sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
80,476 Commits
622 Branches
1167 Tags
9.0 GiB
Commit Graph

765 Commits (58aaddeca571a3efcc710f4f1dbac837deeedb61)

Author SHA1 Message Date
Stephan Orbaugh aa8c0a68cb
Merge pull request #50650 from IONOS-Productivity/feat/login_flow_v2-user_agents-allow-list 
feat(login-flow-v2): Restrict allowed apps by user agent check
 2025-04-24 10:12:19 +07:00
Joas Schilling 9ed33cf6aa
feat(profile): Add an API to get the profile field data 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-04-23 12:38:18 +07:00
Misha M.-Kupriyanov d1a94f3c9c feat(login-flow-v2): Restrict allowed apps by user agent check 
Enable via:
./occ config:system:set core.login_flow_v2.allowed_user_agents 0  --value '/Custom Foo Client/i'
./occ config:system:set core.login_flow_v2.allowed_user_agents 1  --value '/Custom Bar Client/i'

if user agent string is unknown
the template with "Access forbidden"-"Please use original client" will be displayed

Signed-off-by: Misha M.-Kupriyanov <kupriyanov@strato.de>
 2025-04-23 09:45:23 +07:00
Richard Steinmetz 246da73a36
fix(oauth2): retain support for legacy ownCloud clients 
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
 2025-04-01 11:25:52 +07:00
skjnldsv 0179cb4d8d feat(core): add setup cypress tests 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2025-03-13 20:51:00 +07:00
skjnldsv cc12719df5 feat(core): migrate setup to vue 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2025-03-13 16:00:18 +07:00
Côme Chilliet 71dc34c03c fix: Deprecate OC_Template, add proper template manager instead 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-03-06 15:49:25 +07:00
Louis Chemineau c6293204a2
feat: Close sessions created for login flow v2 
Sessions created during the login flow v2 should be short lived to not leave an unexpected opened session in the browser.

This commit add a property to the session object to track its origin, and will close it as soon as possible, i.e., on the first non public page request.

Signed-off-by: Louis Chemineau <louis@chmn.me>
 2025-02-26 13:42:18 +07:00
Côme Chilliet e757b649b7
fix: Fix psalm taint false-positives by small refactorings 
Mostly make it clear that we trust admin input or that we correctly
 escape strings.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-02-17 18:08:23 +07:00
skjnldsv 2c13259093 feat(files): add mime icon endpoint 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2025-01-22 16:29:36 +07:00
SebastianKrupinski 332fa63850 feat: Two Factor API 
Signed-off-by: SebastianKrupinski <krupinskis05@gmail.com>
 2025-01-16 08:31:58 +07:00
Julien Veyssier 24332e2a06
fix(taskprocessing): /tasktypes endpoint was broken by #49015 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2025-01-09 10:06:25 +07:00
Côme Chilliet f52b4c5eb2 fix: Remove skip of grant page, only skip first step 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-01-07 10:34:30 +07:00
Côme Chilliet e7be008dc1 feat(oauth2): Skip page before login as well for authorized applications 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-01-07 10:34:30 +07:00
Côme Chilliet 9b366c65d4 feat(oauth): Allow to skip the grant step for selected applications 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-01-07 10:34:30 +07:00
provokateurin 085d4c9364
refactor(OpenAPI): Adjust scopes to match previous behavior 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2025-01-06 14:30:40 +07:00
Stephan Orbaugh d4715c61f2
Merge pull request #49560 from nextcloud/fix/login-origin 
feat(login): add origin check at login
 2024-12-20 14:53:11 +07:00
Jonas dd5f560246
fix(ReferenceApiController): Bump rate limit for public resolve endpoint 
E.g. text documents might contain hundreds of links whose previews need
to get loaded.

Fixes: nextcloud/collectives#1607

Signed-off-by: Jonas <jonas@freesources.org>
 2024-12-16 13:01:55 +07:00
Benjamin Gaussorgues 22051a73c1
feat(login): add origin check at login 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-12-05 09:51:53 +07:00
Maxence Lange 4591430c9c feat(ocm): signing ocm requests 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2024-12-04 09:30:55 +07:00
Marcel Klehr 3ac14af26b fix(TaskProcessing): Set up fs in getFileContentsInternal 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-11-26 11:07:20 +07:00
skjnldsv b15fdfd40e chore(profile): move profile app from core to apps 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2024-11-14 10:25:02 +07:00
John Molakvoæ 452e4be4f5
Merge pull request #46222 from nextcloud/fix/task-processing-api-controller/dont-use-plus 2024-11-06 09:02:23 +07:00
provokateurin 77114fb327
fix(OpenAPI): Adjust array syntax to avoid ambiguities 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-11-05 09:58:11 +07:00
Ferdinand Thiessen c84c256261
fix: Adjust preview for view-only shares 
Previously there was a different behavior for public shares (link-shares) and internal shares,
if the user disabled the view permission.
The legacy UI for public shares simply "disabled" the context menu and hided all download actions.
With Nextcloud 31 all share types use the consistent permissions attributes,
which simplifies code, but caused a regression: Images can no longer been viewed.

