+		if ($this->getName() !== BirthdayService::BIRTHDAY_CALENDAR_URI) {
+			$acl[] = [
+				'privilege' => '{DAV:}write',
+				'principal' => $this->getOwner(),
+				'protected' => true,
+			];
+		}
+		if ($this->getOwner() !== parent::getOwner()) {
+			$acl[] =  [
+					'privilege' => '{DAV:}read',
+					'principal' => parent::getOwner(),
+					'protected' => true,
+				];
+			if ($this->canWrite()) {
+				$acl[] = [
+					'privilege' => '{DAV:}write',
+					'principal' => parent::getOwner(),
+					'protected' => true,
+				];
+			}
+		}
 
 		/** @var CalDavBackend $calDavBackend */
 		$calDavBackend = $this->caldavBackend;
@@ -84,11 +112,7 @@ class Calendar extends \Sabre\CalDAV\Calendar implements IShareable {
 	}
 
 	function getChildACL() {
-		$acl = parent::getChildACL();
-
-		/** @var CalDavBackend $calDavBackend */
-		$calDavBackend = $this->caldavBackend;
-		return $calDavBackend->applyShareAcl($this->getResourceId(), $acl);
+		return $this->getACL();
 	}
 
 	function getOwner() {
@@ -99,10 +123,6 @@ class Calendar extends \Sabre\CalDAV\Calendar implements IShareable {
 	}
 
 	function delete() {
-		if ($this->getName() === BirthdayService::BIRTHDAY_CALENDAR_URI) {
-			throw new Forbidden();
-		}
-
 		if (isset($this->calendarInfo['{http://owncloud.org/ns}owner-principal'])) {
 			$principal = 'principal:' . parent::getOwner();
 			$shares = $this->getShares();
@@ -122,4 +142,21 @@ class Calendar extends \Sabre\CalDAV\Calendar implements IShareable {
 		}
 		parent::delete();
 	}
+
+	function propPatch(PropPatch $propPatch) {
+		$mutations = $propPatch->getMutations();
+		// If this is a shared calendar, the user can only change the enabled property, to hide it.
+		if (isset($this->calendarInfo['{http://owncloud.org/ns}owner-principal']) && (sizeof($mutations) !== 1 || !isset($mutations['{http://owncloud.org/ns}calendar-enabled']))) {
+			throw new Forbidden();
+		}
+		parent::propPatch($propPatch);
+	}
+
+	private function canWrite() {
+		if (isset($this->calendarInfo['{http://owncloud.org/ns}read-only'])) {
+			return !$this->calendarInfo['{http://owncloud.org/ns}read-only'];
+		}
+		return true;
+	}
+
 }

apps/dav/lib/carddav/addressbook.php

@@ -21,15 +21,13 @@
 namespace OCA\DAV\CardDAV;
 
 use OCA\DAV\DAV\Sharing\IShareable;
+use Sabre\CardDAV\Card;
 use Sabre\DAV\Exception\Forbidden;
 use Sabre\DAV\Exception\NotFound;
+use Sabre\DAV\PropPatch;
 
 class AddressBook extends \Sabre\CardDAV\AddressBook implements IShareable {
 
-	public function __construct(CardDavBackend $carddavBackend, array $addressBookInfo) {
-		parent::__construct($carddavBackend, $addressBookInfo);
-	}
-
 	/**
 	 * Updates the list of shares.
 	 *
@@ -73,7 +71,31 @@ class AddressBook extends \Sabre\CardDAV\AddressBook implements IShareable {
 	}
 
 	function getACL() {
-		$acl = parent::getACL();
+		$acl =  [
+			[
+				'privilege' => '{DAV:}read',
+				'principal' => $this->getOwner(),
+				'protected' => true,
+			]];
+		$acl[] = [
+				'privilege' => '{DAV:}write',
+				'principal' => $this->getOwner(),
+				'protected' => true,
+			];
+		if ($this->getOwner() !== parent::getOwner()) {
+			$acl[] =  [
+					'privilege' => '{DAV:}read',
+					'principal' => parent::getOwner(),
+					'protected' => true,
+				];
+			if ($this->canWrite()) {
+				$acl[] = [
+					'privilege' => '{DAV:}write',
+					'principal' => parent::getOwner(),
+					'protected' => true,
+				];
+			}
+		}
 		if ($this->getOwner() === 'principals/system/system') {
 			$acl[] = [
 					'privilege' => '{DAV:}read',
@@ -82,49 +104,24 @@ class AddressBook extends \Sabre\CardDAV\AddressBook implements IShareable {
 			];
 		}
 
