feat(contactsinteraction): allow users to disable contacts interaction addressbook

This allows simple users to opt-out of the contacts interaction addressbook even if admins have the app installed. Similar to how the birthday calendar works, the functionnality can be toggled in the user's settings or by doing a DELETE on the addressbook. A new contacts personal section has been added to contain this new setting. Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2024-08-27 10:54:18 +02:00
3886 changed files with 81492 additions and 61639 deletions
@@ -3,15 +3,6 @@
 # SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
 # SPDX-License-Identifier: AGPL-3.0-or-later

-# Format control structures
-caff1023ea72bb2ea94130e18a2a6e2ccf819e5f
-# Update to coding-standard 1.1.1
-aa5f037af71c915424c6dcfd5ad2dc82797dc0d6
 # Update to coding-standard 1.2.3
 af6de04e9e141466dc229e444ff3f146f4a34765
 0bd284cb81b6866338aaaa67aa1d81ef9bfbb2ab
-8af7ecb2576071f170ecbb0aa2311b26581e40e2
-# Update to coding-standard 1.3.1
-9836e9b16484582d309c8437ab46d82e34956941
-# Automated refactorings
-49dd79eabb2b8902559a7a4e8f8fcad54f46b604
@@ -37,9 +37,9 @@
 /apps/files_trashbin/src*         @skjnldsv

 # Security team
-/build/psalm-baseline-security.xml  @nickvergessen
 /resources/codesigning              @mgallien @miaulalala @nickvergessen
 /resources/config/ca-bundle.crt     @ChristophWurst @miaulalala @nickvergessen
+/.drone.yml                         @nickvergessen

 # Two-Factor Authentication
 # https://github.com/nextcloud/wg-two-factor-authentication#members
@@ -62,6 +62,22 @@ body:
      description: Describe what you expected to happen instead.
    validations:
      required: true
+  - type: dropdown
+    id: install-method
+    attributes:
+      label: Installation method
+      description: |
+        Select installation method you've used.
+        _Describe the method in the "Additional info" section if you chose "Other"._
+      options:
+        - "Community Web installer on a VPS or web space"
+        - "Community Manual installation with Archive"
+        - "Community Docker image"
+        - "Community NextcloudPi appliance"
+        - "Community SNAP package"
+        - "Community VM appliance"
+        - "Other Community project"
+        - "Official All-in-One appliance"
  - type: dropdown
    id: nextcloud-version
    attributes:
@@ -72,7 +88,6 @@ body:
      options:
        - "28"
        - "29"
-        - "30"
        - "master"
    validations:
      required: true
@@ -95,10 +110,10 @@ body:
        Select PHP engine version serving Nextcloud Server.
        _Describe in the "Additional info" section if you chose "Other"._
      options:
-        - "PHP 8.3"
-        - "PHP 8.2"
-        - "PHP 8.1"
        - "PHP 8.0"
+        - "PHP 8.1"
+        - "PHP 8.2"
+        - "PHP 8.3"
        - "Other"
  - type: dropdown
    id: webserver
@@ -59,20 +59,6 @@ updates:
  reviewers:
    - "nextcloud/server-dependabot"

-# phpunit
- package-ecosystem: composer
-  directory: "/vendor-bin/phpunit"
-  schedule:
-    interval: weekly
-    day: saturday
-    time: "04:40"
-    timezone: Europe/Madrid
-  labels:
-    - "3. to review"
-    - "feature: dependencies"
-  reviewers:
-    - "nextcloud/server-dependabot"
-
 # Main master npm
 - package-ecosystem: npm
  directory: "/"
@@ -45,13 +45,13 @@ jobs:

    strategy:
      matrix:
-        php-versions: ['8.1']
+        php-versions: ['8.3']

    name: PHP checkers

    steps:
      - name: Checkout server
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
          submodules: true

@@ -31,7 +31,7 @@ jobs:
              - 'version.php'

      - name: Checkout
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: 3rdparty commit hash on current branch
        id: actual
@@ -27,7 +27,7 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - uses: webiny/action-conventional-commits@8bc41ff4e7d423d56fa4905f6ff79209a78776c7 # v1.3.0
        with:
@@ -100,7 +100,7 @@ jobs:
          key: git-repo

      - name: Checkout ${{ needs.init.outputs.head_ref }}
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          fetch-depth: 0
@@ -119,7 +119,7 @@ jobs:
          fallbackNpm: '^10'

      - name: Set up node ${{ steps.package-engines-versions.outputs.nodeVersion }}
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v3
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v3
        with:
          node-version: ${{ steps.package-engines-versions.outputs.nodeVersion }}
          cache: npm
@@ -38,7 +38,7 @@ jobs:
        id: comment-branch

      - name: Checkout ${{ steps.comment-branch.outputs.head_ref }}
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
          fetch-depth: 0
          token: ${{ secrets.COMMAND_BOT_PAT }}
@@ -41,7 +41,7 @@ jobs:
          exit 1

      - name: Checkout server
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          # We need to checkout submodules for 3rdparty
          submodules: true
@@ -64,7 +64,7 @@ jobs:
          fallbackNpm: "^10"

      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
        with:
          node-version: ${{ steps.versions.outputs.nodeVersion }}

@@ -80,7 +80,7 @@ jobs:
        run: npm run cypress:version

      - name: Save context
-        uses: buildjet/cache/save@v4
+        uses: buildjet/cache/save@e376f15c6ec6dc595375c78633174c7e5f92dc0e # v3
        with:
          key: cypress-context-${{ github.run_id }}
          path: ./
@@ -103,14 +103,14 @@ jobs:

    steps:
      - name: Restore context
-        uses: buildjet/cache/restore@v4
+        uses: buildjet/cache/restore@e376f15c6ec6dc595375c78633174c7e5f92dc0e # v3
        with:
          fail-on-cache-miss: true
          key: cypress-context-${{ github.run_id }}
          path: ./

      - name: Set up node ${{ needs.init.outputs.nodeVersion }}
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
        with:
          node-version: ${{ needs.init.outputs.nodeVersion }}

@@ -121,7 +121,7 @@ jobs:
        run: ./node_modules/cypress/bin/cypress install

      - name: Run ${{ matrix.containers == 'component' && 'component' || 'E2E' }} cypress tests
-        uses: cypress-io/github-action@0da3c06ed8217b912deea9d8ee69630baed1737e # v6.7.6
+        uses: cypress-io/github-action@df7484c5ba85def7eef30db301afa688187bc378 # v6.7.2
        with:
          # We already installed the dependencies in the init job
          install: false
@@ -143,7 +143,7 @@ jobs:
          SPLIT_INDEX: ${{ matrix.containers == 'component' && 0 || matrix.containers }}

      - name: Upload snapshots
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
        if: always()
        with:
          name: snapshots_${{ matrix.containers }}
@@ -154,7 +154,7 @@ jobs:
        run: docker logs nextcloud-cypress-tests-${{ env.APP_NAME }} > nextcloud.log

      - name: Upload NC logs
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
        if: failure() && matrix.containers != 'component'
        with:
          name: nc_logs_${{ matrix.containers }}
@@ -165,7 +165,7 @@ jobs:
        run: docker exec nextcloud-cypress-tests-server tar -cvjf - data > data.tar

      - name: Upload data dir archive
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b # v4.3.4
        if: failure() && matrix.containers != 'component'
        with:
          name: nc_data_${{ matrix.containers }}
@@ -53,7 +53,7 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
          submodules: true

@@ -60,7 +60,7 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
          submodules: true

@@ -135,7 +135,7 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
          submodules: true

@@ -53,7 +53,7 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
          submodules: true

@@ -43,12 +43,12 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
          submodules: true

      - name: Checkout user_saml
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
          repository: nextcloud/user_saml
          path: apps/user_saml
@@ -56,7 +56,7 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
          submodules: true

@@ -94,7 +94,7 @@ jobs:

      - name: Upload code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@4b21c320b5517fc6ffd4406a28e66325c721dc20 # v4.1.1
+        uses: codecov/codecov-action@922d8d7b314a529f2be903c1e79ee8283c492863 # v4.1.1
        with:
          files: ./clover.xml
          flags: phpunit-files-external-smb
@@ -56,7 +56,7 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
          submodules: true

@@ -91,7 +91,7 @@ jobs:

      - name: Upload code coverage
        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@4b21c320b5517fc6ffd4406a28e66325c721dc20 # v4.1.1
+        uses: codecov/codecov-action@922d8d7b314a529f2be903c1e79ee8283c492863 # v4.1.1
        with:
          files: ./clover.xml
          flags: phpunit-files-external-webdav
@@ -49,7 +49,7 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
          submodules: true

@@ -43,7 +43,7 @@ jobs:
      # do not stop on another job's failure
      fail-fast: false
      matrix:
-        php-versions: ['8.1']
+        php-versions: ['8.3']
        endpoint: ['old', 'new']
        service: ['CalDAV', 'CardDAV']

@@ -51,7 +51,7 @@ jobs:

    steps:
        - name: Checkout server
-          uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
+          uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
          with:
            submodules: true

@@ -99,9 +99,9 @@ jobs:

        - name: Run CalDAVTester
          run: |
-            cp "apps/dav/tests/testsuits/caldavtest/serverinfo-${{ matrix.endpoint }}${{ matrix.endpoint == 'old' && (matrix.service == 'CardDAV' && '-carddav' || '-caldav') || '' }}-endpoint.xml" "apps/dav/tests/testsuits/caldavtest/serverinfo.xml"
+            cp "apps/dav/tests/travis/caldavtest/serverinfo-${{ matrix.endpoint }}${{ matrix.endpoint == 'old' && (matrix.service == 'CardDAV' && '-carddav' || '-caldav') || '' }}-endpoint.xml" "apps/dav/tests/travis/caldavtest/serverinfo.xml"
            pushd CalDAVTester
-            PYTHONPATH="../pycalendar/src" python testcaldav.py --print-details-onfail --basedir "../apps/dav/tests/testsuits/caldavtest" -o cdt.txt \
+            PYTHONPATH="../pycalendar/src" python testcaldav.py --print-details-onfail --basedir "../apps/dav/tests/travis/caldavtest" -o cdt.txt \
              "${{ matrix.service }}/current-user-principal.xml" \
              "${{ matrix.service }}/sync-report.xml" \
              ${{ matrix.endpoint == 'new' && format('{0}/sharing-{1}.xml', matrix.service, matrix.service == 'CalDAV' && 'calendars' || 'addressbooks') || ';' }}
@@ -43,14 +43,14 @@ jobs:
      # do not stop on another job's failure
      fail-fast: false
      matrix:
-        php-versions: ['8.1']
+        php-versions: ['8.3']
        endpoint: ['webdav', 'dav']

    name: Litmus WebDAV ${{ matrix.endpoint }}

    steps:
        - name: Checkout server
-          uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
+          uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
          with:
            submodules: true

@@ -65,7 +65,7 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
          submodules: true

@@ -41,7 +41,6 @@ jobs:
              - '.php-cs-fixer.dist.php'
              - 'composer.json'
              - 'composer.lock'
-              - 'core/shipped.json'

  integration-sqlite:
    runs-on: ubuntu-latest
@@ -70,7 +69,7 @@ jobs:
          - 'sharing_features'
          - 'videoverification_features'

-        php-versions: ['8.1']
+        php-versions: ['8.2']
        spreed-versions: ['main']

    services:
@@ -91,13 +90,13 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          submodules: true

      - name: Checkout Talk app
        if: ${{ matrix.test-suite == 'videoverification_features' }}
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          repository: nextcloud/spreed
          path: apps/spreed
@@ -53,7 +53,7 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Read package.json node and npm engines version
        uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
@@ -63,7 +63,7 @@ jobs:
          fallbackNpm: '^10'

      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v3
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v3
        with:
          node-version: ${{ steps.versions.outputs.nodeVersion }}

@@ -48,7 +48,7 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Set up php8.1
        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
@@ -53,7 +53,7 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Set up php ${{ matrix.php-versions }}
        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
@@ -59,7 +59,7 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Read package.json node and npm engines version
        uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
@@ -80,10 +80,10 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Set up node ${{ needs.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
        with:
          node-version: ${{ needs.versions.outputs.nodeVersion }}

@@ -99,7 +99,7 @@ jobs:
        run: npm run test:coverage --if-present

      - name: Collect coverage
-        uses: codecov/codecov-action@4b21c320b5517fc6ffd4406a28e66325c721dc20 # v4.3.1
+        uses: codecov/codecov-action@922d8d7b314a529f2be903c1e79ee8283c492863 # v4.3.1
        with:
          files: ./coverage/lcov.info

@@ -114,10 +114,10 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Set up node ${{ needs.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
        with:
          node-version: ${{ needs.versions.outputs.nodeVersion }}

@@ -142,10 +142,10 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Set up node ${{ needs.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3
        with:
          node-version: ${{ needs.versions.outputs.nodeVersion }}

@@ -53,7 +53,7 @@ jobs:
    name: NPM build
    steps:
      - name: Checkout
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Read package.json node and npm engines version
        uses: skjnldsv/read-package-engines-version-actions@06d6baf7d8f41934ab630e97d9e6c0bc9c9ac5e4 # v3
@@ -63,7 +63,7 @@ jobs:
          fallbackNpm: '^10'

      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v3
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v3
        with:
          node-version: ${{ steps.versions.outputs.nodeVersion }}

@@ -27,7 +27,7 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          ref: ${{ matrix.branches }}

@@ -39,7 +39,7 @@ jobs:
          fallbackNpm: '^10'

      - name: Set up node ${{ steps.versions.outputs.nodeVersion }}
-        uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v3
+        uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v3
        with:
          node-version: ${{ steps.versions.outputs.nodeVersion }}

@@ -60,7 +60,7 @@ jobs:

      - name: Create Pull Request
        if: always()
-        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f # v7.0.5
+        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c # v6.1.0
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          commit-message: 'fix(deps): Fix npm audit'
@@ -45,7 +45,7 @@ jobs:

    strategy:
      matrix:
-        php-versions: ['8.1', '8.2']
+        php-versions: ['8.1', '8.2', '8.3']
        include:
          - php-versions: '8.3'
            coverage: true
@@ -69,7 +69,7 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
          submodules: true

@@ -45,7 +45,7 @@ jobs:

    strategy:
      matrix:
-        php-versions: ['8.1', '8.2']
+        php-versions: ['8.1', '8.2', '8.3']
        include:
          - php-versions: '8.3'
            coverage: true
@@ -70,7 +70,7 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
          submodules: true

@@ -45,7 +45,7 @@ jobs:

    strategy:
      matrix:
-        php-versions: ['8.1', '8.2']
+        php-versions: ['8.1', '8.2', '8.3']
        include:
          - php-versions: '8.3'
            coverage: true
@@ -67,7 +67,7 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
          submodules: true

@@ -26,12 +26,12 @@ jobs:

    steps:
      - name: Checkout
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

      - name: Set up php
        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
        with:
-          php-version: '8.1'
+          php-version: '8.2'
          extensions: ctype, curl, dom, fileinfo, gd, json, libxml, mbstring, openssl, pcntl, pdo, posix, session, simplexml, xml, xmlreader, xmlwriter, zip, zlib
          coverage: none
          ini-file: development
@@ -29,7 +29,7 @@ jobs:
          exit 1

      - name: Checkout server before PR
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
          submodules: true
          ref: ${{ github.event.pull_request.base.ref }}
@@ -91,7 +91,7 @@ jobs:

      - name: Upload profiles
        if: always()
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874
+        uses: actions/upload-artifact@0b2256b8c012f0828dc542b3febcab082c67f72b
        with:
          name: profiles
          path: |
@@ -32,7 +32,7 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
          submodules: true

@@ -84,7 +84,7 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          submodules: true

@@ -55,7 +55,7 @@ jobs:

    strategy:
      matrix:
-        php-versions: ['8.1', '8.3']
+        php-versions: ['8.1', '8.2', '8.3']
        include:
          - php-versions: '8.2'
            coverage: ${{ github.event_name != 'pull_request' }}
@@ -71,7 +71,7 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
          submodules: true

