Changelog for reva 1.28.0 (2024-02-27)

The following sections list the changes in reva 1.28.0 relevant to reva users. The changes are ordered by importance.

Summary

Fix #4369: Carefully use root credentials to perform system level ops
Fix #4306: Correctly treat EOS urls containing # chars
Fix #4510: Propagates traceID to EOS
Fix #4321: Reworked List() to support version folder tricks
Fix #4400: Fix group-based capabilities
Fix #4319: Fixed registration of custom extensions in the mime registry
Fix #4287: Fixes registration and naming of services
Fix #4310: Restore changes to ceph driver
Fix #4294: Sciencemesh fixes
Fix #4307: Dynamic storage registry storage_id aliases
Fix #4497: Removed stat to all storage providers on Depth:0 PROPFIND to "/"
Enh #4280: Implementation of Locks for the CephFS driver
Enh #4282: Support multiple templates in config entries
Enh #4304: Disable open in app for given paths
Enh #4455: Limit max number of entries returned by ListRecycle in eos
Enh #4309: Get the logger in the grpcMDResponseToFileInfo func, log the stat
Enh #4311: Init time logger for eosgrpc storage driver
Enh #4301: Added listversions command
Enh #4493: Removed notification capability
Enh #4288: Print plugins' version
Enh #4508: Add pprof http service
Enh #4376: Removed cback from upstream codebase
Enh #4391: CERNBox setup for ScienceMesh tests
Enh #4246: Revamp ScienceMesh integration tests
Enh #4240: Reworked protocol with ScienceMesh NC/OC apps
Enh #4370: Storage registry: fail at init if config is missing any providers

Details

Bugfix #4369: Carefully use root credentials to perform system level ops

This PR ensures that system level ops like setlock, setattr, stat... work when invoked from a gateway This is relevant for eosgrpc, as eosbinary exploited the permissivity of the eos cmdline

#4369
Bugfix #4306: Correctly treat EOS urls containing # chars

#4306
Bugfix #4510: Propagates traceID to EOS

This PR fixes the cases where the EOS trace ID was always a bunch of zeroes.

#4510
Bugfix #4321: Reworked List() to support version folder tricks

#4321
Bugfix #4400: Fix group-based capabilities

The group-based capabilities require an authenticated endpoint, as we must query the logged-in user's groups to get those. This PR moves them to the getSelf endpoint in the user handler.

#4400
Bugfix #4319: Fixed registration of custom extensions in the mime registry

This PR ensures custom extensions/mime-types are registered by trimming any eventual leading '.' from the extension.

#4319
Bugfix #4287: Fixes registration and naming of services

#4287
Bugfix #4310: Restore changes to ceph driver

PR 4166 accidentally reverted the ceph driver changes. This PR recovers them.

#4310
Bugfix #4294: Sciencemesh fixes

Fixes different issues introduced with the recent changes, in ocm/sciencemesh, in particular the GetAccepetdUser and /sciencemesh/find-accepted-users endpoints.

#4294
Bugfix #4307: Dynamic storage registry storage_id aliases

Fixes the bug where the dynamic storage registry would not be able to resolve storage ids like eoshome-a, as those are aliased and need to be resolved into the proper storage-id (eoshome-i01).

#4307
Bugfix #4497: Removed stat to all storage providers on Depth:0 PROPFIND to "/"

This PR removes an unnecessary and potentially problematic call, which would fail if any of the configured storage providers has an issue.

#4497
Enhancement #4280: Implementation of Locks for the CephFS driver

This PR brings CS3APIs Locks for CephFS

#4280
Enhancement #4282: Support multiple templates in config entries

This PR introduces support for config entries with multiple templates, such as parameter = "{{ vars.v1 }} foo {{ vars.v2 }}". Previously, only one {{ template }} was allowed in a given configuration entry.

#4282
Enhancement #4304: Disable open in app for given paths

#4304
Enhancement #4455: Limit max number of entries returned by ListRecycle in eos

The idea is to query first how many entries we'd have from eos recycle ls and bail out if "too many".

#4455
Enhancement #4309: Get the logger in the grpcMDResponseToFileInfo func, log the stat

#4309
Enhancement #4311: Init time logger for eosgrpc storage driver

Before the eosgrpc driver was using a custom logger. Now that the reva logger is available at init time, the driver will use this.

#4311
Enhancement #4301: Added listversions command

#4301
Enhancement #4493: Removed notification capability

This is not needed any longer, the code was simplified to enable notifications if they are configured

#4493
Enhancement #4288: Print plugins' version

#4288
Enhancement #4508: Add pprof http service

This service is useful to trigger diagnostics on running processes

#4508
Enhancement #4376: Removed cback from upstream codebase

The code has been moved to as a CERNBox plugin.

#4376
Enhancement #4391: CERNBox setup for ScienceMesh tests

This PR includes a bundled CERNBox-like web UI and backend to test the ScienceMesh workflows with OC10 and NC

#4391
Enhancement #4246: Revamp ScienceMesh integration tests

This extends the ScienceMesh tests by running a wopiserver next to each EFSS/IOP, and by including a CERNBox-like minimal configuration. The latter is based on local storage and in-memory shares (no db dependency).

#4246
Enhancement #4240: Reworked protocol with ScienceMesh NC/OC apps

This ensures full OCM 1.1 coverage

#4240
Enhancement #4370: Storage registry: fail at init if config is missing any providers

This change makes the dynamic storage registry fail at startup if there are missing rules in the config file. That is, any mount_id in the routing table must have a corresponding storage_id/address pair in the config, otherwise the registry will fail to start.

#4370

Changelog for reva 1.27.0 (2023-10-19)

The following sections list the changes in reva 1.27.0 relevant to reva users. The changes are ordered by importance.

Summary

Fix #4196: Access public links to projects as owner
Enh #4266: Improve authentication routing logic
Enh #4212: CERNBox cleanup
Enh #4199: Dynamic storage provider
Enh #4264: Implement eos-compliant app locks
Enh #4200: Multiple fixes for Ceph driver
Enh #4185: Refurbish the grpc and https plugins for eos
Enh #4166: Add better observability with metrics and traces
Enh #4195: Support incoming OCM 1.0 shares
Enh #4189: Support full URL endpoints in ocm-provider
Enh #4186: Fixes in the reference configuration for ScienceMesh
Enh #4191: Add metrics service to ScienceMesh example config

Details

Bugfix #4196: Access public links to projects as owner

#4196
Enhancement #4266: Improve authentication routing logic

Provides a safer approach to route requests, both in HTTP and gRPC land when authentication is needed.

#4266
Enhancement #4212: CERNBox cleanup

Remove from the codebase all the cernbox specific code

#4212
Enhancement #4199: Dynamic storage provider

Add a new storage provider that can globally route to other providers. This provider uses a routing table in the database containing path - mountid pairs, and a mapping mountid - address in the config. It also support rewriting paths for resolution (to enable more complex cases).

#4199
Enhancement #4264: Implement eos-compliant app locks

The eosfs package now uses the app locks provided by eos

#4264
Enhancement #4200: Multiple fixes for Ceph driver
- Avoid usage/creation of user homes when they are disabled in the config * Simplify the regular uploads (not chunked) * Avoid creation of shadow folders at the root if they are already there * Clean up the chunked upload * Fix panic on shutdown
#4200
Enhancement #4185: Refurbish the grpc and https plugins for eos

This enhancement refurbishes the grpc and https plugins for eos

#4185
Enhancement #4166: Add better observability with metrics and traces

Adds prometheus collectors that can be registered dynamically and also refactors the http and grpc clients and servers to propage trace info.

#4166
Enhancement #4195: Support incoming OCM 1.0 shares

OCM 1.0 payloads are now supported as incoming shares, and converted to the OCM 1.1 format for persistency and further processing. Outgoing shares are still only OCM 1.1.

#4195
Enhancement #4189: Support full URL endpoints in ocm-provider

This patch enables a reva server to properly show any configured endpoint route in all relevant properties exposed by /ocm-provider. This allows reverse proxy configurations of the form https://server/route to be supported for the OCM discovery mechanism.

#4189
Enhancement #4186: Fixes in the reference configuration for ScienceMesh

Following the successful onboarding of CESNET, this PR brings some improvements and fixes to the reference configuration, as well as some adaptation to the itegration tests.

#4186 #4184 #4183
Enhancement #4191: Add metrics service to ScienceMesh example config

Adds the metrics http service configuration to the example config file of a ScienceMesh site. Having this service configured is a prerequisite for successfull Prometheus-based ScienceMesh sites metrics scraping.

#4191

Changelog for reva 1.26.0 (2023-09-08)

The following sections list the changes in reva 1.26.0 relevant to reva users. The changes are ordered by importance.

Summary

Fix #4165: Use default user tmp folder in config tests
Fix #4113: Fix plugin's registration when reva is built with version 1.21
Fix #4171: Fix accessing an OCM-shared resource containing spaces
Fix #4172: Hardcode access methods for outgoing OCM shares from OC/NC
Fix #4125: Enable projects for lightweight accounts
Enh #4121: Expire cached users and groups entries
Enh #4162: Disable sharing on a storage provider
Enh #4163: Disable trashbin on a storage provider
Enh #4164: Disable versions on a storage provider
Enh #4084: Implementation of an app provider for Overleaf
Enh #4114: List all the registered plugins
Enh #4115: All required features and fixes for the OC/NC ScienceMesh apps

Details

Bugfix #4165: Use default user tmp folder in config tests

#4165
Bugfix #4113: Fix plugin's registration when reva is built with version 1.21

With go 1.21 the logic for package initialization has changed, and the plugins were failing in the registration. Now the registration of the plugins is deferred in the main.

#4113
Bugfix #4171: Fix accessing an OCM-shared resource containing spaces

Fixes the access of a resource OCM-shared containing spaces, that previously was failing with a NotFound error.

#4171
Bugfix #4172: Hardcode access methods for outgoing OCM shares from OC/NC

This is a workaround until sciencemesh/nc-sciencemesh#45 is properly implemented

#4172
Bugfix #4125: Enable projects for lightweight accounts

Enable CERNBox projects to be listed by a lightweight account

#4125
Enhancement #4121: Expire cached users and groups entries

Entries in the rest user and group drivers do not expire. This means that old users/groups that have been deleted are still in cache. Now an expiration of fetch interval + 1 hours has been set.

#4121
Enhancement #4162: Disable sharing on a storage provider

Added a GRPC interceptor that disable sharing permissions on a storage provider.

#4162
Enhancement #4163: Disable trashbin on a storage provider

Added a GRPC interceptor that disable the trashbin on a storage provider.

#4163
Enhancement #4164: Disable versions on a storage provider

Added a GRPC interceptor that disable the versions on a storage provider.

#4164
Enhancement #4084: Implementation of an app provider for Overleaf

This PR adds an app provider for Overleaf as a standalone http service.

The app provider currently consists of support for the export to Overleaf feature, which when called returns a URL to Overleaf that prompts Overleaf to download the appropriate resource making use of the Archiver service, and upload the files to a user's Overleaf account.

#4084
Enhancement #4114: List all the registered plugins

#4114
Enhancement #4115: All required features and fixes for the OC/NC ScienceMesh apps

This PR includes all necessary code in Reva to interface with the ScienceMesh apps in OC and NC

#4115

Changelog for reva 1.25.0 (2023-08-14)

The following sections list the changes in reva 1.25.0 relevant to reva users. The changes are ordered by importance.

Summary

Fix #4032: Temporarily exclude ceph-iscsi when building revad-ceph image
Fix #3883: Fix group request to Grappa
Fix #3946: Filter OCM shares by path
Fix #4016: Fix panic when closing notification service
Fix #4061: Fixes on notifications
Fix #3962: OCM-related compatibility fixes
Fix #3972: Fix for #3971
Fix #3882: Remove transfer on cancel should also remove transfer job
Chg #4041: Clean up notifications error checking code, fix sql creation script
Chg #3581: Remove meshdirectory http service
Enh #4044: Added an /app/notify endpoint for logging/tracking apps
Enh #3915: Storage drivers setup for datatx
Enh #3891: Provide data transfer size with datatx share
Enh #3905: Remove redundant config for invite_link_template
Enh #4031: Dump reva config on SIGUSR1
Enh #3954: Extend EOS metadata
Enh #3958: Make /sciencemesh/find-accepted-users response
Enh #3908: Removed support for forcelock
Enh #4011: Improve logging of HTTP requests
Enh #3407: Add init time logging to all services
Enh #4030: Support multiple token strategies in auth middleware
Enh #4015: New configuration
Enh #3825: Notifications framework
Enh #3969: Conditional notifications initialization
Enh #4077: Handle target in OpenInApp response
Enh #4073: Plugins
Enh #3937: Manage OCM shares
Enh #4035: Enforce/validate configuration of services

Details

Bugfix #4032: Temporarily exclude ceph-iscsi when building revad-ceph image

Due to Package ceph-iscsi-3.6-1.el8.noarch.rpm is not signed error when building the revad-ceph docker image, the package ceph-iscsi has been excluded from the dnf update. It will be included again once the pkg will be signed again.

#4032
Bugfix #3883: Fix group request to Grappa

The url.JoinPath call was returning an url-encoded string, turning ? into %3. This caused the request to return 404.

#3883
Bugfix #3946: Filter OCM shares by path

Fixes the bug of duplicated OCM shares returned in the share with others response.

#3946
Bugfix #4016: Fix panic when closing notification service

If the connection to the nats server was not yet estabished, the service on close was panicking. This has been now fixed.

#4016
Bugfix #4061: Fixes on notifications

This is to align the code to the latest schema for notifications

#4061
Bugfix #3962: OCM-related compatibility fixes

Following analysis of OC and NC code to access a remote share, we must expose paths and not full URIs on the /ocm-provider endpoint. Also we fix a lookup issue with apps over OCM and update examples.

#3962
Bugfix #3972: Fix for #3971

Fixed panic described in #3971

#3972
Bugfix #3882: Remove transfer on cancel should also remove transfer job

#3881 #3882
Change #4041: Clean up notifications error checking code, fix sql creation script

#4041
Change #3581: Remove meshdirectory http service

As of meshdirectory-web version 2.0.0, it is now implemented and deployed as a completely separate app, independent from Reva. We removed any deprecated meshdirectory-related code from Reva.

#3581
Enhancement #4044: Added an /app/notify endpoint for logging/tracking apps

The new endpoint serves to probe the health state of apps such as Microsoft Office Online, and it is expected to be called by the frontend upon successful loading of the document by the underlying app

#4044
Enhancement #3915: Storage drivers setup for datatx

#3914 #3915
Enhancement #3891: Provide data transfer size with datatx share

#2104 #3891
Enhancement #3905: Remove redundant config for invite_link_template

This is to drop invite_link_template from the OCM-related config. Now the provider_domain and mesh_directory_url config options are both mandatory in the sciencemesh http service, and the link is directly built out of the context.

#3905
Enhancement #4031: Dump reva config on SIGUSR1

Add an option to the runtime to dump the configuration on a file (default to /tmp/reva-dump.toml and configurable) when the process receives a SIGUSR1 signal. Eventual errors are logged in the log.

#4031
Enhancement #3954: Extend EOS metadata

This PR extend the EOS metadata with atime and ctime fields. This change is backwards compatible.

#3954
Enhancement #3958: Make /sciencemesh/find-accepted-users response

Consistent with delete user parameters

#3958
Enhancement #3908: Removed support for forcelock

This workaround is not needed any longer, see also the wopiserver.

#3908
Enhancement #4011: Improve logging of HTTP requests

Added request and response headers and removed redundant URL from the "http" messages

#4011
Enhancement #3407: Add init time logging to all services

#3407
Enhancement #4030: Support multiple token strategies in auth middleware

Different HTTP services can in general support different token strategies for validating the reva token. In this context, without updating every single client a mono process deployment will never work. Now the HTTP auth middleware accepts in its configuration a token strategy chain, allowing to provide the reva token in multiple places (bearer auth, header).

#4030
Enhancement #4015: New configuration

Allow multiple driverts of the same service to be in the same toml config. Add a vars section to contain common parameters addressable using templates in the configuration of the different drivers. Support templating to reference values of other parameters in the configuration. Assign random ports to services where the address is not specified.

#4015
Enhancement #3825: Notifications framework

Adds a notifications framework to Reva.

The new notifications service communicates with the rest of reva using NATS. It provides helper functions to register new notifications and to send them.

Notification templates are provided in the configuration files for each service, and they are registered into the notifications service on initialization.

#3825
Enhancement #3969: Conditional notifications initialization

Notification helpers in services will not try to initalize if there is no specific configuration.

#3969
Enhancement #4077: Handle target in OpenInApp response

This PR adds the OpenInApp.target and AppProviderInfo.action properties to the respective responses (/app/open and /app/list), to support different app integrations. In addition, the archiver was extended to use the name of the file/folder as opposed to "download", and to include a query parameter to override the archive type, as it will be used in an upcoming app.

#4077
Enhancement #4073: Plugins

Adds a plugin system for allowing the creation of external plugins for different plugable components in reva, for example grpc drivers, http services and middlewares.

#4073
Enhancement #3937: Manage OCM shares

Implements the following item regarding OCM: - update of OCM shares in both grpc and ocs layer, allowing an user to update permissions and expiration of the share - deletion of OCM shares in both grpc and ocs layer - accept/reject of received OCM shares - remove accepted remote users

#3937
Enhancement #4035: Enforce/validate configuration of services

Every driver can now specify some validation rules on the configuration. If the validation rules are not respected, reva will bail out on startup with a clear error.

#4035

Changelog for reva 1.24.0 (2023-05-11)

The following sections list the changes in reva 1.24.0 relevant to reva users. The changes are ordered by importance.

Summary

Fix #3805: Apps: fixed viewMode resolution
Fix #3771: Fix files sharing capabilities
Fix #3749: Fix persisting updates of received shares in json driver
Fix #3723: Fix revad docker images by enabling CGO
Fix #3765: Fix create version folder in EOS driver
Fix #3786: Fix listing directory for a read-only shares for EOS storage driver
Fix #3787: Fix application flag for EOS binary
Fix #3780: Fix Makefile error on Ubuntu
Fix #3873: Fix parsing of grappa response
Fix #3794: Fix unshare for EOS storage driver
Fix #3838: Fix upload in a single file share for lightweight accounts
Fix #3878: Fix creator/initiator in public and user shares
Fix #3813: Fix propfind URL for OCM shares
Fix #3770: Fixed default protocol on ocm-share-create
Fix #3852: Pass remote share id and shared secret in OCM call
Fix #3859: Fix inconsistency between data transfer protocol naming
Enh #3847: Update data transfers for current OCM shares implementation
Enh #3869: Datatx tutorial
Enh #3762: Denial and Resharing Default capabilities
Enh #3717: Disable sharing on low level paths
Enh #3766: Download file revisions
Enh #3733: Add support for static linking
Enh #3778: Add support to tag eos traffic
Enh #3868: Implement historical way of constructing OCM WebDAV URL
Enh #3719: Skip computing groups when fetching all groups from grappa
Enh #3783: Updated OCM tutorial
Enh #3750: New metadata flags
Enh #3839: Support multiple issuer in OIDC auth driver
Enh #3772: New OCM discovery endpoint
Enh #3619: Tests for invitation manager SQL driver
Enh #3757: Support OCM v1.0 schema
Enh #3695: Create OCM share from sciencemesh service
Enh #3722: List only valid OCM tokens
Enh #3821: Revamp user/group drivers and fix user type
Enh #3724: Send invitation link from mesh directory
Enh #3824: Serverless Services

Details

Bugfix #3805: Apps: fixed viewMode resolution

Currently, the viewMode passed on /app/open is taken without validating the actual user's permissions. This PR fixes this.

#3805
Bugfix #3771: Fix files sharing capabilities

A bug was preventing setting some capabilities (ResharingDefault and DenyAccess) for files sharing from the configuration file

#3771
Bugfix #3749: Fix persisting updates of received shares in json driver

#3749
Bugfix #3723: Fix revad docker images by enabling CGO

#3723
Bugfix #3765: Fix create version folder in EOS driver

In a read only share, a stat could fail, beacause the EOS storage driver was not able to create the version folder for a file in case this did not exist. This fixes this bug impersonating the owner of the file when creating the version folder.

#3765
Bugfix #3786: Fix listing directory for a read-only shares for EOS storage driver

In a read-only share, while listing a folder, for resources not having a version folder, the returned resource id was wrongly the one of the original file, instead of the version folder. This behavior has been fixed, where the version folder is always created on behalf of the resource owner.

#3786
Bugfix #3787: Fix application flag for EOS binary

#3787
Bugfix #3780: Fix Makefile error on Ubuntu

I've fixed Makefile using sh which is defaulted to dash in ubuntu, dash doesn't support [[ ... ]] syntax and Makefile would throw /bin/sh: 1: [[: not found errors.

#3773 #3780
Bugfix #3873: Fix parsing of grappa response

#3873
Bugfix #3794: Fix unshare for EOS storage driver

In the EOS storage driver, the remove acl operation was a no-op. After removing a share, the recipient of the share was still able to operate on the shared resource. Now this has been fixed, removing correctly the ACL from the shared resource.

