sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
76,078 Commits
609 Branches
1176 Tags
9.7 GiB
Commit Graph

685 Commits (0710cfb800981b76727ba656943a58a0f49e4414)

Author SHA1 Message Date
Louis Chemineau ff5a03e890
feat: Close sessions created for login flow v2 
Sessions created during the login flow v2 should be short lived to not leave an unexpected opened session in the browser.

This commit add a property to the session object to track its origin, and will close it as soon as possible, i.e., on the first non public page request.

Signed-off-by: Louis Chemineau <louis@chmn.me>

[skip ci]

Signed-off-by: Louis Chemineau <louis@chmn.me>
 2025-03-03 11:38:04 +07:00
Julius Härtl 24993f988b
fix: Add direct parameter to flow auth v2 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2024-08-06 22:44:34 +07:00
Julius Härtl 23ec547af0 fix: Ignore preview requests for invalid file ids 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2024-07-29 08:16:30 +07:00
Benjamin Gaussorgues 3e2600bf86 feat: don't count failed CSRF as failed login attempt 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-07-11 14:15:20 +07:00
Arthur Schiwon 464cfce9b5
Merge pull request #44977 from nextcloud/backport/44745/stable29 
[stable29] fix(auth): Keep redirect URL during 2FA setup and challenge
 2024-06-12 19:37:41 +07:00
Daniel Kesselberg 73703eb276 test: add tests for ProfilePageController 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2024-06-12 18:21:58 +07:00
provokateurin ac4ead61af fix(core): Return X-NC-IsCustomAvatar for guest avatars too 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-06-12 11:06:10 +07:00
skjnldsv 7327803816 fix(files_sharing): dark avatar support 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2024-06-12 11:06:10 +07:00
skjnldsv 4ad83e9fa3 fix(core): allow guest avatar fallback 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2024-06-12 11:06:10 +07:00
Arthur Schiwon f0494ec17a fix(Session): avoid password confirmation on SSO 
SSO backends like SAML and OIDC tried a trick to suppress password
confirmations as they are not possible by design. At least for SAML it was
not reliable when existing user backends where used as user repositories.

Now we are setting a special scope with the token, and also make sure that
the scope is taken over when tokens are regenerated.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-06-11 20:19:18 +07:00
John Molakvoæ (skjnldsv) 2c2a5a25ac fix(core): unsupported browser redirect url 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2024-06-07 08:58:58 +07:00
Joas Schilling 7f6ee0cb9f fix(search): Limit maximum number of search results 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-05-15 07:54:00 +07:00
Christoph Wurst 67071f8875 fix(auth): Keep redirect URL during 2FA setup and challenge 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2024-04-23 07:38:33 +07:00
Côme Chilliet 0b332ceac2 fix: Apply new coding standard to all files 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-04-04 11:45:22 +07:00
Ferdinand Thiessen 3fede00732
feat(login): Clear login form (password) after IDLE timeout 
For security reasons it is recommended to stop the login process at a defined time,
this could prevent password leaks by e.g. user forgetting that they entered their password on public devices.

Enforced e.g. by the BSI ORP.4.A13 rule.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-03-25 12:22:53 +07:00
fenn-cs 2792d8b3f5 feat: Limit email input on auth pages to 255 chars 
Excessively long emails reported make server unresponsive.

We could at some point, consider adding a configuration for sysadmins to bypass this setting
on their instance if they want.

Signed-off-by: fenn-cs <fenn25.fn@gmail.com>
 2024-03-21 10:34:55 +07:00
Eduardo Morales 0de6cc7472 feat: added login's initial possible email-states 
Signed-off-by: Eduardo Morales <emoral435@gmail.com>
 2024-03-10 10:32:21 +07:00
Robin Appelman fd4ca13867
Merge pull request #43471 from nextcloud/cache-path-by-id 
Cache path by id
 2024-03-05 17:26:25 +07:00
Julius Härtl c7813bfdaf
feat: Implement team provider api 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2024-03-05 08:13:58 +07:00
Robin Appelman e7a7b4a401 perf: switch places that always use the first getById result to getFirstNodeById 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2024-03-04 13:57:31 +07:00
provokateurin 2c51933b6b
refactor(core): Switch to attribute based routing 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-02-21 12:07:50 +07:00
provokateurin 6243a9471d
feat(core): Add OCS endpoint for confirming the user password 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-02-20 14:28:00 +07:00
provokateurin d95e500e45
feat(core): Expose the confirm password endpoint 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-02-20 08:04:13 +07:00
John Molakvoæ 4a509dfe8e
fix: phpunit 
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
 2024-02-13 21:06:31 +07:00
John Molakvoæ 9593f4d6f9
fix: openapi 
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
 2024-02-13 21:06:31 +07:00
Vincent Petry 839ddaa354
feat: rename users to account or person 
Replace translated text in most locations

