Circles 0.12.0 - Semantic, Security features & Linked Groups

Cult · August 5, 2017, 8:32am

Today, and exactly 1 year after creating my account on this forum (I just received the Anniversary Badge), a new major version of Circles will be released. Let’s review it !

Semantic

We are renaming 2 types of circles. The ‘Private circle’ is now named ‘Closed circle’, and ‘Hidden circle’ is now called ‘Secret Circle’.
Their official description also changed. Let me remind you the different types of circles that are available right now:

A Personal Circle is a list of users known only to the owner.
This is the right option if you want to do recurrent sharing with the same list of local users.
A Public Circle is an open group visible to anyone willing to join.
Anyone can see the circle, can join the circle and access the items shared to the circle.
Joining a Closed Circle requires an invitation or a confirmation by a moderator.
Anyone can find the circle and request an invitation; but only members will see who’s in it and get access to shared items.
A Secret Circle is an hidden group that can only be seen by its members or by people knowing the exact name of the circle.
Non-members won’t be able to find your secret circle using the search bar.

Security and Code design

Until now, circles were identified by a numerical ID, which is incremented on circle creation. Meaning a security issue for secret circles if your users were searching for a circle by its ID using the API (through the JavaScript console or curl requests). Now, circles are identified by a unique 14 chars width string.

Circles 0.12.0 also add a security feature in the files sharing process. When a user leaves a circle all his files shared with the circle are not available to its members anymore.
Please note that despite files not being available to the other members of the circle, the sharing interface is still displaying the files as shared to the circle (This will be fixed in NC 13).
Once the user comes back into the circle, his shared files will be available again to the members.

100% Query Builder. I decided to get rid of all Database Entity/Mapper files and only use the QueryBuilder lib. This makes all database request a lot more readable, even for not-database-oriented-developers.

Features

The core of Nextcloud provide a functionality that allow cloud administrators to create and manage groups.

Circles 0.12.0 add integration with those groups.

Moderator of a circle can mass-invite the members of a group by searching the name of the group in the Add Member field.

Even bigger feature, administrators of a circle can link groups to a circle and assign a level to the linked groups. Members of the linked groups will be members of the circle with the level assigned to the groups.
In case of a user having multiple levels from multiple linked groups, or from being also a direct member of the circle, his higher level will be used during his interaction with the circle.

The owner of a circle can can now edit its name and add a description. This can be done from the settings page of the circle (the wheel icon at the top right of the interface)
The activities regarding circles and their members can now be send by mail. You can select this using the right checkbox in the Personal Settings Interface.

Bugfixes:

in some setup, icons from the circle administration interface were not available.
If the Circles app was deleted but not disabled could result with Nextcloud having some strange behaviour.
Some glitches in the User Interface.

tl;dr

- Security: SQL incremented ID is not used anymore; Every request on a Circle will require a 14 chars version of its Unique ID. (API v0.10.0).
- Security: When leaving a circle, shared files are not accessible by said circle anymore.
- Bug: Fix icons.
- Bug: Fix strange behaviour when the app is deleted from disk, but not disabled in the cloud.
- Code design: Getting rid of Mapper/Entity and using pure QueryBuilder.
- Feature: Edit Name and Description of a circle.
- Feature: Activities are now sent by email.
- Feature: Mass invite group members to a circle.
- Feature: Link groups to circle and assign level to linked group.
- UI: fixing some glitches. 
- Global: Private circle are now named Closed circle.
- Global: Hidden circle are now named Secret circle.

Schmu · August 5, 2017, 4:00pm

Awesome!! I really like this app and you made some great changes to make it even better! Great job and thank you so much!

muppeth · August 6, 2017, 6:40pm

After updating I noticed I don’t see any public circles, while i see them being created in my activity stream. Not sure if I’m the only one here. I will dig out some logs later if needed.

lars-becker · August 7, 2017, 12:29am

After updating my previously created hidden circles aren’t accessible anymore. They are not shown to users who where previously members of the groups, not even to admin users.

But the circle is still there. It’s reachable via links in the activities app. Also it’s not possible to create a new circle with the same name since it already exists.