#3794
Bugfix #3838: Fix upload in a single file share for lightweight accounts

#3838
Bugfix #3878: Fix creator/initiator in public and user shares

#3878
Bugfix #3813: Fix propfind URL for OCM shares

#3810 #3813
Bugfix #3770: Fixed default protocol on ocm-share-create

#3770
Bugfix #3852: Pass remote share id and shared secret in OCM call

#3852
Bugfix #3859: Fix inconsistency between data transfer protocol naming

#3858 #3859
Enhancement #3847: Update data transfers for current OCM shares implementation

#3846 #3847
Enhancement #3869: Datatx tutorial

#3864 #3869
Enhancement #3762: Denial and Resharing Default capabilities

#3762
Enhancement #3717: Disable sharing on low level paths

Sharing can be disable in the user share provider for some paths, but the storage provider was still sending the sharing permissions for those paths. This adds a config option in the storage provider, minimum_allowed_path_level_for_share, to disable sharing permissions for resources up to a defined path level.

#3717
Enhancement #3766: Download file revisions

Currently it is only possible to restore a file version, replacing the actual file with the selected version. This allows an user to download a version file, without touching/replacing the last version of the file

#3766
Enhancement #3733: Add support for static linking

We've added support for compiling reva with static linking enabled. It's possible to do so with the STATIC flag: make revad STATIC=true

#3733
Enhancement #3778: Add support to tag eos traffic

We've added support to tag eos traffic

#3778
Enhancement #3868: Implement historical way of constructing OCM WebDAV URL

Expose the expected WebDAV endpoint for OCM by OC10 and Nextcloud as described in cs3org/OCM-API#70 (comment) to allow reva providers to participate to mesh.

#3855 #3868
Enhancement #3719: Skip computing groups when fetching all groups from grappa

#3719
Enhancement #3783: Updated OCM tutorial

The OCM tutorial in the doc was missing the example on how to access the received resources. Now the tutorial contains all the steps to access a received resource using the WebDAV protocol.

#3783
Enhancement #3750: New metadata flags

Several new flags, like site infrastructure and service status, are now gathered and exposed by Mentix.

#3750
Enhancement #3839: Support multiple issuer in OIDC auth driver

The OIDC auth driver supports now multiple issuers. Users of external providers are then mapped to a local user by a mapping files. Only the main issuer (defined in the config with issuer) and the ones defined in the mapping are allowed for the verification of the OIDC token.

#3839
Enhancement #3772: New OCM discovery endpoint

This PR implements the new OCM v1.1 specifications for the /ocm-provider endpoint.

#3772
Enhancement #3619: Tests for invitation manager SQL driver

#3619
Enhancement #3757: Support OCM v1.0 schema

Following cs3org/cs3apis#206, we add the fields to ensure backwards compatibility with OCM v1.0. However, if the protocol.options undocumented object is not empty, we bail out for now. Supporting interoperability with OCM v1.0 implementations (notably Nextcloud 25) may come in the future if the undocumented options are fully reverse engineered. This is reflected in the unit tests as well.

Also, added viewMode to webapp protocol options (cs3org/cs3apis#207) and adapted all SQL code and unit tests.

#3757
Enhancement #3695: Create OCM share from sciencemesh service

pondersource/sciencemesh-php#166 #3695
Enhancement #3722: List only valid OCM tokens

#3722
Enhancement #3821: Revamp user/group drivers and fix user type

For lightweight accounts
- Fix the user type for lightweight accounts, using the source field to differentiate between a primary and lw account * Remove all the code with manual parsing of the json returned by the CERN provider * Introduce pagination for GetMembers method in the group driver * Reduced network transfer size by requesting only needed fields for GetMembers method
#3821
Enhancement #3724: Send invitation link from mesh directory

When generating and listing OCM tokens

To enhance user expirience, instead of only sending the token, we send directly the URL for accepting the invitation workflow.

#3724
Enhancement #3824: Serverless Services

New type of service (along with http and grpc) which does not have a listening server. Useful for the notifications service and others in the future.

#3824

Changelog for reva 1.23.0 (2023-03-09)

The following sections list the changes in reva 1.23.0 relevant to reva users. The changes are ordered by importance.

Summary

Fix #3621: Use 2700 as permission when creating EOS home folder
Fix #3551: Fixes implementation omission of #3526
Fix #3706: Fix revad-eos docker image which was failing to build
Fix #3626: Fix open in app for lightweight accounts
Fix #3613: Use subject from oidc userinfo when quering the user provider
Fix #3633: Fix litmus and acceptance tests in GitHub Actions
Fix #3694: Updated public links URLs and users' display names in WOPI apps
Chg #3553: Rename PullTransfer to CreateTransfer
Enh #3584: Bump the Copyright date to 2023
Enh #3640: Migrate acceptance tests from Drone to GitHub Actions
Enh #3629: Use cs3org/behat:latest docker image for tests
Enh #3608: Add Golang test coverage report for Codacy
Enh #3599: Add latest tag to revad Docker image with GitHub Actions
Enh #3713: Streamline EOS SSS and UNIX modes
Enh #3566: Migrate the litmusOcisSpacesDav test from Drone to GitHub Actions
Enh #3712: Improve Docker build speed and Docker Compose test speed
Enh #3630: Migrate the virtualViews test from Drone to GitHub Actions
Enh #3675: Cleanup unused configs in OCM HTTP service
Enh #3692: Create and list OCM shares in OCS layer
Enh #3666: Search OCM accepted users
Enh #3665: List valid OCM invite tokens
Enh #3617: SQL driver for OCM invitation manager
Enh #3667: List OCM providers
Enh #3668: Expose OCM received shares as a local mount
Enh #3683: Remote open in app in OCM
Enh #3654: SQL driver for OCM shares
Enh #3646: Update OCM shares to last version of CS3APIs
Enh #3687: Specify recipient as a query param when sending OCM token by email
Enh #3691: Add OCM scope and webdav endpoint
Enh #3611: Revamp OCM invitation workflow
Enh #3703: Bump reva(d) base image to alpine 3.17

Details

Bugfix #3621: Use 2700 as permission when creating EOS home folder

#3621
Bugfix #3551: Fixes implementation omission of #3526

In #3526 a new value format of the owner parameter of the ocm share request was introduced. This change was not implemented in the json driver. This change fixes that.

#3551
Bugfix #3706: Fix revad-eos docker image which was failing to build

#3706
Bugfix #3626: Fix open in app for lightweight accounts

#3626
Bugfix #3613: Use subject from oidc userinfo when quering the user provider

#3613
Bugfix #3633: Fix litmus and acceptance tests in GitHub Actions

#3633
Bugfix #3694: Updated public links URLs and users' display names in WOPI apps

Public links have changed in the frontend and are reflected in folderurl query parameter. Additionally, OCM shares are supported for the folderurl and OCM users are decorated with their ID provider.

#3694
Change #3553: Rename PullTransfer to CreateTransfer

This change implements a CS3APIs name change in the datatx module (PullTransfer to CreateTransfer)

#3553
Enhancement #3584: Bump the Copyright date to 2023

#3584
Enhancement #3640: Migrate acceptance tests from Drone to GitHub Actions

Migrate ocisIntegrationTests and s3ngIntegrationTests to GitHub Actions

#3640
Enhancement #3629: Use cs3org/behat:latest docker image for tests

#3629
Enhancement #3608: Add Golang test coverage report for Codacy

#3608
Enhancement #3599: Add latest tag to revad Docker image with GitHub Actions

#3599
Enhancement #3713: Streamline EOS SSS and UNIX modes

#3713
Enhancement #3566: Migrate the litmusOcisSpacesDav test from Drone to GitHub Actions

#3566
Enhancement #3712: Improve Docker build speed and Docker Compose test speed

#3712
Enhancement #3630: Migrate the virtualViews test from Drone to GitHub Actions

#3630
Enhancement #3675: Cleanup unused configs in OCM HTTP service

#3675
Enhancement #3692: Create and list OCM shares in OCS layer

#3692
Enhancement #3666: Search OCM accepted users

Adds the prefix sm: to the FindUser endpoint, to filter only the OCM accepted users.

#3666
Enhancement #3665: List valid OCM invite tokens

Adds the endpoint /list-invite in the sciencemesh service, to get the list of valid OCM invite tokens.

#3665 cs3org/cs3apis#201
Enhancement #3617: SQL driver for OCM invitation manager

#3617
Enhancement #3667: List OCM providers

Adds the endpoint /list-providers in the sciencemesh service, to get a filtered list of the OCM providers. The filter can be specified with the search query parameters, and filters by domain and full name of the provider.

#3667
Enhancement #3668: Expose OCM received shares as a local mount

#3668
Enhancement #3683: Remote open in app in OCM

#3683
Enhancement #3654: SQL driver for OCM shares

#3654
Enhancement #3646: Update OCM shares to last version of CS3APIs

#3646 cs3org/cs3apis#199
Enhancement #3687: Specify recipient as a query param when sending OCM token by email

Before the email recipient when sending the OCM token was specified as a form parameter. Now as a query parameter, as some clients does not allow in a GET request to set form values. It also add the possibility to specify a template for the subject and the body for the token email.

#3687
Enhancement #3691: Add OCM scope and webdav endpoint

Adds the OCM scope and the ocmshares authentication, to authenticate the federated user to use the OCM shared resources. It also adds the (unprotected) webdav endpoint used to interact with the shared resources.

#2739 #3691
Enhancement #3611: Revamp OCM invitation workflow

#3540 #3611
Enhancement #3703: Bump reva(d) base image to alpine 3.17

Prevents several vulnerabilities from the base image itself: https://artifacthub.io/packages/helm/cs3org/revad?modal=security-report

#3703

Changelog for reva 1.22.0 (2022-12-31)

The following sections list the changes in reva 1.22.0 relevant to reva users. The changes are ordered by importance.

Summary

Fix #3528: Fix expired authenticated public link error code
Fix #3121: Add missing domain normalization to mentix provider authorizer
Enh #3565: Migrate the litmus tests from Drone to GitHub Actions

Details

Bugfix #3528: Fix expired authenticated public link error code

On an expired authenticated public link, the error returned was 401 unauthorized, behaving differently from a not-authenticated one, that returns 404 not found. This has been fixed, returning 404 not found.

#3528
Bugfix #3121: Add missing domain normalization to mentix provider authorizer

The Mentix OCM Provider authorizer lacked provider domain normalization. This led to incorrect provider domain matching when authorizing OCM providers.

#3121
Enhancement #3565: Migrate the litmus tests from Drone to GitHub Actions

We've migrated the litmusOcisOldWebdav and the litmusOcisNewWebdav tests from Drone to GitHub Actions.

#3565

Changelog for reva 1.21.0 (2022-12-07)

The following sections list the changes in reva 1.21.0 relevant to reva users. The changes are ordered by importance.

Summary

Fix #3492: Fixes the DefaultQuotaBytes in EOS
Fix #3420: EOS grpc fixes
Fix #3501: Fix errors of public share provider according to cs3apis
Fix #3504: Fix RefreshLock method for cephfs storage driver
Enh #3502: Appproviders: pass other query parameters as Opaque
Enh #3028: Access directly auth registry rules map when getting provider
Enh #3197: Bring back multi-stage build to save on image size
Enh #3506: Migrate the buildAndPublishDocker job from Drone to GitHub Actions
Enh #3500: Migrate the BuildOnly job from Drone to GitHub Actions
Enh #3513: Migrate the testIntegration job from Drone to GitHub Actions
Enh #3494: Implemented folderurl for WOPI apps
Enh #3507: Get user preferred language
Enh #3530: Improve error logging in ocmd flow
Enh #3491: Implement rclone third-party copy push option
Enh #3508: Allow an user to set a preferred language

Details

Bugfix #3492: Fixes the DefaultQuotaBytes in EOS

We were setting the default logical quota to 1T, resulting on only 500GB available to the user.

#3492
Bugfix #3420: EOS grpc fixes

The shares and the applications were not working with the EOS grpc storage driver. This fixes both.

#3420
Bugfix #3501: Fix errors of public share provider according to cs3apis

All the errors returned by the public share provider where internal errors. Now this has been fixed and the returned errors are the one defined in the cs3apis.

#3501
Bugfix #3504: Fix RefreshLock method for cephfs storage driver

#3504
Enhancement #3502: Appproviders: pass other query parameters as Opaque

This allows to send any other HTTP query parameter passed to /app/open to the underlying appprovider drivers via GRPC

#3502
Enhancement #3028: Access directly auth registry rules map when getting provider

#3028
Enhancement #3197: Bring back multi-stage build to save on image size
- Use EOS 4.8.91 as base image - Bring back multi-stage build - Build revad on the eos 4.8.91 image due to missing dependency (ld-musl-x86_64.so.1, typical of alpine) - Copy the resulting revad from the builder container
Resulting image size (unpacked on disk) is 2.59GB - eos-all:4.8.91 is 2.47GB - existing revad:latest-eos is 6.18GB

#3197
Enhancement #3506: Migrate the buildAndPublishDocker job from Drone to GitHub Actions

We've migrated the buildAndPublishDocker job from Drone to GitHub Actions workflow. We've updated the Golang version used to build the Docker images to go1.19. We've fixed the Cephfs storage module. We've improved the Makefile. We've refactored the build-docker workflow.

#3506
Enhancement #3500: Migrate the BuildOnly job from Drone to GitHub Actions

We've migrated the BuildOnly job from Drone to GitHub Actions workflow. The Workflow builds and Tests Reva, builds a Revad Docker Image and checks the license headers. The license header tools was removed since the goheader linter provides the same functionality.

#3500
Enhancement #3513: Migrate the testIntegration job from Drone to GitHub Actions

#3513
Enhancement #3494: Implemented folderurl for WOPI apps

The folderurl is now populated for WOPI apps, such that for owners and named shares it points to the containing folder, and for public links it points to the appropriate public link URL.

On the way, functions to manipulate the user's scope and extract the eventual public link token(s) have been added, coauthored with @gmgigi96.

#3494
Enhancement #3507: Get user preferred language

The only way for an OCIS web user to change language was to set it into the browser settings. In the ocs user info response, a field language is added, to change their language in the UI, regardless of the browser settings.

#3507
Enhancement #3530: Improve error logging in ocmd flow

#3365 #3530 #3526 #3419 #3369
Enhancement #3491: Implement rclone third-party copy push option

This enhancement gives the option to use third-party copy push with rclone between two different user accounts.

#3491
Enhancement #3508: Allow an user to set a preferred language

#3508

Changelog for reva 1.20.0 (2022-11-24)

The following sections list the changes in reva 1.20.0 relevant to reva users. The changes are ordered by importance.

Summary

Sec #3316: Mitigate XSS
Fix #3455: Fixes panic in case of empty configuration
Fix #3311: Remove FIXME
Fix #3396: Fix the Ceph Docker image repository URL
Fix #3055: Fix quota for LW accounts
Fix #3361: Use custom reva logger in ocs
Fix #3344: Fix quota percentage
Fix #2979: Removed unused datatx code
Fix #2973: Fix datatxtarget uri when prefix is used
Fix #3319: Fix oidc provider crash when custom claims are provided
Fix #3481: OIDC: resolve users with no uid/gid by username
Fix #3055: Get user from user provider in oidc driver
Fix #3053: Temporary read user acl instead of sys acl
Enh #3401: Make WOPI bridged apps (CodiMD) configuration non hard-coded
Enh #3402: Block users
Enh #3098: App provider http endpoint uses Form instead of Query
Enh #3116: Implementation of cback storage driver for REVA
Enh #3422: Migrate Codacy from Drone to Codacy/GitHub integration
Enh #3412: Migrate Fossa from Drone to Github Integration
Enh #3367: Update go version
Enh #3467: Enable gocritic linter in golangci-lint and solve issues
Enh #3463: Enable gofmt linter in golangci-lint and apply gofmt
Enh #3471: Enable goimports and usestdlibvars in golangci-lint
Enh #3466: Migrate golangci-lint from Drone to GitHub Actions
Enh #3465: Enable revive linter in golangci-lint and solve issues
Enh #3487: Enable staticcheck linter in golangci-lint and solve issues
Enh #3475: Enable the style linters
Enh #3070: Allow http service to expose prefixes containing /
Enh #2986: Better display name in apps for all user types
Enh #3303: Added support for configuring language locales in apps
Enh #3348: Revamp lightweigth accounts
Enh #3304: Add http service to send email for shares
Enh #3072: Mesh meta data operators
Enh #3313: Fix content-type for OCM sharing
Enh #3234: Add post create home hook for eos storage driver
Enh #3347: Implemented PROPFIND with 0 depth
Enh #3056: Add public share auth provider
Enh #3305: Add description to public link
Enh #3163: Add support for quicklinks for public shares
Enh #3289: Make Refresh Lock operation WOPI compliant
Enh #3315: Accept reva token as a bearer authentication
Enh #3438: Sanitize non-utf8 characters in xattr values in EOS
Enh #3221: Site Accounts improvements
Enh #3404: Site accounts & Mentix updates
Enh #3424: Expire tokens on sunday
Enh #2986: Use email as display name for external users opening WOPI apps

Details

Security #3316: Mitigate XSS

We've mitigated an XSS vulnerability resulting from unescaped HTTP responses containing user-provided values in pkg/siteacc/siteacc.go and internal/http/services/ocmd/invites.go. This patch uses html.EscapeString to escape the user-provided values in the HTTP responses of pkg/siteacc/siteacc.go and internal/http/services/ocmd/invites.go.

#3316
Bugfix #3455: Fixes panic in case of empty configuration

Makes sure the config map is allocated prior to setting it

#3455
Bugfix #3311: Remove FIXME

Issue #2402 is closed.

#3311
Bugfix #3396: Fix the Ceph Docker image repository URL

#3396
Bugfix #3055: Fix quota for LW accounts

LW accounts do not have quota assigned.

#3055
Bugfix #3361: Use custom reva logger in ocs

#3361
Bugfix #3344: Fix quota percentage

#3344
Bugfix #2979: Removed unused datatx code

An OCM reference is not created for a data transfer type share.

#2979
Bugfix #2973: Fix datatxtarget uri when prefix is used

When a webdav prefix is used it appears in both host and name parameter of the target uri for data transfer. This PR fixes that.

#2973
Bugfix #3319: Fix oidc provider crash when custom claims are provided

#3319
Bugfix #3481: OIDC: resolve users with no uid/gid by username

Previously we resolved such users (so called "lightweight" or "external" accounts in the CERN realm) by email, but it turns out that the same email may have multiple accounts associated to it.

Therefore we now resolve them by username, that is the upn, which is unique.

#3481
Bugfix #3055: Get user from user provider in oidc driver

For oidc providers that only respond with standard claims, use the user provider to get the user.

#3055
Bugfix #3053: Temporary read user acl instead of sys acl

We read the user acl in EOS until the migration of all user acls to sys acls are done

#3053
Enhancement #3401: Make WOPI bridged apps (CodiMD) configuration non hard-coded

The configuration of the custom mimetypes has been moved to the AppProvider, and the given mimetypes are used to configure bridged apps by sharing the corresponding config item to the drivers.

#3401
Enhancement #3402: Block users

Allows an operator to set a list of users that are banned for every operation in reva.

#3402
Enhancement #3098: App provider http endpoint uses Form instead of Query

We've improved the http endpoint now uses the Form instead of Query to also support application/x-www-form-urlencoded parameters on the app provider http endpoint.

#3098 #3101
Enhancement #3116: Implementation of cback storage driver for REVA

This is a read only fs interface.

#3116
Enhancement #3422: Migrate Codacy from Drone to Codacy/GitHub integration

#3422
Enhancement #3412: Migrate Fossa from Drone to Github Integration

#3412
Enhancement #3367: Update go version

Update go version to 1.19 in go.mod

#3367
Enhancement #3467: Enable gocritic linter in golangci-lint and solve issues

#3467
Enhancement #3463: Enable gofmt linter in golangci-lint and apply gofmt

#3463
Enhancement #3471: Enable goimports and usestdlibvars in golangci-lint

We've enabled the goimports and usestdlibvars linters in golangci-lint and solved the related issues.

#3471
Enhancement #3466: Migrate golangci-lint from Drone to GitHub Actions

#3466
Enhancement #3465: Enable revive linter in golangci-lint and solve issues

#3465
Enhancement #3487: Enable staticcheck linter in golangci-lint and solve issues

#3487
Enhancement #3475: Enable the style linters

We've enabled the stylecheck, whitespace, dupword, godot and dogsled linters in golangci-lint and solved the related issues.

#3475
Enhancement #3070: Allow http service to expose prefixes containing /

#3070
Enhancement #2986: Better display name in apps for all user types

This includes a FirstName FamilyName (domain) format for non-primary accounts, and a sanitization of the email address claim for such non-primary accounts.

#2986 #3280
Enhancement #3303: Added support for configuring language locales in apps

This is a partial backport from edge: we introduce a language option in the appprovider, which if set is passed as appropriate parameter to the external apps in order to force a given localization. In particular, for Microsoft Office 365 the DC_LLCC option is set as well. The default behavior is unset, where apps try and resolve the localization from the browser headers.

#3303
Enhancement #3348: Revamp lightweigth accounts

Re-implements the lighweight account scope check, making it more efficient. Also, the ACLs for the EOS storage driver for the lw accounts are set atomically.

