Mirrors
/
nextcloud-server
mirror of https://github.com/nextcloud/server
3
0
Fork 0
Code Releases Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
58115 Commits
649 Branches
1172 Tags
4.2 GiB
Tree: 8ef920fdf9
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '8ef920fdf9'
${ noResults }
nextcloud-server/core/Controller/AvatarController.php

338 lines
9.8 KiB
Raw Normal View History

Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
Fix others
10 years ago
Update license headers for 19 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
Update the license headers for Nextcloud 19 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
Fix others
10 years ago
Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
Update license headers
10 years ago
update license headers and authors
11 years ago
Fix others
10 years ago
update licence headers via script
10 years ago
Update all license headers for Nextcloud 21 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
5 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
Some php-cs fixes * Order the imports * No leading slash on imports * Empty line before namespace * One line per import * Empty after imports * Emmpty line at bottom of file Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
6 years ago
move avatar controller to core/controller
10 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
Cache avatars properly * Set proper caching headers for avatars (15 minutes) * For our own avatar use some extra logic to invalidate when we update
10 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
Move AvatarController over to FileDisplayResponse
10 years ago
AvatarController use proper JSONResponse * Do not rely on DataResponse magic. We want JSON so use JSON * Fix tests
10 years ago
AvatarController cleanup * Use all DI components * Let the AppFramework resolve the AvatarController * Update unit tests * Unit tests no longer require DB
10 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
AvatarController cleanup * Use all DI components * Let the AppFramework resolve the AvatarController * Update unit tests * Unit tests no longer require DB
10 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
Some php-cs fixes * Order the imports * No leading slash on imports * Empty line before namespace * One line per import * Empty after imports * Emmpty line at bottom of file Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
6 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
move avatar controller to core/controller
10 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
AvatarController cleanup * Use all DI components * Let the AppFramework resolve the AvatarController * Update unit tests * Unit tests no longer require DB
10 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
AvatarController cleanup * Use all DI components * Let the AppFramework resolve the AvatarController * Update unit tests * Unit tests no longer require DB
10 years ago
Move avatarcontroller towards Node Api
11 years ago
Do not print exception message In case of an error the error message often contains sensitive data such as the full path which potentially leads to a full path disclosure. Thus the error message should not directly get displayed to the user and instead be logged.
10 years ago
AvatarController cleanup * Use all DI components * Let the AppFramework resolve the AvatarController * Update unit tests * Unit tests no longer require DB
10 years ago
Cache avatars properly * Set proper caching headers for avatars (15 minutes) * For our own avatar use some extra logic to invalidate when we update
10 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
AvatarController cleanup * Use all DI components * Let the AppFramework resolve the AvatarController * Update unit tests * Unit tests no longer require DB
10 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
AvatarController cleanup * Use all DI components * Let the AppFramework resolve the AvatarController * Update unit tests * Unit tests no longer require DB
10 years ago
Cache avatars properly * Set proper caching headers for avatars (15 minutes) * For our own avatar use some extra logic to invalidate when we update
10 years ago
Remove unused members and imports Signed-off-by: Joas Schilling <coding@schilljs.com>
5 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
AvatarController cleanup * Use all DI components * Let the AppFramework resolve the AvatarController * Update unit tests * Unit tests no longer require DB
10 years ago
Do not print exception message In case of an error the error message often contains sensitive data such as the full path which potentially leads to a full path disclosure. Thus the error message should not directly get displayed to the user and instead be logged.