-		// add the current user
-		if (isset($this->addressBookInfo['{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}owner-principal'])) {
-			$owner = $this->addressBookInfo['{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}owner-principal'];
-			$acl[] = [
-					'privilege' => '{DAV:}read',
-					'principal' => $owner,
-					'protected' => true,
-				];
-			if ($this->addressBookInfo['{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}read-only']) {
-				$acl[] = [
-					'privilege' => '{DAV:}write',
-					'principal' => $owner,
-					'protected' => true,
-				];
-			}
-		}
-
 		/** @var CardDavBackend $carddavBackend */
 		$carddavBackend = $this->carddavBackend;
 		return $carddavBackend->applyShareAcl($this->getResourceId(), $acl);
 	}
 
 	function getChildACL() {
-		$acl = parent::getChildACL();
-		if ($this->getOwner() === 'principals/system/system') {
-			$acl[] = [
-					'privilege' => '{DAV:}read',
-					'principal' => '{DAV:}authenticated',
-					'protected' => true,
-			];
-		}
-
-		/** @var CardDavBackend $carddavBackend */
-		$carddavBackend = $this->carddavBackend;
-		return $carddavBackend->applyShareAcl($this->getResourceId(), $acl);
+		return $this->getACL();
 	}
 
 	function getChild($name) {
-		$obj = $this->carddavBackend->getCard($this->getResourceId(), $name);
+
+		$obj = $this->carddavBackend->getCard($this->addressBookInfo['id'], $name);
 		if (!$obj) {
 			throw new NotFound('Card not found');
 		}
+		$obj['acl'] = $this->getChildACL();
 		return new Card($this->carddavBackend, $this->addressBookInfo, $obj);
+
 	}
 
 	/**
@@ -162,10 +159,24 @@ class AddressBook extends \Sabre\CardDAV\AddressBook implements IShareable {
 		parent::delete();
 	}
 
+	function propPatch(PropPatch $propPatch) {
+		if (isset($this->addressBookInfo['{http://owncloud.org/ns}owner-principal'])) {
+			throw new Forbidden();
+		}
+		parent::propPatch($propPatch);
+	}
+
 	public function getContactsGroups() {
 		/** @var CardDavBackend $cardDavBackend */
 		$cardDavBackend = $this->carddavBackend;
 
 		return $cardDavBackend->collectCardProperties($this->getResourceId(), 'CATEGORIES');
 	}
+
+	private function canWrite() {
+		if (isset($this->addressBookInfo['{http://owncloud.org/ns}read-only'])) {
+			return !$this->addressBookInfo['{http://owncloud.org/ns}read-only'];
+		}
+		return true;
+	}
 }

apps/dav/lib/carddav/carddavbackend.php

@@ -62,10 +62,6 @@ class CardDavBackend implements BackendInterface, SyncSupport {
 			'BDAY', 'UID', 'N', 'FN', 'TITLE', 'ROLE', 'NOTE', 'NICKNAME',
 			'ORG', 'CATEGORIES', 'EMAIL', 'TEL', 'IMPP', 'ADR', 'URL', 'GEO', 'CLOUD');
 
-	const ACCESS_OWNER = 1;
-	const ACCESS_READ_WRITE = 2;
-	const ACCESS_READ = 3;
-
 	/** @var EventDispatcherInterface */
 	private $dispatcher;
 
@@ -78,7 +74,7 @@ class CardDavBackend implements BackendInterface, SyncSupport {
 	 */
 	public function __construct(IDBConnection $db,
 								Principal $principalBackend,
-								$dispatcher ) {
+								EventDispatcherInterface $dispatcher = null) {
 		$this->db = $db;
 		$this->principalBackend = $principalBackend;
 		$this->dispatcher = $dispatcher;
@@ -103,6 +99,7 @@ class CardDavBackend implements BackendInterface, SyncSupport {
 	 * @return array
 	 */
 	function getAddressBooksForUser($principalUri) {
+		$principalUriOriginal = $principalUri;
 		$principalUri = $this->convertPrincipal($principalUri, true);
 		$query = $this->db->getQueryBuilder();
 		$query->select(['id', 'uri', 'displayname', 'principaluri', 'description', 'synctoken'])
@@ -126,7 +123,7 @@ class CardDavBackend implements BackendInterface, SyncSupport {
 		$result->closeCursor();
 
