Changes in 1.0.0

Summary

Bugfix - Enable scrolling in accounts list: #909
Bugfix - Add missing env vars to docker compose: #392
Bugfix - Don't enforce empty external apps slice: #473
Bugfix - Lower Bound was not working for the cs3 api index implementation: #741
Bugfix - Accounts config sometimes being overwritten: #808
Bugfix - Make settings service start without go coroutines: #835
Bugfix - Fix button layout after phoenix update: #625
Bugfix - Fix choose account dialogue: #846
Bugfix - Fix id or username query handling: #745
Bugfix - Fix konnectd build: #809
Bugfix - Fix path of files shared with me in ocs api: #204
Bugfix - Use micro default client: #718
Bugfix - Allow consent-prompt with switch-account: #788
Bugfix - Mint token with uid and gid: #737
Bugfix - Serve index.html for directories: #912
Bugfix - Don't create account if id/mail/username already taken: #709
Bugfix - Fix director selection in proxy: #521
Bugfix - Permission checks for settings write access: #1092
Bugfix - Fix minor ui bugs: #1043
Bugfix - Disable public link expiration by default: #987
Bugfix - Build docker images with alpine:latest instead of alpine:edge: #416
Change - Accounts UI shows message when no permissions: #656
Change - Cache password validation: #958
Change - Filesystem based index: #709
Change - Rebuild index command for accounts: #748
Change - Add the thumbnails command: #156
Change - CS3 can be used as accounts-backend: #1020
Change - Use bcrypt to hash the user passwords: #510
Change - Replace the library which scales the images: #910
Change - Choose disk or cs3 storage for accounts and groups: #623
Change - Enable OpenID dynamic client registration: #811
Change - Integrate import command from ocis-migration: #249
Change - Improve reva service descriptions: #536
Change - Initial release of basic version: #2
Change - Add cli-commands to manage accounts: #115
Change - Start ocis-accounts with the ocis server command: #25
Change - Properly style konnectd consent page: #754
Change - Make all paths configurable and default to a common temp dir: #1080
Change - Move the indexer package from ocis/accounts to ocis/ocis-pkg: #794
Change - Switch over to a new custom-built runtime: #287
Change - Move ocis default config to root level: #842
Change - Remove username field in OCS: #709
Change - Account management permissions for Admin role: #124
Change - Update phoenix to v0.18.0: #651
Change - Default apps in ownCloud Web: #688
Change - Proxy allow insecure upstreams: #1007
Change - Make ocis-settings available: #287
Change - Start ocis-proxy with the ocis server command: #119
Change - Theme welcome and choose account pages: #887
Change - Bring oC theme: #698
Change - Unify Configuration Parsing: #675
Change - Update phoenix to v0.20.0: #674
Change - Update phoenix to v0.21.0: #728
Change - Update phoenix to v0.22.0: #757
Change - Update phoenix to v0.23.0: #785
Change - Update phoenix to v0.24.0: #817
Change - Update phoenix to v0.25.0: #868
Change - Update phoenix to v0.26.0: #935
Change - Update phoenix to v0.27.0: #943
Change - Update phoenix to v0.28.0: #1027
Change - Update phoenix to v0.29.0: #1034
Change - Update reva config: #336
Change - Update reva to v1.4.1-0.20201209113234-e791b5599a89: #1089
Change - Clarify storage driver env vars: #729
Change - Update ownCloud Web to v1.0.0-beta3: #1105
Change - Update ownCloud Web to v1.0.0-beta4: #1110
Change - Settings and accounts appear in the user menu: #656
Enhancement - Add tracing to the accounts service: #1016
Enhancement - Add the accounts service: #244
Enhancement - Add basic auth option: #627
Enhancement - Document how to run OCIS on top of EOS: #172
Enhancement - Add the glauth service: #244
Enhancement - Add k6: #941
Enhancement - Add the konnectd service: #244
Enhancement - Add the ocis-phoenix service: #244
Enhancement - Add the ocis-pkg package: #244
Enhancement - Add the ocs service: #244
Enhancement - Add the proxy service: #244
Enhancement - Add the settings service: #244
Enhancement - Add the storage service: #244
Enhancement - Add the store service: #244
Enhancement - Add the thumbnails service: #244
Enhancement - Add a command to list the versions of running instances: #226
Enhancement - Add the webdav service: #244
Enhancement - Better adopt Go-Micro: #840
Enhancement - Add permission check when assigning and removing roles: #879
Enhancement - Create OnlyOffice extension: #857
Enhancement - Show basic-auth warning only once: #886
Enhancement - Add glauth fallback backend: #649
Enhancement - Tidy dependencies: #845
Enhancement - Launch a storage to store ocis-metadata: #602
Enhancement - Add a version command to ocis: #915
Enhancement - Create a proxy access-log: #889
Enhancement - Cache userinfo in proxy: #877
Enhancement - Update reva to v1.4.1-0.20201125144025-57da0c27434c: #1320
Enhancement - Runtime Cleanup: #1066
Enhancement - Update OCIS Runtime: #1108
Enhancement - Simplify tracing config: #92
Enhancement - Update glauth to dev fd3ac7e4bbdc93578655d9a08d8e23f105aaa5b2: #834
Enhancement - Update glauth to dev 4f029234b2308: #786
Enhancement - Update konnectd to v0.33.8: #744
Enhancement - Update reva to v1.4.1-0.20201123062044-b2c4af4e897d: #823
Enhancement - Update reva to v1.4.1-0.20201130061320-ac85e68e0600: #980
Enhancement - Update reva to cdb3d66: #748
Enhancement - Update reva to dd3a8c0: #725
Enhancement - Update reva to v1.4.1-0.20201127111856-e6a6212c1b7b: #971
Enhancement - Update reva to 063b3db9162b: #1091
Enhancement - Add www-authenticate based on user agent: #1009

Details

Bugfix - Enable scrolling in accounts list: #909

Tags: accounts

We've fixed the accounts list to enable scrolling.

#909
Bugfix - Add missing env vars to docker compose: #392

Tags: docker

Without setting REVA_FRONTEND_URL and REVA_DATAGATEWAY_URL uploads would default to
locahost and fail if OCIS_DOMAIN was used to run ocis on a remote host.

#392
Bugfix - Don't enforce empty external apps slice: #473

Tags: web

The command for ocis-phoenix enforced an empty external apps configuration. This was
removed, as it was blocking a new set of default external apps in ocis-phoenix.

#473
Bugfix - Lower Bound was not working for the cs3 api index implementation: #741

Tags: accounts

Lower bound working on the cs3 index implementation

#741
Bugfix - Accounts config sometimes being overwritten: #808

Tags: accounts

Sometimes when running the accounts extensions flags were not being taken into
consideration.

#808
Bugfix - Make settings service start without go coroutines: #835

The go routines cause a race condition that sometimes causes the tests to fail. The ListRoles
request would not return all permissions.

#835
Bugfix - Fix button layout after phoenix update: #625

Tags: accounts

With the phoenix update to v0.17.0 a new ODS version was released which has a breaking change for
buttons regarding their layouting. We adjusted the button layout in the accounts UI
accordingly.

#625
Bugfix - Fix choose account dialogue: #846

Tags: konnectd

We've fixed the choose account dialogue in konnectd bug that the user hasn't been logged in
after selecting account.

#846
Bugfix - Fix id or username query handling: #745

Tags: accounts

The code was stopping execution when encountering an error while loading an account by id. But
for or queries we can continue execution.

#745
Bugfix - Fix konnectd build: #809

Tags: konnectd

We fixed the default config for konnectd and updated the Makefile to include the yarn installand yarn build steps if the static assets are missing.

#809
Bugfix - Fix path of files shared with me in ocs api: #204

The path of files shared with me using the ocs api was pointing to an incorrect location.

owncloud/product#204
#994
Bugfix - Use micro default client: #718

Tags: glauth

We found a file descriptor leak in the glauth connections to the accounts service. Fixed it by
using the micro default client.

#718
Bugfix - Allow consent-prompt with switch-account: #788

Multiple prompt values are allowed and this change fixes the check for select_account if it was
used together with other prompt values. Where select_account previously was ignored, it is
now processed as required, fixing the use case when a RP wants to trigger select_account first
while at the same time wants also to request interactive consent.

#788
Bugfix - Mint token with uid and gid: #737

Tags: accounts

The eos driver expects the uid and gid from the opaque map of a user. While the proxy does mint
tokens correctly, the accounts service wasn't.

#737
Bugfix - Serve index.html for directories: #912

The static middleware in ocis-pkg now serves index.html instead of returning 404 on paths with
a trailing /.

owncloud/ocis-pkg#63
#912
Bugfix - Don't create account if id/mail/username already taken: #709

Tags: accounts

We don't allow anymore to create a new account if the provided id/mail/username is already
taken.

#709
Bugfix - Fix director selection in proxy: #521

Tags: proxy

We fixed a bug in ocis-proxy where simultaneous requests could be executed on the wrong
backend.

#521
owncloud/ocis-proxy#99
Bugfix - Permission checks for settings write access: #1092

Tags: settings

There were several endpoints with write access to the settings service that were not protected
by permission checks. We introduced a generic settings management permission to fix this for
now. Will be more fine grained later on.