#3348
Enhancement #3304: Add http service to send email for shares

#3304
Enhancement #3072: Mesh meta data operators

To better support sites that run multiple instances, the meta data have been extended to include a new hierarchy layer called 'operators'. This PR brings all necessary changes in the Mentix and site accounts services.

#3072
Enhancement #3313: Fix content-type for OCM sharing

This fix change the content type to just "application/json"

#3313
Enhancement #3234: Add post create home hook for eos storage driver

#3234
Enhancement #3347: Implemented PROPFIND with 0 depth

#3347
Enhancement #3056: Add public share auth provider

Add a public share auth middleware

#3056
Enhancement #3305: Add description to public link

#3305
Enhancement #3163: Add support for quicklinks for public shares

#3163 #2715
Enhancement #3289: Make Refresh Lock operation WOPI compliant

We now support the WOPI compliant UnlockAndRelock operation. This has been implemented in the Eos FS. To make use of it, we need a compatible WOPI server.

#3289 https://learn.microsoft.com/en-us/microsoft-365/cloud-storage-partner-program/rest/files/unlockandrelock
Enhancement #3315: Accept reva token as a bearer authentication

#3315
Enhancement #3438: Sanitize non-utf8 characters in xattr values in EOS

#3438
Enhancement #3221: Site Accounts improvements

The site accounts admin panel has been reworked and now also shows which sites aren't configured properly yet. Furthermore, a bug that prevented users from changing site configurations has been fixed.

#3221
Enhancement #3404: Site accounts & Mentix updates

Some small improvements to the Site Accounts and Mentix services, including normalization of data exposed at the /cs3 endpoint of Mentix.

#3404
Enhancement #3424: Expire tokens on sunday

#3424
Enhancement #2986: Use email as display name for external users opening WOPI apps

We use now the email claim for external/federated accounts as the username that is then passed to the wopiserver and used as displayName in the WOPI context.

#2986

Changelog for reva 1.19.0 (2022-06-16)

The following sections list the changes in reva 1.19.0 relevant to reva users. The changes are ordered by importance.

Summary

Fix #2693: Support editnew actions from MS Office
Fix #2588: Dockerfile.revad-ceph to use the right base image
Fix #2216: Make hardcoded HTTP "insecure" options configurable
Fix #2860: Use eos-all parent image
Fix #2499: Removed check DenyGrant in resource permission
Fix #2712: Update Dockerfile.revad.eos to not break the image
Fix #2789: Minor fixes in cephfs and eosfs
Fix #2285: Accept new userid idp format
Fix #2608: Respect the tracing_service_name config variable
Fix #2841: Refactors logger to have ctx
Fix #2759: Made uid, gid claims parsing more robust in OIDC auth provider
Fix #2842: Fix download action in SDK
Fix #2555: Fix site accounts endpoints
Fix #2675: Updates Makefile according to latest go standards
Fix #2572: Wait for nats server on middleware start
Chg #2596: Remove hash from public link urls
Chg #2559: Do not encode webDAV ids to base64
Chg #2561: Merge oidcmapping auth manager into oidc
Enh #2698: Make capabilities endpoint public, authenticate users is present
Enh #2813: Support custom mimetypes in the WOPI appprovider driver
Enh #2515: Enabling tracing by default if not explicitly disabled
Enh #160: Implement the CS3 Lock API in the EOS storage driver
Enh #2686: Features for favorites xattrs in EOS, cache for scope expansion
Enh #2494: Use sys ACLs for file permissions
Enh #2522: Introduce events
Enh #2685: Enable federated account access
Enh #2801: Use functional options for client gRPC connections
Enh #2921: Use standard header for checksums
Enh #2480: Group based capabilities
Enh #1787: Add support for HTTP TPC
Enh #2560: Mentix PromSD extensions
Enh #2613: Externalize custom mime types configuration for storage providers
Enh #2163: Nextcloud-based share manager for pkg/ocm/share
Enh #2696: Preferences driver refactor and cbox sql implementation
Enh #2052: New CS3API datatx methods
Enh #2738: Site accounts site-global settings
Enh #2672: Further Site Accounts improvements
Enh #2549: Site accounts improvements
Enh #2488: Cephfs support keyrings with IDs
Enh #2514: Reuse ocs role objects in other drivers
Enh #2752: Refactor the rest user and group provider drivers
Enh #2946: Make user share indicators read from the share provider service

Details

Bugfix #2693: Support editnew actions from MS Office

This fixes the incorrect behavior when creating new xlsx and pptx files, as MS Office supports the editnew action and it must be used for newly created files instead of the normal edit action.

#2693
Bugfix #2588: Dockerfile.revad-ceph to use the right base image

In Aug2021 https://hub.docker.com/r/ceph/daemon-base was moved to quay.ceph.io and the builds for this image were failing for some weeks after January.

#2588
Bugfix #2216: Make hardcoded HTTP "insecure" options configurable

HTTP "insecure" options must be configurable and default to false.

#2216
Bugfix #2860: Use eos-all parent image

#2860
Bugfix #2499: Removed check DenyGrant in resource permission

When adding a denial permission

#2499
Bugfix #2712: Update Dockerfile.revad.eos to not break the image

#2712
Bugfix #2789: Minor fixes in cephfs and eosfs

#2789
Bugfix #2285: Accept new userid idp format

The format for userid idp changed and this broke the ocmd tutorial This PR makes the provider authorizer interceptor accept both the old and the new string format.

#2285 #2285 See and
Bugfix #2608: Respect the tracing_service_name config variable

#2608
Bugfix #2841: Refactors logger to have ctx

This fixes the native library loggers which are not associated with the context and thus are not handled properly in the reva runtime.

#2841
Bugfix #2759: Made uid, gid claims parsing more robust in OIDC auth provider

This fix makes sure the uid and gid claims are defined at init time, and that the necessary typecasts are performed correctly when authenticating users. A comment was added that in case the uid/gid claims are missing AND that no mapping takes place, a user entity is returned with uid = gid = 0.

#2759
Bugfix #2842: Fix download action in SDK

The download action was no longer working in the SDK (used by our testing probes); this PR fixes the underlying issue.

#2842
Bugfix #2555: Fix site accounts endpoints

This PR fixes small bugs in the site accounts endpoints.

#2555
Bugfix #2675: Updates Makefile according to latest go standards

Earlier, we were using go get to install packages. Now, we are using go install to install packages

#2675 #2747
Bugfix #2572: Wait for nats server on middleware start

Use a retry mechanism to connect to the nats server when it is not ready yet

#2572
Change #2596: Remove hash from public link urls

Public link urls do not contain the hash anymore, this is needed to support the ocis and web history mode.

#2596 owncloud/ocis#3109 owncloud/web#6363
Change #2559: Do not encode webDAV ids to base64

We removed the base64 encoding of the IDs and use the format ! with a ! delimiter. As a reserved delimiter it is URL safe. The IDs will be XML and JSON encoded as necessary.

#2559
Change #2561: Merge oidcmapping auth manager into oidc

The oidcmapping auth manager was created as a separate package to ease testing. As it has now been tested also as a pure OIDC auth provider without mapping, and as the code is largely refactored, it makes sense to merge it back so to maintain a single OIDC manager.

#2561
Enhancement #2698: Make capabilities endpoint public, authenticate users is present

#2698
Enhancement #2813: Support custom mimetypes in the WOPI appprovider driver

Similarly to the storage provider, also the WOPI appprovider driver now supports custom mime types. Also fixed a small typo.

#2813
Enhancement #2515: Enabling tracing by default if not explicitly disabled

#2515
Enhancement #160: Implement the CS3 Lock API in the EOS storage driver

cs3org/cs3apis#160 #2444
Enhancement #2686: Features for favorites xattrs in EOS, cache for scope expansion

#2686
Enhancement #2494: Use sys ACLs for file permissions

#2494
Enhancement #2522: Introduce events

This will introduce events into the system. Events are a simple way to bring information from one service to another. Read pkg/events/example and subfolders for more information

#2522
Enhancement #2685: Enable federated account access

#2685
Enhancement #2801: Use functional options for client gRPC connections

This will add more ability to configure the client side gRPC connections.

#2801
Enhancement #2921: Use standard header for checksums

On HEAD requests, we currently expose checksums (when available) using the ownCloud-specific header, which is typically consumed by the sync clients.

This patch adds the standard Digest header using the standard format detailed at https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Digest. This is e.g. used by GFAL/Rucio clients in the context of managed transfers of datasets.

#2921
Enhancement #2480: Group based capabilities

We can now return specific capabilities for users who belong to certain configured groups.

#2480
Enhancement #1787: Add support for HTTP TPC

We have added support for HTTP Third Party Copy. This allows remote data transfers between storages managed by either two different reva servers, or a reva server and a Grid (WLCG/ESCAPE) site server.

Such remote transfers are expected to be driven by GFAL, the underlying library used by FTS, and Rucio.

In addition, the oidcmapping package has been refactored to support the standard OIDC use cases as well when no mapping is defined.

#1787 #2007
Enhancement #2560: Mentix PromSD extensions

The Mentix Prometheus SD scrape targets are now split into one file per service type, making health checks configuration easier. Furthermore, the local file connector for mesh data and the site registration endpoint have been dropped, as they aren't needed anymore.

#2560
Enhancement #2613: Externalize custom mime types configuration for storage providers

Added ability to configure custom mime types in an external JSON file, such that it can be reused when many storage providers are deployed at the same time.

#2613
Enhancement #2163: Nextcloud-based share manager for pkg/ocm/share

Note that pkg/ocm/share is very similar to pkg/share, but it deals with cs3/sharing/ocm whereas pkg/share deals with cs3/sharing/collaboration

#2163
Enhancement #2696: Preferences driver refactor and cbox sql implementation

This PR uses the updated CS3APIs which accepts a namespace in addition to a single string key to recognize a user preference. It also refactors the GRPC service to support multiple drivers and adds the cbox SQL implementation.

#2696
Enhancement #2052: New CS3API datatx methods

CS3 datatx pull model methods: PullTransfer, RetryTransfer, ListTransfers Method CreateTransfer removed.

#2052
Enhancement #2738: Site accounts site-global settings

This PR extends the site accounts service by adding site-global settings. These are used to store test user credentials that are in return used by our BBE port to perform CS3API-specific health checks.

#2738
Enhancement #2672: Further Site Accounts improvements

Yet another PR to update the site accounts (and Mentix): New default site ID; Include service type in alerts; Naming unified; Remove obsolete stuff.

#2672
Enhancement #2549: Site accounts improvements

This PR improves the site accounts: - Removed/hid API key stuff - Added quick links to the main panel - Made alert notifications mandatory

#2549
Enhancement #2488: Cephfs support keyrings with IDs

#2488
Enhancement #2514: Reuse ocs role objects in other drivers

#2514
Enhancement #2752: Refactor the rest user and group provider drivers

We now maintain our own cache for all user and group data, and periodically refresh it. A redis server now becomes a necessary dependency, whereas it was optional previously.

#2752
Enhancement #2946: Make user share indicators read from the share provider service

#2946

Changelog for reva 1.18.0 (2022-02-11)

The following sections list the changes in reva 1.18.0 relevant to reva users. The changes are ordered by importance.

Summary

Fix #2370: Fixes for apps in public shares, project spaces for EOS driver
Fix #2374: Fix webdav copy of zero byte files
Fix #2478: Use ocs permission objects in the reva GRPC client
Fix #2368: Return wrapped paths for recycled items in storage provider
Chg #2354: Return not found when updating non existent space
Enh #1209: Reva CephFS module v0.2.1
Enh #2341: Use CS3 permissions API
Enh #2350: Add file locking methods to the storage and filesystem interfaces
Enh #2379: Add new file url of the app provider to the ocs capabilities
Enh #2369: Implement TouchFile from the CS3apis
Enh #2385: Allow to create new files with the app provider on public links
Enh #2397: Product field in OCS version
Enh #2393: Update tus/tusd to version 1.8.0
Enh #2205: Modify group and user managers to skip fetching specified metadata
Enh #2232: Make ocs resource info cache interoperable across drivers
Enh #2278: OIDC driver changes for lightweight users

Details

Bugfix #2370: Fixes for apps in public shares, project spaces for EOS driver

#2370
Bugfix #2374: Fix webdav copy of zero byte files

We've fixed the webdav copy action of zero byte files, which was not performed because the webdav api assumed, that zero byte uploads are created when initiating the upload, which was recently removed from all storage drivers. Therefore the webdav api also uploads zero byte files after initiating the upload.

#2374 #2309
Bugfix #2478: Use ocs permission objects in the reva GRPC client

There was a bug introduced by differing CS3APIs permission definitions for the same role across services. This is a first step in making all services use consistent definitions.

#2478
Bugfix #2368: Return wrapped paths for recycled items in storage provider

#2368
Change #2354: Return not found when updating non existent space

If a spaceid of a space which is updated doesn't exist, handle it as a not found error.

#2354
Enhancement #1209: Reva CephFS module v0.2.1

#1209
Enhancement #2341: Use CS3 permissions API

Added calls to the CS3 permissions API to the decomposedfs in order to check the user permissions.

#2341
Enhancement #2350: Add file locking methods to the storage and filesystem interfaces

We've added the file locking methods from the CS3apis to the storage and filesystem interfaces. As of now they are dummy implementations and will only return "unimplemented" errors.

#2350 cs3org/cs3apis#160
Enhancement #2379: Add new file url of the app provider to the ocs capabilities

We've added the new file capability of the app provider to the ocs capabilities, so that clients can discover this url analogous to the app list and file open urls.

#2379 owncloud/ocis#2884 owncloud/web#5890 (comment)
Enhancement #2369: Implement TouchFile from the CS3apis

We've updated the CS3apis and implemented the TouchFile method.

#2369 cs3org/cs3apis#154
Enhancement #2385: Allow to create new files with the app provider on public links

We've added the option to create files with the app provider on public links.

#2385
Enhancement #2397: Product field in OCS version

We've added a new field to the OCS Version, which is supposed to announce the product name. The web ui as a client will make use of it to make the backend product and version available (e.g. for easier bug reports).

#2397
Enhancement #2393: Update tus/tusd to version 1.8.0

We've update tus/tusd to version 1.8.0.

#2393 #2224
Enhancement #2205: Modify group and user managers to skip fetching specified metadata

#2205
Enhancement #2232: Make ocs resource info cache interoperable across drivers

#2232
Enhancement #2278: OIDC driver changes for lightweight users

#2278

Changelog for reva 1.17.0 (2021-12-09)

The following sections list the changes in reva 1.17.0 relevant to reva users. The changes are ordered by importance.

Summary

Fix #2305: Make sure /app/new takes target as absolute path
Fix #2303: Fix content disposition header for public links files
Fix #2316: Fix the share types in propfinds
Fix #2803: Fix app provider for editor public links
Fix #2298: Remove share refs from trashbin
Fix #2309: Remove early finish for zero byte file uploads
Fix #1941: Fix TUS uploads with transfer token only
Chg #2210: Fix app provider new file creation and improved error codes
Enh #2217: OIDC auth driver for ESCAPE IAM
Enh #2256: Return user type in the response of the ocs GET user call
Enh #2315: Add new attributes to public link propfinds
Enh #2740: Implement space membership endpoints
Enh #2252: Add the xattr sys.acl to SysACL (eosgrpc)
Enh #2314: OIDC: fallback if IDP doesn't provide "preferred_username" claim

Details

Bugfix #2305: Make sure /app/new takes target as absolute path

A mini-PR to make the target parameter absolute (by prepending / if missing).

#2305
Bugfix #2303: Fix content disposition header for public links files

#2303 #2297 #2332 #2346
Bugfix #2316: Fix the share types in propfinds

The share types for public links were not correctly added to propfinds.

#2316
Bugfix #2803: Fix app provider for editor public links

Fixed opening the app provider in public links with the editor permission. The app provider failed to open the file in read write mode.

owncloud/ocis#2803 #2310
Bugfix #2298: Remove share refs from trashbin

#2298
Bugfix #2309: Remove early finish for zero byte file uploads

We've fixed the upload of zero byte files by removing the early upload finishing mechanism.

#2309 owncloud/ocis#2609
Bugfix #1941: Fix TUS uploads with transfer token only

TUS uploads had been stopped when the user JWT token expired, even if only the transfer token should be validated. Now uploads will continue as intended.

#1941
Change #2210: Fix app provider new file creation and improved error codes

We've fixed the behavior for the app provider when creating new files. Previously the app provider would overwrite already existing files when creating a new file, this is now handled and prevented. The new file endpoint accepted a path to a file, but this does not work for spaces. Therefore we now use the resource id of the folder where the file should be created and a filename to create the new file. Also the app provider returns more useful error codes in a lot of cases.

#2210
Enhancement #2217: OIDC auth driver for ESCAPE IAM

This enhancement allows for oidc token authentication via the ESCAPE IAM service. Authentication relies on mappings of ESCAPE IAM groups to REVA users. For a valid token, if at the most one group from the groups claim is mapped to one REVA user, authentication can take place.

#2217
Enhancement #2256: Return user type in the response of the ocs GET user call

#2256
Enhancement #2315: Add new attributes to public link propfinds

Added a new property "oc:signature-auth" to public link propfinds. This is a necessary change to be able to support archive downloads in password protected public links.

#2315
Enhancement #2740: Implement space membership endpoints

Implemented endpoints to add and remove members to spaces.

owncloud/ocis#2740 #2250
Enhancement #2252: Add the xattr sys.acl to SysACL (eosgrpc)

#2252
Enhancement #2314: OIDC: fallback if IDP doesn't provide "preferred_username" claim

Some IDPs don't support the "preferred_username" claim. Fallback to the "email" claim in that case.

#2314

Changelog for reva 1.16.0 (2021-11-19)

The following sections list the changes in reva 1.16.0 relevant to reva users. The changes are ordered by importance.

Summary

Fix #2245: Don't announce search-files capability
Fix #2247: Merge user ACLs from EOS to sys ACLs
Fix #2279: Return the inode of the version folder for files when listing in EOS
Fix #2294: Fix HTTP return code when path is invalid
Fix #2231: Fix share permission on a single file in sql share driver (cbox pkg)
Fix #2230: Fix open by default app and expose default app
Fix #2265: Fix nil pointer exception when resolving members of a group (rest driver)
Fix #1214: Fix restoring versions
Fix #2254: Fix spaces propfind
Fix #2260: Fix unset quota xattr on darwin
Fix #5776: Enforce permissions in public share apps
Fix #2767: Fix status code for WebDAV mkcol requests where an ancestor is missing
Fix #2287: Add public link access via mount-ID:token/relative-path to the scope
Fix #2244: Fix the permissions response for shared files in the cbox sql driver
Enh #2219: Add virtual view tests
Enh #2230: Add priority to app providers
Enh #2258: Improved error messages from the AppProviders
Enh #2119: Add authprovider owncloudsql
Enh #2211: Enhance the cbox share sql driver to store accepted group shares
Enh #2212: Filter root path according to the agent that makes the request
Enh #2237: Skip get user call in eosfs in case previous ones also failed
Enh #2266: Callback for the EOS UID cache to retry fetch for failed keys
Enh #2215: Aggregrate resource info properties for virtual views
Enh #2271: Revamp the favorite manager and add the cbox sql driver
Enh #2248: Cache whether a user home was created or not
Enh #2282: Return a proper NOT_FOUND error when a user or group is not found
Enh #2268: Add the reverseproxy http service
Enh #2207: Enable users to list all spaces
Enh #2286: Add trace ID to middleware loggers
Enh #2251: Mentix service inference
Enh #2218: Allow filtering of mime types supported by app providers
Enh #2213: Add public link share type to propfind response
Enh #2253: Support the file editor role for public links
Enh #2208: Reduce redundant stat calls when statting by resource ID
Enh #2235: Specify a list of allowed folders/files to be archived
Enh #2267: Restrict the paths where share creation is allowed
Enh #2252: Add the xattr sys.acl to SysACL (eosgrpc)
Enh #2239: Update toml configs

Details

Bugfix #2245: Don't announce search-files capability

The dav.reports capability contained a search-files report which is currently not implemented. We removed it from the defaults.

#2245
Bugfix #2247: Merge user ACLs from EOS to sys ACLs

#2247
Bugfix #2279: Return the inode of the version folder for files when listing in EOS

#2279
Bugfix #2294: Fix HTTP return code when path is invalid

Before when a path was invalid, the archiver returned a 500 error code. Now this is fixed and returns a 404 code.

#2294
Bugfix #2231: Fix share permission on a single file in sql share driver (cbox pkg)

#2231
Bugfix #2230: Fix open by default app and expose default app

We've fixed the open by default app name behaviour which previously only worked, if the default app was configured by the provider address. We also now expose the default app on the /app/list endpoint to clients.

#2230 cs3org/cs3apis#157
Bugfix #2265: Fix nil pointer exception when resolving members of a group (rest driver)

#2265
Bugfix #1214: Fix restoring versions

Restoring a version would not remove that version from the version list. Now the behavior is compatible to ownCloud 10.

owncloud/ocis#1214 #2270
Bugfix #2254: Fix spaces propfind

Fixed the deep listing of spaces.

#2254
Bugfix #2260: Fix unset quota xattr on darwin

Unset quota attributes were creating errors in the logfile on darwin.

