[full-ci][tests-only] test: fix some test flakiness (#2003)

* test: check content after upload

Signed-off-by: Saw-jan <saw.jan.grg3e@gmail.com>

test: check content with retry

Signed-off-by: Saw-jan <saw.jan.grg3e@gmail.com>

* test: check empty body before json decoding

Signed-off-by: Saw-jan <saw.jan.grg3e@gmail.com>

* test: wait post-processing for webdav requests if applicable

Signed-off-by: Saw-jan <saw.jan.grg3e@gmail.com>

* test: check token before doing request

Signed-off-by: Saw-jan <saw.jan.grg3e@gmail.com>

test: check body before json decoding

Signed-off-by: Saw-jan <saw.jan.grg3e@gmail.com>

test: add wait step

Signed-off-by: Saw-jan <saw.jan.grg3e@gmail.com>

---------

Signed-off-by: Saw-jan <saw.jan.grg3e@gmail.com>

.make/go.mk

@@ -36,8 +36,18 @@ ifndef DATE
 	DATE := $(shell date -u '+%Y%m%d')
 endif
 
-LDFLAGS += -X google.golang.org/protobuf/reflect/protoregistry.conflictPolicy=warn -s -w -X "$(OC_REPO)/pkg/version.String=$(STRING)" -X "$(OC_REPO)/pkg/version.Tag=$(VERSION)" -X "$(OC_REPO)/pkg/version.Date=$(DATE)"
-DEBUG_LDFLAGS += -X google.golang.org/protobuf/reflect/protoregistry.conflictPolicy=warn -X "$(OC_REPO)/pkg/version.String=$(STRING)" -X "$(OC_REPO)/pkg/version.Tag=$(VERSION)" -X "$(OC_REPO)/pkg/version.Date=$(DATE)"
+LDFLAGS += -X google.golang.org/protobuf/reflect/protoregistry.conflictPolicy=warn -s -w \
+	-X "$(OC_REPO)/pkg/version.Edition=$(EDITION)" \
+	-X "$(OC_REPO)/pkg/version.String=$(STRING)" \
+	-X "$(OC_REPO)/pkg/version.Tag=$(VERSION)" \
+	-X "$(OC_REPO)/pkg/version.Date=$(DATE)"
+
+DEBUG_LDFLAGS += -X google.golang.org/protobuf/reflect/protoregistry.conflictPolicy=warn \
+	-X "$(OC_REPO)/pkg/version.Edition=$(EDITION)" \
+	-X "$(OC_REPO)/pkg/version.String=$(STRING)" \
+	-X "$(OC_REPO)/pkg/version.Tag=$(VERSION)" \
+	-X "$(OC_REPO)/pkg/version.Date=$(DATE)"
+
 DOCKER_LDFLAGS += -X "$(OC_REPO)/pkg/config/defaults.BaseDataPathType=path" -X "$(OC_REPO)/pkg/config/defaults.BaseDataPathValue=/var/lib/opencloud"
 DOCKER_LDFLAGS += -X "$(OC_REPO)/pkg/config/defaults.BaseConfigPathType=path" -X "$(OC_REPO)/pkg/config/defaults.BaseConfigPathValue=/etc/opencloud"
 

.woodpecker.env

@@ -1,4 +1,4 @@
 # The test runner source for UI tests
-WEB_COMMITID=3d7367cfb1abe288d0fc0b0b1cc494a7747bcaf6
+WEB_COMMITID=50e3fff6a518361d59cba864a927470f313b6f91
 WEB_BRANCH=stable-4.2
 

.woodpecker.star

@@ -18,7 +18,7 @@ OC_CI_ALPINE = "owncloudci/alpine:latest"
 OC_CI_BAZEL_BUILDIFIER = "owncloudci/bazel-buildifier:latest"
 OC_CI_CLAMAVD = "owncloudci/clamavd"
 OC_CI_DRONE_ANSIBLE = "owncloudci/drone-ansible:latest"
-OC_CI_GOLANG = "docker.io/golang:1.24"
+OC_CI_GOLANG = "registry.heinlein.group/opencloud/golang-ci:1.25"
 OC_CI_NODEJS = "owncloudci/nodejs:%s"
 OC_CI_PHP = "owncloudci/php:%s"
 OC_CI_WAIT_FOR = "owncloudci/wait-for:latest"
@@ -27,6 +27,7 @@ OC_LITMUS = "owncloudci/litmus:latest"
 OC_UBUNTU = "owncloud/ubuntu:20.04"
 ONLYOFFICE_DOCUMENT_SERVER = "onlyoffice/documentserver:7.5.1"
 PLUGINS_DOCKER_BUILDX = "woodpeckerci/plugin-docker-buildx:latest"
+PLUGINS_NOTATION = "registry.heinlein.group/opencloud/notation-wp-plugin:latest"
 PLUGINS_GITHUB_RELEASE = "woodpeckerci/plugin-release"
 PLUGINS_GIT_ACTION = "quay.io/thegeeklab/wp-git-action"
 PLUGINS_S3 = "plugins/s3:1"
@@ -40,7 +41,6 @@ DEFAULT_PHP_VERSION = "8.2"
 DEFAULT_NODEJS_VERSION = "20"
 
 CACHE_S3_SERVER = "https://s3.ci.opencloud.eu"
-INSTALL_LIBVIPS_COMMAND = "apt-get update; apt-get install libvips42 -y"
 
 dirs = {
     "base": "/woodpecker/src/github.com/opencloud-eu/opencloud",
@@ -74,11 +74,11 @@ OC_FED_DOMAIN = "%s:10200" % FED_OC_SERVER_NAME
 event = {
     "base": {
         "event": ["push", "manual"],
-        "branch": "main",
+        "branch": "stable-*",
     },
     "cron": {
         "event": "cron",
-        "branch": "main",
+        "branch": "stable-*",
     },
     "pull_request": {
         "event": "pull_request",
@@ -387,7 +387,7 @@ config = {
         "architectures": ["arm64", "amd64"],
         "production": {
             # NOTE: need to be updated if new production releases are determined
-            "tags": ["2.0"],
+            "tags": ["2.0", "4.0"],
             "repo": docker_repo_slug,
             "build_type": "production",
         },
@@ -479,6 +479,10 @@ def main(ctx):
     if ctx.build.event == "cron" and ctx.build.sender == "translation-sync":
         return translation_sync(ctx)
 
+    is_release_pr = (ctx.build.event == "pull_request" and ctx.build.sender == "openclouders" and "🎉 release" in ctx.build.title.lower())
+    if is_release_pr:
+        return [licenseCheck(ctx)]
+
     build_release_helpers = \
         readyReleaseGo()
 
@@ -705,7 +709,7 @@ def restoreGoBinCache():
             "name": "extract-go-bin-cache",
             "image": OC_UBUNTU,
             "commands": [
-                "tar -xmf %s -C /" % dirs["gobinTarPath"],
+                "tar -xvmf %s -C /" % dirs["gobinTarPath"],
             ],
         },
     ]
@@ -1652,17 +1656,18 @@ def dockerRelease(ctx, repo, build_type):
     build_args = {
         "REVISION": "%s" % ctx.build.commit,
         "VERSION": "%s" % (ctx.build.ref.replace("refs/tags/", "") if ctx.build.event == "tag" else "daily"),
+        "EDITION": "stable" if build_type == "production" else "rolling",
     }
 
     # if no additional tag is given, the build-plugin adds latest
     hard_tag = "daily"
     if ctx.build.event == "tag":
-        tag_version = ctx.build.ref.replace("refs/tags/", "")
+        tag_version = ctx.build.ref.replace("refs/tags/v", "")
         tag_parts = tag_version.split("-")
 
         # if a tag has something appended with "-" i.e. alpha, beta, rc1...
-        # set the entire string as tag, else leave empty to autotag with latest
-        hard_tag = tag_version if len(tag_parts) > 1 else ""
+        # set the entire string as tag, else tag with latest (same as empty with current plugin)
+        hard_tag = tag_version if len(tag_parts) > 1 else "latest"
 
     depends_on = getPipelineNames(getGoBinForTesting(ctx))
 
@@ -1751,6 +1756,36 @@ def dockerRelease(ctx, repo, build_type):
                     event["tag"],
                 ],
             },
+            {
+                "name": "notation-signing",
+                "image": PLUGINS_NOTATION,
+                "settings": {
+                    "key": {
+                        "from_secret": "notation_key",
+                    },
+                    "crt": {
+                        "from_secret": "notation_cert",
+                    },
+                    "target": "registry.heinlein.group/%s:%s" % (repo, hard_tag),
+                    "pull_image": True,
+                    "logins": [
+                        {
+                            "registry": "https://registry.heinlein.group",
+                            "username": {
+                                "from_secret": "harbor_opencloudeu_user",
+                            },
+                            "password": {
+                                "from_secret": "harbor_opencloudeu_password",
+                            },
+                        },
+                    ],
+                },
+                "when": [
+                    event["cron"],
+                    event["base"],
+                    event["tag"],
+                ],
+            },
         ],
         "depends_on": depends_on,
         "when": [
@@ -1785,6 +1820,7 @@ def binaryRelease(ctx, arch, depends_on = []):
                 "image": OC_CI_GOLANG,
                 "environment": {
                     "VERSION": (ctx.build.ref.replace("refs/tags/", "") if ctx.build.event == "tag" else "daily"),
+                    "EDITION": "rolling",
                     "HTTP_PROXY": {
                         "from_secret": "ci_http_proxy",
                     },
@@ -1917,6 +1953,7 @@ def readyReleaseGo():
                 "image": READY_RELEASE_GO,
                 "settings": {
                     "git_email": "devops@opencloud.eu",
+                    "release_branch": "stable-4.0",
                     "forge_type": "github",
                     "forge_token": {
                         "from_secret": "github_token",
@@ -2030,7 +2067,9 @@ def notifyMatrix(ctx):
                     },
                     "QA_REPO": "https://github.com/opencloud-eu/qa.git",
                     "QA_REPO_BRANCH": "main",
-                    "CI_WOODPECKER_URL": "https://ci.opencloud.eu/",
+                    "CI_WOODPECKER_URL": {
+                        "from_secret": "oc_ci_url",
+                    },
                     "CI_REPO_ID": "3",
                     "CI_WOODPECKER_TOKEN": "no-auth-needed-on-this-repo",
                 },
@@ -2192,9 +2231,6 @@ def opencloudServer(storage = "decomposed", accounts_hash_difficulty = 4, depend
             },
         },
         "commands": [
-            "apt-get update",
-            "apt-get install -y inotify-tools xattr",
-            INSTALL_LIBVIPS_COMMAND,
             "%s init --insecure true" % dirs["opencloudBin"],
             "cat $OC_CONFIG_DIR/opencloud.yaml",
             "cp tests/config/woodpecker/app-registry.yaml $OC_CONFIG_DIR/app-registry.yaml",
@@ -2238,7 +2274,6 @@ def startOpenCloudService(service = None, name = None, environment = {}):
             "detach": True,
             "environment": environment,
             "commands": [
-                INSTALL_LIBVIPS_COMMAND,
                 "%s %s server" % (dirs["opencloudBin"], service),
             ],
         },
@@ -2264,7 +2299,6 @@ def build():
             "name": "build",
             "image": OC_CI_GOLANG,
             "commands": [
-                "apt-get update; apt-get install libvips-dev -y",
                 "for i in $(seq 3); do make -C opencloud build ENABLE_VIPS=1 && break || sleep 1; done",
             ],
             "environment": CI_HTTP_PROXY_ENV,
@@ -2313,11 +2347,12 @@ def translation_sync(ctx):
                 "image": OC_CI_GOLANG,
                 "commands": [
                     "make l10n-read",
+                    "mkdir tx && cd tx",
                     "curl -o- https://raw.githubusercontent.com/transifex/cli/master/install.sh | bash",
-                    ". ~/.profile",
+                    "export PATH=$PATH:$(pwd) && cd ..",
                     "make l10n-push",
                     "make l10n-pull",
-                    "rm tx",
+                    "rm -rf tx",
                     "make l10n-clean",
                 ],
                 "environment": {