Because on 30 and before the attribute was not set, previews for view-only files
were still allowed. Now with 31 we need a new way to allow "viewing" shares.

So this is allowing previews for those files, but only for internal usage.
This is done by settin a special header, which only works with custom requests,
and not by opening the URL directly.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-10-28 15:52:27 +07:00
dependabot[bot] bb598c8451
chore(deps): Bump nextcloud/coding-standard in /vendor-bin/cs-fixer 
Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 1.3.1 to 1.3.2.
- [Release notes](https://github.com/nextcloud/coding-standard/releases)
- [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nextcloud/coding-standard/compare/v1.3.1...v1.3.2)

---
updated-dependencies:
- dependency-name: nextcloud/coding-standard
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-10-19 07:57:35 +07:00
Julius Knorr 606241caeb
chore(legacy): Introduce public version ct plass and drop version methods from OC_Util 
Signed-off-by: Julius Knorr <jus@bitgrid.net>
 2024-09-20 14:53:34 +07:00
provokateurin 9836e9b164
chore(deps): Update nextcloud/coding-standard to v1.3.1 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-09-19 14:21:20 +07:00
Anna Larch 8af7ecb257 chore: adjust code to adhere to coding standard 
Signed-off-by: Anna Larch <anna@nextcloud.com>
 2024-09-05 21:23:38 +07:00
Daniel Kesselberg af6de04e9e
style: update codestyle for coding-standard 1.2.3 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2024-08-25 19:34:58 +07:00
provokateurin e77d6c913d
fix(core): Limit valid avatar sizes 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-08-14 09:29:30 +07:00
Julius Härtl 1aa29441e3 fix: Add direct parameter to flow auth v2 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2024-08-05 12:13:52 +07:00
Julius Härtl a6d421e767
chore: Remove deprecated legacy search backend 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2024-08-01 12:33:18 +07:00
provokateurin bc5c0262af
refactor(core): Make all attribute arguments named 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-07-27 22:36:18 +07:00
provokateurin c57c3c1573
refactor(core): Replace security annotations with respective attributes 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-07-26 07:30:45 +07:00
Kate a9b77c3d12
Merge pull request #46761 from nextcloud/fix/core/document-csrf-token-endpoint 2024-07-26 07:13:26 +07:00
Andy Scherzinger 4f2a29adf9
Merge pull request #46672 from nextcloud/fix/preview-invalid-id 
Avoid using partial file info as valid one
 2024-07-25 19:37:30 +07:00
provokateurin 90e108e548
fix(core): Document CSRF token endpoint 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-07-25 18:04:46 +07:00
Julien Veyssier 060fb26686
fix(taskprocessing): run cs:fix 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2024-07-25 10:10:32 +07:00
Marcel Klehr 799ee8fd51
feat(TaskProcessing): Implement enums and default values 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-07-25 10:10:31 +07:00
Julius Härtl 6c1e896a03 fix: Ignore preview requests for invalid file ids 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2024-07-22 22:32:34 +07:00
Julien Veyssier fffc784769
feat(taskprocessing): add support for webhooks (http or AppAPI) in the task processing API 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2024-07-22 11:34:29 +07:00
Ferdinand Thiessen 9716b0d735 refactor: Migrate some legacy and core functions to `IFilenameValidator` 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-07-19 19:41:46 +07:00
Marcel Klehr a3c3eab09c
Merge pull request #46368 from nextcloud/fix/task-processing 
TaskProcessing follow-up
 2024-07-19 12:38:30 +07:00
Jonas 9fe4edca2c
fix(ReferenceApiController): Remove accidently added AnonRateLimit 
Signed-off-by: Jonas <jonas@freesources.org>
 2024-07-17 15:38:09 +07:00
Marcel Klehr 0d07ad98b0 fix(TaskProcessing): Update openapi specs 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-07-17 13:55:55 +07:00
Marcel Klehr eb0b5f29fb fix(TaskProcessingApiController): Address review comments 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-07-17 13:55:55 +07:00
Marcel Klehr 4ac1ac673e fix: psalm errors 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-07-17 13:55:55 +07:00
Marcel Klehr 4ac7f8275b feat(TaskProcessing): Allow setting task results for file slots 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-07-17 13:55:55 +07:00
Jonas 1671bf3ef2
feat(Reference): Add public API endpoints to get references 
Calling the public API endpoints will check for matching registered
reference providers that implement `IPublicReferenceProvider` and call
their respective functions. If no matching provider is found, the
default `LinkReferenceProvider` will be used to provide open graph data.

The frontend reference widget components will call these endpoints from
unauthorized sessions, e.g. in public shares.

If present, the sharing token of the origin URL is passed to
`resolveReferencePublic()` as additional information for the reference
provider to determine the access scope. This allows the respective
reference providers to determine whether the origin share has access to
the linked resource.

`getCacheKeyPublic` also gets the sharing token so it can scope the cached
entry to it.

Contributes to #45978

Signed-off-by: Jonas <jonas@freesources.org>
 2024-07-17 12:56:41 +07:00