#2260
Bugfix #5776: Enforce permissions in public share apps

A receiver of a read-only public share could still edit files via apps like Collabora. These changes enforce the share permissions in apps used on publicly shared resources.

owncloud/web#5776 owncloud/ocis#2479 https://github.com/cs3org/reva/pull/22142214
Bugfix #2767: Fix status code for WebDAV mkcol requests where an ancestor is missing

We've fixed the status code to 409 according to the WebDAV standard for MKCOL requests where an ancestor is missing. Previously these requests would fail with an different error code (eg. 500) because of storage driver limitations (eg. oCIS FS cannot handle recursive creation of directories).

owncloud/ocis#2767 #2293
Bugfix #2287: Add public link access via mount-ID:token/relative-path to the scope

#2287
Bugfix #2244: Fix the permissions response for shared files in the cbox sql driver

#2244
Enhancement #2219: Add virtual view tests

#2219
Enhancement #2230: Add priority to app providers

Before the order of the list returned by the method FindProviders of app providers depended from the order in which the app provider registered themselves. Now, it is possible to specify a priority for each app provider, and even if an app provider re-register itself (for example after a restart), the order is kept.

#2230 cs3org/cs3apis#157 #2263
Enhancement #2258: Improved error messages from the AppProviders

Some rather cryptic messages are now hidden to users, and some others are made more user-friendly. Support for multiple locales is still missing and out of scope for now.

#2258
Enhancement #2119: Add authprovider owncloudsql

We added an authprovider that can be configured to authenticate against an owncloud classic mysql database. It verifies the password from the oc_users table.

#2119
Enhancement #2211: Enhance the cbox share sql driver to store accepted group shares

#2211
Enhancement #2212: Filter root path according to the agent that makes the request

#2212
Enhancement #2237: Skip get user call in eosfs in case previous ones also failed

#2237
Enhancement #2266: Callback for the EOS UID cache to retry fetch for failed keys

#2266
Enhancement #2215: Aggregrate resource info properties for virtual views

#2215
Enhancement #2271: Revamp the favorite manager and add the cbox sql driver

#2271
Enhancement #2248: Cache whether a user home was created or not

Previously, on every call, we used to stat the user home to make sure that it existed. Now we cache it for a given amount of time so as to avoid repeated calls.

#2248
Enhancement #2282: Return a proper NOT_FOUND error when a user or group is not found

#2282
Enhancement #2268: Add the reverseproxy http service

This PR adds an HTTP service which does the job of authenticating incoming requests via the reva middleware before forwarding them to the respective backends. This is useful for extensions which do not have the auth mechanisms.

#2268
Enhancement #2207: Enable users to list all spaces

Added a permission check if the user has the list-all-spaces permission. This enables users to list all spaces, even those which they are not members of.

#2207
Enhancement #2286: Add trace ID to middleware loggers

#2286
Enhancement #2251: Mentix service inference

Previously, 4 different services per site had to be created in the GOCDB. This PR removes this redundancy by infering all endpoints from a single service entity, making site administration a lot easier.

#2251
Enhancement #2218: Allow filtering of mime types supported by app providers

#2218
Enhancement #2213: Add public link share type to propfind response

Added share type for public links to propfind responses.

#2213 #2257
Enhancement #2253: Support the file editor role for public links

#2253
Enhancement #2208: Reduce redundant stat calls when statting by resource ID

#2208
Enhancement #2235: Specify a list of allowed folders/files to be archived

Adds a configuration to the archiver service in order to specify a list of folders (as regex) that can be archived.

#2235
Enhancement #2267: Restrict the paths where share creation is allowed

This PR limits share creation to certain specified paths. These can be useful when users have access to global spaces and virtual views but these should not be sharable.

#2267
Enhancement #2252: Add the xattr sys.acl to SysACL (eosgrpc)

#2252
Enhancement #2239: Update toml configs

We updated the local and drone configurations, cleanad up the example configs and removed the reva gen subcommand which was generating outdated config.

#2239

Changelog for reva 1.15.0 (2021-10-26)

The following sections list the changes in reva 1.15.0 relevant to reva users. The changes are ordered by importance.

Summary

Fix #2168: Override provider if was previously registered
Fix #2173: Fix archiver max size reached error
Fix #2167: Handle nil quota in decomposedfs
Fix #2153: Restrict EOS project spaces sharing permissions to admins and writers
Fix #2179: Fix the returned permissions for webdav uploads
Fix #2177: Retrieve the full path of a share when setting as
Chg #2479: Make apps able to work with public shares
Enh #2203: Add alerting webhook to SiteAcc service
Enh #2190: Update CODEOWNERS
Enh #2174: Inherit ACLs for files from parent directories
Enh #2152: Add a reference parameter to the getQuota request
Enh #2171: Add optional claim parameter to machine auth
Enh #2163: Nextcloud-based share manager for pkg/ocm/share
Enh #2135: Nextcloud test improvements
Enh #2180: Remove OCDAV options namespace parameter
Enh #2117: Add ocs cache warmup strategy for first request from the user
Enh #2170: Handle propfind requests for existing files
Enh #2165: Allow access to recycle bin for arbitrary paths outside homes
Enh #2193: Filter root paths according to user agent
Enh #2162: Implement the UpdateStorageSpace method
Enh #2189: Add user setting capability

Details

Bugfix #2168: Override provider if was previously registered

Previously if an AppProvider registered himself two times, for example after a failure, the mime types supported by the provider contained multiple times the same provider. Now this has been fixed, overriding the previous one.

#2168
Bugfix #2173: Fix archiver max size reached error

Previously in the total size count of the files being archived, the folders were taken into account, and this could cause a false max size reached error because the size of a directory is recursive-computed, causing the archive to be truncated. Now in the size count, the directories are skipped.

#2173
Bugfix #2167: Handle nil quota in decomposedfs

Do not nil pointer derefenrence when sending nil quota to decomposedfs

#2167
Bugfix #2153: Restrict EOS project spaces sharing permissions to admins and writers

#2153
Bugfix #2179: Fix the returned permissions for webdav uploads

We've fixed the returned permissions for webdav uploads. It did not consider shares and public links for the permission calculation, but does so now.

#2179 #2151
Bugfix #2177: Retrieve the full path of a share when setting as

Accepted or on shared by me

#2177
Change #2479: Make apps able to work with public shares

Public share receivers were not possible to use apps in public shares because the apps couldn't load the files in the public shares. This has now been made possible by changing the scope checks for public shares.

owncloud/ocis#2479 #2143
Enhancement #2203: Add alerting webhook to SiteAcc service

To integrate email alerting with the monitoring pipeline, a Prometheus webhook has been added to the SiteAcc service. Furthermore account settings have been extended/modified accordingly.

#2203
Enhancement #2190: Update CODEOWNERS

#2190
Enhancement #2174: Inherit ACLs for files from parent directories

#2174
Enhancement #2152: Add a reference parameter to the getQuota request

Implementation of cs3org/cs3apis#147

Make the cs3apis accept a Reference in the getQuota Request to limit the call to a specific storage space.

#2152 #2178 #2187
Enhancement #2171: Add optional claim parameter to machine auth

#2171 #2176
Enhancement #2163: Nextcloud-based share manager for pkg/ocm/share

Note that pkg/ocm/share is very similar to pkg/share, but it deals with cs3/sharing/ocm whereas pkg/share deals with cs3/sharing/collaboration

#2163
Enhancement #2135: Nextcloud test improvements

#2135
Enhancement #2180: Remove OCDAV options namespace parameter

We dropped the namespace parameter, as it is not used in the options handler.

#2180
Enhancement #2117: Add ocs cache warmup strategy for first request from the user

#2117
Enhancement #2170: Handle propfind requests for existing files

#2170
Enhancement #2165: Allow access to recycle bin for arbitrary paths outside homes

#2165 #2188
Enhancement #2193: Filter root paths according to user agent

Adds a new rule setting in the storage registry ("allowed_user_agents"), that allows a user to specify which storage provider shows according to the user agent that made the request.

#2193
Enhancement #2162: Implement the UpdateStorageSpace method

Added the UpdateStorageSpace method to the decomposedfs.

#2162 #2195 #2196
Enhancement #2189: Add user setting capability

We've added a capability to communicate the existance of a user settings service to clients.

owncloud/web#5926 #2189 owncloud/ocis#2655

Changelog for reva 1.14.0 (2021-10-12)

The following sections list the changes in reva 1.14.0 relevant to reva users. The changes are ordered by importance.

Summary

Fix #2103: AppProvider: propagate back errors reported by WOPI
Fix #2149: Remove excess info from the http list app providers endpoint
Fix #2114: Add as default app while registering and skip unset mimetypes
Fix #2095: Fix app open when multiple app providers are present
Fix #2135: Make TUS capabilities configurable
Fix #2076: Fix chi routing
Fix #2077: Fix concurrent registration of mimetypes
Fix #2154: Return OK when trying to delete a non existing reference
Fix #2078: Fix nil pointer exception in stat
Fix #2073: Fix opening a readonly filetype with WOPI
Fix #2140: Map GRPC error codes to REVA errors
Fix #2147: Follow up of #2138: this is the new expected format
Fix #2116: Differentiate share types when retrieving received shares in sql driver
Fix #2074: Fix Stat() for EOS storage provider
Fix #2151: Fix return code for webdav uploads when the token expired
Chg #2121: Sharemanager API change
Enh #2090: Return space name during list storage spaces
Enh #2138: Default AppProvider on top of the providers list
Enh #2137: Revamp app registry and add parameter to control file creation
Enh #145: UI improvements for the AppProviders
Enh #2088: Add archiver and app provider to ocs capabilities
Enh #2537: Add maximum files and size to archiver capabilities
Enh #2100: Add support for resource id to the archiver
Enh #2158: Augment the Id of new spaces
Enh #2085: Make encoding user groups in access tokens configurable
Enh #146: Filter the denial shares (permission = 0) out of
Enh #2141: Use golang v1.17
Enh #2053: Safer defaults for TLS verification on LDAP connections
Enh #2115: Reduce code duplication in LDAP related drivers
Enh #1989: Add redirects from OC10 URL formats
Enh #2479: Limit publicshare and resourceinfo scope content
Enh #2071: Implement listing favorites via the dav report API
Enh #2091: Nextcloud share managers
Enh #2070: More unit tests for the Nextcloud storage provider
Enh #2087: More unit tests for the Nextcloud auth and user managers
Enh #2075: Make owncloudsql leverage existing filecache index
Enh #2050: Add a share types filter to the OCS API
Enh #2134: Use space Type from request
Enh #2132: Align local tests with drone setup
Enh #2095: Whitelisting for apps
Enh #2155: Pass an extra query parameter to WOPI /openinapp with a

Details

Bugfix #2103: AppProvider: propagate back errors reported by WOPI

On /app/open and return base64-encoded fileids on /app/new

#2103
Bugfix #2149: Remove excess info from the http list app providers endpoint

We've removed excess info from the http list app providers endpoint. The app provider section contained all mime types supported by a certain app provider, which led to a very big JSON payload and since they are not used they have been removed again. Mime types not on the mime type configuration list always had application/octet-stream as a file extension and APPLICATION/OCTET-STREAM file as name and description. Now these information are just omitted.

#2149 owncloud/ocis#2603 #2138
Bugfix #2114: Add as default app while registering and skip unset mimetypes

We fixed that app providers will be set as default app while registering if configured. Also we changed the behaviour that listing supported mimetypes only displays allowed / configured mimetypes.

#2114 #2095
Bugfix #2095: Fix app open when multiple app providers are present

We've fixed the gateway behavior, that when multiple app providers are present, it always returned that we have duplicate names for app providers. This was due the call to GetAllProviders() without any subsequent filtering by name. Now this filter mechanism is in place and the duplicate app providers error will only appear if a real duplicate is found.

#2095 #2117
Bugfix #2135: Make TUS capabilities configurable

We've fixed the configuration for the TUS capabilities, which will now take the given configuration instead of always using hardcoded defaults.

#2135
Bugfix #2076: Fix chi routing

Chi routes based on the URL.RawPath, which is not updated by the shiftPath based routing used in reva. By setting the RawPath to an empty string chi will fall pack to URL.Path, allowing it to match percent encoded path segments, e.g. when trying to match emails or multibyte characters.

#2076
Bugfix #2077: Fix concurrent registration of mimetypes

We fixed registering mimetypes in the mime package when starting multiple storage providers in the same process.

#2077
Bugfix #2154: Return OK when trying to delete a non existing reference

When the gateway declines a share we can ignore a non existing reference.

#2154 owncloud/ocis#2603
Bugfix #2078: Fix nil pointer exception in stat

#2078
Bugfix #2073: Fix opening a readonly filetype with WOPI

This change fixes the opening of filetypes that are only supported to be viewed and not to be edited by some WOPI compliant office suites.

#2073
Bugfix #2140: Map GRPC error codes to REVA errors

We've fixed the error return behaviour in the gateway which would return GRPC error codes from the auth middleware. Now it returns REVA errors which other parts of REVA are also able to understand.

#2140
Bugfix #2147: Follow up of #2138: this is the new expected format

For the mime types configuration for the AppRegistry.

#2147
Bugfix #2116: Differentiate share types when retrieving received shares in sql driver

#2116
Bugfix #2074: Fix Stat() for EOS storage provider

This change fixes the convertion between the eosclient.FileInfo to ResourceInfo, in which the field ArbitraryMetadata was missing. Moreover, to be consistent with SetArbitraryMetadata() EOS implementation, all the "user." prefix are stripped out from the xattrs.

#2074
Bugfix #2151: Fix return code for webdav uploads when the token expired

We've fixed the behavior webdav uploads when the token expired before the final stat. Previously clients would receive a http 500 error which is wrong, because the file was successfully uploaded and only the stat couldn't be performed. Now we return a http 200 ok and the clients will fetch the file info in a separate propfind request.

Also we introduced the upload expires header on the webdav/TUS and datagateway endpoints, to signal clients how long an upload can be performed.

#2151
Change #2121: Sharemanager API change

This PR updates reva to reflect the share manager CS3 API changes.

#2121
Enhancement #2090: Return space name during list storage spaces

In the decomposedfs we return now the space name in the response which is stored in the extended attributes.

#2090
Enhancement #2138: Default AppProvider on top of the providers list

For each mime type

Now for each mime type, when asking for the list of mime types, the default AppProvider, set both using the config and the SetDefaultProviderForMimeType method, is always in the top of the list of AppProviders. The config for the Providers and Mime Types for the AppRegistry changed, using a list instead of a map. In fact the list of mime types returned by ListSupportedMimeTypes is now ordered according the config.

#2138
Enhancement #2137: Revamp app registry and add parameter to control file creation

#2137
Enhancement #145: UI improvements for the AppProviders

Mime types and their friendly names are now handled in the /app/list HTTP endpoint, and an additional /app/new endpoint is made available to create new files for apps.

cs3org/cs3apis#145 #2067
Enhancement #2088: Add archiver and app provider to ocs capabilities

The archiver and app provider has been added to the ocs capabilities.

#2088 owncloud/ocis#2529
Enhancement #2537: Add maximum files and size to archiver capabilities

We added the maximum files count and maximum archive size of the archiver to the capabilities endpoint. Clients can use this to generate warnings before the actual archive creation fails.

owncloud/ocis#2537 #2105
Enhancement #2100: Add support for resource id to the archiver

Before the archiver only supported resources provided by a path. Now also the resources ID are supported in order to specify the content of the archive to download. The parameters accepted by the archiver are two: an optional list of path (containing the paths of the resources) and an optional list of id (containing the resources IDs of the resources).

#2097 #2100
Enhancement #2158: Augment the Id of new spaces

Newly created spaces were missing the Root reference and the storage id in the space id.

#2158
Enhancement #2085: Make encoding user groups in access tokens configurable

#2085
Enhancement #146: Filter the denial shares (permission = 0) out of

The Shared-with-me UI view. Also they work regardless whether they are accepted or not, therefore there's no point to expose them.

cs3org/cs3apis#146 #2072
Enhancement #2141: Use golang v1.17

#2141
Enhancement #2053: Safer defaults for TLS verification on LDAP connections

The LDAP client connections were hardcoded to ignore certificate validation errors. Now verification is enabled by default and a new config parameter 'insecure' is introduced to override that default. It is also possible to add trusted Certificates by using the new 'cacert' config paramter.

#2053
Enhancement #2115: Reduce code duplication in LDAP related drivers

#2115
Enhancement #1989: Add redirects from OC10 URL formats

Added redirectors for ownCloud 10 URLs. This allows users to continue to use their bookmarks from ownCloud 10 in ocis.

#1989
Enhancement #2479: Limit publicshare and resourceinfo scope content

We changed the publicshare and resourceinfo scopes to contain only necessary values. This reduces the size of the resulting token and also limits the amount of data which can be leaked.

owncloud/ocis#2479 #2093
Enhancement #2071: Implement listing favorites via the dav report API

Added filter-files to the dav REPORT API. This enables the listing of favorites.

#2071 #2086
Enhancement #2091: Nextcloud share managers

Share manager that uses Nextcloud as a backend

#2091
Enhancement #2070: More unit tests for the Nextcloud storage provider

Adds more unit tests for the Nextcloud storage provider.

#2070
Enhancement #2087: More unit tests for the Nextcloud auth and user managers

Adds more unit tests for the Nextcloud auth manager and the Nextcloud user manager

#2087
Enhancement #2075: Make owncloudsql leverage existing filecache index

When listing folders the SQL query now uses an existing index on the filecache table.

#2075
Enhancement #2050: Add a share types filter to the OCS API

Added a filter to the OCS API to filter the received shares by type.

#2050
Enhancement #2134: Use space Type from request

In the decomposedfs we now use the space type from the request when creating a new space.

#2134
Enhancement #2132: Align local tests with drone setup

We fixed running the tests locally and align it with the drone setup.

#2132
Enhancement #2095: Whitelisting for apps

AppProvider supported mime types are now overridden in its configuration. A friendly name, a description, an extension, an icon and a default app, can be configured in the AppRegistry for each mime type.

#2095
Enhancement #2155: Pass an extra query parameter to WOPI /openinapp with a

Unique and consistent over time user identifier. The Reva token used so far is not consistent (it's per session) and also too long.

#2155 cs3org/wopiserver#48

Changelog for reva 1.13.0 (2021-09-14)

The following sections list the changes in reva 1.13.0 relevant to reva users. The changes are ordered by importance.

Summary

Fix #2024: Fixes for http appprovider endpoints
Fix #2054: Fix the response after deleting a share
Fix #2026: Fix moving of a shared file
Fix #2047: Do not truncate logs on restart
Fix #1605: Allow to expose full paths in OCS API
Fix #2033: Fix the storage id of shares
Fix #2059: Remove "Got registration for user manager" print statements
Fix #2051: Remove malformed parameters from WOPI discovery URLs
Fix #2055: Fix uploads of empty files
Fix #1991: Remove share references when declining shares
Fix #2030: Fix superfluous WriteHeader on file upload
Enh #2034: Fail initialization of a WOPI AppProvider if
Enh #1968: Use a URL object in OpenInAppResponse
Enh #1698: Implement folder download as archive
Enh #2042: Escape ldap filters
Enh #2028: Machine auth provider
Enh #2043: Nextcloud user backend
Enh #2006: Move ocs API to go-chi/chi based URL routing
Enh #1994: Add owncloudsql driver for the userprovider
Enh #1971: Add documentation for runtime-plugins
Enh #2044: Add utility methods for creating share filters
Enh #2065: New sharing role Manager
Enh #2015: Add spaces to the list of capabilities
Enh #2041: Create operations for Spaces
Enh #2029: Tracing agent configuration

Details

Bugfix #2024: Fixes for http appprovider endpoints

#2024 #1968
Bugfix #2054: Fix the response after deleting a share

Added the deleted share to the response after deleting it.

#2054
Bugfix #2026: Fix moving of a shared file

As the share receiver, moving a shared file to another share was not possible.

#2026
Bugfix #2047: Do not truncate logs on restart

This change fixes the way log files were opened. Before they were truncated and now the log file will be open in append mode and created it if it does not exist.

#2047
Bugfix #1605: Allow to expose full paths in OCS API

Before this fix a share file_target was always harcoded to use a base path. This fix provides the possiblity to expose full paths in the OCIS API and asymptotically in OCIS web.

#1605
Bugfix #2033: Fix the storage id of shares

The storageid in the share object contained an incorrect value.

#2033
Bugfix #2059: Remove "Got registration for user manager" print statements

Removed the "Got registration for user manager" print statements which spams the log output without respecting any log level.

#2059
Bugfix #2051: Remove malformed parameters from WOPI discovery URLs

This change fixes the parsing of WOPI discovery URLs for MSOffice /hosting/discovery endpoint. This endpoint is known to contain malformed query paramters and therefore this fix removes them.

#2051
Bugfix #2055: Fix uploads of empty files

This change fixes upload of empty files. Previously this was broken and only worked for the owncloud filesystem as it bypasses the semantics of the InitiateFileUpload call to touch a local file.

#2055
Bugfix #1991: Remove share references when declining shares

Implemented the removal of share references when a share gets declined. Now when a user declines a share it will no longer be listed in their Shares directory.