 		// query for shared calendars
-		$principals = $this->principalBackend->getGroupMembership($principalUri);
+		$principals = $this->principalBackend->getGroupMembership($principalUriOriginal, true);
 		$principals[]= $principalUri;
 
 		$query = $this->db->getQueryBuilder();
@@ -153,7 +150,7 @@ class CardDavBackend implements BackendInterface, SyncSupport {
 					'{http://calendarserver.org/ns/}getctag' => $row['synctoken'],
 					'{http://sabredav.org/ns}sync-token' => $row['synctoken']?$row['synctoken']:'0',
 					'{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}owner-principal' => $row['principaluri'],
-					'{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}read-only' => $row['access'] === self::ACCESS_READ,
+					'{' . \OCA\DAV\DAV\Sharing\Plugin::NS_OWNCLOUD . '}read-only' => (int)$row['access'] === Backend::ACCESS_READ,
 				];
 			}
 		}
@@ -848,7 +845,7 @@ class CardDavBackend implements BackendInterface, SyncSupport {
 		$query = $this->db->getQueryBuilder();
 		$query->select('*')->from($this->dbCardsTable)
 				->where($query->expr()->eq('uri', $query->createNamedParameter($uri)))
-				->where($query->expr()->eq('addressbookid', $query->createNamedParameter($addressBookId)));
+				->andWhere($query->expr()->eq('addressbookid', $query->createNamedParameter($addressBookId)));
 		$queryResult = $query->execute();
 		$contact = $queryResult->fetch();
 		$queryResult->closeCursor();

apps/dav/lib/connector/legacydavacl.php

@@ -23,7 +23,10 @@
 namespace OCA\DAV\Connector;
 
 use OCA\DAV\Connector\Sabre\DavAclPlugin;
+use Sabre\DAV\INode;
+use Sabre\DAV\PropFind;
 use Sabre\HTTP\URLUtil;
+use Sabre\DAVACL\Xml\Property\Principal;
 
 class LegacyDAVACL extends DavAclPlugin {
 
@@ -67,4 +70,16 @@ class LegacyDAVACL extends DavAclPlugin {
 		}
 		return "principals/$name";
 	}
+
+	function propFind(PropFind $propFind, INode $node) {
+		/* Overload current-user-principal */
+		$propFind->handle('{DAV:}current-user-principal', function () {
+			if ($url = parent::getCurrentUserPrincipal()) {
+				return new Principal(Principal::HREF, $url . '/');
+			} else {
+				return new Principal(Principal::UNAUTHENTICATED);
+			}
+		});
+		parent::propFind($propFind, $node);
+	}
 }

apps/dav/lib/connector/publicauth.php

@@ -61,6 +61,11 @@ class PublicAuth extends \Sabre\DAV\Auth\Backend\AbstractBasic {
 			return false;
 		}
 
+		if ((int)$linkItem['share_type'] === \OCP\Share::SHARE_TYPE_LINK &&
+			$this->config->getAppValue('core', 'shareapi_allow_public_upload', 'yes') !== 'yes') {
+			$this->share['permissions'] &= ~(\OCP\Constants::PERMISSION_CREATE | \OCP\Constants::PERMISSION_UPDATE);
+		}
+
 		// check if the share is password protected
 		if (isset($linkItem['share_with'])) {
 			if ($linkItem['share_type'] == \OCP\Share::SHARE_TYPE_LINK) {

apps/dav/lib/connector/sabre/auth.php

@@ -30,6 +30,7 @@
 namespace OCA\DAV\Connector\Sabre;
 
 use Exception;
+use OC\AppFramework\Http\Request;
 use OCP\IRequest;
 use OCP\ISession;
 use OCP\IUserSession;
@@ -48,6 +49,8 @@ class Auth extends AbstractBasic {
 	private $userSession;
 	/** @var IRequest */
 	private $request;
+	/** @var string */
+	private $currentUser;
 
