Shares using the OCM multi-protocol envelope (name multi, with the secret carried in a sibling protocol entry such as webdav) were rejected with Missing sharedSecret in protocol. Scan every protocol entry for the shared secret during validation, resolve the secret from the matching entry, and let the files provider serve the webdav entry of a multi envelope. Covers the file and folder resource types.
Signed-off-by: Micke Nordin <kano@sunet.se>
Accept both the legacy options.sharedSecret envelope and the new
protocol[name].sharedSecret form. Preserve the original cloud ID so the
factory can discover capabilities, then reset shareWith to the local
username for user lookup.
Delegate per-protocol validation to providers via the new
IValidationAwareCloudFederationProvider interface, with split exception
handling: BadRequestException -> 400, ProviderCouldNotAddShareException
-> the exception's own HTTP status (501 fallback).
In the notification handler, fall back to looking up the refresh token
via OcmTokenMapMapper when the access token cannot identify the federation.
Co-authored-by: Micke Nordin <kano@sunet.se>
Signed-off-by: Micke Nordin <kano@sunet.se>
Signed-off-by: Enrique Pérez Arnaud <enrique@cazalla.net>
The new public IManager::claimNextScheduledTask lands in master (35.0.0),
not 34.0.0. Addresses review feedback.
Signed-off-by: Yoan Bozhilov <bygadd@gmail.com>
Assisted-by: Claude Code:claude-opus-4-8
Trying to create an auth token from an authtoken
returns 403 now, not 503 (which is more correct)
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
- `$child` was used as an array key earlier. If they are numeric, they
are automatically converted to ints, leading to type issues later.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Current code blindy adds any resources to the ocm disocvery, this makes
it so that different cloud federation providers can not add different
protocols for the same resourceType without the resourceType being
duplicated, something that OCM does not allow:
```
REQUIRED: resourceTypes (array) - A list of all resource types this
server supports in both the Sending Server role and the Receiving
Server role, with their access protocols. Each item in this list MUST
itself be an object containing the following fields:
name (string) - A supported resource type (file, calendar, contact, ...).
Implementations MUST offer support for at least one resource type, where
file is the commonly supported one. Each resource type is identified by
its name: the list MUST NOT contain more than one resource type object
per given name.
...
```
https://datatracker.ietf.org/doc/html/draft-ietf-ocm-open-cloud-mesh-04#name-fields
This patch changes this behaviour from this example result:
```
{
"name": "folder",
"shareTypes": [
"user"
],
"protocols": {
"webapp": {}
}
},
{
"name": "folder",
"shareTypes": [
"user"
],
"protocols": {
"webapp-receive": {
"targets": [
"blank",
"iframe"
]
}
}
```
to:
```
{
"name": "folder",
"shareTypes": [
"user"
],
"protocols": {
"webapp": {},
"webapp-receive": {
"targets": [
"blank",
"iframe"
]
}
}
```
which is the correct behaviour according to OCM.
Signed-off-by: Micke Nordin <kano@sunet.se>
OCM is standardizing and expanding the use of notifications and having
an event for acting on in apps will be very useful.
Signed-off-by: Micke Nordin <kano@sunet.se>
Instead of logging one message per slow capability (and only in debug
mode), collect all slow capabilities and emit a single log entry with
all timings, using the highest applicable log level.
Signed-off-by: Simon L. <szaimen@e.mail.de>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Signed-off-by: Simon L. <szaimen@e.mail.de>
Robin Appelman
Micke Nordin
Enrique Pérez Arnaud
Andy Scherzinger
Benjamin Gaussorgues
Peter Ringelmann
Yoan Bozhilov
Nextcloud bot
nextcloud-command
dependabot[bot]
Hamza
Stephan Orbaugh
Micke Nordin
Côme Chilliet
Arthur Schiwon
Oleksander Piskun
Côme Chilliet
Carl Schwan
Marcel Klehr
Cristian Scheid
Simon L.