#1991
Bugfix #2030: Fix superfluous WriteHeader on file upload

Removes superfluous Writeheader on file upload and therefore removes the error message "http: superfluous response.WriteHeader call from github.com/cs3org/reva/internal/http/interceptors/log.(*responseLogger).WriteHeader (log.go:154)"

#2030
Enhancement #2034: Fail initialization of a WOPI AppProvider if

The underlying app is not WOPI-compliant nor it is supported by the WOPI bridge extensions

#2034
Enhancement #1968: Use a URL object in OpenInAppResponse

#1968
Enhancement #1698: Implement folder download as archive

Adds a new http service which will create an archive (platform dependent, zip in windows and tar in linux) given a list of file.

#1698 #2066
Enhancement #2042: Escape ldap filters

Added ldap filter escaping to increase the security of reva.

#2042
Enhancement #2028: Machine auth provider

Adds a new authentication method used to impersonate users, using a shared secret, called api-key.

#2028
Enhancement #2043: Nextcloud user backend

Adds Nextcloud as a user backend (Nextcloud drivers for 'auth' and 'user'). Also adds back the Nextcloud storage integration tests.

#2043
Enhancement #2006: Move ocs API to go-chi/chi based URL routing

#1986 #2006
Enhancement #1994: Add owncloudsql driver for the userprovider

We added a new backend for the userprovider that is backed by an owncloud 10 database. By default the user_id column is used as the reva user username and reva user opaque id. When setting join_username=true the reva user username is joined from the oc_preferences table (appid='core' AND configkey='username') instead. When setting join_ownclouduuid=true the reva user opaqueid is joined from the oc_preferences table (appid='core' AND configkey='ownclouduuid') instead. This allows more flexible migration strategies. It also supports a enable_medial_search config option when searching users that will enclose the query with %.

#1994
Enhancement #1971: Add documentation for runtime-plugins

#1971
Enhancement #2044: Add utility methods for creating share filters

Updated the CS3 API to include the new share grantee filter and added utility methods for creating share filters. This will help making the code more concise.

#2044
Enhancement #2065: New sharing role Manager

The new Manager role is equivalent to a Co-Owner with the difference that a Manager can create grants on the root of the Space. This means inviting a user to a space will not require an action from them, as the Manager assigns the grants.

#2065
Enhancement #2015: Add spaces to the list of capabilities

In order for clients to be aware of the new spaces feature we need to enable the spaces flag on the capabilities' endpoint.

#2015
Enhancement #2041: Create operations for Spaces

DecomposedFS is aware now of the concept of Spaces, and supports for creating them.

#2041
Enhancement #2029: Tracing agent configuration

Earlier we could only use the collector URL directly, but since an agent can be deployed as a sidecar process it makes much more sense to use it instead of the collector directly.

#2029

Changelog for reva 1.12.0 (2021-08-24)

The following sections list the changes in reva 1.12.0 relevant to reva users. The changes are ordered by importance.

Summary

Fix #1819: Disable notifications
Fix #2000: Fix dependency on tests
Fix #1957: Fix etag propagation on deletes
Fix #1960: Return the updated share after updating
Fix #1993: Fix owncloudsql GetMD
Fix #1954: Fix response format of the sharees API
Fix #1965: Fix the file target of user and group shares
Fix #1956: Fix trashbin listing with depth 0
Fix #1987: Fix windows build
Fix #1990: Increase oc10 compatibility of owncloudsql
Fix #1978: Owner type is optional
Fix #1980: Propagate the etag after restoring a file version
Fix #1985: Add quota stubs
Fix #1992: Check if symlink exists instead of spamming the console
Fix #1913: Logic to restore files to readonly nodes
Chg #1982: Move user context methods into a separate userctx package
Enh #1946: Add share manager that connects to oc10 databases
Enh #1983: Add Codacy unit test coverage
Enh #1803: Introduce new webdav spaces endpoint
Enh #1998: Initial version of the Nextcloud storage driver
Enh #1984: Replace OpenCensus with OpenTelemetry
Enh #1861: Add support for runtime plugins
Enh #2008: Site account extensions

Details

Bugfix #1819: Disable notifications

The presence of the key notifications in the capabilities' response would cause clients to attempt to poll the notifications endpoint, which is not yet supported. To prevent the unnecessary bandwidth we are disabling this altogether.

#1819
Bugfix #2000: Fix dependency on tests

The Nextcloud storage driver depended on a mock http client from the tests/ folder This broke the Docker build The dependency was removed A check was added to test the Docker build on each PR

#2000
Bugfix #1957: Fix etag propagation on deletes

When deleting a file the etag propagation would skip the parent of the deleted file.

#1957
Bugfix #1960: Return the updated share after updating

When updating the state of a share in the in-memory share manager the old share state was returned instead of the updated state.

#1960
Bugfix #1993: Fix owncloudsql GetMD

The GetMD call internally was not prefixing the path when looking up resources by id.

#1993
Bugfix #1954: Fix response format of the sharees API

The sharees API wasn't returning the users and groups arrays correctly.

#1954
Bugfix #1965: Fix the file target of user and group shares

In some cases the file target of user and group shares was not properly prefixed.

#1965 #1967
Bugfix #1956: Fix trashbin listing with depth 0

The trashbin API handled requests with depth 0 the same as request with a depth of 1.

#1956
Bugfix #1987: Fix windows build

Add the necessary golang.org/x/sys/windows package import to owncloud and owncloudsql storage drivers.

#1987
Bugfix #1990: Increase oc10 compatibility of owncloudsql

We added a few changes to the owncloudsql storage driver to behave more like oc10.

#1990
Bugfix #1978: Owner type is optional

When reading the user from the extended attributes the user type might not be set, in this case we now return a user with an invalid type, which correctly reflects the state on disk.

#1978
Bugfix #1980: Propagate the etag after restoring a file version

The decomposedfs didn't propagate after restoring a file version.

#1980
Bugfix #1985: Add quota stubs

The owncloud and owncloudsql drivers now read the available quota from disk to no longer always return 0, which causes the web UI to disable uploads.

#1985
Bugfix #1992: Check if symlink exists instead of spamming the console

The logs have been spammed with messages like could not create symlink for ... when using the decomposedfs, eg. with the oCIS storage. We now check if the link exists before trying to create it.

#1992
Bugfix #1913: Logic to restore files to readonly nodes

This impacts solely the DecomposedFS. Prior to these changes there was no validation when a user tried to restore a file from the trashbin to a share location (i.e any folder under /Shares).

With this patch if the user restoring the resource has write permissions on the share, restore is possible.

#1913
Change #1982: Move user context methods into a separate userctx package

#1982
Enhancement #1946: Add share manager that connects to oc10 databases

#1946
Enhancement #1983: Add Codacy unit test coverage

This PR adds unit test coverage upload to Codacy.

#1983
Enhancement #1803: Introduce new webdav spaces endpoint

Clients can now use a new webdav endpoint /dav/spaces/<storagespaceid>/relative/path/to/file to directly access storage spaces.

The <storagespaceid> can be retrieved using the ListStorageSpaces CS3 api call.

#1803
Enhancement #1998: Initial version of the Nextcloud storage driver

This is not usable yet in isolation, but it's a first component of https://github.com/pondersource/sciencemesh-nextcloud

#1998
Enhancement #1984: Replace OpenCensus with OpenTelemetry

OpenTelemetry](https://opentelemetry.io/docs/concepts/what-is-opentelemetry/) is an open standard a sandbox CNCF project and it was formed through a merger of the OpenTracing and OpenCensus.

OpenCensus and OpenTracing have merged to form OpenTelemetry, which serves as the next major version of OpenCensus and OpenTracing. OpenTelemetry will offer backwards compatibility with existing OpenCensus integrations, and we will continue to make security patches to existing OpenCensus libraries for two years.

There is a lot of outdated documentation as a result of this merger, and we will be better off adopting the latest standard and libraries.

#1984
Enhancement #1861: Add support for runtime plugins

This PR introduces a new plugin package, that allows loading external plugins into Reva at runtime. The hashicorp go-plugin framework was used to facilitate the plugin loading and communication.

#1861
Enhancement #2008: Site account extensions

This PR heavily extends the site accounts service: * Extended the accounts information (not just email and name) * Accounts now have a password * Users can now "log in" to their accounts and edit it * Ability to grant access to the GOCDB

Furthermore, these accounts can now be used to authenticate for logging in to our customized GOCDB. More use cases for these accounts are also planned.

#2008

Changelog for reva 1.11.0 (2021-08-03)

The following sections list the changes in reva 1.11.0 relevant to reva users. The changes are ordered by importance.

Summary

Fix #1899: Fix chunked uploads for new versions
Fix #1906: Fix copy over existing resource
Fix #1891: Delete Shared Resources as Receiver
Fix #1907: Error when creating folder with existing name
Fix #1937: Do not overwrite more specific matches when finding storage providers
Fix #1939: Fix the share jail permissions in the decomposedfs
Fix #1932: Numerous fixes to the owncloudsql storage driver
Fix #1912: Fix response when listing versions of another user
Fix #1910: Get user groups recursively in the cbox rest user driver
Fix #1904: Set Content-Length to 0 when swallowing body in the datagateway
Fix #1911: Fix version order in propfind responses
Fix #1926: Trash Bin in oCIS Storage Operations
Fix #1901: Fix response code when folder doesnt exist on upload
Enh #1785: Extend app registry with AddProvider method and mimetype filters
Enh #1938: Add methods to get and put context values
Enh #1798: Add support for a deny-all permission on references
Enh #1916: Generate updated protobuf bindings for EOS GRPC
Enh #1887: Add "a" and "l" filter for grappa queries
Enh #1919: Run gofmt before building
Enh #1927: Implement RollbackToVersion for eosgrpc (needs a newer EOS MGM)
Enh #1944: Implement listing supported mime types in app registry
Enh #1870: Be defensive about wrongly quoted etags
Enh #1940: Reduce memory usage when uploading with S3ng storage
Enh #1888: Refactoring of the webdav code
Enh #1900: Check for illegal names while uploading or moving files
Enh #1925: Refactor listing and statting across providers for virtual views

Details

Bugfix #1899: Fix chunked uploads for new versions

Chunked uploads didn't create a new version, when the file to upload already existed.

#1899
Bugfix #1906: Fix copy over existing resource

When the target of a copy already exists, the existing resource will be moved to the trashbin before executing the copy.

#1906
Bugfix #1891: Delete Shared Resources as Receiver

It is now possible to delete a shared resource as a receiver and not having the data ending up in the receiver's trash bin, causing a possible leak.

#1891
Bugfix #1907: Error when creating folder with existing name

When a user tried to create a folder with the name of an existing file or folder the service didn't return a response body containing the error.

#1907
Bugfix #1937: Do not overwrite more specific matches when finding storage providers

Depending on the order of rules in the registry it could happend that more specific matches (e.g. /home/Shares) were overwritten by more general ones (e.g. /home). This PR makes sure that the registry always returns the most specific match.

#1937
Bugfix #1939: Fix the share jail permissions in the decomposedfs

The share jail should be not writable

#1939
Bugfix #1932: Numerous fixes to the owncloudsql storage driver

The owncloudsql storage driver received numerous bugfixes and cleanups.

#1932
Bugfix #1912: Fix response when listing versions of another user

The OCS API returned the wrong response when a user tried to list the versions of another user's file.

#1912
Bugfix #1910: Get user groups recursively in the cbox rest user driver

#1910
Bugfix #1904: Set Content-Length to 0 when swallowing body in the datagateway

When swallowing the body the Content-Lenght needs to be set to 0 to prevent proxies from reading the body.

#1904
Bugfix #1911: Fix version order in propfind responses

The order of the file versions in propfind responses was incorrect.

#1911

Bugfix #1926: Trash Bin in oCIS Storage Operations

Support for restoring a target folder nested deep inside the trash bin in oCIS storage. The use case is:

MOVE -H 'Destination:
https://localhost:9200/remote.php/dav/files/einstein/destination' ```

The previous command creates the `destination` folder and moves the contents of
`/trash-bin/einstein/f1/f2` onto it.

