v2.13.3

Changelog for reva 2.13.3 (2023-05-17)

The following sections list the changes in reva 2.13.3 relevant to
reva users. The changes are ordered by importance.

Summary

• Fix #3890: Bring back public link sharing of project space roots
• Fix #3888: We fixed a bug that unnecessarily fetched all members of a group
• Fix #3886: Decomposedfs no longer deadlocks when cache is disabled
• Fix #3892: Fix public links
• Fix #3876: Remove go-micro/store/redis specific workaround
• Fix #3889: Update space root mtime when changing space metadata
• Fix #3836: Fix spaceID in the decomposedFS
• Fix #3867: Restore last version after positive result
• Fix #3849: Prevent sharing space roots and personal spaces
• Enh #3865: Remove unneccessary code from gateway
• Enh #3895: Add missing expiry date to shares

Details

• Bugfix #3890: Bring back public link sharing of project space roots

We reenabled sharing of project space roots

#3890

• Bugfix #3888: We fixed a bug that unnecessarily fetched all members of a group

Adding or removing groups to spaces is now done without retrieving all group members

#3888

• Bugfix #3886: Decomposedfs no longer deadlocks when cache is disabled

We now pass a Reader for the locked file to lower level functions so metadata can be read without
aquiring a new file lock.

#3886

• Bugfix #3892: Fix public links

Public links would not work when not send on the root level. Reason was wrong path matching. Also
fixes a critical bug that was unfound before

#3892

• Bugfix #3876: Remove go-micro/store/redis specific workaround

We submitted an upstream fix for an issue in the go-micro/store redis plugin. Which allowed us
to remove a redis specific workaround from the reva storage cache implementation.

#3876

• Bugfix #3889: Update space root mtime when changing space metadata

We fixed a problem where space mtimes were not updated when their metadata changed, resulting
in changes not being picked up by other services like search.

owncloud/ocis#6289
#3889

• Bugfix #3836: Fix spaceID in the decomposedFS

We returned the wrong spaceID within storageSpaceFromNode. This was fixed and the
storageprovider ID handling refactored.

#3836

• Bugfix #3867: Restore last version after positive result

We fixed a bug in the copy routine that prevented restoring of a previous version after
post-processing (e.g. virus scanning)

https://github.com/owncloud/enterprise/issues/5709
#3867

• Bugfix #3849: Prevent sharing space roots and personal spaces

We fixed a problem where sharing space roots or adding members to a personal space was possible.

#3849

• Enhancement #3865: Remove unneccessary code from gateway

Delete unused removeReference code from gateway

#3865

• Enhancement #3895: Add missing expiry date to shares

We have added expiry dates to the shares

owncloud/ocis#5442
#3895

v1.24.0

Changelog for reva 1.24.0 (2023-05-11)

The following sections list the changes in reva 1.24.0 relevant to
reva users. The changes are ordered by importance.

Summary

• Fix #3805: Apps: fixed viewMode resolution
• Fix #3771: Fix files sharing capabilities
• Fix #3749: Fix persisting updates of received shares in json driver
• Fix #3723: Fix revad docker images by enabling CGO
• Fix #3765: Fix create version folder in EOS driver
• Fix #3786: Fix listing directory for a read-only shares for EOS storage driver
• Fix #3787: Fix application flag for EOS binary
• Fix #3780: Fix Makefile error on Ubuntu
• Fix #3873: Fix parsing of grappa response
• Fix #3794: Fix unshare for EOS storage driver
• Fix #3838: Fix upload in a single file share for lightweight accounts
• Fix #3878: Fix creator/initiator in public and user shares
• Fix #3813: Fix propfind URL for OCM shares
• Fix #3770: Fixed default protocol on ocm-share-create
• Fix #3852: Pass remote share id and shared secret in OCM call
• Fix #3859: Fix inconsistency between data transfer protocol naming
• Enh #3847: Update data transfers for current OCM shares implementation
• Enh #3869: Datatx tutorial
• Enh #3762: Denial and Resharing Default capabilities
• Enh #3717: Disable sharing on low level paths
• Enh #3766: Download file revisions
• Enh #3733: Add support for static linking
• Enh #3778: Add support to tag eos traffic
• Enh #3868: Implement historical way of constructing OCM WebDAV URL
• Enh #3719: Skip computing groups when fetching all groups from grappa
• Enh #3783: Updated OCM tutorial
• Enh #3750: New metadata flags
• Enh #3839: Support multiple issuer in OIDC auth driver
• Enh #3772: New OCM discovery endpoint
• Enh #3619: Tests for invitation manager SQL driver
• Enh #3757: Support OCM v1.0 schema
• Enh #3695: Create OCM share from sciencemesh service
• Enh #3722: List only valid OCM tokens
• Enh #3821: Revamp user/group drivers and fix user type
• Enh #3724: Send invitation link from mesh directory
• Enh #3824: Serverless Services

Details

• Bugfix #3805: Apps: fixed viewMode resolution

  Currently, the viewMode passed on /app/open is taken without validating the actual user's
  permissions. This PR fixes this.

  #3805

• Bugfix #3771: Fix files sharing capabilities

  A bug was preventing setting some capabilities (ResharingDefault and DenyAccess) for files
  sharing from the configuration file

  #3771

• Bugfix #3749: Fix persisting updates of received shares in json driver

  #3749

• Bugfix #3723: Fix revad docker images by enabling CGO

  #3723

• Bugfix #3765: Fix create version folder in EOS driver

  In a read only share, a stat could fail, beacause the EOS storage driver was not able to create the
  version folder for a file in case this did not exist. This fixes this bug impersonating the owner
  of the file when creating the version folder.

  #3765

• Bugfix #3786: Fix listing directory for a read-only shares for EOS storage driver

  In a read-only share, while listing a folder, for resources not having a version folder, the
  returned resource id was wrongly the one of the original file, instead of the version folder.
  This behavior has been fixed, where the version folder is always created on behalf of the
  resource owner.

  #3786

• Bugfix #3787: Fix application flag for EOS binary

  #3787

• Bugfix #3780: Fix Makefile error on Ubuntu

  I've fixed Makefile using sh which is defaulted to dash in ubuntu, dash doesn't support [[ ... ]] syntax and Makefile would throw /bin/sh: 1: [[: not found errors.

