From b229b5f9478fff3580b769c2a8e54ad7944e9fe4 Mon Sep 17 00:00:00 2001 From: lian Date: Sun, 15 Oct 2023 17:38:54 +0800 Subject: [PATCH 1/8] fix bug when send share link verification code when language is Italian (#5682) --- seahub/share/templates/share/share_link_audit.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/seahub/share/templates/share/share_link_audit.html b/seahub/share/templates/share/share_link_audit.html index f06aae27e0..edf6d4e0ed 100644 --- a/seahub/share/templates/share/share_link_audit.html +++ b/seahub/share/templates/share/share_link_audit.html @@ -60,7 +60,7 @@ $('#get-code').on('click', function() { email: email }, success: function() { - feedback('{% trans "A verification code has been sent to the email." %}', 'success'); + feedback("{% trans "A verification code has been sent to the email." %}", 'success'); }, error: function(xhr) { var error_msg = prepareAjaxErrorMsg(xhr); From 2a82e10c6fff82ca10339a04b662e9fa1e5b88b9 Mon Sep 17 00:00:00 2001 From: lian Date: Tue, 9 May 2023 14:16:27 +0800 Subject: [PATCH 2/8] update two factor auth remember me UI --- seahub/two_factor/templates/two_factor/core/login.html | 2 ++ 1 file changed, 2 insertions(+) diff --git a/seahub/two_factor/templates/two_factor/core/login.html b/seahub/two_factor/templates/two_factor/core/login.html index 065f525e5a..b057e6801c 100644 --- a/seahub/two_factor/templates/two_factor/core/login.html +++ b/seahub/two_factor/templates/two_factor/core/login.html @@ -22,10 +22,12 @@ + {% if remember_days > 0 %} + {% endif %} {% if form.errors %}

{% trans "Incorrect code" %}

From a206b5114cb2f20879a9a40302161d85bbc2f3cc Mon Sep 17 00:00:00 2001 From: lian Date: Tue, 24 Oct 2023 14:09:57 +0800 Subject: [PATCH 3/8] fix custom org logo bug when enable AVATAR_FILE_STORAGE (#5703) --- frontend/src/components/logo.js | 2 +- .../src/pages/org-admin/web-settings/web-settings.js | 10 ++++++---- seahub/base/context_processors.py | 3 +++ seahub/organizations/api/admin/logo.py | 4 ++++ seahub/organizations/settings.py | 2 +- 5 files changed, 15 insertions(+), 6 deletions(-) diff --git a/frontend/src/components/logo.js b/frontend/src/components/logo.js index e98e497012..ead2ef8ec1 100644 --- a/frontend/src/components/logo.js +++ b/frontend/src/components/logo.js @@ -17,7 +17,7 @@ class Logo extends React.Component { return (
{this.props.showCloseSidePanelIcon && { seafileAPI.orgAdminUpdateLogo(orgID, file).then((res) => { this.setState({ - logoPath: mediaUrl + res.data.logo_path + logoPath: res.data.logo_path }); toaster.success(gettext('Success')); }).catch((error) => { @@ -77,7 +77,9 @@ class OrgWebSettings extends Component { } render() { - const { loading, errorMsg, config_dict, logoPath, file_ext_white_list } = this.state; + const { loading, errorMsg, config_dict, file_ext_white_list } = this.state; + let logoPath = this.state.logoPath; + logoPath = logoPath.indexOf('image-view') != -1 ? logoPath : mediaUrl + logoPath; return ( diff --git a/seahub/base/context_processors.py b/seahub/base/context_processors.py index ba57204374..c41daaab62 100644 --- a/seahub/base/context_processors.py +++ b/seahub/base/context_processors.py @@ -95,6 +95,9 @@ def base(request): org_logo_url = OrgAdminSettings.objects.get_org_logo_url(org.org_id) if org_logo_url: logo_path = org_logo_url + from seahub.avatar.settings import AVATAR_FILE_STORAGE + if AVATAR_FILE_STORAGE == 'seahub.base.database_storage.DatabaseStorage': + logo_path = "/image-view/" + logo_path # get favicon path