Retro-compatibility in the response code with ownCloud 10. Restoring a collection to a
non-existent nested target is not supported and MUST return `409`. The use case is:

```console curl 'https://localhost:9200/remote.php/dav/trash-bin/einstein/f1/f2' -X
MOVE -H 'Destination:
https://localhost:9200/remote.php/dav/files/einstein/this/does/not/exist' ```

The previous command used to return `404` instead of the expected `409` by the clients.

https://github.com/cs3org/reva/pull/1926

Bugfix #1901: Fix response code when folder doesnt exist on upload

When a new file was uploaded to a non existent folder the response code was incorrect.

#1901
Enhancement #1785: Extend app registry with AddProvider method and mimetype filters

#1779 #1785 cs3org/cs3apis#131
Enhancement #1938: Add methods to get and put context values

Added GetKeyValues and PutKeyValues methods to fetch/put values from/to context.

#1938
Enhancement #1798: Add support for a deny-all permission on references

And implement it on the EOS storage

http://github.com/cs3org/reva/pull/1798
Enhancement #1916: Generate updated protobuf bindings for EOS GRPC

#1916
Enhancement #1887: Add "a" and "l" filter for grappa queries

This PR adds the namespace filters "a" and "l" for grappa queries. With no filter will look into primary and e-groups, with "a" will look into primary/secondary/service/e-groups and with "l" will look into lightweight accounts.

#1773 #1887
Enhancement #1919: Run gofmt before building

#1919
Enhancement #1927: Implement RollbackToVersion for eosgrpc (needs a newer EOS MGM)

#1927
Enhancement #1944: Implement listing supported mime types in app registry

#1944
Enhancement #1870: Be defensive about wrongly quoted etags

When ocdav renders etags it will now try to correct them to the definition as quoted strings which do not contain ". This prevents double or triple quoted etags on the webdav api.

#1870
Enhancement #1940: Reduce memory usage when uploading with S3ng storage

The memory usage could be high when uploading files using the S3ng storage. By providing the actual file size when triggering PutObject, the overall memory usage is reduced.

#1940
Enhancement #1888: Refactoring of the webdav code

Refactored the webdav code to make it reusable.

#1888
Enhancement #1900: Check for illegal names while uploading or moving files

The code was not checking for invalid file names during uploads and moves.

#1900
Enhancement #1925: Refactor listing and statting across providers for virtual views

#1925

Changelog for reva 1.10.0 (2021-07-13)

The following sections list the changes in reva 1.10.0 relevant to reva users. The changes are ordered by importance.

Summary

Fix #1883: Pass directories with trailing slashes to eosclient.GenerateToken
Fix #1878: Improve the webdav error handling in the trashbin
Fix #1884: Do not send body on failed range request
Enh #1744: Add support for lightweight user types

Details

Bugfix #1883: Pass directories with trailing slashes to eosclient.GenerateToken

#1883
Bugfix #1878: Improve the webdav error handling in the trashbin

The trashbin handles errors better now on the webdav endpoint.

#1878
Bugfix #1884: Do not send body on failed range request

Instead of send the error in the body of a 416 response we log it. This prevents the go reverse proxy from choking on it and turning it into a 502 Bad Gateway response.

#1884
Enhancement #1744: Add support for lightweight user types

This PR adds support for assigning and consuming user type when setting/reading users. On top of that, support for lightweight users is added. These users have to be restricted to accessing only shares received by them, which is accomplished by expanding the existing RBAC scope.

#1744 cs3org/cs3apis#120

Changelog for reva 1.9.1 (2021-07-09)

The following sections list the changes in reva 1.9.1 relevant to reva users. The changes are ordered by importance.

Summary

Fix #1843: Correct Dockerfile path for the reva CLI and alpine3.13 as builder
Fix #1835: Cleanup owncloudsql driver
Fix #1868: Minor fixes to the grpc/http plugin: checksum, url escaping
Fix #1885: Fix template in eoshomewrapper to use context user rather than resource
Fix #1833: Properly handle name collisions for deletes in the owncloud driver
Fix #1874: Use the original file mtime during upload
Fix #1854: Add the uid/gid to the url for eos
Fix #1848: Fill in missing gid/uid number with nobody
Fix #1831: Make the ocm-provider endpoint in the ocmd service unprotected
Fix #1808: Use empty array in OCS Notifications endpoints
Fix #1825: Raise max grpc message size
Fix #1828: Send a proper XML header with error messages
Chg #1828: Remove the oidc provider in order to upgrad mattn/go-sqlite3 to v1.14.7
Enh #1834: Add API key to Mentix GOCDB connector
Enh #1855: Minor optimization in parsing EOS ACLs
Enh #1873: Update the EOS image tag to be for revad-eos image
Enh #1802: Introduce list spaces
Enh #1849: Add readonly interceptor
Enh #1875: Simplify resource comparison
Enh #1827: Support trashbin sub paths in the recycle API

Details

Bugfix #1843: Correct Dockerfile path for the reva CLI and alpine3.13 as builder

This was introduced on https://github.com/cs3org/reva/commit/117adad while porting the configuration on .drone.yml to starlark.

Force golang:alpine3.13 as base image to prevent errors from Make when running on Docker <20.10 as it happens on Drone ref.https://gitlab.alpinelinux.org/alpine/aports/-/issues/12396

#1843 #1844 #1847
Bugfix #1835: Cleanup owncloudsql driver

Use owncloudsql string when returning errors and removed copyMD as it does not need to copy metadata from files.

#1835
Bugfix #1868: Minor fixes to the grpc/http plugin: checksum, url escaping

#1868
Bugfix #1885: Fix template in eoshomewrapper to use context user rather than resource

#1885
Bugfix #1833: Properly handle name collisions for deletes in the owncloud driver

In the owncloud storage driver when we delete a file we append the deletion time to the file name. If two fast consecutive deletes happened, the deletion time would be the same and if the two files had the same name we ended up with only one file in the trashbin.

#1833
Bugfix #1874: Use the original file mtime during upload

The decomposedfs was not using the original file mtime during uploads.

#1874
Bugfix #1854: Add the uid/gid to the url for eos

#1854
Bugfix #1848: Fill in missing gid/uid number with nobody

When an LDAP server does not provide numeric uid or gid properties for a user we now fall back to a configurable nobody id (default 99).

#1848
Bugfix #1831: Make the ocm-provider endpoint in the ocmd service unprotected

#1751 #1831
Bugfix #1808: Use empty array in OCS Notifications endpoints

#1808
Bugfix #1825: Raise max grpc message size

As a workaround for listing larger folder we raised the MaxCallRecvMsgSize to 10MB. This should be enough for ~15k files. The proper fix is implementing ListContainerStream in the gateway, but we needed a way to test the web ui with larger collections.

#1825
Bugfix #1828: Send a proper XML header with error messages

#1828
Change #1828: Remove the oidc provider in order to upgrad mattn/go-sqlite3 to v1.14.7

In order to upgrade mattn/go-sqlite3 to v1.14.7, the odic provider service is removed, which is possible because it is not used anymore

#1828 owncloud/ocis#2209
Enhancement #1834: Add API key to Mentix GOCDB connector

The PI (programmatic interface) of the GOCDB will soon require an API key; this PR adds the ability to configure this key in Mentix.

#1834
Enhancement #1855: Minor optimization in parsing EOS ACLs

#1855
Enhancement #1873: Update the EOS image tag to be for revad-eos image

#1873
Enhancement #1802: Introduce list spaces

The ListStorageSpaces call now allows listing all user homes and shared resources using a storage space id. The gateway will forward requests to a specific storage provider when a filter by id is given. Otherwise it will query all storage providers. Results will be deduplicated. Currently, only the decomposed fs storage driver implements the necessary logic to demonstrate the implmentation. A new /dav/spaces WebDAV endpoint to directly access a storage space is introduced in a separate PR.

#1802 #1803
Enhancement #1849: Add readonly interceptor

The readonly interceptor could be used to configure a storageprovider in readonly mode. This could be handy in some migration scenarios.

#1849
Enhancement #1875: Simplify resource comparison

We replaced ResourceEqual with ResourceIDEqual where possible.

#1875
Enhancement #1827: Support trashbin sub paths in the recycle API

The recycle API could only act on the root items of the trashbin. Meaning if you delete a deep tree, you couldn't restore just one file from that tree but you had to restore the whole tree. Now listing, restoring and purging work also for sub paths in the trashbin.

#1827

Changelog for reva 1.9.0 (2021-06-23)

The following sections list the changes in reva 1.9.0 relevant to reva users. The changes are ordered by importance.

Summary

Fix #1815: Drone CI - patch the 'store-dev-release' job to fix malformed requests
Fix #1765: 'golang:alpine' as base image & CGO_ENABLED just for the CLI
Chg #1721: Absolute and relative references
Enh #1810: Add arbitrary metadata support to EOS
Enh #1774: Add user ID cache warmup to EOS storage driver
Enh #1471: EOEGrpc progress. Logging discipline and error handling
Enh #1811: Harden public shares signing
Enh #1793: Remove the user id from the trashbin key
Enh #1795: Increase trashbin restore API compatibility
Enh #1516: Use UidNumber and GidNumber fields in User objects
Enh #1820: Tag v1.9.0

Details

Bugfix #1815: Drone CI - patch the 'store-dev-release' job to fix malformed requests

Replace the backquotes that were used for the date component of the URL with the POSIX-confirmant command substitution '$()'.

#1815
Bugfix #1765: 'golang:alpine' as base image & CGO_ENABLED just for the CLI

Some of the dependencies used by revad need CGO to be enabled in order to work. We also need to install the 'mime-types' in alpine to correctly detect them on the storage-providers.

The CGO_ENABLED=0 flag was added to the docker build flags so that it will produce a static build. This allows usage of the 'scratch' image for reduction of the docker image size (e.g. the reva cli).

#1765 #1766 #1797
Change #1721: Absolute and relative references

We unified the Reference_Id end Reference_Path types to a combined Reference that contains both: - a resource_id property that can identify a node using a storage_id and an opaque_id - a path property that can be used to represent absolute paths as well as paths relative to the id based properties. While this is a breaking change it allows passing both: absolute as well as relative references.

#1721
Enhancement #1810: Add arbitrary metadata support to EOS

#1810
Enhancement #1774: Add user ID cache warmup to EOS storage driver

#1774
Enhancement #1471: EOEGrpc progress. Logging discipline and error handling

#1471
Enhancement #1811: Harden public shares signing

Makes golangci-lint happy as well

#1811
Enhancement #1793: Remove the user id from the trashbin key

We don't want to use the users uuid outside of the backend so I removed the id from the trashbin file key.

#1793
Enhancement #1795: Increase trashbin restore API compatibility
- The precondition were not checked before doing a trashbin restore in the ownCloud dav API. Without the checks the API would behave differently compared to the oC10 API. * The restore response was missing HTTP headers like ETag * Update the name when restoring the file from trashbin to a new target name
#1795
Enhancement #1516: Use UidNumber and GidNumber fields in User objects

Update instances where CS3API's User objects are created and used to use GidNumber, and UidNumber fields instead of storing them in Opaque map.

#1516
Enhancement #1820: Tag v1.9.0

Bump release number to v1.9.0 as it contains breaking changes related to changing the reference type.

#1820

Changelog for reva 1.8.0 (2021-06-09)

The following sections list the changes in reva 1.8.0 relevant to reva users. The changes are ordered by importance.

Summary

Fix #1779: Set Content-Type header correctly for ocs requests
Fix #1650: Allow fetching shares as the grantee
Fix #1693: Fix move in owncloud storage driver
Fix #1666: Fix public file shares
Fix #1541: Allow for restoring recycle items to different locations
Fix #1718: Use the -static ldflag only for the 'build-ci' target
Enh #1719: Application passwords CLI
Enh #1719: Application passwords management
Enh #1725: Create transfer type share
Enh #1755: Return file checksum available from the metadata for the EOS driver
Enh #1673: Deprecate using errors.New and fmt.Errorf
Enh #1723: Open in app workflow using the new API
Enh #1655: Improve json marshalling of share protobuf messages
Enh #1694: User profile picture capability
Enh #1649: Add reliability calculations support to Mentix
Enh #1509: Named Service Registration
Enh #1643: Cache resources from share getter methods in OCS
Enh #1664: Add cache warmup strategy for OCS resource infos
Enh #1710: Owncloudsql storage driver
Enh #1705: Reduce the size of all the container images built on CI
Enh #1669: Mint scope-based access tokens for RBAC
Enh #1683: Filter created shares based on type in OCS
Enh #1763: Sort share entries alphabetically
Enh #1758: Warn user for not recommended go version
Enh #1747: Add checksum headers to tus preflight responses
Enh #1685: Add share to update response

Details

Bugfix #1779: Set Content-Type header correctly for ocs requests

Before this fix the Content-Type header was guessed by w.Write because WriteHeader was called to early. Now the Content-Type is set correctly and to the same values as in ownCloud 10

owncloud/ocis#1779
Bugfix #1650: Allow fetching shares as the grantee

The json backend now allows a grantee to fetch a share by id.

#1650
Bugfix #1693: Fix move in owncloud storage driver

When moving a file or folder (includes renaming) the filepath in the cache didn't get updated which caused subsequent requests to getpath to fail.

#1693 #1696
Bugfix #1666: Fix public file shares

Fixed stat requests and propfind responses for publicly shared files.

#1666
Bugfix #1541: Allow for restoring recycle items to different locations

The CS3 APIs specify a way to restore a recycle item to a different location than the original by setting the restore_path field in the RestoreRecycleItemRequest. This field had not been considered until now.

#1541 https://cs3org.github.io/cs3apis/
Bugfix #1718: Use the -static ldflag only for the 'build-ci' target

It is not intended to statically link the generated binaries for local development workflows. This resulted on segmentation faults and compiller warnings.

#1718
Enhancement #1719: Application passwords CLI

This PR adds the CLI commands token-list, token-create and token-remove to manage tokens with limited scope on behalf of registered users.

#1719
Enhancement #1719: Application passwords management

This PR adds the functionality to generate authentication tokens with limited scope on behalf of registered users. These can be used in third party apps or in case primary user credentials cannot be submitted to other parties.

#1714 #1719 cs3org/cs3apis#127
Enhancement #1725: Create transfer type share

transfer-create creates a share of type transfer.

#1725
Enhancement #1755: Return file checksum available from the metadata for the EOS driver

#1755
Enhancement #1673: Deprecate using errors.New and fmt.Errorf

Previously we were using errors.New and fmt.Errorf to create errors. Now we use the errors defined in the errtypes package.

#1673
Enhancement #1723: Open in app workflow using the new API

This provides a new open-in-app command for the CLI and the implementation on the appprovider gateway service for the new API, including the option to specify the appplication to use, thus overriding the preconfigured one.

#1723
Enhancement #1655: Improve json marshalling of share protobuf messages

Protobuf oneof fields cannot be properly handled by the native json marshaller, and the protojson package can only handle proto messages. Previously, we were using a workaround of storing these oneof fields separately, which made the code inelegant. Now we marshal these messages as strings before marshalling them via the native json package.

#1655
Enhancement #1694: User profile picture capability

Based on feedback in the new ownCloud web frontend we want to omit trying to render user avatars images / profile pictures based on the backend capabilities. Now the OCS communicates a corresponding value.

#1694
Enhancement #1649: Add reliability calculations support to Mentix

To make reliability calculations possible, a new exporter has been added to Mentix that reads scheduled downtimes from the GOCDB and exposes it through Prometheus metrics.

#1649
Enhancement #1509: Named Service Registration

Move away from hardcoding service IP addresses and rely upon name resolution instead. It delegates the address lookup to a static in-memory service registry, which can be re-implemented in multiple forms.

#1509
Enhancement #1643: Cache resources from share getter methods in OCS

In OCS, once we retrieve the shares from the shareprovider service, we stat each of those separately to obtain the required info, which introduces a lot of latency. This PR introduces a resoource info cache in OCS, which would prevent this latency.

#1643
Enhancement #1664: Add cache warmup strategy for OCS resource infos

Recently, a TTL cache was added to OCS to store statted resource infos. This PR adds an interface to define warmup strategies and also adds a cbox specific strategy which starts a goroutine to initialize the cache with all the valid shares present in the system.

#1664
Enhancement #1710: Owncloudsql storage driver

This PR adds a storage driver which connects to a oc10 storage backend (storage + database). This allows for running oc10 and ocis with the same backend in parallel.

#1710
Enhancement #1705: Reduce the size of all the container images built on CI

Previously, all images were based on golang:1.16 which is built from Debian. Using 'scratch' as base, reduces the size of the artifacts well as the attack surface for all the images, plus copying the binary from the build step ensures that only the strictly required software is present on the final image. For the revad images tagged '-eos', eos-slim is used instead. It is still large but it updates the environment as well as the EOS version.

#1705
Enhancement #1669: Mint scope-based access tokens for RBAC

Primarily, this PR is meant to introduce the concept of scopes into our tokens. At the moment, it addresses those cases where we impersonate other users without allowing the full scope of what the actual user has access to.

A short explanation for how it works for public shares: - We get the public share using the token provided by the client. - In the public share, we know the resource ID, so we can add this to the allowed scope, but not the path. - However, later OCDav tries to access by path as well. Now this is not allowed at the moment. However, from the allowed scope, we have the resource ID and we're allowed to stat that. We stat the resource ID, get the path and if the path matches the one passed by OCDav, we allow the request to go through.

#1669
Enhancement #1683: Filter created shares based on type in OCS

#1683
Enhancement #1763: Sort share entries alphabetically

When showing the list of shares to the end-user, the list was not sorted alphabetically. This PR sorts the list of users and groups.

#1763
Enhancement #1758: Warn user for not recommended go version

This PR adds a warning while an user is building the source code, if he is using a go version not recommended.

#1758 #1760
Enhancement #1747: Add checksum headers to tus preflight responses

Added checksum to the header Tus-Extension and added the Tus-Checksum-Algorithm header.

owncloud/ocis#1747 #1702
Enhancement #1685: Add share to update response

After accepting or rejecting a share the API includes the updated share in the response.

#1685 #1724

Changelog for reva 1.7.0 (2021-04-19)

The following sections list the changes in reva 1.7.0 relevant to reva users. The changes are ordered by importance.

Summary

Fix #1619: Fixes for enabling file sharing in EOS
Fix #1576: Fix etag changing only once a second
Fix #1634: Mentix site authorization status changes
Fix #1625: Make local file connector more error tolerant
Fix #1526: Fix webdav file versions endpoint bugs
Fix #1457: Cloning of internal mesh data lost some values
Fix #1597: Check for ENOTDIR on readlink error
Fix #1636: Skip file check for OCM data transfers
Fix #1552: Fix a bunch of trashbin related issues
Fix #1: Bump meshdirectory-web to 1.0.2
Chg #1562: Modularize api token management in GRAPPA drivers
Chg #1452: Separate blobs from metadata in the ocis storage driver
Enh #1514: Add grpc test suite for the storage provider
Enh #1466: Add integration tests for the s3ng driver
Enh #1521: Clarify expected failures
Enh #1624: Add wrappers for EOS and EOS Home storage drivers
Enh #1563: Implement cs3.sharing.collaboration.v1beta1.Share.ShareType
Enh #1411: Make InsecureSkipVerify configurable
Enh #1106: Make command to run litmus tests
Enh #1502: Bump meshdirectory-web to v1.0.4
Enh #1502: New MeshDirectory HTTP service UI frontend with project branding
Enh #1405: Quota querying and tree accounting
Enh #1527: Add FindAcceptedUsers method to OCM Invite API
Enh #1149: Add CLI Commands for OCM invitation workflow
Enh #1629: Implement checksums in the owncloud storage
Enh #1528: Port drone pipeline definition to starlark
Enh #110: Add signature authentication for public links
Enh #1495: SQL driver for the publicshare service
Enh #1588: Make the additional info attribute for shares configurable
Enh #1595: Add site account registration panel
Enh #1506: Site Accounts service for API keys
Enh #116: Enhance storage registry with virtual views and regular expressions
Enh #1513: Add stubs for storage spaces manipulation

Details

Bugfix #1619: Fixes for enabling file sharing in EOS

#1619
Bugfix #1576: Fix etag changing only once a second

We fixed a problem with the owncloud storage driver only considering the mtime with a second resolution for the etag calculation.

#1576
Bugfix #1634: Mentix site authorization status changes

If a site changes its authorization status, Mentix did not update its internal data to reflect this change. This PR fixes this issue.

#1634
Bugfix #1625: Make local file connector more error tolerant

The local file connector caused Reva to throw an exception if the local file for storing site data couldn't be loaded. This PR changes this behavior so that only a warning is logged.

#1625
Bugfix #1526: Fix webdav file versions endpoint bugs

Etag and error code related bugs have been fixed for the webdav file versions endpoint and removed from the expected failures file.

#1526
Bugfix #1457: Cloning of internal mesh data lost some values

This update fixes a bug in Mentix that caused some (non-critical) values to be lost during data cloning that happens internally.

#1457
Bugfix #1597: Check for ENOTDIR on readlink error

The deconstructed storage driver now handles ENOTDIR errors when node.Child() is called for a path containing a path segment that is actually a file.

owncloud/ocis#1239 #1597
Bugfix #1636: Skip file check for OCM data transfers

#1636
Bugfix #1552: Fix a bunch of trashbin related issues

Fixed these issues:
- Complete: Deletion time in trash bin shows a wrong date - Complete: shared trash status code - Partly: invalid webdav responses for unauthorized requests. - Partly: href in trashbin PROPFIND response is wrong
Complete means there are no expected failures left. Partly means there are some scenarios left.

#1552
Bugfix #1: Bump meshdirectory-web to 1.0.2

Updated meshdirectory-web mod to version 1.0.2 that contains fixes for OCM invite API links generation.

sciencemesh/meshdirectory-web#1
Change #1562: Modularize api token management in GRAPPA drivers

This PR moves the duplicated api token management methods into a seperate utils package

#1562
Change #1452: Separate blobs from metadata in the ocis storage driver

We changed the ocis storage driver to keep the file content separate from the metadata by storing the blobs in a separate directory. This allows for using a different (potentially faster) storage for the metadata.

Note This change makes existing ocis storages incompatible with the new code.

We also streamlined the ocis and the s3ng drivers so that most of the code is shared between them.

#1452
Enhancement #1514: Add grpc test suite for the storage provider

A new test suite has been added which tests the grpc interface to the storage provider. It currently runs against the ocis and the owncloud storage drivers.

#1514
Enhancement #1466: Add integration tests for the s3ng driver

We extended the integration test suite to also run all tests against the s3ng driver.

#1466
Enhancement #1521: Clarify expected failures

Some features, while covered by the ownCloud 10 acceptance tests, will not be implmented for now: - blacklisted / ignored files, because ocis/reva don't need to blacklist .htaccess files - OC-LazyOps support was removed from the clients. We are thinking about a state machine for uploads to properly solve that scenario and also list the state of files in progress in the web ui. The expected failures files now have a dedicated Won't fix section for these items.

owncloud/ocis#214 #1521 owncloud/client#8398
Enhancement #1624: Add wrappers for EOS and EOS Home storage drivers

For CERNBox, we need the mount ID to be configured according to the owner of a resource. Setting this in the storageprovider means having different instances of this service to cater to different users, which does not scale. This driver forms a wrapper around the EOS driver and sets the mount ID according to a configurable mapping based on the owner of the resource.

#1624
Enhancement #1563: Implement cs3.sharing.collaboration.v1beta1.Share.ShareType

Interface method Share() in pkg/ocm/share/share.go now has a share type parameter.

#1563
Enhancement #1411: Make InsecureSkipVerify configurable

Add InsecureSkipVerify field to metrics.Config struct and update examples to include it.

#1411
Enhancement #1106: Make command to run litmus tests

This updates adds an extra make command to run litmus tests via make. make litmus-test executes the tests.

#1106 #1543
Enhancement #1502: Bump meshdirectory-web to v1.0.4

Updated meshdirectory-web version to v.1.0.4 bringing multiple UX improvements in provider list and map.

#1502 sciencemesh/meshdirectory-web#2 sciencemesh/meshdirectory-web#3
Enhancement #1502: New MeshDirectory HTTP service UI frontend with project branding

We replaced the temporary version of web frontend of the mesh directory http service with a new redesigned & branded one. Because the new version is a more complex Vue SPA that contains image, css and other assets, it is now served from a binary package distribution that was generated using the github.com/rakyll/statik package. The http.services.meshdirectory.static config option was obsoleted by this change.

#1502
Enhancement #1405: Quota querying and tree accounting

