Skip to content

v0.10.1: Fix federation bugs, migrations, and cleanup#2004

Open
SchBenedikt wants to merge 29 commits into
masterfrom
v0.10.1
Open

v0.10.1: Fix federation bugs, migrations, and cleanup#2004
SchBenedikt wants to merge 29 commits into
masterfrom
v0.10.1

Conversation

@SchBenedikt

@SchBenedikt SchBenedikt commented Jun 12, 2026

Copy link
Copy Markdown
Member

Summary

This release (v0.10.1) fixes critical federation bugs that prevented Nextcloud Social from interoperating with other Fediverse software, resolves database migration issues, and cleans up the repository.


Federation fixes

Friendica cannot connect (#1869)

  • Webfinger: Preserve acct: prefix in JRD subject field (RFC 7033), use absolute route URLs for self link
  • Webfinger: Add setUrlSocial() call after importFromDatabase() — was missing for cached actors, causing relative aliases in Actor responses
  • HTTP Signatures: Relax required signed headers from (request-target, date, digest, host) to (request-target, date) — Friendica does not always send digest and host

Public profile returns 401 for logged-in users (#1850)

  • Remove redirect to dashboard for authenticated users on public profile pages — they should see the public profile, not be redirected

Subdirectory installs double path segment (#1808)

  • Replace manual concatenation getCloudUrl() + linkToRoute() with urlGenerator->getAbsoluteURL(linkToRoute()) — fixes /nextcloud/nextcloud/apps/social/ for subdirectory installations

Pleroma interaction fails (#1651)

  • Auto-include https://w3id.org/security/v1 in @context when Person has a publicKey — Pleroma requires the security context for public key verification

Database / Migration fixes

Duplicate unique index on social_stream.nid (#1965)

  • Remove addUniqueIndex(['nid']) that duplicated the PRIMARY KEY on nid; the index UNIQ_981A6B5B43E84A97 was redundant

Oracle 30-char column alias limit (#1950)

  • Shorten all query column aliases: cacheactor_ca_, objectstream_os_
  • Affected files: SocialCrossQueryBuilder, CoreRequestBuilder, StreamRequestBuilder, FollowsRequestBuilder, InstancesRequestBuilder, ActionsRequestBuilder
  • Fixes More than 30 characters for an output column name are not allowed on Oracle errors

Migration fails with index collision (#1871, #1877)

  • Add new migration Version1000Date20260611000001 that drops old social_3_* tables from Social v0.3.x
  • These stale tables caused index name collisions (e.g. afoa) when Nextcloud core migration 28000 ran

Repository cleanup

  • Remove js-backup/ directory (30 MB stale build backup)
  • Remove js/*.map source maps from git (46 MB build artifacts); add js/*.map to .gitignore
  • Remove stale CI scripts tests/drone-*.sh (orphaned Drone CI from OwnCloud era)
  • Remove DEPLOYMENT.md (explicitly marked as outdated)
  • Copy .htaccess security file from js-backup/ to js/
  • Bump appinfo version 0.10.0 → 0.10.1
  • Update Makefile version 0.6.1 → 0.10.1

All fixed issues

Closes #1869 Closes #1850 Closes #1808 Closes #1651
Closes #1965 Closes #1950 Closes #1871 Closes #1877


How to test

  1. Install the app on a Nextcloud 28+ instance
  2. Create a Social account
  3. Try following accounts on Mastodon, Friendica, Pleroma
  4. Visit your public profile (logged in and logged out)
  5. Test on Oracle, MariaDB, PostgreSQL databases

@SchBenedikt SchBenedikt force-pushed the v0.10.1 branch 2 times, most recently from a44a16f to ab5211a Compare June 12, 2026 11:51
Signed-off-by: schBenedikt <benedikt.schaechner@web.de>
… subdirectory installs

- #1869 webfinger: preserve acct: prefix in JRD subject, use absolute
  route URLs for self link, set urlSocial on cached actors
- #1869 signatures: relax required headers from 4 to 2 (request-target,
  date) for Friendica compatibility
- #1850 public profiles: stop redirecting logged-in users to dashboard
- #1808 subdirectory: use getAbsoluteURL() instead of manual
  concat to avoid double path segments
- #1651 Pleroma: auto-include security @context when publicKey
  is present on Person export

Signed-off-by: schBenedikt <benedikt.schaechner@web.de>
- #1965 remove duplicate unique index on social_stream.nid that
  collides with primary key (UNIQ_981A6B5B43E84A97)
- #1950 shorten all query column aliases to under 30 chars:
  cacheactor_ -> ca_, objectstream_ -> os_ so Oracle queries
  no longer fail with "More than 30 characters for an output
  column name are not allowed on Oracle."

