135620 jvonka: REPO-2110 / MNT-17477: CMIS: SXSS+CSRF vulnerability (browser binding)
- force download=attachment (Content-Disposition headers) for all content types except those white-listed (eg. pdf & specific img types)
- follow-on for r135606 to fix fallout caught by TestPublicApiBrowser11TCK.testCMISTCKQuery()
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@137405 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
135566 jkaabimofrad: Merged WEBAPP-API (5.2.1) to 5.2.N (5.2.1)
135505 jkaabimofrad: APPSREPO-137: Made quick-share email template configurable via properties file. The template path property value could be an XPATH, a NodeRef of the template or a class path of the template.
- Added a helper class to provide email template related utility functions
- Added share as a default registered client for sending email - the template assets (images) will be available in share.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@137402 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
135565 jkaabimofrad: Merged WEBAPP-API (5.2.1) to 5.2.N (5.2.1)
135229 jkaabimofrad: APPSREPO-136: Updated the API framework so that WebApiNoAuth annotation can be used with operations.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@137401 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
135306 cturlica: Merged 5.2.0-CLOUD45 (Cloud ) to 5.2.N (5.2.1)
135265 cturlica: CLD-67: TestSiteMembershipRequests tests failing after cloud update from 5.2-SNAPSHOT to 5.2.0-CLOUD45-SNAPSHOT (plat/share)
- we shouldn't have default null value for not set properties (partial change for REPO-892)
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@137385 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
135255 arebegea: MNT-17427 : api/invite/cancel deletes records in the database with a GET: CSRF/XSS attack
- delete the script/org/alfresco/repository/invite/invite.get
- use the alternatives: script/org/alfresco/repository/site/invitation/invitation.post and script/org/alfresco/repository/site/invitation/invitation.delete
- updating the tests
- updating the controller for the invitation.delete to a java controller
- fix test fallout (SiteServiceTest testInviteDisabledUser - expected error status code)
- improve security by allowing only invitationIDs that belong the the site passed as parameter to be canceled
- be consistent and return 404 when an invitationID can not be found
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@137384 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
134806 mward: Merged mward/repo-1600-zonesfilter (5.2.1) to 5.2.N (5.2.1)
134741 mward: REPO-1600: added support for zone filtering to GET /people/{personId}/groups
Also brought in-line with spec to return an empty list rather than a 404 if the zone is non-existent.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@137365 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
134804 mward: Merged mward/repo-1600-zonesfilter (5.2.1) to 5.2.N (5.2.1)
134686 mward: REPO-1600: implemented logical conjunction for where clause
e.g.
isRoot=true AND zones in ('MY.ZONE')
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@137363 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
134802 mward: Merged mward/repo-1600-zonesfilter (5.2.1) to 5.2.N (5.2.1)
134670 mward: REPO-1600: initial groundwork
Includes impl for path where no isRoot parameter is supplied.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@137361 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
134674 cpopa: Merged WEBAPP-API (5.2.1) to 5.2.N (5.2.1)
134665 cpopa: APPSREPO-105 : Add an API to download multiple file/folders as a zip
- test fixes to get rid of unpredictable failures
- fixes after Gavin's OpenAPI spec review
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@137351 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
134671 cpopa: Merged WEBAPP-API (5.2.1) to 5.2.N (5.2.1)
134630 cpopa: APPSREPO-105 : Add an API to download multiple file/folders as a zip
- Added an API for creating a download, retrieving download info and canceling a download
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@137348 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
134310 cturlica: REPO-1304: Create a group
- added create group logic; fixed a sorting bug for get groups/group members; updated test framework - post/create action; fix toJSON issue for parentIds and zones.
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@137338 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
134045 cturlica: REPO-1684: We should not return properties that are empty
- Empty (zero length) string values are considered to be null values, and will be represented the same as null values (i.e. by non-existence of the property).
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@137334 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
133613 cturlica: REPO-1743: Bug ? - list groups - orderBy displayName
- made the sort consistent and display the shortName when authorityDisplayName isn't present (same as it's done when sorting by authorityDisplayName)
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@137311 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
134766 mmuller: Merged 5.2.N (5.2.1) to 5.2.0 (5.2.0)
134753 mmuller: Merged 5.2.N-REPO-1815 (5.2.1) to 5.2.N (5.2.1)
134749 mmuller: REPO-1815 / ACE-5753 check if operation is null or empty and attach cmisselect=repositoryInfo and some code optimazion
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@134987 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
134416 amukha: Merged 5.2.N (5.2.1) to 5.2.0 (5.2.0)
134396 amukha: Merged DEV to 5.2.N (5.2.1)
133903 sglover: MNT-17247 "Disabled user can log into Alfresco Share using external authentication" take user disabled status in to account for external authentication subsystem + tests
133907 sglover: MNT-17247 "Disabled user can log into Alfresco Share using external authentication" don't propagate user disabled exception
133930 sglover: MNT-17247 "Disabled user can log into Alfresco Share using external authentication" move test class and add to a test suite
134295 amukha: MNT-17247: Disabled user can log into Alfresco Share using external authentication
- Added a test to simulate creation of missing person during external auth log in.
134315 amukha: MNT-17247: Disabled user can log into Alfresco Share using external authentication
- Added a fallback to supprt the logging in by non provisioned users.
134354 amukha: MNT-17247: Disabled user can log into Alfresco Share using external authentication
- Added a test with deauthorized user. Refactored existing test to start context once.
134359 jvonka: REPO-1227: External authentication - prevent disabled user from authenticating
- add log warning (with masked username, similar to brute force attack) if authentication bypassed when setting user details
134372 amukha: MNT-17247: Disabled user can log into Alfresco Share using external authentication
- Updated core and data model (contain new logging)
134390 amukha: MNT-17247: Disabled user can log into Alfresco Share using external authentication
- isEnabled flag for users is returned correctly
- Added tests
git-svn-id: https://svn.alfresco.com/repos/alfresco-enterprise/alfresco/HEAD/root@134976 c4b6b30b-aa2e-2d43-bbcb-ca4b014f7261