CHANGELOG.md

@@ -1,5 +1,96 @@
 # Changelog
 
+## [4.0.1](https://github.com/opencloud-eu/opencloud/releases/tag/v4.0.1) - 2025-12-15
+
+### ❤️ Thanks to all contributors! ❤️
+
+@ScharfViktor, @fschade, @kulmann, @micbar, @prashant-gurung899
+
+### ✅ Tests
+
+- [stable-4.0] Port #2011 [[#2018](https://github.com/opencloud-eu/opencloud/pull/2018)]
+
+### 🐛 Bug Fixes
+
+- [stable-4.0] fix: build time edition channels #2001 [[#2010](https://github.com/opencloud-eu/opencloud/pull/2010)]
+- [stable-4.0] fix: enforce trailing slash for server url [[#2002](https://github.com/opencloud-eu/opencloud/pull/2002)]
+- [stable-4.0] fix: enhance resource creation with detailed process information (#1978) [[#2000](https://github.com/opencloud-eu/opencloud/pull/2000)]
+
+## [4.0.0](https://github.com/opencloud-eu/opencloud/releases/tag/v4.0.0) - 2025-12-01
+
+### ❤️ Thanks to all contributors! ❤️
+
+@AlexAndBear, @MahdiBaghbani, @ScharfViktor, @butonic, @dragonchaser, @flimmy, @fschade, @individual-it, @jnweiger, @kulmann, @micbar, @mikelolasagasti, @pbleser-oc, @rhafer, @schweigisito
+
+### 💥 Breaking changes
+
+- collaboration: Enable `InsertRemoteImage` option [[#1692](https://github.com/opencloud-eu/opencloud/pull/1692)]
+
+### 📚 Documentation
+
+- Fix typos in antivirus README documentation [[#1940](https://github.com/opencloud-eu/opencloud/pull/1940)]
+- fix: add missing service README.md files with basic description [[#1859](https://github.com/opencloud-eu/opencloud/pull/1859)]
+- Fix README.md files which contain broken or missing links [[#1854](https://github.com/opencloud-eu/opencloud/pull/1854)]
+
+### 🐛 Bug Fixes
+
+- introduce OC_EVENTS_TLS_INSECURE [[#1936](https://github.com/opencloud-eu/opencloud/pull/1936)]
+- kill unused env vars [[#1888](https://github.com/opencloud-eu/opencloud/pull/1888)]
+- rc-handling was only active for the dryrun, not the real build-and-push [[#1919](https://github.com/opencloud-eu/opencloud/pull/1919)]
+- handle objectguid endianess [[#1901](https://github.com/opencloud-eu/opencloud/pull/1901)]
+- fix: add update server to default csp rules [[#1875](https://github.com/opencloud-eu/opencloud/pull/1875)]
+- fix: add missing capability flag support-radicale [[#1891](https://github.com/opencloud-eu/opencloud/pull/1891)]
+- fix opensearch client certificate [[#1890](https://github.com/opencloud-eu/opencloud/pull/1890)]
+- Bump reva [[#1882](https://github.com/opencloud-eu/opencloud/pull/1882)]
+- load two yaml configs [[#1617](https://github.com/opencloud-eu/opencloud/pull/1617)]
+- make user cache tenant aware [[#1732](https://github.com/opencloud-eu/opencloud/pull/1732)]
+- fix: sanitise markdow code to make docusaurus happy [[#1851](https://github.com/opencloud-eu/opencloud/pull/1851)]
+- update launch.json [[#1843](https://github.com/opencloud-eu/opencloud/pull/1843)]
+- docs: Fix auth-app examples in README [[#1844](https://github.com/opencloud-eu/opencloud/pull/1844)]
+- fix: fix typo in treesize logging [[#1826](https://github.com/opencloud-eu/opencloud/pull/1826)]
+- fix: set global signing secret fallback correctly [[#1781](https://github.com/opencloud-eu/opencloud/pull/1781)]
+
+### 📈 Enhancement
+
+- feat(ocm): add WAYF configuration for reva OCM service [[#1714](https://github.com/opencloud-eu/opencloud/pull/1714)]
+- log missing name or id attributes [[#1914](https://github.com/opencloud-eu/opencloud/pull/1914)]
+- collabora: Set IsAdminUser and IsAnonymousUser in CheckFileInfo [[#1745](https://github.com/opencloud-eu/opencloud/pull/1745)]
+
+### ✅ Tests
+
+- [full-ci] disable running ci with watch fs when full-ci [[#1902](https://github.com/opencloud-eu/opencloud/pull/1902)]
+- api-tests: delete spaces before users [[#1877](https://github.com/opencloud-eu/opencloud/pull/1877)]
+- update tika version [[#1872](https://github.com/opencloud-eu/opencloud/pull/1872)]
+- add share sync to collaborativePosix suite [[#1806](https://github.com/opencloud-eu/opencloud/pull/1806)]
+- removed test virus files from repo [[#1812](https://github.com/opencloud-eu/opencloud/pull/1812)]
+- increase timeouts waiting for notification & search [[#1802](https://github.com/opencloud-eu/opencloud/pull/1802)]
+- Sync share before action [[#1795](https://github.com/opencloud-eu/opencloud/pull/1795)]
+- correct STORAGE_USERS_POSIX_WATCH_FS env typo in CI [[#1746](https://github.com/opencloud-eu/opencloud/pull/1746)]
+
+### 📦️ Dependencies
+
+- [full-ci] revaBump-v2.40.1 [[#1927](https://github.com/opencloud-eu/opencloud/pull/1927)]
+- [full-ci] chore: bump web to v4.2.1 [[#1938](https://github.com/opencloud-eu/opencloud/pull/1938)]
+- build(deps): bump google.golang.org/grpc from 1.76.0 to 1.77.0 [[#1923](https://github.com/opencloud-eu/opencloud/pull/1923)]
+- build(deps): bump github.com/nats-io/nats-server/v2 from 2.12.1 to 2.12.2 [[#1922](https://github.com/opencloud-eu/opencloud/pull/1922)]
+- build(deps): bump github.com/kovidgoyal/imaging from 1.7.2 to 1.8.17 [[#1912](https://github.com/opencloud-eu/opencloud/pull/1912)]
+- build(deps): bump golang.org/x/crypto from 0.44.0 to 0.45.0 [[#1911](https://github.com/opencloud-eu/opencloud/pull/1911)]
+- [decomposed]Update version 4.0.0 rc.2 [[#1917](https://github.com/opencloud-eu/opencloud/pull/1917)]
+- chore: bump web to v4.2.1-rc.1 [[#1900](https://github.com/opencloud-eu/opencloud/pull/1900)]
+- revaBump-getting#428 [[#1887](https://github.com/opencloud-eu/opencloud/pull/1887)]
+- build(deps): bump github.com/blevesearch/bleve/v2 from 2.5.4 to 2.5.5 [[#1884](https://github.com/opencloud-eu/opencloud/pull/1884)]
+- build(deps): bump github.com/olekukonko/tablewriter from 1.1.0 to 1.1.1 [[#1869](https://github.com/opencloud-eu/opencloud/pull/1869)]
+- build(deps): bump golang.org/x/term from 0.36.0 to 0.37.0 [[#1845](https://github.com/opencloud-eu/opencloud/pull/1845)]
+- reva-bump-2.39.2. update opencloud 4.0.0-rc.1 [[#1849](https://github.com/opencloud-eu/opencloud/pull/1849)]
+- build(deps): bump golang.org/x/sync from 0.17.0 to 0.18.0 [[#1836](https://github.com/opencloud-eu/opencloud/pull/1836)]
+- build(deps): bump golang.org/x/oauth2 from 0.32.0 to 0.33.0 [[#1828](https://github.com/opencloud-eu/opencloud/pull/1828)]
+- build(deps): bump github.com/KimMachineGun/automemlimit from 0.7.4 to 0.7.5 [[#1787](https://github.com/opencloud-eu/opencloud/pull/1787)]
+- build(deps): bump github.com/open-policy-agent/opa from 1.9.0 to 1.10.1 [[#1788](https://github.com/opencloud-eu/opencloud/pull/1788)]
+- Bump reva [[#1786](https://github.com/opencloud-eu/opencloud/pull/1786)]
+- build(deps): bump github.com/gabriel-vasile/mimetype from 1.4.10 to 1.4.11 [[#1775](https://github.com/opencloud-eu/opencloud/pull/1775)]
+- build(deps): bump github.com/nats-io/nats-server/v2 from 2.12.0 to 2.12.1 [[#1706](https://github.com/opencloud-eu/opencloud/pull/1706)]
+- build(deps): bump github.com/onsi/ginkgo/v2 from 2.27.1 to 2.27.2 [[#1754](https://github.com/opencloud-eu/opencloud/pull/1754)]
+
 ## [3.7.0](https://github.com/opencloud-eu/opencloud/releases/tag/v3.7.0) - 2025-11-03
 
 ### ❤️ Thanks to all contributors! ❤️

go.mod

@@ -64,7 +64,7 @@ require (
 	github.com/open-policy-agent/opa v1.10.1
 	github.com/opencloud-eu/icap-client v0.0.0-20250930132611-28a2afe62d89
 	github.com/opencloud-eu/libre-graph-api-go v1.0.8-0.20250724122329-41ba6b191e76
-	github.com/opencloud-eu/reva/v2 v2.39.3
+	github.com/opencloud-eu/reva/v2 v2.40.1
 	github.com/opensearch-project/opensearch-go/v4 v4.5.0
 	github.com/orcaman/concurrent-map v1.0.0
 	github.com/pkg/errors v0.9.1
@@ -372,9 +372,9 @@ require (
 	github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
 	github.com/yashtewari/glob-intersection v0.2.0 // indirect
 	github.com/yusufpapurcu/wmi v1.2.4 // indirect
-	go.etcd.io/etcd/api/v3 v3.6.5 // indirect
-	go.etcd.io/etcd/client/pkg/v3 v3.6.5 // indirect
-	go.etcd.io/etcd/client/v3 v3.6.5 // indirect
+	go.etcd.io/etcd/api/v3 v3.6.6 // indirect
+	go.etcd.io/etcd/client/pkg/v3 v3.6.6 // indirect
+	go.etcd.io/etcd/client/v3 v3.6.6 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/auto/sdk v1.2.1 // indirect
 	go.opentelemetry.io/otel/exporters/otlp/otlptrace v1.38.0 // indirect

go.sum

@@ -963,8 +963,8 @@ github.com/opencloud-eu/inotifywaitgo v0.0.0-20251111171128-a390bae3c5e9 h1:dIft
 github.com/opencloud-eu/inotifywaitgo v0.0.0-20251111171128-a390bae3c5e9/go.mod h1:JWyDC6H+5oZRdUJUgKuaye+8Ph5hEs6HVzVoPKzWSGI=
 github.com/opencloud-eu/libre-graph-api-go v1.0.8-0.20250724122329-41ba6b191e76 h1:vD/EdfDUrv4omSFjrinT8Mvf+8D7f9g4vgQ2oiDrVUI=
 github.com/opencloud-eu/libre-graph-api-go v1.0.8-0.20250724122329-41ba6b191e76/go.mod h1:pzatilMEHZFT3qV7C/X3MqOa3NlRQuYhlRhZTL+hN6Q=
-github.com/opencloud-eu/reva/v2 v2.39.3 h1:/9NW08Bpy1GaNAPo8HrlyT21Flj8uNnOUyWLud1ehGc=
-github.com/opencloud-eu/reva/v2 v2.39.3/go.mod h1:kkGiMeEVR59VjDsmWIczWqRcwK8cy9ogTd/u802U3NI=
+github.com/opencloud-eu/reva/v2 v2.40.1 h1:QwMkbGMhwDSwfk2WxbnTpIig2BugPBaVFjWcy2DSU3U=
+github.com/opencloud-eu/reva/v2 v2.40.1/go.mod h1:DGH08n2mvtsQLkt8o15FV6m51FwSJJGhjR8Ty+iIJww=
 github.com/opencontainers/go-digest v1.0.0 h1:apOUWs51W5PlhuyGyz9FCeeBIOUDA/6nW8Oi/yOhh5U=
 github.com/opencontainers/go-digest v1.0.0/go.mod h1:0JzlMkj0TRzQZfJkVvzbP0HBR3IKzErnv2BNG4W4MAM=
 github.com/opencontainers/image-spec v1.1.1 h1:y0fUlFfIZhPF1W537XOLg0/fcx6zcHCJwooC2xJA040=
@@ -1275,12 +1275,12 @@ github.com/yusufpapurcu/wmi v1.2.4/go.mod h1:SBZ9tNy3G9/m5Oi98Zks0QjeHVDvuK0qfxQ
 go.etcd.io/bbolt v1.3.2/go.mod h1:IbVyRI1SCnLcuJnV2u8VeU0CEYM7e686BmAb1XKL+uU=
 go.etcd.io/bbolt v1.4.3 h1:dEadXpI6G79deX5prL3QRNP6JB8UxVkqo4UPnHaNXJo=
 go.etcd.io/bbolt v1.4.3/go.mod h1:tKQlpPaYCVFctUIgFKFnAlvbmB3tpy1vkTnDWohtc0E=
-go.etcd.io/etcd/api/v3 v3.6.5 h1:pMMc42276sgR1j1raO/Qv3QI9Af/AuyQUW6CBAWuntA=
-go.etcd.io/etcd/api/v3 v3.6.5/go.mod h1:ob0/oWA/UQQlT1BmaEkWQzI0sJ1M0Et0mMpaABxguOQ=
-go.etcd.io/etcd/client/pkg/v3 v3.6.5 h1:Duz9fAzIZFhYWgRjp/FgNq2gO1jId9Yae/rLn3RrBP8=
-go.etcd.io/etcd/client/pkg/v3 v3.6.5/go.mod h1:8Wx3eGRPiy0qOFMZT/hfvdos+DjEaPxdIDiCDUv/FQk=
-go.etcd.io/etcd/client/v3 v3.6.5 h1:yRwZNFBx/35VKHTcLDeO7XVLbCBFbPi+XV4OC3QJf2U=
-go.etcd.io/etcd/client/v3 v3.6.5/go.mod h1:ZqwG/7TAFZ0BJ0jXRPoJjKQJtbFo/9NIY8uoFFKcCyo=
+go.etcd.io/etcd/api/v3 v3.6.6 h1:mcaMp3+7JawWv69p6QShYWS8cIWUOl32bFLb6qf8pOQ=
+go.etcd.io/etcd/api/v3 v3.6.6/go.mod h1:f/om26iXl2wSkcTA1zGQv8reJRSLVdoEBsi4JdfMrx4=
+go.etcd.io/etcd/client/pkg/v3 v3.6.6 h1:uoqgzSOv2H9KlIF5O1Lsd8sW+eMLuV6wzE3q5GJGQNs=
+go.etcd.io/etcd/client/pkg/v3 v3.6.6/go.mod h1:YngfUVmvsvOJ2rRgStIyHsKtOt9SZI2aBJrZiWJhCbI=
+go.etcd.io/etcd/client/v3 v3.6.6 h1:G5z1wMf5B9SNexoxOHUGBaULurOZPIgGPsW6CN492ec=
+go.etcd.io/etcd/client/v3 v3.6.6/go.mod h1:36Qv6baQ07znPR3+n7t+Rk5VHEzVYPvFfGmfF4wBHV8=
 go.opencensus.io v0.20.1/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
 go.opencensus.io v0.20.2/go.mod h1:6WKK9ahsWS3RSO+PY9ZHZUfv2irvY6gN279GOPZjmmk=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=

opencloud/docker/Dockerfile.multiarch

@@ -3,6 +3,7 @@ ARG TARGETOS
 ARG TARGETARCH
 ARG VERSION
 ARG STRING
+ARG EDITION
 
 RUN apk add bash make git curl gcc musl-dev libc-dev binutils-gold inotify-tools vips-dev
 

pkg/tracing/tracing.go

@@ -105,9 +105,19 @@ func createResource(ctx context.Context, serviceName string) (*resource.Resource
 	return resource.New(ctx,
 		// Reads OTEL_RESOURCE_ATTRIBUTES and OTEL_SERVICE_NAME
 		resource.WithFromEnv(),
-		// Host and process information
+		// Host Information
 		resource.WithHost(),
-		resource.WithProcess(),
+		// Process Information
+		// Resource WithProcessOwner is deliberately omitted because
+		// inside containers where process might run as an arbitrary
+		// uid without a username associated this would fail.
+		resource.WithProcessPID(),
+		resource.WithProcessCommandArgs(),
+		resource.WithProcessExecutableName(),
+		resource.WithProcessExecutablePath(),
+		resource.WithProcessRuntimeDescription(),
+		resource.WithProcessRuntimeName(),
+		resource.WithProcessRuntimeVersion(),
 		// Service attributes
 		resource.WithAttributes(
 			semconv.ServiceName(serviceName),

pkg/version/export_test.go

@@ -0,0 +1,4 @@
+package version
+
+// InitEdition exports the private edition initialization func for testing
+var InitEdition = initEdition

pkg/version/version.go

@@ -1,9 +1,27 @@
 package version
 
 import (
+	"fmt"
+	"slices"
+	"strings"
 	"time"
 
