sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
63,556 Commits
622 Branches
1167 Tags
9.0 GiB
Commit Graph

496 Commits (17c2deff76e100b021ebbf5124584b6ba29cf05d)

Author SHA1 Message Date
Carl Schwan 253118298d Redesign guest pages for better accessibility 
- Use white box and put content on it
- Improve focus indicator

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-07-27 10:43:21 +07:00
Christopher Ng 92500e810f Identify the login page explicitly by the page title 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2022-07-20 23:55:50 +07:00
Thomas Citharel abe5ff3654
Make LostController use IInitialState and LoggerInterface 
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2022-06-10 16:41:41 +07:00
Thomas Citharel 44e13848a1
Add password reset typed events 
These hooks are only used in the Encryption app from what I can see.

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2022-06-10 16:41:41 +07:00
Christopher Ng 57c66bf7cb Use Image class from public API 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2022-06-02 00:37:36 +07:00
Carl Schwan b70c6a128f Update core to PHP 7.4 standard 
- Typed properties
- Port to LoggerInterface

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-05-20 22:18:06 +07:00
Joas Schilling 6084d691b0
Merge pull request #32375 from nextcloud/bugfix/noid/show-user-account-on-grant-loginflow-step 
Show user account on grant loginflow step
 2022-05-16 11:18:22 +07:00
Joas Schilling db1813f640
Show user account on grant loginflow step 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-05-13 10:50:30 +07:00
Thomas Citharel 232322fe06
Modernize contacts menu 
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2022-05-12 18:31:59 +07:00
John Molakvoæ 3c6253f965
Remove old legacy SvgController and IconsCacher 
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
 2022-05-10 23:24:07 +07:00
Joas Schilling 6e4d721278
Expose shareWithDisplayNameUnique also on autocomplete endpoint 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-05-03 12:51:23 +07:00
Vincent Petry 576e4e8f2a
Merge pull request #31592 from nextcloud/fix/direct-arg-flow-v2 
Add direct arg to login flow
 2022-03-29 18:21:40 +07:00
Vincent Petry 80388663af Add direct arg to login flow 
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
Co-Authored-by: Carl Schwan <carl@carlschwan.eu>
 2022-03-28 10:28:45 +07:00
Joas Schilling 5f75d2e104
Remove old shortening 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-03-23 21:42:29 +07:00
Joas Schilling a0c7798c7d
Limit the length of app password names 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-03-23 10:47:56 +07:00
Christopher Ng 1fc0b4320c Add global profile toggle config 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2022-03-18 02:55:12 +07:00
Carl Schwan 36721a8d0d Fix caching of the user avatar 
Now on firefox/safari it is only refetched once a day. On Chrom{e,ium}
we keep the previous behavior of maybe refetching it more often.

This also notify the user about this behavior when they upload an avatar
picture.

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-02-25 14:24:07 +07:00
Carl Schwan 7dddbd0c35 Improve caching policy 
* Cache css with version in url. This makes most js and css requests to
  be cached by the browser

* Force caching previews, the etag is in the url so that if the propfind
  gives a new etag, we will refresh it otherwise it's no use to try to
  fetch the new etag and do tons of DB queries

Tested with firefox and 'debug' => false (important so that the js/css
urls are generated with ?v= parameter)