10 years ago
AvatarController cleanup * Use all DI components * Let the AppFramework resolve the AvatarController * Update unit tests * Unit tests no longer require DB
10 years ago
Cache avatars properly * Set proper caching headers for avatars (15 minutes) * For our own avatar use some extra logic to invalidate when we update
10 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
Always generate avatar Even if no avatar is set we should just generate the image. This to not duplicate the code on all the clients. And only server images from the avtar endpoint. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
Revert "Allow Remote avatars"
10 years ago
Remove requesttoken for avatars First step for https://github.com/owncloud/core/issues/11915
11 years ago
Exclude avatar from Same-Site Cookie requirement Required to work with the upcoming Collabora avatar integration. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
8 years ago
Add fancy layout
10 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
Move AvatarController over to FileDisplayResponse
10 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
Avatar imagick bump Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
8 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
Avatar imagick bump Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
8 years ago
Make the info available if the avatar was uploaded or generated Signed-off-by: Joas Schilling <coding@schilljs.com>
8 years ago
Also cache avatars when it's not allowed Signed-off-by: Joas Schilling <coding@schilljs.com>
6 years ago
Make the info available if the avatar was uploaded or generated Signed-off-by: Joas Schilling <coding@schilljs.com>
8 years ago
Always use status 200 for avatar response As discussed in #18603 caching a 201 response is hard. It's now possible to distinguish between generated and uploaded avatars by reading the X-NC-IsCustomAvatar (0 = generated, 1 = uploaded) header. Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
6 years ago
Make the info available if the avatar was uploaded or generated Signed-off-by: Joas Schilling <coding@schilljs.com>
8 years ago
Avatar imagick bump Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
8 years ago
Update tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
6 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
Cache the avatar for a day I noticed that on larger systems esp when using talk the avatars get revalidated like crazy. Because people keep the tab open etc. You can do with a slightly outdated avatar! Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
6 years ago
Format code to a single space around binary operators Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
5 years ago
Also cache avatars when it's not allowed Signed-off-by: Joas Schilling <coding@schilljs.com>
6 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
AvatarController use proper JSONResponse * Do not rely on DataResponse magic. We want JSON so use JSON * Fix tests
10 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
AvatarController cleanup * Use all DI components * Let the AppFramework resolve the AvatarController * Update unit tests * Unit tests no longer require DB
10 years ago
Fix AvatarController Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
9 years ago
AvatarController cleanup * Use all DI components * Let the AppFramework resolve the AvatarController * Update unit tests * Unit tests no longer require DB
10 years ago
AvatarController use proper JSONResponse * Do not rely on DataResponse magic. We want JSON so use JSON * Fix tests
10 years ago
Verify the path is a file on avatar update Fixes #21533 Before we just assumed that the passed path was a file. This does not have to be the case. Thus check if it actually is a file before doing any more tests.
10 years ago
Format code to a single space around binary operators Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
5 years ago
AvatarController use proper JSONResponse * Do not rely on DataResponse magic. We want JSON so use JSON * Fix tests
10 years ago
Fix uploading avatar and root certs in IE8
11 years ago
AvatarController use proper JSONResponse * Do not rely on DataResponse magic. We want JSON so use JSON * Fix tests
10 years ago
Fix uploading avatar and root certs in IE8
11 years ago
[avatar] add error handlers for avatar setup add colon to translated string use placeholder in t() Adding a size limitation for avatar upload Unit test for file size Fix typo & display server side error message
11 years ago
Check the mimetype before reading the content and catch exception Signed-off-by: Joas Schilling <coding@schilljs.com>
10 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
Format code to a single space around binary operators Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
5 years ago
AvatarController use proper JSONResponse * Do not rely on DataResponse magic. We want JSON so use JSON * Fix tests
10 years ago
Fix uploading avatar and root certs in IE8
11 years ago
AvatarController use proper JSONResponse * Do not rely on DataResponse magic. We want JSON so use JSON * Fix tests
10 years ago
Fix uploading avatar and root certs in IE8
11 years ago
[avatar] add error handlers for avatar setup add colon to translated string use placeholder in t() Adding a size limitation for avatar upload Unit test for file size Fix typo & display server side error message
11 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
Move avatarcontroller towards Node Api
11 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
show informative errors in log and UI on avatar upload error in user settings Signed-off-by: Julien Veyssier <eneiluj@posteo.net>
5 years ago
AvatarController use proper JSONResponse * Do not rely on DataResponse magic. We want JSON so use JSON * Fix tests
10 years ago
show informative errors in log and UI on avatar upload error in user settings Signed-off-by: Julien Veyssier <eneiluj@posteo.net>
5 years ago
AvatarController use proper JSONResponse * Do not rely on DataResponse magic. We want JSON so use JSON * Fix tests
10 years ago
Fix uploading avatar and root certs in IE8
11 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
AvatarController use proper JSONResponse * Do not rely on DataResponse magic. We want JSON so use JSON * Fix tests
10 years ago
Fix uploading avatar and root certs in IE8
11 years ago
AvatarController use proper JSONResponse * Do not rely on DataResponse magic. We want JSON so use JSON * Fix tests
10 years ago
Fix uploading avatar and root certs in IE8
11 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
Move avatarcontroller towards Node Api
11 years ago
Fix avatar on exif rotated images Fixes #1928 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
9 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
AvatarController use proper JSONResponse * Do not rely on DataResponse magic. We want JSON so use JSON * Fix tests
10 years ago
Fix uploading avatar and root certs in IE8
11 years ago
AvatarController use proper JSONResponse * Do not rely on DataResponse magic. We want JSON so use JSON * Fix tests
10 years ago
Fix uploading avatar and root certs in IE8
11 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
AvatarController use proper JSONResponse * Do not rely on DataResponse magic. We want JSON so use JSON * Fix tests
10 years ago
Fix uploading avatar and root certs in IE8
11 years ago
AvatarController use proper JSONResponse * Do not rely on DataResponse magic. We want JSON so use JSON * Fix tests
10 years ago
Fix uploading avatar and root certs in IE8
11 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
AvatarController use proper JSONResponse * Do not rely on DataResponse magic. We want JSON so use JSON * Fix tests
10 years ago
Fix uploading avatar and root certs in IE8
11 years ago
AvatarController use proper JSONResponse * Do not rely on DataResponse magic. We want JSON so use JSON * Fix tests
10 years ago
Fix uploading avatar and root certs in IE8
11 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
Do not print exception message In case of an error the error message often contains sensitive data such as the full path which potentially leads to a full path disclosure. Thus the error message should not directly get displayed to the user and instead be logged.