 	"github.com/Masterminds/semver"
+	"github.com/opencloud-eu/reva/v2/pkg/logger"
+)
+
+const (
+
+	// Dev is used as a placeholder.
+	Dev = "dev"
+	// EditionDev indicates the development build channel was used to build the binary.
+	EditionDev = Dev
+	// EditionRolling indicates the rolling release build channel was used to build the binary.
+	EditionRolling = "rolling"
+	// EditionStable indicates the stable release build channel was used to build the binary.
+	EditionStable = "stable"
+	// EditionLTS indicates the lts release build channel was used to build the binary.
+	EditionLTS = "lts"
 )
 
 var (
@@ -16,22 +34,61 @@ var (
 	// LatestTag is the latest released version plus the dev meta version.
 	// Will be overwritten by the release pipeline
 	// Needs a manual change for every tagged release
-	LatestTag = "4.0.0-rc.2+dev"
+	LatestTag = "4.0.1+dev"
 
 	// Date indicates the build date.
 	// This has been removed, it looks like you can only replace static strings with recent go versions
 	//Date = time.Now().Format("20060102")
-	Date = "dev"
+	Date = Dev
 
 	// Legacy defines the old long 4 number OpenCloud version needed for some clients
 	Legacy = "0.1.0.0"
 	// LegacyString defines the old OpenCloud version needed for some clients
 	LegacyString = "0.1.0"
+
+	// Edition describes the build channel (stable, rolling, nightly, daily, dev)
+	Edition = Dev // default for self-compiled builds
 )
 
+func init() { //nolint:gochecknoinits
+	if err := initEdition(); err != nil {
+		logger.New().Error().Err(err).Msg("falling back to dev")
+	}
+}
+
+func initEdition() error {
+	regularEditions := []string{EditionDev, EditionRolling, EditionStable}
+	versionedEditions := []string{EditionLTS}
+	if !slices.ContainsFunc(slices.Concat(regularEditions, versionedEditions), func(s string) bool {
+		isRegularEdition := slices.Contains(regularEditions, Edition)
+		if isRegularEdition && s == Edition {
+			return true
+		}
+
+		// handle editions with a version
+		editionParts := strings.Split(Edition, "-")
+		if len(editionParts) != 2 { // a versioned edition channel must consist of exactly 2 parts.
+			return false
+		}
+
+		isVersionedEdition := slices.Contains(versionedEditions, editionParts[0])
+		if !isVersionedEdition { // not all channels can contain version information
+			return false
+		}
+
+		_, err := semver.NewVersion(editionParts[1])
+		return err == nil
+	}) {
+		Edition = Dev
+		return fmt.Errorf(`unknown edition channel "%s"`, Edition)
+	}
+
+	return nil
+}
+
 // Compiled returns the compile time of this service.
 func Compiled() time.Time {
-	if Date == "dev" {
+	if Date == Dev {
 		return time.Now()
 	}
 	t, _ := time.Parse("20060102", Date)

pkg/version/version_test.go

@@ -0,0 +1,65 @@
+package version_test
+
+import (
+	"fmt"
+	"testing"
+
+	"github.com/opencloud-eu/opencloud/pkg/version"
+)
+
+func TestChannel(t *testing.T) {
+	tests := map[string]struct {
+		got   string
+		valid bool
+	}{
+		"no channel, defaults to dev": {
+			got:   "",
+			valid: false,
+		},
+		"dev channel": {
+			got:   version.EditionDev,
+			valid: true,
+		},
+		"rolling channel": {
+			got:   version.EditionRolling,
+			valid: true,
+		},
+		"stable channel": {
+			got:   version.EditionStable,
+			valid: true,
+		},
+		"lts channel without version": {
+			got:   version.EditionLTS,
+			valid: false,
+		},
+		"lts-1.0.0 channel": {
+			got:   fmt.Sprintf("%s-1", version.EditionLTS),
+			valid: true,
+		},
+		"lts-one invalid version": {
+			got:   fmt.Sprintf("%s-one", version.EditionLTS),
+			valid: false,
+		},
+		"known channel with version": {
+			got:   fmt.Sprintf("%s-1", version.EditionStable),
+			valid: false,
+		},
+		"unknown channel": {
+			got:   "foo",
+			valid: false,
+		},
+	}
+
+	for name, test := range tests {
+		t.Run(name, func(t *testing.T) {
+			version.Edition = test.got
+
+			switch err := version.InitEdition(); {
+			case err != nil && !test.valid && version.Edition != version.Dev: // if a given edition is unknown, the value is always dev
+				fallthrough
+			case test.valid != (err == nil):
+				t.Fatalf("invalid edition: %s", version.Edition)
+			}
+		})
+	}
+}

services/activitylog/pkg/config/config.go

@@ -40,7 +40,7 @@ type Config struct {
 type Events struct {
 	Endpoint             string `yaml:"endpoint" env:"OC_EVENTS_ENDPOINT" desc:"The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture." introductionVersion:"1.0.0"`
 	Cluster              string `yaml:"cluster" env:"OC_EVENTS_CLUSTER" desc:"The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system." introductionVersion:"1.0.0"`
-	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
+	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;OC_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
 	TLSRootCACertificate string `yaml:"tls_root_ca_certificate" env:"OC_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided NOTIFICATIONS_EVENTS_TLS_INSECURE will be seen as false." introductionVersion:"1.0.0"`
 	EnableTLS            bool   `yaml:"enable_tls" env:"OC_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
 	AuthUsername         string `yaml:"username" env:"OC_EVENTS_AUTH_USERNAME" desc:"The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`

services/activitylog/pkg/service/l10n/locale/ca/LC_MESSAGES/activitylog.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Ivan Fustero, 2025\n"
 "Language-Team: Catalan (https://app.transifex.com/opencloud-eu/teams/204053/ca/)\n"

services/activitylog/pkg/service/l10n/locale/de/LC_MESSAGES/activitylog.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Jörn Friedrich Dreyer <jfd@butonic.de>, 2025\n"
 "Language-Team: German (https://app.transifex.com/opencloud-eu/teams/204053/de/)\n"

services/activitylog/pkg/service/l10n/locale/es/LC_MESSAGES/activitylog.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Elías Martín, 2025\n"
 "Language-Team: Spanish (https://app.transifex.com/opencloud-eu/teams/204053/es/)\n"

services/activitylog/pkg/service/l10n/locale/fr/LC_MESSAGES/activitylog.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: eric_G <junk.eg@free.fr>, 2025\n"
 "Language-Team: French (https://app.transifex.com/opencloud-eu/teams/204053/fr/)\n"

services/activitylog/pkg/service/l10n/locale/it/LC_MESSAGES/activitylog.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Simone Broglia, 2025\n"
 "Language-Team: Italian (https://app.transifex.com/opencloud-eu/teams/204053/it/)\n"

services/activitylog/pkg/service/l10n/locale/ko/LC_MESSAGES/activitylog.po

@@ -12,7 +12,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Junghyuk Kwon <kwon@junghy.uk>, 2025\n"
 "Language-Team: Korean (https://app.transifex.com/opencloud-eu/teams/204053/ko/)\n"

services/activitylog/pkg/service/l10n/locale/sv/LC_MESSAGES/activitylog.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-08 00:02+0000\n"
+"POT-Creation-Date: 2025-11-29 00:01+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Daniel Nylander <po@danielnylander.se>, 2025\n"
 "Language-Team: Swedish (https://app.transifex.com/opencloud-eu/teams/204053/sv/)\n"

services/activitylog/pkg/service/l10n/locale/zh/LC_MESSAGES/activitylog.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: YQS Yang, 2025\n"
 "Language-Team: Chinese (https://app.transifex.com/opencloud-eu/teams/204053/zh/)\n"

services/antivirus/README.md

@@ -36,13 +36,13 @@ Several factors can make it necessary to limit the maximum filesize the antiviru
 Use the `ANTIVIRUS_MAX_SCAN_SIZE` environment variable to scan only a given number of bytes,
 or to skip the whole resource.
 
-Even if it's recommended to scan the whole file, several factors like scanner type and version,
+Even if it is recommended to scan the whole file, several factors like scanner type and version,
 bandwidth, performance issues, etc. might make a limit necessary.
 
-In such cases, the antivirus the max scan size mode can be handy, the following modes are available:
+In such cases, the antivirus max scan size mode can be handy, the following modes are available:
 
-  -   `partial`: The file is scanned up to the given size. The rest of the file is not scanned. This is the default mode `ANTIVIRUS_MAX_SCAN_SIZE=partial`
-  -   `skip`: The file is skipped and not scanned. `ANTIVIRUS_MAX_SCAN_SIZE=skip`
+  -   `partial`: The file is scanned up to the given size. The rest of the file is not scanned. This is the default mode `ANTIVIRUS_MAX_SCAN_SIZE_MODE=partial`
+  -   `skip`: The file is skipped and not scanned. `ANTIVIRUS_MAX_SCAN_SIZE_MODE=skip`
 
 **IMPORTANT**
 > Streaming of files to the virus scan service still [needs to be implemented](https://github.com/owncloud/ocis/issues/6803).

services/antivirus/pkg/config/config.go

@@ -75,7 +75,7 @@ type Debug struct {
 type Events struct {
 	Endpoint             string `yaml:"endpoint" env:"OC_EVENTS_ENDPOINT;ANTIVIRUS_EVENTS_ENDPOINT" desc:"The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture." introductionVersion:"1.0.0"`
 	Cluster              string `yaml:"cluster" env:"OC_EVENTS_CLUSTER;ANTIVIRUS_EVENTS_CLUSTER" desc:"The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system." introductionVersion:"1.0.0"`
-	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;ANTIVIRUS_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
+	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;OC_EVENTS_TLS_INSECURE;ANTIVIRUS_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
 	TLSRootCACertificate string `yaml:"tls_root_ca_certificate" env:"OC_EVENTS_TLS_ROOT_CA_CERTIFICATE;ANTIVIRUS_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided ANTIVIRUS_EVENTS_TLS_INSECURE will be seen as false." introductionVersion:"1.0.0"`
 	EnableTLS            bool   `yaml:"enable_tls" env:"OC_EVENTS_ENABLE_TLS;ANTIVIRUS_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
 	AuthUsername         string `yaml:"username" env:"OC_EVENTS_AUTH_USERNAME;ANTIVIRUS_EVENTS_AUTH_USERNAME" desc:"The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`

services/audit/pkg/config/config.go

@@ -25,7 +25,7 @@ type Config struct {
 type Events struct {
 	Endpoint             string `yaml:"endpoint" env:"OC_EVENTS_ENDPOINT;AUDIT_EVENTS_ENDPOINT" desc:"The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture." introductionVersion:"1.0.0"`
 	Cluster              string `yaml:"cluster" env:"OC_EVENTS_CLUSTER;AUDIT_EVENTS_CLUSTER" desc:"The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system." introductionVersion:"1.0.0"`
-	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;AUDIT_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
+	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;OC_EVENTS_TLS_INSECURE;AUDIT_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
 	TLSRootCACertificate string `yaml:"tls_root_ca_certificate" env:"OC_EVENTS_TLS_ROOT_CA_CERTIFICATE;AUDIT_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided AUDIT_EVENTS_TLS_INSECURE will be seen as false." introductionVersion:"1.0.0"`
 	EnableTLS            bool   `yaml:"enable_tls" env:"OC_EVENTS_ENABLE_TLS;AUDIT_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
 	AuthUsername         string `yaml:"username" env:"OC_EVENTS_AUTH_USERNAME;AUDIT_EVENTS_AUTH_USERNAME" desc:"The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`

services/clientlog/pkg/config/config.go

@@ -31,7 +31,7 @@ type Config struct {
 type Events struct {
 	Endpoint             string `yaml:"endpoint" env:"OC_EVENTS_ENDPOINT;CLIENTLOG_EVENTS_ENDPOINT" desc:"The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture." introductionVersion:"1.0.0"`
 	Cluster              string `yaml:"cluster" env:"OC_EVENTS_CLUSTER;CLIENTLOG_EVENTS_CLUSTER" desc:"The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system." introductionVersion:"1.0.0"`
-	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;CLIENTLOG_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
+	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;OC_EVENTS_TLS_INSECURE;CLIENTLOG_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
 	TLSRootCACertificate string `yaml:"tls_root_ca_certificate" env:"OC_EVENTS_TLS_ROOT_CA_CERTIFICATE;CLIENTLOG_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided NOTIFICATIONS_EVENTS_TLS_INSECURE will be seen as false." introductionVersion:"1.0.0"`
 	EnableTLS            bool   `yaml:"enable_tls" env:"OC_EVENTS_ENABLE_TLS;CLIENTLOG_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
 	AuthUsername         string `yaml:"username" env:"OC_EVENTS_AUTH_USERNAME;CLIENTLOG_EVENTS_AUTH_USERNAME" desc:"The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`

