sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
61,648 Commits
618 Branches
1167 Tags
9.0 GiB
Commit Graph

480 Commits (302a67f6853065122ef8648cdbdefc1504e8d350)

Author SHA1 Message Date
Carl Schwan 36721a8d0d Fix caching of the user avatar 
Now on firefox/safari it is only refetched once a day. On Chrom{e,ium}
we keep the previous behavior of maybe refetching it more often.

This also notify the user about this behavior when they upload an avatar
picture.

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-02-25 14:24:07 +07:00
Carl Schwan 7dddbd0c35 Improve caching policy 
* Cache css with version in url. This makes most js and css requests to
  be cached by the browser

* Force caching previews, the etag is in the url so that if the propfind
  gives a new etag, we will refresh it otherwise it's no use to try to
  fetch the new etag and do tons of DB queries

Tested with firefox and 'debug' => false (important so that the js/css
urls are generated with ?v= parameter)

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-02-16 11:35:57 +07:00
Joas Schilling 6dd60b6d30
Only allow avatars in 64 and 512 pixel size 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-02-07 16:47:51 +07:00
Christopher Ng 22768769c3 Improve installation pages 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2022-01-14 19:59:46 +07:00
John Molakvoæ (skjnldsv) b664aad7ab
Move bundles to /dist 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2022-01-08 10:11:58 +07:00
John Molakvoæ bfaeb6ae64
Merge pull request #29531 from nextcloud/bugfix/noid/flow-auth-v2-apptoken 2021-12-30 08:14:23 +07:00
Julius Härtl e00173a71b
Also pass user on flow v2 landing 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2021-12-29 11:52:31 +07:00
Julius Härtl 61dd1d3d97
Pass username prefill through unauthenticated request redirects 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2021-12-29 11:52:31 +07:00
Julius Härtl aa3f4bdf63
Allow using an app token to login with v2 flow auth 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2021-12-03 08:37:42 +07:00
Christopher Ng be5b9e36cd Hide user status from public 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2021-11-23 22:58:44 +07:00
Côme Chilliet 5a20e20e9e
Fix errors in AvatarController when data() returns null 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2021-11-23 09:29:01 +07:00
Christoph Wurst c8caba265f
Explicitly allow some routes without 2FA 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-11-17 18:42:21 +07:00
Joas Schilling fa036b2001
Move common logic to share manager 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-11-09 10:10:53 +07:00
Christopher Ng f4307ef4b1 Respect user enumeration settings on profile 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2021-11-05 21:33:03 +07:00
Vitor Mattos d613b32045
add check isFairUseOfFreePushService on login 
Signed-off-by: Vitor Mattos <vitor@php.rio>
 2021-10-23 00:54:50 +07:00
Joas Schilling 3ce3c0f117
Add an OCS endpoint for the hovercard contact actions 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-10-20 10:22:40 +07:00
Christopher Ng 309354852f Profile backend 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2021-10-19 04:59:35 +07:00
Julius Härtl d68f028251
Merge pull request #27733 from PhrozenByte/enhancement/noid/IURLGenerator-linkToDefaultPageUrl 2021-10-05 13:06:59 +07:00
Pytal 3a94d7c2ea
Merge pull request #28794 from nextcloud/fix/noid/guest-activation-pwd-reset-disabled 
allow using of disabled password reset mechanism for special cases
 2021-09-14 18:29:10 +07:00
Arthur Schiwon a843d3c5db
allow using of disabled password reset mechanism for special cases 
- LostController has three endpoints
- door opener email() still rejects
- resetform(), reachable from mail, checks the token first and may report
  that password reset is disabled
- setPassword() got its check removed as it is behind CSFR anyway and still
  requires a valid token
- this allows special cases like activating a freshly created guest account

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2021-09-10 22:48:16 +07:00
Arthur Schiwon 6857136f06
fixes missing prefix to validate password reset token 
- also fixes the test which missed asserting the presence of it

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2021-09-10 19:06:50 +07:00
Arthur Schiwon a20de15b43
add a job to clean up expired verification tokens 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2021-09-09 14:03:35 +07:00
Arthur Schiwon 19cc757531
move verification token logic out of lost password controller 
- to make it reusable
- needed for local email verification

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2021-09-09 14:03:29 +07:00
Lukas Reschke 2994dbe215
Fix codestyle 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2021-09-06 10:53:01 +07:00
Lukas Reschke dd054b2ee8
Check if SVG path is valid 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2021-09-06 10:46:12 +07:00
Christoph Wurst 4b0e18ae1b
Merge pull request #27294 from pjft/patch-2 
Update TwoFactorChallengeController.php
 2021-08-19 12:40:40 +07:00
Jonas Meurer 7c76e85dde
Use IURLGenerator function to get value of `\OC::$WEBROOT` global 
Signed-off-by: Jonas Meurer <jonas@freesources.org>
 2021-08-16 10:56:47 +07:00
Jonas Meurer 5f5bacde8f
UnifiedSearchController: strip webroot from URL before finding a route 
This should fix route matching in UnifiedSearchController on setups with
Nextcloud in a subfolder (webroot).