  #3773
  #3780

• Bugfix #3873: Fix parsing of grappa response

  #3873

• Bugfix #3794: Fix unshare for EOS storage driver

  In the EOS storage driver, the remove acl operation was a no-op. After removing a share, the
  recipient of the share was still able to operate on the shared resource. Now this has been fixed,
  removing correctly the ACL from the shared resource.

  #3794

• Bugfix #3838: Fix upload in a single file share for lightweight accounts

  #3838

• Bugfix #3878: Fix creator/initiator in public and user shares

  #3878

• Bugfix #3813: Fix propfind URL for OCM shares

  #3810
  #3813

• Bugfix #3770: Fixed default protocol on ocm-share-create

  #3770

• Bugfix #3852: Pass remote share id and shared secret in OCM call

  #3852

• Bugfix #3859: Fix inconsistency between data transfer protocol naming

  #3858
  #3859

• Enhancement #3847: Update data transfers for current OCM shares implementation

  #3846
  #3847

• Enhancement #3869: Datatx tutorial

  #3864
  #3869

• Enhancement #3762: Denial and Resharing Default capabilities

  #3762

• Enhancement #3717: Disable sharing on low level paths

  Sharing can be disable in the user share provider for some paths, but the storage provider was
  still sending the sharing permissions for those paths. This adds a config option in the storage
  provider, minimum_allowed_path_level_for_share, to disable sharing permissions for
  resources up to a defined path level.

  #3717

• Enhancement #3766: Download file revisions

  Currently it is only possible to restore a file version, replacing the actual file with the
  selected version. This allows an user to download a version file, without touching/replacing
  the last version of the file

  #3766

• Enhancement #3733: Add support for static linking

  We've added support for compiling reva with static linking enabled. It's possible to do so with
  the STATIC flag: make revad STATIC=true

  #3733

• Enhancement #3778: Add support to tag eos traffic

  We've added support to tag eos traffic

  #3778

• Enhancement #3868: Implement historical way of constructing OCM WebDAV URL

  Expose the expected WebDAV endpoint for OCM by OC10 and Nextcloud as described in
  cs3org/OCM-API#70 (comment) to allow reva
  providers to participate to mesh.

  #3855
  #3868

• Enhancement #3719: Skip computing groups when fetching all groups from grappa

  #3719

• Enhancement #3783: Updated OCM tutorial

  The OCM tutorial in the doc was missing the example on how to access the received resources. Now
  the tutorial contains all the steps to access a received resource using the WebDAV protocol.

  #3783

• Enhancement #3750: New metadata flags

  Several new flags, like site infrastructure and service status, are now gathered and exposed
  by Mentix.

  #3750

• Enhancement #3839: Support multiple issuer in OIDC auth driver

  The OIDC auth driver supports now multiple issuers. Users of external providers are then
  mapped to a local user by a mapping files. Only the main issuer (defined in the config with
  issuer) and the ones defined in the mapping are allowed for the verification of the OIDC
  token.

  #3839

• Enhancement #3772: New OCM discovery endpoint

  This PR implements the new OCM v1.1 specifications for the /ocm-provider endpoint.

  #3772

• Enhancement #3619: Tests for invitation manager SQL driver

  #3619

• Enhancement #3757: Support OCM v1.0 schema

  Following cs3org/cs3apis#206, we add the fields to ensure backwards compatibility with OCM
  v1.0. However, if the protocol.options undocumented object is not empty, we bail out for
  now. Supporting interoperability with OCM v1.0 implementations (notably Nextcloud 25) may
  come in the future if the undocumented options are fully reverse engineered. This is reflected
  in the unit tests as well.

  Also, added viewMode to webapp protocol options (cs3org/cs3apis#207) and adapted all SQL
  code and unit tests.

  #3757

• Enhancement #3695: Create OCM share from sciencemesh service

  pondersource/sciencemesh-php#166
  #3695

• Enhancement #3722: List only valid OCM tokens

  #3722

• Enhancement #3821: Revamp user/group drivers and fix user type

  For lightweight accounts

  • Fix the user type for lightweight accounts, using the source field to differentiate between a
    primary and lw account * Remove all the code with manual parsing of the json returned by the CERN
    provider * Introduce pagination for GetMembers method in the group driver * Reduced network
    transfer size by requesting only needed fields for GetMembers method

  #3821

• Enhancement #3724: Send invitation link from mesh directory

  When generating and listing OCM tokens

  To enhance user expirience, instead of on...

v2.13.2

Changelog for reva 2.13.2 (2023-05-08)

The following sections list the changes in reva 2.13.2 relevant to
reva users. The changes are ordered by importance.

Summary

• Fix #3845: Fix propagation
• Fix #3856: Fix response code
• Fix #3857: Fix trashbin purge

Details

• Bugfix #3845: Fix propagation

Fix propagation in concurrency scenarios

#3845

• Bugfix #3856: Fix response code

The DeleteStorageSpace method response code has been changed

#3856

• Bugfix #3857: Fix trashbin purge

We have fixed a nil-pointer-exception, when purging files from the trashbin that do not have a
parent (any more)

owncloud/ocis#6245
#3857

v2.13.1

Changelog for reva 2.13.1 (2023-05-03)

The following sections list the changes in reva 2.13.1 relevant to
reva users. The changes are ordered by importance.

Summary

• Fix #3843: Allow scope check to impersonate space owners

Details

• Bugfix #3843: Allow scope check to impersonate space owners

The publicshare scope check now fakes a user to mint an access token when impersonating a user of
type SPACE_OWNER which is used for project spaces. This fixes downloading archives from
public link shares in project spaces.

owncloud/ocis#5229
#3843

v2.13.0

Changelog for reva 2.13.0 (2023-05-02)

The following sections list the changes in reva 2.13.0 relevant to
reva users. The changes are ordered by importance.