@@ -1,184 +0,0 @@
-# This workflow is provided via the organization template repository
-#
-# https://github.com/nextcloud/.github
-# https://docs.github.com/en/actions/learn-github-actions/sharing-workflows-with-your-organization
-#
-# SPDX-FileCopyrightText: 2022-2024 Nextcloud GmbH and Nextcloud contributors
-# SPDX-License-Identifier: MIT
-
-name: PHPUnit sharding
-
-on:
-  pull_request:
-  schedule:
-    - cron: "5 2 * * *"
-
-permissions:
-  contents: read
-
-concurrency:
-  group: phpunit-mysql-sharding-${{ github.head_ref || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  changes:
-    runs-on: ubuntu-latest-low
-
-    outputs:
-      src: ${{ steps.changes.outputs.src }}
-
-    steps:
-      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
-        id: changes
-        continue-on-error: true
-        with:
-          filters: |
-            src:
-              - '.github/workflows/**'
-              - '3rdparty/**'
-              - '**/appinfo/**'
-              - '**/lib/**'
-              - '**/templates/**'
-              - '**/tests/**'
-              - 'vendor/**'
-              - 'vendor-bin/**'
-              - '.php-cs-fixer.dist.php'
-              - 'composer.json'
-              - 'composer.lock'
-              - '**.php'
-
-  phpunit-mysql:
-    runs-on: ubuntu-latest
-
-    needs: changes
-    if: needs.changes.outputs.src != 'false'
-
-    strategy:
-      matrix:
-        php-versions: ['8.1']
-        mysql-versions: ['8.4']
-
-    name: Sharding - MySQL ${{ matrix.mysql-versions }} (PHP ${{ matrix.php-versions }}) - database tests
-
-    services:
-      cache:
-        image: ghcr.io/nextcloud/continuous-integration-redis:latest
-        ports:
-          - 6379:6379/tcp
-        options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3
-
-      mysql:
-        image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest
-        ports:
-          - 4444:3306/tcp
-        env:
-          MYSQL_ROOT_PASSWORD: rootpassword
-          MYSQL_USER: oc_autotest
-          MYSQL_PASSWORD: nextcloud
-          MYSQL_DATABASE: oc_autotest
-        options: --health-cmd="mysqladmin ping" --health-interval 5s --health-timeout 2s --health-retries 10
-      shard1:
-        image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest
-        ports:
-          - 5001:3306/tcp
-        env:
-          MYSQL_ROOT_PASSWORD: rootpassword
-          MYSQL_USER: oc_autotest
-          MYSQL_PASSWORD: nextcloud
-          MYSQL_DATABASE: nextcloud
-        options: --health-cmd="mysqladmin ping" --health-interval 5s --health-timeout 2s --health-retries 10
-      shard2:
-        image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest
-        ports:
-          - 5002:3306/tcp
-        env:
-          MYSQL_ROOT_PASSWORD: rootpassword
-          MYSQL_USER: oc_autotest
-          MYSQL_PASSWORD: nextcloud
-          MYSQL_DATABASE: nextcloud
-        options: --health-cmd="mysqladmin ping" --health-interval 5s --health-timeout 2s --health-retries 10
-      shard3:
-        image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest
-        ports:
-          - 5003:3306/tcp
-        env:
-          MYSQL_ROOT_PASSWORD: rootpassword
-          MYSQL_USER: oc_autotest
-          MYSQL_PASSWORD: nextcloud
-          MYSQL_DATABASE: nextcloud
-        options: --health-cmd="mysqladmin ping" --health-interval 5s --health-timeout 2s --health-retries 10
-      shard4:
-        image: ghcr.io/nextcloud/continuous-integration-mysql-${{ matrix.mysql-versions }}:latest
-        ports:
-          - 5004:3306/tcp
-        env:
-          MYSQL_ROOT_PASSWORD: rootpassword
-          MYSQL_USER: oc_autotest
-          MYSQL_PASSWORD: nextcloud
-          MYSQL_DATABASE: nextcloud
-        options: --health-cmd="mysqladmin ping" --health-interval 5s --health-timeout 2s --health-retries 10
-
-    steps:
-      - name: Checkout server
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
-        with:
-          submodules: true
-
-      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
-        with:
-          php-version: ${{ matrix.php-versions }}
-          # https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html#prerequisites-for-manual-installation
-          extensions: bz2, ctype, curl, dom, fileinfo, gd, iconv, intl, json, libxml, mbstring, openssl, pcntl, posix, redis, session, simplexml, xmlreader, xmlwriter, zip, zlib, mysql, pdo_mysql
-          coverage: ${{ matrix.coverage && 'xdebug' || 'none' }}
-          ini-file: development
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Set up dependencies
-        run: composer i
-
-      - name: Enable ONLY_FULL_GROUP_BY MySQL option
-        run: |
-          echo "SET GLOBAL sql_mode=(SELECT CONCAT(@@sql_mode,',ONLY_FULL_GROUP_BY'));" | mysql -h 127.0.0.1 -P 4444 -u root -prootpassword
-          echo "SELECT @@sql_mode;" | mysql -h 127.0.0.1 -P 4444 -u root -prootpassword
-
-      - name: Set up Nextcloud
-        env:
-          DB_PORT: 4444
-          SHARDING: 1
-        run: |
-          mkdir data
-          cp tests/redis.config.php config/
-          cp tests/preseed-config.php config/config.php
-          ./occ maintenance:install --verbose --database=mysql --database-name=nextcloud --database-host=127.0.0.1 --database-port=$DB_PORT --database-user=root --database-pass=rootpassword --admin-user admin --admin-pass admin
-          php -f tests/enable_all.php | grep -i -C9999 error && echo "Error during app setup" && exit 1 || exit 0
-
-      - name: PHPUnit
-        run: composer run test:db ${{ matrix.coverage && ' -- --coverage-clover ./clover.db.xml' || '' }}
-
-      - name: Upload db code coverage
-        if: ${{ !cancelled() && matrix.coverage }}
-        uses: codecov/codecov-action@v4.5.0
-        with:
-          files: ./clover.db.xml
-          flags: phpunit-mysql
-
-      - name: Print logs
-        if: always()
-        run: |
-          cat data/nextcloud.log
-
-  summary:
-    permissions:
-      contents: none
-    runs-on: ubuntu-latest-low
-    needs: [changes, phpunit-mysql]
-
-    if: always()
-
-    name: phpunit-mysql-summary
-
-    steps:
-      - name: Summary status
-        run: if ${{ needs.changes.outputs.src != 'false' && needs.phpunit-mysql.result != 'success' }}; then exit 1; fi
@@ -84,7 +84,7 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
          submodules: true

@@ -57,7 +57,7 @@ jobs:

    strategy:
      matrix:
-        php-versions: ['8.1', '8.3']
+        php-versions: ['8.1', '8.2', '8.3']
        include:
          - php-versions: '8.2'
            coverage: ${{ github.event_name != 'pull_request' }}
@@ -73,7 +73,7 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
          submodules: true

@@ -1,121 +0,0 @@
-# SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
-# SPDX-License-Identifier: MIT
-name: PHPUnit primary object store
-on:
-  pull_request:
-  schedule:
-    - cron: "15 2 * * *"
-
-concurrency:
-  group: phpunit-object-store-primary-${{ github.head_ref || github.run_id }}
-  cancel-in-progress: true
-
-jobs:
-  changes:
-    runs-on: ubuntu-latest-low
-
-    outputs:
-      src: ${{ steps.changes.outputs.src}}
-
-    steps:
-      - uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
-        id: changes
-        continue-on-error: true
-        with:
-          filters: |
-            src:
-              - '.github/workflows/**'
-              - '3rdparty/**'
-              - '**/appinfo/**'
-              - '**/lib/**'
-              - '**/templates/**'
-              - '**/tests/**'
-              - 'vendor/**'
-              - 'vendor-bin/**'
-              - '.php-cs-fixer.dist.php'
-              - 'composer.json'
-              - 'composer.lock'
-              - '**.php'
-
-  object-store-primary-tests-minio:
-    runs-on: ubuntu-latest
-    needs: changes
-
-    if: ${{ github.repository_owner != 'nextcloud-gmbh' && needs.changes.outputs.src != 'false' }}
-
-    strategy:
-      # do not stop on another job's failure
-      fail-fast: false
-      matrix:
-        php-versions: ['8.1']
-        key: ['s3', 's3-multibucket']
-
-    name: php${{ matrix.php-versions }}-${{ matrix.key }}-minio
-
-    services:
-      cache:
-        image: ghcr.io/nextcloud/continuous-integration-redis:latest
-        ports:
-          - 6379:6379/tcp
-        options: --health-cmd="redis-cli ping" --health-interval=10s --health-timeout=5s --health-retries=3
-
-      minio:
-        image: bitnami/minio
-        env:
-          MINIO_ROOT_USER: nextcloud
-          MINIO_ROOT_PASSWORD: bWluaW8tc2VjcmV0LWtleS1uZXh0Y2xvdWQ=
-          MINIO_DEFAULT_BUCKETS: nextcloud
-        ports:
-          - "9000:9000"
-
-    steps:
-      - name: Checkout server
-        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11
-        with:
-          submodules: true
-
-      - name: Set up php ${{ matrix.php-versions }}
-        uses: shivammathur/setup-php@c5fc0d8281aba02c7fda07d3a70cc5371548067d #v2.25.2
-        with:
-          php-version: ${{ matrix.php-versions }}
-          extensions: mbstring, fileinfo, intl, sqlite, pdo_sqlite, zip, gd
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-      - name: Set up Nextcloud
-        env:
-          OBJECT_STORE: ${{ matrix.key }}
-          OBJECT_STORE_KEY: nextcloud
-          OBJECT_STORE_SECRET: bWluaW8tc2VjcmV0LWtleS1uZXh0Y2xvdWQ=
-        run: |
-          composer install
-          cp tests/redis.config.php config/
-          cp tests/preseed-config.php config/config.php
-          ./occ maintenance:install --verbose --database=sqlite --database-name=nextcloud --database-host=127.0.0.1 --database-user=root --database-pass=rootpassword --admin-user admin --admin-pass password
-          php -f tests/enable_all.php | grep -i -C9999 error && echo "Error during app setup" && exit 1 || exit 0
-
-      - name: Wait for S3
-        run: |
-          sleep 10
-          curl -f -m 1 --retry-connrefused --retry 10 --retry-delay 10 http://localhost:9000/minio/health/ready
-
-      - name: PHPUnit
-        run: composer run test:db
-
-      - name: S3 logs
-        if: always()
-        run: |
-          cat data/nextcloud.log
-          docker ps -a
-          docker ps -aq | while read container ; do IMAGE=$(docker inspect --format='{{.Config.Image}}' $container); echo $IMAGE; docker logs $container; echo "\n\n" ; done
-
-
-  object-store-primary-summary:
-    runs-on: ubuntu-latest-low
-    needs: [changes,object-store-primary-tests-minio]
-
-    if: always()
-
-    steps:
-      - name: Summary status
-        run: if ${{ needs.changes.outputs.src != 'false' && needs.object-store-primary-tests-minio.result != 'success' }}; then exit 1; fi
@@ -96,7 +96,7 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          submodules: true

@@ -84,7 +84,7 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          submodules: true

@@ -55,7 +55,7 @@ jobs:

    strategy:
      matrix:
-        php-versions: ['8.2', '8.3']
+        php-versions: ['8.1', '8.2', '8.3']
        include:
          - php-versions: '8.1'
            coverage: ${{ github.event_name != 'pull_request' }}
@@ -71,7 +71,7 @@ jobs:

    steps:
      - name: Checkout server
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
        with:
          submodules: true

@@ -16,7 +16,7 @@ jobs:
    runs-on: ubuntu-latest
    steps:
    - name: Checkout
-      uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
+      uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7

    - name: REUSE Compliance Check
      uses: fsfe/reuse-action@3ae3c6bdf1257ab19397fab11fd3312144692083 # v4.0.0
@@ -4,14 +4,6 @@ name: Psalm static code analysis

 on:
  pull_request:
-  push:
-    branches:
-      - main
-      - master
-      - stable*
-    paths:
-      - '.github/workflows/static-code-analysis.yml'
-      - '**.php'

 concurrency:
  group: static-code-analysis-${{ github.head_ref || github.run_id }}
@@ -21,11 +13,11 @@ jobs:
  static-code-analysis:
    runs-on: ubuntu-latest

-    if: ${{ github.event_name != 'push' && github.repository_owner != 'nextcloud-gmbh' }}
+    if: ${{ github.repository_owner != 'nextcloud-gmbh' }}

    steps:
      - name: Checkout
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
          submodules: true

@@ -42,20 +34,24 @@ jobs:
        run: composer i

      - name: Psalm
-        run: composer run psalm -- --threads=1 --monochrome --no-progress --output-format=github --update-baseline
+        run: composer run psalm:ci -- --monochrome --no-progress --output-format=github --update-baseline --report=results.sarif

      - name: Show potential changes in Psalm baseline
        if: always()
-        run: git diff --exit-code -- . ':!lib/composer'
+        run: git diff -- . ':!lib/composer'
+
+      - name: Upload Analysis results to GitHub
+        if: always()
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: results.sarif

  static-code-analysis-security:
    runs-on: ubuntu-latest

-    if: ${{ github.repository_owner != 'nextcloud-gmbh' }}
-
    steps:
      - name: Checkout code
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
          submodules: true

@@ -70,11 +66,7 @@ jobs:
        run: composer i

      - name: Psalm taint analysis
-        run: composer run psalm:security -- --threads=1 --monochrome --no-progress --output-format=github --update-baseline --report=results.sarif
-
-      - name: Show potential changes in Psalm baseline
-        if: always()
-        run: git diff --exit-code -- . ':!lib/composer'
+        run: composer run psalm:ci -- --monochrome --no-progress --output-format=github --report=results.sarif --taint-analysis

      - name: Upload Security Analysis results to GitHub
        if: always()
@@ -85,11 +77,9 @@ jobs:
  static-code-analysis-ocp:
    runs-on: ubuntu-latest

-    if: ${{ github.event_name != 'push' && github.repository_owner != 'nextcloud-gmbh' }}
-
    steps:
      - name: Checkout
-        uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
+        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
          submodules: true

@@ -106,8 +96,8 @@ jobs:
        run: composer i

      - name: Psalm
-        run: composer run psalm:ocp -- --threads=1 --monochrome --no-progress --output-format=github --update-baseline
+        run: composer run psalm:ci -- -c psalm-ocp.xml --monochrome --no-progress --output-format=github --update-baseline

      - name: Show potential changes in Psalm baseline
        if: always()
-        run: git diff --exit-code -- . ':!lib/composer'
+        run: git diff -- . ':!lib/composer'
@@ -19,7 +19,7 @@ jobs:
    name: update-ca-certificate-bundle-${{ matrix.branches }}

    steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
          ref: ${{ matrix.branches }}
          submodules: true
@@ -28,7 +28,7 @@ jobs:
        run: curl --etag-compare build/ca-bundle-etag.txt --etag-save build/ca-bundle-etag.txt --output resources/config/ca-bundle.crt https://curl.se/ca/cacert.pem

      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f
+        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          commit-message: 'fix(security): Update CA certificate bundle'
@@ -19,7 +19,7 @@ jobs:
    name: update-code-signing-crl-${{ matrix.branches }}

    steps:
-      - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
        with:
          ref: ${{ matrix.branches }}
          submodules: true
@@ -31,7 +31,7 @@ jobs:
        run: openssl crl -verify -in resources/codesigning/root.crl -CAfile resources/codesigning/root.crt -noout

      - name: Create Pull Request
-        uses: peter-evans/create-pull-request@5e914681df9dc83aa4e4905692ca88beb2f9e91f
+        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c
        with:
          token: ${{ secrets.COMMAND_BOT_PAT }}
          commit-message: 'fix(security): Update code signing revocation list'
@@ -0,0 +1,52 @@
+# SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
+# SPDX-License-Identifier: MIT
+name: Auto approve psalm baseline update
+
+on:
+  pull_request_target:
+    branches:
+      - main
+      - master
+      - stable*
+
+permissions:
+  contents: read
+
+concurrency:
+  group: update-psalm-baseline-approve-merge-${{ github.head_ref || github.run_id }}
+  cancel-in-progress: true
+
+jobs:
+  auto-approve-merge:
+    if: github.actor == 'nextcloud-command'
+    runs-on: ubuntu-latest-low
+    permissions:
+      # for hmarr/auto-approve-action to approve PRs
+      pull-requests: write
+      # for alexwilson/enable-github-automerge-action to approve PRs
+      contents: write
+
+    steps:
+      - name: Disabled on forks
+        if: ${{ github.event.pull_request.head.repo.full_name != github.repository }}
+        run: |
+          echo 'Can not approve PRs from forks'
+          exit 1
+
+      - uses: mdecoleman/pr-branch-name@55795d86b4566d300d237883103f052125cc7508 # v3.0.0
+        id: branchname
+        with:
+          repo-token: ${{ secrets.GITHUB_TOKEN }}
+
+      # GitHub actions bot approve
+      - uses: hmarr/auto-approve-action@b40d6c9ed2fa10c9a2749eca7eb004418a705501 # v2
+        if: startsWith(steps.branchname.outputs.branch, 'automated/noid/') && endsWith(steps.branchname.outputs.branch, 'update-psalm-baseline')
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+
+      # Enable GitHub auto merge
+      - name: Auto merge
+        uses: alexwilson/enable-github-automerge-action@56e3117d1ae1540309dc8f7a9f2825bc3c5f06ff # main
+        if: startsWith(steps.branchname.outputs.branch, 'automated/noid/') && endsWith(steps.branchname.outputs.branch, 'update-psalm-baseline')
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
@@ -0,0 +1,69 @@
+# SPDX-FileCopyrightText: 2020 Nextcloud GmbH and Nextcloud contributors
+# SPDX-License-Identifier: MIT
+name: Update Psalm baseline
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "5 2 * * *"
+
+jobs:
+  update-psalm-baseline:
+    runs-on: ubuntu-latest
+
+    if: ${{ github.repository_owner != 'nextcloud-gmbh' }}
+
+    strategy:
+      fail-fast: false
+      matrix:
+        branches: ['master', 'stable30', 'stable29', 'stable28']
+
+    name: update-psalm-baseline-${{ matrix.branches }}
+
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
+        with:
+          ref: ${{ matrix.branches }}
+          submodules: true
+
+      - name: Set up php
+        uses: shivammathur/setup-php@c541c155eee45413f5b09a52248675b1a2575231 #v2.31.1
+        with:
+          php-version: '8.1'
+          extensions: apcu,ctype,curl,dom,fileinfo,ftp,gd,intl,json,ldap,mbstring,openssl,pdo_sqlite,posix,sqlite,xml,zip
+          coverage: none
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Composer install
+        run: composer install
+
+      - name: Psalm
+        run: composer run psalm:ci -- --monochrome --no-progress --output-format=text --update-baseline
+        continue-on-error: true
+
+      - name: Psalm OCP
+        run: composer run psalm:ci -- -c psalm-ocp.xml --monochrome --no-progress --output-format=github --update-baseline
+        continue-on-error: true
+
+      - name: Reset composer
+        run: |
+          git clean -f lib/composer
+          git checkout composer.json composer.lock lib/composer
+
+      - name: Create Pull Request
+        uses: peter-evans/create-pull-request@c5a7806660adbe173f04e3e038b0ccdcd758773c
+        with:
+          token: ${{ secrets.COMMAND_BOT_PAT }}
+          commit-message: 'chore(tests): Update psalm baseline'
+          committer: GitHub <noreply@github.com>
+          author: nextcloud-command <nextcloud-command@users.noreply.github.com>
+          signoff: true
+          branch: 'automated/noid/${{ matrix.branches }}-update-psalm-baseline'
+          title: '[${{ matrix.branches }}] Update psalm-baseline.xml'
+          body: |
+            Auto-generated update psalm-baseline.xml with fixed psalm warnings
+          labels: |
+            automated pr
+            3. to review
+          team-reviewers: server-backend
@@ -151,7 +151,6 @@ Vagrantfile

 # Tests - auto-generated files
 /data-autotest
-/results.sarif
 /tests/.phpunit.result.cache
 /tests/coverage*
 /tests/css
@@ -49,8 +49,8 @@
    </Else>
  </FilesMatch>

-  # Let browsers cache OTF and WOFF files for a week
-  <FilesMatch "\.(otf|woff2?)$">
+  # Let browsers cache WOFF files for a week
+  <FilesMatch "\.woff2?$">
    Header set Cache-Control "max-age=604800"
  </FilesMatch>
 </IfModule>
@@ -106,13 +106,5 @@
  SetEnvIf Transfer-Encoding "chunked" proxy-sendcl=1
 </IfModule>

-# Apache disabled the sending of the server-side content-length header
-# in their 2.4.59 patch updated which breaks some use-cases in Nextcloud.
-# Setting ap_trust_cgilike_cl allows to bring back the usual behaviour.
-# See https://bz.apache.org/bugzilla/show_bug.cgi?id=68973
-<IfModule mod_env.c>
-  SetEnv ap_trust_cgilike_cl
-</IfModule>
-
 AddDefaultCharset utf-8
 Options -Indexes
@@ -7,7 +7,7 @@ Files: lib/l10n/*.js lib/l10n/*.json core/l10n/*.js core/l10n/*.json apps/admin_
 Copyright: 2016 ownCloud, Inc., 2016-2024 Nextcloud translators
 License: AGPL-3.0-only OR AGPL-3.0-or-later