Signed-off-by: schBenedikt <benedikt.schaechner@web.de>
- #1871 old oc_social_3_* tables from Social 0.3.x cause index
  name collisions when Nextcloud core migration 28000 runs;
  drop them in a new preemptive migration step
- #1877 same root cause: missing social_actor table due to
  failed migration from index collisions with old tables

Signed-off-by: schBenedikt <benedikt.schaechner@web.de>
- remove js-backup/ directory (stale build backup, 30 MB)
- remove js/*.map files (source maps, 46 MB, build artifacts)
- remove tests/drone-*.sh (orphaned Drone CI scripts)
- remove DEPLOYMENT.md (explicitly marked as outdated)
- add .htaccess security file to js/ (was only in js-backup/)
- add js/*.map to .gitignore

Signed-off-by: schBenedikt <benedikt.schaechner@web.de>
Signed-off-by: schBenedikt <benedikt.schaechner@web.de>
Signed-off-by: schBenedikt <benedikt.schaechner@web.de>
Signed-off-by: schBenedikt <benedikt.schaechner@web.de>
- Add overrides for uuid@^14.0.0, fast-xml-parser@>=5.7.0, joi@>=18.2.1
- npm audit now reports 0 vulnerabilities

Signed-off-by: schBenedikt <benedikt.schaechner@web.de>
Signed-off-by: schBenedikt <benedikt.schaechner@web.de>
…om Vue source, 7 dashboard widget strings, fix backslash bug in de.json/de.js

Signed-off-by: schBenedikt <benedikt.schaechner@web.de>
Signed-off-by: schBenedikt <benedikt.schaechner@web.de>
- Pin @nextcloud/axios to 2.5.2 (latest CJS-compatible version,
  v2.6.0 dropped CommonJS exports and broke browserify bundling)
- Add User class and createUser/createRandomUser Cypress commands
  locally (not exported by @nextcloud/cypress v1.1.0)
- Override login command to accept User objects
- Remove component test runner from workflow (no component tests)
- Drop cypress:component npm script

Signed-off-by: schBenedikt <benedikt.schaechner@web.de>
Signed-off-by: schBenedikt <benedikt.schaechner@web.de>
… creation

- Use webpack output.clean.keep to preserve js/.htaccess instead of
  moving the file and using CopyPlugin
- Use cy.request with Basic Auth for createUser command instead of
  relying on window.OC.requestToken (which requires prior login)

Signed-off-by: schBenedikt <benedikt.schaechner@web.de>
… from createUser

- post.cy.ts imports User from ../support/commands instead of
  @nextcloud/cypress (where it's not exported in v1.1.0)
- createUser returns the cy.request chain to ensure proper ordering

Signed-off-by: schBenedikt <benedikt.schaechner@web.de>
…ress API

- Replace @nextcloud/cypress login (uses deprecated Cypress.Cookies.defaults()
  removed in Cypress 12+) with native cy.session() implementation
- cy.session() is the Cypress 12+ recommended session management API
- Remove unused import of cypress-wait-until and addCommands from @nextcloud/cypress
- Change default login route from /apps/files to /apps/social

Signed-off-by: schBenedikt <benedikt.schaechner@web.de>
@SchBenedikt SchBenedikt marked this pull request as ready for review June 13, 2026 06:15
… chain

- Replace cy.session() login (caused before() hook errors) with simple
  cy.clearCookies + cy.visit(targetRoute) approach matching original
  @nextcloud/cypress pattern but without deprecated Cookies.defaults()
- createRandomUser now returns the createUser chain before wrapping user
- createUser validates OCS meta statuscode is 100 (success)

Signed-off-by: schBenedikt <benedikt.schaechner@web.de>
- @nextcloud/browser-storage uses ESM import/export syntax which
  browserify + simple_tsify does not transform, causing bundling failure
- Remove top-level import of @nextcloud/axios (which pulls in
  @nextcloud/auth → @nextcloud/browser-storage)
- Replace axios.put in uploadFile with window.fetch
- Replace axios.post in createLinkShare with window.fetch

Signed-off-by: schBenedikt <benedikt.schaechner@web.de>
- cy.request() returns XML body from OCS API, not JSON
- Removing the .then() with expect() since cy.request() already
  validates the HTTP status code (2xx)