custom_favicon_file = os.path.join(MEDIA_ROOT, CUSTOM_FAVICON_PATH) diff --git a/seahub/organizations/api/admin/logo.py b/seahub/organizations/api/admin/logo.py index 752500d4ca..2c8f70b574 100644 --- a/seahub/organizations/api/admin/logo.py +++ b/seahub/organizations/api/admin/logo.py @@ -71,4 +71,8 @@ class OrgAdminLogo(APIView): logger.error(e) return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, 'Internal Server Error') + from seahub.avatar.settings import AVATAR_FILE_STORAGE + if AVATAR_FILE_STORAGE == 'seahub.base.database_storage.DatabaseStorage': + org_logo_url = "/image-view/" + org_logo_url + return Response({'logo_path': org_logo_url}) diff --git a/seahub/organizations/settings.py b/seahub/organizations/settings.py index 35d6e7dc85..bf25fac745 100644 --- a/seahub/organizations/settings.py +++ b/seahub/organizations/settings.py @@ -16,4 +16,4 @@ ORG_AUTO_URL_PREFIX = getattr(settings, 'ORG_AUTO_URL_PREFIX', True) ORG_ENABLE_ADMIN_INVITE_USER = getattr(settings, 'ORG_ENABLE_ADMIN_INVITE_USER', False) ORG_ENABLE_ADMIN_CUSTOM_NAME = getattr(settings, 'ORG_ENABLE_ADMIN_CUSTOM_NAME', True) -ORG_ENABLE_ADMIN_CUSTOM_LOGO = getattr(settings, 'ORG_ENABLE_ADMIN_CUSTOM_LOGO', False) +ORG_ENABLE_ADMIN_CUSTOM_LOGO = getattr(settings, 'ORG_ENABLE_ADMIN_CUSTOM_LOGO', True) From 4f384d3fcb887fbce75daabd46472c86d95fca76 Mon Sep 17 00:00:00 2001 From: lian Date: Wed, 25 Oct 2023 21:53:08 +0800 Subject: [PATCH 4/8] update error msg when import group members (#5708) show email info in error msg --- seahub/api2/endpoints/group_members.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/seahub/api2/endpoints/group_members.py b/seahub/api2/endpoints/group_members.py index 41a575511e..6cfca20240 100644 --- a/seahub/api2/endpoints/group_members.py +++ b/seahub/api2/endpoints/group_members.py @@ -458,6 +458,8 @@ class GroupMembersImport(APIView): for email in emails_list: + email_from_excel = email + user_not_found = False try: @@ -473,15 +475,15 @@ class GroupMembersImport(APIView): except User.DoesNotExist: user_not_found = True - email_name = email2nickname(email) if user_not_found: result['failed'].append({ - 'email': email, - 'email_name': email_name, - 'error_msg': 'User %s not found.' % email_name + 'email': email_from_excel, + 'email_name': email2nickname(email_from_excel), + 'error_msg': 'User %s not found.' % email2nickname(email_from_excel) }) continue + email_name = email2nickname(email) if is_group_member(group_id, email, in_structure=False): result['failed'].append({ 'email': email, From 01d6dbe8408dc3801ad865fd17717f4dae30585b Mon Sep 17 00:00:00 2001 From: WJH <40563566+loveclever@users.noreply.github.com> Date: Mon, 30 Oct 2023 16:21:19 +0800 Subject: [PATCH 5/8] update clear_invalid_repo_data.py --- seahub/base/management/commands/clear_invalid_repo_data.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/seahub/base/management/commands/clear_invalid_repo_data.py b/seahub/base/management/commands/clear_invalid_repo_data.py index 62e4219d98..c8dc9774a4 100644 --- a/seahub/base/management/commands/clear_invalid_repo_data.py +++ b/seahub/base/management/commands/clear_invalid_repo_data.py @@ -83,7 +83,7 @@ class Command(BaseCommand): return for repo_id, *_ in res: - repo_ids.append(repo_ids) + repo_ids.append(repo_id) if repo_id not in all_repo_ids: invalid_repo_ids.append(repo_id) From 68ce54a09c7b5f77ce41be1367cb9ba0363bd17f Mon Sep 17 00:00:00 2001 From: lian Date: Mon, 6 Nov 2023 20:15:45 +0800 Subject: [PATCH 6/8] update create group library