The ocs api now returns the user quota for the users home storage. Furthermore, the ocis storage driver now reads the quota from the extended attributes of the user home or root node and implements tree size accounting. Finally, ocdav PROPFINDS now handle the DAV:quota-used-bytes and DAV:quote-available-bytes properties.

#1405 #1491
Enhancement #1527: Add FindAcceptedUsers method to OCM Invite API

#1527
Enhancement #1149: Add CLI Commands for OCM invitation workflow

This adds a couple of CLI commands, ocm-invite-generate and ocm-invite-forward to generate and forward ocm invitation tokens respectively.

#1149
Enhancement #1629: Implement checksums in the owncloud storage

Implemented checksums in the owncloud storage driver.

#1629
Enhancement #1528: Port drone pipeline definition to starlark

Having the pipeline definition as a starlark script instead of plain yaml greatly improves the flexibility and allows for removing lots of duplicated definitions.

#1528
Enhancement #110: Add signature authentication for public links

Implemented signature authentication for public links in addition to the existing password authentication. This allows web clients to efficiently download files from password protected public shares.

cs3org/cs3apis#110 #1590
Enhancement #1495: SQL driver for the publicshare service

#1495
Enhancement #1588: Make the additional info attribute for shares configurable

AdditionalInfoAttribute can be configured via the additional_info_attribute key in the form of a Go template string. If not explicitly set, the default value is {{.Mail}}

#1588
Enhancement #1595: Add site account registration panel

This PR adds a site account registration panel to the site accounts service. It also removes site registration from the xcloud metrics driver.

#1595
Enhancement #1506: Site Accounts service for API keys

This update adds a new service to Reva that handles site accounts creation and management. Registered sites can be assigned an API key through a simple web interface which is also part of this service. This API key can then be used to identify a user and his/her associated (vendor or partner) site.

Furthermore, Mentix was extended to make use of this new service. This way, all sites now have a stable and unique site ID that not only avoids ID collisions but also introduces a new layer of security (i.e., sites can only be modified or removed using the correct API key).

#1506
Enhancement #116: Enhance storage registry with virtual views and regular expressions

Add the functionality to the storage registry service to handle user requests for references which can span across multiple storage providers, particularly useful for cases where directories are sharded across providers or virtual views are expected.

cs3org/cs3apis#116 #1570
Enhancement #1513: Add stubs for storage spaces manipulation

This PR adds stubs for the storage space CRUD methods in the storageprovider service and makes the expired shares janitor configureable in the publicshares SQL driver.

#1513

Changelog for reva 1.6.0 (2021-02-16)

The following sections list the changes in reva 1.6.0 relevant to reva users. The changes are ordered by importance.

Summary

Fix #1425: Align href URL encoding with oc10
Fix #1461: Fix public link webdav permissions
Fix #1457: Cloning of internal mesh data lost some values
Fix #1429: Purge non-empty dirs from trash-bin
Fix #1408: Get error status from trash-bin response
Enh #1451: Render additional share with in ocs sharing api
Enh #1424: We categorized the list of expected failures
Enh #1434: CERNBox REST driver for groupprovider service
Enh #1400: Checksum support
Enh #1431: Update npm packages to fix vulnerabilities
Enh #1415: Indicate in EOS containers that TUS is not supported
Enh #1402: Parse EOS sys ACLs to generate CS3 resource permissions
Enh #1477: Set quota when creating home directory in EOS
Enh #1416: Use updated etag of home directory even if it is cached
Enh #1478: Enhance error handling for grappa REST drivers
Enh #1453: Add functionality to share resources with groups
Enh #99: Add stubs and manager for groupprovider service
Enh #1462: Hash public share passwords
Enh #1464: LDAP driver for the groupprovider service
Enh #1430: Capture non-deterministic behavior on storages
Enh #1456: Fetch user groups in OIDC and LDAP backend
Enh #1429: Add s3ng storage driver, storing blobs in a s3-compatible blobstore
Enh #1467: Align default location for xrdcopy binary

Details

Bugfix #1425: Align href URL encoding with oc10

We now use the same percent encoding for URLs in WebDAV href properties as ownCloud 10.

owncloud/ocis#1120 owncloud/ocis#1296 owncloud/ocis#1307 #1425 #1472
Bugfix #1461: Fix public link webdav permissions

We now correctly render oc:permissions on the root collection of a publicly shared folder when it has more than read permissions.

#1461
Bugfix #1457: Cloning of internal mesh data lost some values

This update fixes a bug in Mentix that caused some (non-critical) values to be lost during data cloning that happens internally.

#1457
Bugfix #1429: Purge non-empty dirs from trash-bin

This wasn't possible before if the directory was not empty

#1429
Bugfix #1408: Get error status from trash-bin response

Previously the status code was gathered from the wrong response.

#1408
Enhancement #1451: Render additional share with in ocs sharing api

Recipients can now be distinguished by their email, which is rendered as additional info in the ocs api for share and file owners as well as share recipients.

owncloud/ocis#1190 #1451
Enhancement #1424: We categorized the list of expected failures

We categorized all expected failures into File (Basic file management like up and download, move, copy, properties, trash, versions and chunking), Sync (Synchronization features like etag propagation, setting mtime and locking files), Share (File and sync features in a shared scenario), User management (User and group management features) and Other (API, search, favorites, config, capabilities, not existing endpoints, CORS and others). The Review and fix the tests that have sharing step to work with ocis reference has been removed, as we now have the sharing category

owncloud/core#38006 #1424
Enhancement #1434: CERNBox REST driver for groupprovider service

#1434
Enhancement #1400: Checksum support

We now support checksums on file uploads and PROPFIND results. On uploads, the ocdav service now forwards the OC-Checksum (and the similar TUS Upload-Checksum) header to the storage provider. We added an internal http status code that allows storage drivers to return checksum errors. On PROPFINDs, ocdav now renders the <oc:checksum> header in a bug compatible way for oc10 backward compatibility with existing clients. Finally, GET and HEAD requests now return the OC-Checksum header.

owncloud/ocis#1291 owncloud/ocis#1316 #1400 owncloud/core#38304
Enhancement #1431: Update npm packages to fix vulnerabilities

#1431
Enhancement #1415: Indicate in EOS containers that TUS is not supported

The OCDAV propfind response previously hardcoded the TUS headers due to which clients such as phoenix used the TUS protocol for uploads, which EOS doesn't support. Now we pass this property as an opaque entry in the containers metadata.

#1415
Enhancement #1402: Parse EOS sys ACLs to generate CS3 resource permissions

#1402
Enhancement #1477: Set quota when creating home directory in EOS

#1477
Enhancement #1416: Use updated etag of home directory even if it is cached

We cache the home directory and shares folder etags as calculating these is an expensive process. But if these directories were updated after the previously calculated etag was cached, we can ignore this calculation and directly return the new one.

#1416
Enhancement #1478: Enhance error handling for grappa REST drivers

#1478
Enhancement #1453: Add functionality to share resources with groups

#1453
Enhancement #99: Add stubs and manager for groupprovider service

Recently, there was a separation of concerns with regard to users and groups in CS3APIs. This PR adds the required stubs and drivers for the group manager.

cs3org/cs3apis#99 cs3org/cs3apis#102 #1358
Enhancement #1462: Hash public share passwords

The share passwords were only base64 encoded. Added hashing using bcrypt with configurable hash cost.

#1462
Enhancement #1464: LDAP driver for the groupprovider service

#1464
Enhancement #1430: Capture non-deterministic behavior on storages

As a developer creating/maintaining a storage driver I want to be able to validate the atomicity of all my storage driver operations. * Test for: Start 2 uploads, pause the first one, let the second one finish first, resume the first one at some point in time. Both uploads should finish. Needs to result in 2 versions, last finished is the most recent version. * Test for: Start 2 MKCOL requests with the same path, one needs to fail.

#1430
Enhancement #1456: Fetch user groups in OIDC and LDAP backend

#1456
Enhancement #1429: Add s3ng storage driver, storing blobs in a s3-compatible blobstore

We added a new storage driver (s3ng) which stores the file metadata on a local filesystem (reusing the decomposed filesystem of the ocis driver) and the actual content as blobs in any s3-compatible blobstore.

#1429
Enhancement #1467: Align default location for xrdcopy binary

#1467

Changelog for reva 1.5.1 (2021-01-19)

The following sections list the changes in reva 1.5.1 relevant to reva users. The changes are ordered by importance.

Summary

Fix #1401: Use the user in request for deciding the layout for non-home DAV requests
Fix #1413: Re-include the '.git' dir in the Docker images to pass the version tag
Fix #1399: Fix ocis trash-bin purge
Enh #1398: Support site authorization status in Mentix
Enh #1393: Allow setting favorites, mtime and a temporary etag
Enh #1403: Support remote cloud gathering metrics

Details

Bugfix #1401: Use the user in request for deciding the layout for non-home DAV requests

For the incoming /dav/files/userID requests, we have different namespaces depending on whether the request is for the logged-in user's namespace or not. Since in the storage drivers, we specify the layout depending only on the user whose resources are to be accessed, this fails when a user wants to access another user's namespace when the storage provider depends on the logged in user's namespace. This PR fixes that.

For example, consider the following case. The owncloud fs uses a layout {{substr 0 1 .Id.OpaqueId}}/{{.Id.OpaqueId}}. The user einstein sends a request to access a resource shared with him, say /dav/files/marie/abcd, which should be allowed. However, based on the way we applied the layout, there's no way in which this can be translated to /m/marie/.

#1401
Bugfix #1413: Re-include the '.git' dir in the Docker images to pass the version tag

And git SHA to the release tool.

#1413
Bugfix #1399: Fix ocis trash-bin purge

Fixes the empty trash-bin functionality for ocis-storage

owncloud/product#254 #1399
Enhancement #1398: Support site authorization status in Mentix

This enhancement adds support for a site authorization status to Mentix. This way, sites registered via a web app can now be excluded until authorized manually by an administrator.

Furthermore, Mentix now sets the scheme for Prometheus targets. This allows us to also support monitoring of sites that do not support the default HTTPS scheme.

#1398
Enhancement #1393: Allow setting favorites, mtime and a temporary etag

We now let the ocis driver persist favorites, set temporary etags and the mtime as arbitrary metadata.

owncloud/ocis#567 #1394 #1393
Enhancement #1403: Support remote cloud gathering metrics

The current metrics package can only gather metrics either from json files. With this feature, the metrics can be gathered polling the http endpoints exposed by the owncloud/nextcloud sciencemesh apps.

#1403

Changelog for reva 1.5.0 (2021-01-12)

The following sections list the changes in reva 1.5.0 relevant to reva users. The changes are ordered by importance.

Summary

Fix #1385: Run changelog check only if there are changes in the code
Fix #1333: Delete sdk unit tests
Fix #1342: Dav endpoint routing to home storage when request is remote.php/dav/files
Fix #1338: Fix fd leaks
Fix #1343: Fix ocis move
Fix #551: Fix purging deleted files with the ocis storage
Fix #863: Fix dav api for trashbin
Fix #204: Fix the ocs share with me response
Fix #1351: Fix xattr.Remove error check for macOS
Fix #1320: Do not panic on remote.php/dav/files/
Fix #1379: Make Jaeger agent usable
Fix #1331: Fix capabilities response for multiple client versions
Fix #1281: When sharing via ocs look up user by username
Fix #1334: Handle removal of public shares by token or ID
Chg #990: Replace the user uuid with the username in ocs share responses
Enh #1350: Add auth protocol based on user agent
Enh #1362: Mark 'store-dev-release' CI step as failed on 4XX/5XX errors
Enh #1364: Remove expired Link on Get
Enh #1340: Add cache to store UID to UserID mapping in EOS
Enh #1154: Add support for the protobuf interface to eos metadata
Enh #1154: Merge-rebase from master 10/11/2020
Enh #1359: Add cache for calculated etags for home and shares directory
Enh #1321: Add support for multiple data transfer protocols
Enh #1324: Log expected errors with debug level
Enh #1351: Map errtypes to status
Enh #1347: Support property to enable health checking on a service
Enh #1332: Add import support to Mentix
Enh #1371: Use self-hosted Drone CI
Enh #1354: Map bad request and unimplement to http status codes
Enh #929: Include share types in ocs propfind responses
Enh #1328: Add CLI commands for public shares
Enh #1388: Support range header in GET requests
Enh #1361: Remove expired Link on Access
Enh #1386: Docker image for cs3org/revad:VERSION-eos
Enh #1368: Calculate and expose actual file permission set

Details

Bugfix #1385: Run changelog check only if there are changes in the code

#1385
Bugfix #1333: Delete sdk unit tests

These depend on a remote server running reva and thus fail in case of version mismatches.

#1333
Bugfix #1342: Dav endpoint routing to home storage when request is remote.php/dav/files

There was a regression in which we were not routing correctly to the right storage depending on the url.

#1342
Bugfix #1338: Fix fd leaks

There were some left over open file descriptors on simple.go.

#1338
Bugfix #1343: Fix ocis move

Use the old node id to build the target path for xattr updates.

owncloud/ocis#975 #1343
Bugfix #551: Fix purging deleted files with the ocis storage

The ocis storage could load the owner information of a deleted file. This caused the storage to not be able to purge deleted files.

owncloud/ocis#551
Bugfix #863: Fix dav api for trashbin

The api was comparing the requested username to the userid.

owncloud/ocis#863
Bugfix #204: Fix the ocs share with me response

The path of the files shared with me was incorrect.

owncloud/product#204 #1346
Bugfix #1351: Fix xattr.Remove error check for macOS

Previously, we checked the xattr.Remove error only for linux systems. Now macOS is checked also

#1351
Bugfix #1320: Do not panic on remote.php/dav/files/

Currently requests to /remote.php/dav/files/ result in panics since we cannot longer strip the user + destination from the url. This fixes the server response code and adds an error body to the response.

#1320
Bugfix #1379: Make Jaeger agent usable

Previously, you could not use tracing with jaeger agent because the tracing connector is always used instead of the tracing endpoint.

This PR removes the defaults for collector and tracing endpoint.

#1379
Bugfix #1331: Fix capabilities response for multiple client versions

#1331
Bugfix #1281: When sharing via ocs look up user by username

The ocs api returns usernames when listing share recipients, so the lookup when creating the share needs to search the usernames and not the userid.

#1281
Bugfix #1334: Handle removal of public shares by token or ID

Previously different drivers handled removing public shares using different means, either the token or the ID. Now, both the drivers support both these methods.

#1334
Change #990: Replace the user uuid with the username in ocs share responses

The ocs api should not send the users uuid. Replaced the uuid with the username.

owncloud/ocis#990 #1375
Enhancement #1350: Add auth protocol based on user agent

Previously, all available credential challenges are given to the client, for example, basic auth, bearer token, etc ... Different clients have different priorities to use one method or another, and before it was not possible to force a client to use one method without having a side effect on other clients.

This PR adds the functionality to target a specific auth protocol based on the user agent HTTP header.

#1350
Enhancement #1362: Mark 'store-dev-release' CI step as failed on 4XX/5XX errors

Prevent the errors while storing new 'daily' releases from going unnoticed on the CI.

#1362
Enhancement #1364: Remove expired Link on Get

There is the scenario in which a public link has expired but ListPublicLink has not run, accessing a technically expired public share is still possible.

#1364
Enhancement #1340: Add cache to store UID to UserID mapping in EOS

Previously, we used to send an RPC to the user provider service for every lookup of user IDs from the UID stored in EOS. This PR adds an in-memory lock-protected cache to store this mapping.

#1340
Enhancement #1154: Add support for the protobuf interface to eos metadata

#1154
Enhancement #1154: Merge-rebase from master 10/11/2020

#1154
Enhancement #1359: Add cache for calculated etags for home and shares directory

Since we store the references in the shares directory instead of actual resources, we need to calculate the etag on every list/stat call. This is rather expensive so adding a cache would help to a great extent with regard to the performance.

#1359
Enhancement #1321: Add support for multiple data transfer protocols

Previously, we had to configure which data transfer protocol to use in the dataprovider service. A previous PR added the functionality to redirect requests to different handlers based on the request method but that would lead to conflicts if multiple protocols don't support mutually exclusive sets of requests. This PR adds the functionality to have multiple such handlers simultaneously and the client can choose which protocol to use.

#1321 #1285
Enhancement #1324: Log expected errors with debug level

While trying to download a non existing file and reading a non existing attribute are technically an error they are to be expected and nothing an admin can or even should act upon.

#1324
Enhancement #1351: Map errtypes to status

When mapping errtypes to grpc statuses we now also map bad request and not implemented / unsupported cases in the gateway storageprovider.

#1351
Enhancement #1347: Support property to enable health checking on a service

This update introduces a new service property called ENABLE_HEALTH_CHECKS that must be explicitly set to true if a service should be checked for its health status. This allows us to only enable these checks for partner sites only, skipping vendor sites.

#1347
Enhancement #1332: Add import support to Mentix

This update adds import support to Mentix, transforming it into a Mesh Entity Exchanger. To properly support vendor site management, a new connector that works on a local file has been added as well.

#1332
Enhancement #1371: Use self-hosted Drone CI

Previously, we used the drone cloud to run the CI for the project. Due to unexpected and sudden stop of the service for the cs3org we decided to self-host it.

#1371
Enhancement #1354: Map bad request and unimplement to http status codes

We now return a 400 bad request when a grpc call fails with an invalid argument status and a 501 not implemented when it fails with an unimplemented status. This prevents 500 errors when a user tries to add resources to the Share folder or a storage does not implement an action.

#1354
Enhancement #929: Include share types in ocs propfind responses

Added the share types to the ocs propfind response when a resource has been shared.

owncloud/ocis#929 #1329
Enhancement #1328: Add CLI commands for public shares

#1328
Enhancement #1388: Support range header in GET requests

To allow resuming a download we now support GET requests with a range header.

https://github.com/owncloud/ocis-reva/issues/12 #1388
Enhancement #1361: Remove expired Link on Access

Since there is no background jobs scheduled to wipe out expired resources, for the time being public links are going to be removed on a "on demand" basis, meaning whenever there is an API call that access the list of shares for a given resource, we will check whether the share is expired and delete it if so.

#1361
Enhancement #1386: Docker image for cs3org/revad:VERSION-eos

Based on eos:c8_4.8.15 (Centos8, version 4.8.15). To be used when the Reva daemon needs IPC with xrootd/eos via stdin/out.

#1386 #1389
Enhancement #1368: Calculate and expose actual file permission set

Instead of hardcoding the permissions set for every file and folder to ListContainer:true, CreateContainer:true and always reporting the hardcoded string WCKDNVR for the WebDAV permissions we now aggregate the actual cs3 resource permission set in the storage drivers and correctly map them to ocs permissions and webdav permissions using a common role struct that encapsulates the mapping logic.

owncloud/ocis#552 owncloud/ocis#762 owncloud/ocis#763 owncloud/ocis#893 owncloud/ocis#1126 https://github.com/owncloud/ocis-reva/issues/47 https://github.com/owncloud/ocis-reva/issues/315 https://github.com/owncloud/ocis-reva/issues/316 owncloud/product#270 #1368

Changelog for reva 1.4.0 (2020-11-17)

The following sections list the changes in reva 1.4.0 relevant to reva users. The changes are ordered by importance.

Summary

Fix #1316: Fix listing shares for nonexisting path
Fix #1274: Let the gateway filter invalid references
Fix #1269: Handle more eos errors
Fix #1297: Check the err and the response status code
Fix #1260: Fix file descriptor leak on ocdav put handler
Fix #1253: Upload file to storage provider after assembling chunks
Fix #1264: Fix etag propagation in ocis driver
Fix #1255: Check current node when iterating over path segments
Fix #1265: Stop setting propagation xattr on new files
Fix #260: Filter share with me requests
Fix #1317: Prevent nil pointer when listing shares
Fix #1259: Fix propfind response code on forbidden files
Fix #1294: Fix error type in read node when file was not found
Fix #1258: Update share grants on share update
Enh #1257: Add a test user to all sites
Enh #1234: Resolve a WOPI bridge appProviderURL by extracting its redirect
Enh #1239: Add logic for finding groups to user provider service
Enh #1280: Add a Reva SDK
Enh #1237: Setup of grpc transfer service and cli
Enh #1224: Add SQL driver for share manager
Enh #1285: Refactor the uploading files workflow from various clients
Enh #1233: Add support for custom CodiMD mimetype

Details

Bugfix #1316: Fix listing shares for nonexisting path

When trying to list shares for a not existing file or folder the ocs sharing implementation no longer responds with the wrong status code and broken xml.

#1316
Bugfix #1274: Let the gateway filter invalid references

We now filter deleted and unshared entries from the response when listing the shares folder of a user.

#1274
Bugfix #1269: Handle more eos errors

We now treat E2BIG, EACCES as a permission error, which occur, eg. when acl checks fail and return a permission denied error.

#1269
Bugfix #1297: Check the err and the response status code

The publicfile handler needs to check the response status code to return proper not pound and permission errors in the webdav api.

#1297
Bugfix #1260: Fix file descriptor leak on ocdav put handler

File descriptors on the ocdav service, especially on the put handler was leaking http connections. This PR addresses this.

#1260
Bugfix #1253: Upload file to storage provider after assembling chunks

In the PUT handler for chunked uploads in ocdav, we store the individual chunks in temporary file but do not write the assembled file to storage. This PR fixes that.

#1253
Bugfix #1264: Fix etag propagation in ocis driver

We now use a new synctime timestamp instead of trying to read the mtime to avoid race conditions when the stat request happens too quickly.

owncloud/product#249 #1264
Bugfix #1255: Check current node when iterating over path segments

When checking permissions we were always checking the leaf instead of using the current node while iterating over path segments.

#1255
Bugfix #1265: Stop setting propagation xattr on new files

We no longer set the propagation flag on a file because it is only evaluated for folders anyway.

#1265
Bugfix #260: Filter share with me requests

The OCS API now properly filters share with me requests by path and by share status (pending, accepted, rejected, all)

https://github.com/owncloud/ocis-reva/issues/260 https://github.com/owncloud/ocis-reva/issues/311 #1301
Bugfix #1317: Prevent nil pointer when listing shares

We now handle cases where the grpc connection failed correctly by no longer trying to access the response status.

#1317
Bugfix #1259: Fix propfind response code on forbidden files

When executing a propfind to a resource owned by another user the service would respond with a HTTP 403. In ownCloud 10 the response was HTTP 207. This change sets the response code to HTTP 207 to stay backwards compatible.

#1259
Bugfix #1294: Fix error type in read node when file was not found

The method ReadNode in the ocis storage didn't return the error type NotFound when a file was not found.

#1294
Bugfix #1258: Update share grants on share update

When a share was updated the share information in the share manager was updated but the grants set by the storage provider were not.

#1258
Enhancement #1257: Add a test user to all sites

For health monitoring of all mesh sites, we need a special user account that is present on every site. This PR adds such a user to each users-*.json file so that every site will have the same test user credentials.

#1257
Enhancement #1234: Resolve a WOPI bridge appProviderURL by extracting its redirect

Applications served by the WOPI bridge (CodiMD for the time being) require an extra redirection as the WOPI bridge itself behaves like a user app. This change returns to the client the redirected URL from the WOPI bridge, which is the real application URL.

#1234
Enhancement #1239: Add logic for finding groups to user provider service

To create shares with user groups, the functionality for searching for these based on a pattern is needed. This PR adds that.

#1239
Enhancement #1280: Add a Reva SDK

A Reva SDK has been added to make working with a remote Reva instance much easier by offering a high-level API that hides all the underlying details of the CS3API.

#1280
Enhancement #1237: Setup of grpc transfer service and cli

The grpc transfer service and cli for it.

#1237
Enhancement #1224: Add SQL driver for share manager

This PR adds an SQL driver for the shares manager which expects a schema equivalent to the one used in production for CERNBox.

#1224
Enhancement #1285: Refactor the uploading files workflow from various clients

Previously, we were implementing the tus client logic in the ocdav service, leading to restricting the whole of tus logic to the internal services. This PR refactors that workflow to accept incoming requests following the tus protocol while using simpler transmission internally.

#1285 #1314
Enhancement #1233: Add support for custom CodiMD mimetype

