sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
66,159 Commits
622 Branches
1167 Tags
9.0 GiB
Commit Graph

541 Commits (5b6a0affd01f2093a4e2fdbbc916ea8935f65166)

Author SHA1 Message Date
Joas Schilling 59578817f5
Merge pull request #36489 from nextcloud/bugfix/noid/brute-force-protection-password-reset 
Add bruteforce protection to password reset page
 2023-02-06 22:12:25 +07:00
Christoph Wurst 88d116ba84
fix(client-login-flow): Handle missing stateToken gracefully 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-02-06 09:42:15 +07:00
Joas Schilling 704eb3aa6c
Add bruteforce protection to password reset page 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-02-02 06:13:49 +07:00
Christoph Wurst 7269766e05
Merge pull request #36363 from nextcloud/feat/app-framework/usesession-attribute 
feat(app-framework): Add UseSession attribute to replace annotation
 2023-01-27 16:59:14 +07:00
Julien Veyssier 8766e4f242
handle and return touchProvider errors 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-01-27 11:10:56 +07:00
Julien Veyssier 946a1af9fd
add 'last used timestamp' management for reference providers 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-01-27 11:10:56 +07:00
Julien Veyssier 6431c5a559
extend the reference API for the new link picker 
- add 2 interfaces for discoverable and searchable reference providers
- new OCS route to get info on discoverable/searchable reference providers
- new abstract ADiscoverableReferenceProvider that only implements jsonSerialize
- listen to RenderReferenceEvent to inject provider list with initial state

Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-01-27 11:10:55 +07:00
Christoph Wurst 20e00cdf17
feat(app-framework): Add UseSession attribute to replace annotation 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-27 09:40:35 +07:00
Côme Chilliet f5c361cf44
composer run cs:fix 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-20 11:45:08 +07:00
Simon L 06a572ff55
Merge pull request #27492 from cyclops8456/feature/24301-remove-can-install-on-occ-maintenance-install 
Remove the CAN_INSTALL file when occ maintenance:install is complete
 2023-01-18 19:53:02 +07:00
Christoph Wurst 20fcfb5739
feat(app framework)!: Inject services into controller methods 
Usually Nextcloud DI goes through constructor injection. This has the
implication that each instance of a class builds the full DI tree. That
is the injected services, their services, etc. Occasionally there is a
service that is only needed for one controller method. Then the DI tree
is build regardless if used or not.

If services are injected into the method, we only build the DI tree if
that method gets executed.

This is also how Laravel allows injection.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-18 14:00:38 +07:00
Christoph Wurst f22101d421
Fix login loop if login CSRF fails and user is not logged in 
If CSRF fails but the user is logged in that they probably logged in in
another tab. This is fine. We can just redirect.
If CSRF fails and the user is also not logged in then something is
fishy. E.g. because Nextcloud contantly regenrates the session and the
CSRF token and the user is stuck in an endless login loop.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-18 09:39:17 +07:00
Alex Harpin 644df591b1 Rename canInstallExists method and add new method for removal 
Rename canInstallExists to shouldRemoveCanInstallFile to cover removal of this file for non-git channels and logging any failure to remove it.

Add new method to detect if this file exists during web based installation.

Signed-off-by: Alex Harpin <development@landsofshadow.co.uk>
 2023-01-10 11:59:06 +07:00
Alex Harpin 72af140723 Move CAN_INSTALL check to method and remove unlink from SetupController 
Move the check for the CAN_INSTALL file in the config directory to a method in the Setup class and remove the call to unlink from the SetupController as this in now handled in the Setup class.

Signed-off-by: Alex Harpin <development@landsofshadow.co.uk>
 2023-01-10 11:59:06 +07:00
Joas Schilling b4a29644cc
Add a const for the max user password length 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-01-04 11:23:43 +07:00
Joas Schilling 9cfaf27142
Also limit the password length on reset 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-01-03 16:36:01 +07:00
Christoph Wurst 138deec333
chore: Make the LoginController strict 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2022-12-15 10:52:28 +07:00
Daniel Kesselberg b5f6ecfb00 Fix GH-33187 
$this->userId is null when loggedin via app password.