10 years ago
AvatarController use proper JSONResponse * Do not rely on DataResponse magic. We want JSON so use JSON * Fix tests
10 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
Fix multiline comments Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
AvatarController use proper JSONResponse * Do not rely on DataResponse magic. We want JSON so use JSON * Fix tests
10 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
AvatarController cleanup * Use all DI components * Let the AppFramework resolve the AvatarController * Update unit tests * Unit tests no longer require DB
10 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
AvatarController use proper JSONResponse * Do not rely on DataResponse magic. We want JSON so use JSON * Fix tests
10 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
Do not print exception message In case of an error the error message often contains sensitive data such as the full path which potentially leads to a full path disclosure. Thus the error message should not directly get displayed to the user and instead be logged.
10 years ago
AvatarController use proper JSONResponse * Do not rely on DataResponse magic. We want JSON so use JSON * Fix tests
10 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
AvatarController use proper JSONResponse * Do not rely on DataResponse magic. We want JSON so use JSON * Fix tests
10 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
AvatarController use proper JSONResponse * Do not rely on DataResponse magic. We want JSON so use JSON * Fix tests
10 years ago
Fix (array) indent style to always use one tab Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
Improve OC_Image code to not guess the type of input, but actually request the specific methods to be called Followup to #7836 Signed-off-by: Morris Jobke <hey@morrisjobke.de>
8 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
Add `no-store` to AppFramework
11 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
Fix AvatarController Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
9 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
AvatarController use proper JSONResponse * Do not rely on DataResponse magic. We want JSON so use JSON * Fix tests
10 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
AvatarController use proper JSONResponse * Do not rely on DataResponse magic. We want JSON so use JSON * Fix tests
10 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
AvatarController use proper JSONResponse * Do not rely on DataResponse magic. We want JSON so use JSON * Fix tests
10 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
AvatarController use proper JSONResponse * Do not rely on DataResponse magic. We want JSON so use JSON * Fix tests
10 years ago
Fix (array) indent style to always use one tab Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
Improve OC_Image code to not guess the type of input, but actually request the specific methods to be called Followup to #7836 Signed-off-by: Morris Jobke <hey@morrisjobke.de>
8 years ago
Fix AvatarController Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
9 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
AvatarController cleanup * Use all DI components * Let the AppFramework resolve the AvatarController * Update unit tests * Unit tests no longer require DB
10 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
AvatarController use proper JSONResponse * Do not rely on DataResponse magic. We want JSON so use JSON * Fix tests
10 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
AvatarController use proper JSONResponse * Do not rely on DataResponse magic. We want JSON so use JSON * Fix tests
10 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
Do not print exception message In case of an error the error message often contains sensitive data such as the full path which potentially leads to a full path disclosure. Thus the error message should not directly get displayed to the user and instead be logged.
10 years ago
AvatarController use proper JSONResponse * Do not rely on DataResponse magic. We want JSON so use JSON * Fix tests
10 years ago
Avatar controller moved to AppFrameWork * Original avatarcontroller migrated to the appframework * Added DataDisplayResponse that show data inline in the browser (used to retrun the image) * Removed some unneeded code * Added unit tests for the avatarcontroller
11 years ago
  1. <?php
  2. /**
  3. * @copyright Copyright (c) 2016, ownCloud, Inc.
