nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Misha M.-Kupriyanov	d1a94f3c9c	feat(login-flow-v2): Restrict allowed apps by user agent check Enable via: ./occ config:system:set core.login_flow_v2.allowed_user_agents 0 --value '/Custom Foo Client/i' ./occ config:system:set core.login_flow_v2.allowed_user_agents 1 --value '/Custom Bar Client/i' if user agent string is unknown the template with "Access forbidden"-"Please use original client" will be displayed Signed-off-by: Misha M.-Kupriyanov <kupriyanov@strato.de>	2025-04-23 09:45:23 +07:00
Richard Steinmetz	246da73a36	fix(oauth2): retain support for legacy ownCloud clients Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>	2025-04-01 11:25:52 +07:00
Joas Schilling	522be60ff0	fix(phpunit): Remove some more withConsecutive calls Signed-off-by: Joas Schilling <coding@schilljs.com>	2025-03-31 09:43:22 +07:00
Côme Chilliet	f033ef7c18	fix: Migrate all uses of OCP\Template to OCP\Template\ITemplateManager Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2025-03-06 15:49:25 +07:00
Côme Chilliet	f52b4c5eb2	fix: Remove skip of grant page, only skip first step Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2025-01-07 10:34:30 +07:00
Côme Chilliet	99e0867f0a	chore: Adapt tests to added constructor parameters Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2025-01-07 10:34:30 +07:00
Benjamin Gaussorgues	22051a73c1	feat(login): add origin check at login Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2024-12-05 09:51:53 +07:00
skjnldsv	b15fdfd40e	chore(profile): move profile app from core to apps Signed-off-by: skjnldsv <skjnldsv@protonmail.com>	2024-11-14 10:25:02 +07:00
Ferdinand Thiessen	c84c256261	fix: Adjust preview for view-only shares Previously there was a different behavior for public shares (link-shares) and internal shares, if the user disabled the view permission. The legacy UI for public shares simply "disabled" the context menu and hided all download actions. With Nextcloud 31 all share types use the consistent permissions attributes, which simplifies code, but caused a regression: Images can no longer been viewed. Because on 30 and before the attribute was not set, previews for view-only files were still allowed. Now with 31 we need a new way to allow "viewing" shares. So this is allowing previews for those files, but only for internal usage. This is done by settin a special header, which only works with custom requests, and not by opening the URL directly. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-10-28 15:52:27 +07:00
Julius Knorr	606241caeb	chore(legacy): Introduce public version ct plass and drop version methods from OC_Util Signed-off-by: Julius Knorr <jus@bitgrid.net>	2024-09-20 14:53:34 +07:00
provokateurin	9836e9b164	chore(deps): Update nextcloud/coding-standard to v1.3.1 Signed-off-by: provokateurin <kate@provokateurin.de>	2024-09-19 14:21:20 +07:00
Christoph Wurst	49dd79eabb	refactor: Add void return type to PHPUnit test methods Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2024-09-15 22:32:31 +07:00
Daniel Kesselberg	af6de04e9e	style: update codestyle for coding-standard 1.2.3 Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2024-08-25 19:34:58 +07:00
Julius Härtl	6c1e896a03	fix: Ignore preview requests for invalid file ids Signed-off-by: Julius Härtl <jus@bitgrid.net>	2024-07-22 22:32:34 +07:00
Benjamin Gaussorgues	e5275dbada	feat: don't count failed CSRF as failed login attempt Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2024-07-11 09:27:33 +07:00
Daniel	e5a6698ec0	Merge pull request #45811 from nextcloud/add-test-for-profile-page-controller test: add tests for ProfilePageController	2024-06-12 14:49:03 +07:00
Daniel Kesselberg	98eb190e04	test: add tests for ProfilePageController Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2024-06-12 11:46:12 +07:00
skjnldsv	8bed23288b	fix(files_sharing): dark avatar support Signed-off-by: skjnldsv <skjnldsv@protonmail.com>	2024-06-12 10:27:29 +07:00
Andy Scherzinger	1f7e2ba599	chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>	2024-05-13 17:41:36 +07:00
Christoph Wurst	22dc27810e	fix(auth): Keep redirect URL during 2FA setup and challenge Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2024-04-19 10:24:26 +07:00
Ferdinand Thiessen	3fede00732	feat(login): Clear login form (password) after IDLE timeout For security reasons it is recommended to stop the login process at a defined time, this could prevent password leaks by e.g. user forgetting that they entered their password on public devices. Enforced e.g. by the BSI ORP.4.A13 rule. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-03-25 12:22:53 +07:00
Eduardo Morales	685145714a	chore: update logincontroller tests Signed-off-by: Eduardo Morales <emoral435@gmail.com>	2024-03-10 11:36:42 +07:00