#1092
Bugfix - Fix minor ui bugs: #1043
- the ui haven't updated the language of the items in the settings view menu. Now we listen to the
  selected language and update the ui - deduplicate resetMenuItems call
#1043
#1044
Bugfix - Disable public link expiration by default: #987

Tags: storage

The public link expiration was enabled by default and didn't have a default expiration span by
default, which resulted in already expired public links coming from the public link quick
action. We fixed this by disabling the public link expiration by default.

#987
#1035
Bugfix - Build docker images with alpine:latest instead of alpine:edge: #416

Tags: docker

ARM builds were failing when built on alpine:edge, so we switched to alpine:latest instead.

#416
Change - Accounts UI shows message when no permissions: #656

We improved the UX of the accounts UI by showing a message information the user about missing
permissions when the accounts or roles fail to load. This was showing an indeterminate
progress bar before.

#656
Change - Cache password validation: #958

Tags: accounts

The password validity check for requests like login eq '%s' and password eq '%s' is now cached
for 10 minutes. This improves the performance for basic auth requests.

#958
Change - Filesystem based index: #709

Tags: accounts, storage

We replaced bleve with a new filesystem based index implementation. There is an indexer
which is capable of orchestrating different index types to build indices on documents by
field. You can choose from the index types unique, non-unique or autoincrement.
Indices can be utilized to run search queries (full matches or globbing) on document fields.
The accounts service is using this index internally to run the search queries coming in via
ListAccounts and ListGroups and to generate UIDs for new accounts as well as GIDs for new
groups.

The accounts service can be configured to store the index on the local FS / a NFS (disk
implementation of the index) or to use an arbitrary storage ( cs3 implementation of the
index). cs3 is the new default, which is configured to use the metadata storage.

#709
Change - Rebuild index command for accounts: #748

Tags: accounts

The index for the accounts service can now be rebuilt by running the cli command ./bin/ocis accounts rebuild. It deletes all configured indices and rebuilds them from the documents
found on storage. For this we also introduced a LoadAccounts and LoadGroups function on
storage for loading all existing documents.

#748
Change - Add the thumbnails command: #156

Tags: thumbnails

Added the thumbnails command so that the thumbnails service can get started via ocis.

#156
Change - CS3 can be used as accounts-backend: #1020

Tags: proxy

PROXY_ACCOUNT_BACKEND_TYPE=cs3 PROXY_ACCOUNT_BACKEND_TYPE=accounts (default)

By using a backend which implements the CS3 user-api (currently provided by reva/storage) it
is possible to bypass the ocis-accounts service and for example use ldap directly.

#1020
Change - Use bcrypt to hash the user passwords: #510

Change the hashing algorithm from SHA-512 to bcrypt since the latter is better suitable for
password hashing. This is a breaking change. Existing deployments need to regenerate the
accounts folder.

#510
Change - Replace the library which scales the images: #910

The library went out of support. Also did some refactoring of the thumbnails service code.

#910
Change - Choose disk or cs3 storage for accounts and groups: #623

Tags: accounts

The accounts service now has an abstraction layer for the storage. In addition to the local disk
implementation we implemented a cs3 storage, which is the new default for the accounts
service.

#623
Change - Enable OpenID dynamic client registration: #811

Enable OpenID dynamic client registration

#811
#813
Change - Integrate import command from ocis-migration: #249

Tags: migration

#249
https://github.com/owncloud/ocis-migration
Change - Improve reva service descriptions: #536

Tags: docs

The descriptions make it clearer that the services actually represent a mount point in the
combined storage. Each mount point can have a different driver.

#536
Change - Initial release of basic version: #2

Just prepared an initial basic version which simply embeds the minimum of required services in
the context of the ownCloud Infinite Scale project.

#2
Change - Add cli-commands to manage accounts: #115

Tags: accounts

COMMANDS:
- list, ls List existing accounts
- add, create Create a new account
- update Make changes to an existing account
- remove, rm Removes an existing account
- inspect Show detailed data on an existing account
- help, h Shows a list of commands or help for one command
owncloud/product#115
Change - Start ocis-accounts with the ocis server command: #25

Tags: accounts

Starts ocis-accounts in single binary mode (./ocis server). This service stores the
user-account information.

owncloud/product#25
https://github.com/owncloud/ocis/pull/239/files
Change - Properly style konnectd consent page: #754

Tags: konnectd

After bringing our theme into konnectd, we've had to adjust the styles of the consent page so the
text is visible and button reflects our theme.

#754
Change - Make all paths configurable and default to a common temp dir: #1080

Aligned all services to use a dir following/var/tmp/ocis/<service>/... by default. Also
made some missing temp paths configurable via env vars and config flags.

#1080
Change - Move the indexer package from ocis/accounts to ocis/ocis-pkg: #794

We are making that change for semantic reasons. So consumers of any index don't necessarily
need to know of the accounts service.

#794
Change - Switch over to a new custom-built runtime: #287

We moved away from using the go-micro runtime and are now using our own
runtime. This allows us to spawn service processes even
when they are using different versions of go-micro. On top of that we now have the commands ocis list, ocis kill and ocis run available for service runtime management.

#287
Change - Move ocis default config to root level: #842

Tags: ocis

We moved the tracing config to the root flagset so that they are parsed on all commands. We also
introduced a JWTSecret flag in the root flagset, in order to apply a common default JWTSecret
to all services that have one.

#842
#843
Change - Remove username field in OCS: #709

Tags: ocs

We use the incoming userid as both the id and the on_premises_sam_account_name for new
accounts in the accounts service. The userid in OCS requests is in fact the username, not our
internal account id. We need to enforce the userid as our internal account id though, because
the account id is part of various path formats.

#709
#816
Change - Account management permissions for Admin role: #124

Tags: accounts, settings

We created an AccountManagement permission and added it to the default admin role. There are
permission checks in place to protected http endpoints in ocis-accounts against requests
without the permission. All existing default users (einstein, marie, richard) have the
default user role now (doesn't have the AccountManagement permission). Additionally,
there is a new default Admin user with credentials moss:vista.

Known issue: for users without the AccountManagement permission, the accounts UI
extension is still available in the ocis-web app switcher, but the requests for loading the
users will fail (as expected). We are working on a way to hide the accounts UI extension if the
user doesn't have the AccountManagement permission.

owncloud/product#124
owncloud/ocis-settings#59
owncloud/ocis-settings#66
owncloud/ocis-settings#67
owncloud/ocis-settings#69
owncloud/ocis-proxy#95
owncloud/ocis-pkg#59
owncloud/ocis-accounts#95
owncloud/ocis-accounts#100
owncloud/ocis-accounts#102
Change - Update phoenix to v0.18.0: #651

Tags: web

We updated phoenix to v0.18.0. Please refer to the changelog (linked) for details on the
phoenix release. With the ODS release brought in by phoenix we now have proper oc-checkbox and
oc-radio components for the settings and accounts UI.

#651
https://github.com/owncloud/phoenix/releases/tag/v0.18.0
https://github.com/owncloud/owncloud-design-system/releases/tag/v1.12.1
Change - Default apps in ownCloud Web: #688

Tags: web

We changed the default apps for ownCloud Web to be only files and media-viewer.
Markdown-editor and draw-io have been removed as defaults.

#688
Change - Proxy allow insecure upstreams: #1007

Tags: proxy

We can now configure the proxy if insecure upstream servers are allowed. This was added since
you need to disable certificate checks fore some situations like testing.

#1007
Change - Make ocis-settings available: #287

Tags: settings

This version delivers settings as a new service. It is part of the array of services in the
server command.

#287
Change - Start ocis-proxy with the ocis server command: #119

Tags: proxy

Starts the proxy in single binary mode (./ocis server) on port 9200. The proxy serves as a
single-entry point for all http-clients.

#119
#136
Change - Theme welcome and choose account pages: #887

Tags: konnectd

We've themed the konnectd pages Welcome and Choose account. All text has a white color now to be
easily readable on the dark background.

#887
Change - Bring oC theme: #698

Tags: konnectd

We've styled our konnectd login page to reflect ownCloud theme.

#698
Change - Unify Configuration Parsing: #675

Tags: ocis
- responsibility for config parsing should be on the subcommand - if there is a config file in the
  environment location, env var should take precedence - general rule of thumb: the more
  explicit the config file is that would be picked up. Order from less to more explicit: - config
  location (/etc/ocis) - environment variable - cli flag
#675
Change - Update phoenix to v0.20.0: #674

Tags: web

We updated phoenix to v0.20.0. Please refer to the changelog (linked) for details on the
phoenix release.

#674
https://github.com/owncloud/phoenix/releases/tag/v0.20.0
Change - Update phoenix to v0.21.0: #728

Tags: web

We updated phoenix to v0.21.0. Please refer to the changelog (linked) for details on the
phoenix release.

#728
https://github.com/owncloud/phoenix/releases/tag/v0.21.0
Change - Update phoenix to v0.22.0: #757

Tags: web

We updated phoenix to v0.22.0. Please refer to the changelog (linked) for details on the
phoenix release.

#757
https://github.com/owncloud/phoenix/releases/tag/v0.22.0
Change - Update phoenix to v0.23.0: #785

Tags: web

We updated phoenix to v0.23.0. Please refer to the changelog (linked) for details on the
phoenix release.