 	/**
 	 * @param ISession $session
@@ -130,7 +133,46 @@ class Auth extends AbstractBasic {
 			$msg = $e->getMessage();
 			throw new ServiceUnavailable("$class: $msg");
 		}
-    }
+	}
+
+	/**
+	 * Checks whether a CSRF check is required on the request
+	 *
+	 * @return bool
+	 */
+	private function requiresCSRFCheck() {
+		// GET requires no check at all
+		if($this->request->getMethod() === 'GET') {
+			return false;
+		}
+
+		// Official ownCloud clients require no checks
+		if($this->request->isUserAgent([
+			Request::USER_AGENT_OWNCLOUD_DESKTOP,
+			Request::USER_AGENT_OWNCLOUD_ANDROID,
+			Request::USER_AGENT_OWNCLOUD_IOS,
+		])) {
+			return false;
+		}
+
+		// If not logged-in no check is required
+		if(!$this->userSession->isLoggedIn()) {
+			return false;
+		}
+
+		// POST always requires a check
+		if($this->request->getMethod() === 'POST') {
+			return true;
+		}
+
+		// If logged-in AND DAV authenticated no check is required
+		if($this->userSession->isLoggedIn() &&
+			$this->isDavAuthenticated($this->userSession->getUser()->getUID())) {
+			return false;
+		}
+
+		return true;
+	}
 
 	/**
 	 * @param RequestInterface $request
@@ -139,27 +181,33 @@ class Auth extends AbstractBasic {
 	 * @throws NotAuthenticated
 	 */
 	private function auth(RequestInterface $request, ResponseInterface $response) {
-		// If request is not GET and not authenticated via WebDAV a requesttoken is required
-		if($this->userSession->isLoggedIn() &&
-			$this->request->getMethod() !== 'GET' &&
-			!$this->isDavAuthenticated($this->userSession->getUser()->getUID())) {
-			if(!$this->request->passesCSRFCheck()) {
+		$forcedLogout = false;
+		if(!$this->request->passesCSRFCheck() &&
+			$this->requiresCSRFCheck()) {
+			// In case of a fail with POST we need to recheck the credentials
+			if($this->request->getMethod() === 'POST') {
+				$forcedLogout = true;
+			} else {
 				$response->setStatus(401);
 				throw new \Sabre\DAV\Exception\NotAuthenticated('CSRF check not passed.');
 			}
 		}
 
-		if (\OC_User::handleApacheAuth() ||
-			//Fix for broken webdav clients
-			($this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED))) ||
-			//Well behaved clients that only send the cookie are allowed
-			($this->userSession->isLoggedIn() && $this->session->get(self::DAV_AUTHENTICATED) === $this->userSession->getUser()->getUID() && $request->getHeader('Authorization') === null)
-		) {
-			$user = $this->userSession->getUser()->getUID();
-			\OC_Util::setupFS($user);
-			$this->currentUser = $user;
-			$this->session->close();
-			return [true, $this->principalPrefix . $user];
+		if($forcedLogout) {
+			$this->userSession->logout();
+		} else {
+			if (\OC_User::handleApacheAuth() ||
+				//Fix for broken webdav clients
+				($this->userSession->isLoggedIn() && is_null($this->session->get(self::DAV_AUTHENTICATED))) ||
+				//Well behaved clients that only send the cookie are allowed
+				($this->userSession->isLoggedIn() && $this->session->get(self::DAV_AUTHENTICATED) === $this->userSession->getUser()->getUID() && $request->getHeader('Authorization') === null)
+			) {
+				$user = $this->userSession->getUser()->getUID();
+				\OC_Util::setupFS($user);
+				$this->currentUser = $user;
+				$this->session->close();
+				return [true, $this->principalPrefix . $user];
+			}
 		}
 
 		if (!$this->userSession->isLoggedIn() && in_array('XMLHttpRequest', explode(',', $request->getHeader('X-Requested-With')))) {
@@ -169,6 +217,12 @@ class Auth extends AbstractBasic {
 			throw new \Sabre\DAV\Exception\NotAuthenticated('Cannot authenticate over ajax calls');
 		}
 
-		return parent::check($request, $response);
+		$data = parent::check($request, $response);
+		if($data[0] === true) {
+			$startPos = strrpos($data[1], '/') + 1;
+			$user = $this->userSession->getUser()->getUID();
+			$data[1] = substr_replace($data[1], $user, $startPos);
+		}
+		return $data;
 	}
 }

apps/dav/lib/connector/sabre/dummygetresponseplugin.php

@@ -57,7 +57,7 @@ class DummyGetResponsePlugin extends \Sabre\DAV\ServerPlugin {
 	 */
 	function httpGet(RequestInterface $request, ResponseInterface $response) {
 		$string = 'This is the WebDAV interface. It can only be accessed by ' .
-			'WebDAV clients such as the ownCloud desktop sync client.';
+			'WebDAV clients such as the Nextcloud desktop sync client.';
 		$stream = fopen('php://memory','r+');
 		fwrite($stream, $string);
 		rewind($stream);

apps/dav/lib/connector/sabre/filesplugin.php

@@ -27,6 +27,7 @@
 
 namespace OCA\DAV\Connector\Sabre;
 