api (#5738) do not check repo custom share permission --- seahub/api2/endpoints/group_libraries.py | 39 ++++++++++++------------ 1 file changed, 19 insertions(+), 20 deletions(-) diff --git a/seahub/api2/endpoints/group_libraries.py b/seahub/api2/endpoints/group_libraries.py index 3f72e759b1..44e725bcf5 100644 --- a/seahub/api2/endpoints/group_libraries.py +++ b/seahub/api2/endpoints/group_libraries.py @@ -28,7 +28,7 @@ from seahub.utils.repo import get_repo_owner, get_available_repo_perms from seahub.share.models import ExtraGroupsSharePermission from seahub.share.signals import share_repo_to_group_successful from seahub.share.utils import is_repo_admin, check_group_share_in_permission, \ - share_dir_to_group, normalize_custom_permission_name + share_dir_to_group from seahub.constants import PERMISSION_READ from seahub.base.models import UserStarredFiles, UserMonitoredRepos from seahub.base.templatetags.seahub_tags import email2nickname, \ @@ -191,10 +191,8 @@ class GroupLibraries(APIView): permission = request.data.get('permission', PERMISSION_READ) if permission not in get_available_repo_perms(): - permission = normalize_custom_permission_name(permission) - if not permission: - error_msg = 'permission invalid.' - return api_error(status.HTTP_400_BAD_REQUEST, error_msg) + error_msg = 'permission invalid.' + return api_error(status.HTTP_400_BAD_REQUEST, error_msg) # permission check if not request.user.permissions.can_add_repo(): @@ -214,32 +212,33 @@ class GroupLibraries(APIView): if is_org_context(request): is_org = True org_id = request.user.org.org_id - repo_id = seafile_api.create_org_repo(repo_name, - '', username, org_id, password, enc_version=settings.ENCRYPTED_LIBRARY_VERSION) + repo_id = seafile_api.create_org_repo(repo_name, '', username, org_id, password, + enc_version=settings.ENCRYPTED_LIBRARY_VERSION) else: - repo_id = seafile_api.create_repo(repo_name, - '', username, password, enc_version=settings.ENCRYPTED_LIBRARY_VERSION) + repo_id = seafile_api.create_repo(repo_name, '', username, password, + enc_version=settings.ENCRYPTED_LIBRARY_VERSION) repo = seafile_api.get_repo(repo_id) share_dir_to_group(repo, '/', username, username, group_id, - permission, org_id if is_org else None) + permission, org_id if is_org else None) # for activities library_template = request.data.get("library_template", '') repo_created.send(sender=None, org_id=org_id, creator=username, - repo_id=repo_id, repo_name=repo_name, - library_template=library_template) + repo_id=repo_id, repo_name=repo_name, + library_template=library_template) # for notification share_repo_to_group_successful.send(sender=None, from_user=username, - group_id=group_id, repo=repo, path='/', org_id=org_id) + group_id=group_id, repo=repo, + path='/', org_id=org_id) # for perm audit - send_perm_audit_msg('add-repo-perm', username, group_id, - repo_id, '/', permission) + send_perm_audit_msg('add-repo-perm', username, + group_id, repo_id, '/', permission) - group_repo = seafile_api.get_group_shared_repo_by_path(repo_id, - None, group_id, is_org) + group_repo = seafile_api.get_group_shared_repo_by_path(repo_id, None, + group_id, is_org) group_repo_info = get_group_repo_info(request, group_repo) group_repo_info['owner_email'] = username @@ -280,8 +279,8 @@ class GroupLibrary(APIView): if is_org_context(request): is_org = True - group_repo = seafile_api.get_group_shared_repo_by_path(repo_id, - None, group_id, is_org) + group_repo = seafile_api.get_group_shared_repo_by_path(repo_id, None, + group_id, is_org) if