#785
https://github.com/owncloud/phoenix/releases/tag/v0.23.0
Change - Update phoenix to v0.24.0: #817

Tags: web

We updated phoenix to v0.24.0. Please refer to the changelog (linked) for details on the
phoenix release.

#817
https://github.com/owncloud/phoenix/releases/tag/v0.24.0
Change - Update phoenix to v0.25.0: #868

Tags: web

We updated phoenix to v0.25.0. Please refer to the changelog (linked) for details on the
phoenix release.

#868
https://github.com/owncloud/phoenix/releases/tag/v0.25.0
Change - Update phoenix to v0.26.0: #935

Tags: web

We updated phoenix to v0.26.0. Please refer to the changelog (linked) for details on the
phoenix release.

#935
https://github.com/owncloud/phoenix/releases/tag/v0.26.0
Change - Update phoenix to v0.27.0: #943

Tags: web

We updated phoenix to v0.27.0. Please refer to the changelog (linked) for details on the
phoenix release.

#943
https://github.com/owncloud/phoenix/releases/tag/v0.27.0
Change - Update phoenix to v0.28.0: #1027

Tags: web

We updated phoenix to v0.28.0. Please refer to the changelog (linked) for details on the
phoenix release.

#1027
https://github.com/owncloud/phoenix/releases/tag/v0.28.0
Change - Update phoenix to v0.29.0: #1034

Tags: web

We updated phoenix to v0.29.0. Please refer to the changelog (linked) for details on the
phoenix release.

#1034
https://github.com/owncloud/phoenix/releases/tag/v0.29.0
Change - Update reva config: #336
- EOS homes are not configured with an enable-flag anymore, but with a dedicated storage driver.
- We're using it now and adapted default configs of storages
#336
#337
#338
https://github.com/owncloud/ocis-reva/pull/891
Change - Update reva to v1.4.1-0.20201209113234-e791b5599a89: #1089

Updated reva to v1.4.1-0.20201209113234-e791b5599a89

#1089
Change - Clarify storage driver env vars: #729

After renaming ocsi-reva to storage and combining the storage and data providers some env vars
were confusingly named STORAGE_STORAGE_.... We are changing the prefix for driver related
env vars to STORAGE_DRIVER_.... This makes changing the storage driver using eg.:
STORAGE_HOME_DRIVER=eos and setting driver options using
STORAGE_DRIVER_EOS_LAYOUT=... less confusing.

#729
Change - Update ownCloud Web to v1.0.0-beta3: #1105

Tags: web

We updated ownCloud Web to v1.0.0-beta3. Please refer to the changelog (linked) for details on
the web release.

#1105
https://github.com/owncloud/phoenix/releases/tag/v1.0.0-beta3
Change - Update ownCloud Web to v1.0.0-beta4: #1110

Tags: web

We updated ownCloud Web to v1.0.0-beta4. Please refer to the changelog (linked) for details on
the web release.

#1110
https://github.com/owncloud/phoenix/releases/tag/v1.0.0-beta4
Change - Settings and accounts appear in the user menu: #656

We moved settings and accounts to the user menu.

#656
Enhancement - Add tracing to the accounts service: #1016

Added tracing to the accounts service.

#1016
Enhancement - Add the accounts service: #244

Tags: accounts
- Bugfix - Initialize roleService client in GRPC server: #114
- Bugfix - Cleanup separated indices in memory: #224
- Change - Set user role on builtin users: #102
- Change - Add new builtin admin user: #102
- Change - We make use of the roles cache to enforce permission checks: #100
- Change - We make use of the roles manager to enforce permission checks: #108
- Enhancement - Add create account form: #148
- Enhancement - Add delete accounts action: #148
- Enhancement - Add enable/disable capabilities to the WebUI: #118
- Enhancement - Improve visual appearance of accounts UI: #222
- Bugfix - Adapting to new settings API for fetching roles: #96
- Change - Create account api-call implicitly adds "default-user" role: #173
- Change - Add role selection to accounts UI: #103
- Bugfix - Atomic Requests: #82
- Bugfix - Unescape value for prefix query: #76
- Change - Adapt to new ocis-settings data model: #87
- Change - Add permissions for language to default roles: #88
- Bugfix - Add write mutexes: #71
- Bugfix - Fix the accountId and groupId mismatch in DeleteGroup Method: #60
- Bugfix - Fix index mapping: #73
- Bugfix - Use NewNumericRangeInclusiveQuery for numeric literals: #28
- Bugfix - Prevent segfault when no password is set: #65
- Bugfix - Update account return value not used: #70
- Bugfix - Build docker images with alpine:latest instead of alpine:edge: #64
- Change - Align structure of this extension with other extensions: #51
- Change - Change api errors: #11
- Change - Enable accounts on creation: #43
- Change - Fix index update on create/update: #57
- Change - Pass around the correct logger throughout the code: #41
- Change - Remove timezone setting: #33
- Change - Tighten screws on usernames and email addresses: #65
- Enhancement - Add early version of cli tools for user-management: #69
- Enhancement - Update accounts API: #30
- Enhancement - Add simple user listing UI: #51
- Enhancement - Logging is configurable: #24
- Change - Initial release of basic version: #1
- Enhancement - Configuration: #15
owncloud/product#244
Enhancement - Add basic auth option: #627

We added a new enable-basic-auth option and PROXY_ENABLE_BASIC_AUTH environment
variable that can be set to true to make the proxy verify the basic auth header with the
accounts service. This should only be used for testing and development and is disabled by
default.

owncloud/product#198
#627
Enhancement - Document how to run OCIS on top of EOS: #172

Tags: eos

We have added rules to the Makefile that use the official eos docker
images to boot an eos cluster and configure OCIS
to use it.

#172
Enhancement - Add the glauth service: #244

Tags: glauth
- Bugfix - Return invalid credentials when user was not found: #30
- Bugfix - Query numeric attribute values without quotes: #28
- Bugfix - Use searchBaseDN if already a user/group name: #214
- Bugfix - Fix LDAP substring startswith filters: #31
- Enhancement - Add build information to the metrics: #226
- Enhancement - Reenable configuring backends: #600
- Bugfix - Ignore case when comparing objectclass values: #26
- Bugfix - Build docker images with alpine:latest instead of alpine:edge: #24
- Enhancement - Handle ownCloudUUID attribute: #27
- Enhancement - Implement group queries: #22
- Enhancement - Configuration: #11
- Enhancement - Improve default settings: #12
- Enhancement - Generate temporary ldap certificates if LDAPS is enabled: #12
- Enhancement - Provide additional tls-endpoint: #12
- Change - Use physicist demo users: #5
- Change - Default to config based user backend: #6
owncloud/product#244
Enhancement - Add k6: #941

Tags: tests

Add k6 as a performance testing framework

#941
#983
Enhancement - Add the konnectd service: #244

Tags: konnectd
- Enhancement - Add version command: #226
- Bugfix - Add silent redirect url: #69
- Bugfix - Build docker images with alpine:latest instead of alpine:edge: #71
- Bugfix - Include the assets for #62: #64
- Bugfix - Redirect to the provided uri: #26
- Change - Add a trailing slash to trusted redirect uris: #26
- Change - Improve client identifiers for end users: #62
- Enhancement - Use upstream version of konnect library: #14
- Enhancement - Change default config for single-binary: #55
- Bugfix - Generate a random CSP-Nonce in the webapp: #17
- Change - Dummy index.html is not required anymore by upstream: #25
- Change - Initial release of basic version: #1
- Change - Use glauth as ldap backend, default to running behind ocis-proxy: #52
owncloud/product#244
Enhancement - Add the ocis-phoenix service: #244

Tags: web
- Bugfix - Fix external app URLs: #218
- Change - Remove pdf-viewer from default apps: #85
- Change - Enable Settings and Accounts apps by default: #80
- Bugfix - Exit when assets or config are not found: #76
- Bugfix - Build docker images with alpine:latest instead of alpine:edge: #73
- Change - Hide searchbar by default: #116
- Bugfix - Allow silent refresh of access token: #69
- Change - Update Phoenix: #60
- Enhancement - Configuration: #57
- Bugfix - Config file value not being read: #45
- Change - Default to running behind ocis-proxy: #55
owncloud/product#244
Enhancement - Add the ocis-pkg package: #244

Tags: ocis-pkg
- Change - Unwrap roleIDs from access-token into metadata context: #59
- Change - Provide cache for roles: #59
- Change - Roles manager: #60
- Change - Use go-micro's metadata context for account id: #56
- Bugfix - Remove redigo 2.0.0+incompatible dependency: #33
- Change - Add middleware for x-access-token distmantling: #46
- Enhancement - Add ocis.id and numeric id claims: #50
- Bugfix - Pass flags to micro service: #44
- Change - Add header to cors handler: #41
- Enhancement - Tracing middleware: #35
- Enhancement - Allow http services to register handlers: #33
- Change - Upgrade the micro libraries: #22
- Bugfix - Fix Module Path: #25
- Bugfix - Change import paths to ocis-pkg/v2: #27
- Bugfix - Fix serving static assets: #14
- Change - Add TLS support for http services: #19
- Enhancement - Introduce OpenID Connect middleware: #8
- Change - Add root path to static middleware: #9
- Change - Better log level handling within micro: #2
owncloud/product#244
Enhancement - Add the ocs service: #244