services/eventhistory/pkg/config/config.go

@@ -49,7 +49,7 @@ type Store struct {
 type Events struct {
 	Endpoint             string `yaml:"endpoint" env:"OC_EVENTS_ENDPOINT;EVENTHISTORY_EVENTS_ENDPOINT" desc:"The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture." introductionVersion:"1.0.0"`
 	Cluster              string `yaml:"cluster" env:"OC_EVENTS_CLUSTER;EVENTHISTORY_EVENTS_CLUSTER" desc:"The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system." introductionVersion:"1.0.0"`
-	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;EVENTHISTORY_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
+	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;OC_EVENTS_TLS_INSECURE;EVENTHISTORY_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
 	TLSRootCACertificate string `yaml:"tls_root_ca_certificate" env:"OC_EVENTS_TLS_ROOT_CA_CERTIFICATE;EVENTHISTORY_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. Will be seen as empty if NOTIFICATIONS_EVENTS_TLS_INSECURE is provided." introductionVersion:"1.0.0"`
 	EnableTLS            bool   `yaml:"enable_tls" env:"OC_EVENTS_ENABLE_TLS;EVENTHISTORY_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
 	AuthUsername         string `yaml:"username" env:"OC_EVENTS_AUTH_USERNAME;EVENTHISTORY_EVENTS_AUTH_USERNAME" desc:"The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`

services/frontend/pkg/config/config.go

@@ -33,7 +33,7 @@ type Config struct {
 	EnableFederatedSharingIncoming bool   `yaml:"enable_federated_sharing_incoming" env:"OC_ENABLE_OCM;FRONTEND_ENABLE_FEDERATED_SHARING_INCOMING" desc:"Changing this value is NOT supported. Enables support for incoming federated sharing for clients. The backend behaviour is not changed." introductionVersion:"1.0.0"`
 	EnableFederatedSharingOutgoing bool   `yaml:"enable_federated_sharing_outgoing" env:"OC_ENABLE_OCM;FRONTEND_ENABLE_FEDERATED_SHARING_OUTGOING" desc:"Changing this value is NOT supported. Enables support for outgoing federated sharing for clients. The backend behaviour is not changed." introductionVersion:"1.0.0"`
 	SearchMinLength                int    `yaml:"search_min_length" env:"FRONTEND_SEARCH_MIN_LENGTH" desc:"Minimum number of characters to enter before a client should start a search for Share receivers. This setting can be used to customize the user experience if e.g too many results are displayed." introductionVersion:"1.0.0"`
-	Edition                        string `yaml:"edition" env:"OC_EDITION;FRONTEND_EDITION" desc:"Edition of OpenCloud. Used for branding purposes." introductionVersion:"1.0.0"`
+	Edition                        string `desc:"Edition of OpenCloud. Used for branding purposes." introductionVersion:"1.0.0"`
 	DisableSSE                     bool   `yaml:"disable_sse" env:"OC_DISABLE_SSE;FRONTEND_DISABLE_SSE" desc:"When set to true, clients are informed that the Server-Sent Events endpoint is not accessible." introductionVersion:"1.0.0"`
 	DisableRadicale                bool   `yaml:"disable_radicale" env:"FRONTEND_DISABLE_RADICALE" desc:"When set to true, clients are informed that the Radicale (CalDAV/CardDAV) is not accessible." introductionVersion:"4.0.0"`
 	DefaultLinkPermissions         int    `yaml:"default_link_permissions" env:"FRONTEND_DEFAULT_LINK_PERMISSIONS" desc:"Defines the default permissions a link is being created with. Possible values are 0 (= internal link, for instance members only) and 1 (= public link with viewer permissions). Defaults to 1." introductionVersion:"1.0.0"`
@@ -174,8 +174,8 @@ type Checksums struct {
 type Events struct {
 	Endpoint             string `yaml:"endpoint" env:"OC_EVENTS_ENDPOINT;FRONTEND_EVENTS_ENDPOINT" desc:"The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture." introductionVersion:"1.0.0"`
 	Cluster              string `yaml:"cluster" env:"OC_EVENTS_CLUSTER;FRONTEND_EVENTS_CLUSTER" desc:"The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system." introductionVersion:"1.0.0"`
-	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;FRONTEND_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
-	TLSRootCACertificate string `yaml:"tls_root_ca_certificate" env:"FRONTEND_EVENTS_TLS_ROOT_CA_CERTIFICATE;OCS_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided NOTIFICATIONS_EVENTS_TLS_INSECURE will be seen as false." introductionVersion:"1.0.0"`
+	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;OC_EVENTS_TLS_INSECURE;FRONTEND_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
+	TLSRootCACertificate string `yaml:"tls_root_ca_certificate" env:"OC_EVENTS_TLS_ROOT_CA_CERTIFICATE;FRONTEND_EVENTS_TLS_ROOT_CA_CERTIFICATE;OCS_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided NOTIFICATIONS_EVENTS_TLS_INSECURE will be seen as false." introductionVersion:"1.0.0"`
 	EnableTLS            bool   `yaml:"enable_tls" env:"OC_EVENTS_ENABLE_TLS;FRONTEND_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
 	AuthUsername         string `yaml:"username" env:"OC_EVENTS_AUTH_USERNAME;FRONTEND_EVENTS_AUTH_USERNAME" desc:"The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
 	AuthPassword         string `yaml:"password" env:"OC_EVENTS_AUTH_PASSWORD;FRONTEND_EVENTS_AUTH_PASSWORD" desc:"The password to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`

services/frontend/pkg/config/defaults/defaultconfig.go

@@ -5,6 +5,7 @@ import (
 
 	"github.com/opencloud-eu/opencloud/pkg/shared"
 	"github.com/opencloud-eu/opencloud/pkg/structs"
+	"github.com/opencloud-eu/opencloud/pkg/version"
 	"github.com/opencloud-eu/opencloud/services/frontend/pkg/config"
 )
 
@@ -87,7 +88,7 @@ func DefaultConfig() *config.Config {
 		DefaultUploadProtocol:    "tus",
 		DefaultLinkPermissions:   1,
 		SearchMinLength:          3,
-		Edition:                  "",
+		Edition:                  version.Edition,
 		CheckForUpdates:          true,
 		Checksums: config.Checksums{
 			SupportedTypes:      []string{"sha1", "md5", "adler32"},

services/frontend/pkg/revaconfig/config.go

@@ -346,7 +346,7 @@ func FrontendConfigFromStruct(cfg *config.Config, logger log.Logger) (map[string
 						},
 						"version": map[string]interface{}{
 							"product":        "OpenCloud",
-							"edition":        "",
+							"edition":        version.Edition,
 							"major":          version.ParsedLegacy().Major(),
 							"minor":          version.ParsedLegacy().Minor(),
 							"micro":          version.ParsedLegacy().Patch(),

services/graph/pkg/config/config.go

@@ -129,7 +129,7 @@ type API struct {
 type Events struct {
 	Endpoint             string `yaml:"endpoint" env:"OC_EVENTS_ENDPOINT;GRAPH_EVENTS_ENDPOINT" desc:"The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Set to a empty string to disable emitting events." introductionVersion:"1.0.0"`
 	Cluster              string `yaml:"cluster" env:"OC_EVENTS_CLUSTER;GRAPH_EVENTS_CLUSTER" desc:"The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture." introductionVersion:"1.0.0"`
-	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;GRAPH_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
+	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;OC_EVENTS_TLS_INSECURE;GRAPH_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
 	TLSRootCACertificate string `yaml:"tls_root_ca_certificate" env:"OC_EVENTS_TLS_ROOT_CA_CERTIFICATE;GRAPH_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided GRAPH_EVENTS_TLS_INSECURE will be seen as false." introductionVersion:"1.0.0"`
 	EnableTLS            bool   `yaml:"enable_tls" env:"OC_EVENTS_ENABLE_TLS;GRAPH_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
 	AuthUsername         string `yaml:"username" env:"OC_EVENTS_AUTH_USERNAME;GRAPH_EVENTS_AUTH_USERNAME" desc:"The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`

services/graph/pkg/identity/backend.go

@@ -133,6 +133,10 @@ func CreateUserModelFromCS3(u *cs3user.User) *libregraph.User {
 		OnPremisesSamAccountName: u.GetUsername(),
 		Id:                       &u.GetId().OpaqueId,
 	}
+	if u.GetId().GetType() == cs3user.UserType_USER_TYPE_FEDERATED {
+		ocmUserId := u.GetId().GetOpaqueId() + "@" + u.GetId().GetIdp()
+		user.Id = &ocmUserId
+	}
 	return user
 }
 

services/graph/pkg/identity/cache/cache.go

@@ -2,6 +2,8 @@ package cache
 
 import (
 	"context"
+	"errors"
+	"strings"
 	"time"
 
 	gateway "github.com/cs3org/go-cs3apis/cs3/gateway/v1beta1"
@@ -133,6 +135,20 @@ func (cache IdentityCache) GetAcceptedUser(ctx context.Context, userid string) (
 	return *identity.CreateUserModelFromCS3(u), nil
 }
 
+func getIDAndMeshProvider(user string) (id, provider string, err error) {
+	last := strings.LastIndex(user, "@")
+	if last == -1 {
+		return "", "", errors.New("not in the form <id>@<provider>")
+	}
+	if len(user[:last]) == 0 {
+		return "", "", errors.New("empty id")
+	}
+	if len(user[last+1:]) == 0 {
+		return "", "", errors.New("empty provider")
+	}
+	return user[:last], user[last+1:], nil
+}
+
 func (cache IdentityCache) GetAcceptedCS3User(ctx context.Context, userid string) (*cs3User.User, error) {
 	var user *cs3user.User
 	if item := cache.users.Get(userid); item == nil {
@@ -140,8 +156,14 @@ func (cache IdentityCache) GetAcceptedCS3User(ctx context.Context, userid string
 		if err != nil {
 			return nil, errorcode.New(errorcode.GeneralException, err.Error())
 		}
+		id, provider, err := getIDAndMeshProvider(userid)
+		if err != nil {
+			return nil, errorcode.New(errorcode.InvalidRequest, err.Error())
+		}
 		cs3UserID := &cs3User.UserId{
-			OpaqueId: userid,
+			Idp:      provider,
+			OpaqueId: id,
+			Type:     cs3User.UserType_USER_TYPE_FEDERATED,
 		}
 		user, err = revautils.GetAcceptedUserWithContext(ctx, cs3UserID, gatewayClient)
 		if err != nil {

services/graph/pkg/l10n/locale/ca/LC_MESSAGES/graph.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Ivan Fustero, 2025\n"
 "Language-Team: Catalan (https://app.transifex.com/opencloud-eu/teams/204053/ca/)\n"

services/graph/pkg/l10n/locale/de/LC_MESSAGES/graph.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Jörn Friedrich Dreyer <jfd@butonic.de>, 2025\n"
 "Language-Team: German (https://app.transifex.com/opencloud-eu/teams/204053/de/)\n"

services/graph/pkg/l10n/locale/es/LC_MESSAGES/graph.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Elías Martín, 2025\n"
 "Language-Team: Spanish (https://app.transifex.com/opencloud-eu/teams/204053/es/)\n"

services/graph/pkg/l10n/locale/fr/LC_MESSAGES/graph.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: eric_G <junk.eg@free.fr>, 2025\n"
 "Language-Team: French (https://app.transifex.com/opencloud-eu/teams/204053/fr/)\n"

services/graph/pkg/l10n/locale/it/LC_MESSAGES/graph.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Simone Broglia, 2025\n"
 "Language-Team: Italian (https://app.transifex.com/opencloud-eu/teams/204053/it/)\n"

services/graph/pkg/l10n/locale/ko/LC_MESSAGES/graph.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: gapho shin, 2025\n"
 "Language-Team: Korean (https://app.transifex.com/opencloud-eu/teams/204053/ko/)\n"

services/graph/pkg/l10n/locale/sv/LC_MESSAGES/graph.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-08 00:02+0000\n"
+"POT-Creation-Date: 2025-11-29 00:01+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Daniel Nylander <po@danielnylander.se>, 2025\n"
 "Language-Team: Swedish (https://app.transifex.com/opencloud-eu/teams/204053/sv/)\n"

services/graph/pkg/l10n/locale/zh/LC_MESSAGES/graph.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: YQS Yang, 2025\n"
 "Language-Team: Chinese (https://app.transifex.com/opencloud-eu/teams/204053/zh/)\n"

services/graph/pkg/service/v0/users_test.go

@@ -1354,6 +1354,7 @@ var _ = Describe("Users", func() {
 							Username: "federated",
 							Id: &userv1beta1.UserId{
 								OpaqueId: "federated",
+								Idp:      "provider",
 								Type:     userv1beta1.UserType_USER_TYPE_FEDERATED,
 							},
 						},
@@ -1377,7 +1378,7 @@ var _ = Describe("Users", func() {
 				Expect(err).ToNot(HaveOccurred())
 
 				Expect(len(res.Value)).To(Equal(1))
-				Expect(res.Value[0].GetId()).To(Equal("federated"))
+				Expect(res.Value[0].GetId()).To(Equal("federated@provider"))
 				Expect(res.Value[0].GetUserType()).To(Equal("Federated"))
 			})
 			It("does not list federated users when filtering for 'Member' users", func() {

services/graph/pkg/service/v0/utils.go

@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/base64"
 	"encoding/json"
+	"fmt"
 	"io"
 	"net/http"
 	"reflect"
@@ -106,7 +107,8 @@ func userIdToIdentity(ctx context.Context, cache cache.IdentityCache, tennantId,
 