provokateurin	6243a9471d	feat(core): Add OCS endpoint for confirming the user password Signed-off-by: provokateurin <kate@provokateurin.de>	2024-02-20 14:28:00 +07:00
John Molakvoæ	4a509dfe8e	fix: phpunit Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>	2024-02-13 21:06:31 +07:00
Joas Schilling	2ee5c7a8f9	fix(tests): Fix remaining tests Signed-off-by: Joas Schilling <coding@schilljs.com>	2024-01-09 15:58:02 +07:00
Louis Chemineau	db11313152	Fix tests after slow logout fix Signed-off-by: Louis Chemineau <louis@chmn.me>	2024-01-08 19:09:48 +07:00
Gaspard d'Hautefeuille	85911cbab2	Cancel PR #37405 , remove regression code Signed-off-by: Gaspard d'Hautefeuille <github@dhautefeuille.eu>	2024-01-05 04:20:26 +07:00
Joas Schilling	aa5f037af7	chore: apply changes from Nextcloud coding standards 1.1.1 Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2023-11-23 10:36:13 +07:00
Ferdinand Thiessen	154a9989a7	Merge pull request #39852 from nextcloud/pragmaHeader Stop sending deprecated Pragma header	2023-10-18 03:30:21 +07:00
Côme Chilliet	ee39a47e84	Fix Dynamic property timeFactory in ClientFlowLoginControllerTest Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-10-09 10:30:54 +07:00
Julien Veyssier	807f173dec	make oauth2 authorization code expire after 10 minutes Signed-off-by: Julien Veyssier <julien-nc@posteo.net>	2023-10-05 14:24:02 +07:00
Joas Schilling	25309bcb45	techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25 Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-08-28 15:50:45 +07:00
Git'Fellow	066f6ef16c	Stop sending deprecated Pragma header Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>	2023-08-28 15:11:22 +07:00
John Molakvoæ	266fb31180	fix(tests): preview phpunit Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>	2023-08-17 18:58:21 +07:00
jld3103	1be836273d	core: Add OpenAPI spec Signed-off-by: jld3103 <jld3103yt@gmail.com>	2023-07-13 07:24:15 +07:00
Joas Schilling	33385d7ecb	fix(tests): Adjust unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-05-15 16:12:14 +07:00
Joshua Trees	a4032a3800	Add some tests for input trimming in LostController.php Signed-off-by: Joshua Trees <me@jtrees.io>	2023-04-05 12:15:38 +07:00
Git'Fellow	346054f854	Fix tests Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>	2023-03-28 09:41:04 +07:00
Joas Schilling	59578817f5	Merge pull request #36489 from nextcloud/bugfix/noid/brute-force-protection-password-reset Add bruteforce protection to password reset page	2023-02-06 22:12:25 +07:00
Joas Schilling	875e6cf7e6	fix(CI): Adjust expected result Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-02-06 11:26:38 +07:00
Christoph Wurst	88d116ba84	fix(client-login-flow): Handle missing stateToken gracefully Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-02-06 09:42:15 +07:00
Côme Chilliet	003cc2b45a	Fix tests failures (number of calls differed with last rebase) Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-01-24 09:38:20 +07:00
Carl Schwan	a23cd7b961	Fix a bunch of deprecation in the phpunit for core Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2023-01-24 09:34:09 +07:00
Côme Chilliet	f5c361cf44	composer run cs:fix Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-01-20 11:45:08 +07:00
Christoph Wurst	20fcfb5739	feat(app framework)!: Inject services into controller methods Usually Nextcloud DI goes through constructor injection. This has the implication that each instance of a class builds the full DI tree. That is the injected services, their services, etc. Occasionally there is a service that is only needed for one controller method. Then the DI tree is build regardless if used or not. If services are injected into the method, we only build the DI tree if that method gets executed. This is also how Laravel allows injection. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-01-18 14:00:38 +07:00
Christoph Wurst	f22101d421	Fix login loop if login CSRF fails and user is not logged in If CSRF fails but the user is logged in that they probably logged in in another tab. This is fine. We can just redirect. If CSRF fails and the user is also not logged in then something is fishy. E.g. because Nextcloud contantly regenrates the session and the CSRF token and the user is stuck in an endless login loop. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-01-18 09:39:17 +07:00
Christoph Wurst	138deec333	chore: Make the LoginController strict Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2022-12-15 10:52:28 +07:00
Julius Härtl	8629d8e44f	Check share attributes on preview endpoints Signed-off-by: Julius Härtl <jus@bitgrid.net>	2022-10-25 11:35:31 +07:00
Côme Chilliet	1cb0c2ac52	Fix LostController test Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2022-10-18 14:49:02 +07:00
Joas Schilling	67ecd72972	Fix unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>	2022-08-31 20:54:39 +07:00

1 2 3 4 5 ...

305 Commits (58aaddeca571a3efcc710f4f1dbac837deeedb61)