Tags: ocs
- Bugfix - Match the user response to the OC10 format: #181
- Enhancement - Add version command: #226
- Bugfix - Add the top level response structure to json responses: #181
- Enhancement - Update ocis-accounts: #42
- Bugfix - Mimic oc10 user enabled as string in provisioning api: #39
- Bugfix - Use opaque ID of a user for signing keys: #436
- Enhancement - Add option to create user with uidnumber and gidnumber: #34
- Bugfix - Fix file descriptor leak: #79
- Enhancement - Add Group management for OCS Povisioning API: #25
- Enhancement - Basic Support for the User Provisioning API: #23
- Bugfix - Build docker images with alpine:latest instead of alpine:edge: #20
- Change - Initial release of basic version: #1
- Change - Upgrade micro libraries: #11
- Enhancement - Configuration: #14
- Enhancement - Support signing key: #18
owncloud/product#244
Enhancement - Add the proxy service: #244

Tags: proxy
- Bugfix - Fix director selection: #99
- Bugfix - Add settings API and app endpoints to example config: #93
- Change - Remove accounts caching: #100
- Enhancement - Add autoprovision accounts flag: #219
- Enhancement - Add hello API and app endpoints to example config and builtin config: #96
- Enhancement - Add roleIDs to the access token: #95
- Enhancement - Add version command: #226
- Enhancement - Add numeric uid and gid to the access token: #89
- Enhancement - Add configuration options for the pre-signed url middleware: #91
- Bugfix - Enable new accounts by default: #79
- Bugfix - Lookup user by id for presigned URLs: #85
- Bugfix - Build docker images with alpine:latest instead of alpine:edge: #78
- Change - Add settings and ocs group routes: #81
- Change - Add route for user provisioning API in ocis-ocs: #80
- Bugfix - Provide token configuration from config: #69
- Bugfix - Provide token configuration from config: #76
- Change - Add OIDC config flags: #66
- Change - Mint new username property in the reva token: #62
- Enhancement - Add Accounts UI routes: #65
- Enhancement - Add option to disable TLS: #71
- Enhancement - Only send create home request if an account has been migrated: #52
- Enhancement - Create a root span on proxy that propagates down to consumers: #64
- Enhancement - Support signed URLs: #73
- Bugfix - Accounts service response was ignored: #43
- Bugfix - Fix x-access-token in header: #41
- Change - Point /data endpoint to reva frontend: #45
- Change - Send autocreate home request to reva gateway: #51
- Change - Update to new accounts API: #39
- Enhancement - Retrieve Account UUID From User Claims: #36
- Enhancement - Create account if it doesn't exist in ocis-accounts: #55
- Enhancement - Disable keep-alive on server-side OIDC requests: #268
- Enhancement - Make jwt secret configurable: #41
- Enhancement - Respect account_enabled flag: #53
- Change - Update ocis-pkg: #30
- Change - Insecure http-requests are now redirected to https: #29
- Enhancement - Configurable OpenID Connect client: #27
- Enhancement - Add policy selectors: #4
- Bugfix - Set TLS-Certificate correctly: #25
- Change - Route requests based on regex or query parameters: #21
- Enhancement - Proxy client urls in default configuration: #19
- Enhancement - Make TLS-Cert configurable: #14
- Enhancement - Load Proxy Policies at Runtime: #17
owncloud/product#244
Enhancement - Add the settings service: #244

Tags: settings
- Bugfix - Fix loading and saving system scoped values: #66
- Bugfix - Complete input validation: #66
- Change - Add filter option for bundle ids in ListBundles and ListRoles: #59
- Change - Reuse roleIDs from the metadata context: #69
- Change - Update ocis-pkg/v2: #72
- Enhancement - Add version command: #226
- Bugfix - Fix fetching bundles in settings UI: #61
- Change - Filter settings by permissions: #99
- Change - Add role service: #110
- Change - Rename endpoints and message types: #36
- Change - Use UUIDs instead of alphanumeric identifiers: #46
- Bugfix - Adjust UUID validation to be more tolerant: #41
- Bugfix - Fix runtime error when type asserting on nil value: #38
- Bugfix - Fix multiple submits on string and number form elements: #745
- Bugfix - Build docker images with alpine:latest instead of alpine:edge: #39
- Change - Dynamically add navItems for extensions with settings bundles: #25
- Change - Introduce input validation: #22
- Change - Use account uuid from x-access-token: #14
- Change - Use server config variable from ocis-web: #34
- Enhancement - Remove paths from Makefile: #33
- Enhancement - Extend the docs: #11
- Enhancement - Update ocis-pkg/v2: #42
owncloud/product#244
Enhancement - Add the storage service: #244

Tags: storage, reva
- Enhancement - Enable ocis driver treetime accounting: #620
- Enhancement - Launch a storage to store ocis-metadata: #602
In the future accounts, settings etc. should be stored in a dedicated metadata storage. The
services should talk to this storage directly, bypassing reva-gateway.

Https://github.com/owncloud/ocis/pull/602
- Enhancement - Update reva to v1.2.2-0.20200924071957-e6676516e61e: #601
- Update reva to v1.2.2-0.20200924071957-e6676516e61e - eos client: Handle eos EPERM as
  permission denied (reva/#1183) - ocis
  driver: synctime based etag propagation
  (reva/#1180) - ocis driver: fix litmus
  (reva/#1179) - ocis driver: fix move
  (reva/#1177) - ocs service: cache
  displaynames (reva/#1161)
Https://github.com/owncloud/ocis-reva/issues/262
https://github.com/owncloud/ocis-reva/issues/357
https://github.com/owncloud/ocis-reva/issues/301
https://github.com/owncloud/ocis-reva/issues/302
#601
- Bugfix - Fix default configuration for accessing shares: #205
The storage provider mounted at /home should always have EnableHome set to true. The other
storage providers should have it set to false.

Https://github.com/owncloud/product/issues/205
owncloud/ocis-reva#461
- Enhancement - Allow configuring arbitrary storage registry rules: #193
We added a new config flag storage-registry-rule that can be given multiple times for the
gateway to specify arbitrary storage registry rules. You can also use a comma separated list of
rules in the REVA_STORAGE_REGISTRY_RULES environment variable.

Https://github.com/owncloud/product/issues/193
owncloud/ocis-reva#461
- Enhancement - Update reva to v1.2.1-0.20200826162318-c0f54e1f37ea: #454
- Update reva to v1.2.1-0.20200826162318-c0f54e1f37ea - Do not swallow 'not found' errors in
  Stat (reva/#1124) - Rewire dav files to the
  home storage (reva/#1125) - Do not restore
  recycle entry on purge (reva/#1099) -
  Allow listing the trashbin (reva/#1091) -
  Restore and delete trash items via ocs
  (reva/#1103) - Ensure ignoring public
  stray shares (reva/#1090) - Ensure
  ignoring stray shares (reva/#1064) -
  Minor fixes in reva cmd, gateway uploads and smtpclient
  (reva/#1082) - Owncloud driver -
  propagate mtime on RemoveGrant
  (reva/#1115) - Handle redirection
  prefixes when extracting destination from URL
  (reva/#1111) - Add UID and GID in ldap auth
  driver (reva/#1101) - Add calens check to
  verify changelog entries in CI
  (reva/#1077) - Refactor Reva CLI with
  prompts (reva/#1072) - Get file info
  using fxids from EOS (reva/#1079) - Update
  LDAP user driver (reva/#1088) - System
  information metrics cleanup
  (reva/#1114) - System information
  included in Prometheus metrics
  (reva/#1071) - Add logic for resolving
  storage references over webdav
  (reva/#1094)
Https://github.com/owncloud/ocis-reva/pull/454
- Enhancement - Update reva to v1.2.1-0.20200911111727-51649e37df2d: #466
- Update reva to v1.2.1-0.20200911111727-51649e37df2d - Added new OCIS storage driver ocis
  (reva/#1155) - App provider: fallback to
  env. variable if 'iopsecret' unset
  (reva/#1146) - Add switch to database
  (reva/#1135) - Add the ocdav HTTP svc to the
  standalone config (reva/#1128)
Https://github.com/owncloud/ocis-reva/pull/466
- Enhancement - Separate user and auth providers, add config for rest user: #412
Previously, the auth and user provider services used to have the same driver, which restricted
using separate drivers and configs for both. This PR separates the two and adds the config for
the rest user driver and the gatewaysvc parameter to EOS fs.

