Accept both the legacy options.sharedSecret envelope and the new
protocol[name].sharedSecret form. Preserve the original cloud ID so the
factory can discover capabilities, then reset shareWith to the local
username for user lookup.
Delegate per-protocol validation to providers via the new
IValidationAwareCloudFederationProvider interface, with split exception
handling: BadRequestException -> 400, ProviderCouldNotAddShareException
-> the exception's own HTTP status (501 fallback).
In the notification handler, fall back to looking up the refresh token
via OcmTokenMapMapper when the access token cannot identify the federation.
Co-authored-by: Micke Nordin <kano@sunet.se>
Signed-off-by: Micke Nordin <kano@sunet.se>
Signed-off-by: Enrique Pérez Arnaud <enrique@cazalla.net>
The new public IManager::claimNextScheduledTask lands in master (35.0.0),
not 34.0.0. Addresses review feedback.
Signed-off-by: Yoan Bozhilov <bygadd@gmail.com>
Assisted-by: Claude Code:claude-opus-4-8
Trying to create an auth token from an authtoken
returns 403 now, not 503 (which is more correct)
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
- `$child` was used as an array key earlier. If they are numeric, they
are automatically converted to ints, leading to type issues later.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Current code blindy adds any resources to the ocm disocvery, this makes
it so that different cloud federation providers can not add different
protocols for the same resourceType without the resourceType being
duplicated, something that OCM does not allow:
```
REQUIRED: resourceTypes (array) - A list of all resource types this
server supports in both the Sending Server role and the Receiving
Server role, with their access protocols. Each item in this list MUST
itself be an object containing the following fields:
name (string) - A supported resource type (file, calendar, contact, ...).
Implementations MUST offer support for at least one resource type, where
file is the commonly supported one. Each resource type is identified by
its name: the list MUST NOT contain more than one resource type object
per given name.
...
```
https://datatracker.ietf.org/doc/html/draft-ietf-ocm-open-cloud-mesh-04#name-fields
This patch changes this behaviour from this example result:
```
{
"name": "folder",
"shareTypes": [
"user"
],
"protocols": {
"webapp": {}
}
},
{
"name": "folder",
"shareTypes": [
"user"
],
"protocols": {
"webapp-receive": {
"targets": [
"blank",
"iframe"
]
}
}
```
to:
```
{
"name": "folder",
"shareTypes": [
"user"
],
"protocols": {
"webapp": {},
"webapp-receive": {
"targets": [
"blank",
"iframe"
]
}
}
```
which is the correct behaviour according to OCM.
Signed-off-by: Micke Nordin <kano@sunet.se>
OCM is standardizing and expanding the use of notifications and having
an event for acting on in apps will be very useful.
Signed-off-by: Micke Nordin <kano@sunet.se>
Instead of logging one message per slow capability (and only in debug
mode), collect all slow capabilities and emit a single log entry with
all timings, using the highest applicable log level.
Signed-off-by: Simon L. <szaimen@e.mail.de>
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Signed-off-by: Simon L. <szaimen@e.mail.de>
Per review feedback: note in the lockTask docblock that the guard changed from
`status != RUNNING` to `status = SCHEDULED`, and that callers must now treat a
0 return as "the task is no longer claimable" rather than assuming success.
Signed-off-by: Yoan Bozhilov <bygadd@gmail.com>
Assisted-by: Claude Code:claude-opus-4-8
Address review feedback (@marcelklehr, Copilot):
- lockTask claims only SCHEDULED tasks (was status != RUNNING) and stamps
started_at in the same atomic UPDATE, so a finished task cannot be re-claimed
and the external-provider claim path records started_at as well.
- claimWithBoundedRetry re-reads after lockTask instead of a follow-up UPDATE.
- Oracle joins SQLite on the bounded-retry fallback: Oracle cannot combine a
row-limiting clause with FOR UPDATE (ORA-02014), which failed the claim tests
on Oracle CI.
- Reword the worker docblock/comments to "prefer oldest available" (parallel
SKIP LOCKED does not guarantee a strict global order).
- Add a regression test that lockTask does not resurrect a finished task.
Signed-off-by: Yoan Bozhilov <bygadd@gmail.com>
Assisted-by: Claude Code:claude-opus-4-8
Replace the worker retry/ignore-list claim-loop with a single atomic
SELECT ... FOR UPDATE SKIP LOCKED claim (SQLite bounded-retry fallback),
preserving the no-duplicate guarantee while removing the thundering-herd
contention that throttled backlog draining. Add a (status,type,last_updated)
index via the table-creating migration + db:add-missing-indices listener.
Signed-off-by: Yoan Bozhilov <bygadd@gmail.com>
Assisted-by: Claude Code:claude-opus-4-8