Signed-off-by: Vincent Petry <vincent@nextcloud.com>
 2024-02-13 21:06:30 +07:00
Côme Chilliet 6fc5cef6e9 fix: Support other schemes than HTTP and HTTPS in app navigation 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-02-06 09:36:39 +07:00
Côme Chilliet 4f69f49a75 fix: Revert external url support in icon as it’s not allowed 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-02-06 09:36:39 +07:00
Côme Chilliet 4fb5c15db5 Allow application to pass external links in navigation 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-02-06 09:36:39 +07:00
provokateurin b64ab5fba8
refactor: Migrate IgnoreOpenAPI attributes to OpenAPI 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-01-18 16:14:17 +07:00
Côme Chilliet 95ea6188dc Suppress or fix psalm errors related to InvalidTokenException 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-01-11 14:02:15 +07:00
Côme Chilliet eee9f1eec4 Always catch OCP versions of authentication exceptions 
And always throw OC versions for BC

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-01-11 14:02:15 +07:00
Joas Schilling 0b591916d6
fix(openapi): Make OpenAPI CI green again 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-01-11 12:29:19 +07:00
Ferdinand Thiessen 949e09ccb7 enh(core): Refactor profile page to use vue components 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-01-10 11:22:27 +07:00
Gaspard d'Hautefeuille 08ff644f3c Keep https check 
https://github.com/nextcloud/server/issues/41196 + keep https check

Co-authored-by: Louis <louis@chmn.me>
Signed-off-by: Gaspard d'Hautefeuille <github@dhautefeuille.eu>
 2024-01-05 04:20:26 +07:00
Gaspard d'Hautefeuille 85911cbab2 Cancel PR #37405, remove regression code 
Signed-off-by: Gaspard d'Hautefeuille <github@dhautefeuille.eu>
 2024-01-05 04:20:26 +07:00
Joas Schilling aa5f037af7
chore: apply changes from Nextcloud coding standards 1.1.1 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2023-11-23 10:36:13 +07:00
Benjamin Gaussorgues 33837e7d6f
Fix invalid users/groups handling in advanced search 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2023-11-15 10:17:43 +07:00
Joas Schilling 0feb55ee93
Merge pull request #41271 from nextcloud/enh/text-processing-iprovider2 
enh(TextProcessing): Add two new provider interfaces
 2023-11-13 10:49:14 +07:00
Benjamin Gaussorgues c753eefb21
feat(search): Allow multiple search terms in UnifiedController 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2023-11-10 09:21:16 +07:00
Marcel Klehr b45007f38f
Merge branch 'master' into enh/text-processing-iprovider2 2023-11-09 13:46:18 +07:00
Christoph Wurst a5422a3998
fix: Show error message when CSRF check fails at login 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-11-08 15:18:34 +07:00
Marcel Klehr 8c0c426538
Merge branch 'master' into enh/text-processing-iprovider2 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-11-08 11:52:47 +07:00
Marcel Klehr d11b9cbd79 fix(TextProcessing/Manager): Throw TaskFailureException upon failure 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-11-06 12:50:16 +07:00
Marcel Klehr 181f819e41 enh(TextProcessing): Add IProvider2 
- allow providers to obtain current task's userId
- allow providers to expose average task runtime

Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-11-03 16:22:54 +07:00
Christopher Ng 7f530d22e1 fix: Only highlight profile entry when viewing own profile 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2023-11-02 15:43:56 +07:00
Joas Schilling 2b8114d59d
feat(events): Add typed event for filtering autocompletion suggestions 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-11-02 11:08:53 +07:00
Robin Appelman 1fffa3eae0
load script and styles on setup page 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2023-10-31 10:03:09 +07:00
Marcel Müller c2393fb712 Reset BFP for sudo action 
Signed-off-by: Marcel Müller <marcel-mueller@gmx.de>
 2023-10-28 18:36:43 +07:00
Christopher Ng d899e676de fix: Set profile as active nav entry 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2023-10-26 10:30:22 +07:00