  4. *
  5. * @author Christoph Wurst <christoph@winzerhof-wurst.at>
  6. * @author Daniel Kesselberg <mail@danielkesselberg.de>
  7. * @author Joas Schilling <coding@schilljs.com>
  8. * @author John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
  9. * @author Lukas Reschke <lukas@statuscode.ch>
  10. * @author Morris Jobke <hey@morrisjobke.de>
  11. * @author Roeland Jago Douma <roeland@famdouma.nl>
  12. * @author Thomas Müller <thomas.mueller@tmit.eu>
  13. * @author Vincent Petry <vincent@nextcloud.com>
  14. *
  15. * @license AGPL-3.0
  16. *
  17. * This code is free software: you can redistribute it and/or modify
  18. * it under the terms of the GNU Affero General Public License, version 3,
  19. * as published by the Free Software Foundation.
  20. *
  21. * This program is distributed in the hope that it will be useful,
  22. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  23. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  24. * GNU Affero General Public License for more details.
  25. *
  26. * You should have received a copy of the GNU Affero General Public License, version 3,
  27. * along with this program. If not, see <http://www.gnu.org/licenses/>
  28. *
  29. */
  31. namespace OC\Core\Controller;
  33. use OC\AppFramework\Utility\TimeFactory;
  34. use OCP\AppFramework\Controller;
  35. use OCP\AppFramework\Http;
  36. use OCP\AppFramework\Http\DataDisplayResponse;
  37. use OCP\AppFramework\Http\FileDisplayResponse;
  38. use OCP\AppFramework\Http\JSONResponse;
  39. use OCP\Files\File;
  40. use OCP\Files\IRootFolder;
  41. use OCP\IAvatarManager;
  42. use OCP\ICache;
  43. use OCP\IL10N;
  44. use OCP\ILogger;
  45. use OCP\IRequest;
  46. use OCP\IUserManager;
  47. use OCP\IUserSession;
  49. /**
  50. * Class AvatarController
  51. *
  52. * @package OC\Core\Controller
  53. */
  54. class AvatarController extends Controller {
  56. /** @var IAvatarManager */
  57. protected $avatarManager;
  59. /** @var ICache */
  60. protected $cache;
  62. /** @var IL10N */
  63. protected $l;
  65. /** @var IUserManager */
  66. protected $userManager;
  68. /** @var IUserSession */
  69. protected $userSession;
  71. /** @var IRootFolder */
  72. protected $rootFolder;
  74. /** @var ILogger */
  75. protected $logger;
  77. /** @var string */
  78. protected $userId;
  80. /** @var TimeFactory */
  81. protected $timeFactory;
  83. public function __construct($appName,
  84. IRequest $request,
  85. IAvatarManager $avatarManager,
  86. ICache $cache,
  87. IL10N $l10n,
  88. IUserManager $userManager,
  89. IRootFolder $rootFolder,
  90. ILogger $logger,
  91. $userId,
  92. TimeFactory $timeFactory) {
  93. parent::__construct($appName, $request);
  95. $this->avatarManager = $avatarManager;
  96. $this->cache = $cache;
  97. $this->l = $l10n;
  98. $this->userManager = $userManager;
  99. $this->rootFolder = $rootFolder;
  100. $this->logger = $logger;
  101. $this->userId = $userId;
  102. $this->timeFactory = $timeFactory;
  103. }
  106. /**
  107. * @NoAdminRequired
  108. * @NoCSRFRequired
  109. * @NoSameSiteCookieRequired
  110. * @PublicPage
  111. *
  112. * @param string $userId
  113. * @param int $size
  114. * @return JSONResponse|FileDisplayResponse
  115. */
  116. public function getAvatar($userId, $size) {
  117. // min/max size
  118. if ($size > 2048) {
  119. $size = 2048;
  120. } elseif ($size <= 0) {
  121. $size = 64;
  122. }
  124. try {
  125. $avatar = $this->avatarManager->getAvatar($userId);
  126. $avatarFile = $avatar->getFile($size);
  127. $response = new FileDisplayResponse(
  128. $avatarFile,
  129. Http::STATUS_OK,