Summary

• Fix #3570: Return 425 on HEAD
• Fix #3830: Be more robust when logging errors
• Fix #3815: Bump micro redis store
• Fix #3596: Cache CreateHome calls
• Fix #3823: Deny correctlty in decomposedfs
• Fix #3826: Add by group index to decomposedfs
• Fix #3618: Drain body on failed put
• Fix #3420: EOS grpc fixes
• Fix #3685: Send fileid on copy
• Fix #3688: Return 425 on GET
• Fix #3755: Fix app provider language validation
• Fix #3800: Fix building for freebsd
• Fix #3700: Fix caching
• Fix #3535: Fix ceph driver storage fs implementation
• Fix #3764: Fix missing CORS config in ocdav service
• Fix #3710: Fix error when try to delete space without permission
• Fix #3822: Fix deleting spaces
• Fix #3718: Fix revad-eos docker image which was failing to build
• Fix #3559: Fix build on freebsd
• Fix #3696: Fix ldap filters when checking for enabled users
• Fix #3767: Decode binary UUID when looking up a users group memberships
• Fix #3741: Fix listing shares to multiple groups
• Fix #3834: Return correct error during MKCOL
• Fix #3841: Fix nil pointer and improve logging
• Fix #3831: Ignore 'null' mtime on tus upload
• Fix #3758: Fix public links with enforced password
• Fix #3814: Fix stat cache access
• Fix #3650: FreeBSD xattr support
• Fix #3827: Initialize user cache for decomposedfs
• Fix #3818: Invalidate cache when deleting space
• Fix #3812: Filemetadata Cache now deletes keys without listing them first
• Fix #3817: Pipeline cache deletes
• Fix #3711: Replace ini metadata backend by messagepack backend
• Fix #3828: Send quota when listing spaces in decomposedfs
• Fix #3681: Fix etag of "empty" shares jail
• Fix #3748: Prevent service from panicking
• Fix #3816: Write Metadata once
• Chg #3641: Hide file versions for share receivers
• Chg #3820: Streamline stores
• Enh #3732: Make method for detecting the metadata backend public
• Enh #3789: Add capabilities indicating if user attributes are read-only
• Enh #3792: Add a prometheus gauge to keep track of active uploads and downloads
• Enh #3637: Add an ID to each events
• Enh #3704: Add more information to events
• Enh #3744: Add LDAP user type attribute
• Enh #3806: Decomposedfs now supports filtering spaces by owner
• Enh #3730: Antivirus
• Enh #3531: Async Postprocessing
• Enh #3571: Async Upload Improvements
• Enh #3801: Cache node ids
• Enh #3690: Check set project space quota permission
• Enh #3686: User disabling functionality
• Enh #160: Implement the CS3 Lock API in the EOS storage driver
• Enh #3575: Fix skip group grant index cleanup
• Enh #3564: Fix tag pkg
• Enh #3756: Prepare for GDPR export
• Enh #3612: Group feature changed event added
• Enh #3729: Improve decomposedfs performance, esp. with network fs/cache
• Enh #3697: Improve the ini file metadata backend
• Enh #3819: Allow creating internal links without permission
• Enh #3740: Limit concurrency in decomposedfs
• Enh #3569: Always list shares jail when listing spaces
• Enh #3788: Make resharing configurable
• Enh #3674: Introduce ini file based metadata backend
• Enh #3728: Automatically migrate file metadata from xattrs to messagepack
• Enh #3807: Name Validation
• Enh #3574: Opaque space group
• Enh #3598: Pass estream to Storage Providers
• Enh #3763: Add a capability for personal data export
• Enh #3577: Prepare for SSE
• Enh #3731: Add config option to enforce passwords on public links
• Enh #3693: Enforce the PublicLink.Write permission
• Enh #3497: Introduce owncloud 10 publiclink manager
• Enh #3714: Add global max quota option and quota for CreateHome
• Enh #3759: Set correct share type when listing shares
• Enh #3594: Add expiration to user and group shares
• Enh #3580: Share expired event
• Enh #3620: Allow a new ShareType SpaceMembershipGroup
• Enh #3609: Space Management Permissions
• Enh #3655: Add expiration date to space memberships
• Enh #3697: Add support for redis sentinel caches
• Enh #3552: Suppress tusd logs
• Enh #3555: Tags
• Enh #3785: Increase unit test coverage in the ocdav service
• Enh #3739: Try to rename uploaded files to their final position
• Enh #3610: Walk and log chi routes

Details

• Bugfix #3570: Return 425 on HEAD

For files in postprocessing return 425 also on HEAD requests

#3570

• Bugfix #3830: Be more robust when logging errors

We fixed a problem where logging errors resulted in a panic.

#3830

• Bugfix #3815: Bump micro redis store

We updated the micro store implementation for redis to use SCAN instead of KEYS

#3815
#3809

• Bugfix #3596: Cache CreateHome calls

We restored the caching of CreateHome calls getting rid of a lot of internal calls.

#3596

• Bugfix #3823: Deny correctlty in decomposedfs

Decomposedfs had problems denying resources for groups. This is now fixed

#3823

• Bugfix #3826: Add by group index to decomposedfs

#3826

• Bugfix #3618: Drain body on failed put

When a put request fails the server would not drain the body. This will lead to connection closed errors on clients when using http 1

#3618

• Bugfix #3420: EOS grpc fixes

The shares and the applications were not working with the EOS grpc storage driver. This fixes
both.

#3420

• Bugfix #3685: Send fileid on copy

When copying a folder oc-fileid header would not be added (unlinke when copying files) this is
fixed now.

#3685

• Bugfix #3688: Return 425 on GET

On ocdav GET endpoint the server will now return 425 instead 500 when the file is being
processed

#3688

• Bugfix #3755: Fix app provider language validation

This changes the validation to only look at the first part (tag) of the language code and ignore
the second part (sub-tag).

#3755

• Bugfix #3800: Fix building for freebsd

We fixed a problem preventing freebsd builds.

#3800

• Bugfix #3700: Fix caching

Do not cache files that are in processing.

#3700

• Bugfix #3535: Fix ceph driver storage fs implementation

We adapted the Ceph driver for the edge branch.

#3535

• Bugfix #3764: Fix missing CORS config in ocdav service

The ocdav service is started with a go micro wrapper. We needed to add the cors config.

#3764

• Bugfix #3710: Fix error when try to delete space without permission

When a user without the correct permission tries to delete a storage space, return a
PermissionDenied error instead of an Internal Error.

#3710

• Bugfix #3822: Fix deleting spaces

We fixed a problem when trying to delete spaces.

#3822

• Bugfix #3718: Fix revad-eos docker image which was failing to build

#3718

• Bugfix #3559: Fix build on freebsd

Building reva on freebsd was broken due to some deviations in return value types from the
filesystem.