Cult · August 7, 2017, 7:22am

@lars-becker Can you give me more details about the database you are using, and what happens if you create a new hidden circles and invite someone in ? is it shown to your new member ?

Cult · August 7, 2017, 10:17am

@lars-becker @muppeth Upgrading to Circles 0.12.1 should fix this issue.

Schmu · August 7, 2017, 10:19am

Oh, and I thought the previous update just made me intentionally start all over
My circles are back now Thanks.

muppeth · August 7, 2017, 10:32am

Yup. it works now. Thanks a lot for a quick fix.

lars-becker · August 7, 2017, 11:13am

I couldn’t update the app. I tried to update via the web interface but it failed because of the following error:

An exception occurred while executing 'UPDATEoc_circles_membersSETcircle_id= ? WHEREcircle_id= ?' with params ["3075c280b3078b", "3"]: SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry '3075c280b3078b-euhh' for key 'PRIMARY'

Since then I only get redirected to the update screen with tells me that the circles app need to be updated. When I try to do so the following error message follows:

Doctrine\DBAL\Exception\UniqueConstraintViolationException: An exception occurred while executing 'UPDATE `oc_circles_members` SET `circle_id` = ? WHERE `circle_id` = ?' with params ["3075c280b3078b", "3"]: SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry '3075c280b3078b-euhh' for key 'PRIMARY'


Preparing update
Set log level to debug
Turned on maintenance mode
Updating database schema
Updated database
[0 / 0]: Fix the shares to use timestamp instead of datetime
[0 / 0]: Generate unique id on created circle
Doctrine\DBAL\Exception\UniqueConstraintViolationException: An exception occurred while executing 'UPDATE `oc_circles_members` SET `circle_id` = ? WHERE `circle_id` = ?' with params ["3075c280b3078b", "3"]: SQLSTATE[23000]: Integrity constraint violation: 1062 Duplicate entry '3075c280b3078b-euhh' for key 'PRIMARY'
The update was unsuccessful. Please report this issue to the Nextcloud community.

Since then the Nextcloud can’t be accessed at all. Sadly I can’t investigate further because I have no direct access to the MySQL database or commandline to disable the app since it’s a shared hosting solution.

lars-becker · August 7, 2017, 11:23am

I tried my personal next cloud which also had hidden circles, but there I had no problems while upgrading and all circles are back as before. Any ideas how to resolve this issue?

Cult · August 7, 2017, 1:23pm

@lars-becker : I am currently trying to understand how this bug could appears, and right now the only way that could have generate that issue if if you have tried adding a user (named ‘euhh’) to an existing circles between the 2 updates ?

Then, I guess you will need to contact someone and get the circles app removed in order to make your nextcloud working again

lars-becker · August 7, 2017, 2:54pm

Thanks @Cult. This is indeed the case. As described above I could only reach the circle via a link on the activities app. When I did so it showed that the user was no member and I wanted to see if something happened when I try ask to become a member. I impersonated the “euhh” user, who created the circle, an asked to become a member hoping that I might get a notification to confirm this. This didn’t worked out; it only showed “confirmation pending” when visiting the circle URL.
It seems it was added then.

If I disable the circle app and enable it again will a circles be gone or will this error reapper? I would like to use the circle app; but I guess the duplicate keys in the databse won’t be remove when I remove the app?

Cult · August 7, 2017, 3:06pm

Thanks for that confirmation. I am fixing it and will release a new version in the next hour. This should do the trick:

Remove completely Circles app (you can do that from the Apps page/Disabled apps in Nextcloud).
Wait for few hours so the next release (0.12.2) appears in the Apps page.
Re-install/re-enable the app on that fresh new version.
Cross your finger !

lars-becker · August 7, 2017, 3:07pm

Thanks @Cult . I keep you posted.

lars-becker · August 7, 2017, 4:41pm

@Cult The support of our hoster deactivated the App and I updated to 0.12.2 after it was available. This worked insofar as the circles app is usable again. But all circles disappeared again. If this is the intended behaviour everything is correct and we will simple add the circles. If this is not intended there’s still something wrong.

In any case: thanks for your very fast reaction!

lars-becker · August 7, 2017, 4:50pm

There’s still something wrong. In the activities view I still find entries related to the circles and if I follow the link I see the group info with the information that my request to join the circle is still pending.