Https://github.com/owncloud/ocis-reva/pull/412
cs3org/reva#995
- Enhancement - Update reva to v1.1.1-0.20200819100654-dcbf0c8ea187: #447
- Update reva to v1.1.1-0.20200819100654-dcbf0c8ea187 - fix restoring and deleting trash
  items via ocs (reva/#1103) - Add UID and GID
  in ldap auth driver (reva/#1101) - Allow
  listing the trashbin (reva/#1091) -
  Ignore Stray Public Shares (reva/#1090) -
  Implement GetUserByClaim for LDAP user driver
  (reva/#1088) - eosclient: get file info by
  fxid (reva/#1079) - Ensure stray shares
  get ignored (reva/#1064) - Improve
  timestamp precision while logging
  (reva/#1059) - Ocfs lookup userid
  (update) (reva/#1052) - Disallow sharing
  the shares directory (reva/#1051) - Local
  storage provider: Fixed resolution of fileid
  (reva/#1046) - List public shares only
  created by the current user (reva/#1042)
Https://github.com/owncloud/ocis-reva/pull/447
- Bugfix - Update LDAP filters: #399
With the separation of use and find filters we can now use a filter that taken into account a users
uuid as well as his username. This is necessary to make sharing work with the new account service
which assigns accounts an immutable account id that is different from the username.
Furthermore, the separate find filters now allows searching users by their displayname or
email as well.
```
"(&(objectclass=posixAccount)(|(ownclouduuid={{.OpaqueId}})(cn={{.OpaqueId}})))"
findfilter =
"(&(objectclass=posixAccount)(|(cn={{query}}*)(displayname={{query}}*)(mail={{query}}*)))"
```
Https://github.com/owncloud/ocis-reva/pull/399
cs3org/reva#996
- Change - Environment updates for the username userid split: #420
We updated the owncloud storage driver in reva to properly look up users by userid or username
using the userprovider instead of taking the path segment as is. This requires the user service
address as well as changing the default layout to the userid instead of the username. The latter
is not considered a stable and persistent identifier.

Https://github.com/owncloud/ocis-reva/pull/420
cs3org/reva#1033
- Enhancement - Update storage documentation: #384
We added details to the documentation about storage requirements known from ownCloud 10, the
local storage driver and the ownCloud storage driver.

Https://github.com/owncloud/ocis-reva/pull/384
owncloud/ocis-reva#390
- Enhancement - Update reva to v0.1.1-0.20200724135750-b46288b375d6: #399
- Update reva to v0.1.1-0.20200724135750-b46288b375d6 - Split LDAP user filters
  (reva/#996) - meshdirectory: Add invite forward API to provider links (reva/#1000) - OCM:
  Pass the link to the meshdirectory service in token mail (reva/#1002) - Update
  github.com/go-ldap/ldap to v3 (reva/#1004)
Https://github.com/owncloud/ocis-reva/pull/399
cs3org/reva#996 cs3org/reva#1000
cs3org/reva#1002 cs3org/reva#1004
- Enhancement - Update reva to v0.1.1-0.20200728071211-c948977dd3a0: #407
- Update reva to v0.1.1-0.20200728071211-c948977dd3a0 - Use proper logging for ldap auth
  requests (reva/#1008) - Update github.com/eventials/go-tus to
  v0.0.0-20200718001131-45c7ec8f5d59 (reva/#1007) - Check if SMTP credentials are nil
  (reva/#1006)
Https://github.com/owncloud/ocis-reva/pull/407
cs3org/reva#1008 cs3org/reva#1007
cs3org/reva#1006
- Bugfix - Build docker images with alpine:latest instead of alpine:edge: #393
ARM builds were failing when built on alpine:edge, so we switched to alpine:latest instead.

Https://github.com/owncloud/ocis-reva/pull/393
- Enhancement - Update reva to v0.1.1-0.20200710143425-cf38a45220c5: #371
- Update reva to v0.1.1-0.20200710143425-cf38a45220c5 (#371) - Add wopi open (reva/#920) -
  Added a CS3API compliant data exporter to Mentix (reva/#955) - Read SMTP password from env if
  not set in config (reva/#953) - OCS share fix including file info after update (reva/#958) - Add
  flag to smtpclient for for unauthenticated SMTP (reva/#963)
Https://github.com/owncloud/ocis-reva/pull/371
cs3org/reva#920 cs3org/reva#953
cs3org/reva#955 cs3org/reva#958
cs3org/reva#963
- Enhancement - Update reva to v0.1.1-0.20200722125752-6dea7936f9d1: #392
- Update reva to v0.1.1-0.20200722125752-6dea7936f9d1 - Added signing key capability
  (reva/#986) - Add functionality to create webdav references for OCM shares (reva/#974) -
  Added a site locations exporter to Mentix (reva/#972) - Add option to config to allow requests
  to hosts with unverified certificates (reva/#969)
Https://github.com/owncloud/ocis-reva/pull/392
cs3org/reva#986 cs3org/reva#974
cs3org/reva#972 cs3org/reva#969
- Enhancement - Make frontend prefixes configurable: #363
We introduce three new environment variables and preconfigure them the following way:
- REVA_FRONTEND_DATAGATEWAY_PREFIX="data"
- REVA_FRONTEND_OCDAV_PREFIX=""
- REVA_FRONTEND_OCS_PREFIX="ocs"
This restores the reva defaults that were changed upstream.

Https://github.com/owncloud/ocis-reva/pull/363
https://github.com/cs3org/reva/pull/936/files#diff-51bf4fb310f7362f5c4306581132fc3bR63
- Enhancement - Update reva to v0.1.1-0.20200701152626-2f6cc60e2f66: #341
- Update reva to v0.1.1-0.20200701152626-2f6cc60e2f66 (#341) - Added country information
  to Mentix (reva/#924) - Refactor metrics package to implement reader interface (reva/#934) -
  Fix OCS public link share update values logic (#252, #288, reva/#930)
Https://github.com/owncloud/ocis-reva/issues/252
owncloud/ocis-reva#288
owncloud/ocis-reva#341
cs3org/reva#924 cs3org/reva#934
cs3org/reva#930
- Enhancement - Update reva to v0.1.1-0.20200709064551-91eed007038f: #362
- Update reva to v0.1.1-0.20200709064551-91eed007038f (#362) - Fix config for uploads when
  data server is not exposed (reva/#936) - Update OCM partners endpoints (reva/#937) - Update
  Ailleron endpoint (reva/#938) - OCS: Fix initialization of shares json file (reva/#940) -
  OCS: Fix returned public link URL (#336, reva/#945) - OCS: Share wrap resource id correctly
  (#344, reva/#951) - OCS: Implement share handling for accepting and listing shares (#11,
  reva/#929) - ocm: dynamically lookup IPs for provider check (reva/#946) - ocm: add
  functionality to mail OCM invite tokens (reva/#944) - Change percentagused to
  percentageused (reva/#903) - Fix file-descriptor leak (reva/#954)
Https://github.com/owncloud/ocis-reva/issues/344
owncloud/ocis-reva#336
owncloud/ocis-reva#11
owncloud/ocis-reva#362
cs3org/reva#936 cs3org/reva#937
cs3org/reva#938 cs3org/reva#940
cs3org/reva#951 cs3org/reva#945
cs3org/reva#929 cs3org/reva#946
cs3org/reva#944 cs3org/reva#903
cs3org/reva#954
- Enhancement - Add new config options for the http client: #330
The internal certificates are checked for validity after
cs3org/reva#914, which causes the acceptance tests to fail. This
change sets new hardcoded defaults.