#3559

• Bugfix #3696: Fix ldap filters when checking for enabled users

This fixes the ldap filters for checking enabled/disabled users.

#3696

• Bugfix #3767: Decode binary UUID when looking up a users group memberships

The LDAP backend for the users service didn't correctly decode binary UUIDs when looking up a
user's group memberships.

#3767

• Bugfix #3741: Fix listing shares to multiple groups

Users can now see the shares to all groups they are a member of.

#3741

• Bugfix #3834: Return correct error during MKCOL

We need to return a "PreconditionFailed" error if one of the parent folders during a MKCOL does
not exist.

#3834

• Bugfix #3841: Fix nil pointer and improve logging

We fixed a nil pointer error due to a wrong log statement and improved the logging in the json
public share manager.

#3841

• Bugfix #3831: Ignore 'null' mtime on tus upload

Decomposedfs now ignores 'null' as an mtime

#3831

• Bugfix #3758: Fix public links with enforced password

Fix the public link update operation in the case that a password is enforced.

#3758

• Bugfix #3814: Fix stat cache access

We fixed a problem where wrong data was written to and expected from the stat cache.

#3814

• Bugfix #3650: FreeBSD xattr support

We now properly handle FreeBSD xattr namespaces by leaving out the user. prefix. FreeBSD
adds that automatically.

#3650

• Bugfix #3827: Initialize user cache for decomposedfs

#3827

• Bugfix #3818: Invalidate cache when deleting space

Decomposedfs now invalidates the cache when deleting a space.

#3818

• Bugfix #3812: Filemetadata Cache now deletes keys without listing them first

https://github.com/cs3org/re...

v1.23.0

Changelog for reva 1.23.0 (2023-03-09)

The following sections list the changes in reva 1.23.0 relevant to
reva users. The changes are ordered by importance.

Summary

• Fix #3621: Use 2700 as permission when creating EOS home folder
• Fix #3551: Fixes implementation omission of #3526
• Fix #3706: Fix revad-eos docker image which was failing to build
• Fix #3626: Fix open in app for lightweight accounts
• Fix #3613: Use subject from oidc userinfo when quering the user provider
• Fix #3633: Fix litmus and acceptance tests in GitHub Actions
• Fix #3694: Updated public links URLs and users' display names in WOPI apps
• Chg #3553: Rename PullTransfer to CreateTransfer
• Enh #3584: Bump the Copyright date to 2023
• Enh #3640: Migrate acceptance tests from Drone to GitHub Actions
• Enh #3629: Use cs3org/behat:latest docker image for tests
• Enh #3608: Add Golang test coverage report for Codacy
• Enh #3599: Add latest tag to revad Docker image with GitHub Actions
• Enh #3713: Streamline EOS SSS and UNIX modes
• Enh #3566: Migrate the litmusOcisSpacesDav test from Drone to GitHub Actions
• Enh #3712: Improve Docker build speed and Docker Compose test speed
• Enh #3630: Migrate the virtualViews test from Drone to GitHub Actions
• Enh #3675: Cleanup unused configs in OCM HTTP service
• Enh #3692: Create and list OCM shares in OCS layer
• Enh #3666: Search OCM accepted users
• Enh #3665: List valid OCM invite tokens
• Enh #3617: SQL driver for OCM invitation manager
• Enh #3667: List OCM providers
• Enh #3668: Expose OCM received shares as a local mount
• Enh #3683: Remote open in app in OCM
• Enh #3654: SQL driver for OCM shares
• Enh #3646: Update OCM shares to last version of CS3APIs
• Enh #3687: Specify recipient as a query param when sending OCM token by email
• Enh #3691: Add OCM scope and webdav endpoint
• Enh #3611: Revamp OCM invitation workflow
• Enh #3703: Bump reva(d) base image to alpine 3.17

Details

• Bugfix #3621: Use 2700 as permission when creating EOS home folder

  #3621

• Bugfix #3551: Fixes implementation omission of #3526

  In #3526 a new value format of the owner parameter of the ocm share request was introduced. This
  change was not implemented in the json driver. This change fixes that.

  #3551

• Bugfix #3706: Fix revad-eos docker image which was failing to build

  #3706

• Bugfix #3626: Fix open in app for lightweight accounts

  #3626

• Bugfix #3613: Use subject from oidc userinfo when quering the user provider

  #3613

• Bugfix #3633: Fix litmus and acceptance tests in GitHub Actions

  #3633

• Bugfix #3694: Updated public links URLs and users' display names in WOPI apps

  Public links have changed in the frontend and are reflected in folderurl query parameter.
  Additionally, OCM shares are supported for the folderurl and OCM users are decorated with
  their ID provider.

  #3694

• Change #3553: Rename PullTransfer to CreateTransfer

  This change implements a CS3APIs name change in the datatx module (PullTransfer to
  CreateTransfer)

  #3553

• Enhancement #3584: Bump the Copyright date to 2023

  #3584

• Enhancement #3640: Migrate acceptance tests from Drone to GitHub Actions

  Migrate ocisIntegrationTests and s3ngIntegrationTests to GitHub Actions

  #3640

• Enhancement #3629: Use cs3org/behat:latest docker image for tests

  #3629

• Enhancement #3608: Add Golang test coverage report for Codacy

  #3608

• Enhancement #3599: Add latest tag to revad Docker image with GitHub Actions

  #3599

• Enhancement #3713: Streamline EOS SSS and UNIX modes

  #3713

• Enhancement #3566: Migrate the litmusOcisSpacesDav test from Drone to GitHub Actions

  #3566

• Enhancement #3712: Improve Docker build speed and Docker Compose test speed

  #3712

• Enhancement #3630: Migrate the virtualViews test from Drone to GitHub Actions

  #3630

• Enhancement #3675: Cleanup unused configs in OCM HTTP service

  #3675

• Enhancement #3692: Create and list OCM shares in OCS layer

  #3692

• Enhancement #3666: Search OCM accepted users

  Adds the prefix sm: to the FindUser endpoint, to filter only the OCM accepted users.

  #3666

• Enhancement #3665: List valid OCM invite tokens

  Adds the endpoint /list-invite in the sciencemesh service, to get the list of valid OCM
  invite tokens.