 // federatedIdToIdentity looks the user for the supplied id using the cache and returns it
 // as a libregraph.Identity
-func federatedIdToIdentity(ctx context.Context, cache cache.IdentityCache, userID string) (libregraph.Identity, error) {
+func federatedIdToIdentity(ctx context.Context, cache cache.IdentityCache, cs3UserID *cs3User.UserId) (libregraph.Identity, error) {
+	userID := fmt.Sprintf("%s@%s", cs3UserID.GetOpaqueId(), cs3UserID.GetIdp())
 	identity := libregraph.Identity{
 		Id:                 libregraph.PtrString(userID),
 		LibreGraphUserType: libregraph.PtrString("Federated"),
@@ -123,7 +125,7 @@ func federatedIdToIdentity(ctx context.Context, cache cache.IdentityCache, userI
 // as a libregraph.Identity. Skips the user lookup if the id type is USER_TYPE_SPACE_OWNER
 func cs3UserIdToIdentity(ctx context.Context, cache cache.IdentityCache, cs3UserID *cs3User.UserId) (libregraph.Identity, error) {
 	if cs3UserID.GetType() == cs3User.UserType_USER_TYPE_FEDERATED {
-		return federatedIdToIdentity(ctx, cache, cs3UserID.GetOpaqueId())
+		return federatedIdToIdentity(ctx, cache, cs3UserID)
 	}
 	if cs3UserID.GetType() != cs3User.UserType_USER_TYPE_SPACE_OWNER {
 		return userIdToIdentity(ctx, cache, cs3UserID.GetTenantId(), cs3UserID.GetOpaqueId())

services/notifications/pkg/config/config.go

@@ -55,7 +55,7 @@ type SMTP struct {
 type Events struct {
 	Endpoint             string `yaml:"endpoint" env:"OC_EVENTS_ENDPOINT;NOTIFICATIONS_EVENTS_ENDPOINT" desc:"The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture." introductionVersion:"1.0.0"`
 	Cluster              string `yaml:"cluster" env:"OC_EVENTS_CLUSTER;NOTIFICATIONS_EVENTS_CLUSTER" desc:"The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system." introductionVersion:"1.0.0"`
-	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;NOTIFICATIONS_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
+	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;OC_EVENTS_TLS_INSECURE;NOTIFICATIONS_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
 	TLSRootCACertificate string `yaml:"tls_root_ca_certificate" env:"OC_EVENTS_TLS_ROOT_CA_CERTIFICATE;NOTIFICATIONS_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided NOTIFICATIONS_EVENTS_TLS_INSECURE will be seen as false." introductionVersion:"1.0.0"`
 	EnableTLS            bool   `yaml:"enable_tls" env:"OC_EVENTS_ENABLE_TLS;NOTIFICATIONS_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
 	AuthUsername         string `yaml:"username" env:"OC_EVENTS_AUTH_USERNAME;NOTIFICATIONS_EVENTS_AUTH_USERNAME" desc:"The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`

services/notifications/pkg/email/l10n/locale/ca/LC_MESSAGES/notifications.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Ivan Fustero, 2025\n"
 "Language-Team: Catalan (https://app.transifex.com/opencloud-eu/teams/204053/ca/)\n"

services/notifications/pkg/email/l10n/locale/de/LC_MESSAGES/notifications.po

@@ -12,7 +12,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Jonas, 2025\n"
 "Language-Team: German (https://app.transifex.com/opencloud-eu/teams/204053/de/)\n"

services/notifications/pkg/email/l10n/locale/fr/LC_MESSAGES/notifications.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: eric_G <junk.eg@free.fr>, 2025\n"
 "Language-Team: French (https://app.transifex.com/opencloud-eu/teams/204053/fr/)\n"

services/notifications/pkg/email/l10n/locale/it/LC_MESSAGES/notifications.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Simone Broglia, 2025\n"
 "Language-Team: Italian (https://app.transifex.com/opencloud-eu/teams/204053/it/)\n"

services/notifications/pkg/email/l10n/locale/ko/LC_MESSAGES/notifications.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: gapho shin, 2025\n"
 "Language-Team: Korean (https://app.transifex.com/opencloud-eu/teams/204053/ko/)\n"

services/notifications/pkg/email/l10n/locale/sv/LC_MESSAGES/notifications.po

@@ -12,7 +12,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-08 00:02+0000\n"
+"POT-Creation-Date: 2025-11-29 00:01+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Daniel Nylander <po@danielnylander.se>, 2025\n"
 "Language-Team: Swedish (https://app.transifex.com/opencloud-eu/teams/204053/sv/)\n"

services/notifications/pkg/email/l10n/locale/zh/LC_MESSAGES/notifications.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: YQS Yang, 2025\n"
 "Language-Team: Chinese (https://app.transifex.com/opencloud-eu/teams/204053/zh/)\n"

services/ocdav/pkg/config/config.go

@@ -80,5 +80,5 @@ type Status struct {
 	Product        string
 	ProductName    string
 	ProductVersion string
-	Edition        string `yaml:"edition" env:"OC_EDITION;OCDAV_EDITION" desc:"Edition of OpenCloud. Used for branding purposes." introductionVersion:"1.0.0"`
+	Edition        string `desc:"Edition of OpenCloud. Used for branding purposes." introductionVersion:"1.0.0"`
 }

services/ocdav/pkg/config/defaults/defaultconfig.go

@@ -92,7 +92,7 @@ func DefaultConfig() *config.Config {
 			ProductVersion: version.GetString(),
 			Product:        "OpenCloud",
 			ProductName:    "OpenCloud",
-			Edition:        "",
+			Edition:        version.Edition,
 		},
 	}
 }

services/ocm/pkg/config/config.go

@@ -154,7 +154,7 @@ type OCMShareProviderJSONDriver struct {
 type Events struct {
 	Endpoint             string `yaml:"endpoint" env:"OC_EVENTS_ENDPOINT;OCM_EVENTS_ENDPOINT" desc:"The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture." introductionVersion:"1.0.0"`
 	Cluster              string `yaml:"cluster" env:"OC_EVENTS_CLUSTER;OCM_EVENTS_CLUSTER" desc:"The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system." introductionVersion:"1.0.0"`
-	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;OCM_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
+	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;OC_EVENTS_TLS_INSECURE;OCM_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
 	TLSRootCACertificate string `yaml:"tls_root_ca_certificate" env:"OC_EVENTS_TLS_ROOT_CA_CERTIFICATE;OCM_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided OCM_EVENTS_TLS_INSECURE will be seen as false." introductionVersion:"1.0.0"`
 	EnableTLS            bool   `yaml:"enable_tls" env:"OC_EVENTS_ENABLE_TLS;OCM_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
 	AuthUsername         string `yaml:"username" env:"OC_EVENTS_AUTH_USERNAME;OCM_EVENTS_AUTH_USERNAME" desc:"The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`

services/policies/pkg/config/config.go

@@ -50,7 +50,7 @@ type Postprocessing struct {
 type Events struct {
 	Endpoint             string `yaml:"endpoint" env:"OC_EVENTS_ENDPOINT;POLICIES_EVENTS_ENDPOINT" desc:"The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture." introductionVersion:"1.0.0"`
 	Cluster              string `yaml:"cluster" env:"OC_EVENTS_CLUSTER;POLICIES_EVENTS_CLUSTER" desc:"The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system." introductionVersion:"1.0.0"`
-	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;POLICIES_EVENTS_TLS_INSECURE" desc:"Whether the server should skip the client certificate verification during the TLS handshake." introductionVersion:"1.0.0"`
+	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;OC_EVENTS_TLS_INSECURE;POLICIES_EVENTS_TLS_INSECURE" desc:"Whether the server should skip the client certificate verification during the TLS handshake." introductionVersion:"1.0.0"`
 	TLSRootCACertificate string `yaml:"tls_root_ca_certificate" env:"OC_EVENTS_TLS_ROOT_CA_CERTIFICATE;POLICIES_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided POLICIES_EVENTS_TLS_INSECURE will be seen as false." introductionVersion:"1.0.0"`
 	EnableTLS            bool   `yaml:"enable_tls" env:"OC_EVENTS_ENABLE_TLS;POLICIES_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
 	AuthUsername         string `yaml:"username" env:"OC_EVENTS_AUTH_USERNAME;POLICIES_EVENTS_AUTH_USERNAME" desc:"The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`

services/postprocessing/pkg/config/config.go

@@ -39,7 +39,7 @@ type Events struct {
 	Endpoint string `yaml:"endpoint" env:"OC_EVENTS_ENDPOINT;POSTPROCESSING_EVENTS_ENDPOINT" desc:"The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture." introductionVersion:"1.0.0"`
 	Cluster  string `yaml:"cluster" env:"OC_EVENTS_CLUSTER;POSTPROCESSING_EVENTS_CLUSTER" desc:"The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system." introductionVersion:"1.0.0"`
 
-	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;POSTPROCESSING_EVENTS_TLS_INSECURE" desc:"Whether the OpenCloud server should skip the client certificate verification during the TLS handshake." introductionVersion:"1.0.0"`
+	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;OC_EVENTS_TLS_INSECURE;POSTPROCESSING_EVENTS_TLS_INSECURE" desc:"Whether the OpenCloud server should skip the client certificate verification during the TLS handshake." introductionVersion:"1.0.0"`
 	TLSRootCACertificate string `yaml:"tls_root_ca_certificate" env:"OC_EVENTS_TLS_ROOT_CA_CERTIFICATE;POSTPROCESSING_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided POSTPROCESSING_EVENTS_TLS_INSECURE will be seen as false." introductionVersion:"1.0.0"`
 	EnableTLS            bool   `yaml:"enable_tls" env:"OC_EVENTS_ENABLE_TLS;POSTPROCESSING_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
 	AuthUsername         string `yaml:"username" env:"OC_EVENTS_AUTH_USERNAME;POSTPROCESSING_EVENTS_AUTH_USERNAME" desc:"The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`

services/proxy/pkg/config/config.go

@@ -227,7 +227,7 @@ type ServiceAccount struct {
 type Events struct {
 	Endpoint             string `yaml:"endpoint" env:"OC_EVENTS_ENDPOINT;PROXY_EVENTS_ENDPOINT" desc:"The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Set to a empty string to disable emitting events." introductionVersion:"1.0.0"`
 	Cluster              string `yaml:"cluster" env:"OC_EVENTS_CLUSTER;PROXY_EVENTS_CLUSTER" desc:"The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture." introductionVersion:"1.0.0"`
-	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;PROXY_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
+	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;OC_EVENTS_TLS_INSECURE;PROXY_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
 	TLSRootCACertificate string `yaml:"tls_root_ca_certificate" env:"OC_EVENTS_TLS_ROOT_CA_CERTIFICATE;PROXY_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided PROXY_EVENTS_TLS_INSECURE will be seen as false." introductionVersion:"1.0.0"`
 	EnableTLS            bool   `yaml:"enable_tls" env:"OC_EVENTS_ENABLE_TLS;PROXY_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
 	AuthUsername         string `yaml:"username" env:"OC_EVENTS_AUTH_USERNAME;PROXY_EVENTS_AUTH_USERNAME" desc:"The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`

services/search/pkg/config/search.go

@@ -11,7 +11,7 @@ type Events struct {
 	NumConsumers     int    `yaml:"num_consumers" env:"SEARCH_EVENTS_NUM_CONSUMERS" desc:"The amount of concurrent event consumers to start. Event consumers are used for searching files. Multiple consumers increase parallelisation, but will also increase CPU and memory demands." introductionVersion:"1.0.0"`
 	DebounceDuration int    `yaml:"debounce_duration" env:"SEARCH_EVENTS_REINDEX_DEBOUNCE_DURATION" desc:"The duration in milliseconds the reindex debouncer waits before triggering a reindex of a space that was modified." introductionVersion:"1.0.0"`
 
-	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;SEARCH_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
+	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;OC_EVENTS_TLS_INSECURE;SEARCH_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
 	TLSRootCACertificate string `yaml:"tls_root_ca_certificate" env:"OC_EVENTS_TLS_ROOT_CA_CERTIFICATE;SEARCH_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided SEARCH_EVENTS_TLS_INSECURE will be seen as false." introductionVersion:"1.0.0"`
 	EnableTLS            bool   `yaml:"enable_tls" env:"OC_EVENTS_ENABLE_TLS;SEARCH_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
 	AuthUsername         string `yaml:"username" env:"OC_EVENTS_AUTH_USERNAME;SEARCH_EVENTS_AUTH_USERNAME" desc:"The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`

services/settings/pkg/service/v0/l10n/locale/ca/LC_MESSAGES/settings.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Ivan Fustero, 2025\n"
 "Language-Team: Catalan (https://app.transifex.com/opencloud-eu/teams/204053/ca/)\n"

services/settings/pkg/service/v0/l10n/locale/de/LC_MESSAGES/settings.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Jörn Friedrich Dreyer <jfd@butonic.de>, 2025\n"
 "Language-Team: German (https://app.transifex.com/opencloud-eu/teams/204053/de/)\n"

services/settings/pkg/service/v0/l10n/locale/es/LC_MESSAGES/settings.po

@@ -12,7 +12,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Alejandro Robles, 2025\n"
 "Language-Team: Spanish (https://app.transifex.com/opencloud-eu/teams/204053/es/)\n"

services/settings/pkg/service/v0/l10n/locale/fr/LC_MESSAGES/settings.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: eric_G <junk.eg@free.fr>, 2025\n"
 "Language-Team: French (https://app.transifex.com/opencloud-eu/teams/204053/fr/)\n"

services/settings/pkg/service/v0/l10n/locale/it/LC_MESSAGES/settings.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Simone Pagano, 2025\n"
 "Language-Team: Italian (https://app.transifex.com/opencloud-eu/teams/204053/it/)\n"

services/settings/pkg/service/v0/l10n/locale/ko/LC_MESSAGES/settings.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: gapho shin, 2025\n"
 "Language-Team: Korean (https://app.transifex.com/opencloud-eu/teams/204053/ko/)\n"

services/settings/pkg/service/v0/l10n/locale/ru/LC_MESSAGES/settings.po

@@ -12,7 +12,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Lulufox, 2025\n"
 "Language-Team: Russian (https://app.transifex.com/opencloud-eu/teams/204053/ru/)\n"

services/settings/pkg/service/v0/l10n/locale/sv/LC_MESSAGES/settings.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Davis Kaza, 2025\n"
 "Language-Team: Swedish (https://app.transifex.com/opencloud-eu/teams/204053/sv/)\n"

services/settings/pkg/service/v0/l10n/locale/zh/LC_MESSAGES/settings.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: YQS Yang, 2025\n"
 "Language-Team: Chinese (https://app.transifex.com/opencloud-eu/teams/204053/zh/)\n"