+use OCP\Files\ForbiddenException;
 use Sabre\DAV\Exception\NotFound;
 use Sabre\DAV\IFile;
 use \Sabre\DAV\PropFind;
@@ -75,16 +76,26 @@ class FilesPlugin extends \Sabre\DAV\ServerPlugin {
 	 */
 	private $fileView;
 
+	/**
+	* @var IRequest
+	*/
+	private $request;
+
 	/**
 	 * @param \Sabre\DAV\Tree $tree
 	 * @param \OC\Files\View $view
+	 * @param \OCP\IRequest $request
 	 * @param bool $isPublic
 	 */
-	public function __construct(\Sabre\DAV\Tree $tree,
-	                            \OC\Files\View $view,
-	                            $isPublic = false) {
+	public function __construct(
+			\Sabre\DAV\Tree $tree,
+			\OC\Files\View $view,
+			\OCP\IRequest $request,
+			$isPublic = false
+	) {
 		$this->tree = $tree;
 		$this->fileView = $view;
+		$this->request = $request;
 		$this->isPublic = $isPublic;
 	}
 
@@ -192,7 +203,18 @@ class FilesPlugin extends \Sabre\DAV\ServerPlugin {
 		if (!($node instanceof IFile)) return;
 
 		// adds a 'Content-Disposition: attachment' header
-		$response->addHeader('Content-Disposition', 'attachment');
+		$filename = $node->getName();
+		if ($this->request->isUserAgent(
+			[
+				\OC\AppFramework\Http\Request::USER_AGENT_IE,
+				\OC\AppFramework\Http\Request::USER_AGENT_ANDROID_MOBILE_CHROME,
+				\OC\AppFramework\Http\Request::USER_AGENT_FREEBOX,
+			])) {
+			$response->addHeader('Content-Disposition', 'attachment; filename="' . rawurlencode($filename) . '"');
+		} else {
+			$response->addHeader('Content-Disposition', 'attachment; filename*=UTF-8\'\'' . rawurlencode($filename)
+												 . '; filename="' . rawurlencode($filename) . '"');
+		}
 
 		if ($node instanceof \OCA\DAV\Connector\Sabre\File) {
 			//Add OC-Checksum header
@@ -235,6 +257,16 @@ class FilesPlugin extends \Sabre\DAV\ServerPlugin {
 			$propFind->handle(self::GETETAG_PROPERTYNAME, function() use ($node) {
 				return $node->getEtag();
 			});
+
+			$propFind->handle(self::OWNER_ID_PROPERTYNAME, function() use ($node) {
+				$owner = $node->getOwner();
+				return $owner->getUID();
+			});
+			$propFind->handle(self::OWNER_DISPLAY_NAME_PROPERTYNAME, function() use ($node) {
+				$owner = $node->getOwner();
+				$displayName = $owner->getDisplayName();
+				return $displayName;
+			});
 		}
 
 		if ($node instanceof \OCA\DAV\Connector\Sabre\File) {
@@ -247,6 +279,8 @@ class FilesPlugin extends \Sabre\DAV\ServerPlugin {
 					}
 				} catch (StorageNotAvailableException $e) {
 					return false;
+				} catch (ForbiddenException $e) {
+					return false;
 				}
 				return false;
 			});
@@ -267,16 +301,6 @@ class FilesPlugin extends \Sabre\DAV\ServerPlugin {
 				return $node->getSize();
 			});
 		}
-
-		$propFind->handle(self::OWNER_ID_PROPERTYNAME, function() use ($node) {
-			$owner = $node->getOwner();
-			return $owner->getUID();
-		});
-		$propFind->handle(self::OWNER_DISPLAY_NAME_PROPERTYNAME, function() use ($node) {
-			$owner = $node->getOwner();
-			$displayName = $owner->getDisplayName();
-			return $displayName;
-		});
 	}
 
 	/**

apps/dav/lib/connector/sabre/node.php

@@ -230,7 +230,7 @@ abstract class Node implements \Sabre\DAV\INode {
 		if ($this->info->isDeletable()) {
 			$p .= 'D';
 		}
-		if ($this->info->isDeletable()) {
+		if ($this->info->isUpdateable()) {
 			$p .= 'NV'; // Renameable, Moveable
 		}
 		if ($this->info->getType() === \OCP\Files\FileInfo::TYPE_FILE) {