  #3665
  cs3org/cs3apis#201

• Enhancement #3617: SQL driver for OCM invitation manager

  #3617

• Enhancement #3667: List OCM providers

  Adds the endpoint /list-providers in the sciencemesh service, to get a filtered list of the
  OCM providers. The filter can be specified with the search query parameters, and filters by
  domain and full name of the provider.

  #3667

• Enhancement #3668: Expose OCM received shares as a local mount

  #3668

• Enhancement #3683: Remote open in app in OCM

  #3683

• Enhancement #3654: SQL driver for OCM shares

  #3654

• Enhancement #3646: Update OCM shares to last version of CS3APIs

  #3646
  cs3org/cs3apis#199

• Enhancement #3687: Specify recipient as a query param when sending OCM token by email

  Before the email recipient when sending the OCM token was specified as a form parameter. Now as a
  query parameter, as some clients does not allow in a GET request to set form values. It also add
  the possibility to specify a template for the subject and the body for the token email.

  #3687

• Enhancement #3691: Add OCM scope and webdav endpoint

  Adds the OCM scope and the ocmshares authentication, to authenticate the federated user to use
  the OCM shared resources. It also adds the (unprotected) webdav endpoint used to interact with
  the shared resources.

  #2739
  #3691

• Enhancement #3611: Revamp OCM invitation workflow

  #3540
  #3611

• Enhancement #3703: Bump reva(d) base image to alpine 3.17

  Prevents several vulnerabilities from the base image itself:
  https://artifacthub.io/packages/helm/cs3org/revad?modal=security-report

  #3703

v1.21.0

Changelog for reva 1.21.0 (2022-12-07)

The following sections list the changes in reva 1.21.0 relevant to
reva users. The changes are ordered by importance.

Summary

• Fix #3492: Fixes the DefaultQuotaBytes in EOS
• Fix #3420: EOS grpc fixes
• Fix #3501: Fix errors of public share provider according to cs3apis
• Fix #3504: Fix RefreshLock method for cephfs storage driver
• Enh #3502: Appproviders: pass other query parameters as Opaque
• Enh #3028: Access directly auth registry rules map when getting provider
• Enh #3197: Bring back multi-stage build to save on image size
• Enh #3506: Migrate the buildAndPublishDocker job from Drone to GitHub Actions
• Enh #3500: Migrate the BuildOnly job from Drone to GitHub Actions
• Enh #3513: Migrate the testIntegration job from Drone to GitHub Actions
• Enh #3494: Implemented folderurl for WOPI apps
• Enh #3507: Get user preferred language
• Enh #3530: Improve error logging in ocmd flow
• Enh #3491: Implement rclone third-party copy push option
• Enh #3508: Allow an user to set a preferred language

Details

• Bugfix #3492: Fixes the DefaultQuotaBytes in EOS

  We were setting the default logical quota to 1T, resulting on only 500GB available to the user.

  #3492

• Bugfix #3420: EOS grpc fixes

  The shares and the applications were not working with the EOS grpc storage driver. This fixes
  both.

  #3420

• Bugfix #3501: Fix errors of public share provider according to cs3apis

  All the errors returned by the public share provider where internal errors. Now this has been
  fixed and the returned errors are the one defined in the cs3apis.

  #3501

• Bugfix #3504: Fix RefreshLock method for cephfs storage driver

  #3504

• Enhancement #3502: Appproviders: pass other query parameters as Opaque

  This allows to send any other HTTP query parameter passed to /app/open to the underlying
  appprovider drivers via GRPC

  #3502

• Enhancement #3028: Access directly auth registry rules map when getting provider

  #3028

• Enhancement #3197: Bring back multi-stage build to save on image size

  • Use EOS 4.8.91 as base image - Bring back multi-stage build - Build revad on the eos 4.8.91 image
    due to missing dependency (ld-musl-x86_64.so.1, typical of alpine) - Copy the resulting
    revad from the builder container

  Resulting image size (unpacked on disk) is 2.59GB - eos-all:4.8.91 is 2.47GB - existing
  revad:latest-eos is 6.18GB

  #3197

• Enhancement #3506: Migrate the buildAndPublishDocker job from Drone to GitHub Actions

  We've migrated the buildAndPublishDocker job from Drone to GitHub Actions workflow. We've
  updated the Golang version used to build the Docker images to go1.19. We've fixed the Cephfs
  storage module. We've improved the Makefile. We've refactored the build-docker workflow.

  #3506

• Enhancement #3500: Migrate the BuildOnly job from Drone to GitHub Actions

  We've migrated the BuildOnly job from Drone to GitHub Actions workflow. The Workflow builds
  and Tests Reva, builds a Revad Docker Image and checks the license headers. The license header
  tools was removed since the goheader linter provides the same functionality.

  #3500

• Enhancement #3513: Migrate the testIntegration job from Drone to GitHub Actions

  #3513

• Enhancement #3494: Implemented folderurl for WOPI apps

  The folderurl is now populated for WOPI apps, such that for owners and named shares it points to
  the containing folder, and for public links it points to the appropriate public link URL.

  On the way, functions to manipulate the user's scope and extract the eventual public link
  token(s) have been added, coauthored with @gmgigi96.

  #3494

• Enhancement #3507: Get user preferred language

  The only way for an OCIS web user to change language was to set it into the browser settings. In the
  ocs user info response, a field language is added, to change their language in the UI,
  regardless of the browser settings.

  #3507

• Enhancement #3530: Improve error logging in ocmd flow

  #3365
  #3530
  #3526
  #3419
  #3369

• Enhancement #3491: Implement rclone third-party copy push option

  This enhancement gives the option to use third-party copy push with rclone between two
  different user accounts.

  #3491

• Enhancement #3508: Allow an user to set a preferred language

  #3508

v2.12.0

Changelog for reva 2.12.0 (2022-11-25)

The following sections list the changes in reva 2.12.0 relevant to
reva users. The changes are ordered by importance.