services/sharing/pkg/config/config.go

@@ -149,7 +149,7 @@ type PublicSharingJSONCS3Driver struct {
 type Events struct {
 	Addr              string `yaml:"endpoint" env:"OC_EVENTS_ENDPOINT;SHARING_EVENTS_ENDPOINT" desc:"The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture." introductionVersion:"1.0.0"`
 	ClusterID         string `yaml:"cluster" env:"OC_EVENTS_CLUSTER;SHARING_EVENTS_CLUSTER" desc:"The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system." introductionVersion:"1.0.0"`
-	TLSInsecure       bool   `yaml:"tls_insecure" env:"OC_INSECURE;SHARING_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
+	TLSInsecure       bool   `yaml:"tls_insecure" env:"OC_INSECURE;OC_EVENTS_TLS_INSECURE;SHARING_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
 	TLSRootCaCertPath string `yaml:"tls_root_ca_cert_path" env:"OC_EVENTS_TLS_ROOT_CA_CERTIFICATE;SHARING_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided SHARING_EVENTS_TLS_INSECURE will be seen as false." introductionVersion:"1.0.0"`
 	EnableTLS         bool   `yaml:"enable_tls" env:"OC_EVENTS_ENABLE_TLS;SHARING_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
 	AuthUsername      string `yaml:"auth_username" env:"OC_EVENTS_AUTH_USERNAME;SHARING_EVENTS_AUTH_USERNAME" desc:"Username for the events broker." introductionVersion:"1.0.0"`

services/sse/pkg/config/config.go

@@ -49,7 +49,7 @@ type Debug struct {
 type Events struct {
 	Endpoint             string `yaml:"endpoint" env:"OC_EVENTS_ENDPOINT;SSE_EVENTS_ENDPOINT" desc:"The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture." introductionVersion:"1.0.0"`
 	Cluster              string `yaml:"cluster" env:"OC_EVENTS_CLUSTER;SSE_EVENTS_CLUSTER" desc:"The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system." introductionVersion:"1.0.0"`
-	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;SSE_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
+	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;OC_EVENTS_TLS_INSECURE;SSE_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
 	TLSRootCACertificate string `yaml:"tls_root_ca_certificate" env:"OC_EVENTS_TLS_ROOT_CA_CERTIFICATE;SSE_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided SSE_EVENTS_TLS_INSECURE will be seen as false." introductionVersion:"1.0.0"`
 	EnableTLS            bool   `yaml:"enable_tls" env:"OC_EVENTS_ENABLE_TLS;SSE_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
 	AuthUsername         string `yaml:"username" env:"OC_EVENTS_AUTH_USERNAME;SSE_EVENTS_AUTH_USERNAME" desc:"The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`

services/storage-users/pkg/config/config.go

@@ -224,7 +224,7 @@ type PosixDriver struct {
 type Events struct {
 	Addr              string `yaml:"endpoint" env:"OC_EVENTS_ENDPOINT;STORAGE_USERS_EVENTS_ENDPOINT" desc:"The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture." introductionVersion:"1.0.0"`
 	ClusterID         string `yaml:"cluster" env:"OC_EVENTS_CLUSTER;STORAGE_USERS_EVENTS_CLUSTER" desc:"The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system." introductionVersion:"1.0.0"`
-	TLSInsecure       bool   `yaml:"tls_insecure" env:"OC_INSECURE;STORAGE_USERS_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
+	TLSInsecure       bool   `yaml:"tls_insecure" env:"OC_INSECURE;OC_EVENTS_TLS_INSECURE;STORAGE_USERS_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
 	TLSRootCaCertPath string `yaml:"tls_root_ca_cert_path" env:"OC_EVENTS_TLS_ROOT_CA_CERTIFICATE;STORAGE_USERS_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided STORAGE_USERS_EVENTS_TLS_INSECURE will be seen as false." introductionVersion:"1.0.0"`
 	EnableTLS         bool   `yaml:"enable_tls" env:"OC_EVENTS_ENABLE_TLS;STORAGE_USERS_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
 	NumConsumers      int    `yaml:"num_consumers" env:"STORAGE_USERS_EVENTS_NUM_CONSUMERS" desc:"The amount of concurrent event consumers to start. Event consumers are used for post-processing files. Multiple consumers increase parallelisation, but will also increase CPU and memory demands. The setting has no effect when the OC_ASYNC_UPLOADS is set to false. The default and minimum value is 1." introductionVersion:"1.0.0"`

services/userlog/pkg/config/config.go

@@ -52,7 +52,7 @@ type Persistence struct {
 type Events struct {
 	Endpoint             string `yaml:"endpoint" env:"OC_EVENTS_ENDPOINT;USERLOG_EVENTS_ENDPOINT" desc:"The address of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture." introductionVersion:"1.0.0"`
 	Cluster              string `yaml:"cluster" env:"OC_EVENTS_CLUSTER;USERLOG_EVENTS_CLUSTER" desc:"The clusterID of the event system. The event system is the message queuing service. It is used as message broker for the microservice architecture. Mandatory when using NATS as event system." introductionVersion:"1.0.0"`
-	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;USERLOG_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
+	TLSInsecure          bool   `yaml:"tls_insecure" env:"OC_INSECURE;OC_EVENTS_TLS_INSECURE;USERLOG_EVENTS_TLS_INSECURE" desc:"Whether to verify the server TLS certificates." introductionVersion:"1.0.0"`
 	TLSRootCACertificate string `yaml:"tls_root_ca_certificate" env:"OC_EVENTS_TLS_ROOT_CA_CERTIFICATE;USERLOG_EVENTS_TLS_ROOT_CA_CERTIFICATE" desc:"The root CA certificate used to validate the server's TLS certificate. If provided NOTIFICATIONS_EVENTS_TLS_INSECURE will be seen as false." introductionVersion:"1.0.0"`
 	EnableTLS            bool   `yaml:"enable_tls" env:"OC_EVENTS_ENABLE_TLS;USERLOG_EVENTS_ENABLE_TLS" desc:"Enable TLS for the connection to the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`
 	AuthUsername         string `yaml:"username" env:"OC_EVENTS_AUTH_USERNAME;USERLOG_EVENTS_AUTH_USERNAME" desc:"The username to authenticate with the events broker. The events broker is the OpenCloud service which receives and delivers events between the services." introductionVersion:"1.0.0"`

services/userlog/pkg/service/l10n/locale/ca/LC_MESSAGES/userlog.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Ivan Fustero, 2025\n"
 "Language-Team: Catalan (https://app.transifex.com/opencloud-eu/teams/204053/ca/)\n"

services/userlog/pkg/service/l10n/locale/de/LC_MESSAGES/userlog.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Jörn Friedrich Dreyer <jfd@butonic.de>, 2025\n"
 "Language-Team: German (https://app.transifex.com/opencloud-eu/teams/204053/de/)\n"

services/userlog/pkg/service/l10n/locale/es/LC_MESSAGES/userlog.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Elías Martín, 2025\n"
 "Language-Team: Spanish (https://app.transifex.com/opencloud-eu/teams/204053/es/)\n"

services/userlog/pkg/service/l10n/locale/fr/LC_MESSAGES/userlog.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: eric_G <junk.eg@free.fr>, 2025\n"
 "Language-Team: French (https://app.transifex.com/opencloud-eu/teams/204053/fr/)\n"

services/userlog/pkg/service/l10n/locale/it/LC_MESSAGES/userlog.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Simone Broglia, 2025\n"
 "Language-Team: Italian (https://app.transifex.com/opencloud-eu/teams/204053/it/)\n"

services/userlog/pkg/service/l10n/locale/ko/LC_MESSAGES/userlog.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: gapho shin, 2025\n"
 "Language-Team: Korean (https://app.transifex.com/opencloud-eu/teams/204053/ko/)\n"

services/userlog/pkg/service/l10n/locale/ru/LC_MESSAGES/userlog.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Lulufox, 2025\n"
 "Language-Team: Russian (https://app.transifex.com/opencloud-eu/teams/204053/ru/)\n"

services/userlog/pkg/service/l10n/locale/sv/LC_MESSAGES/userlog.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-08 00:02+0000\n"
+"POT-Creation-Date: 2025-11-29 00:01+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: Daniel Nylander <po@danielnylander.se>, 2025\n"
 "Language-Team: Swedish (https://app.transifex.com/opencloud-eu/teams/204053/sv/)\n"

services/userlog/pkg/service/l10n/locale/zh/LC_MESSAGES/userlog.po

@@ -11,7 +11,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: \n"
 "Report-Msgid-Bugs-To: EMAIL\n"
-"POT-Creation-Date: 2025-11-09 00:02+0000\n"
+"POT-Creation-Date: 2025-11-30 00:02+0000\n"
 "PO-Revision-Date: 2025-01-27 10:17+0000\n"
 "Last-Translator: YQS Yang, 2025\n"
 "Language-Team: Chinese (https://app.transifex.com/opencloud-eu/teams/204053/zh/)\n"

services/web/Makefile

@@ -1,6 +1,6 @@
 SHELL := bash
 NAME := web
-WEB_ASSETS_VERSION = v4.2.1-rc.1
+WEB_ASSETS_VERSION = v4.2.1
 WEB_ASSETS_BRANCH = main
 
 ifneq (, $(shell command -v go 2> /dev/null)) # suppress `command not found warnings` for non go targets in CI

services/web/pkg/service/v0/service.go

@@ -136,6 +136,9 @@ func (p Web) getPayload() (payload []byte, err error) {
 		p.config.Web.Config.Apps = make([]string, 0)
 	}
 
+	// ensure that the server url has a trailing slash
+	p.config.Web.Config.Server = strings.TrimRight(p.config.Web.Config.Server, "/") + "/"
+
 	return json.Marshal(p.config.Web.Config)
 }
 

tests/acceptance/TestHelpers/GraphHelper.php

@@ -120,13 +120,12 @@ class GraphHelper {
 	}
 
 	/**
-	 * Federated users have a base64 encoded string of {remoteid}@{provider} as their id
-	 * This regex matches only non empty base64 encoded strings
+	 * Federated users have a string of {userid}@{provider} as their id
 	 *
 	 * @return string
 	 */
 	public static function getFederatedUserRegex(): string {
-		return '(?=(.{4})*$)[A-Za-z0-9+/]*={0,2}$';
+		return '^[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}@https?://.+$';
 	}
 
 	/**

tests/acceptance/TestHelpers/HttpRequestHelper.php

@@ -33,6 +33,7 @@ use SimpleXMLElement;
 use Sabre\Xml\LibXMLException;
 use Sabre\Xml\Reader;
 use GuzzleHttp\Pool;
+use Symfony\Component\HttpFoundation\Response;
 
 /**
  * Helper for HTTP requests
@@ -74,7 +75,6 @@ class HttpRequestHelper {
 	 *                     than download it all up-front.
 	 * @param int|null $timeout
 	 * @param Client|null $client
-	 * @param string|null $bearerToken
 	 *
 	 * @return ResponseInterface
 	 * @throws GuzzleException
@@ -92,8 +92,42 @@ class HttpRequestHelper {
 		bool $stream = false,
 		?int $timeout = 0,
 		?Client $client =  null,
-		?string $bearerToken = null
 	): ResponseInterface {
+		$bearerToken = null;
+		if (TokenHelper::useBearerToken() && $user && $user !== 'public') {
+			$bearerToken = TokenHelper::getTokens($user, $password, $url)['access_token'];
+			// check token is still valid
+			$parsedUrl = parse_url($url);
+			$baseUrl = $parsedUrl['scheme'] . '://' . $parsedUrl['host'];
+			$baseUrl .= isset($parsedUrl['port']) ? ':' . $parsedUrl['port'] : '';
+			$testUrl = $baseUrl . "/graph/v1.0/use/$user";
+			if (OcHelper::isTestingOnReva()) {
+				$url = $baseUrl . "/ocs/v2.php/cloud/users/$user";
+			}
+			// check token validity with a GET request
+			$c = self::createClient(
+				$user,
+				$password,
+				$config,
+				$cookies,
+				$stream,
+				$timeout,
+				$bearerToken
+			);
+			$testReq = self::createRequest($testUrl, $xRequestId, 'GET');
+			try {
+				$testRes = $c->send($testReq);
+			} catch (RequestException $ex) {
+				$testRes = $ex->getResponse();
+				if ($testRes && $testRes->getStatusCode() === Response::HTTP_UNAUTHORIZED) {
+					// token is invalid or expired, get a new one
+					echo "[INFO] Bearer token expired or invalid, getting a new one...\n";
+					TokenHelper::clearAllTokens();
+					$bearerToken = TokenHelper::getTokens($user, $password, $url)['access_token'];
+				}
+			}
+		}
+
 		if ($client === null) {
 			$client = self::createClient(
 				$user,
@@ -160,6 +194,24 @@ class HttpRequestHelper {
 		}
 
 		HttpLogger::logResponse($response);
+
+		// wait for post-processing to finish if applicable
+		if (WebdavHelper::isDAVRequest($url)
+			&& \str_starts_with($url, OcHelper::getServerUrl())
+			&& \in_array($method, ["PUT", "MOVE", "COPY"])
+			&& \in_array($response->getStatusCode(), [Response::HTTP_CREATED, Response::HTTP_NO_CONTENT])
+			&& OcConfigHelper::getPostProcessingDelay() === 0
+		) {
+			if (\in_array($method, ["MOVE", "COPY"])) {
+				$url = $headers['Destination'];
+			}
+			WebDavHelper::waitForPostProcessingToFinish(
+				$url,
+				$user,
+				$password,
+				$headers,
+			);
+		}
 		return $response;
 	}
 
@@ -203,13 +255,6 @@ class HttpRequestHelper {
 		} else {
 			$debugResponses = false;
 		}
-		// use basic auth for 'public' user or no user
-		if ($user === 'public' || $user === null || $user === '') {
-			$bearerToken = null;
-		} else {
-			$useBearerToken = TokenHelper::useBearerToken();
-			$bearerToken = $useBearerToken ? TokenHelper::getTokens($user, $password, $url)['access_token'] : null;
-		}
 