-Files: tests/data/block-aligned-plus-one.txt tests/data/block-aligned.txt tests/data/data.tar.gz tests/data/data.zip tests/data/desktopapp.png tests/data/desktopapp.svg tests/data/certificates/badCertificate.crt tests/data/certificates/expiredCertificate.crt tests/data/certificates/goodCertificate.crt tests/data/certificates/openSslTrustedCertificate.crt tests/data/integritycheck/app/AnotherFile.txt tests/data/integritycheck/app/subfolder/file.txt tests/data/integritycheck/appWithInvalidData/AnotherFile.txt tests/data/integritycheck/appWithInvalidData/UnecessaryFile apps/user_ldap/tests/Integration/data/avatar-invalid.gif apps/user_ldap/tests/Integration/data/avatar-valid.jpg apps/user_ldap/img/copy.png apps/user_ldap/img/copy.svg
+Files: tests/data/block-aligned-plus-one.txt tests/data/block-aligned.txt tests/data/data.tar.gz tests/data/data.zip tests/data/desktopapp.png tests/data/desktopapp.svg tests/data/certificates/badCertificate.crt tests/data/certificates/expiredCertificate.crt tests/data/certificates/goodCertificate.crt tests/data/integritycheck/app/AnotherFile.txt tests/data/integritycheck/app/subfolder/file.txt tests/data/integritycheck/appWithInvalidData/AnotherFile.txt tests/data/integritycheck/appWithInvalidData/UnecessaryFile apps/user_ldap/tests/Integration/data/avatar-invalid.gif apps/user_ldap/tests/Integration/data/avatar-valid.jpg apps/user_ldap/img/copy.png apps/user_ldap/img/copy.svg
 Copyright: 2015 ownCloud, Inc.
 License: AGPL-3.0-only

@@ -15,7 +15,7 @@ Files: .tx/config
 Copyright: 2011-2012 ownCloud, Inc., 2017-2023 Nextcloud GmbH and Nextcloud contributors
 License: AGPL-3.0-only

-Files: .htaccess
+Files: .htaccess 
 Copyright: 2011-2016 ownCloud, Inc., 2016-2024 Nextcloud GmbH and Nextcloud contributors
 License: AGPL-3.0-only

@@ -71,7 +71,7 @@ Files: themes/example/core/img/favicon-touch.png themes/example/core/img/favicon
 Copyright: 2015 ownCloud, Inc., 2016 Nextcloud GmbH and Nextcloud contributors
 License: AGPL-3.0-only

-Files: tests/data/testapp.zip tests/data/testapp2.zip tests/docker/mariadb/oc.cnf apps/dav/tests/testsuits/caldavtest/data/Resource/CalDAV/reports/put/1.txt apps/dav/tests/testsuits/caldavtest/data/Resource/CalDAV/reports/put/2.txt apps/dav/tests/testsuits/caldavtest/data/Resource/CalDAV/reports/put/3.txt apps/dav/tests/testsuits/caldavtest/data/Resource/CalDAV/reports/put/4.txt apps/dav/tests/testsuits/caldavtest/data/Resource/CalDAV/reports/put/5.txt apps/dav/tests/testsuits/caldavtest/data/Resource/CalDAV/reports/put/6.txt apps/dav/tests/testsuits/caldavtest/data/Resource/CalDAV/sharing/calendars/read-write/5.ics apps/dav/tests/testsuits/caldavtest/data/Resource/CalDAV/sharing/calendars/read-write/6.ics apps/dav/tests/testsuits/caldavtest/data/Resource/CalDAV/sharing/calendars/read-write/7.ics apps/dav/tests/testsuits/caldavtest/data/Resource/CalDAV/sharing/calendars/read-write/8.ics apps/dav/tests/testsuits/caldavtest/data/Resource/CalDAV/sharing/calendars/read-write/9.ics apps/dav/tests/testsuits/caldavtest/data/Resource/CardDAV/sharing/read-write/6.vcf apps/dav/tests/testsuits/caldavtest/data/Resource/CardDAV/sharing/read-write/7.vcf apps/dav/tests/testsuits/caldavtest/data/Resource/CardDAV/sharing/read-write/8.vcf apps/dav/tests/testsuits/caldavtest/data/Resource/CardDAV/sharing/read-write/9.vcf apps/dav/tests/testsuits/caldavtest/data/Resource/CardDAV/vreports/put/1.vcf apps/dav/tests/testsuits/caldavtest/data/Resource/CardDAV/vreports/put/2.vcf apps/dav/tests/testsuits/caldavtest/data/Resource/CardDAV/vreports/put/3.vcf
+Files: tests/data/testapp.zip tests/data/testapp2.zip tests/docker/mariadb/oc.cnf apps/dav/tests/travis/caldavtest/data/Resource/CalDAV/reports/put/1.txt apps/dav/tests/travis/caldavtest/data/Resource/CalDAV/reports/put/2.txt apps/dav/tests/travis/caldavtest/data/Resource/CalDAV/reports/put/3.txt apps/dav/tests/travis/caldavtest/data/Resource/CalDAV/reports/put/4.txt apps/dav/tests/travis/caldavtest/data/Resource/CalDAV/reports/put/5.txt apps/dav/tests/travis/caldavtest/data/Resource/CalDAV/reports/put/6.txt apps/dav/tests/travis/caldavtest/data/Resource/CalDAV/sharing/calendars/read-write/5.ics apps/dav/tests/travis/caldavtest/data/Resource/CalDAV/sharing/calendars/read-write/6.ics apps/dav/tests/travis/caldavtest/data/Resource/CalDAV/sharing/calendars/read-write/7.ics apps/dav/tests/travis/caldavtest/data/Resource/CalDAV/sharing/calendars/read-write/8.ics apps/dav/tests/travis/caldavtest/data/Resource/CalDAV/sharing/calendars/read-write/9.ics apps/dav/tests/travis/caldavtest/data/Resource/CardDAV/sharing/read-write/6.vcf apps/dav/tests/travis/caldavtest/data/Resource/CardDAV/sharing/read-write/7.vcf apps/dav/tests/travis/caldavtest/data/Resource/CardDAV/sharing/read-write/8.vcf apps/dav/tests/travis/caldavtest/data/Resource/CardDAV/sharing/read-write/9.vcf apps/dav/tests/travis/caldavtest/data/Resource/CardDAV/vreports/put/1.vcf apps/dav/tests/travis/caldavtest/data/Resource/CardDAV/vreports/put/2.vcf apps/dav/tests/travis/caldavtest/data/Resource/CardDAV/vreports/put/3.vcf
 Copyright: 2016 ownCloud, Inc.
 License: AGPL-3.0-only

@@ -103,7 +103,7 @@ Files: core/img/desktopapp.svg
 Copyright: 2016-2024 Nextcloud GmbH and Nextcloud contributors
 License: AGPL-3.0-or-later

-Files: build/psalm-baseline-ocp.xml build/psalm-baseline-security.xml build/psalm-baseline.xml build/stubs/xsl.php build/stubs/gd.php build/stubs/imagick.php build/stubs/intl.php build/stubs/IntlChar.php build/stubs/ldap.php build/stubs/memcached.php build/stubs/redis.php build/stubs/redis_cluster.php build/stubs/sftp.php build/stubs/ssh2.php build/stubs/apcu.php
+Files: build/psalm-baseline-ocp.xml build/psalm-baseline.xml build/stubs/xsl.php build/stubs/gd.php build/stubs/imagick.php build/stubs/intl.php build/stubs/IntlChar.php build/stubs/ldap.php build/stubs/memcached.php build/stubs/redis.php build/stubs/redis_cluster.php build/stubs/sftp.php build/stubs/ssh2.php build/stubs/apcu.php
 Copyright: 2020 Nextcloud GmbH and Nextcloud contributors
 License: AGPL-3.0-or-later

@@ -147,7 +147,7 @@ Files: build/stubs/app_api.php build/stubs/SensitiveParameter.phpstub build/stub
 Copyright: 2023 Nextcloud GmbH and Nextcloud contributors
 License: AGPL-3.0-or-later

-Files: apps/dav/tests/unit/test_fixtures/caldav-search-limit-timerange-1.ics apps/dav/tests/unit/test_fixtures/caldav-search-limit-timerange-2.ics apps/dav/tests/unit/test_fixtures/caldav-search-limit-timerange-3.ics apps/dav/tests/unit/test_fixtures/caldav-search-limit-timerange-4.ics apps/dav/tests/unit/test_fixtures/caldav-search-limit-timerange-5.ics apps/dav/tests/unit/test_fixtures/caldav-search-limit-timerange-6.ics apps/dav/tests/unit/test_fixtures/caldav-search-missing-start-1.ics apps/dav/tests/unit/test_fixtures/caldav-search-missing-start-2.ics
+Files: apps/dav/tests/misc/caldav-search-limit-timerange-1.ics apps/dav/tests/misc/caldav-search-limit-timerange-2.ics apps/dav/tests/misc/caldav-search-limit-timerange-3.ics apps/dav/tests/misc/caldav-search-limit-timerange-4.ics apps/dav/tests/misc/caldav-search-limit-timerange-5.ics apps/dav/tests/misc/caldav-search-limit-timerange-6.ics apps/dav/tests/misc/caldav-search-missing-start-1.ics apps/dav/tests/misc/caldav-search-missing-start-2.ics
 Copyright: 2023 Nextcloud GmbH and Nextcloud contributors
 License: AGPL-3.0-or-later

@@ -204,7 +204,7 @@ Copyright: 2016-2024 Collabora Ltd.
 License: LicenseRef-CollaboraTrademarks

 Files: core/img/twitter.svg core/img/actions/twitter.svg apps/federatedfilesharing/img/social-twitter.svg
-Copyright: X Corp.
+Copyright: X Corp. 
 License: LicenseRef-XTrademarks

 Files: core/img/facebook.svg apps/federatedfilesharing/img/social-facebook.svg
@@ -227,9 +227,9 @@ Files: core/img/appstore.svg
 Copyright: 2024 Apple Inc.
 License: LicenseRef-AppleAppStoreBadge

-Files: apps/weather_status/img/met.no.icons/*.svg
-Copyright: 2015-2017 NRK og Meteorologisk institutt <https://github.com/metno/weathericons>
-License: MIT
+Files: apps/weather_status/img/cloud-cloud.svg apps/weather_status/img/cloud-dots.svg apps/weather_status/img/cross.svg apps/weather_status/img/drop.svg apps/weather_status/img/fog.svg apps/weather_status/img/half-sun.svg apps/weather_status/img/heavy-rain.svg apps/weather_status/img/light-rain.svg apps/weather_status/img/moon-cloud-heavy-rain.svg apps/weather_status/img/moon-cloud-light-rain.svg apps/weather_status/img/moon-cloud-rain.svg apps/weather_status/img/moon-cloud.svg apps/weather_status/img/moon-small-cloud.svg apps/weather_status/img/moon.svg apps/weather_status/img/rain.svg apps/weather_status/img/snow.svg apps/weather_status/img/sun-cloud-heavy-rain.svg apps/weather_status/img/sun-cloud-light-rain.svg apps/weather_status/img/sun-cloud-rain.svg apps/weather_status/img/sun-cloud.svg apps/weather_status/img/sun-small-cloud.svg apps/weather_status/img/sun.svg apps/weather_status/img/thunder.svg apps/weather_status/img/umbrella.svg
+Copyright: 2024 Designed by Freepik, titusurya <https://www.freepik.com/author/titusurya> at <https://www.freepik.com/free-vector/coloured-weather-icons-collection_895655.htm>
+License: LicenseRef-freepikLicense

 Files: core/img/f-droid.svg
 Copyright: 2016 Andrew Nayenko <relan@airpost.net>
@@ -327,6 +327,6 @@ Files: apps/settings/tests/UserMigration/assets/account.png
 Copyright: 2019 Fabian Wiktor <https://www.pexels.com/photo/green-and-brown-island-on-blue-sea-under-blue-sky-4011450/>
 License: CC0-1.0

-Files: apps/theming/fonts/OpenDyslexic-Bold.otf apps/theming/fonts/OpenDyslexic-Regular.otf
-Copyright: 2012-2019 Abbie Gonzalez <https://abbiecod.es|support@abbiecod.es>, with Reserved Font Name OpenDyslexic.
+Files: apps/theming/fonts/OpenDyslexic-Bold.otf apps/theming/fonts/OpenDyslexic-Bold.ttf apps/theming/fonts/OpenDyslexic-Bold.woff apps/theming/fonts/OpenDyslexic-Regular.otf apps/theming/fonts/OpenDyslexic-Regular.ttf apps/theming/fonts/OpenDyslexic-Regular.woff
+Copyright: 2012-2019 Abbie Gonzalez <https://abbiecod.es|support@abbiecod.es<, with Reserved Font Name OpenDyslexic.
 License: OFL-1.1-RFN
@@ -6,4 +6,4 @@ and our products: “Nextcloud Files”; “Nextcloud Groupware” and “Nextcl
 This set of marks is collectively referred to as the “Nextcloud marks.”

 Use of Nextcloud logos and other marks is only permitted under the guidelines provided by the Nextcloud GmbH.
-A copy can be found at https://nextcloud.com/trademarks/
+A copy can be found at https://discord.com/branding
@@ -0,0 +1,39 @@
+License Agreement for Freepik Content
+
+The Company authorizes the User to download and use the Freepik Content under the terms of this Section (see Section 7 in relation to Sponsored Content). The Company and its licensors reserve all rights over the Freepik Content not expressly granted in this license to the User.
+
+Subject to the fulfillment of these Terms, the Company authorizes the User in a non-transferable, revocable, limited, non-exclusive manner and on a worldwide basis for the duration of the relevant rights; to download, use and modify the Freepik Content, in a device the User owns or controls and only for the purposes and uses allowed in these Terms.
+
+The User may use the Freepik Content (including any derivative work), either using the Freepik Contents in its entirety or using only some or some of its elements, either using the Freepik Contents without modification, combining them with other contents or having previously modified them, being the license granted with respect to the Freepik content, provided that it:
+
+* Does not involve collective use;
+* The Freepik Content is not used in a manner that suggests an association or endorsement of any kind by the Company or the Website;
+* The Freepik Content or any derivative work is not used or included (in whole or in part) in a database, archive or in any other media/stock product, collection, set of clips, or library, for distribution or resale or used in any other way that could prevent or limit future visits or downloads from the Website;
+* Does not resell, assign, transfer or sublicense the Freepik Content or any derived work from the Freepik Content;
+* Does not use the Freepik Content in printed or electronic items (e.g. t-shirts, cups, postcards, birthday or greeting cards, invitations, calendars, web models or electronic devices, apps, NFTs, videogames, advertising spots, audiovisual animations) aimed to be resold, in which the content in the Freepik Content is the main element (because of size, relevance or any other cause, in case of doubt about whether the content is main element, it shall be deemed that the content is main element);
+* Does not use the Freepik Content (totally or partially) in any trademark, or part of the same, which may be used by any other means to guarantee or to imply a guaranty of any product and/or service, unless the Freepik Content used in such cases is modified in such a way as to be a new and different content not confusingly similar with the original Freepik Content or implies a use of the Freepik Content as a template or test, and not as a final item or material;
+* Does not use the Freepik Content (including any caption information, title, keywords or other metadata associated with the Freepik Content) for any machine learning and/or artificial intelligence purposes, or for any technologies designed or intended for the identification of natural persons.
+* Does not make any use of the Freepik Content which might be considered defamatory, libellous, obscene, immoral or illegal, including, without limitation, using it in a way that places any person appearing in the Freepik Content in a negative light or depicts them in a way that they may find offensive such as the use in pornography, advertisements for escort or similar services, political endorsements, birth control products, and;
+* Does not make any use of the Freepik Content to slander, libel or to vilify a person, race, sex, culture, sexual orientation, religion, country, region, town, village or any other place, or any other human group.
+
+When any Freepik Content is marked or identified as for editorial use, or when within the same there are logos, recognizable products, public buildings, public events or images taken in places where recognizable persons appear in the background, the User shall only be entitled to use it for such editorial use. In such cases, the User undertakes not to use that content in any manner that entails any connection with any business activity, the use in economic traffic or advertising, marketing or commercialization of any product or service. The User shall be directly liable and the Company shall not assume any liability as a result of the use for commercial purposes by the User of any content belonging to the Freepik Content, which according to this paragraph should be for editorial use only.
+
+The authorization to use the Freepik Content shall be free provided that any use of the content in the Freepik Content by the User is credited to the Company/Website as stated by the Company from time to time. In order to benefit from the Service or to use the Freepik Content without acknowledging the Company/Website, the User must purchase a premium subscription (hereinafter, the "Premium Subscription") in the Website and download the Freepik Content during the term of any such Premium Subscription. Conditions in Section 10 shall apply to the purchase of the Premium Subscription.
+
+As a general rule, it is forbidden for a User to authorize any third parties to use the Freepik Content (or any modification of any content in the Freepik Content). As an exception to the prohibition, the User may allow third parties to use the Freepik Content, when each and every of the following conditions are met:
+
+* The third party has professionally instructed the User to produce goods or provide services to it/him/her and the User uses a limited number of items within the Freepik Content to produce such goods or provide such services to the instructing third party;
+* The authorization granted by the User to the third party is in writing and complies with every restriction of the User’s authorization to use the relevant Freepik Content and includes, without limitation, a restriction for the third party to distribute, resell or license the relevant content in the Freepik Content (i.e. the third party is the final user of the relevant content in the Freepik Content);
+* None of the contents in the Freepik Content which are subject to the authorization are used as the main element (because of size, relevance or any other cause; in case of doubt about whether the content is the main element, it shall be deemed as the main element) in printed or electronic items (e.g. t-shirts, cups, postcards, birthday or greeting cards, invitations, calendars, web models or electronic devices, apps, NFTs, videogames, advertising spots, audiovisual animations) aimed to be resold by the third party;
+* The production of goods or provision of services by the User to the third party is not done by automatic means, it is tailor-made for the third party (and therefore its use is not authorized by the User to any other third party) and requires a specific substantial human intervention from the User in relation to each third party; and
+* The User -and not the third party- chooses the specific items within the content of the Freepik Content to be used in the production of goods or provision of services for the third party.
+
+When all of the above conditions are met, the User shall be entitled to authorize a third party to use the relevant content in the Freepik Content. This exception refers only to the prohibition for the User to authorize third parties to use the content in the Freepik Content without affecting or limiting in any way the remaining conditions of the User’s right to use the Freepik Content. Whether the above conditions regarding the exception to the prohibition for Users to authorize third parties to use the content in the Freepik Content are met shall be interpreted restrictively so that, in case of doubt, it shall be deemed that the conditions are not met.
+
+The User does not acquire any right as a result of the use of the content in the Freepik Content. In particular, the User is not authorized to distribute, resell or rent any content in the Freepik Content (or any modification of any content in the Freepik Content).
+
+The Company may, at any time, offer any content on the Website under a different license from the one included in this Section (the "Specific License"). The Company will inform on the Website which content is licensed under an Specific License. The Specific License will be made available to the User and will include, without limitation, a description of the license itself, as well as the permitted and prohibited uses in relation to the content. In the event that a particular content is offered under a Specific License, the Specific License shall apply over the general license described in this Section. Notwithstanding the foregoing, all other obligations contained in these Terms shall continue to be binding on the User, unless they conflict with the Specific License, in which case the Specific License shall prevail.
+
+The User’s rights under this Section will end automatically without any notice if the User breaches any of the Terms. In case of termination of the rights hereunder, the User shall cease using content in the Freepik Content and will destroy every copy, whether total or partial, thereof.
+
+A copy can be found at <https://www.freepikcompany.com/legal/#nav-freepik-agreement>
@@ -2,8 +2,12 @@
 * SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
 * SPDX-License-Identifier: AGPL-3.0-or-later
 */
+import { beforeEach } from 'vitest'
+
 window.OC = { ...window.OC }
 window.OCA = { ...window.OCA }
 window.OCP = { ...window.OCP }