  130. ['Content-Type' => $avatarFile->getMimeType(), 'X-NC-IsCustomAvatar' => (int)$avatar->isCustomAvatar()]
  131. );
  132. } catch (\Exception $e) {
  133. return new JSONResponse([], Http::STATUS_NOT_FOUND);
  134. }
  136. // Cache for 1 day
  137. $response->cacheFor(60 * 60 * 24);
  138. return $response;
  139. }
  141. /**
  142. * @NoAdminRequired
  143. *
  144. * @param string $path
  145. * @return JSONResponse
  146. */
  147. public function postAvatar($path) {
  148. $files = $this->request->getUploadedFile('files');
  150. if (isset($path)) {
  151. $path = stripslashes($path);
  152. $userFolder = $this->rootFolder->getUserFolder($this->userId);
  153. /** @var File $node */
  154. $node = $userFolder->get($path);
  155. if (!($node instanceof File)) {
  156. return new JSONResponse(['data' => ['message' => $this->l->t('Please select a file.')]]);
  157. }
  158. if ($node->getSize() > 20 * 1024 * 1024) {
  159. return new JSONResponse(
  160. ['data' => ['message' => $this->l->t('File is too big')]],
  161. Http::STATUS_BAD_REQUEST
  162. );
  163. }
  165. if ($node->getMimeType() !== 'image/jpeg' && $node->getMimeType() !== 'image/png') {
  166. return new JSONResponse(
  167. ['data' => ['message' => $this->l->t('The selected file is not an image.')]],
  168. Http::STATUS_BAD_REQUEST
  169. );
  170. }
  172. try {
  173. $content = $node->getContent();
  174. } catch (\OCP\Files\NotPermittedException $e) {
  175. return new JSONResponse(
  176. ['data' => ['message' => $this->l->t('The selected file cannot be read.')]],
  177. Http::STATUS_BAD_REQUEST
  178. );
  179. }
  180. } elseif (!is_null($files)) {
  181. if (
  182. $files['error'][0] === 0 &&
  183. is_uploaded_file($files['tmp_name'][0]) &&
  184. !\OC\Files\Filesystem::isFileBlacklisted($files['tmp_name'][0])
  185. ) {
  186. if ($files['size'][0] > 20 * 1024 * 1024) {
  187. return new JSONResponse(
  188. ['data' => ['message' => $this->l->t('File is too big')]],
  189. Http::STATUS_BAD_REQUEST
  190. );
  191. }
  192. $this->cache->set('avatar_upload', file_get_contents($files['tmp_name'][0]), 7200);
  193. $content = $this->cache->get('avatar_upload');
  194. unlink($files['tmp_name'][0]);
  195. } else {
  196. $phpFileUploadErrors = [
  197. UPLOAD_ERR_OK => $this->l->t('The file was uploaded'),
  198. UPLOAD_ERR_INI_SIZE => $this->l->t('The uploaded file exceeds the upload_max_filesize directive in php.ini'),
  199. UPLOAD_ERR_FORM_SIZE => $this->l->t('The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form'),
  200. UPLOAD_ERR_PARTIAL => $this->l->t('The file was only partially uploaded'),
  201. UPLOAD_ERR_NO_FILE => $this->l->t('No file was uploaded'),
  202. UPLOAD_ERR_NO_TMP_DIR => $this->l->t('Missing a temporary folder'),
  203. UPLOAD_ERR_CANT_WRITE => $this->l->t('Could not write file to disk'),
  204. UPLOAD_ERR_EXTENSION => $this->l->t('A PHP extension stopped the file upload'),
  205. ];
  206. $message = $phpFileUploadErrors[$files['error'][0]] ?? $this->l->t('Invalid file provided');
  207. $this->logger->warning($message, ['app' => 'core']);
  208. return new JSONResponse(
  209. ['data' => ['message' => $message]],
  210. Http::STATUS_BAD_REQUEST
  211. );
  212. }
  213. } else {
  214. //Add imgfile
  215. return new JSONResponse(
  216. ['data' => ['message' => $this->l->t('No image or file provided')]],
  217. Http::STATUS_BAD_REQUEST
  218. );
  219. }
  221. try {
  222. $image = new \OC_Image();
  223. $image->loadFromData($content);
  224. $image->readExif($content);
  225. $image->fixOrientation();
  227. if ($image->valid()) {
  228. $mimeType = $image->mimeType();
  229. if ($mimeType !== 'image/jpeg' && $mimeType !== 'image/png') {