Https://github.com/owncloud/ocis-reva/pull/330
- Enhancement - Allow datagateway transfers to take 24h: #323
- Increase transfer token life time to 24h (PR #323)
Https://github.com/owncloud/ocis-reva/pull/323
- Enhancement - Update reva to v0.1.1-0.20200630075923-39a90d431566: #320
- Update reva to v0.1.1-0.20200630075923-39a90d431566 (#320) - Return special value for
  public link password (#294, reva/#904) - Fix public stat and listcontainer response to
  contain the correct prefix (#310, reva/#902)
Https://github.com/owncloud/ocis-reva/issues/310
owncloud/ocis-reva#294
owncloud/ocis-reva#320
cs3org/reva#902 cs3org/reva#904
- Enhancement - Update reva to v0.1.1-0.20200701152626-2f6cc60e2f66: #328
- Update reva to v0.1.1-0.20200701152626-2f6cc60e2f66 (#328) - Use sync.Map on pool package
  (reva/#909) - Use mutex instead of sync.Map (reva/#915) - Use gatewayProviders instead of
  storageProviders on conn pool (reva/#916) - Add logic to ls and stat to process arbitrary
  metadata keys (reva/#905) - Preliminary implementation of Set/UnsetArbitraryMetadata
  (reva/#912) - Make datagateway forward headers (reva/#913, reva/#926) - Add option to cmd
  upload to disable tus (reva/#911) - OCS Share Allow date-only expiration for public shares
  (#288, reva/#918) - OCS Share Remove array from OCS Share update response (#252, reva/#919) -
  OCS Share Implement GET request for single shares (#249, reva/#921)
Https://github.com/owncloud/ocis-reva/issues/288
owncloud/ocis-reva#252
owncloud/ocis-reva#249
owncloud/ocis-reva#328
cs3org/reva#909 cs3org/reva#915
cs3org/reva#916 cs3org/reva#905
cs3org/reva#912 cs3org/reva#913
cs3org/reva#926 cs3org/reva#911
cs3org/reva#918 cs3org/reva#919
cs3org/reva#921
- Enhancement - Update reva to v0.1.1-0.20200629131207-04298ea1c088: #309
- Update reva to v0.1.1-0.20200629094927-e33d65230abc (#309) - Fix public link file share
  (#278, reva/#895, reva/#900) - Delete public share (reva/#899) - Updated reva to
  v0.1.1-0.20200629131207-04298ea1c088 (#313)
Https://github.com/owncloud/ocis-reva/issues/278
owncloud/ocis-reva#309
cs3org/reva#895 cs3org/reva#899
cs3org/reva#900
owncloud/ocis-reva#313
- Enhancement - Update reva to v0.1.1-0.20200626111234-e21c32db9614: #261
- Updated reva to v0.1.1-0.20200626111234-e21c32db9614 (#304) - TUS upload support through
  datagateway (#261, reva/#878, reva/#888) - Added support for differing metrics path for
  Prometheus to Mentix (reva/#875) - More data exported by Mentix (reva/#881) - Implementation
  of file operations in public folder shares (#49, #293, reva/#877) - Make httpclient trust
  local certificates for now (reva/#880) - EOS homes are not configured with an enable-flag
  anymore, but with a dedicated storage driver. We're using it now and adapted default configs of
  storages (reva/#891, #304)
Https://github.com/owncloud/ocis-reva/issues/49
owncloud/ocis-reva#293
owncloud/ocis-reva#261
owncloud/ocis-reva#261
cs3org/reva#875 cs3org/reva#877
cs3org/reva#878 cs3org/reva#881
cs3org/reva#880 cs3org/reva#888
owncloud/ocis-reva#304
cs3org/reva#891
- Enhancement - Update reva to v0.1.1-0.20200624063447-db5e6635d5f0: #279
- Updated reva to v0.1.1-0.20200624063447-db5e6635d5f0 (#279) - Local storage: URL-encode
  file ids to ease integration with other microservices like WOPI (reva/#799) - Mentix fixes
  (reva/#803, reva/#817) - OCDAV: fix returned timestamp format (#116, reva/#805) - OCM: add
  default prefix (#814) - add the content-length header to the responses (reva/#816) - Deps:
  clean (reva/#818) - Fix trashbin listing (#112, #253, #254, reva/#819) - Make the json
  publicshare driver configurable (reva/#820) - TUS: Return metadata headers after direct
  upload (ocis/#216, reva/#813) - Set mtime to storage after simple upload (#174, reva/#823,
  reva/#841) - Configure grpc client to allow for insecure conns and skip server certificate
  verification (reva/#825) - Deployment: simplify config with more default values
  (reva/#826, reva/#837, reva/#843, reva/#848, reva/#842) - Separate local fs into home and
  with home disabled (reva/#829) - Register reflection after other services (reva/#831) -
  Refactor EOS fs (reva/#830) - Add ocs-share-permissions to the propfind response (#47,
  reva/#836) - OCS: Properly read permissions when creating public link (reva/#852) - localfs:
  make normalize return associated error (reva/#850) - EOS grpc driver (reva/#664) - OCS: Add
  support for legacy public link arg publicUpload (reva/#853) - Add cache layer to user REST
  package (reva/#849) - Meshdirectory: pass query params to selected provider (reva/#863) -
  Pass etag in quotes from the fs layer (#269, reva/#866, reva/#867) - OCM: use refactored
  cs3apis provider definition (reva/#864)
Https://github.com/owncloud/ocis-reva/issues/116
owncloud/ocis-reva#112
owncloud/ocis-reva#253
owncloud/ocis-reva#254
#216
owncloud/ocis-reva#174
https://github.com/owncloud/ocis-reva/issues/47
owncloud/ocis-reva#269
owncloud/ocis-reva#279
https://github.com/owncloud/cs3org/reva/pull/799
https://github.com/owncloud/cs3org/reva/pull/803
https://github.com/owncloud/cs3org/reva/pull/817
https://github.com/owncloud/cs3org/reva/pull/805
https://github.com/owncloud/cs3org/reva/pull/814
https://github.com/owncloud/cs3org/reva/pull/816
https://github.com/owncloud/cs3org/reva/pull/818
https://github.com/owncloud/cs3org/reva/pull/819
https://github.com/owncloud/cs3org/reva/pull/820
https://github.com/owncloud/cs3org/reva/pull/823
https://github.com/owncloud/cs3org/reva/pull/841
https://github.com/owncloud/cs3org/reva/pull/813
https://github.com/owncloud/cs3org/reva/pull/825
https://github.com/owncloud/cs3org/reva/pull/826
https://github.com/owncloud/cs3org/reva/pull/837
https://github.com/owncloud/cs3org/reva/pull/843
https://github.com/owncloud/cs3org/reva/pull/848
https://github.com/owncloud/cs3org/reva/pull/842
https://github.com/owncloud/cs3org/reva/pull/829
https://github.com/owncloud/cs3org/reva/pull/831
https://github.com/owncloud/cs3org/reva/pull/830
https://github.com/owncloud/cs3org/reva/pull/836
https://github.com/owncloud/cs3org/reva/pull/852
https://github.com/owncloud/cs3org/reva/pull/850
https://github.com/owncloud/cs3org/reva/pull/664
https://github.com/owncloud/cs3org/reva/pull/853
https://github.com/owncloud/cs3org/reva/pull/849
https://github.com/owncloud/cs3org/reva/pull/863
https://github.com/owncloud/cs3org/reva/pull/866
https://github.com/owncloud/cs3org/reva/pull/867
https://github.com/owncloud/cs3org/reva/pull/864
- Enhancement - Add TUS global capability: #177
The TUS global capabilities from Reva are now exposed.

The advertised max chunk size can be configured using the "--upload-max-chunk-size" CLI
switch or "REVA_FRONTEND_UPLOAD_MAX_CHUNK_SIZE" environment variable. The advertised
http method override can be configured using the "--upload-http-method-override" CLI
switch or "REVA_FRONTEND_UPLOAD_HTTP_METHOD_OVERRIDE" environment variable.

Https://github.com/owncloud/ocis-reva/issues/177
owncloud/ocis-reva#228
- Enhancement - Update reva to v0.1.1-0.20200603071553-e05a87521618: #244
- Updated reva to v0.1.1-0.20200603071553-e05a87521618 (#244) - Add option to disable TUS on
  OC layer (#177, reva/#791) - Dataprovider now supports method override (#177, reva/#792) -
  OCS fixes for create public link (reva/#798)
Https://github.com/owncloud/ocis-reva/issues/244
owncloud/ocis-reva#177
cs3org/reva#791 cs3org/reva#792
cs3org/reva#798
- Enhancement - Add public shares service: #49
Added Public Shares service with CRUD operations and File Public Shares Manager

Https://github.com/owncloud/ocis-reva/issues/49
owncloud/ocis-reva#232
- Enhancement - Update reva to v0.1.1-0.20200529120551-4f2d9c85d3c9: #49
- Updated reva to v0.1.1-0.20200529120551 (#232) - Public Shares CRUD, File Public Shares
  Manager (#49, #232, reva/#681, reva/#788) - Disable HTTP-KeepAlives to reduce fd count
  (ocis/#268, reva/#787) - Fix trashbin listing (#229, reva/#782) - Create PUT wrapper for TUS
  uploads (reva/#770) - Add security access headers for ocdav requests (#66, reva/#780) - Add
  option to revad cmd to specify logging level (reva/#772) - New metrics package (reva/#740) -
  Remove implicit data member from memory store (reva/#774) - Added TUS global capabilities
  (#177, reva/#775) - Fix PROPFIND with Depth 1 for cross-storage operations (reva/#779)
Https://github.com/owncloud/ocis-reva/issues/49
owncloud/ocis-reva#229
owncloud/ocis-reva#66
owncloud/ocis-reva#177
#268
owncloud/ocis-reva#232
cs3org/reva#787 cs3org/reva#681
cs3org/reva#788 cs3org/reva#782
cs3org/reva#770 cs3org/reva#780
cs3org/reva#772 cs3org/reva#740
cs3org/reva#774 cs3org/reva#775
cs3org/reva#779
- Enhancement - Update reva to v0.1.1-0.20200520150229: #161
- Update reva to v0.1.1-0.20200520150229 (#161, #180, #192, #207, #221) - Return arbitrary
  metadata with stat, upload without TUS (reva/#766) - Stat file before returning datagateway
  URL when initiating download (reva/#765) - REST driver for user package (reva/#747) - Sharing
  behavior now consistent with the old backend (#20, #26, #43, #44, #46, #94 ,reva/#748) - Mentix
  service (reva/#755) - meshdirectory: add mentix driver for gocdb sites integration
  (reva/#754) - Add functionality to commit to storage for OCM shares (reva/#760) - Add option in
  config to disable tus (reva/#759) - ocdav: fix custom property XML parsing in PROPPATCH
  handler (#203, reva/#743) - ocdav: fix PROPPATCH response for removed properties (#186,
  reva/#742) - ocdav: implement PROPFIND infinity depth (#212, reva/#758) - Local fs: Allow
  setting of arbitrary metadata, minor bug fixes (reva/#764) - Local fs: metadata handling and
  share persistence (reva/#732) - Local fs: return file owner info in stat (reva/#750) - Fixed
  regression when uploading empty files to OCFS or EOS with PUT and TUS (#188, reva/#734) - On
  delete move the file versions to the trashbin (#94, reva/#731) - Fix OCFS move operation (#182,
  reva/#729) - Fix OCFS custom property / xattr removal (reva/#728) - Retry trashbin in case of
  timestamp collision (reva/#730) - Disable chunking v1 by default (reva/#678) - Implement ocs
  to http status code mapping (#26, reva/#696, reva/#707, reva/#711) - Handle the case if
  directory already exists (reva/#695) - Added TUS upload support (reva/#674, reva/#725,
  reva/#717) - Always return file sizes in Webdav PROPFIND (reva/#712) - Use default mime type
  when none was detected (reva/#713) - Fixed Webdav shallow COPY (reva/#714) - Fixed arbitrary
  namespace usage for custom properties in PROPFIND (#57, reva/#720) - Implement returning
  Webdav custom properties from xattr (#57, reva/#721) - Minor fix in OCM share pkg (reva/#718)
Https://github.com/owncloud/ocis-reva/issues/20
owncloud/ocis-reva#26
owncloud/ocis-reva#43
owncloud/ocis-reva#44
owncloud/ocis-reva#46
owncloud/ocis-reva#94
owncloud/ocis-reva#26
owncloud/ocis-reva#67
owncloud/ocis-reva#57
owncloud/ocis-reva#94
owncloud/ocis-reva#188
owncloud/ocis-reva#182
owncloud/ocis-reva#212
owncloud/ocis-reva#186
owncloud/ocis-reva#203
owncloud/ocis-reva#161
owncloud/ocis-reva#180
owncloud/ocis-reva#192
owncloud/ocis-reva#207
owncloud/ocis-reva#221
cs3org/reva#766 cs3org/reva#765
cs3org/reva#755 cs3org/reva#754
cs3org/reva#747 cs3org/reva#748
cs3org/reva#760 cs3org/reva#759
cs3org/reva#678 cs3org/reva#696
cs3org/reva#707 cs3org/reva#711
cs3org/reva#695 cs3org/reva#674
cs3org/reva#725 cs3org/reva#717
cs3org/reva#712 cs3org/reva#713
cs3org/reva#720 cs3org/reva#718
cs3org/reva#731 cs3org/reva#734
cs3org/reva#729 cs3org/reva#728
cs3org/reva#730 cs3org/reva#758
cs3org/reva#742 cs3org/reva#764
cs3org/reva#743 cs3org/reva#732
cs3org/reva#750
- Bugfix - Stop advertising unsupported chunking v2: #145
Removed "chunking" attribute in the DAV capabilities. Please note that chunking v2 is
advertised as "chunking 1.0" while chunking v1 is the attribute "bigfilechunking" which is
already false.