Summary

• Fix #3436: Allow updating to internal link
• Fix #3473: Decomposedfs fix revision download
• Fix #3482: Decomposedfs propagate sizediff
• Fix #3449: Don't leak space information on update drive
• Fix #3470: Add missing events for managing spaces
• Fix #3472: Fix an oCDAV error message
• Fix #3452: Fix access to spaces shared via public link
• Fix #3440: Set proper names and paths for space roots
• Fix #3437: Refactor delete error handling
• Fix #3432: Remove share jail fix
• Fix #3458: Set the Oc-Fileid header when copying items
• Enh #3441: Cover ocdav with more unit tests
• Enh #3493: Configurable filelock duration factor in decomposedfs
• Enh #3397: Reduce lock contention issues

Details

• Bugfix #3436: Allow updating to internal link

We now allow updating any link to an internal link when the user has UpdateGrant permissions

#3436

• Bugfix #3473: Decomposedfs fix revision download

We rewrote the finish upload code to use a write lock when creating and updating node metadata.
This prevents some cornercases, allows us to calculate the size diff atomically and fixes
downloading revisions.

owncloud/ocis#765
owncloud/ocis#3868
#3473

• Bugfix #3482: Decomposedfs propagate sizediff

We now propagate the size diff instead of calculating the treesize. This fixes the slower
upload speeds in large folders.

owncloud/ocis#5061
#3482

• Bugfix #3449: Don't leak space information on update drive

There were some problems with the UpdateDrive func in decomposedfs when it is called without
permission - When calling with empty request it would leak the complete drive info - When
calling with non-empty request it would leak the drive name

#3449
#3453

• Bugfix #3470: Add missing events for managing spaces

We added more events to cover different aspects of managing spaces

#3470

• Bugfix #3472: Fix an oCDAV error message

We've fixed an error message in the oCDAV service, that said "error doing GET request to data
service" even if it did a PATCH request to the data gateway. This error message is now fixed.

#3472

• Bugfix #3452: Fix access to spaces shared via public link

We fixed a problem where downloading archives from spaces which were shared via public links
was not possible.

#3452

• Bugfix #3440: Set proper names and paths for space roots

We fixed a problem where the names and paths were not set correctly for space roots.

#3440

• Bugfix #3437: Refactor delete error handling

We refactored the ocdav delete handler to return the HTTP status code and an error message to
simplify error handling.

#3437

• Bugfix #3432: Remove share jail fix

We have removed the share jail check.

owncloud/ocis#4945
#3432

• Bugfix #3458: Set the Oc-Fileid header when copying items

We added the Oc-Fileid header in the COPY response for compatibility reasons.

owncloud/ocis#5039
#3458

• Enhancement #3441: Cover ocdav with more unit tests

We added unit tests to cover more ocdav handlers: - delete - mkcol - fixes
owncloud/ocis#4332

#3441
#3443
#3445
#3447
#3454
#3461

• Enhancement #3493: Configurable filelock duration factor in decomposedfs

The lock cycle duration factor in decomposedfs can now be changed by setting
lock_cycle_duration_factor.

#3493

• Enhancement #3397: Reduce lock contention issues

We reduced lock contention during high load by caching the extended attributes of a file for the
duration of a request.

#3397

v1.20.0

Changelog for reva 1.20.0 (2022-11-24)

The following sections list the changes in reva 1.20.0 relevant to
reva users. The changes are ordered by importance.

Summary

• Sec #3316: Mitigate XSS
• Fix #3455: Fixes panic in case of empty configuration
• Fix #3311: Remove FIXME
• Fix #3396: Fix the Ceph Docker image repository URL
• Fix #3055: Fix quota for LW accounts
• Fix #3361: Use custom reva logger in ocs
• Fix #3344: Fix quota percentage
• Fix #2979: Removed unused datatx code
• Fix #2973: Fix datatxtarget uri when prefix is used
• Fix #3319: Fix oidc provider crash when custom claims are provided
• Fix #3481: OIDC: resolve users with no uid/gid by username
• Fix #3055: Get user from user provider in oidc driver
• Fix #3053: Temporary read user acl instead of sys acl
• Enh #3401: Make WOPI bridged apps (CodiMD) configuration non hard-coded
• Enh #3402: Block users
• Enh #3098: App provider http endpoint uses Form instead of Query
• Enh #3116: Implementation of cback storage driver for REVA
• Enh #3422: Migrate Codacy from Drone to Codacy/GitHub integration
• Enh #3412: Migrate Fossa from Drone to Github Integration
• Enh #3367: Update go version
• Enh #3467: Enable gocritic linter in golangci-lint and solve issues
• Enh #3463: Enable gofmt linter in golangci-lint and apply gofmt
• Enh #3471: Enable goimports and usestdlibvars in golangci-lint
• Enh #3466: Migrate golangci-lint from Drone to GitHub Actions
• Enh #3465: Enable revive linter in golangci-lint and solve issues
• Enh #3487: Enable staticcheck linter in golangci-lint and solve issues
• Enh #3475: Enable the style linters
• Enh #3070: Allow http service to expose prefixes containing /
• Enh #2986: Better display name in apps for all user types
• Enh #3303: Added support for configuring language locales in apps
• Enh #3348: Revamp lightweigth accounts
• Enh #3304: Add http service to send email for shares
• Enh #3072: Mesh meta data operators
• Enh #3313: Fix content-type for OCM sharing
• Enh #3234: Add post create home hook for eos storage driver
• Enh #3347: Implemented PROPFIND with 0 depth
• Enh #3056: Add public share auth provider
• Enh #3305: Add description to public link
• Enh #3163: Add support for quicklinks for public shares
• Enh #3289: Make Refresh Lock operation WOPI compliant
• Enh #3315: Accept reva token as a bearer authentication
• Enh #3438: Sanitize non-utf8 characters in xattr values in EOS
• Enh #3221: Site Accounts improvements
• Enh #3404: Site accounts & Mentix updates
• Enh #3424: Expire tokens on sunday
• Enh #2986: Use email as display name for external users opening WOPI apps

Details

• Security #3316: Mitigate XSS

  We've mitigated an XSS vulnerability resulting from unescaped HTTP responses containing
  user-provided values in pkg/siteacc/siteacc.go and
  internal/http/services/ocmd/invites.go. This patch uses html.EscapeString to escape the
  user-provided values in the HTTP responses of pkg/siteacc/siteacc.go and
  internal/http/services/ocmd/invites.go.

  #3316

• Bugfix #3455: Fixes panic in case of empty configuration

  Makes sure the config map is allocated prior to setting it

  #3455

• Bugfix #3311: Remove FIXME

  Issue #2402 is closed.

  #3311

• Bugfix #3396: Fix the Ceph Docker image repository URL

  #3396

• Bugfix #3055: Fix quota for LW accounts

  LW accounts do not have quota assigned.