-window._oc_webroot = ''
+beforeEach(() => {
+	window.location = new URL('http://nextcloud.local')
+})
@@ -8,22 +8,20 @@ $baseDir = $vendorDir;
 return array(
    'Composer\\InstalledVersions' => $vendorDir . '/composer/InstalledVersions.php',
    'OCA\\AdminAudit\\Actions\\Action' => $baseDir . '/../lib/Actions/Action.php',
+    'OCA\\AdminAudit\\Actions\\AppManagement' => $baseDir . '/../lib/Actions/AppManagement.php',
+    'OCA\\AdminAudit\\Actions\\Auth' => $baseDir . '/../lib/Actions/Auth.php',
+    'OCA\\AdminAudit\\Actions\\Console' => $baseDir . '/../lib/Actions/Console.php',
    'OCA\\AdminAudit\\Actions\\Files' => $baseDir . '/../lib/Actions/Files.php',
+    'OCA\\AdminAudit\\Actions\\GroupManagement' => $baseDir . '/../lib/Actions/GroupManagement.php',
+    'OCA\\AdminAudit\\Actions\\Security' => $baseDir . '/../lib/Actions/Security.php',
    'OCA\\AdminAudit\\Actions\\Sharing' => $baseDir . '/../lib/Actions/Sharing.php',
    'OCA\\AdminAudit\\Actions\\TagManagement' => $baseDir . '/../lib/Actions/TagManagement.php',
    'OCA\\AdminAudit\\Actions\\Trashbin' => $baseDir . '/../lib/Actions/Trashbin.php',
+    'OCA\\AdminAudit\\Actions\\UserManagement' => $baseDir . '/../lib/Actions/UserManagement.php',
    'OCA\\AdminAudit\\Actions\\Versions' => $baseDir . '/../lib/Actions/Versions.php',
    'OCA\\AdminAudit\\AppInfo\\Application' => $baseDir . '/../lib/AppInfo/Application.php',
    'OCA\\AdminAudit\\AuditLogger' => $baseDir . '/../lib/AuditLogger.php',
    'OCA\\AdminAudit\\BackgroundJobs\\Rotate' => $baseDir . '/../lib/BackgroundJobs/Rotate.php',
    'OCA\\AdminAudit\\IAuditLogger' => $baseDir . '/../lib/IAuditLogger.php',
-    'OCA\\AdminAudit\\Listener\\AppManagementEventListener' => $baseDir . '/../lib/Listener/AppManagementEventListener.php',
-    'OCA\\AdminAudit\\Listener\\AuthEventListener' => $baseDir . '/../lib/Listener/AuthEventListener.php',
-    'OCA\\AdminAudit\\Listener\\ConsoleEventListener' => $baseDir . '/../lib/Listener/ConsoleEventListener.php',
    'OCA\\AdminAudit\\Listener\\CriticalActionPerformedEventListener' => $baseDir . '/../lib/Listener/CriticalActionPerformedEventListener.php',
-    'OCA\\AdminAudit\\Listener\\FileEventListener' => $baseDir . '/../lib/Listener/FileEventListener.php',
-    'OCA\\AdminAudit\\Listener\\GroupManagementEventListener' => $baseDir . '/../lib/Listener/GroupManagementEventListener.php',
-    'OCA\\AdminAudit\\Listener\\SecurityEventListener' => $baseDir . '/../lib/Listener/SecurityEventListener.php',
-    'OCA\\AdminAudit\\Listener\\SharingEventListener' => $baseDir . '/../lib/Listener/SharingEventListener.php',
-    'OCA\\AdminAudit\\Listener\\UserManagementEventListener' => $baseDir . '/../lib/Listener/UserManagementEventListener.php',
 );
@@ -23,24 +23,22 @@ class ComposerStaticInitAdminAudit
    public static $classMap = array (
        'Composer\\InstalledVersions' => __DIR__ . '/..' . '/composer/InstalledVersions.php',
        'OCA\\AdminAudit\\Actions\\Action' => __DIR__ . '/..' . '/../lib/Actions/Action.php',
+        'OCA\\AdminAudit\\Actions\\AppManagement' => __DIR__ . '/..' . '/../lib/Actions/AppManagement.php',
+        'OCA\\AdminAudit\\Actions\\Auth' => __DIR__ . '/..' . '/../lib/Actions/Auth.php',
+        'OCA\\AdminAudit\\Actions\\Console' => __DIR__ . '/..' . '/../lib/Actions/Console.php',
        'OCA\\AdminAudit\\Actions\\Files' => __DIR__ . '/..' . '/../lib/Actions/Files.php',
+        'OCA\\AdminAudit\\Actions\\GroupManagement' => __DIR__ . '/..' . '/../lib/Actions/GroupManagement.php',
+        'OCA\\AdminAudit\\Actions\\Security' => __DIR__ . '/..' . '/../lib/Actions/Security.php',
        'OCA\\AdminAudit\\Actions\\Sharing' => __DIR__ . '/..' . '/../lib/Actions/Sharing.php',
        'OCA\\AdminAudit\\Actions\\TagManagement' => __DIR__ . '/..' . '/../lib/Actions/TagManagement.php',
        'OCA\\AdminAudit\\Actions\\Trashbin' => __DIR__ . '/..' . '/../lib/Actions/Trashbin.php',
+        'OCA\\AdminAudit\\Actions\\UserManagement' => __DIR__ . '/..' . '/../lib/Actions/UserManagement.php',
        'OCA\\AdminAudit\\Actions\\Versions' => __DIR__ . '/..' . '/../lib/Actions/Versions.php',
        'OCA\\AdminAudit\\AppInfo\\Application' => __DIR__ . '/..' . '/../lib/AppInfo/Application.php',
        'OCA\\AdminAudit\\AuditLogger' => __DIR__ . '/..' . '/../lib/AuditLogger.php',
        'OCA\\AdminAudit\\BackgroundJobs\\Rotate' => __DIR__ . '/..' . '/../lib/BackgroundJobs/Rotate.php',
        'OCA\\AdminAudit\\IAuditLogger' => __DIR__ . '/..' . '/../lib/IAuditLogger.php',
-        'OCA\\AdminAudit\\Listener\\AppManagementEventListener' => __DIR__ . '/..' . '/../lib/Listener/AppManagementEventListener.php',
-        'OCA\\AdminAudit\\Listener\\AuthEventListener' => __DIR__ . '/..' . '/../lib/Listener/AuthEventListener.php',
-        'OCA\\AdminAudit\\Listener\\ConsoleEventListener' => __DIR__ . '/..' . '/../lib/Listener/ConsoleEventListener.php',
        'OCA\\AdminAudit\\Listener\\CriticalActionPerformedEventListener' => __DIR__ . '/..' . '/../lib/Listener/CriticalActionPerformedEventListener.php',
-        'OCA\\AdminAudit\\Listener\\FileEventListener' => __DIR__ . '/..' . '/../lib/Listener/FileEventListener.php',
-        'OCA\\AdminAudit\\Listener\\GroupManagementEventListener' => __DIR__ . '/..' . '/../lib/Listener/GroupManagementEventListener.php',
-        'OCA\\AdminAudit\\Listener\\SecurityEventListener' => __DIR__ . '/..' . '/../lib/Listener/SecurityEventListener.php',
-        'OCA\\AdminAudit\\Listener\\SharingEventListener' => __DIR__ . '/..' . '/../lib/Listener/SharingEventListener.php',
-        'OCA\\AdminAudit\\Listener\\UserManagementEventListener' => __DIR__ . '/..' . '/../lib/Listener/UserManagementEventListener.php',
    );

    public static function getInitializer(ClassLoader $loader)
@@ -1,7 +1,7 @@
 OC.L10N.register(
    "admin_audit",
    {
-    "Auditing / Logging" : "Kiểm tra / Nhật ký",
-    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Cung cấp khả năng ghi nhật ký cho Nextcloud, chẳng hạn như ghi nhật ký quyền truy cập tệp hoặc các hành động nhạy cảm khác."
+    "Auditing / Logging" : "‎Kiểm tra / Nhật ký‎",
+    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "‎Cung cấp khả năng ghi nhật ký cho Nextcloud, chẳng hạn như ghi nhật ký quyền truy cập tệp hoặc các hành động nhạy cảm khác.‎"
 },
 "nplurals=1; plural=0;");
@@ -1,5 +1,5 @@
 { "translations": {
-    "Auditing / Logging" : "Kiểm tra / Nhật ký",
-    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "Cung cấp khả năng ghi nhật ký cho Nextcloud, chẳng hạn như ghi nhật ký quyền truy cập tệp hoặc các hành động nhạy cảm khác."
+    "Auditing / Logging" : "‎Kiểm tra / Nhật ký‎",
+    "Provides logging abilities for Nextcloud such as logging file accesses or otherwise sensitive actions." : "‎Cung cấp khả năng ghi nhật ký cho Nextcloud, chẳng hạn như ghi nhật ký quyền truy cập tệp hoặc các hành động nhạy cảm khác.‎"
 },"pluralForm" :"nplurals=1; plural=0;"
 }
@@ -32,13 +32,13 @@ class Action {
 			if (!isset($params[$element])) {
 				if ($obfuscateParameters) {
 					$this->logger->critical(
-						'$params["' . $element . '"] was missing.',
+						'$params["'.$element.'"] was missing.',
 						['app' => 'admin_audit']
 					);
 				} else {
 					$this->logger->critical(
 						sprintf(
-							'$params["' . $element . '"] was missing. Transferred value: %s',
+							'$params["'.$element.'"] was missing. Transferred value: %s',
 							print_r($params, true)
 						),
 						['app' => 'admin_audit']
@@ -0,0 +1,42 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+namespace OCA\AdminAudit\Actions;
+
+class AppManagement extends Action {
+
+	/**
+	 * @param string $appName
+	 */
+	public function enableApp(string $appName): void {
+		$this->log('App "%s" enabled',
+			['app' => $appName],
+			['app']
+		);
+	}
+
+	/**
+	 * @param string $appName
+	 * @param string[] $groups
+	 */
+	public function enableAppForGroups(string $appName, array $groups): void {
+		$this->log('App "%1$s" enabled for groups: %2$s',
+			['app' => $appName, 'groups' => implode(', ', $groups)],
+			['app', 'groups']
+		);
+	}
+
+	/**
+	 * @param string $appName
+	 */
+	public function disableApp(string $appName): void {
+		$this->log('App "%s" disabled',
+			['app' => $appName],
+			['app']
+		);
+	}
+}
@@ -0,0 +1,45 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+namespace OCA\AdminAudit\Actions;
+
+/**
+ * Class Auth logs all auth related actions
+ *
+ * @package OCA\AdminAudit\Actions
+ */
+class Auth extends Action {
+	public function loginAttempt(array $params): void {
+		$this->log(
+			'Login attempt: "%s"',
+			$params,
+			[
+				'uid',
+			],
+			true
+		);
+	}
+
+	public function loginSuccessful(array $params): void {
+		$this->log(
+			'Login successful: "%s"',
+			$params,
+			[
+				'uid',
+			],
+			true
+		);
+	}
+
+	public function logout(array $params): void {
+		$this->log(
+			'Logout occurred',
+			[],
+			[]
+		);
+	}
+}
@@ -0,0 +1,28 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+namespace OCA\AdminAudit\Actions;
+
+class Console extends Action {
+	/**
+	 * @param array $arguments
+	 */
+	public function runCommand(array $arguments): void {
+		if (!isset($arguments[1]) || $arguments[1] === '_completion') {
+			// Don't log autocompletion
+			return;
+		}
+
+		// Remove `./occ`
+		array_shift($arguments);
+
+		$this->log('Console command executed: %s',
+			['arguments' => implode(' ', $arguments)],
+			['arguments']
+		);
+	}
+}
@@ -8,15 +8,17 @@ declare(strict_types=1);
 namespace OCA\AdminAudit\Actions;

 use OC\Files\Node\NonExistingFile;
-use OCP\Files\Events\Node\BeforeNodeDeletedEvent;
 use OCP\Files\Events\Node\BeforeNodeReadEvent;
 use OCP\Files\Events\Node\BeforeNodeRenamedEvent;
+use OCP\Files\Events\Node\BeforeNodeWrittenEvent;
 use OCP\Files\Events\Node\NodeCopiedEvent;
 use OCP\Files\Events\Node\NodeCreatedEvent;
+use OCP\Files\Events\Node\NodeDeletedEvent;
 use OCP\Files\Events\Node\NodeRenamedEvent;
 use OCP\Files\Events\Node\NodeWrittenEvent;
 use OCP\Files\InvalidPathException;
 use OCP\Files\NotFoundException;
+use OCP\Preview\BeforePreviewFetchedEvent;
 use Psr\Log\LoggerInterface;

 /**
@@ -27,9 +29,10 @@ use Psr\Log\LoggerInterface;
 class Files extends Action {

 	private array $renamedNodes = [];
-
 	/**
 	 * Logs file read actions
+	 *
+	 * @param BeforeNodeReadEvent $event
 	 */
 	public function read(BeforeNodeReadEvent $event): void {
 		try {
@@ -40,7 +43,7 @@ class Files extends Action {
 			];
 		} catch (InvalidPathException|NotFoundException $e) {
 			\OCP\Server::get(LoggerInterface::class)->error(
-				'Exception thrown in file read: ' . $e->getMessage(), ['app' => 'admin_audit', 'exception' => $e]
+				'Exception thrown in file read: '.$e->getMessage(), ['app' => 'admin_audit', 'exception' => $e]
 			);
 			return;
 		}
@@ -53,6 +56,8 @@ class Files extends Action {

 	/**
 	 * Logs rename actions of files
+	 *
+	 * @param BeforeNodeRenamedEvent $event
 	 */
 	public function beforeRename(BeforeNodeRenamedEvent $event): void {
 		try {
@@ -60,7 +65,7 @@ class Files extends Action {
 			$this->renamedNodes[$source->getId()] = $source;
 		} catch (InvalidPathException|NotFoundException $e) {
 			\OCP\Server::get(LoggerInterface::class)->error(
-				'Exception thrown in file rename: ' . $e->getMessage(), ['app' => 'admin_audit', 'exception' => $e]
+				'Exception thrown in file rename: '.$e->getMessage(), ['app' => 'admin_audit', 'exception' => $e]
 			);
 			return;
 		}
@@ -68,6 +73,8 @@ class Files extends Action {

 	/**
 	 * Logs rename actions of files
+	 *
+	 * @param NodeRenamedEvent $event
 	 */
 	public function afterRename(NodeRenamedEvent $event): void {
 		try {
@@ -80,7 +87,7 @@ class Files extends Action {
 			];
 		} catch (InvalidPathException|NotFoundException $e) {
 			\OCP\Server::get(LoggerInterface::class)->error(
-				'Exception thrown in file rename: ' . $e->getMessage(), ['app' => 'admin_audit', 'exception' => $e]
+				'Exception thrown in file rename: '.$e->getMessage(), ['app' => 'admin_audit', 'exception' => $e]
 			);
 			return;
 		}
@@ -95,6 +102,8 @@ class Files extends Action {

 	/**
 	 * Logs creation of files
+	 *
+	 * @param NodeCreatedEvent $event
 	 */
 	public function create(NodeCreatedEvent $event): void {
 		try {
@@ -104,7 +113,7 @@ class Files extends Action {
 			];
 		} catch (InvalidPathException|NotFoundException $e) {
 			\OCP\Server::get(LoggerInterface::class)->error(
-				'Exception thrown in file create: ' . $e->getMessage(), ['app' => 'admin_audit', 'exception' => $e]
+				'Exception thrown in file create: '.$e->getMessage(), ['app' => 'admin_audit', 'exception' => $e]
 			);
 			return;
 		}
@@ -120,6 +129,8 @@ class Files extends Action {

 	/**
 	 * Logs copying of files
+	 *
+	 * @param NodeCopiedEvent $event
 	 */
 	public function copy(NodeCopiedEvent $event): void {
 		try {
@@ -131,7 +142,7 @@ class Files extends Action {
 			];
 		} catch (InvalidPathException|NotFoundException $e) {
 			\OCP\Server::get(LoggerInterface::class)->error(
-				'Exception thrown in file copy: ' . $e->getMessage(), ['app' => 'admin_audit', 'exception' => $e]
+				'Exception thrown in file copy: '.$e->getMessage(), ['app' => 'admin_audit', 'exception' => $e]
 			);
 			return;
 		}
@@ -144,17 +155,19 @@ class Files extends Action {

 	/**
 	 * Logs writing of files
+	 *
+	 * @param BeforeNodeWrittenEvent $event
 	 */
-	public function write(NodeWrittenEvent $event): void {
+	public function write(BeforeNodeWrittenEvent $event): void {
 		$node = $event->getNode();
 		try {
 			$params = [
-				'id' => $node->getId(),
+				'id' => $node instanceof NonExistingFile ? null : $node->getId(),
 				'path' => mb_substr($node->getInternalPath(), 5),
 			];
 		} catch (InvalidPathException|NotFoundException $e) {
 			\OCP\Server::get(LoggerInterface::class)->error(
-				'Exception thrown in file write: ' . $e->getMessage(), ['app' => 'admin_audit', 'exception' => $e]
+				'Exception thrown in file write: '.$e->getMessage(), ['app' => 'admin_audit', 'exception' => $e]
 			);
 			return;
 		}
@@ -170,9 +183,11 @@ class Files extends Action {
 	}