Https://github.com/owncloud/ocis-reva/pull/145
- Enhancement - Allow configuring the gateway for dataproviders: #136
This allows using basic or bearer auth when directly talking to dataproviders.

Https://github.com/owncloud/ocis-reva/pull/136
- Enhancement - Use a configured logger on reva runtime: #153
For consistency reasons we need a configured logger that is inline with an ocis logger, so the
log cascade can be easily parsed by a human.

Https://github.com/owncloud/ocis-reva/pull/153
- Bugfix - Fix eos user sharing config: #127
We have added missing config options for the user sharing manager and added a dedicated eos
storage command with pre configured settings for the eos-docker container. It configures a
Shares folder in a users home when using eos as the storage driver.

Https://github.com/owncloud/ocis-reva/pull/127
- Enhancement - Update reva to v1.1.0-20200414133413: #127
Adds initial public sharing and ocm implementation.

Https://github.com/owncloud/ocis-reva/pull/127
- Bugfix - Fix eos config: #125
We have added missing config options for the home layout to the config struct that is passed to
eos.

Https://github.com/owncloud/ocis-reva/pull/125
- Bugfix - Set correct flag type in the flagsets: #75
While upgrading to the micro/cli version 2 there where two instances of StringFlag which had
not been changed to StringSliceFlag. This caused ocis-reva users and ocis-reva storage-root to fail on startup.

Https://github.com/owncloud/ocis-reva/issues/75
owncloud/ocis-reva#76
- Bugfix - We fixed a typo in the REVA_LDAP_SCHEMA_MAIL environment variable: #113
It was misspelled as REVA_LDAP_SCHEMA_Mail.

Https://github.com/owncloud/ocis-reva/pull/113
- Bugfix - Allow different namespaces for /webdav and /dav/files: #68
After fbf131c the path for the "new" webdav path does not contain a username
/remote.php/dav/files/textfile0.txt. It used to be
/remote.php/dav/files/oc/einstein/textfile0.txt So it lost oc/einstein.

This PR allows setting up different namespaces for /webav and /dav/files:

/webdav is jailed into /home - which uses the home storage driver and uses the logged in user
to construct the path /dav/files is jailed into /oc - which uses the owncloud storage
driver and expects a username as the first path segment

This mimics oc10

The WEBDAV_NAMESPACE_JAIL environment variable is split into - WEBDAV_NAMESPACE and -
DAV_FILES_NAMESPACE accordingly.

Https://github.com/owncloud/ocis-reva/pull/68 related:
- Change - Use /home as default namespace: #68
Currently, cross storage etag propagation is not yet implemented, which prevents the desktop
client from detecting changes via the PROPFIND to /. / is managed by the root storage provider
which is independend of the home and oc storage providers. If a file changes in /home/foo, the
etag change will only be propagated to the root of the home storage provider.

This change jails users into the /home namespace, and allows configuring the namespace to
use for the two webdav endpoints using the new environment variable WEBDAV_NAMESPACE_JAIL
which affects both endpoints /dav/files and /webdav.

This will allow us to focus on getting a single storage driver like eos or owncloud tested and
better resembles what owncloud 10 does.

To get back the global namespace, which ultimately is the goal, just set the above environment
variable to /.

Https://github.com/owncloud/ocis-reva/pull/68
- Change - Initial release of basic version: #1
Just prepared an initial basic version to start a reva server and start integrating with the
go-micro base dextension framework of ownCloud Infinite Scale.

Https://github.com/owncloud/ocis-reva/issues/1
- Change - Start multiple services with dedicated commands: #6
The initial version would only allow us to use a set of reva configurations to start multiple
services. We use a more opinionated set of commands to start dedicated services that allows us
to configure them individually. It allows us to switch eg. the user backend to LDAP and fully use
it on the cli.

Https://github.com/owncloud/ocis-reva/issues/6
- Change - Storage providers now default to exposing data servers: #89
The flags that let reva storage providers announce that they expose a data server now defaults
to true:

REVA_STORAGE_HOME_EXPOSE_DATA_SERVER=1 REVA_STORAGE_OC_EXPOSE_DATA_SERVER=1

Https://github.com/owncloud/ocis-reva/issues/89
- Change - Default to running behind ocis-proxy: #113
We changed the default configuration to integrate better with ocis.
- We use ocis-glauth as the default ldap server on port 9125 with base dc=example,dc=org. - We
  use a dedicated technical reva user to make ldap binds - Clients are supposed to use the
  ocis-proxy endpoint https://localhost:9200 - We removed unneeded ocis configuration
  from the frontend which no longer serves an oidc provider. - We changed the default user
  OpaqueID attribute from sub to preferred_username. The latter is a claim populated by
  konnectd that can also be used by the reva ldap user manager to look up users by their OpaqueId
Https://github.com/owncloud/ocis-reva/pull/113
- Enhancement - Expose owncloud storage driver config in flagset: #87
Three new flags are now available:
- scan files on startup to generate missing fileids default: true env var:
  REVA_STORAGE_OWNCLOUD_SCAN cli option: --storage-owncloud-scan
- autocreate home path for new users default: true env var:
  REVA_STORAGE_OWNCLOUD_AUTOCREATE cli option: --storage-owncloud-autocreate
- the address of the redis server default: :6379 env var:
  REVA_STORAGE_OWNCLOUD_REDIS_ADDR cli option: --storage-owncloud-redis
Https://github.com/owncloud/ocis-reva/issues/87
- Enhancement - Update reva to v0.0.2-0.20200212114015-0dbce24f7e8b: #91
Reva has seen a lot of changes that allow us to - reduce the configuration overhead - use the
autocreato home folder option - use the home folder path layout option - no longer start the root
storage

Https://github.com/owncloud/ocis-reva/pull/91 related:
- Enhancement - Allow configuring user sharing driver: #115
We now default to json which persists shares in the sharing manager in a json file instead of an
in memory db.

