Sessions created during the login flow v2 should be short lived to not leave an unexpected opened session in the browser.
This commit add a property to the session object to track its origin, and will close it as soon as possible, i.e., on the first non public page request.
Signed-off-by: Louis Chemineau <louis@chmn.me>
[skip ci]
Signed-off-by: Louis Chemineau <louis@chmn.me>
Replace `ValidatePhoneNumber` from Nextcloud 21 with a new repair step,
`ValidateAccountProperties` which validates and sanitizes all account
properties.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
Currently there is a problem if an exception is thrown in `User::delete`,
because at that point the user is already removed from the backend,
but not all data is deleted.
There is no way to recover from this state, as the user is gone no information is available anymore.
This means the data is still available on the server but can not removed by any API anymore.
The solution here is to first set a flag and backup the user home,
this can be used to recover failed user deletions in a way the delete can be re-tried.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* Resolves https://github.com/nextcloud/server/issues/34476
There is no maximum length defined in the standard,
most common the length is between 128 and 200 characters,
but as we store it not in plain data but base64 encoded the length can grow about 1/3.
We had a regression with 'Nitrokey 3' which created IDs with 196 byte length -> 262 bytes encoded base64.
So to be save we increase the size to 512 bytes.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
Require user verification if all tokens are registered
with UV flag, else discourage it
Signed-off-by: S1m <git@sgougeon.fr>
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
When checking for public (web) access to the data directory the status is not enough
as you might have a webserver that forwards to e.g. a login page.
So instead check that the content of the file matches.
For this the `.ncdata` file (renamed from `.ocdata`¹) has minimal text content
to allow checking.
¹The file was renamed from the legacy `.ocdata`, there is a repair step to remove the old one.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
It was commented out because at that time no other share provider
supported the `acceptShare` method. Today it is the same no other provider
supports it, but we should make it discoverable by adding it to the public API
as an additional interface.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
d
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
f
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
d
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
Signed-off-by: Elizabeth Danzberger <lizzy7128@tutanota.de>
fix: Composer dump
Signed-off-by: Elizabeth Danzberger <lizzy7128@tutanota.de>
fix: Add field array to template class
Signed-off-by: Elizabeth Danzberger <lizzy7128@tutanota.de>
Calling the public API endpoints will check for matching registered
reference providers that implement `IPublicReferenceProvider` and call
their respective functions. If no matching provider is found, the
default `LinkReferenceProvider` will be used to provide open graph data.
The frontend reference widget components will call these endpoints from
unauthorized sessions, e.g. in public shares.
If present, the sharing token of the origin URL is passed to
`resolveReferencePublic()` as additional information for the reference
provider to determine the access scope. This allows the respective
reference providers to determine whether the origin share has access to
the linked resource.
`getCacheKeyPublic` also gets the sharing token so it can scope the cached
entry to it.
Contributes to #45978
Signed-off-by: Jonas <jonas@freesources.org>
provokateurin
Ferdinand Thiessen
FedericoHeichou
Hamza Mahjoubi
Louis Chemineau
SebastianKrupinski
Anupam Kumar
Elizabeth Danzberger
Robin Appelman
S1m
Andy Scherzinger
Julius Härtl
Joas Schilling
Maxence Lange
ernolf
Julien Veyssier
Benjamin Gaussorgues
Joas Schilling
Alexander Piskun
Jonas
Julien CHATY-CAPELLE
skjnldsv