 		$sendRetryLimit = self::numRetriesOnHttpTooEarly();
 		$sendCount = 0;
@@ -228,7 +273,6 @@ class HttpRequestHelper {
 				$stream,
 				$timeout,
 				$client,
-				$bearerToken,
 			);
 
 			if ($response->getStatusCode() >= 400
@@ -256,7 +300,8 @@ class HttpRequestHelper {
 				// we need to repeat the send request, because we got HTTP_TOO_EARLY or HTTP_CONFLICT
 				// wait 1 second before sending again, to give the server some time
 				// to finish whatever post-processing it might be doing.
-				self::debugResponse($response);
+				echo "[INFO] Received '" . $response->getStatusCode() .
+					"' status code, retrying request ($sendCount)...\n";
 				\sleep(1);
 			}
 		} while ($loopAgain);

tests/acceptance/TestHelpers/OcConfigHelper.php

@@ -30,6 +30,26 @@ use Psr\Http\Message\ResponseInterface;
  * A helper class for configuring OpenCloud server
  */
 class OcConfigHelper {
+	public static $postProcessingDelay = 0;
+
+	/**
+	 * @return int
+	 */
+	public static function getPostProcessingDelay(): int {
+		return self::$postProcessingDelay;
+	}
+
+	/**
+	 * @param string $postProcessingDelay
+	 *
+	 * @return void
+	 */
+	public static function setPostProcessingDelay(string $postProcessingDelay): void {
+		// extract number from string
+		$delay = (int) filter_var($postProcessingDelay, FILTER_SANITIZE_NUMBER_INT);
+		self::$postProcessingDelay = $delay;
+	}
+
 	/**
 	 * @param string $url
 	 * @param string $method

tests/acceptance/TestHelpers/TokenHelper.php

@@ -84,7 +84,9 @@ class TokenHelper {
 			$tokenData = [
 				'access_token' => $refreshedToken['access_token'],
 				'refresh_token' => $refreshedToken['refresh_token'],
-				'expires_at' => time() + 300 // 5 minutes
+				// set expiry to 240 (4 minutes) seconds to allow for some buffer
+				// token actually expires in 300 seconds (5 minutes)
+				'expires_at' => time() + 240
 			];
 			self::$tokenCache[$cacheKey] = $tokenData;
 			return $tokenData;
@@ -100,7 +102,9 @@ class TokenHelper {
 		$tokenData = [
 			'access_token' => $tokens['access_token'],
 			'refresh_token' => $tokens['refresh_token'],
-			'expires_at' => time() + 290 // set expiry to 290 seconds to allow for some buffer
+			// set expiry to 240 (4 minutes) seconds to allow for some buffer
+			// token actually expires in 300 seconds (5 minutes)
+			'expires_at' => time() + 240
 		];
 
 		// Save to cache

tests/acceptance/TestHelpers/WebDavHelper.php

@@ -923,4 +923,45 @@ class WebDavHelper {
 		$mtime = new DateTime($xmlPart[0]->__toString());
 		return $mtime->format('U');
 	}
+
+	/**
+	 * wait until the reqeust doesn't return 425 anymore
+	 *
+	 * @param string $url
+	 * @param ?string $user
+	 * @param ?string $password
+	 * @param ?array $headers
+	 *
+	 * @return void
+	 */
+	public static function waitForPostProcessingToFinish(
+		string $url,
+		?string $user = null,
+		?string $password = null,
+		?array $headers = [],
+	): void {
+		$retried = 0;
+		do {
+			$response = HttpRequestHelper::sendRequest(
+				$url,
+				'check-425-status',
+				'GET',
+				$user,
+				$password,
+				$headers,
+			);
+			$statusCode = $response->getStatusCode();
+			if ($statusCode !== 425) {
+				return;
+			}
+			$tryAgain = $retried < HttpRequestHelper::numRetriesOnHttpTooEarly();
+			if ($tryAgain) {
+				$retried += 1;
+				echo "[INFO] Waiting for post processing to finish, attempt ($retried)...\n";
+				// wait 1s and try again
+				\sleep(1);
+			}
+		} while ($tryAgain);
+		echo "[ERROR] 10 seconds timeout! Post processing did not finish in time.\n";
+	}
 }

tests/acceptance/bootstrap/CliContext.php

@@ -904,7 +904,7 @@ class CliContext implements Context {
 		$userUuid = $this->featureContext->getAttributeOfCreatedUser($user, 'id');
 		$storagePath = $this->getUsersStoragePath();
 		$body = [
-			"command" => "xattr -p -slz " . escapeshellarg($attribute) . " $storagePath/$userUuid/$file",
+			"command" => "getfattr -n " . escapeshellarg($attribute) . " --only-values $storagePath/$userUuid/$file",
 			"raw" => true
 		];
 		$this->featureContext->setResponse(CliHelper::runCommand($body));

tests/acceptance/bootstrap/FeatureContext.php

@@ -2026,8 +2026,12 @@ class FeatureContext extends BehatVariablesContext {
 		if ($response === null) {
 			$response = $this->getResponse();
 		}
+		$body = (string)$response->getBody();
+		if (!$body) {
+			return [];
+		}
 		return \json_decode(
-			(string)$response->getBody(),
+			$body,
 			true
 		);
 	}
@@ -2440,14 +2444,6 @@ class FeatureContext extends BehatVariablesContext {
 				],
 				"parameter" => []
 			],
-			[
-				"code" => "%identities_issuer_id_pattern%",
-				"function" => [
-					__NAMESPACE__ . '\TestHelpers\GraphHelper',
-					"getFederatedUserRegex"
-				],
-				"parameter" => []
-			],
 			[
 				"code" => "%uuidv4_pattern%",
 				"function" => [

tests/acceptance/bootstrap/OcConfigContext.php

@@ -68,6 +68,7 @@ class OcConfigContext implements Context {
 			$response->getStatusCode(),
 			"Failed to set async upload with delayed post processing"
 		);
+		OcConfigHelper::setPostProcessingDelay($delayTime);
 	}
 
 	/**
@@ -90,6 +91,9 @@ class OcConfigContext implements Context {
 			$response->getStatusCode(),
 			"Failed to set config $configVariable=$configValue"
 		);
+		if ($configVariable === "POSTPROCESSING_DELAY") {
+			OcConfigHelper::setPostProcessingDelay($configValue);
+		}
 	}
 
 	/**
@@ -184,6 +188,9 @@ class OcConfigContext implements Context {
 		$envs = [];
 		foreach ($table->getHash() as $row) {
 			$envs[$row['config']] = $row['value'];
+			if ($row['config'] === "POSTPROCESSING_DELAY") {
+				OcConfigHelper::setPostProcessingDelay($row['value']);
+			}
 		}
 
 		$response =  OcConfigHelper::reConfigureOc($envs);
@@ -200,6 +207,7 @@ class OcConfigContext implements Context {
 	 * @return void
 	 */
 	public function rollbackOc(): void {
+		OcConfigHelper::setPostProcessingDelay('0');
 		$response = OcConfigHelper::rollbackOc();
 		Assert::assertEquals(
 			200,

tests/acceptance/bootstrap/Provisioning.php

@@ -607,7 +607,7 @@ trait Provisioning {
 				Assert::assertEquals(
 					201,
 					$response->getStatusCode(),
-					__METHOD__ . " cannot create user '$userName' using Graph API.\nResponse:" .
+					__METHOD__ . " cannot create user '$userName'.\nResponse:" .
 					json_encode($this->getJsonDecodedResponse($response))
 				);
 
@@ -1083,7 +1083,7 @@ trait Provisioning {
 			Assert::assertEquals(
 				201,
 				$response->getStatusCode(),
-				__METHOD__ . " cannot create user '$user' using Graph API.\nResponse:" .
+				__METHOD__ . " cannot create user '$user'.\nResponse:" .
 				json_encode($this->getJsonDecodedResponse($response))
 			);
 			$userId = $this->getJsonDecodedResponse($response)['id'];

tests/acceptance/bootstrap/SharingNgContext.php

@@ -327,12 +327,11 @@ class SharingNgContext implements Context {
 				if ($shareType === "user") {
 					$shareeId = $this->featureContext->getAttributeOfCreatedUser($sharee, 'id');
 					if ($federatedShare) {
-						$shareeId = (
-							$this->featureContext->ocmContext->getAcceptedUserByName(
-								$user,
-								$sharee
-							)
-						)['user_id'];
+						$federatedUser = $this->featureContext->ocmContext->getAcceptedUserByName(
+							$user,
+							$sharee
+						);
+						$shareeId = $federatedUser['user_id'] . "@" . $federatedUser['idp'];
 					}
 				} elseif ($shareType === "group") {
 					$shareeId = $this->featureContext->getAttributeOfCreatedGroup($sharee, 'id');
@@ -403,7 +402,11 @@ class SharingNgContext implements Context {
 			if ($shareType === "user") {
 				$shareeId = $this->featureContext->getAttributeOfCreatedUser($sharee, 'id');
 				if ($federatedShare) {
-					$shareeId = ($this->featureContext->ocmContext->getAcceptedUserByName($user, $sharee))['user_id'];
+					$federatedUser = $this->featureContext->ocmContext->getAcceptedUserByName(
+						$user,
+						$sharee
+					);
+					$shareeId = $federatedUser['user_id'] . "@" . $federatedUser['idp'];
 				}
 			} elseif ($shareType === "group") {
 				$shareeId = $this->featureContext->getAttributeOfCreatedGroup($sharee, 'id');

tests/acceptance/bootstrap/SpacesContext.php

@@ -750,6 +750,9 @@ class SpacesContext implements Context {
 		} else {
 			$rawBody =  $this->featureContext->getResponse()->getBody()->getContents();
 		}
+		if (!$rawBody) {
+			throw new Exception(__METHOD__ . " - Response body is empty");
+		}
 		$drives = json_decode($rawBody, true, 512, JSON_THROW_ON_ERROR);
 		if (isset($drives["value"])) {
 			$drives = $drives["value"];

tests/acceptance/bootstrap/TUSContext.php

@@ -216,6 +216,44 @@ class TUSContext implements Context {
 		);
 	}
 
+	/**
+	 * @When user :user sends a chunk to the last created TUS Location with offset :offset and data :data with retry on offset mismatch using the WebDAV API
+	 *
+	 * @param string $user
+	 * @param string $offset
+	 * @param string $data
+	 *
+	 * @return void
+	 *
+	 * @throws GuzzleException
+	 * @throws JsonException
+	 */
+	public function userSendsAChunkToTUSLocationWithOffsetAndDataWithRetryOnOffsetMismatch(
+		string $user,
+		string $offset,
+		string $data,
+	): void {
+		$resourceLocation = $this->getLastTusResourceLocation();
+
+		$retried = 0;
+		do {
+			$tryAgain = false;
+			$response = $this->uploadChunkToTUSLocation($user, $resourceLocation, $offset, $data);
+			// retry on 409 Conflict (Offset mismatch during TUS upload)
+			if ($response->getStatusCode() === 409) {
+				$tryAgain = true;
+			}
+			$tryAgain = $tryAgain && $retried < HttpRequestHelper::numRetriesOnHttpTooEarly();
+			if ($tryAgain) {
+				$retried += 1;
+				echo "Offset mismatch during TUS upload, retrying ($retried)...\n";
+				// wait 1s and try again
+				\sleep(1);
+			}
+		} while ($tryAgain);
+		$this->featureContext->setResponse($response);
+	}
+
 	/**
 	 * @When user :user sends a chunk to the last created TUS Location with offset :offset and data :data using the WebDAV API
 	 *

tests/acceptance/bootstrap/WebDav.php

@@ -25,6 +25,7 @@ use GuzzleHttp\Exception\GuzzleException;
 use PHPUnit\Framework\Assert;
 use Psr\Http\Message\ResponseInterface;
 use GuzzleHttp\Stream\StreamInterface;
+use TestHelpers\OcConfigHelper;
 use TestHelpers\OcHelper;
 use TestHelpers\UploadHelper;
 use TestHelpers\WebDavHelper;
@@ -743,6 +744,7 @@ trait WebDav {
 
 	/**
 	 * @When the user waits for :time seconds for postprocessing to finish
+	 * @When the user waits for :time seconds
 	 *
 	 * @param int $time
 	 *
@@ -973,6 +975,61 @@ trait WebDav {
 		$this->checkDownloadedContentMatches($content, '', $response);
 	}
 
+	/**
+	 * check file content with retry
+	 *
+	 * @param string $user
+	 * @param string $fileName
+	 * @param string $content
+	 *
+	 * @return void
+	 * @throws Exception
+	 */
+	public function checkFileContentWithRetry(string $user, string $fileName, string $content): void {
+		$retried = 0;
+		do {
+			$tryAgain = false;
+			$response = $this->downloadFileAsUserUsingPassword($this->getActualUsername($user), $fileName);
+			$status = $response->getStatusCode();
+			$downloadedContent = $response->getBody()->getContents();
+			if ($status !== 200) {
+				$tryAgain = true;
+				$message = "Expected '200' but got '$status'";
+			} elseif ($downloadedContent !== $content) {
+				$tryAgain = true;
+				$message = "Expected content '$content' but got '$downloadedContent'";
+			}
+			$tryAgain = $tryAgain && $retried < HttpRequestHelper::numRetriesOnHttpTooEarly();
+			if ($tryAgain) {
+				$retried += 1;
+				echo "[INFO] File content mismatch. $message, checking content again ($retried)...\n";
+
+				// break the loop if status is 425 as the request will already be retried
+				if ($status === HttpRequestHelper::HTTP_TOO_EARLY) {
+					break;
+				}
+
+				// wait 1s and try again
+				\sleep(1);
+			}
+		} while ($tryAgain);
+		$this->theHTTPStatusCodeShouldBe(200, '', $response);
+		$this->checkDownloadedContentMatches($content, '', $response);
+	}
+
+	/**
+	 * @Then as :user the final content of file :fileName should be :content
+	 *
+	 * @param string $user
+	 * @param string $fileName
+	 * @param string $content
+	 *
+	 * @return void
+	 */
+	public function asUserFinalContentOfFileShouldBe(string $user, string $fileName, string $content): void {
+		$this->checkFileContentWithRetry($user, $fileName, $content);
+	}
+
 	/**
 	 * @Then /^the content of the following files for user "([^"]*)" should be "([^"]*)"$/
 	 *
@@ -1264,20 +1321,18 @@ trait WebDav {
 			$type
 		);
 		$statusCode = $response->getStatusCode();
-		if ($statusCode < 400 || $statusCode > 499) {
-			try {
-				$responseXmlObject = HttpRequestHelper::getResponseXml(
-					$response,
-					__METHOD__
-				);
-			} catch (Exception $e) {
-				Assert::fail(
-					"$entry '$path' should not exist. But API returned $statusCode without XML in the body"
-				);
-			}
+		// when checking path with '..' it may return 405 Method Not Allowed
+		if ($statusCode === 404 || $statusCode === 405) {
+			return;
+		}
+		if ($statusCode === 207) {
+			$responseXmlObject = HttpRequestHelper::getResponseXml(
+				$response,
+				__METHOD__
+			);
 			Assert::assertTrue(
 				$this->isEtagValid($this->getEtagFromResponseXmlObject($responseXmlObject)),
-				"$entry '$path' should not exist. But API returned $statusCode without an etag in the body"
+				"$entry '$path' should not exist but found with invalid etag."
 			);
 			$isCollection = $responseXmlObject->xpath("//d:prop/d:resourcetype/d:collection");
 			if (\count($isCollection) === 0) {
@@ -1291,7 +1346,11 @@ trait WebDav {
 					"$entry '$path' should not exist. But it does."
 				);
 			}
+			return;
 		}
+		Assert::fail(
+			"$entry '$path' should not exist. But API returned $statusCode without XML in the body"
+		);
 	}
 