 	/**
-	 * Logs deletions of files
+	 * Logs update of files
+	 *
+	 * @param NodeWrittenEvent $event
 	 */
-	public function delete(BeforeNodeDeletedEvent $event): void {
+	public function update(NodeWrittenEvent $event): void {
 		try {
 			$params = [
 				'id' => $event->getNode()->getId(),
@@ -180,7 +195,31 @@ class Files extends Action {
 			];
 		} catch (InvalidPathException|NotFoundException $e) {
 			\OCP\Server::get(LoggerInterface::class)->error(
-				'Exception thrown in file delete: ' . $e->getMessage(), ['app' => 'admin_audit', 'exception' => $e]
+				'Exception thrown in file update: '.$e->getMessage(), ['app' => 'admin_audit', 'exception' => $e]
+			);
+			return;
+		}
+		$this->log(
+			'File with id "%s" updated: "%s"',
+			$params,
+			array_keys($params)
+		);
+	}
+
+	/**
+	 * Logs deletions of files
+	 *
+	 * @param NodeDeletedEvent $event
+	 */
+	public function delete(NodeDeletedEvent $event): void {
+		try {
+			$params = [
+				'id' => $event->getNode()->getId(),
+				'path' => mb_substr($event->getNode()->getInternalPath(), 5),
+			];
+		} catch (InvalidPathException|NotFoundException $e) {
+			\OCP\Server::get(LoggerInterface::class)->error(
+				'Exception thrown in file delete: '.$e->getMessage(), ['app' => 'admin_audit', 'exception' => $e]
 			);
 			return;
 		}
@@ -190,4 +229,33 @@ class Files extends Action {
 			array_keys($params)
 		);
 	}
+
+	/**
+	 * Logs preview access to a file
+	 *
+	 * @param BeforePreviewFetchedEvent $event
+	 */
+	public function preview(BeforePreviewFetchedEvent $event): void {
+		try {
+			$file = $event->getNode();
+			$params = [
+				'id' => $file->getId(),
+				'width' => $event->getWidth(),
+				'height' => $event->getHeight(),
+				'crop' => $event->isCrop(),
+				'mode' => $event->getMode(),
+				'path' => mb_substr($file->getInternalPath(), 5)
+			];
+		} catch (InvalidPathException|NotFoundException $e) {
+			\OCP\Server::get(LoggerInterface::class)->error(
+				'Exception thrown in file preview: '.$e->getMessage(), ['app' => 'admin_audit', 'exception' => $e]
+			);
+			return;
+		}
+		$this->log(
+			'Preview accessed: (id: "%s", width: "%s", height: "%s" crop: "%s", mode: "%s", path: "%s")',
+			$params,
+			array_keys($params)
+		);
+	}
 }
@@ -0,0 +1,87 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+namespace OCA\AdminAudit\Actions;
+
+use OCP\IGroup;
+use OCP\IUser;
+
+/**
+ * Class GroupManagement logs all group manager related events
+ *
+ * @package OCA\AdminAudit\Actions
+ */
+class GroupManagement extends Action {
+
+	/**
+	 * log add user to group event
+	 *
+	 * @param IGroup $group
+	 * @param IUser $user
+	 */
+	public function addUser(IGroup $group, IUser $user): void {
+		$this->log('User "%s" added to group "%s"',
+			[
+				'group' => $group->getGID(),
+				'user' => $user->getUID()
+			],
+			[
+				'user', 'group'
+			]
+		);
+	}
+
+	/**
+	 * log remove user from group event
+	 *
+	 * @param IGroup $group
+	 * @param IUser $user
+	 */
+	public function removeUser(IGroup $group, IUser $user): void {
+		$this->log('User "%s" removed from group "%s"',
+			[
+				'group' => $group->getGID(),
+				'user' => $user->getUID()
+			],
+			[
+				'user', 'group'
+			]
+		);
+	}
+
+	/**
+	 * log create group to group event
+	 *
+	 * @param IGroup $group
+	 */
+	public function createGroup(IGroup $group): void {
+		$this->log('Group created: "%s"',
+			[
+				'group' => $group->getGID()
+			],
+			[
+				'group'
+			]
+		);
+	}
+
+	/**
+	 * log delete group to group event
+	 *
+	 * @param IGroup $group
+	 */
+	public function deleteGroup(IGroup $group): void {
+		$this->log('Group deleted: "%s"',
+			[
+				'group' => $group->getGID()
+			],
+			[
+				'group'
+			]
+		);
+	}
+}
@@ -0,0 +1,60 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+namespace OCA\AdminAudit\Actions;
+
+use OCP\Authentication\TwoFactorAuth\IProvider;
+use OCP\IUser;
+
+/**
+ * Class Sharing logs the sharing actions
+ *
+ * @package OCA\AdminAudit\Actions
+ */
+class Security extends Action {
+	/**
+	 * Logs failed twofactor challenge
+	 */
+	public function twofactorFailed(IUser $user, IProvider $provider): void {
+		$params = [
+			'displayName' => $user->getDisplayName(),
+			'uid' => $user->getUID(),
+			'provider' => $provider->getDisplayName(),
+		];
+
+		$this->log(
+			'Failed two factor attempt by user %s (%s) with provider %s',
+			$params,
+			[
+				'displayName',
+				'uid',
+				'provider',
+			]
+		);
+	}
+
+	/**
+	 * Logs successful twofactor challenge
+	 */
+	public function twofactorSuccess(IUser $user, IProvider $provider): void {
+		$params = [
+			'displayName' => $user->getDisplayName(),
+			'uid' => $user->getUID(),
+			'provider' => $provider->getDisplayName(),
+		];
+
+		$this->log(
+			'Successful two factor attempt by user %s (%s) with provider %s',
+			$params,
+			[
+				'displayName',
+				'uid',
+				'provider',
+			]
+		);
+	}
+}
@@ -7,12 +7,279 @@ declare(strict_types=1);
 */
 namespace OCA\AdminAudit\Actions;

+use OCP\Share\IShare;
+
 /**
 * Class Sharing logs the sharing actions
 *
 * @package OCA\AdminAudit\Actions
 */
 class Sharing extends Action {
+	/**
+	 * Logs sharing of data
+	 *
+	 * @param array $params
+	 */
+	public function shared(array $params): void {
+		if ($params['shareType'] === IShare::TYPE_LINK) {
+			$this->log(
+				'The %s "%s" with ID "%s" has been shared via link with permissions "%s" (Share ID: %s)',
+				$params,
+				[
+					'itemType',
+					'path',
+					'itemSource',
+					'permissions',
+					'id',
+				]
+			);
+		} elseif ($params['shareType'] === IShare::TYPE_USER) {
+			$this->log(
+				'The %s "%s" with ID "%s" has been shared to the user "%s" with permissions "%s"  (Share ID: %s)',
+				$params,
+				[
+					'itemType',
+					'path',
+					'itemSource',
+					'shareWith',
+					'permissions',
+					'id',
+				]
+			);
+		} elseif ($params['shareType'] === IShare::TYPE_GROUP) {
+			$this->log(
+				'The %s "%s" with ID "%s" has been shared to the group "%s" with permissions "%s"  (Share ID: %s)',
+				$params,
+				[
+					'itemType',
+					'path',
+					'itemSource',
+					'shareWith',
+					'permissions',
+					'id',
+				]
+			);
+		} elseif ($params['shareType'] === IShare::TYPE_ROOM) {
+			$this->log(
+				'The %s "%s" with ID "%s" has been shared to the room "%s" with permissions "%s" (Share ID: %s)',
+				$params,
+				[
+					'itemType',
+					'path',
+					'itemSource',
+					'shareWith',
+					'permissions',
+					'id',
+				]
+			);
+		} elseif ($params['shareType'] === IShare::TYPE_EMAIL) {
+			$this->log(
+				'The %s "%s" with ID "%s" has been shared to the email recipient "%s" with permissions "%s" (Share ID: %s)',
+				$params,
+				[
+					'itemType',
+					'path',
+					'itemSource',
+					'shareWith',
+					'permissions',
+					'id',
+				]
+			);
+		} elseif ($params['shareType'] === IShare::TYPE_CIRCLE) {
+			$this->log(
+				'The %s "%s" with ID "%s" has been shared to the circle "%s" with permissions "%s" (Share ID: %s)',
+				$params,
+				[
+					'itemType',
+					'path',
+					'itemSource',
+					'shareWith',
+					'permissions',
+					'id',
+				]
+			);
+		} elseif ($params['shareType'] === IShare::TYPE_REMOTE) {
+			$this->log(
+				'The %s "%s" with ID "%s" has been shared to the remote user "%s" with permissions "%s" (Share ID: %s)',
+				$params,
+				[
+					'itemType',
+					'path',
+					'itemSource',
+					'shareWith',
+					'permissions',
+					'id',
+				]
+			);
+		} elseif ($params['shareType'] === IShare::TYPE_REMOTE_GROUP) {
+			$this->log(
+				'The %s "%s" with ID "%s" has been shared to the remote group "%s" with permissions "%s" (Share ID: %s)',
+				$params,
+				[
+					'itemType',
+					'path',
+					'itemSource',
+					'shareWith',
+					'permissions',
+					'id',
+				]
+			);
+		} elseif ($params['shareType'] === IShare::TYPE_DECK) {
+			$this->log(
+				'The %s "%s" with ID "%s" has been shared to the deck card "%s" with permissions "%s" (Share ID: %s)',
+				$params,
+				[
+					'itemType',
+					'path',
+					'itemSource',
+					'shareWith',
+					'permissions',
+					'id',
+				]
+			);
+		} elseif ($params['shareType'] === IShare::TYPE_SCIENCEMESH) {
+			$this->log(
+				'The %s "%s" with ID "%s" has been shared to the ScienceMesh user "%s" with permissions "%s" (Share ID: %s)',
+				$params,
+				[
+					'itemType',
+					'path',
+					'itemSource',
+					'shareWith',
+					'permissions',
+					'id',
+				]
+			);
+		}
+	}
+
+	/**
+	 * Logs unsharing of data
+	 *
+	 * @param array $params
+	 */
+	public function unshare(array $params): void {
+		if ($params['shareType'] === IShare::TYPE_LINK) {
+			$this->log(
+				'The %s "%s" with ID "%s" has been unshared (Share ID: %s)',
+				$params,
+				[
+					'itemType',
+					'fileTarget',
+					'itemSource',
+					'id',
+				]
+			);
+		} elseif ($params['shareType'] === IShare::TYPE_USER) {
+			$this->log(
+				'The %s "%s" with ID "%s" has been unshared from the user "%s" (Share ID: %s)',
+				$params,
+				[
+					'itemType',
+					'fileTarget',
+					'itemSource',
+					'shareWith',
+					'id',
+				]
+			);
+		} elseif ($params['shareType'] === IShare::TYPE_GROUP) {
+			$this->log(
+				'The %s "%s" with ID "%s" has been unshared from the group "%s" (Share ID: %s)',
+				$params,
+				[
+					'itemType',
+					'fileTarget',
+					'itemSource',
+					'shareWith',
+					'id',
+				]
+			);
+		} elseif ($params['shareType'] === IShare::TYPE_ROOM) {
+			$this->log(
+				'The %s "%s" with ID "%s" has been unshared from the room "%s" (Share ID: %s)',
+				$params,
+				[
+					'itemType',
+					'fileTarget',
+					'itemSource',
+					'shareWith',
+					'id',
+				]
+			);
+		} elseif ($params['shareType'] === IShare::TYPE_EMAIL) {
+			$this->log(
+				'The %s "%s" with ID "%s" has been unshared from the email recipient "%s" (Share ID: %s)',
+				$params,
+				[
+					'itemType',
+					'fileTarget',
+					'itemSource',
+					'shareWith',
+					'id',
+				]
+			);
+		} elseif ($params['shareType'] === IShare::TYPE_CIRCLE) {
+			$this->log(
+				'The %s "%s" with ID "%s" has been unshared from the circle "%s" (Share ID: %s)',
+				$params,
+				[
+					'itemType',
+					'fileTarget',
+					'itemSource',
+					'shareWith',
+					'id',
+				]
+			);
+		} elseif ($params['shareType'] === IShare::TYPE_REMOTE) {
+			$this->log(
+				'The %s "%s" with ID "%s" has been unshared from the remote user "%s" (Share ID: %s)',
+				$params,
+				[
+					'itemType',
+					'fileTarget',
+					'itemSource',
+					'shareWith',
+					'id',
+				]
+			);
+		} elseif ($params['shareType'] === IShare::TYPE_REMOTE_GROUP) {
+			$this->log(
+				'The %s "%s" with ID "%s" has been unshared from the remote group "%s" (Share ID: %s)',
+				$params,
+				[
+					'itemType',
+					'fileTarget',
+					'itemSource',
+					'shareWith',
+					'id',
+				]
+			);
+		} elseif ($params['shareType'] === IShare::TYPE_DECK) {
+			$this->log(
+				'The %s "%s" with ID "%s" has been unshared from the deck card "%s" (Share ID: %s)',
+				$params,
+				[
+					'itemType',
+					'fileTarget',
+					'itemSource',
+					'shareWith',
+					'id',
+				]
+			);
+		} elseif ($params['shareType'] === IShare::TYPE_SCIENCEMESH) {
+			$this->log(
+				'The %s "%s" with ID "%s" has been unshared from the ScienceMesh user "%s" (Share ID: %s)',
+				$params,
+				[
+					'itemType',
+					'fileTarget',
+					'itemSource',
+					'shareWith',
+					'id',
+				]
+			);
+		}
+	}

 	/**
 	 * Logs the updating of permission changes for shares
@@ -0,0 +1,122 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-License-Identifier: AGPL-3.0-or-later
+ */
+namespace OCA\AdminAudit\Actions;
+
+use OCP\IUser;
+
+/**
+ * Class UserManagement logs all user management related actions.
+ *
+ * @package OCA\AdminAudit\Actions
+ */
+class UserManagement extends Action {
+	/**
+	 * Log creation of users
+	 *
+	 * @param array $params
+	 */
+	public function create(array $params): void {
+		$this->log(
+			'User created: "%s"',
+			$params,
+			[
+				'uid',
+			]
+		);
+	}
+
+	/**
+	 * Log assignments of users (typically user backends)
+	 *
+	 * @param string $uid
+	 */
+	public function assign(string $uid): void {
+		$this->log(
+			'UserID assigned: "%s"',
+			[ 'uid' => $uid ],
+			[ 'uid' ]
+		);
+	}
+
+	/**
+	 * Log deletion of users
+	 *
+	 * @param array $params
+	 */
+	public function delete(array $params): void {
+		$this->log(
+			'User deleted: "%s"',
+			$params,
+			[
+				'uid',
+			]
+		);
+	}
+
+	/**
+	 * Log unassignments of users (typically user backends, no data removed)
+	 *
+	 * @param string $uid
+	 */
+	public function unassign(string $uid): void {
+		$this->log(
+			'UserID unassigned: "%s"',
+			[ 'uid' => $uid ],
+			[ 'uid' ]
+		);
+	}
+
+	/**
+	 * Log enabling of users
+	 *
+	 * @param array $params
+	 */
+	public function change(array $params): void {
+		switch ($params['feature']) {
+			case 'enabled':
+				$this->log(
+					$params['value'] === true
+						? 'User enabled: "%s"'
+						: 'User disabled: "%s"',
+					['user' => $params['user']->getUID()],
+					[
+						'user',
+					]
+				);
+				break;
+			case 'eMailAddress':
+				$this->log(
+					'Email address changed for user %s',
+					['user' => $params['user']->getUID()],
+					[
+						'user',
+					]
+				);
+				break;
+		}
+	}
+
+	/**
+	 * Logs changing of the user scope
+	 *
+	 * @param IUser $user
+	 */
+	public function setPassword(IUser $user): void {
+		if ($user->getBackendClassName() === 'Database') {
+			$this->log(
+				'Password of user "%s" has been changed',
+				[
+					'user' => $user->getUID(),
+				],
+				[
+					'user',
+				]
+			);
+		}
+	}
+}
@@ -1,35 +1,29 @@
 <?php

 declare(strict_types=1);
-
 /**
 * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
 * SPDX-License-Identifier: AGPL-3.0-or-later
 */
-
 namespace OCA\AdminAudit\AppInfo;

+use OC\Group\Manager as GroupManager;
+use OC\User\Session as UserSession;
+use OCA\AdminAudit\Actions\AppManagement;
 use OCA\AdminAudit\Actions\Auth;
 use OCA\AdminAudit\Actions\Console;
 use OCA\AdminAudit\Actions\Files;
+use OCA\AdminAudit\Actions\GroupManagement;
+use OCA\AdminAudit\Actions\Security;
 use OCA\AdminAudit\Actions\Sharing;
 use OCA\AdminAudit\Actions\TagManagement;
 use OCA\AdminAudit\Actions\Trashbin;
+use OCA\AdminAudit\Actions\UserManagement;
 use OCA\AdminAudit\Actions\Versions;
 use OCA\AdminAudit\AuditLogger;
 use OCA\AdminAudit\IAuditLogger;
-use OCA\AdminAudit\Listener\AppManagementEventListener;
-use OCA\AdminAudit\Listener\AuthEventListener;
-use OCA\AdminAudit\Listener\ConsoleEventListener;
 use OCA\AdminAudit\Listener\CriticalActionPerformedEventListener;
-use OCA\AdminAudit\Listener\FileEventListener;
-use OCA\AdminAudit\Listener\GroupManagementEventListener;
-use OCA\AdminAudit\Listener\SecurityEventListener;
-use OCA\AdminAudit\Listener\SharingEventListener;
-use OCA\AdminAudit\Listener\UserManagementEventListener;
-use OCP\App\Events\AppDisableEvent;
-use OCP\App\Events\AppEnableEvent;
-use OCP\App\Events\AppUpdateEvent;
+use OCP\App\ManagerEvent;
 use OCP\AppFramework\App;
 use OCP\AppFramework\Bootstrap\IBootContext;
 use OCP\AppFramework\Bootstrap\IBootstrap;
@@ -38,38 +32,29 @@ use OCP\Authentication\TwoFactorAuth\TwoFactorProviderChallengeFailed;
 use OCP\Authentication\TwoFactorAuth\TwoFactorProviderChallengePassed;
 use OCP\Console\ConsoleEvent;
 use OCP\EventDispatcher\IEventDispatcher;
-use OCP\Files\Events\Node\BeforeNodeDeletedEvent;
 use OCP\Files\Events\Node\BeforeNodeReadEvent;
 use OCP\Files\Events\Node\BeforeNodeRenamedEvent;
+use OCP\Files\Events\Node\BeforeNodeWrittenEvent;
 use OCP\Files\Events\Node\NodeCopiedEvent;
 use OCP\Files\Events\Node\NodeCreatedEvent;
+use OCP\Files\Events\Node\NodeDeletedEvent;
 use OCP\Files\Events\Node\NodeRenamedEvent;
 use OCP\Files\Events\Node\NodeWrittenEvent;
-use OCP\Group\Events\GroupCreatedEvent;
-use OCP\Group\Events\GroupDeletedEvent;
-use OCP\Group\Events\UserAddedEvent;
-use OCP\Group\Events\UserRemovedEvent;
 use OCP\IConfig;
+use OCP\IGroupManager;
+use OCP\IUserSession;
 use OCP\Log\Audit\CriticalActionPerformedEvent;
 use OCP\Log\ILogFactory;
 use OCP\Preview\BeforePreviewFetchedEvent;
 use OCP\Share;
-use OCP\Share\Events\ShareCreatedEvent;
-use OCP\Share\Events\ShareDeletedEvent;
-use OCP\User\Events\BeforeUserLoggedInEvent;
-use OCP\User\Events\BeforeUserLoggedOutEvent;
-use OCP\User\Events\PasswordUpdatedEvent;
-use OCP\User\Events\UserChangedEvent;
-use OCP\User\Events\UserCreatedEvent;
-use OCP\User\Events\UserDeletedEvent;
-use OCP\User\Events\UserIdAssignedEvent;
-use OCP\User\Events\UserIdUnassignedEvent;
-use OCP\User\Events\UserLoggedInEvent;
-use OCP\User\Events\UserLoggedInWithCookieEvent;
 use OCP\Util;
 use Psr\Container\ContainerInterface;
+use Psr\Log\LoggerInterface;

 class Application extends App implements IBootstrap {
+	/** @var LoggerInterface */
+	protected $logger;
+
 	public function __construct() {
 		parent::__construct('admin_audit');
 	}
@@ -80,45 +65,6 @@ class Application extends App implements IBootstrap {
 		});