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2022-12-12 19:12:18 +07:00
Richard Steinmetz fc4dd3041c
Fix default redirect on successful WebAuthn login 
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
 2022-12-05 12:51:53 +07:00
Simon L 23f336761e
Merge pull request #35385 from pulsejet/patch-previewtype 
Fix type of PreviewController::$userId
 2022-12-03 19:09:37 +07:00
Carl Schwan 6c76443e89 Revert unrelated change from #34940 
Probably a left over from an experience that I added by mistake in the
change

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-12-02 11:29:38 +07:00
Varun Patil 136b2c5949 Fix type of PreviewController::$userId 
Can be null if not logged in; currently crashes

Signed-off-by: Varun Patil <varunpatil@ucla.edu>
 2022-11-24 02:33:31 +07:00
Carl Schwan 86d9626901 Add mastodon personal info field 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-11-21 16:28:56 +07:00
Julius Härtl 8629d8e44f
Check share attributes on preview endpoints 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-10-25 11:35:31 +07:00
Julius Härtl 11bedf1c3b
Use proper error pages instead of always redirecting 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-10-21 15:12:21 +07:00
John Molakvoæ (skjnldsv) bd303388e3
Cleanup ie and old edge properties 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2022-10-19 10:02:51 +07:00
Côme Chilliet 71ee292650 Add rate limiting on lost password emails 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-10-18 14:49:02 +07:00
Julien Veyssier 6e03d99ab8
fix reference preview endpoint when no server-side cache configured 
Signed-off-by: Julien Veyssier <eneiluj@posteo.net>
 2022-10-13 15:18:21 +07:00
Joas Schilling 0642d17e4f
Fix URLs on reference resolving 
The vue-richtext app currently sends leading spaces if they are in the text.

Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-09-30 09:40:43 +07:00
Julius Härtl f4a2ab137b Add cache header for image endpoint if link previews 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-09-28 13:21:28 +07:00
Julius Härtl 5fa7563bf9
Add endpoint to fetch a cachable reference data 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-09-26 17:44:49 +07:00
Carl Schwan 66a7a89898 Add api to load additional section in profile page 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-09-14 12:55:40 +07:00
Carl Schwan bc9a488046
Update avatars on update 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-09-09 14:23:41 +07:00
Carl Schwan 76d0165330
Dark theme for guest avatar 
And better caching policy

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-09-09 13:37:51 +07:00
Carl Schwan f98ae2b5b0
Avatar new style 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-09-09 13:37:51 +07:00
Christopher Ng f44d2586b1 Remake profile picture saving with Vue 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2022-09-02 02:22:57 +07:00
Julius Härtl 1ab66988bc
Inject all dependnencies and increase cache timeout 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-08-31 18:02:57 +07:00
Julius Härtl 80f6a5834a
Refactor cache handling 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-08-31 16:24:35 +07:00
Julius Härtl a392235e23
Cleanup 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-08-31 16:24:33 +07:00
Julius Härtl 0ce0d37ac1
Implement image caching 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-08-31 16:20:06 +07:00
Julius Härtl de3e541fde
API for fetching reference metadata 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-08-31 16:20:05 +07:00
Joas Schilling 85eb3b2920
Fix wording of undeliverable push notifications 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-08-31 12:42:31 +07:00
Christopher Ng 9ba11ecefd Improve handling of profile page 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2022-08-22 19:28:35 +07:00
NoSleep82 b03aedf128
Update core/Controller/LostController.php 
Co-authored-by: John Molakvoæ <skjnldsv@users.noreply.github.com>
Signed-off-by: NoSleep82 <52562874+NoSleep82@users.noreply.github.com>
 2022-08-21 13:16:23 +07:00
NoSleep82 61548c520b
Update LostController.php 
i would be useful to know who is trying to reset the password (misspelled username or email, ex user or some sort of attack)

Signed-off-by: NoSleep82 <52562874+NoSleep82@users.noreply.github.com>
 2022-08-19 18:30:32 +07:00
Carl Schwan 253118298d Redesign guest pages for better accessibility 
- Use white box and put content on it
- Improve focus indicator

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-07-27 10:43:21 +07:00
Christopher Ng 92500e810f Identify the login page explicitly by the page title 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2022-07-20 23:55:50 +07:00
Thomas Citharel abe5ff3654
Make LostController use IInitialState and LoggerInterface 
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2022-06-10 16:41:41 +07:00
Thomas Citharel 44e13848a1
Add password reset typed events 
These hooks are only used in the Encryption app from what I can see.

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2022-06-10 16:41:41 +07:00
Christopher Ng 57c66bf7cb Use Image class from public API 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2022-06-02 00:37:36 +07:00