Merge branch 'master' into master

Author: enriquepablo

lib/private/Files/Type/Detection.php

@@ -97,7 +97,7 @@ private function loadCustomDefinitions(string $fileName, array $definitions): ar
 		if (file_exists($this->customConfigDir . '/' . $fileName)) {
 			$custom = json_decode(file_get_contents($this->customConfigDir . '/' . $fileName), true);
 			if (json_last_error() === JSON_ERROR_NONE) {
-				$definitions = array_merge($definitions, $custom);
+				$definitions = array_replace($definitions, $custom);
 			} else {
 				$this->logger->warning('Failed to parse ' . $fileName . ': ' . json_last_error_msg());
 			}

lib/public/IUserSession.php

@@ -1,82 +1,94 @@
 <?php
 
 /**
- * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
+ * SPDX-FileCopyrightText: 2016-2025 Nextcloud GmbH and Nextcloud contributors
  * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
  * SPDX-License-Identifier: AGPL-3.0-only
  */
-// use OCP namespace for all classes that are considered public.
-// This means that they should be used by apps instead of the internal Nextcloud classes
 
 namespace OCP;
 
 /**
- * User session
+ * Interface for managing and querying user session state.
+ *
+ * Provides methods for authenticating users, accessing the active user,
+ * and handling login/logout functionality in a Nextcloud server session.
  * @since 6.0.0
  */
 interface IUserSession {
 	/**
-	 * Do a user login
+	 * Attempts to authenticate the given user and start a session.
 	 *
-	 * @param string $uid the username
-	 * @param string $password the password
-	 * @return bool true if successful
+	 * @param string $uid The user's unique identifier (username).
+	 * @param string $password The user's plain-text password.
+	 * @return bool True on successful login, false otherwise.
 	 * @since 6.0.0
 	 */
 	public function login($uid, $password);
 
 	/**
-	 * Logs the user out including all the session data
-	 * Logout, destroys session
+	 * Logs out the current user and terminates their session.
+	 *
+	 * Clears authentication tokens and user-related session data.
 	 *
 	 * @return void
 	 * @since 6.0.0
 	 */
 	public function logout();
 
 	/**
-	 * set the currently active user
+	 * Sets the current active user for this session.
+	 *
+	 * Pass null to clear the active user and log out any existing session.
 	 *
-	 * @param \OCP\IUser|null $user
+	 * @param \OCP\IUser|null $user The user to set as active, or null to unset.
 	 * @since 8.0.0
 	 */
 	public function setUser($user);
 
 	/**
-	 * Temporarily set the currently active user without persisting in the session
+	 * Temporarily sets the active user for this session without persisting it in the session storage.
+	 *
+	 * Useful for request-scoped user overrides that do not affect the actual session state.
 	 *
-	 * @param IUser|null $user
+	 * @param \OCP\IUser|null $user The user to set as active, or null to clear.
 	 * @since 29.0.0
 	 */
 	public function setVolatileActiveUser(?IUser $user): void;
 
 	/**
-	 * get the current active user
+	 * Returns the currently authenticated user for this session, or null if the session has no active user.
 	 *
-	 * @return \OCP\IUser|null Current user, otherwise null
+	 * @return \OCP\IUser|null The active user, or null if the session is anonymous, expired, or in incognito mode.
 	 * @since 8.0.0
 	 */
 	public function getUser();
 
 	/**
-	 * Checks whether the user is logged in
+	 * Checks whether a user is currently logged in for this session.
 	 *
-	 * @return bool if logged in
+	 * @return bool True if a user is authenticated and enabled, false otherwise.
 	 * @since 8.0.0
 	 */
 	public function isLoggedIn();
 
 	/**
-	 * get getImpersonatingUserID
+	 * Returns the user ID of the impersonator if another user is being impersonated.
 	 *
-	 * @return string|null
+	 * @return string|null The impersonating user's ID, or null if not impersonating.
 	 * @since 18.0.0
 	 */
 	public function getImpersonatingUserID(): ?string;
 