 		$context->registerEventListener(CriticalActionPerformedEvent::class, CriticalActionPerformedEventListener::class);
-
-		// User management events
-		$context->registerEventListener(UserCreatedEvent::class, UserManagementEventListener::class);
-		$context->registerEventListener(UserDeletedEvent::class, UserManagementEventListener::class);
-		$context->registerEventListener(UserChangedEvent::class, UserManagementEventListener::class);
-		$context->registerEventListener(PasswordUpdatedEvent::class, UserManagementEventListener::class);
-		$context->registerEventListener(UserIdAssignedEvent::class, UserManagementEventListener::class);
-		$context->registerEventListener(UserIdUnassignedEvent::class, UserManagementEventListener::class);
-
-		// Group management events
-		$context->registerEventListener(UserAddedEvent::class, GroupManagementEventListener::class);
-		$context->registerEventListener(UserRemovedEvent::class, GroupManagementEventListener::class);
-		$context->registerEventListener(GroupCreatedEvent::class, GroupManagementEventListener::class);
-		$context->registerEventListener(GroupDeletedEvent::class, GroupManagementEventListener::class);
-
-		// Sharing events
-		$context->registerEventListener(ShareCreatedEvent::class, SharingEventListener::class);
-		$context->registerEventListener(ShareDeletedEvent::class, SharingEventListener::class);
-
-		// Auth events
-		$context->registerEventListener(BeforeUserLoggedInEvent::class, AuthEventListener::class);
-		$context->registerEventListener(UserLoggedInWithCookieEvent::class, AuthEventListener::class);
-		$context->registerEventListener(UserLoggedInEvent::class, AuthEventListener::class);
-		$context->registerEventListener(BeforeUserLoggedOutEvent::class, AuthEventListener::class);
-
-		// File events
-		$context->registerEventListener(BeforePreviewFetchedEvent::class, FileEventListener::class);
-
-		// Security events
-		$context->registerEventListener(TwoFactorProviderChallengePassed::class, SecurityEventListener::class);
-		$context->registerEventListener(TwoFactorProviderChallengeFailed::class, SecurityEventListener::class);
-
-		// App management events
-		$context->registerEventListener(AppEnableEvent::class, AppManagementEventListener::class);
-		$context->registerEventListener(AppDisableEvent::class, AppManagementEventListener::class);
-		$context->registerEventListener(AppUpdateEvent::class, AppManagementEventListener::class);
-
-		// Console events
-		$context->registerEventListener(ConsoleEvent::class, ConsoleEventListener::class);
 	}

 	public function boot(IBootContext $context): void {
@@ -129,87 +75,172 @@ class Application extends App implements IBootstrap {
 		 * TODO: once the hooks are migrated to lazy events, this should be done
 		 *       in \OCA\AdminAudit\AppInfo\Application::register
 		 */
-		$this->registerLegacyHooks($logger, $context->getServerContainer());
+		$this->registerHooks($logger, $context->getServerContainer());
 	}

 	/**
 	 * Register hooks in order to log them
 	 */
-	private function registerLegacyHooks(IAuditLogger $logger, ContainerInterface $serverContainer): void {
+	private function registerHooks(IAuditLogger $logger,
+		ContainerInterface $serverContainer): void {
+		$this->userManagementHooks($logger, $serverContainer->get(IUserSession::class));
+		$this->groupHooks($logger, $serverContainer->get(IGroupManager::class));
+		$this->authHooks($logger);
+
+
 		/** @var IEventDispatcher $eventDispatcher */
 		$eventDispatcher = $serverContainer->get(IEventDispatcher::class);
-		$this->sharingLegacyHooks($logger);
+		$this->consoleHooks($logger, $eventDispatcher);
+		$this->appHooks($logger, $eventDispatcher);
+
+		$this->sharingHooks($logger);
+
 		$this->fileHooks($logger, $eventDispatcher);
 		$this->trashbinHooks($logger);
 		$this->versionsHooks($logger);
+
+		$this->securityHooks($logger, $eventDispatcher);
 		$this->tagHooks($logger, $eventDispatcher);
 	}

-	private function sharingLegacyHooks(IAuditLogger $logger): void {
+	private function userManagementHooks(IAuditLogger $logger,
+		IUserSession $userSession): void {
+		$userActions = new UserManagement($logger);
+
+		Util::connectHook('OC_User', 'post_createUser', $userActions, 'create');
+		Util::connectHook('OC_User', 'post_deleteUser', $userActions, 'delete');
+		Util::connectHook('OC_User', 'changeUser', $userActions, 'change');
+
+		assert($userSession instanceof UserSession);
+		$userSession->listen('\OC\User', 'postSetPassword', [$userActions, 'setPassword']);
+		$userSession->listen('\OC\User', 'assignedUserId', [$userActions, 'assign']);
+		$userSession->listen('\OC\User', 'postUnassignedUserId', [$userActions, 'unassign']);
+	}
+
+	private function groupHooks(IAuditLogger $logger,
+		IGroupManager $groupManager): void {
+		$groupActions = new GroupManagement($logger);
+
+		assert($groupManager instanceof GroupManager);
+		$groupManager->listen('\OC\Group', 'postRemoveUser', [$groupActions, 'removeUser']);
+		$groupManager->listen('\OC\Group', 'postAddUser', [$groupActions, 'addUser']);
+		$groupManager->listen('\OC\Group', 'postDelete', [$groupActions, 'deleteGroup']);
+		$groupManager->listen('\OC\Group', 'postCreate', [$groupActions, 'createGroup']);
+	}
+
+	private function sharingHooks(IAuditLogger $logger): void {
 		$shareActions = new Sharing($logger);

+		Util::connectHook(Share::class, 'post_shared', $shareActions, 'shared');
+		Util::connectHook(Share::class, 'post_unshare', $shareActions, 'unshare');
+		Util::connectHook(Share::class, 'post_unshareFromSelf', $shareActions, 'unshare');
 		Util::connectHook(Share::class, 'post_update_permissions', $shareActions, 'updatePermissions');
 		Util::connectHook(Share::class, 'post_update_password', $shareActions, 'updatePassword');
 		Util::connectHook(Share::class, 'post_set_expiration_date', $shareActions, 'updateExpirationDate');
 		Util::connectHook(Share::class, 'share_link_access', $shareActions, 'shareAccessed');
 	}

+	private function authHooks(IAuditLogger $logger): void {
+		$authActions = new Auth($logger);
+
+		Util::connectHook('OC_User', 'pre_login', $authActions, 'loginAttempt');
+		Util::connectHook('OC_User', 'post_login', $authActions, 'loginSuccessful');
+		Util::connectHook('OC_User', 'logout', $authActions, 'logout');
+	}
+
+	private function appHooks(IAuditLogger $logger,
+		IEventDispatcher $eventDispatcher): void {
+		$eventDispatcher->addListener(ManagerEvent::EVENT_APP_ENABLE, function (ManagerEvent $event) use ($logger) {
+			$appActions = new AppManagement($logger);
+			$appActions->enableApp($event->getAppID());
+		});
+		$eventDispatcher->addListener(ManagerEvent::EVENT_APP_ENABLE_FOR_GROUPS, function (ManagerEvent $event) use ($logger) {
+			$appActions = new AppManagement($logger);
+			$appActions->enableAppForGroups($event->getAppID(), $event->getGroups());
+		});
+		$eventDispatcher->addListener(ManagerEvent::EVENT_APP_DISABLE, function (ManagerEvent $event) use ($logger) {
+			$appActions = new AppManagement($logger);
+			$appActions->disableApp($event->getAppID());
+		});
+	}
+
+	private function consoleHooks(IAuditLogger $logger,
+		IEventDispatcher $eventDispatcher): void {
+		$eventDispatcher->addListener(ConsoleEvent::class, function (ConsoleEvent $event) use ($logger) {
+			$appActions = new Console($logger);
+			$appActions->runCommand($event->getArguments());
+		});
+	}
 	private function tagHooks(IAuditLogger $logger,
 		IEventDispatcher $eventDispatcher): void {
-		$eventDispatcher->addListener(\OCP\SystemTag\ManagerEvent::EVENT_CREATE, function (\OCP\SystemTag\ManagerEvent $event) use ($logger): void {
+		$eventDispatcher->addListener(\OCP\SystemTag\ManagerEvent::EVENT_CREATE, function (\OCP\SystemTag\ManagerEvent $event) use ($logger) {
 			$tagActions = new TagManagement($logger);
 			$tagActions->createTag($event->getTag());
 		});
 	}

-	private function fileHooks(IAuditLogger $logger, IEventDispatcher $eventDispatcher): void {
+	private function fileHooks(IAuditLogger $logger,
+		IEventDispatcher $eventDispatcher): void {
 		$fileActions = new Files($logger);
+		$eventDispatcher->addListener(
+			BeforePreviewFetchedEvent::class,
+			function (BeforePreviewFetchedEvent $event) use ($fileActions) {
+				$fileActions->preview($event);
+			}
+		);

 		$eventDispatcher->addListener(
 			BeforeNodeRenamedEvent::class,
-			function (BeforeNodeRenamedEvent $event) use ($fileActions): void {
+			function (BeforeNodeRenamedEvent $event) use ($fileActions) {
 				$fileActions->beforeRename($event);
 			}
 		);

 		$eventDispatcher->addListener(
 			NodeRenamedEvent::class,
-			function (NodeRenamedEvent $event) use ($fileActions): void {
+			function (NodeRenamedEvent $event) use ($fileActions) {
 				$fileActions->afterRename($event);
 			}
 		);

 		$eventDispatcher->addListener(
 			NodeCreatedEvent::class,
-			function (NodeCreatedEvent $event) use ($fileActions): void {
+			function (NodeCreatedEvent $event) use ($fileActions) {
 				$fileActions->create($event);
 			}
 		);

 		$eventDispatcher->addListener(
 			NodeCopiedEvent::class,
-			function (NodeCopiedEvent $event) use ($fileActions): void {
+			function (NodeCopiedEvent $event) use ($fileActions) {
 				$fileActions->copy($event);
 			}
 		);

 		$eventDispatcher->addListener(
-			NodeWrittenEvent::class,
-			function (NodeWrittenEvent $event) use ($fileActions): void {
+			BeforeNodeWrittenEvent::class,
+			function (BeforeNodeWrittenEvent $event) use ($fileActions) {
 				$fileActions->write($event);
 			}
 		);

+		$eventDispatcher->addListener(
+			NodeWrittenEvent::class,
+			function (NodeWrittenEvent $event) use ($fileActions) {
+				$fileActions->update($event);
+			}
+		);
+
 		$eventDispatcher->addListener(
 			BeforeNodeReadEvent::class,
-			function (BeforeNodeReadEvent $event) use ($fileActions): void {
+			function (BeforeNodeReadEvent $event) use ($fileActions) {
 				$fileActions->read($event);
 			}
 		);

 		$eventDispatcher->addListener(
-			BeforeNodeDeletedEvent::class,
-			function (BeforeNodeDeletedEvent $event) use ($fileActions): void {
+			NodeDeletedEvent::class,
+			function (NodeDeletedEvent $event) use ($fileActions) {
 				$fileActions->delete($event);
 			}
 		);
@@ -226,4 +257,16 @@ class Application extends App implements IBootstrap {
 		Util::connectHook('\OCP\Trashbin', 'preDelete', $trashActions, 'delete');
 		Util::connectHook('\OCA\Files_Trashbin\Trashbin', 'post_restore', $trashActions, 'restore');
 	}
+
+	private function securityHooks(IAuditLogger $logger,
+		IEventDispatcher $eventDispatcher): void {
+		$eventDispatcher->addListener(TwoFactorProviderChallengePassed::class, function (TwoFactorProviderChallengePassed $event) use ($logger) {
+			$security = new Security($logger);
+			$security->twofactorSuccess($event->getUser(), $event->getProvider());
+		});
+		$eventDispatcher->addListener(TwoFactorProviderChallengeFailed::class, function (TwoFactorProviderChallengeFailed $event) use ($logger) {
+			$security = new Security($logger);
+			$security->twofactorFailed($event->getUser(), $event->getProvider());
+		});
+	}
 }
@@ -1,12 +1,9 @@
 <?php

-declare(strict_types=1);
-
 /**
 * SPDX-FileCopyrightText: 2022 Nextcloud GmbH and Nextcloud contributors
 * SPDX-License-Identifier: AGPL-3.0-or-later
 */
-
 namespace OCA\AdminAudit;

 use OCP\IConfig;
@@ -1,60 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-/**
- * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
- * SPDX-License-Identifier: AGPL-3.0-or-later
- */
-
-namespace OCA\AdminAudit\Listener;
-
-use OCA\AdminAudit\Actions\Action;
-use OCP\App\Events\AppDisableEvent;
-use OCP\App\Events\AppEnableEvent;
-use OCP\App\Events\AppUpdateEvent;
-use OCP\EventDispatcher\Event;
-use OCP\EventDispatcher\IEventListener;
-
-/**
- * @template-implements IEventListener<AppEnableEvent|AppDisableEvent|AppUpdateEvent>
- */
-class AppManagementEventListener extends Action implements IEventListener {
-	public function handle(Event $event): void {
-		if ($event instanceof AppEnableEvent) {
-			$this->appEnable($event);
-		} elseif ($event instanceof AppDisableEvent) {
-			$this->appDisable($event);
-		} elseif ($event instanceof AppUpdateEvent) {
-			$this->appUpdate($event);
-		}
-	}
-
-	private function appEnable(AppEnableEvent $event): void {
-		if (empty($event->getGroupIds())) {
-			$this->log('App "%s" enabled',
-				['app' => $event->getAppId()],
-				['app']
-			);
-		} else {
-			$this->log('App "%1$s" enabled for groups: %2$s',
-				['app' => $event->getAppId(), 'groups' => implode(', ', $event->getGroupIds())],
-				['app', 'groups']
-			);
-		}
-	}
-
-	private function appDisable(AppDisableEvent $event): void {
-		$this->log('App "%s" disabled',
-			['app' => $event->getAppId()],
-			['app']
-		);
-	}
-
-	private function appUpdate(AppUpdateEvent $event): void {
-		$this->log('App "%s" updated',
-			['app' => $event->getAppId()],
-			['app']
-		);
-	}
-}
@@ -1,67 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-/**
- * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
- * SPDX-License-Identifier: AGPL-3.0-or-later
- */
-
-namespace OCA\AdminAudit\Listener;
-
-use OCA\AdminAudit\Actions\Action;
-use OCP\EventDispatcher\Event;
-use OCP\EventDispatcher\IEventListener;
-use OCP\User\Events\BeforeUserLoggedInEvent;
-use OCP\User\Events\BeforeUserLoggedOutEvent;
-use OCP\User\Events\UserLoggedInEvent;
-use OCP\User\Events\UserLoggedInWithCookieEvent;
-
-/**
- * @template-implements IEventListener<BeforeUserLoggedInEvent|UserLoggedInWithCookieEvent|UserLoggedInEvent|BeforeUserLoggedOutEvent>
- */
-class AuthEventListener extends Action implements IEventListener {
-	public function handle(Event $event): void {
-		if ($event instanceof BeforeUserLoggedInEvent) {
-			$this->beforeUserLoggedIn($event);
-		} elseif ($event instanceof UserLoggedInWithCookieEvent || $event instanceof UserLoggedInEvent) {
-			$this->userLoggedIn($event);
-		} elseif ($event instanceof BeforeUserLoggedOutEvent) {
-			$this->beforeUserLogout($event);
-		}
-	}
-
-	private function beforeUserLoggedIn(BeforeUserLoggedInEvent $event): void {
-		$this->log(
-			'Login attempt: "%s"',
-			[
-				'uid' => $event->getUsername()
-			],
-			[
-				'uid',
-			],
-			true
-		);
-	}
-
-	private function userLoggedIn(UserLoggedInWithCookieEvent|UserLoggedInEvent $event): void {
-		$this->log(
-			'Login successful: "%s"',
-			[
-				'uid' => $event->getUser()->getUID()
-			],
-			[
-				'uid',
-			],
-			true
-		);
-	}
-
-	private function beforeUserLogout(BeforeUserLoggedOutEvent $event): void {
-		$this->log(
-			'Logout occurred',
-			[],
-			[]
-		);
-	}
-}
@@ -1,42 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-/**
- * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
- * SPDX-License-Identifier: AGPL-3.0-or-later
- */
-
-namespace OCA\AdminAudit\Listener;
-
-use OCA\AdminAudit\Actions\Action;
-use OCP\Console\ConsoleEvent;
-use OCP\EventDispatcher\Event;
-use OCP\EventDispatcher\IEventListener;
-
-/**
- * @template-implements IEventListener<ConsoleEvent>
- */
-class ConsoleEventListener extends Action implements IEventListener {
-	public function handle(Event $event): void {
-		if ($event instanceof ConsoleEvent) {
-			$this->runCommand($event);
-		}
-	}
-
-	private function runCommand(ConsoleEvent $event): void {
-		$arguments = $event->getArguments();
-		if (!isset($arguments[1]) || $arguments[1] === '_completion') {
-			// Don't log autocompletion
-			return;
-		}
-
-		// Remove `./occ`
-		array_shift($arguments);
-
-		$this->log('Console command executed: %s',
-			['arguments' => implode(' ', $arguments)],
-			['arguments']
-		);
-	}
-}
@@ -1,12 +1,10 @@
 <?php

 declare(strict_types=1);
-
 /**
 * SPDX-FileCopyrightText: 2021 Nextcloud GmbH and Nextcloud contributors
 * SPDX-License-Identifier: AGPL-3.0-or-later
 */
-
 namespace OCA\AdminAudit\Listener;