The new mimetype is associated with the .zmd file extension. The corresponding configuration is associated with the storageprovider.

#1233 #1284

Changelog for reva 1.3.0 (2020-10-08)

The following sections list the changes in reva 1.3.0 relevant to reva users. The changes are ordered by importance.

Summary

Fix #1140: Call the gateway stat method from appprovider
Fix #1170: Up and download of file shares
Fix #1177: Fix ocis move
Fix #1178: Fix litmus failing on ocis storage
Fix #237: Fix missing quotes on OCIS-Storage
Fix #1210: No longer swallow permissions errors in the gateway
Fix #1183: Handle eos EPERM as permission denied
Fix #1206: No longer swallow permissions errors
Fix #1207: No longer swallow permissions errors in ocdav
Fix #1161: Cache display names in ocs service
Fix #1216: Add error handling for invalid references
Enh #1205: Allow using the username when accessing the users home
Enh #1131: Use updated cato to display nested package config in parent docs
Enh #1213: Check permissions in ocis driver
Enh #1202: Check permissions in owncloud driver
Enh #1228: Add GRPC stubs for CreateSymlink method
Enh #1174: Add logic in EOS FS for maintaining same inode across file versions
Enh #1142: Functionality to map home directory to different storage providers
Enh #1190: Add Blackbox Exporter support to Mentix
Enh #1229: New gateway datatx service
Enh #1225: Allow setting the owner when using the ocis driver
Enh #1180: Introduce ocis driver treetime accounting
Enh #1208: Calculate etags on-the-fly for shares directory and home folder

Details

Bugfix #1140: Call the gateway stat method from appprovider

The appprovider service used to directly pass the stat request to the storage provider bypassing the gateway, which resulted in errors while handling share children as they are resolved in the gateway path.

#1140
Bugfix #1170: Up and download of file shares

The shared folder logic in the gateway storageprovider was not allowing file up and downloads for single file shares. We now check if the reference is actually a file to determine if up / download should be allowed.

#1170
Bugfix #1177: Fix ocis move

When renaming a file we updating the name attribute on the wrong node, causing the path construction to use the wrong name. This fixes the litmus move_coll test.

#1177
Bugfix #1178: Fix litmus failing on ocis storage

We now ignore the no data available error when removing a non existing metadata attribute, which is ok because we are trying to delete it anyway.

#1178 #1179
Bugfix #237: Fix missing quotes on OCIS-Storage

Etags have to be enclosed in quotes ". Return correct etags on OCIS-Storage.

owncloud/product#237 #1232
Bugfix #1210: No longer swallow permissions errors in the gateway

The gateway is no longer ignoring permissions errors. It will now check the status for rpc.Code_CODE_PERMISSION_DENIED codes and report them properly using status.NewPermissionDenied or status.NewInternal instead of reusing the original response status.

#1210
Bugfix #1183: Handle eos EPERM as permission denied

We now treat EPERM errors, which occur, eg. when acl checks fail and return a permission denied error.

#1183
Bugfix #1206: No longer swallow permissions errors

The storageprovider is no longer ignoring permissions errors. It will now report them properly using status.NewPermissionDenied(...) instead of status.NewInternal(...)

#1206
Bugfix #1207: No longer swallow permissions errors in ocdav

The ocdav api is no longer ignoring permissions errors. It will now check the status for rpc.Code_CODE_PERMISSION_DENIED codes and report them properly using http.StatusForbidden instead of http.StatusInternalServerError

#1207
Bugfix #1161: Cache display names in ocs service

The ocs list shares endpoint may need to fetch the displayname for multiple different users. We are now caching the lookup fo 60 seconds to save redundant RPCs to the users service.

#1161
Bugfix #1216: Add error handling for invalid references

#1216 #1218
Enhancement #1205: Allow using the username when accessing the users home

We now allow using the userid and the username when accessing the users home on the /dev/files endpoint.

#1205
Enhancement #1131: Use updated cato to display nested package config in parent docs

Previously, in case of nested packages, we just had a link pointing to the child package. Now we copy the nested package's documentation to the parent itself to make it easier for devs.

#1131
Enhancement #1213: Check permissions in ocis driver

We are now checking grant permissions in the ocis storage driver.

#1213
Enhancement #1202: Check permissions in owncloud driver

We are now checking grant permissions in the owncloud storage driver.

#1202
Enhancement #1228: Add GRPC stubs for CreateSymlink method

#1228
Enhancement #1174: Add logic in EOS FS for maintaining same inode across file versions

This PR adds the functionality to maintain the same inode across various versions of a file by returning the inode of the version folder which remains constant. It requires extra metadata operations so a flag is provided to disable it.

#1174
Enhancement #1142: Functionality to map home directory to different storage providers

We hardcode the home path for all users to /home. This forbids redirecting requests for different users to multiple storage providers. This PR provides the option to map the home directories of different users using user attributes.

#1142
Enhancement #1190: Add Blackbox Exporter support to Mentix

This update extends Mentix to export a Prometheus SD file specific to the Blackbox Exporter which will be used for initial health monitoring. Usually, Prometheus requires its targets to only consist of the target's hostname; the BBE though expects a full URL here. This makes exporting two distinct files necessary.

#1190
Enhancement #1229: New gateway datatx service

Represents the CS3 datatx module in the gateway.

#1229
Enhancement #1225: Allow setting the owner when using the ocis driver

To support the metadata storage we allow setting the owner of the root node so that subsequent requests with that owner can be used to manage the storage.

#1225
Enhancement #1180: Introduce ocis driver treetime accounting

We added tree time accounting to the ocis storage driver which is modeled after eos synctime accounting. It can be enabled using the new treetime_accounting option, which defaults to false The tmtime is stored in an extended attribute user.ocis.tmtime. The treetime accounting is enabled for nodes which have the user.ocis.propagation extended attribute set to "1". Currently, propagation is in sync.

#1180
Enhancement #1208: Calculate etags on-the-fly for shares directory and home folder

We create references for accepted shares in the shares directory, but these aren't updated when the original resource is modified. This PR adds the functionality to generate the etag for the shares directory and correspondingly, the home directory, based on the actual resources which the references point to, enabling the sync functionality.

#1208

Changelog for reva 1.2.1 (2020-09-15)

The following sections list the changes in reva 1.2.1 relevant to reva users. The changes are ordered by importance.

Summary

Fix #1124: Do not swallow 'not found' errors in Stat
Enh #1125: Rewire dav files to the home storage
Enh #559: Introduce ocis storage driver
Enh #1118: Metrics module can be configured to retrieve metrics data from file

Details

Bugfix #1124: Do not swallow 'not found' errors in Stat

Webdav needs to determine if a file exists to return 204 or 201 response codes. When stating a non existing resource the NOT_FOUND code was replaced with an INTERNAL error code. This PR passes on a NOT_FOUND status code in the gateway.

#1124
Enhancement #1125: Rewire dav files to the home storage

If the user specified in the dav files URL matches the current one, rewire it to use the webDavHandler which is wired to the home storage.

This fixes path mapping issues.

#1125
Enhancement #559: Introduce ocis storage driver

We introduced a now storage driver ocis that deconstructs a filesystem and uses a node first approach to implement an efficient lookup of files by path as well as by file id.

#559
Enhancement #1118: Metrics module can be configured to retrieve metrics data from file
- Export site metrics in Prometheus #698
#1118

Changelog for reva 1.2.0 (2020-08-25)

The following sections list the changes in reva 1.2.0 relevant to reva users. The changes are ordered by importance.

Summary

Fix #1099: Do not restore recycle entry on purge
Fix #1091: Allow listing the trashbin
Fix #1103: Restore and delete trash items via ocs
Fix #1090: Ensure ignoring public stray shares
Fix #1064: Ensure ignoring stray shares
Fix #1082: Minor fixes in reva cmd, gateway uploads and smtpclient
Fix #1115: Owncloud driver - propagate mtime on RemoveGrant
Fix #1111: Handle redirection prefixes when extracting destination from URL
Enh #1101: Add UID and GID in ldap auth driver
Enh #1077: Add calens check to verify changelog entries in CI
Enh #1072: Refactor Reva CLI with prompts
Enh #1079: Get file info using fxids from EOS
Enh #1088: Update LDAP user driver
Enh #1114: System information metrics cleanup
Enh #1071: System information included in Prometheus metrics
Enh #1094: Add logic for resolving storage references over webdav

Details

Bugfix #1099: Do not restore recycle entry on purge

This PR fixes a bug in the EOSFS driver that was restoring a deleted entry when asking for its permanent purge. EOS does not have the functionality to purge individual files, but the whole recycle of the user.

#1099
Bugfix #1091: Allow listing the trashbin

The trashbin endpoint expects the userid, not the username.

#1091
Bugfix #1103: Restore and delete trash items via ocs

The OCS api was not passing the correct key and references to the CS3 API. Furthermore, the owncloud storage driver was constructing the wrong target path when restoring.

#1103
Bugfix #1090: Ensure ignoring public stray shares

When using the json public shares manager, it can be the case we found a share with a resource_id that no longer exists.

#1090
Bugfix #1064: Ensure ignoring stray shares

When using the json shares manager, it can be the case we found a share with a resource_id that no longer exists. This PR aims to address his case by changing the contract of getPath and return the result of the STAT call instead of a generic error, so we can check the cause.

#1064
Bugfix #1082: Minor fixes in reva cmd, gateway uploads and smtpclient

#1082 #1116
Bugfix #1115: Owncloud driver - propagate mtime on RemoveGrant

When removing a grant the mtime change also needs to be propagated. Only affectsn the owncluod storage driver.

#1115
Bugfix #1111: Handle redirection prefixes when extracting destination from URL

The move function handler in ocdav extracts the destination path from the URL by removing the base URL prefix from the URL path. This would fail in case there is a redirection prefix. This PR takes care of that and it also allows zero-size uploads for localfs.

#1111
Enhancement #1101: Add UID and GID in ldap auth driver

The PR #1088 added the functionality to lookup UID and GID from the ldap user provider. This PR adds the same to the ldap auth manager.

#1101
Enhancement #1077: Add calens check to verify changelog entries in CI

#1077
Enhancement #1072: Refactor Reva CLI with prompts

The current CLI is a bit cumbersome to use with users having to type commands containing all the associated config with no prompts or auto-completes. This PR refactors the CLI with these functionalities.

#1072
Enhancement #1079: Get file info using fxids from EOS

This PR supports getting file information from EOS using the fxid value.

#1079
Enhancement #1088: Update LDAP user driver

The LDAP user driver can now fetch users by a single claim / attribute. Use an attributefilter like (&(objectclass=posixAccount)({{attr}}={{value}})) in the driver section.

It also adds the uid and gid to the users opaque properties so that eos can use them for chown and acl operations.

#1088
Enhancement #1114: System information metrics cleanup

The system information metrics are now based on OpenCensus instead of the Prometheus client library. Furthermore, its initialization was moved out of the Prometheus HTTP service to keep things clean.

#1114
Enhancement #1071: System information included in Prometheus metrics

System information is now included in the main Prometheus metrics exposed at /metrics.

#1071
Enhancement #1094: Add logic for resolving storage references over webdav

This PR adds the functionality to resolve webdav references using the ocs webdav service by passing the resource's owner's token. This would need to be changed in production.

#1094

Changelog for reva 1.1.0 (2020-08-11)

The following sections list the changes in reva 1.1.0 relevant to reva users. The changes are ordered by importance.

Summary

Fix #1069: Pass build time variables while compiling
Fix #1047: Fix missing idp check in GetUser of demo userprovider
Fix #1038: Do not stat shared resources when downloading
Fix #1034: Fixed some error reporting strings and corresponding logs
Fix #1046: Fixed resolution of fileid in GetPathByID
Fix #1052: Ocfs: Lookup user to render template properly
Fix #1024: Take care of trailing slashes in OCM package
Fix #1025: Use lower-case name for changelog directory
Fix #1042: List public shares only created by the current user
Fix #1051: Disallow sharing the shares directory
Enh #1035: Refactor AppProvider workflow
Enh #1059: Improve timestamp precision while logging
Enh #1037: System information HTTP service
Enh #995: Add UID and GID to the user object from user package

Details

Bugfix #1069: Pass build time variables while compiling

We provide the option of viewing various configuration and version options in both reva CLI as well as the reva daemon, but we didn't actually have these values in the first place. This PR adds that info at compile time.

#1069
Bugfix #1047: Fix missing idp check in GetUser of demo userprovider

We've added a check for matching idp in the GetUser function of the demo userprovider

#1047
Bugfix #1038: Do not stat shared resources when downloading

Previously, we statted the resources in all download requests resulting in failures when downloading references. This PR fixes that by statting only in case the resource is not present in the shares folder. It also fixes a bug where we allowed uploading to the mount path, resulting in overwriting the user home directory.

#1038
Bugfix #1034: Fixed some error reporting strings and corresponding logs

#1034
Bugfix #1046: Fixed resolution of fileid in GetPathByID

Following refactoring of fileid generations in the local storage provider, this ensures fileid to path resolution works again.

#1046
Bugfix #1052: Ocfs: Lookup user to render template properly

Currently, the username is used to construct paths, which breaks when mounting the owncloud storage driver at /oc and then expecting paths that use the username like /oc/einstein/foo to work, because they will mismatch the path that is used from propagation which uses /oc/u-u-i-d as the root, giving an internal path outside root error

#1052
Bugfix #1024: Take care of trailing slashes in OCM package

Previously, we assumed that the OCM endpoints would have trailing slashes, failing in case they didn't. This PR fixes that.

#1024
Bugfix #1025: Use lower-case name for changelog directory

When preparing a new release, the changelog entries need to be copied to the changelog folder under docs. In a previous change, all these folders were made to have lower case names, resulting in creation of a separate folder.

#1025
Bugfix #1042: List public shares only created by the current user

When running ocis, the public links created by a user are visible to all the users under the 'Shared with others' tab. This PR fixes that by returning only those links which are created by a user themselves.

#1042
Bugfix #1051: Disallow sharing the shares directory

Previously, it was possible to create public links for and share the shares directory itself. However, when the recipient tried to accept the share, it failed. This PR prevents the creation of such shares in the first place.

#1051
Enhancement #1035: Refactor AppProvider workflow

Simplified the app-provider configuration: storageID is worked out automatically and UIURL is suppressed for now. Implemented the new gRPC protocol from the gateway to the appprovider.

#1035
Enhancement #1059: Improve timestamp precision while logging

Previously, the timestamp associated with a log just had the hour and minute, which made debugging quite difficult. This PR increases the precision of the associated timestamp.

#1059
Enhancement #1037: System information HTTP service

This service exposes system information via an HTTP endpoint. This currently only includes Reva version information but can be extended easily. The information are exposed in the form of Prometheus metrics so that we can gather these in a streamlined way.

#1037
Enhancement #995: Add UID and GID to the user object from user package

Currently, the UID and GID for users need to be read from the local system which requires local users to be present. This change retrieves that information from the user and auth packages and adds methods to retrieve it.

#995

Changelog for reva 1.0.0 (2020-07-28)

The following sections list the changes in reva 1.0.0 relevant to reva users. The changes are ordered by importance.

Summary

Fix #941: Fix initialization of json share manager
Fix #1006: Check if SMTP credentials are nil
Chg #965: Remove protocol from partner domains to match gocdb config
Enh #986: Added signing key capability
Enh #922: Add tutorial for deploying WOPI and Reva locally
Enh #979: Skip changelog enforcement for bot PRs
Enh #965: Enforce adding changelog in make and CI
Enh #1016: Do not enforce changelog on release
Enh #969: Allow requests to hosts with unverified certificates
Enh #914: Make httpclient configurable
Enh #972: Added a site locations exporter to Mentix
Enh #1000: Forward share invites to the provider selected in meshdirectory
Enh #1002: Pass the link to the meshdirectory service in token mail
Enh #1008: Use proper logging for ldap auth requests
Enh #970: Add required headers to SMTP client to prevent being tagged as spam
Enh #996: Split LDAP user filters
Enh #1007: Update go-tus version
Enh #1004: Update github.com/go-ldap/ldap to v3
Enh #974: Add functionality to create webdav references for OCM shares

Details

Bugfix #941: Fix initialization of json share manager

When an empty shares.json file existed the json share manager would fail while trying to unmarshal the empty file.

#941 #940
Bugfix #1006: Check if SMTP credentials are nil

Check if SMTP credentials are nil before passing them to the SMTPClient, causing it to crash.

#1006
Change #965: Remove protocol from partner domains to match gocdb config

Minor changes for OCM cross-partner testing.

#965
Enhancement #986: Added signing key capability

The ocs capabilities can now hold the boolean flag to indicate url signing endpoint and middleware are available

#986
Enhancement #922: Add tutorial for deploying WOPI and Reva locally

Add a new tutorial on how to run Reva and Wopiserver together locally

#922
Enhancement #979: Skip changelog enforcement for bot PRs

Skip changelog enforcement for bot PRs.

#979
Enhancement #965: Enforce adding changelog in make and CI

When adding a feature or fixing a bug, a changelog needs to be specified, failing which the build wouldn't pass.

#965
Enhancement #1016: Do not enforce changelog on release

While releasing a new version of Reva, make release was failing because it was enforcing a changelog entry.

#1016
Enhancement #969: Allow requests to hosts with unverified certificates

Allow OCM to send requests to other mesh providers with the option of skipping certificate verification.

#969
Enhancement #914: Make httpclient configurable
- Introduce Options for the httpclient (#914)
#914
Enhancement #972: Added a site locations exporter to Mentix

Mentix now offers an endpoint that exposes location information of all sites in the mesh. This can be used in Grafana's world map view to show the exact location of every site.

#972
Enhancement #1000: Forward share invites to the provider selected in meshdirectory

Added a share invite forward OCM endpoint to the provider links (generated when a user picks a target provider in the meshdirectory service web interface), together with an invitation token and originating provider domain passed to the service via query params.

sciencemesh/sciencemesh#139 #1000
Enhancement #1002: Pass the link to the meshdirectory service in token mail

Currently, we just forward the token and the original user's domain when forwarding an OCM invite token and expect the user to frame the forward invite URL. This PR instead passes the link to the meshdirectory service, from where the user can pick the provider they want to accept the invite with.

sciencemesh/sciencemesh#139 #1002
Enhancement #1008: Use proper logging for ldap auth requests

Instead of logging to stdout we now log using debug level logging or error level logging in case the configured system user cannot bind to LDAP.

#1008
Enhancement #970: Add required headers to SMTP client to prevent being tagged as spam

Mails being sent through the client, specially through unauthenticated SMTP were being tagged as spam due to missing headers.

#970
Enhancement #996: Split LDAP user filters

The current LDAP user and auth filters only allow a single %s to be replaced with the relevant string. The current userfilter is used to lookup a single user, search for share recipients and for login. To make each use case more flexible we split this in three and introduced templates.

For the userfilter we moved to filter templates that can use the CS3 user id properties {{.OpaqueId}} and {{.Idp}}: ``` userfilter = "(&(objectclass=posixAccount)(|(ownclouduuid={{.OpaqueId}})(cn={{.OpaqueId}})))"
```
We introduced a new `findfilter` that is used when searching for users. Use it like this: ```
findfilter =
"(&(objectclass=posixAccount)(|(cn={{query}}*)(displayname={{query}}*)(mail={{query}}*)))"
```
Furthermore, we also introduced a dedicated login filter for the LDAP auth manager: loginfilter = "(&(objectclass=posixAccount)(|(cn={{login}})(mail={{login}})))"

These filter changes are backward compatible: findfilter and loginfilter will be derived from the userfilter by replacing %s with {{query}} and {{login}} respectively. The userfilter replaces %s with {{.OpaqueId}}

Finally, we changed the default attribute for the immutable uid of a user to ms-DS-ConsistencyGuid. See https://docs.microsoft.com/en-us/azure/active-directory/hybrid/plan-connect-design-concepts for the background. You can fall back to objectguid or even samaccountname but you will run into trouble when user names change. You have been warned.

#996
Enhancement #1007: Update go-tus version

The lib now uses go mod which should help golang to sort out dependencies when running go mod tidy.

#1007
Enhancement #1004: Update github.com/go-ldap/ldap to v3

In the current version of the ldap lib attribute comparisons are case sensitive. With v3 GetEqualFoldAttributeValue is introduced, which allows a case insensitive comparison. Which AFAICT is what the spec says: see go-ldap/ldap#129 (comment)

#1004
Enhancement #974: Add functionality to create webdav references for OCM shares

Webdav references will now be created in users' shares directory with the target set to the original resource's location in their mesh provider.

#974

Changelog for reva 0.1.0 (2020-03-18)

The following sections list the changes in reva 0.1.0 relevant to reva users. The changes are ordered by importance.

Summary

Enh #402: Build daily releases
Enh #416: Improve developer experience
Enh #468: remove vendor support
Enh #545: simplify configuration
Enh #561: improve the documentation
Enh #562: support home storages

Details

Enhancement #402: Build daily releases

Reva was not building releases of commits to the master branch. Thanks to @zazola.

Commit-based released are generated every time a PR is merged into master. These releases are available at: https://reva-releases.web.cern.ch

#402
Enhancement #416: Improve developer experience

Reva provided the option to be run with a single configuration file by using the -c config flag.

This PR adds the flag -dev-dir than can point to a directory containing multiple config files. The reva daemon will launch a new process per configuration file.

Kudos to @refs.

#416
Enhancement #468: remove vendor support

Because @dependabot cannot update in a clean way the vendor dependecies Reva removed support for vendored dependencies inside the project.

Dependencies will continue to be versioned but they will be downloaded when compiling the artefacts.

#468 #524
Enhancement #545: simplify configuration

Reva configuration was difficul as many of the configuration parameters were not providing sane defaults. This PR and the related listed below simplify the configuration.

#545 #536 #568
Enhancement #561: improve the documentation

Documentation has been improved and can be consulted here: https://reva.link

#561 #545 #568
Enhancement #562: support home storages

Reva did not have any functionality to handle home storages. These PRs make that happen.

#562 #510 #493 #476 #469 #436 #571

Changelog for reva 0.0.1 (2019-10-24)

The following sections list the changes in reva 0.0.1 relevant to reva users. The changes are ordered by importance.

Summary

Enh #334: Create release procedure for Reva

Details

Enhancement #334: Create release procedure for Reva

Reva did not have any procedure to release versions. This PR brings a new tool to release Reva versions (tools/release) and prepares the necessary files for artefact distributed made from Drone into Github pages.

#334

Files

CHANGELOG.md

Latest commit

History

CHANGELOG.md

File metadata and controls

Changelog for reva 1.28.0 (2024-02-27)

Summary

Details

Changelog for reva 1.27.0 (2023-10-19)

Summary

Details

Changelog for reva 1.26.0 (2023-09-08)

Summary

Details

Changelog for reva 1.25.0 (2023-08-14)

Summary

Details

Changelog for reva 1.24.0 (2023-05-11)

Summary

Details

Changelog for reva 1.23.0 (2023-03-09)

Summary

Details

Changelog for reva 1.22.0 (2022-12-31)

Summary

Details

Changelog for reva 1.21.0 (2022-12-07)

Summary

Details

Changelog for reva 1.20.0 (2022-11-24)

Summary

Details

Changelog for reva 1.19.0 (2022-06-16)

Summary

Details

Changelog for reva 1.18.0 (2022-02-11)

Summary

Details

Changelog for reva 1.17.0 (2021-12-09)

Summary

Details

Changelog for reva 1.16.0 (2021-11-19)

Summary

Details

Changelog for reva 1.15.0 (2021-10-26)

Summary

Details

Changelog for reva 1.14.0 (2021-10-12)

Summary

Details

Changelog for reva 1.13.0 (2021-09-14)

Summary

Details

Changelog for reva 1.12.0 (2021-08-24)

Summary

Details

Changelog for reva 1.11.0 (2021-08-03)

Summary

Details

Changelog for reva 1.10.0 (2021-07-13)

Summary

Details

Changelog for reva 1.9.1 (2021-07-09)

Summary

Details

Changelog for reva 1.9.0 (2021-06-23)

Summary

Details

Changelog for reva 1.8.0 (2021-06-09)

Summary

Details

Changelog for reva 1.7.0 (2021-04-19)

Summary

Details

Changelog for reva 1.6.0 (2021-02-16)

Summary

Details

Changelog for reva 1.5.1 (2021-01-19)

Summary