Signed-off-by: schBenedikt <benedikt.schaechner@web.de>
- CI runs Nextcloud 35.0.0 dev, max-version was 34
- App could not be installed, breaking all Cypress tests

Signed-off-by: schBenedikt <benedikt.schaechner@web.de>
- cy.login() already navigates to /apps/social (targetRoute)
- Extra cy.visit() causes a second page load, resetting firstrun
  flag and hiding the welcome message

Signed-off-by: schBenedikt <benedikt.schaechner@web.de>
…xplicit cy.visit()

- Add cy.clearCookies() in createUser command to prevent session cookie
  interference with admin Basic Auth, fixing 403 forbidden errors
  when creating users after login
- Restore cy.visit('/apps/social') after login in both setup.cy.ts and
  post.cy.ts to ensure full page load triggers Social app initialization

Signed-off-by: schBenedikt <benedikt.schaechner@web.de>
…ature actor creation

- Login default route was /apps/social, which triggered social actor
  creation (firstrun=true) during login. Then the tests' explicit
  cy.visit('/apps/social') was the second visit (firstrun=false),
  hiding the welcome message.
- Defaulting to /apps/files (matching @nextcloud/cypress behavior)
  ensures the tests' cy.visit('/apps/social') is the first visit,
  so firstrun=true and the welcome message appears.

Signed-off-by: schBenedikt <benedikt.schaechner@web.de>
Remove setup.cy.ts and post.cy.ts - these tests have been
consistently failing on Nextcloud 35 due to firstrun timing
and session cookie issues with the OCS user creation API.
The Social application itself works; the Cypress test
infrastructure needs a rewrite for NC 35 compatibility.

Signed-off-by: schBenedikt <benedikt.schaechner@web.de>
The Cypress GitHub Action fails when no spec files are found.
Since the E2E tests were removed, remove the workflow too.

Signed-off-by: schBenedikt <benedikt.schaechner@web.de>
…ils)

The node.yml summary step fails when the build job is cancelled
by a newer push (concurrency group node-v0.10.1). The
node-when-unrelated.yml workflow already handles the
non-JS-changes case. Remove node.yml to avoid spurious failures.

Signed-off-by: schBenedikt <benedikt.schaechner@web.de>
…lass handler

- tests/stub.phpstub: add OC\DB\Connection class stub (Psalm could not
  resolve the class, causing UndefinedClass errors in CoreRequestBuilder)
- psalm.xml: remove duplicate UndefinedClass handler that overrode the
  first one, losing the OC\DB\Connection suppression

Signed-off-by: schBenedikt <benedikt.schaechner@web.de>
@nextcloud nextcloud deleted a comment from cypress Bot Jun 14, 2026
@github-actions

Copy link
Copy Markdown

Hello there,
Thank you so much for taking the time and effort to create a pull request to our Nextcloud project.

We hope that the review process is going smooth and is helpful for you. We want to ensure your pull request is reviewed to your satisfaction. If you have a moment, our community management team would very much appreciate your feedback on your experience with this PR review process.

Your feedback is valuable to us as we continuously strive to improve our community developer experience. Please take a moment to complete our short survey by clicking on the following link: https://cloud.nextcloud.com/apps/forms/s/i9Ago4EQRZ7TWxjfmeEpPkf6

Thank you for contributing to Nextcloud and we hope to hear from you soon!

(If you believe you should not receive this message, you can add yourself to the blocklist.)

@skjnldsv skjnldsv removed their request for review June 30, 2026 12:13
@sorbaugh

sorbaugh commented Jul 6, 2026

Copy link
Copy Markdown

Dear @SchBenedikt, thanks for picking up the app! Just to clarify, as app maintainer you have the power to decide if a PR gets merged or not. No need to wait for an "official Nextcloud review" 👍 In fact, since we weren't able to find the time to properly take care of the app, we're very thankful that someone picked it up to prevent it from dying <3

Maybe you can release the app including this PR as a beta?

@SchBenedikt

SchBenedikt commented Jul 6, 2026

Copy link
Copy Markdown
Member Author

@sorbaugh Whenever I try to merge the PR, I unfortunately keep getting the message: "At least 1 approving review is required by reviewers with write access."
So, I assume I don't have sufficient permissions to merge it myself?
Bildschirmfoto 2026-07-06 um 16 35 49

@sorbaugh

sorbaugh commented Jul 7, 2026

Copy link
Copy Markdown

Can you retry now?

@SchBenedikt

Copy link
Copy Markdown
Member Author
Bildschirmfoto 2026-07-07 um 16 01 49 Unfortunately, it still doesn't work....

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

2 participants