 	/**
-	 * set setImpersonatingUserID
+	 * Sets or clears the impersonator's user ID in the current session.
+	 *
+	 * Note: This does not initiate impersonation, but only records the identity of the impersonator in the session.
+	 *
+	 * If $useCurrentUser is true (default), records the current user's ID as the impersonator.
+	 * If false, removes any impersonator information from the session.
 	 *
+	 * @param bool $useCurrentUser Whether to assign the current user as the impersonator or to clear it.
 	 * @since 18.0.0
 	 */
 	public function setImpersonatingUserID(bool $useCurrentUser = true): void;

tests/lib/Files/Type/DetectionTest.php

@@ -117,24 +117,72 @@ public static function dataMimeTypeCustom(): array {
 	 */
 	#[\PHPUnit\Framework\Attributes\DataProvider('dataMimeTypeCustom')]
 	public function testDetectMimeTypeCustom(string $ext, string $mime): void {
-		$confDir = sys_get_temp_dir();
-		file_put_contents($confDir . '/mimetypemapping.dist.json', json_encode([]));
-
-		/** @var IURLGenerator $urlGenerator */
-		$urlGenerator = $this->getMockBuilder(IURLGenerator::class)
-			->disableOriginalConstructor()
-			->getMock();
-
-		/** @var LoggerInterface $logger */
-		$logger = $this->createMock(LoggerInterface::class);
-
-		// Create new mapping file
-		file_put_contents($confDir . '/mimetypemapping.dist.json', json_encode([$ext => [$mime]]));
+		$tmpDir = sys_get_temp_dir() . '/nc-detect-' . uniqid('', true);
+		mkdir($tmpDir, 0700);
+
+		try {
+			// Create a default / shipped mapping file (dist)
+			file_put_contents($tmpDir . '/mimetypemapping.dist.json', json_encode([]));
+
+			// Create new custom mapping file that should be picked up by Detection
+			file_put_contents($tmpDir . '/mimetypemapping.json', json_encode([$ext => [$mime]]));
+
+			/** @var IURLGenerator $urlGenerator */
+			$urlGenerator = $this->getMockBuilder(IURLGenerator::class)
+				->disableOriginalConstructor()
+				->getMock();
+
+			/** @var LoggerInterface $logger */
+			$logger = $this->createMock(LoggerInterface::class);
+
+			$detection = new Detection($urlGenerator, $logger, $tmpDir, $tmpDir);
+			$mappings = $detection->getAllMappings();
+
+			$this->assertArrayHasKey($ext, $mappings);
+			$this->assertEquals($mime, $detection->detectPath('foo.' . $ext));
+		} finally {
+			// cleanup
+			@unlink($tmpDir . '/mimetypemapping.json');
+			@unlink($tmpDir . '/mimetypemapping.dist.json');
+			@rmdir($tmpDir);
+		}
+	}
 
-		$detection = new Detection($urlGenerator, $logger, $confDir, $confDir);
-		$mappings = $detection->getAllMappings();
-		$this->assertArrayHasKey($ext, $mappings);
-		$this->assertEquals($mime, $detection->detectPath('foo.' . $ext));
+	public function testDetectMimeTypePreservesLeadingZeroKeys(): void {
+		$tmpDir = sys_get_temp_dir() . '/nc-detect-' . uniqid();
+		mkdir($tmpDir, 0700);
+		try {
+			// Create a default / shipped mapping file (dist)
+			file_put_contents($tmpDir . '/mimetypemapping.dist.json', json_encode([]));
+
+			// Create new custom mapping file with potentially problematic keys
+			$mappings = [
+				'001' => ['application/x-zeroone', null],
+				'1' => ['application/x-one', null],
+			];
+			file_put_contents($tmpDir . '/mimetypemapping.json', json_encode($mappings));
+
+			/** @var IURLGenerator $urlGenerator */
+			$urlGenerator = $this->getMockBuilder(IURLGenerator::class)
+				->disableOriginalConstructor()
+				->getMock();
+
+			/** @var LoggerInterface $logger */
+			$logger = $this->createMock(LoggerInterface::class);
+
+			$detection = new Detection($urlGenerator, $logger, $tmpDir, $tmpDir);
+			$mappings = $detection->getAllMappings();
+
+			$this->assertArrayHasKey('001', $mappings, 'Expected mapping to contain key "001"');
+			$this->assertArrayHasKey('1', $mappings, 'Expected mapping to contain key "1"');
+
+			$this->assertEquals('application/x-zeroone', $detection->detectPath('foo.001'));
+			$this->assertEquals('application/x-one', $detection->detectPath('foo.1'));
+		} finally {
+			@unlink($tmpDir . '/mimetypemapping.json');
+			@unlink($tmpDir . '/mimetypemapping.dist.json');
+			@rmdir($tmpDir);
+		}
 	}
 
 	public static function dataGetSecureMimeType(): array {