not group_repo: error_msg = 'Group library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) @@ -307,7 +306,7 @@ class GroupLibrary(APIView): origin_repo_id = group_repo.origin_repo_id or repo_id origin_path = group_repo.origin_path or '/' send_perm_audit_msg('delete-repo-perm', username, group_id, - origin_repo_id, origin_path, permission) + origin_repo_id, origin_path, permission) # delete extra share permission ExtraGroupsSharePermission.objects.delete_share_permission(repo_id, group_id) From 56e68ae0ca4231577f5c73496945c123bdc72773 Mon Sep 17 00:00:00 2001 From: lian Date: Mon, 6 Nov 2023 20:26:46 +0800 Subject: [PATCH 7/8] update repo custom share permission api (#5737) check if permission belongs to repo --- .../endpoints/custom_share_permissions.py | 33 +++++++++++-------- 1 file changed, 19 insertions(+), 14 deletions(-) diff --git a/seahub/api2/endpoints/custom_share_permissions.py b/seahub/api2/endpoints/custom_share_permissions.py index abdd44173b..cf259fd401 100644 --- a/seahub/api2/endpoints/custom_share_permissions.py +++ b/seahub/api2/endpoints/custom_share_permissions.py @@ -30,7 +30,8 @@ class CustomSharePermissionsView(APIView): """ # permission check if not check_folder_permission(request, repo_id, '/'): - return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') + error_msg = 'Permission denied.' + return api_error(status.HTTP_403_FORBIDDEN, error_msg) # resource check repo = seafile_api.get_repo(repo_id) @@ -66,7 +67,8 @@ class CustomSharePermissionsView(APIView): # permission check if not is_repo_admin(username, repo_id): - return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') + error_msg = 'Permission denied.' + return api_error(status.HTTP_403_FORBIDDEN, error_msg) # resource check repo = seafile_api.get_repo(repo_id) @@ -97,7 +99,8 @@ class CustomSharePermissionView(APIView): """ # permission check if not check_folder_permission(request, repo_id, '/'): - return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') + error_msg = 'Permission denied.' + return api_error(status.HTTP_403_FORBIDDEN, error_msg) # resource check repo = seafile_api.get_repo(repo_id) @@ -118,21 +121,24 @@ class CustomSharePermissionView(APIView): def put(self, request, repo_id, permission_id): """Update a custom share permission """ - username = request.user.username # argument check permission = request.data.get('permission', None) if not permission: error_msg = 'permission invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) + permission_name = request.data.get('permission_name', None) if not permission_name: error_msg = 'permission_name invalid.' return api_error(status.HTTP_400_BAD_REQUEST, error_msg) + description = request.data.get('description', '') # permission check + username = request.user.username if not is_repo_admin(username, repo_id): - return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') + error_msg = 'Permission denied.' + return api_error(status.HTTP_403_FORBIDDEN, error_msg) # resource check repo = seafile_api.get_repo(repo_id) @@ -140,17 +146,15 @@ class CustomSharePermissionView(APIView): error_msg = 'Library %s not found.' % repo_id return api_error(status.HTTP_404_NOT_FOUND, error_msg) - try: - permission_obj = CustomSharePermissions.objects.get(id=permission_id) - if not permission_obj: - return api_error(status.HTTP_404_NOT_FOUND, 'Permission %s not found.' % permission_id) - except Exception as e: - logger.error(e) - error_msg = 'Internal Server Error' - return