Note that the "last link share can be downloaded" step was kept as it
tests the "url" property specific of link shares.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>

The step names were adjusted accordingly.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>

When "send password by Talk" was disabled in a mail share it was
possible to keep the same password as before, as it does not pose any
security issue (unlike keeping it when "send password by Talk" is
enabled, as in that case the password was already disclosed by mail).

However, if a mail share is updated but the password is not set again
only the hashed password will be available. In that case it would not
make sense to send the password by mail, so now the password must be
changed when disabling "send password by Talk".

Note that, even if explicitly setting the same password again along with
the "send password by Talk" property would work, this was also prevented
for simplicity.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>

When "send password by Talk" is enabled in a mail share a new password
must be also set. However, when the passwords of the original and the
new share were compared it was not taken into account that the original
password is now hashed, while the new one is not (unless no new password
was sent, in which case the password of the original share was set in
the new share by the controller, but that was already prevented due to
both passwords being literally the same), so it was possible to set the
same password again.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>

When "send password by Talk" is enabled in a link share now a non empty
password is enforced.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>

When a mail share was created with a password the given password was not
hashed, so it was not possible to open the share with that password.
Moreover, if passwords were enforced the given password was ignored and
a new one was set (although in this case it was hashed so it worked as
expected). Now the given password is properly hashed and not overriden.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>

Add lazy events for the Node API

Add a capability when file comments are enabled

Signed-off-by: Joas Schilling <coding@schilljs.com>

Right now if you want to get events via the Node API you have to have a
real instance of the Root. Which in turns sets up the whole FS.

We should make sure this is done lazy. Else enabling the preview
generator for example makes you setup the whole FS on each and every
authenticated call.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Improve traces of invalid token exceptions

simplify getGroups, fixing wrong chunking logic

Remove db prefix option from cli install command

Make the translation sanitization optional

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>

pagination is taken care of properly in the search logic in Access class

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

Bump moment from 2.25.3 to 2.26.0

Simplify text variables from 4 to 2, map -lighter to -maxcontrast

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>

Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>

Bumps [moment](https://github.com/moment/moment) from 2.25.3 to 2.26.0.
- [Release notes](https://github.com/moment/moment/releases)
- [Changelog](https://github.com/moment/moment/blob/develop/CHANGELOG.md)
- [Commits](https://github.com/moment/moment/compare/2.25.3...2.26.0

)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>

use the loginname to verify the old password in user password changes

Signed-off-by: Joas Schilling <coding@schilljs.com>

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

Signed-off-by: Joas Schilling <coding@schilljs.com>

fixes infinitely repeating LDPA search results with PHP <= 7.2

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

Update recommended apps

Do not read certificate bundle from data dir by default

Bump vue-router from 3.1.6 to 3.2.0

Signed-off-by: Julius Härtl <jus@bitgrid.net>

Before the resources/config/ca-bundle.crt was only used when the list of custom
certificates was empty and the instance was not installed. But it should also
be used when the list is empty and the instance is installed.

This is inverting the logic to stop if the instance is not installed to use the
default bundle. And it also does this when the list is empty.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>

Signed-off-by: Julius Härtl <jus@bitgrid.net>

Bumps [vue-router](https://github.com/vuejs/vue-router) from 3.1.6 to 3.2.0.
- [Release notes](https://github.com/vuejs/vue-router/releases)
- [Changelog](https://github.com/vuejs/vue-router/blob/dev/CHANGELOG.md)
- [Commits](https://github.com/vuejs/vue-router/compare/v3.1.6...v3.2.0

)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>