  #3055

• Bugfix #3361: Use custom reva logger in ocs

  #3361

• Bugfix #3344: Fix quota percentage

  #3344

• Bugfix #2979: Removed unused datatx code

  An OCM reference is not created for a data transfer type share.

  #2979

• Bugfix #2973: Fix datatxtarget uri when prefix is used

  When a webdav prefix is used it appears in both host and name parameter of the target uri for data
  transfer. This PR fixes that.

  #2973

• Bugfix #3319: Fix oidc provider crash when custom claims are provided

  #3319

• Bugfix #3481: OIDC: resolve users with no uid/gid by username

  Previously we resolved such users (so called "lightweight" or "external" accounts in the CERN
  realm) by email, but it turns out that the same email may have multiple accounts associated to
  it.

  Therefore we now resolve them by username, that is the upn, which is unique.

  #3481

• Bugfix #3055: Get user from user provider in oidc driver

  For oidc providers that only respond with standard claims, use the user provider to get the
  user.

  #3055

• Bugfix #3053: Temporary read user acl instead of sys acl

  We read the user acl in EOS until the migration of all user acls to sys acls are done

  #3053

• Enhancement #3401: Make WOPI bridged apps (CodiMD) configuration non hard-coded

  The configuration of the custom mimetypes has been moved to the AppProvider, and the given
  mimetypes are used to configure bridged apps by sharing the corresponding config item to the
  drivers.

  #3401

• Enhancement #3402: Block users

  Allows an operator to set a list of users that are banned for every operation in reva.

  #3402

• Enhancement #3098: App provider http endpoint uses Form instead of Query

  We've improved the http endpoint now uses the Form instead of Query to also support
  application/x-www-form-urlencoded parameters on the app provider http endpoint.

  #3098
  #3101

• Enhancement #3116: Implementation of cback storage driver for REVA

  This is a read only fs interface.

  #3116

• Enhancement #3422: Migrate Codacy from Drone to Codacy/GitHub integration

  #3422

• Enhancement #3412: Migrate Fossa from Drone to Github Integration

  #3412

• Enhancement #3367: Update go version

  Update go version to 1.19 in go.mod

  #3367

• Enhancement #3467: Enable gocritic linter in golangci-lint and solve issues

  #3467

• Enhancement #3463: Enable gofmt linter in golangci-lint and apply gofmt

  #3463

• Enhancement #3471: Enable goimports and usestdlibvars in golangci-lint

  We've enabled the goimports and usestdlibvars linters in golangci-lint and solved the
  related issues.

  #3471

• Enhancement #3466: Migrate golangci-lint from Drone to GitHub Actions

  #3466

• Enhancement #3465: Enable revive linter in golangci-lint and solve issues

  #3465

• Enhancement #3487: Enable staticcheck linter in golangci-lint and solve issues

  #3487

• Enhancement #3475: Enable the style linters

  We've enabled the stylecheck, whitespace, dupword, godot and dogsled linters in
  golangci-lint and solved the related issues.

  #3475

• Enhancement #3070: Allow http service to expose prefixes containing /

  #3070

• Enhancement #2986: Better display name in apps for all user types

  This includes a FirstName FamilyName (domain) format for non-primary accounts, and a
  sanitization of the email address claim for such non-primary accounts.

  #2986
  #3280

• Enhancement #3303: Added support for configuring language locales in apps

  This is a partial backport from edge: we introduce a language option in the appprovider, which
  if set is passed as appropriate parameter to the external apps in order to force a given
  localization. In particular, for Microsoft Office 365 the DC_LLCC option is set as well. The
  default behavior is unset, where apps try and resolve the localization from the browser
  headers.

  #3303

• Enhancement #3348: Revamp lightweigth accounts

  Re-implements the lighweight account scope check, making it more efficient. Also, the ACLs
  for the EOS storage driver for the lw accounts are set atomically.

  #3348

• Enhancement #3304: Add http service to send email for shares

  #3304

• Enhancement #3072: Mesh meta data operators

  To better support sites that run multiple instances, the meta data have been extended to
  include a new hierarchy layer called 'operators'. This PR brings all necessary changes in the
  Mentix and site accounts services.

  #3072

• Enhancement #3313: Fix content-type for OCM sharing

  This fix change the content type to just "application/json"

  #3313

• Enhancement #3234: Add post create home hook for eos storage driver

  #3234

• Enhancement #3347: Implemented PROPFIND with 0 depth

  #3347

• Enhancement #3056: Add public share auth provider

  Add a public share auth middleware

  #3056

• Enhancement #3305: Add description to public link

  #3305

• Enhancement #3163: Add support for quicklinks for public shares

  https://github.com/cs3or...

v2.11.0

Changelog for reva 2.11.0 (2022-11-03)

The following sections list the changes in reva 2.11.0 relevant to
reva users. The changes are ordered by importance.

Summary

• Fix #3282: Use Displayname in wopi apps
• Fix #3430: Add missing error check in decomposedfs
• Fix #3298: Make date only expiry dates valid for the whole day
• Fix #3394: Avoid AppProvider panic
• Fix #3267: Reduced default cache sizes for smaller memory footprint
• Fix #3338: Fix malformed uid string in cache
• Fix #3255: Properly escape oc:name in propfind response
• Fix #3324: Correct base URL for download URL and href when listing file public links
• Fix #3278: Fix public share view mode during app open
• Fix #3377: Fix possible race conditions
• Fix #3274: Fix "uploader" role permissions
• Fix #3241: Fix uploading empty files into shares
• Fix #3251: Make listing xattrs more robust
• Fix #3287: Return OCS forbidden error when a share already exists
• Fix #3218: Improve performance when listing received shares
• Fix #3251: Lock source on move
• Fix #3238: Return relative used quota amount as a percent value
• Fix #3279: Polish OCS error responses
• Fix #3307: Refresh lock in decomposedFS needs to overwrite
• Fix #3368: Return 404 when no permission to space
• Fix #3341: Validate s3ng downloads
• Fix #3284: Prevent nil pointer when requesting user
• Fix #3257: Fix wopi access to publicly shared files
• Chg #3267: Decomposedfs no longer stores the idp
• Chg #3381: Changed Name of the Shares Jail
• Enh #3381: Add capability for sharing by role
• Enh #3320: Add the parentID to the ocs and dav responses
• Enh #3239: Add privatelink to PROPFIND response
• Enh #3340: Add SpaceOwner to some event
• Enh #4564: Add SpaceShared event
• Enh #3297: Update dependencies
• Enh #4959: Make max lock cycles configurable
• Enh #1949: Add support for denying access in OCS layer
• Enh #3224: Make the jsoncs3 share manager cache ttl configurable
• Enh #3290: Harden file system accesses
• Enh #3332: Allow to enable TLS for grpc service
• Enh #3223: Improve CreateShare grpc error reporting
• Enh #3376: Improve logging
• Enh #3250: Allow sharing the gateway caches
• Enh #3240: We now only encode &, < and > in PROPFIND PCDATA
• Enh #3334: Secure the nats connectin with TLS
• Enh #3300: Do not leak existence of resources
• Enh #3233: Allow to override default broker for go-micro base ocdav service
• Enh #3258: Allow ocdav to share the registry instance with other services
• Enh #3225: Render file parent id for ocs shares
• Enh #3222: Support Prefer: return=minimal in PROPFIND
• Enh #3395: Reduce lock contention issues
• Enh #3286: Make Refresh Lock operation WOPI compliant
• Enh #3229: Request counting middleware
• Enh #3312: Implemented new share filters
• Enh #3308: Update the ttlcache library
• Enh #3291: The wopi app driver supports more options