 	/**
@@ -2270,6 +2329,11 @@ trait WebDav {
 			"HTTP status code was not 201 or 204 while trying to upload file '$destination' for user '$user'",
 			$response
 		);
+
+		// check uploaded content only if post-processing delay is not configured
+		if (OcConfigHelper::getPostProcessingDelay() === 0) {
+			$this->checkFileContentWithRetry($user, $destination, $content);
+		}
 		return $response->getHeader('oc-fileid');
 	}
 

tests/acceptance/features/apiOcm/ocmEndpoint.feature

@@ -26,7 +26,7 @@ Feature: ocm well-known URI
             "const": true
           },
           "apiVersion": {
-            "const": "1.1.0"
+            "const": "1.2.0"
           },
           "endPoint": {
             "pattern": "^%base_url%/ocm"
@@ -73,10 +73,24 @@ Feature: ocm well-known URI
           },
           "capabilities": {
             "type": "array",
-            "minItems": 1,
-            "maxItems": 1,
+            "minItems": 4,
+            "maxItems": 4,
+            "uniqueItems": true,
             "items": {
-              "const": "/invite-accepted"
+              "oneOf": [
+                {
+                  "const": "invites"
+                },
+                {
+                  "const": "webdav-uri"
+                },
+                {
+                  "const": "protocol-object"
+                },
+                {
+                  "const": "invite-wayf"
+                }
+              ]
             }
           }
         }

tests/acceptance/features/apiOcm/searchFederationUsers.feature

@@ -68,7 +68,7 @@ Feature: search federation users
                       },
                       "issuerAssignedId": {
                         "type": "string",
-                        "pattern": "^%identities_issuer_id_pattern%$"
+                        "pattern": "^%federated_user_id_pattern%$"
                       }
                     }
                   }
@@ -130,7 +130,7 @@ Feature: search federation users
                       },
                       "issuerAssignedId": {
                         "type": "string",
-                        "pattern": "^%identities_issuer_id_pattern%$"
+                        "pattern": "^%federated_user_id_pattern%$"
                       }
                     }
                   }
@@ -198,7 +198,7 @@ Feature: search federation users
                       },
                       "issuerAssignedId": {
                         "type": "string",
-                        "pattern": "^%identities_issuer_id_pattern%$"
+                        "pattern": "^%federated_user_id_pattern%$"
                       }
                     }
                   }
@@ -260,7 +260,7 @@ Feature: search federation users
                       },
                       "issuerAssignedId": {
                         "type": "string",
-                        "pattern": "^%identities_issuer_id_pattern%$"
+                        "pattern": "^%federated_user_id_pattern%$"
                       }
                     }
                   }
@@ -484,7 +484,7 @@ Feature: search federation users
                       },
                       "issuerAssignedId": {
                         "type": "string",
-                        "pattern": "^%identities_issuer_id_pattern%$"
+                        "pattern": "^%uuidv4_pattern%$"
                       }
                     }
                   }
@@ -549,7 +549,7 @@ Feature: search federation users
                       },
                       "issuerAssignedId": {
                         "type": "string",
-                        "pattern": "^%identities_issuer_id_pattern%$"
+                        "pattern": "^%uuidv4_pattern%$"
                       }
                     }
                   }
@@ -696,7 +696,7 @@ Feature: search federation users
                           },
                           "issuerAssignedId": {
                             "type": "string",
-                            "pattern": "^%identities_issuer_id_pattern%$"
+                            "pattern": "^%uuidv4_pattern%$"
                           }
                         }
                       }

tests/acceptance/features/collaborativePosix/collaborativePosixFS.feature

@@ -29,7 +29,7 @@ Feature: create a resources using collaborative posixfs
   Scenario: create file
     When the administrator creates the file "test.txt" with content "content" for user "Alice" on the POSIX filesystem
     Then the command should be successful
-    And the content of file "/test.txt" for user "Alice" should be "content"
+    And as "Alice" the final content of file "test.txt" should be "content"
 
 
   Scenario: create large file
@@ -41,21 +41,22 @@ Feature: create a resources using collaborative posixfs
   Scenario: creates files sequentially in a folder
     When the administrator creates 50 files sequentially in the directory "firstFolder" for user "Alice" on the POSIX filesystem
     Then the command should be successful
-    And the content of file "/firstFolder/file_1.txt" for user "Alice" should be "file 1 content"
-    And the content of file "/firstFolder/file_50.txt" for user "Alice" should be "file 50 content"
+    And as "Alice" the final content of file "/firstFolder/file_1.txt" should be "file 1 content"
+    And as "Alice" the final content of file "/firstFolder/file_50.txt" should be "file 50 content"
 
 
   Scenario: creates files in parallel in a folder
     When the administrator creates 100 files in parallel in the directory "firstFolder" for user "Alice" on the POSIX filesystem
     Then the command should be successful
-    And the content of file "/firstFolder/parallel_1.txt" for user "Alice" should be "parallel file 1 content"
-    And the content of file "/firstFolder/parallel_100.txt" for user "Alice" should be "parallel file 100 content"
+    And as "Alice" the final content of file "/firstFolder/parallel_1.txt" should be "parallel file 1 content"
+    And as "Alice" the final content of file "/firstFolder/parallel_100.txt" should be "parallel file 100 content"
 
 
   Scenario: edit file
     Given user "Alice" has uploaded file with content "content" to "test.txt"
     When the administrator puts the content "new" into the file "test.txt" in the POSIX storage folder of user "Alice"
-    Then the content of file "/test.txt" for user "Alice" should be "contentnew"
+    Then the command should be successful
+    And as "Alice" the final content of file "test.txt" should be "contentnew"
 
 
   Scenario: read file content
@@ -68,28 +69,28 @@ Feature: create a resources using collaborative posixfs
     Given user "Alice" has uploaded file with content "content" to "test.txt"
     When the administrator copies the file "test.txt" to the folder "firstFolder" for user "Alice" on the POSIX filesystem
     Then the command should be successful
-    And the content of file "/firstFolder/test.txt" for user "Alice" should be "content"
+    And as "Alice" the final content of file "/firstFolder/test.txt" should be "content"
 
 
   Scenario: rename file
     Given user "Alice" has uploaded file with content "content" to "test.txt"
     When the administrator renames the file "test.txt" to "new-name.txt" for user "Alice" on the POSIX filesystem
     Then the command should be successful
-    And the content of file "/new-name.txt" for user "Alice" should be "content"
+    And as "Alice" the final content of file "/new-name.txt" should be "content"
 
 
   Scenario: rename a created file
     Given the administrator has created the file "test.txt" with content "content" for user "Alice" on the POSIX filesystem
     When the administrator renames the file "test.txt" to "test.md" for user "Alice" on the POSIX filesystem
     Then the command should be successful
-    And the content of file "/test.md" for user "Alice" should be "content"
+    And as "Alice" the final content of file "/test.md" should be "content"
 
 
   Scenario: move file to folder
     Given user "Alice" has uploaded file with content "content" to "test.txt"
     When the administrator moves the file "test.txt" to the folder "firstFolder" for user "Alice" on the POSIX filesystem
     Then the command should be successful
-    And the content of file "/firstFolder/test.txt" for user "Alice" should be "content"
+    And as "Alice" the final content of file "/firstFolder/test.txt" should be "content"
     And as "Alice" file "/test.txt" should not exist
 
 
@@ -187,4 +188,4 @@ Feature: create a resources using collaborative posixfs
     And the administrator renames the file "test.txt" to "renamed.txt" for user "Alice" on the POSIX filesystem
     And the administrator checks the attribute "user.oc.name" of file "renamed.txt" for user "Alice" on the POSIX filesystem
     Then the command output should contain "renamed.txt"
-    And the content of file "/renamed.txt" for user "Alice" should be "content"
+    And as "Alice" the final content of file "/renamed.txt" should be "content"

tests/acceptance/features/coreApiCapabilities/capabilities.feature

@@ -202,7 +202,7 @@ Feature: capabilities
                     "properties": {
                       "edition": {
                         "type": "string",
-                        "enum": ["%edition%"]
+                        "enum": ["dev"]
                       },
                       "product": {
                         "type": "string",
@@ -240,7 +240,7 @@ Feature: capabilities
               },
               "edition": {
                 "type": "string",
-                "enum": ["%edition%"]
+                "enum": ["dev"]
               },
               "product": {
                 "type": "string",

tests/acceptance/features/coreApiCapabilities/capabilitiesWithNormalUser.feature

@@ -58,7 +58,7 @@ Feature: default capabilities for normal user
                         "const": "%versionstring%"
                       },
                       "edition": {
-                        "const": "%edition%"
+                        "const": "dev"
                       },
                       "productname": {
                         "const": "%productname%"

tests/acceptance/features/coreApiWebdavUploadTUS/lowLevelUpload.feature

@@ -50,8 +50,7 @@ Feature: low level tests for upload of chunks
       | Upload-Metadata | filename ZmlsZS50eHQ= |
     When user "Alice" sends a chunk to the last created TUS Location with offset "0" and data "123" using the WebDAV API
     And user "Alice" sends a chunk to the last created TUS Location with offset "3" and data "4567890" using the WebDAV API
-    And the user waits for "2" seconds for postprocessing to finish
-    And user "Alice" sends a chunk to the last created TUS Location with offset "3" and data "0000000" using the WebDAV API
+    And user "Alice" sends a chunk to the last created TUS Location with offset "3" and data "0000000" with retry on offset mismatch using the WebDAV API
     Then the HTTP status code should be "404"
     And the content of file "/file.txt" for user "Alice" should be "1234567890"
     Examples:
@@ -61,6 +60,22 @@ Feature: low level tests for upload of chunks
       | spaces           |
 
 
+  Scenario Outline: send last chunk with mismatch offset
+    Given using <dav-path-version> DAV path
+    And user "Alice" has created a new TUS resource on the WebDAV API with these headers:
+      | Upload-Length   | 10                    |
+      #    ZmlsZS50eHQ= is the base64 encode of file.txt
+      | Upload-Metadata | filename ZmlsZS50eHQ= |
+    When user "Alice" sends a chunk to the last created TUS Location with offset "0" and data "123" using the WebDAV API
+    And user "Alice" sends a chunk to the last created TUS Location with offset "2" and data "34567890" using the WebDAV API
+    Then the HTTP status code should be "409"
+    Examples:
+      | dav-path-version |
+      | old              |
+      | new              |
+      | spaces           |
+
+
   Scenario Outline: start with uploading not at the beginning of the file
     Given using <dav-path-version> DAV path
     And user "Alice" has created a new TUS resource on the WebDAV API with these headers:

vendor/github.com/opencloud-eu/reva/v2/cmd/revad/runtime/runtime.go

@@ -62,16 +62,9 @@ func RunWithOptions(mainConf map[string]interface{}, pidFile string, opts ...Opt
 
 type coreConf struct {
 	MaxCPUs            string `mapstructure:"max_cpus"`
-	TracingEnabled     bool   `mapstructure:"tracing_enabled"`
-	TracingInsecure    bool   `mapstructure:"tracing_insecure"`
-	TracingExporter    string `mapstructure:"tracing_exporter"`
-	TracingEndpoint    string `mapstructure:"tracing_endpoint"`
-	TracingCollector   string `mapstructure:"tracing_collector"`
+	TracesExporter     string `mapstructure:"traces_exporter"`
 	TracingServiceName string `mapstructure:"tracing_service_name"`
 
-	// TracingService specifies the service. i.e OpenCensus, OpenTelemetry, OpenTracing...
-	TracingService string `mapstructure:"tracing_service"`
-
 	GracefulShutdownTimeout int `mapstructure:"graceful_shutdown_timeout"`
 }
 
@@ -149,20 +142,8 @@ func initServers(mainConf map[string]interface{}, log *zerolog.Logger, tp trace.
 }
 
 func initTracing(conf *coreConf) trace.TracerProvider {
-	if conf.TracingEnabled {
-		opts := []rtrace.Option{
-			rtrace.WithExporter(conf.TracingExporter),
-			rtrace.WithEndpoint(conf.TracingEndpoint),
-			rtrace.WithCollector(conf.TracingCollector),
-			rtrace.WithServiceName(conf.TracingServiceName),
-		}
-		if conf.TracingEnabled {
-			opts = append(opts, rtrace.WithEnabled())
-		}
-		if conf.TracingInsecure {
-			opts = append(opts, rtrace.WithInsecure())
-		}
-		tp := rtrace.NewTracerProvider(opts...)
+	if conf.TracesExporter != "none" && conf.TracesExporter != "" {
+		tp := rtrace.NewTracerProvider(conf.TracingServiceName, conf.TracesExporter)
 		rtrace.SetDefaultTracerProvider(tp)
 		return tp
 	}
@@ -281,11 +262,9 @@ func parseCoreConfOrDie(v interface{}) *coreConf {
 
 	// tracing defaults to enabled if not explicitly configured
 	if v == nil {
-		c.TracingEnabled = true
-		c.TracingEndpoint = "localhost:6831"
-	} else if _, ok := v.(map[string]interface{})["tracing_enabled"]; !ok {
-		c.TracingEnabled = true
-		c.TracingEndpoint = "localhost:6831"
+		c.TracesExporter = "console"
+	} else if _, ok := v.(map[string]interface{})["traces_exporter"]; !ok {
+		c.TracesExporter = "console"
 	}
 
 	return c