  230. return new JSONResponse(
  231. ['data' => ['message' => $this->l->t('Unknown filetype')]],
  232. Http::STATUS_OK
  233. );
  234. }
  236. $this->cache->set('tmpAvatar', $image->data(), 7200);
  237. return new JSONResponse(
  238. ['data' => 'notsquare'],
  239. Http::STATUS_OK
  240. );
  241. } else {
  242. return new JSONResponse(
  243. ['data' => ['message' => $this->l->t('Invalid image')]],
  244. Http::STATUS_OK
  245. );
  246. }
  247. } catch (\Exception $e) {
  248. $this->logger->logException($e, ['app' => 'core']);
  249. return new JSONResponse(['data' => ['message' => $this->l->t('An error occurred. Please contact your admin.')]], Http::STATUS_OK);
  250. }
  251. }
  253. /**
  254. * @NoAdminRequired
  255. *
  256. * @return JSONResponse
  257. */
  258. public function deleteAvatar() {
  259. try {
  260. $avatar = $this->avatarManager->getAvatar($this->userId);
  261. $avatar->remove();
  262. return new JSONResponse();
  263. } catch (\Exception $e) {
  264. $this->logger->logException($e, ['app' => 'core']);
  265. return new JSONResponse(['data' => ['message' => $this->l->t('An error occurred. Please contact your admin.')]], Http::STATUS_BAD_REQUEST);
  266. }
  267. }
  269. /**
  270. * @NoAdminRequired
  271. *
  272. * @return JSONResponse|DataDisplayResponse
  273. */
  274. public function getTmpAvatar() {
  275. $tmpAvatar = $this->cache->get('tmpAvatar');
  276. if (is_null($tmpAvatar)) {
  277. return new JSONResponse(['data' => [
  278. 'message' => $this->l->t("No temporary profile picture available, try again")
  279. ]],
  280. Http::STATUS_NOT_FOUND);
  281. }
  283. $image = new \OC_Image();
  284. $image->loadFromData($tmpAvatar);
  286. $resp = new DataDisplayResponse($image->data(),
  287. Http::STATUS_OK,
  288. ['Content-Type' => $image->mimeType()]);
  290. $resp->setETag((string)crc32($image->data()));
  291. $resp->cacheFor(0);
  292. $resp->setLastModified(new \DateTime('now', new \DateTimeZone('GMT')));
  293. return $resp;
  294. }
  296. /**
  297. * @NoAdminRequired
  298. *
  299. * @param array $crop
  300. * @return JSONResponse
  301. */
  302. public function postCroppedAvatar($crop) {
  303. if (is_null($crop)) {
  304. return new JSONResponse(['data' => ['message' => $this->l->t("No crop data provided")]],
  305. Http::STATUS_BAD_REQUEST);
  306. }
  308. if (!isset($crop['x'], $crop['y'], $crop['w'], $crop['h'])) {
  309. return new JSONResponse(['data' => ['message' => $this->l->t("No valid crop data provided")]],
  310. Http::STATUS_BAD_REQUEST);
  311. }
  313. $tmpAvatar = $this->cache->get('tmpAvatar');
  314. if (is_null($tmpAvatar)) {
  315. return new JSONResponse(['data' => [
  316. 'message' => $this->l->t("No temporary profile picture available, try again")
  317. ]],
  318. Http::STATUS_BAD_REQUEST);
  319. }
  321. $image = new \OC_Image();
  322. $image->loadFromData($tmpAvatar);
  323. $image->crop($crop['x'], $crop['y'], (int)round($crop['w']), (int)round($crop['h']));
  324. try {
  325. $avatar = $this->avatarManager->getAvatar($this->userId);
  326. $avatar->set($image);
  327. // Clean up
  328. $this->cache->remove('tmpAvatar');
  329. return new JSONResponse(['status' => 'success']);
  330. } catch (\OC\NotSquareException $e) {
  331. return new JSONResponse(['data' => ['message' => $this->l->t('Crop is not square')]],
  332. Http::STATUS_BAD_REQUEST);
  333. } catch (\Exception $e) {
  334. $this->logger->logException($e, ['app' => 'core']);
  335. return new JSONResponse(['data' => ['message' => $this->l->t('An error occurred. Please contact your admin.')]], Http::STATUS_BAD_REQUEST);
  336. }
  337. }
  338. }