api_error(status.HTTP_500_INTERNAL_SERVER_ERROR, error_msg) + permission_objs = CustomSharePermissions.objects.filter(repo_id=repo_id) \ + .filter(id=permission_id) + if not permission_objs: + error_msg = f'Permission {permission_id} not found in library {repo_id}.' + return api_error(status.HTTP_404_NOT_FOUND, error_msg) # main try: + permission_obj = permission_objs[0] permission_obj.name = permission_name permission_obj.description = description permission_obj.permission = permission @@ -170,7 +174,8 @@ class CustomSharePermissionView(APIView): # permission check if not is_repo_admin(username, repo_id): - return api_error(status.HTTP_403_FORBIDDEN, 'Permission denied.') + error_msg = 'Permission denied.' + return api_error(status.HTTP_403_FORBIDDEN, error_msg) # resource check repo = seafile_api.get_repo(repo_id) From 845f5436433af9c4ac16064c5ae9c42f5f7d8f72 Mon Sep 17 00:00:00 2001 From: WJH <40563566+loveclever@users.noreply.github.com> Date: Tue, 7 Nov 2023 11:33:51 +0800 Subject: [PATCH 8/8] improve load adfs config error log (#5741) --- seahub/adfs_auth/utils.py | 8 ++++++-- seahub/adfs_auth/views.py | 20 +++++++++++++++++--- 2 files changed, 23 insertions(+), 5 deletions(-) diff --git a/seahub/adfs_auth/utils.py b/seahub/adfs_auth/utils.py index b2ce0e4ec5..9d741ab2dc 100644 --- a/seahub/adfs_auth/utils.py +++ b/seahub/adfs_auth/utils.py @@ -127,6 +127,10 @@ def config_settings_loader(request): }], } - conf = SPConfig() - conf.load(copy.deepcopy(saml_config)) + try: + conf = SPConfig() + conf.load(copy.deepcopy(saml_config)) + except Exception as e: + logger.exception('Failed to load saml config, error: %s' % e) + raise Exception('Failed to load saml config, error: %s' % e) return conf diff --git a/seahub/adfs_auth/views.py b/seahub/adfs_auth/views.py index dc75d60196..581a7f98a6 100644 --- a/seahub/adfs_auth/views.py +++ b/seahub/adfs_auth/views.py @@ -63,7 +63,12 @@ def login(request): if not url_has_allowed_host_and_scheme(next_url, None): next_url = settings.LOGIN_REDIRECT_URL - sp_config = get_config(None, request) + try: + sp_config = get_config(None, request) + except Exception as e: + logger.error(e) + return HttpResponseBadRequest('Failed to get saml config, please check your ADFS/SAML service.') + saml_client = Saml2Client(sp_config) session_id, info = saml_client.prepare_for_authenticate(relay_state=next_url) oq_cache = OutstandingQueriesCache(request.saml_session) @@ -92,7 +97,12 @@ def assertion_consumer_service(request, attribute_mapping=None, create_unknown_u if 'SAMLResponse' not in request.POST: return HttpResponseBadRequest('Missing "SAMLResponse" parameter in POST data.') attribute_mapping = attribute_mapping or get_custom_setting('SAML_ATTRIBUTE_MAPPING', None) - conf = get_config(None, request) + + try: + conf = get_config(None, request) + except Exception as e: + logger.error(e) + return HttpResponseBadRequest('Failed to get saml config, please check your ADFS/SAML service.') identity_cache = IdentityCache(request.saml_session) client = Saml2Client(conf, identity_cache=identity_cache) @@ -166,7 +176,11 @@ def assertion_consumer_service(request, attribute_mapping=None, create_unknown_u def metadata(request): - sp_config = get_config(None, request) + try: + sp_config = get_config(None, request) + except Exception as e: + logger.error(e) + return HttpResponseBadRequest('Failed to get saml config, please check your ADFS/SAML service.') sp_metadata = entity_descriptor(sp_config) return HttpResponse( content=str(sp_metadata).encode("utf-8"),