Fixes: #24144
Signed-off-by: Jonas Meurer <jonas@freesources.org>
 2021-08-16 10:56:25 +07:00
Daniel Rudolf 4d7430949a
Remove usage of \OC_Util::getDefaultPageUrl() and \OC_Util::redirectToDefaultPage() 
Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
 2021-08-04 19:02:57 +07:00
Daniel Rudolf aa455e71d9
Merge branch 'master' into enhancement/noid/IURLGenerator-linkToDefaultPageUrl 2021-08-04 18:52:55 +07:00
Daniel Rudolf e478db9161
Deprecate RedirectToDefaultAppResponse 
Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
 2021-07-01 15:13:08 +07:00
Gary Kim b78f3a57d1
Migrate HintException to OCP 
Signed-off-by: Gary Kim <gary@garykim.dev>
 2021-06-30 15:28:02 +07:00
Daniel Rudolf 12059eb65b
Add IUrlGenerator::linkToDefaultPageUrl() 
Replaces the deprecated \OC_Util::getDefaultPageUrl() and makes this API public.

Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
 2021-06-30 16:20:57 +07:00
pjft b1086e25bb Add logging to 2FA failure 
For security reasons, we may want to monitor failures of 2FA challenges in order to ban attackers who might try to access compromised accounts but are stopped by the 2FA challenge.
Right now, the only hindrance is rate-limiting, but it's probably not enough.
Added dependency injection.

Signed-off-by: pjft <paulo.j.tavares@gmail.com>
 2021-06-21 20:43:12 +07:00
Julius Härtl c0474ba364
Use product name in places where it is appropriate rather than the instance name 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2021-06-16 11:42:53 +07:00
Morris Jobke 2ae60b42ab
Merge pull request #26494 from rigrig/fix-php8-deprecations 
Fix some php 8 warnings
 2021-06-07 23:30:59 +07:00
John Molakvoæ (skjnldsv) 215aef3cbd
Update php licenses 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2021-06-04 22:02:41 +07:00
Richard de Boer f23d057ad9 Fix functions taking optional parameters before required ones 
PHP 8 shows deprecation warnings about this, see #25806
Removes the "default" values, as they actually are required parameters anyway.

Signed-off-by: Richard de Boer <git@tubul.net>
 2021-05-29 14:14:52 +07:00
Joas Schilling 69290781ff Handle device login like an alternative login 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-04-20 09:11:33 +07:00
Roeland Jago Douma b43e21d186
Merge pull request #26401 from nextcloud/enh/handle-avatar-upload-errors 
Show informative errors on avatar upload error
 2021-04-08 16:12:36 +07:00
Robin Appelman c232a40bdf
remove leftover debug @NoCSRFRequired introduced with #26198 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2021-04-01 13:51:53 +07:00
Julien Veyssier 7b69897474
show informative errors in log and UI on avatar upload error in user settings 
Signed-off-by: Julien Veyssier <eneiluj@posteo.net>
 2021-04-01 11:55:13 +07:00
Robin Appelman b38618c813
use node search api for legacy file search endpoint 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2021-03-19 16:08:01 +07:00
Roeland Jago Douma 4076dfb019 Allow admins to disable the login form 
In case they want to not allow this because they use SSO (and do not
want the users to enter their credentials there by accident).

?direct=1 still works.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2021-03-08 15:36:47 +07:00
Christoph Wurst 7be2ce82e7
Merge pull request #25544 from nextcloud/refactor/app-password-created-event 
Move app_password_created to a typed event
 2021-03-02 08:18:59 +07:00
Christoph Wurst 5026d2cca1
Merge pull request #25086 from nextcloud/dependabot/composer/nextcloud/coding-standard-0.5.0 
Bump nextcloud/coding-standard from 0.3.0 to 0.5.0
 2021-02-18 14:05:54 +07:00
dependabot-preview[bot] eb502c02ff
Bump nextcloud/coding-standard from 0.3.0 to 0.5.0 
Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 0.3.0 to 0.5.0.
- [Release notes](https://github.com/nextcloud/coding-standard/releases)
- [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nextcloud/coding-standard/compare/v0.3.0...v0.5.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-02-18 13:31:24 +07:00
Joas Schilling 6ed4aaeeea
Send emails on password reset to the displayname 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-02-18 12:38:43 +07:00
Joas Schilling 83755b7b02
Make new result parts optional 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-02-12 16:21:47 +07:00
Christoph Wurst f8808e260d
Move app_password_created to a typed event 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-02-09 18:49:35 +07:00