Https://github.com/owncloud/ocis-reva/pull/115

owncloud/product#244
Enhancement - Add the store service: #244

Tags: store
- Enhancement - Add version command: #226
- Bugfix - Removed code from other service: #7
- Bugfix - Build docker images with alpine:latest instead of alpine:edge: #5
- Change - Initial release of basic version: #1
owncloud/product#244
Enhancement - Add the thumbnails service: #244

Tags: thumbnails
- Enhancement - Add version command: #226
- Bugfix - Build docker images with alpine:latest instead of alpine:edge: #35
- Enhancement - Serve the metrics endpoint: #37
- Change - Add more default resolutions: #23
- Change - Refactor code to remove code smells: #21
- Change - Use micro service error api: #31
- Enhancement - Limit users to access own thumbnails: #5
- Bugfix - Fix usage of context.Context: #18
- Bugfix - Fix execution when passing program flags: #15
- Change - Initial release of basic version: #1
- Change - Use predefined resolutions for thumbnail generation: #7
- Change - Implement the first working version: #3
owncloud/product#244
Enhancement - Add a command to list the versions of running instances: #226

Tags: accounts

Added a micro command to list the versions of running accounts services.

owncloud/product#226
Enhancement - Add the webdav service: #244

Tags: webdav
- Enhancement - Add version command: #226
- Bugfix - Build docker images with alpine:latest instead of alpine:edge: #22
- Change Change status not found on missing thumbnail: #20
- Change - Initial release of basic version: #1
- Change - Update ocis-pkg to version 2.2.0: #16
- Enhancement - Configuration: #14
- Enhancement - Implement preview API: #13
owncloud/product#244
Enhancement - Better adopt Go-Micro: #840

Tags: ocis

There are a few building blocks that we were relying on default behavior, such as
micro.Registry and the go-micro client. In order for oCIS to work in any environment and not
relying in black magic configuration or running daemons we need to be able to:
- Provide with a configurable go-micro registry. - Use our own go-micro client adjusted to our
  own needs (i.e: custom timeout, custom dial timeout, custom transport...)
This PR is relying on 2 env variables from Micro: MICRO_REGISTRY and
MICRO_REGISTRY_ADDRESS. The latter does not make sense to provide if the registry is not
etcd.

The current implementation only accounts for mdns and etcd registries, defaulting to
mdns when not explicitly defined to use etcd.

#840
Enhancement - Add permission check when assigning and removing roles: #879

Everyone could add and remove roles from users. Added a new permission and a check so that only
users with the role management permissions can assign and unassign roles.

#879
Enhancement - Create OnlyOffice extension: #857

Tags: OnlyOffice

We've created an OnlyOffice extension which enables users to create and edit docx documents
and open spreadsheets and presentations.

#857
Enhancement - Show basic-auth warning only once: #886

Show basic-auth warning only on startup instead on every request.

#886
Enhancement - Add glauth fallback backend: #649

We introduced the fallback-datastore config option and the corresponding options to allow
configuring a simple chain of two handlers.

Simple, because it is intended for bind and single result search queries. Merging large sets of
results is currently out of scope. For now, the implementation will only search the fallback
backend if the default backend returns an error or the number of results is 0. This is sufficient
to allow an IdP to authenticate users from ocis as well as owncloud 10 as described in the bridge
scenario.

owncloud/ocis-glauth#18
#649

Enhancement - Tidy dependencies: #845

Methodology:

-name go.mod -print | sed 's:/go.mod$::' } ```

``` for m in $(go-modules); do (cd $m && go mod tidy); done ```

https://github.com/owncloud/ocis/pull/845

Enhancement - Launch a storage to store ocis-metadata: #602

Tags: metadata, accounts, settings

In the future accounts, settings etc. should be stored in a dedicated metadata storage. The
services should talk to this storage directly, bypassing reva-gateway.

#602
Enhancement - Add a version command to ocis: #915

The version command was only implemented in the extensions. This adds the version command to
ocis to list all services in the ocis namespace.

#915
Enhancement - Create a proxy access-log: #889

Logs client access at the proxy

#889
Enhancement - Cache userinfo in proxy: #877

Tags: proxy

We introduced caching for the userinfo response. The token expiration is used for cache
invalidation if available. Otherwise we fall back to a preconfigured TTL (default 10
seconds).

#877
Enhancement - Update reva to v1.4.1-0.20201125144025-57da0c27434c: #1320

Mostly to bring fixes to pressing changes.

cs3org/reva#1320
cs3org/reva#1338
Enhancement - Runtime Cleanup: #1066

Small runtime cleanup prior to Tech Preview release

#1066
Enhancement - Update OCIS Runtime: #1108
- enhances the overall behavior of our runtime - runtime db file configurable - two new env
  variables to deal with the runtime - RUNTIME_DB_FILE and RUNTIME_KEEP_ALIVE -
  RUNTIME_KEEP_ALIVE defaults to false to provide backwards compatibility - if
  RUNTIME_KEEP_ALIVE is set to true, if a supervised process terminates the runtime will
  attempt to start with the same environment provided.
#1108
Enhancement - Simplify tracing config: #92

We now apply the oCIS tracing config to all services which have tracing. With this it is possible
to set one tracing config for all services at the same time.

owncloud/product#92
#329
#409
Enhancement - Update glauth to dev fd3ac7e4bbdc93578655d9a08d8e23f105aaa5b2: #834

We updated glauth to dev commit fd3ac7e4bbdc93578655d9a08d8e23f105aaa5b2, which allows to
skip certificate checks for the owncloud backend.

#834
Enhancement - Update glauth to dev 4f029234b2308: #786

Includes a bugfix, don't mix graph and provisioning api.

#786
Enhancement - Update konnectd to v0.33.8: #744

This update adds options which allow the configuration of oidc-token expiration parameters:
KONNECTD_ACCESS_TOKEN_EXPIRATION, KONNECTD_ID_TOKEN_EXPIRATION and
KONNECTD_REFRESH_TOKEN_EXPIRATION.

Other changes from upstream:
- Generate random endsession state for external authority - Update dependencies in
  Dockerfile - Set prompt=None to avoid loops with external authority - Update Jenkins
  reporting plugin from checkstyle to recordIssues - Remove extra kty key from JWKS top level
  document - Fix regression which encodes URL fragments twice - Avoid generating fragmet/query
  URLs with wrong order - Return state for oidc endsession response redirects - Use server
  provided username to avoid case mismatch - Use signed-out-uri if set as fallback for goodbye
  redirect on saml slo - Add checks to ensure post_logout_redirect_uri is not empty - Fix SAML2
  logout request parsing - Cure panic when no state is found in saml esr - Use SAML IdP Issuer value
  from meta data entityID - Allow configuration of expiration of oidc access, id and refresh
  tokens - Implement trampolin for external OIDC authority end session - Update
  ca-certificates version
#744
Enhancement - Update reva to v1.4.1-0.20201123062044-b2c4af4e897d: #823
- Refactor the uploading files workflow from various clients cs3org/reva#1285, cs3org/reva#1314
- [OCS] filter share with me requests cs3org/reva#1302
- Fix listing shares for nonexisting path cs3org/reva#1316
- prevent nil pointer when listing shares cs3org/reva#1317
- Sharee retrieves the information about a share -but gets response containing all the shares owncloud/ocis-reva#260
- Deleting a public link after renaming a file owncloud/ocis-reva#311
- Avoid log spam cs3org/reva#1323, cs3org/reva#1324
- Fix trashbin cs3org/reva#1326
https://github.com/owncloud/ocis-reva/issues/260
https://github.com/owncloud/ocis-reva/issues/311
#823
cs3org/reva#1285
cs3org/reva#1302
cs3org/reva#1314
cs3org/reva#1316
cs3org/reva#1317
cs3org/reva#1323
cs3org/reva#1324
cs3org/reva#1326
Enhancement - Update reva to v1.4.1-0.20201130061320-ac85e68e0600: #980
- Fix move operation in ocis storage driver csorg/reva#1343
#975
#980
cs3org/reva#1343
Enhancement - Update reva to cdb3d66: #748
- let the gateway filter invalid references
#748
cs3org/reva#1274
Enhancement - Update reva to dd3a8c0: #725
- fixes etag propagation in the ocis driver
#725
cs3org/reva#1264
Enhancement - Update reva to v1.4.1-0.20201127111856-e6a6212c1b7b: #971

Tags: reva
- Fix capabilities response for multiple client versions #1331 cs3org/reva#1331
- Fix home storage redirect for remote.php/dav/files cs3org/reva#1342
#971
cs3org/reva#1331
cs3org/reva#1342
Enhancement - Update reva to 063b3db9162b: #1091
- bring public link removal changes to OCIS. - fix subcommand name collision from renaming
  phoenix -> web.
#1098
#1091

Enhancement - Add www-authenticate based on user agent: #1009

Tags: reva, proxy

We now comply with HTTP spec by adding Www-Authenticate headers on every 401 request.
Furthermore, we not only take care of such a thing at the Proxy but also Reva will take care of it.
In addition, we now are able to lock-in a set of User-Agent to specific challenges.

Admins can use this feature by configuring OCIS + Reva following this approach:

Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:83.0) Gecko/20100101
Firefox/83.0:bearer" \
PROXY_MIDDLEWARE_AUTH_CREDENTIALS_BY_USER_AGENT="mirall:basic, Mozilla/5.0
(Macintosh; Intel Mac OS X 10.15; rv:83.0) Gecko/20100101 Firefox/83.0:bearer" \
PROXY_ENABLE_BASIC_AUTH=true \ go run cmd/ocis/main.go server ```

We introduced two new environment variables:

`STORAGE_FRONTEND_MIDDLEWARE_AUTH_CREDENTIALS_BY_USER_AGENT` as well as
`PROXY_MIDDLEWARE_AUTH_CREDENTIALS_BY_USER_AGENT`, The reason they have the same value
is not to rely on the os env on a distributed environment, so in redundancy we trust. They both
configure the same on the backend storage and OCIS Proxy.

https://github.com/owncloud/ocis/pull/1009

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

1.0.0-rc8

Changes in 1.0.0

Summary

Details