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-02-16 11:35:57 +07:00
Joas Schilling 6dd60b6d30
Only allow avatars in 64 and 512 pixel size 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-02-07 16:47:51 +07:00
Christopher Ng 22768769c3 Improve installation pages 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2022-01-14 19:59:46 +07:00
John Molakvoæ (skjnldsv) b664aad7ab
Move bundles to /dist 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2022-01-08 10:11:58 +07:00
John Molakvoæ bfaeb6ae64
Merge pull request #29531 from nextcloud/bugfix/noid/flow-auth-v2-apptoken 2021-12-30 08:14:23 +07:00
Julius Härtl e00173a71b
Also pass user on flow v2 landing 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2021-12-29 11:52:31 +07:00
Julius Härtl 61dd1d3d97
Pass username prefill through unauthenticated request redirects 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2021-12-29 11:52:31 +07:00
Julius Härtl aa3f4bdf63
Allow using an app token to login with v2 flow auth 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2021-12-03 08:37:42 +07:00
Christopher Ng be5b9e36cd Hide user status from public 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2021-11-23 22:58:44 +07:00
Côme Chilliet 5a20e20e9e
Fix errors in AvatarController when data() returns null 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2021-11-23 09:29:01 +07:00
Christoph Wurst c8caba265f
Explicitly allow some routes without 2FA 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-11-17 18:42:21 +07:00
Joas Schilling fa036b2001
Move common logic to share manager 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-11-09 10:10:53 +07:00
Christopher Ng f4307ef4b1 Respect user enumeration settings on profile 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2021-11-05 21:33:03 +07:00
Vitor Mattos d613b32045
add check isFairUseOfFreePushService on login 
Signed-off-by: Vitor Mattos <vitor@php.rio>
 2021-10-23 00:54:50 +07:00
Joas Schilling 3ce3c0f117
Add an OCS endpoint for the hovercard contact actions 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-10-20 10:22:40 +07:00
Christopher Ng 309354852f Profile backend 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2021-10-19 04:59:35 +07:00
Julius Härtl d68f028251
Merge pull request #27733 from PhrozenByte/enhancement/noid/IURLGenerator-linkToDefaultPageUrl 2021-10-05 13:06:59 +07:00
Pytal 3a94d7c2ea
Merge pull request #28794 from nextcloud/fix/noid/guest-activation-pwd-reset-disabled 
allow using of disabled password reset mechanism for special cases
 2021-09-14 18:29:10 +07:00
Arthur Schiwon a843d3c5db
allow using of disabled password reset mechanism for special cases 
- LostController has three endpoints
- door opener email() still rejects
- resetform(), reachable from mail, checks the token first and may report
  that password reset is disabled
- setPassword() got its check removed as it is behind CSFR anyway and still
  requires a valid token
- this allows special cases like activating a freshly created guest account

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2021-09-10 22:48:16 +07:00
Arthur Schiwon 6857136f06
fixes missing prefix to validate password reset token 
- also fixes the test which missed asserting the presence of it

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2021-09-10 19:06:50 +07:00
Arthur Schiwon a20de15b43
add a job to clean up expired verification tokens 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2021-09-09 14:03:35 +07:00
Arthur Schiwon 19cc757531
move verification token logic out of lost password controller 
- to make it reusable
- needed for local email verification

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2021-09-09 14:03:29 +07:00
Lukas Reschke 2994dbe215
Fix codestyle 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2021-09-06 10:53:01 +07:00
Lukas Reschke dd054b2ee8
Check if SVG path is valid 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2021-09-06 10:46:12 +07:00
Christoph Wurst 4b0e18ae1b
Merge pull request #27294 from pjft/patch-2 
Update TwoFactorChallengeController.php
 2021-08-19 12:40:40 +07:00
Jonas Meurer 7c76e85dde
Use IURLGenerator function to get value of `\OC::$WEBROOT` global 
Signed-off-by: Jonas Meurer <jonas@freesources.org>
 2021-08-16 10:56:47 +07:00
Jonas Meurer 5f5bacde8f
UnifiedSearchController: strip webroot from URL before finding a route 
This should fix route matching in UnifiedSearchController on setups with
Nextcloud in a subfolder (webroot).

Fixes: #24144
Signed-off-by: Jonas Meurer <jonas@freesources.org>
 2021-08-16 10:56:25 +07:00
Daniel Rudolf 4d7430949a
Remove usage of \OC_Util::getDefaultPageUrl() and \OC_Util::redirectToDefaultPage() 
Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
 2021-08-04 19:02:57 +07:00
Daniel Rudolf aa455e71d9
Merge branch 'master' into enhancement/noid/IURLGenerator-linkToDefaultPageUrl 2021-08-04 18:52:55 +07:00
Daniel Rudolf e478db9161
Deprecate RedirectToDefaultAppResponse 
Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
 2021-07-01 15:13:08 +07:00
Gary Kim b78f3a57d1
Migrate HintException to OCP 
Signed-off-by: Gary Kim <gary@garykim.dev>
 2021-06-30 15:28:02 +07:00
Daniel Rudolf 12059eb65b
Add IUrlGenerator::linkToDefaultPageUrl() 
Replaces the deprecated \OC_Util::getDefaultPageUrl() and makes this API public.

Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
 2021-06-30 16:20:57 +07:00
pjft b1086e25bb Add logging to 2FA failure 
For security reasons, we may want to monitor failures of 2FA challenges in order to ban attackers who might try to access compromised accounts but are stopped by the 2FA challenge.
Right now, the only hindrance is rate-limiting, but it's probably not enough.
Added dependency injection.

Signed-off-by: pjft <paulo.j.tavares@gmail.com>
 2021-06-21 20:43:12 +07:00