Cult · August 7, 2017, 5:51pm

@lars-becker: Looks like we are witnessing a bug !

I made some testing and when a disabled app is enabled again and in need of some update, the migration/update scripts are not triggered.

I will release a 0.12.3 within the next few days, in case of other reports of bugs. This update will execute the script (if the app is enabled)

lars-becker · October 5, 2017, 4:48pm

I have installed 0.12.4 but the problem still persists. If I go to the circles app they’re no circles listed. But when I look at the activities app I still find references to the circles I created with circles 0.12. When I click on them I find a button to join the circle, so the circle still seem to exist somewhere in the database. The same holds true if I try to recreate a circle with the same name. I always get a notification that there’s already a circle with that name.

Is there any possibility to delete these circles, so that I can recreate them?

lars-becker · October 5, 2017, 5:35pm

Hi @Cult I just found a related bug. I noticed that there were no entries in the files app under “shared by you”; which is obviously false because I shared a lot of files wither other users. Then I took a look into the logs and found the following:

OC\User\NoUserException: 

 0. /var/www/vhosts/XXX.next-cloud.org/httpdocs/apps/circles/lib/ShareByCircleProvider.php - line 384: OCA\Circles\Service\MiscService->getDisplayName(NULL)
 1. /var/www/vhosts/XXX.next-cloud.org/httpdocs/apps/circles/lib/ShareByCircleProvider.php - line 364: OCA\Circles\ShareByCircleProvider->editShareEntry(Array)
 2. /var/www/vhosts/XXX.next-cloud.org/httpdocs/lib/private/Share20/Manager.php - line 1058: OCA\Circles\ShareByCircleProvider->getSharesBy('lars.becker', 7, NULL, false, -1, 0)
 3. /var/www/vhosts/XXX.next-cloud.org/httpdocs/apps/files_sharing/lib/Controller/ShareAPIController.php - line 623: OC\Share20\Manager->getSharesBy('lars.becker', 7, NULL, false, -1, 0)
 4. [internal function] OCA\Files_Sharing\Controller\ShareAPIController->getShares('false', false, 'false', NULL, 'true')
 5.  /var/www/vhosts/XXX.next-cloud.org/httpdocs/lib/private/AppFramework/Http/Dispatcher.php - line 160: call_user_func_array(Array, Array)
 6.  /var/www/vhosts/XXX.next-cloud.org/httpdocs/lib/private/AppFramework/Http/Dispatcher.php - line 90: OC\AppFramework\Http\Dispatcher->executeController(Object(OCA\Files_Sharing\Controller\ShareAPIController), 'getShares')
 7.  /var/www/vhosts/XXX.next-cloud.org/httpdocs/lib/private/AppFramework/App.php - line 114: OC\AppFramework\Http\Dispatcher->dispatch(Object(OCA\Files_Sharing\Controller\ShareAPIController), 'getShares')
 8.  /var/www/vhosts/XXX.next-cloud.org/httpdocs/lib/private/AppFramework/Routing/RouteActionHandler.php - line 47: OC\AppFramework\App main('OCA\\Files_Shari...', 'getShares', Object(OC\AppFramework\DependencyInjection\DIContainer), Array)
 9.  [internal function] OC\AppFramework\Routing\RouteActionHandler->__invoke(Array)
 10. /var/www/vhosts/XXX.next-cloud.org/httpdocs/lib/private/Route/Router.php - line 299: call_user_func(Object(OC\AppFramework\Routing\RouteActionHandler), Array)
 11. /var/www/vhosts/XXX.next-cloud.org/httpdocs/ocs/v1.php - line 77: OC\Route\Router->match('/ocsapp/apps/fi...')
 12. {main}

I then disabled the circles app and et voila the files app showed all files shared by me again. I don’t have a clue what’s wrong, but whatever it is, it’s not only a small bug which prevent some old circles from showing up. It also prevents the files app from working correctly. Should I transfer this bug to the ticket system?

Best regards,
Lars

Cult · October 5, 2017, 5:51pm

I will soon release Circles 0.13.0, you will be able to fix this using a ./occ command