Details

• Bugfix #3282: Use Displayname in wopi apps

We now use the users display name in wopi apps.

#3282

• Bugfix #3430: Add missing error check in decomposedfs

During space creation the decomposedfs now checks for errors when trying to read the root node.
This prevents a panic by no longer calling InternalPath on the node.

owncloud/ocis#4961
#3430

• Bugfix #3298: Make date only expiry dates valid for the whole day

When an expiry date like 2022-09-30 is parsed, we now make it valid for the whole day,
effectively becoming 2022-09-30 23:59:59

#3298

• Bugfix #3394: Avoid AppProvider panic

#3394
avoid
panic
in
app
provider

• Bugfix #3267: Reduced default cache sizes for smaller memory footprint

We reduced the default cachesizes of the auth interceptors and the share cache. The default of 1
Million cache entries was way too high and caused a high memory usage upon startup. Config
options to set custom cache size where added.

owncloud/ocis#3267
owncloud/ocis#4628

• Bugfix #3338: Fix malformed uid string in cache

The rediscache returns a uid in the format of <tablename>uid:<someuid> in the getter this
results in issues when trying to delete the key from the cache store, because the Delete
function will prepend the table name to the string which will not be resolvable in redis (e.g.
<tablename><tablename>uid:<somuid>)

owncloud/ocis#4772
#3338

• Bugfix #3255: Properly escape oc:name in propfind response

The oc:name property in the ocdav propfind response might contain XML special characters. We
now apply the proper escaping on that property.

owncloud/ocis#4474
#3255

• Bugfix #3324: Correct base URL for download URL and href when listing file public links

We now build the correct base URL when listing file public links.

owncloud/ocis#4758
#3324

• Bugfix #3278: Fix public share view mode during app open

We now set the correct view mode during an app open action when the user is accessing a public
share.

#3278

• Bugfix #3377: Fix possible race conditions

We fixed two potential race condition when initializing the shared config structure and when
setting up caches for the http authentication interceptors.

#3377

• Bugfix #3274: Fix "uploader" role permissions

We fixed a permission problem on "public upload shares", which allowed to view the content of
the shared upload folder.

owncloud/ocis#4657
#3274

• Bugfix #3241: Fix uploading empty files into shares

We fixed a problem which prevented empty files from being uploaded into shares.

owncloud/ocis#4383
#3241

• Bugfix #3251: Make listing xattrs more robust

We fixed a potential race condition when listing xattrs of nodes in concurrency situations

#3251

• Bugfix #3287: Return OCS forbidden error when a share already exists

We now return OCS 104 / HTTP 403 errors when a user tries to reshare a file with a recipient that
already has access to a resource.

owncloud/ocis#4630
#3287

• Bugfix #3218: Improve performance when listing received shares

We improved the performance when listing received shares by getting rid of superfluous
GetPath calls and sending stat request directly to the storage provider instead of the
SharesStorageProvider.

#3218

• Bugfix #3251: Lock source on move

When moving files until now only the lock of the targeted node would be checked. This could lead
to strange behaviour when using web editors like only office. With checking the source nodes
lock too, it is now forbidden to rename a file while it is locked

#3251

• Bugfix #3238: Return relative used quota amount as a percent value

The ocs/ocs/v1.php/cloud/users/ endpoint was fixed to return the relative amount of used
quota as a percentage value.

owncloud/ocis#4357
#3238

• Bugfix #3279: Polish OCS error responses

We aligned more OCS error responses with oc10

owncloud/ocis#1799
#3279

• Bugfix #3307: Refresh lock in decomposedFS needs to overwrite

We fixed a bug in the refresh lock operation in the DecomposedFS. The new lock was appended but
needs to overwrite the existing one.

#3307

• Bugfix #3368: Return 404 when no permission to space

WebDAV expects a 409 response when trying to upload into a non existing folder. We fixed the
implementation to return 404 when a user has no access to a space and still return a 409 when a
parent folder does not exist (and he has access to the space).

owncloud/ocis#3561
#3368
#3300

• Bugfix #3341: Validate s3ng downloads

The s3ng download func now returns an error in cases where the requested node blob is unknown or
the blob size does not match the node meta blob size.

#3341

• Bugfix #3284: Prevent nil pointer when requesting user

We added additional nil pointer checks in the user and groups providers.

owncloud/ocis#4703
#3284

• Bugfix #3257: Fix wopi access to publicly shared files

Wopi requests to single file public shares weren't properly authenticated. I added a new check
to allow wopi to access files which were publicly shared.

owncloud/ocis#4382
#3257

• Change #3267: Decomposedfs no longer stores the idp

We no longer persist the IDP of a user id in decomposedfs grants. As a consequence listing or
reading Grants no longer returns the IDP for the Creator. It never did for the Grantee. Whatever
credentials are used to authenticate a user we internally have to create a UUID anyway. Either
by lookung it up in an external service (eg. LDAP or SIEM) or we autoprovision it.

#3267

• Change #3381: Changed Name of the Shares Jail

We changed the space ...