 use OCA\AdminAudit\Actions\Action;
@@ -1,56 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-/**
- * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
- * SPDX-License-Identifier: AGPL-3.0-or-later
- */
-
-namespace OCA\AdminAudit\Listener;
-
-use OCA\AdminAudit\Actions\Action;
-use OCP\EventDispatcher\Event;
-use OCP\EventDispatcher\IEventListener;
-use OCP\Files\InvalidPathException;
-use OCP\Files\NotFoundException;
-use OCP\Preview\BeforePreviewFetchedEvent;
-use Psr\Log\LoggerInterface;
-
-/**
- * @template-implements IEventListener<BeforePreviewFetchedEvent>
- */
-class FileEventListener extends Action implements IEventListener {
-	public function handle(Event $event): void {
-		if ($event instanceof BeforePreviewFetchedEvent) {
-			$this->beforePreviewFetched($event);
-		}
-	}
-
-	/**
-	 * Logs preview access to a file
-	 */
-	private function beforePreviewFetched(BeforePreviewFetchedEvent $event): void {
-		try {
-			$file = $event->getNode();
-			$params = [
-				'id' => $file->getId(),
-				'width' => $event->getWidth(),
-				'height' => $event->getHeight(),
-				'crop' => $event->isCrop(),
-				'mode' => $event->getMode(),
-				'path' => mb_substr($file->getInternalPath(), 5)
-			];
-			$this->log(
-				'Preview accessed: (id: "%s", width: "%s", height: "%s" crop: "%s", mode: "%s", path: "%s")',
-				$params,
-				array_keys($params)
-			);
-		} catch (InvalidPathException|NotFoundException $e) {
-			\OCP\Server::get(LoggerInterface::class)->error(
-				'Exception thrown in file preview: ' . $e->getMessage(), ['app' => 'admin_audit', 'exception' => $e]
-			);
-			return;
-		}
-	}
-}
@@ -1,81 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-/**
- * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
- * SPDX-License-Identifier: AGPL-3.0-or-later
- */
-
-namespace OCA\AdminAudit\Listener;
-
-use OCA\AdminAudit\Actions\Action;
-use OCP\EventDispatcher\Event;
-use OCP\EventDispatcher\IEventListener;
-use OCP\Group\Events\GroupCreatedEvent;
-use OCP\Group\Events\GroupDeletedEvent;
-use OCP\Group\Events\UserAddedEvent;
-use OCP\Group\Events\UserRemovedEvent;
-
-/**
- * @template-implements IEventListener<UserAddedEvent|UserRemovedEvent|GroupCreatedEvent|GroupDeletedEvent>
- */
-class GroupManagementEventListener extends Action implements IEventListener {
-	public function handle(Event $event): void {
-		if ($event instanceof UserAddedEvent) {
-			$this->userAdded($event);
-		} elseif ($event instanceof UserRemovedEvent) {
-			$this->userRemoved($event);
-		} elseif ($event instanceof GroupCreatedEvent) {
-			$this->groupCreated($event);
-		} elseif ($event instanceof GroupDeletedEvent) {
-			$this->groupDeleted($event);
-		}
-	}
-
-	private function userAdded(UserAddedEvent $event): void {
-		$this->log('User "%s" added to group "%s"',
-			[
-				'group' => $event->getGroup()->getGID(),
-				'user' => $event->getUser()->getUID()
-			],
-			[
-				'user', 'group'
-			]
-		);
-	}
-
-	private function userRemoved(UserRemovedEvent $event): void {
-		$this->log('User "%s" removed from group "%s"',
-			[
-				'group' => $event->getGroup()->getGID(),
-				'user' => $event->getUser()->getUID()
-			],
-			[
-				'user', 'group'
-			]
-		);
-	}
-
-	private function groupCreated(GroupCreatedEvent $event): void {
-		$this->log('Group created: "%s"',
-			[
-				'group' => $event->getGroup()->getGID()
-			],
-			[
-				'group'
-			]
-		);
-	}
-
-	private function groupDeleted(GroupDeletedEvent $event): void {
-		$this->log('Group deleted: "%s"',
-			[
-				'group' => $event->getGroup()->getGID()
-			],
-			[
-				'group'
-			]
-		);
-	}
-}
@@ -1,61 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-/**
- * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
- * SPDX-License-Identifier: AGPL-3.0-or-later
- */
-
-namespace OCA\AdminAudit\Listener;
-
-use OCA\AdminAudit\Actions\Action;
-use OCP\Authentication\TwoFactorAuth\TwoFactorProviderChallengeFailed;
-use OCP\Authentication\TwoFactorAuth\TwoFactorProviderChallengePassed;
-use OCP\EventDispatcher\Event;
-use OCP\EventDispatcher\IEventListener;
-
-/**
- * @template-implements IEventListener<TwoFactorProviderChallengePassed|TwoFactorProviderChallengeFailed>
- */
-class SecurityEventListener extends Action implements IEventListener {
-	public function handle(Event $event): void {
-		if ($event instanceof TwoFactorProviderChallengePassed) {
-			$this->twoFactorProviderChallengePassed($event);
-		} elseif ($event instanceof TwoFactorProviderChallengeFailed) {
-			$this->twoFactorProviderChallengeFailed($event);
-		}
-	}
-
-	private function twoFactorProviderChallengePassed(TwoFactorProviderChallengePassed $event): void {
-		$this->log(
-			'Successful two factor attempt by user %s (%s) with provider %s',
-			[
-				'uid' => $event->getUser()->getUID(),
-				'displayName' => $event->getUser()->getDisplayName(),
-				'provider' => $event->getProvider()->getDisplayName()
-			],
-			[
-				'displayName',
-				'uid',
-				'provider',
-			]
-		);
-	}
-
-	private function twoFactorProviderChallengeFailed(TwoFactorProviderChallengeFailed $event): void {
-		$this->log(
-			'Failed two factor attempt by user %s (%s) with provider %s',
-			[
-				'uid' => $event->getUser()->getUID(),
-				'displayName' => $event->getUser()->getDisplayName(),
-				'provider' => $event->getProvider()->getDisplayName()
-			],
-			[
-				'displayName',
-				'uid',
-				'provider',
-			]
-		);
-	}
-}
@@ -1,291 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-/**
- * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
- * SPDX-License-Identifier: AGPL-3.0-or-later
- */
-
-namespace OCA\AdminAudit\Listener;
-
-use OCA\AdminAudit\Actions\Action;
-use OCP\EventDispatcher\Event;
-use OCP\EventDispatcher\IEventListener;
-use OCP\Share\Events\ShareCreatedEvent;
-use OCP\Share\Events\ShareDeletedEvent;
-use OCP\Share\IShare;
-
-/**
- * @template-implements IEventListener<ShareCreatedEvent|ShareDeletedEvent>
- */
-class SharingEventListener extends Action implements IEventListener {
-	public function handle(Event $event): void {
-		if ($event instanceof ShareCreatedEvent) {
-			$this->shareCreated($event);
-		} elseif ($event instanceof ShareDeletedEvent) {
-			$this->shareDeleted($event);
-		}
-	}
-
-	private function shareCreated(ShareCreatedEvent $event): void {
-		$share = $event->getShare();
-
-		$params = [
-			'itemType' => $share->getNodeType(),
-			'path' => $share->getNode()->getPath(),
-			'itemSource' => $share->getNodeId(),
-			'shareWith' => $share->getSharedWith(),
-			'permissions' => $share->getPermissions(),
-			'id' => $share->getId()
-		];
-
-		match ($share->getShareType()) {
-			IShare::TYPE_LINK => $this->log(
-				'The %s "%s" with ID "%s" has been shared via link with permissions "%s" (Share ID: %s)',
-				$params,
-				[
-					'itemType',
-					'path',
-					'itemSource',
-					'permissions',
-					'id',
-				]
-			),
-			IShare::TYPE_USER => $this->log(
-				'The %s "%s" with ID "%s" has been shared to the user "%s" with permissions "%s"  (Share ID: %s)',
-				$params,
-				[
-					'itemType',
-					'path',
-					'itemSource',
-					'shareWith',
-					'permissions',
-					'id',
-				]
-			),
-			IShare::TYPE_GROUP => $this->log(
-				'The %s "%s" with ID "%s" has been shared to the group "%s" with permissions "%s"  (Share ID: %s)',
-				$params,
-				[
-					'itemType',
-					'path',
-					'itemSource',
-					'shareWith',
-					'permissions',
-					'id',
-				]
-			),
-			IShare::TYPE_ROOM => $this->log(
-				'The %s "%s" with ID "%s" has been shared to the room "%s" with permissions "%s" (Share ID: %s)',
-				$params,
-				[
-					'itemType',
-					'path',
-					'itemSource',
-					'shareWith',
-					'permissions',
-					'id',
-				]
-			),
-			IShare::TYPE_EMAIL => $this->log(
-				'The %s "%s" with ID "%s" has been shared to the email recipient "%s" with permissions "%s" (Share ID: %s)',
-				$params,
-				[
-					'itemType',
-					'path',
-					'itemSource',
-					'shareWith',
-					'permissions',
-					'id',
-				]
-			),
-			IShare::TYPE_CIRCLE => $this->log(
-				'The %s "%s" with ID "%s" has been shared to the circle "%s" with permissions "%s" (Share ID: %s)',
-				$params,
-				[
-					'itemType',
-					'path',
-					'itemSource',
-					'shareWith',
-					'permissions',
-					'id',
-				]
-			),
-			IShare::TYPE_REMOTE => $this->log(
-				'The %s "%s" with ID "%s" has been shared to the remote user "%s" with permissions "%s" (Share ID: %s)',
-				$params,
-				[
-					'itemType',
-					'path',
-					'itemSource',
-					'shareWith',
-					'permissions',
-					'id',
-				]
-			),
-			IShare::TYPE_REMOTE_GROUP => $this->log(
-				'The %s "%s" with ID "%s" has been shared to the remote group "%s" with permissions "%s" (Share ID: %s)',
-				$params,
-				[
-					'itemType',
-					'path',
-					'itemSource',
-					'shareWith',
-					'permissions',
-					'id',
-				]
-			),
-			IShare::TYPE_DECK => $this->log(
-				'The %s "%s" with ID "%s" has been shared to the deck card "%s" with permissions "%s" (Share ID: %s)',
-				$params,
-				[
-					'itemType',
-					'path',
-					'itemSource',
-					'shareWith',
-					'permissions',
-					'id',
-				]
-			),
-			IShare::TYPE_SCIENCEMESH => $this->log(
-				'The %s "%s" with ID "%s" has been shared to the sciencemesh user "%s" with permissions "%s" (Share ID: %s)',
-				$params,
-				[
-					'itemType',
-					'path',
-					'itemSource',
-					'shareWith',
-					'permissions',
-					'id',
-				]
-			),
-			default => null
-		};
-	}
-
-	private function shareDeleted(ShareDeletedEvent $event): void {
-		$share = $event->getShare();
-
-		$params = [
-			'itemType' => $share->getNodeType(),
-			'fileTarget' => $share->getTarget(),
-			'itemSource' => $share->getNodeId(),
-			'shareWith' => $share->getSharedWith(),
-			'id' => $share->getId()
-		];
-
-		match ($share->getShareType()) {
-			IShare::TYPE_LINK => $this->log(
-				'The %s "%s" with ID "%s" has been unshared (Share ID: %s)',
-				$params,
-				[
-					'itemType',
-					'fileTarget',
-					'itemSource',
-					'id',
-				]
-			),
-			IShare::TYPE_USER => $this->log(
-				'The %s "%s" with ID "%s" has been unshared from the user "%s" (Share ID: %s)',
-				$params,
-				[
-					'itemType',
-					'fileTarget',
-					'itemSource',
-					'shareWith',
-					'id',
-				]
-			),
-			IShare::TYPE_GROUP => $this->log(
-				'The %s "%s" with ID "%s" has been unshared from the group "%s" (Share ID: %s)',
-				$params,
-				[
-					'itemType',
-					'fileTarget',
-					'itemSource',
-					'shareWith',
-					'id',
-				]
-			),
-			IShare::TYPE_ROOM => $this->log(
-				'The %s "%s" with ID "%s" has been unshared from the room "%s" (Share ID: %s)',
-				$params,
-				[
-					'itemType',
-					'fileTarget',
-					'itemSource',
-					'shareWith',
-					'id',
-				]
-			),
-			IShare::TYPE_EMAIL => $this->log(
-				'The %s "%s" with ID "%s" has been unshared from the email recipient "%s" (Share ID: %s)',
-				$params,
-				[
-					'itemType',
-					'fileTarget',
-					'itemSource',
-					'shareWith',
-					'id',
-				]
-			),
-			IShare::TYPE_CIRCLE => $this->log(
-				'The %s "%s" with ID "%s" has been unshared from the circle "%s" (Share ID: %s)',
-				$params,
-				[
-					'itemType',
-					'fileTarget',
-					'itemSource',
-					'shareWith',
-					'id',
-				]
-			),
-			IShare::TYPE_REMOTE => $this->log(
-				'The %s "%s" with ID "%s" has been unshared from the remote user "%s" (Share ID: %s)',
-				$params,
-				[
-					'itemType',
-					'fileTarget',
-					'itemSource',
-					'shareWith',
-					'id',
-				]
-			),
-			IShare::TYPE_REMOTE_GROUP => $this->log(
-				'The %s "%s" with ID "%s" has been unshared from the remote group "%s" (Share ID: %s)',
-				$params,
-				[
-					'itemType',
-					'fileTarget',
-					'itemSource',
-					'shareWith',
-					'id',
-				]
-			),
-			IShare::TYPE_DECK => $this->log(
-				'The %s "%s" with ID "%s" has been unshared from the deck card "%s" (Share ID: %s)',
-				$params,
-				[
-					'itemType',
-					'fileTarget',
-					'itemSource',
-					'shareWith',
-					'id',
-				]
-			),
-			IShare::TYPE_SCIENCEMESH => $this->log(
-				'The %s "%s" with ID "%s" has been unshared from the sciencemesh user "%s" (Share ID: %s)',
-				$params,
-				[
-					'itemType',
-					'fileTarget',
-					'itemSource',
-					'shareWith',
-					'id',
-				]
-			),
-			default => null
-		};
-	}
-}
@@ -1,126 +0,0 @@
-<?php
-
-declare(strict_types=1);
-
-/**
- * SPDX-FileCopyrightText: 2017 Nextcloud GmbH and Nextcloud contributors
- * SPDX-License-Identifier: AGPL-3.0-or-later
- */
-
-namespace OCA\AdminAudit\Listener;
-
-use OCA\AdminAudit\Actions\Action;
-use OCP\EventDispatcher\Event;
-use OCP\EventDispatcher\IEventListener;
-use OCP\User\Events\PasswordUpdatedEvent;
-use OCP\User\Events\UserChangedEvent;
-use OCP\User\Events\UserCreatedEvent;
-use OCP\User\Events\UserDeletedEvent;
-use OCP\User\Events\UserIdAssignedEvent;
-use OCP\User\Events\UserIdUnassignedEvent;
-
-/**
- * @template-implements IEventListener<UserCreatedEvent|UserDeletedEvent|UserChangedEvent|PasswordUpdatedEvent|UserIdAssignedEvent|UserIdUnassignedEvent>
- */
-class UserManagementEventListener extends Action implements IEventListener {
-	public function handle(Event $event): void {
-		if ($event instanceof UserCreatedEvent) {
-			$this->userCreated($event);
-		} elseif ($event instanceof UserDeletedEvent) {
-			$this->userDeleted($event);
-		} elseif ($event instanceof UserChangedEvent) {
-			$this->userChanged($event);
-		} elseif ($event instanceof PasswordUpdatedEvent) {
-			$this->passwordUpdated($event);
-		} elseif ($event instanceof UserIdAssignedEvent) {
-			$this->userIdAssigned($event);
-		} elseif ($event instanceof UserIdUnassignedEvent) {
-			$this->userIdUnassigned($event);
-		}
-	}
-
-	private function userCreated(UserCreatedEvent $event): void {
-		$this->log(
-			'User created: "%s"',
-			[
-				'uid' => $event->getUid()
-			],
-			[
-				'uid',
-			]
-		);
-	}
-
-	private function userDeleted(UserDeletedEvent $event): void {
-		$this->log(
-			'User deleted: "%s"',
-			[
-				'uid' => $event->getUser()->getUID()
-			],
-			[
-				'uid',
-			]
-		);
-	}
-
-	private function userChanged(UserChangedEvent $event): void {
-		switch ($event->getFeature()) {
-			case 'enabled':
-				$this->log(
-					$event->getValue() === true
-						? 'User enabled: "%s"'
-						: 'User disabled: "%s"',
-					['user' => $event->getUser()->getUID()],
-					[
-						'user',
-					]
-				);
-				break;
-			case 'eMailAddress':
-				$this->log(
-					'Email address changed for user %s',
-					['user' => $event->getUser()->getUID()],
-					[
-						'user',
-					]
-				);
-				break;
-		}
-	}
-
-	private function passwordUpdated(PasswordUpdatedEvent $event): void {
-		if ($event->getUser()->getBackendClassName() === 'Database') {
-			$this->log(
-				'Password of user "%s" has been changed',
-				[
-					'user' => $event->getUser()->getUID(),
-				],
-				[
-					'user',
-				]
-			);
-		}
-	}
-
-	/**
-	 * Log assignments of users (typically user backends)
-	 */
-	private function userIdAssigned(UserIdAssignedEvent $event): void {
-		$this->log(
-			'UserID assigned: "%s"',
-			[ 'uid' => $event->getUserId() ],
-			[ 'uid' ]
-		);
-	}
-
-	/**
-	 * Log unassignments of users (typically user backends, no data removed)
-	 */
-	private function userIdUnassigned(UserIdUnassignedEvent $event): void {
-		$this->log(
-			'UserID unassigned: "%s"',
-			[ 'uid' => $event->getUserId() ],
-			[ 'uid' ]
-		);
-	}
-}
@@ -1,47 +1,38 @@
 <?php

 declare(strict_types=1);
-
 /**
 * SPDX-FileCopyrightText: 2018 Nextcloud GmbH and Nextcloud contributors
 * SPDX-License-Identifier: AGPL-3.0-or-later
 */
+namespace OCA\AdminAudit\Tests\Actions;

-namespace OCA\AdminAudit\Tests\Listener;
-
+use OCA\AdminAudit\Actions\Security;
 use OCA\AdminAudit\AuditLogger;
-use OCA\AdminAudit\Listener\SecurityEventListener;
 use OCP\Authentication\TwoFactorAuth\IProvider;
-use OCP\Authentication\TwoFactorAuth\TwoFactorProviderChallengeFailed;
-use OCP\Authentication\TwoFactorAuth\TwoFactorProviderChallengePassed;
 use OCP\IUser;
 use PHPUnit\Framework\MockObject\MockObject;
 use Test\TestCase;

-class SecurityEventListenerTest extends TestCase {
+class SecurityTest extends TestCase {
 	private AuditLogger|MockObject $logger;

-	private SecurityEventListener $security;
+	private Security $security;

 	private MockObject|IUser $user;

-	/** @var IProvider&MockObject */
-	private $provider;
-
 	protected function setUp(): void {
 		parent::setUp();

 		$this->logger = $this->createMock(AuditLogger::class);
-		$this->security = new SecurityEventListener($this->logger);
+		$this->security = new Security($this->logger);

 		$this->user = $this->createMock(IUser::class);
 		$this->user->method('getUID')->willReturn('myuid');
 		$this->user->method('getDisplayName')->willReturn('mydisplayname');
-		$this->provider = $this->createMock(IProvider::class);
-		$this->provider->method('getDisplayName')->willReturn('myprovider');
 	}

-	public function testTwofactorFailed(): void {
+	public function testTwofactorFailed() {
 		$this->logger->expects($this->once())
 			->method('info')
 			->with(
@@ -49,10 +40,14 @@ class SecurityEventListenerTest extends TestCase {
 				['app' => 'admin_audit']
 			);

-		$this->security->handle(new twoFactorProviderChallengeFailed($this->user, $this->provider));
+		$provider = $this->createMock(IProvider::class);
+		$provider->method('getDisplayName')
+			->willReturn('myprovider');
+
+		$this->security->twofactorFailed($this->user, $provider);
 	}

-	public function testTwofactorSuccess(): void {
+	public function testTwofactorSuccess() {
 		$this->logger->expects($this->once())
 			->method('info')
 			->with(
@@ -60,6 +55,10 @@ class SecurityEventListenerTest extends TestCase {
 				['app' => 'admin_audit']
 			);

-		$this->security->handle(new TwoFactorProviderChallengePassed($this->user, $this->provider));
+		$provider = $this->createMock(IProvider::class);
+		$provider->method('getDisplayName')
+			->willReturn('myprovider');
+
+		$this->security->twofactorSuccess($this->user, $provider);
 	}
 }
@@ -1,92 +0,0 @@
-<?php
-
-declare(strict_types=1);
-/**
- * SPDX-FileCopyrightText: 2024 Nextcloud GmbH and Nextcloud contributors
- * SPDX-License-Identifier: AGPL-3.0-or-later
- */
-namespace OCA\AdminAudit\Tests\Actions;
-
-use OCA\AdminAudit\IAuditLogger;
-use OCA\AdminAudit\Listener\UserManagementEventListener;
-use OCP\IUser;
-use OCP\User\Events\UserChangedEvent;
-use PHPUnit\Framework\MockObject\MockObject;
-use Test\TestCase;
-
-class UserManagementEventListenerTest extends TestCase {
-	private IAuditLogger&MockObject $logger;
-
-	private UserManagementEventListener $listener;
-
-	private MockObject&IUser $user;
-
-	protected function setUp(): void {
-		parent::setUp();
-
-		$this->logger = $this->createMock(IAuditLogger::class);
-		$this->listener = new UserManagementEventListener($this->logger);
-
-		$this->user = $this->createMock(IUser::class);
-		$this->user->method('getUID')->willReturn('alice');
-		$this->user->method('getDisplayName')->willReturn('Alice');
-	}
-
-	public function testSkipUnsupported(): void {
-		$this->logger->expects($this->never())
-			->method('info');
-
-		$event = new UserChangedEvent(
-			$this->user,
-			'unsupported',
-			'value',
-		);
-
-		$this->listener->handle($event);
-	}
-
-	public function testUserEnabled(): void {
-		$this->logger->expects($this->once())
-			->method('info')
-			->with('User enabled: "alice"', ['app' => 'admin_audit']);
-
-		$event = new UserChangedEvent(
-			$this->user,
-			'enabled',
-			true,
-			false,
-		);
-
-		$this->listener->handle($event);
-	}
-
-	public function testUserDisabled(): void {
-		$this->logger->expects($this->once())
-			->method('info')
-			->with('User disabled: "alice"', ['app' => 'admin_audit']);
-
-		$event = new UserChangedEvent(
-			$this->user,
-			'enabled',
-			false,
-			true,
-		);
-
-		$this->listener->handle($event);
-	}
-
-	public function testEmailChanged(): void {
-		$this->logger->expects($this->once())
-			->method('info')
-			->with('Email address changed for user alice', ['app' => 'admin_audit']);
-
-		$event = new UserChangedEvent(
-			$this->user,
-			'eMailAddress',
-			'alice@alice.com',
-			'',
-		);
-
-		$this->listener->handle($event);
-	}
-}
@@ -50,7 +50,7 @@ class RequestHandlerController extends Controller {
 		private ICloudFederationProviderManager $cloudFederationProviderManager,
 		private Config $config,
 		private ICloudFederationFactory $factory,
-		private ICloudIdManager $cloudIdManager,
+		private ICloudIdManager $cloudIdManager
 	) {
 		parent::__construct($appName, $request);
 	}
@@ -10,7 +10,6 @@ OC.L10N.register(
    "{author} commented on {file}" : "{author} okomentoval(a) {file}",
    "<strong>Comments</strong> for files" : "<strong>Komentáře</strong> k souborům",
    "Files" : "Soubory",
-    "You were mentioned on \"{file}\", in a comment by an account that has since been deleted" : "Byli jste zmíněni u souboru „{file}“, v komentáři od účtu, který byl později smazán",
    "{user} mentioned you in a comment on \"{file}\"" : "{user} vás zmínil(a) v komentáři u „{file}“",
    "Files app plugin to add comments to files" : "Zásuvný modul do aplikace Soubory pro přidávání komentářů k souborům",
    "Edit comment" : "Upravit komentář",
@@ -8,7 +8,6 @@
    "{author} commented on {file}" : "{author} okomentoval(a) {file}",
    "<strong>Comments</strong> for files" : "<strong>Komentáře</strong> k souborům",
    "Files" : "Soubory",
-    "You were mentioned on \"{file}\", in a comment by an account that has since been deleted" : "Byli jste zmíněni u souboru „{file}“, v komentáři od účtu, který byl později smazán",
    "{user} mentioned you in a comment on \"{file}\"" : "{user} vás zmínil(a) v komentáři u „{file}“",
    "Files app plugin to add comments to files" : "Zásuvný modul do aplikace Soubory pro přidávání komentářů k souborům",
    "Edit comment" : "Upravit komentář",
@@ -11,7 +11,7 @@ OC.L10N.register(
    "<strong>Comments</strong> for files" : "<strong>Tuairimí</strong> le haghaidh comhaid",
    "Files" : "Comhaid",
    "You were mentioned on \"{file}\", in a comment by an account that has since been deleted" : "Luadh thú ar \"{file}\", i nóta tráchta ó chuntas a scriosadh ó shin",
-    "{user} mentioned you in a comment on \"{file}\"" : "Luaigh {user} tú i nóta tráchta ar \"{file}\"",
+    "{user} mentioned you in a comment on \"{file}\"" : "Luaigh {úsáideoir} tú i nóta tráchta ar \"{file}\"",
    "Files app plugin to add comments to files" : "Breiseán aip Comhaid chun tuairimí a chur le comhaid",
    "Edit comment" : "Cuir trácht in eagar",
    "Delete comment" : "Scrios nóta tráchta",
@@ -9,7 +9,7 @@
    "<strong>Comments</strong> for files" : "<strong>Tuairimí</strong> le haghaidh comhaid",
    "Files" : "Comhaid",
    "You were mentioned on \"{file}\", in a comment by an account that has since been deleted" : "Luadh thú ar \"{file}\", i nóta tráchta ó chuntas a scriosadh ó shin",
-    "{user} mentioned you in a comment on \"{file}\"" : "Luaigh {user} tú i nóta tráchta ar \"{file}\"",
+    "{user} mentioned you in a comment on \"{file}\"" : "Luaigh {úsáideoir} tú i nóta tráchta ar \"{file}\"",
    "Files app plugin to add comments to files" : "Breiseán aip Comhaid chun tuairimí a chur le comhaid",
    "Edit comment" : "Cuir trácht in eagar",
    "Delete comment" : "Scrios nóta tráchta",
@@ -23,7 +23,7 @@ OC.L10N.register(
    "Could not reload comments" : "Non foi posíbel volver cargar os comentarios",
    "No comments yet, start the conversation!" : "Aínda non hai comentarios, comeza a conversa!",
    "No more messages" : "Non hai máis mensaxes",
-    "Retry" : "Volver tentar",
+    "Retry" : "Tentar de novo",
    "Failed to mark comments as read" : "Produciuse un fallo ao marcar os comentarios como lidos",
    "Unable to load the comments list" : "Non é posíbel cargar a lista de comentarios",
    "_1 new comment_::_{unread} new comments_" : ["1 comentario novo","{unread} comentarios novos"],
@@ -21,7 +21,7 @@
    "Could not reload comments" : "Non foi posíbel volver cargar os comentarios",
    "No comments yet, start the conversation!" : "Aínda non hai comentarios, comeza a conversa!",
    "No more messages" : "Non hai máis mensaxes",
-    "Retry" : "Volver tentar",
+    "Retry" : "Tentar de novo",
    "Failed to mark comments as read" : "Produciuse un fallo ao marcar os comentarios como lidos",
    "Unable to load the comments list" : "Non é posíbel cargar a lista de comentarios",
    "_1 new comment_::_{unread} new comments_" : ["1 comentario novo","{unread} comentarios novos"],
@@ -3,7 +3,7 @@ OC.L10N.register(
    {
    "Comments" : "Komentari",
    "You commented" : "Vi ste komentirali",
-    "{author} commented" : "{author} je komentirao",
+    "{author} commented" : "{autor} je komentirao",
    "You commented on %1$s" : "Vi ste komentirali %1$s",
    "You commented on {file}" : "Komentirali ste {file}",
    "%1$s commented on %2$s" : "%1$s je komentirao %2$s",
@@ -1,7 +1,7 @@
 { "translations": {
    "Comments" : "Komentari",
    "You commented" : "Vi ste komentirali",
-    "{author} commented" : "{author} je komentirao",
+    "{author} commented" : "{autor} je komentirao",
    "You commented on %1$s" : "Vi ste komentirali %1$s",
    "You commented on {file}" : "Komentirali ste {file}",
    "%1$s commented on %2$s" : "%1$s je komentirao %2$s",
@@ -3,13 +3,13 @@ OC.L10N.register(
    {
    "Comments" : "Komentar",
    "You commented" : "Anda berkomentar",
-    "{author} commented" : "{author} berkomentar",
+    "{author} commented" : "{Pengarang} berkomentar",
    "You commented on %1$s" : "Anda berkomentar pada %1$s",
    "You commented on {file}" : "Anda berkomentar pada {file} ",
    "%1$s commented on %2$s" : "%1$s dikomentari pada %2$s",
-    "{author} commented on {file}" : "{author} berkomentar pada {file}",
+    "{author} commented on {file}" : "{pengarang} berkomentar pada {file}",
    "<strong>Comments</strong> for files" : "<strong>komentar</strong> pada file",
-    "{user} mentioned you in a comment on \"{file}\"" : "{user} menyebut Anda dalam sebuah komentar pada \"{file}\" ",
+    "{user} mentioned you in a comment on \"{file}\"" : "{pengguna} menyebut Anda dalam sebuah komentar pada \"{file}\" ",
    "Files app plugin to add comments to files" : "Plugin aplikasi file untuk menambah komentar pada file",
    "Edit comment" : "Sunting komentar",
    "Delete comment" : "Hapus komentar",
@@ -19,6 +19,7 @@ OC.L10N.register(
    "No more messages" : "Tidak ada pesan lagi",
    "Retry" : "Ulangi",
    "Unable to load the comments list" : "Tidak dapat memuat daftar komentar",
+    "_1 new comment_::_{unread} new comments_" : ["komentar baru {belum terbaca}"],
    "Comment" : "Komentar",
    "An error occurred while trying to edit the comment" : "Terjadi kesalahan ketika mencoba menyunting komentar",
    "Comment deleted" : "Komentar dihapus",
@@ -1,13 +1,13 @@
 { "translations": {
    "Comments" : "Komentar",
    "You commented" : "Anda berkomentar",
-    "{author} commented" : "{author} berkomentar",
+    "{author} commented" : "{Pengarang} berkomentar",
    "You commented on %1$s" : "Anda berkomentar pada %1$s",
    "You commented on {file}" : "Anda berkomentar pada {file} ",
    "%1$s commented on %2$s" : "%1$s dikomentari pada %2$s",
-    "{author} commented on {file}" : "{author} berkomentar pada {file}",
+    "{author} commented on {file}" : "{pengarang} berkomentar pada {file}",
    "<strong>Comments</strong> for files" : "<strong>komentar</strong> pada file",
-    "{user} mentioned you in a comment on \"{file}\"" : "{user} menyebut Anda dalam sebuah komentar pada \"{file}\" ",
+    "{user} mentioned you in a comment on \"{file}\"" : "{pengguna} menyebut Anda dalam sebuah komentar pada \"{file}\" ",
    "Files app plugin to add comments to files" : "Plugin aplikasi file untuk menambah komentar pada file",
    "Edit comment" : "Sunting komentar",
    "Delete comment" : "Hapus komentar",
@@ -17,6 +17,7 @@
    "No more messages" : "Tidak ada pesan lagi",
    "Retry" : "Ulangi",
    "Unable to load the comments list" : "Tidak dapat memuat daftar komentar",
+    "_1 new comment_::_{unread} new comments_" : ["komentar baru {belum terbaca}"],
    "Comment" : "Komentar",
    "An error occurred while trying to edit the comment" : "Terjadi kesalahan ketika mencoba menyunting komentar",
    "Comment deleted" : "Komentar dihapus",
@@ -26,7 +26,7 @@ OC.L10N.register(
    "Retry" : "Prøv igjen",
    "Failed to mark comments as read" : "Markering av kommentarer som lest feilet",
    "Unable to load the comments list" : "Kan ikke laste inn kommentarlisten",
-    "_1 new comment_::_{unread} new comments_" : ["[uleste] nye kommentarer","{unread} nye kommentarer"],
+    "_1 new comment_::_{unread} new comments_" : ["[uleste] nye kommentarer","{uleste} nye kommentarer"],
    "Comment" : "Kommentar",
    "An error occurred while trying to edit the comment" : "Det oppsto en feil under forsøk på å redigere kommentaren",
    "Comment deleted" : "Kommentar slettet",
@@ -24,7 +24,7 @@
    "Retry" : "Prøv igjen",
    "Failed to mark comments as read" : "Markering av kommentarer som lest feilet",
    "Unable to load the comments list" : "Kan ikke laste inn kommentarlisten",
-    "_1 new comment_::_{unread} new comments_" : ["[uleste] nye kommentarer","{unread} nye kommentarer"],
+    "_1 new comment_::_{unread} new comments_" : ["[uleste] nye kommentarer","{uleste} nye kommentarer"],
    "Comment" : "Kommentar",
    "An error occurred while trying to edit the comment" : "Det oppsto en feil under forsøk på å redigere kommentaren",
    "Comment deleted" : "Kommentar slettet",
@@ -15,9 +15,7 @@ OC.L10N.register(
    "Edit comment" : "Bewerk reactie",
    "Delete comment" : "Verwijder reactie",
    "Cancel edit" : "Annuleer bewerking",
-    "New comment" : "Nieuwe reactie",
    "Post comment" : "Plaats reactie",
-    "@ for mentions, : for emoji, / for smart picker" : "@ voor vermeldingen, : voor emoji, / voor smart picker",
    "No comments yet, start the conversation!" : "Nog geen reacties, start de discussie!",
    "No more messages" : "Geen berichten meer",
    "Retry" : "Opnieuw proberen",
@@ -13,9 +13,7 @@
    "Edit comment" : "Bewerk reactie",
    "Delete comment" : "Verwijder reactie",
    "Cancel edit" : "Annuleer bewerking",
-    "New comment" : "Nieuwe reactie",
    "Post comment" : "Plaats reactie",
-    "@ for mentions, : for emoji, / for smart picker" : "@ voor vermeldingen, : voor emoji, / voor smart picker",
    "No comments yet, start the conversation!" : "Nog geen reacties, start de discussie!",
    "No more messages" : "Geen berichten meer",
    "Retry" : "Opnieuw proberen",
@@ -9,7 +9,7 @@ OC.L10N.register(
    "%1$s commented on %2$s" : "%1$s napiše opombo na %2$s",
    "{author} commented on {file}" : "{author} napiše opombo na {file}",
    "<strong>Comments</strong> for files" : "Vpisane so <strong>opombe</strong> k datotekam",
-    "Files" : "Datoteke",
+    "Files" : "Datoteke s podpisi",
    "You were mentioned on \"{file}\", in a comment by an account that has since been deleted" : "Uporabnik, ki je sicer že izbrisan, vas omenja v opombi k datoteki »{file}«.",
    "{user} mentioned you in a comment on \"{file}\"" : "{user} vas omeni v opombi k datoteki »{file}«",
    "Files app plugin to add comments to files" : "Vstavek programa Datoteke za dodajanje opomb k datotekam",
@@ -7,7 +7,7 @@
    "%1$s commented on %2$s" : "%1$s napiše opombo na %2$s",
    "{author} commented on {file}" : "{author} napiše opombo na {file}",
    "<strong>Comments</strong> for files" : "Vpisane so <strong>opombe</strong> k datotekam",
-    "Files" : "Datoteke",
+    "Files" : "Datoteke s podpisi",
    "You were mentioned on \"{file}\", in a comment by an account that has since been deleted" : "Uporabnik, ki je sicer že izbrisan, vas omenja v opombi k datoteki »{file}«.",
    "{user} mentioned you in a comment on \"{file}\"" : "{user} vas omeni v opombi k datoteki »{file}«",
    "Files app plugin to add comments to files" : "Vstavek programa Datoteke za dodajanje opomb k datotekam",
@@ -5,7 +5,6 @@
 */
 namespace OCA\Comments\Activity;

-use OCP\Activity\Exceptions\UnknownActivityException;
 use OCP\Activity\IEvent;
 use OCP\Activity\IManager;
 use OCP\Activity\IProvider;
@@ -33,12 +32,12 @@ class Provider implements IProvider {
 	 * @param IEvent $event
 	 * @param IEvent|null $previousEvent
 	 * @return IEvent
-	 * @throws UnknownActivityException
+	 * @throws \InvalidArgumentException
 	 * @since 11.0.0
 	 */
 	public function parse($language, IEvent $event, ?IEvent $previousEvent = null): IEvent {
 		if ($event->getApp() !== 'comments') {
-			throw new UnknownActivityException();
+			throw new \InvalidArgumentException();
 		}

 		$this->l = $this->languageFactory->get('comments', $language);
@@ -54,19 +53,19 @@ class Provider implements IProvider {
 			if ($this->activityManager->isFormattingFilteredObject()) {
 				try {
 					return $this->parseShortVersion($event);
-				} catch (UnknownActivityException) {
+				} catch (\InvalidArgumentException $e) {
 					// Ignore and simply use the long version...
 				}
 			}

 			return $this->parseLongVersion($event);
+		} else {
+			throw new \InvalidArgumentException();
 		}
-		throw new UnknownActivityException();
-
 	}

 	/**
-	 * @throws UnknownActivityException
+	 * @throws \InvalidArgumentException
 	 */
 	protected function parseShortVersion(IEvent $event): IEvent {
 		$subjectParameters = $this->getSubjectParameters($event);
@@ -81,14 +80,14 @@ class Provider implements IProvider {
 				]);
 			}
 		} else {
-			throw new UnknownActivityException();
+			throw new \InvalidArgumentException();
 		}

 		return $event;
 	}

 	/**
-	 * @throws UnknownActivityException
+	 * @throws \InvalidArgumentException
 	 */
 	protected function parseLongVersion(IEvent $event): IEvent {
 		$subjectParameters = $this->getSubjectParameters($event);
@@ -113,7 +112,7 @@ class Provider implements IProvider {
 					]);
 			}
 		} else {
-			throw new UnknownActivityException();
+			throw new \InvalidArgumentException();
 		}

 		return $event;
@@ -33,7 +33,7 @@ class NotificationsController extends Controller {
 		protected IRootFolder $rootFolder,
 		protected IURLGenerator $urlGenerator,
 		protected IManager $notificationManager,
-		protected IUserSession $userSession,
+		protected IUserSession $userSession
 	) {
 		parent::__construct($appName, $request);
 	}
--- a/Show More
+++ b/Show More