sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
76,822 Commits
629 Branches
1167 Tags
9.1 GiB
Commit Graph

736 Commits (76d1b11bc97dc03300aeb6fe817e686e06328e48)

Author SHA1 Message Date
Julien Veyssier 946a1af9fd
add 'last used timestamp' management for reference providers 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-01-27 11:10:56 +07:00
Julien Veyssier 6431c5a559
extend the reference API for the new link picker 
- add 2 interfaces for discoverable and searchable reference providers
- new OCS route to get info on discoverable/searchable reference providers
- new abstract ADiscoverableReferenceProvider that only implements jsonSerialize
- listen to RenderReferenceEvent to inject provider list with initial state

Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-01-27 11:10:55 +07:00
Christoph Wurst 20e00cdf17
feat(app-framework): Add UseSession attribute to replace annotation 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-27 09:40:35 +07:00
Côme Chilliet f5c361cf44
composer run cs:fix 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-20 11:45:08 +07:00
Simon L 06a572ff55
Merge pull request #27492 from cyclops8456/feature/24301-remove-can-install-on-occ-maintenance-install 
Remove the CAN_INSTALL file when occ maintenance:install is complete
 2023-01-18 19:53:02 +07:00
Christoph Wurst 20fcfb5739
feat(app framework)!: Inject services into controller methods 
Usually Nextcloud DI goes through constructor injection. This has the
implication that each instance of a class builds the full DI tree. That
is the injected services, their services, etc. Occasionally there is a
service that is only needed for one controller method. Then the DI tree
is build regardless if used or not.

If services are injected into the method, we only build the DI tree if
that method gets executed.

This is also how Laravel allows injection.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-18 14:00:38 +07:00
Christoph Wurst f22101d421
Fix login loop if login CSRF fails and user is not logged in 
If CSRF fails but the user is logged in that they probably logged in in
another tab. This is fine. We can just redirect.
If CSRF fails and the user is also not logged in then something is
fishy. E.g. because Nextcloud contantly regenrates the session and the
CSRF token and the user is stuck in an endless login loop.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-18 09:39:17 +07:00
Alex Harpin 644df591b1 Rename canInstallExists method and add new method for removal 
Rename canInstallExists to shouldRemoveCanInstallFile to cover removal of this file for non-git channels and logging any failure to remove it.

Add new method to detect if this file exists during web based installation.

Signed-off-by: Alex Harpin <development@landsofshadow.co.uk>
 2023-01-10 11:59:06 +07:00
Alex Harpin 72af140723 Move CAN_INSTALL check to method and remove unlink from SetupController 
Move the check for the CAN_INSTALL file in the config directory to a method in the Setup class and remove the call to unlink from the SetupController as this in now handled in the Setup class.

Signed-off-by: Alex Harpin <development@landsofshadow.co.uk>
 2023-01-10 11:59:06 +07:00
Joas Schilling b4a29644cc
Add a const for the max user password length 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-01-04 11:23:43 +07:00
Joas Schilling 9cfaf27142
Also limit the password length on reset 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-01-03 16:36:01 +07:00
Christoph Wurst 138deec333
chore: Make the LoginController strict 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2022-12-15 10:52:28 +07:00
Daniel Kesselberg b5f6ecfb00 Fix GH-33187 
$this->userId is null when loggedin via app password.

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2022-12-12 19:12:18 +07:00
Richard Steinmetz fc4dd3041c
Fix default redirect on successful WebAuthn login 
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
 2022-12-05 12:51:53 +07:00
Simon L 23f336761e
Merge pull request #35385 from pulsejet/patch-previewtype 
Fix type of PreviewController::$userId
 2022-12-03 19:09:37 +07:00
Carl Schwan 6c76443e89 Revert unrelated change from #34940 
Probably a left over from an experience that I added by mistake in the
change

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-12-02 11:29:38 +07:00
Varun Patil 136b2c5949 Fix type of PreviewController::$userId 
Can be null if not logged in; currently crashes

Signed-off-by: Varun Patil <varunpatil@ucla.edu>
 2022-11-24 02:33:31 +07:00
Carl Schwan 86d9626901 Add mastodon personal info field 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-11-21 16:28:56 +07:00
Julius Härtl 8629d8e44f
Check share attributes on preview endpoints 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-10-25 11:35:31 +07:00
Julius Härtl 11bedf1c3b
Use proper error pages instead of always redirecting 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-10-21 15:12:21 +07:00
John Molakvoæ (skjnldsv) bd303388e3
Cleanup ie and old edge properties 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2022-10-19 10:02:51 +07:00
Côme Chilliet 71ee292650 Add rate limiting on lost password emails 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-10-18 14:49:02 +07:00
Julien Veyssier 6e03d99ab8
fix reference preview endpoint when no server-side cache configured 
Signed-off-by: Julien Veyssier <eneiluj@posteo.net>
 2022-10-13 15:18:21 +07:00
Joas Schilling 0642d17e4f
Fix URLs on reference resolving 
The vue-richtext app currently sends leading spaces if they are in the text.

Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-09-30 09:40:43 +07:00
Julius Härtl f4a2ab137b Add cache header for image endpoint if link previews 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-09-28 13:21:28 +07:00
Julius Härtl 5fa7563bf9
Add endpoint to fetch a cachable reference data 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-09-26 17:44:49 +07:00
Carl Schwan 66a7a89898 Add api to load additional section in profile page 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-09-14 12:55:40 +07:00
Carl Schwan bc9a488046
Update avatars on update 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-09-09 14:23:41 +07:00
Carl Schwan 76d0165330
Dark theme for guest avatar 
And better caching policy

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-09-09 13:37:51 +07:00
Carl Schwan f98ae2b5b0
Avatar new style 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-09-09 13:37:51 +07:00
Christopher Ng f44d2586b1 Remake profile picture saving with Vue 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2022-09-02 02:22:57 +07:00
Julius Härtl 1ab66988bc
Inject all dependnencies and increase cache timeout 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-08-31 18:02:57 +07:00
Julius Härtl 80f6a5834a
Refactor cache handling 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-08-31 16:24:35 +07:00
Julius Härtl a392235e23
Cleanup 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-08-31 16:24:33 +07:00
Julius Härtl 0ce0d37ac1
Implement image caching 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-08-31 16:20:06 +07:00
Julius Härtl de3e541fde
API for fetching reference metadata 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-08-31 16:20:05 +07:00
Joas Schilling 85eb3b2920
Fix wording of undeliverable push notifications 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-08-31 12:42:31 +07:00
Christopher Ng 9ba11ecefd Improve handling of profile page 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2022-08-22 19:28:35 +07:00
NoSleep82 b03aedf128
Update core/Controller/LostController.php 
Co-authored-by: John Molakvoæ <skjnldsv@users.noreply.github.com>
Signed-off-by: NoSleep82 <52562874+NoSleep82@users.noreply.github.com>
 2022-08-21 13:16:23 +07:00
NoSleep82 61548c520b
Update LostController.php 
i would be useful to know who is trying to reset the password (misspelled username or email, ex user or some sort of attack)

Signed-off-by: NoSleep82 <52562874+NoSleep82@users.noreply.github.com>
 2022-08-19 18:30:32 +07:00
Carl Schwan 253118298d Redesign guest pages for better accessibility 
- Use white box and put content on it
- Improve focus indicator

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-07-27 10:43:21 +07:00
Christopher Ng 92500e810f Identify the login page explicitly by the page title 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2022-07-20 23:55:50 +07:00
Thomas Citharel abe5ff3654
Make LostController use IInitialState and LoggerInterface 
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2022-06-10 16:41:41 +07:00
Thomas Citharel 44e13848a1
Add password reset typed events 
These hooks are only used in the Encryption app from what I can see.

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2022-06-10 16:41:41 +07:00
Christopher Ng 57c66bf7cb Use Image class from public API 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2022-06-02 00:37:36 +07:00
Carl Schwan b70c6a128f Update core to PHP 7.4 standard 
- Typed properties
- Port to LoggerInterface

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-05-20 22:18:06 +07:00
Joas Schilling 6084d691b0
Merge pull request #32375 from nextcloud/bugfix/noid/show-user-account-on-grant-loginflow-step 
Show user account on grant loginflow step
 2022-05-16 11:18:22 +07:00
Joas Schilling db1813f640
Show user account on grant loginflow step 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-05-13 10:50:30 +07:00
Thomas Citharel 232322fe06
Modernize contacts menu 
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2022-05-12 18:31:59 +07:00
John Molakvoæ 3c6253f965
Remove old legacy SvgController and IconsCacher 
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
 2022-05-10 23:24:07 +07:00
Joas Schilling 6e4d721278
Expose shareWithDisplayNameUnique also on autocomplete endpoint 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-05-03 12:51:23 +07:00
Vincent Petry 576e4e8f2a
Merge pull request #31592 from nextcloud/fix/direct-arg-flow-v2 
Add direct arg to login flow
 2022-03-29 18:21:40 +07:00
Vincent Petry 80388663af Add direct arg to login flow 
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
Co-Authored-by: Carl Schwan <carl@carlschwan.eu>
 2022-03-28 10:28:45 +07:00
Joas Schilling 5f75d2e104
Remove old shortening 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-03-23 21:42:29 +07:00
Joas Schilling a0c7798c7d
Limit the length of app password names 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-03-23 10:47:56 +07:00
Christopher Ng 1fc0b4320c Add global profile toggle config 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2022-03-18 02:55:12 +07:00
Carl Schwan 36721a8d0d Fix caching of the user avatar 
Now on firefox/safari it is only refetched once a day. On Chrom{e,ium}
we keep the previous behavior of maybe refetching it more often.

This also notify the user about this behavior when they upload an avatar
picture.

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-02-25 14:24:07 +07:00
Carl Schwan 7dddbd0c35 Improve caching policy 
* Cache css with version in url. This makes most js and css requests to
  be cached by the browser

* Force caching previews, the etag is in the url so that if the propfind
  gives a new etag, we will refresh it otherwise it's no use to try to
  fetch the new etag and do tons of DB queries

Tested with firefox and 'debug' => false (important so that the js/css
urls are generated with ?v= parameter)

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-02-16 11:35:57 +07:00
Joas Schilling 6dd60b6d30
Only allow avatars in 64 and 512 pixel size 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-02-07 16:47:51 +07:00
Christopher Ng 22768769c3 Improve installation pages 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2022-01-14 19:59:46 +07:00
John Molakvoæ (skjnldsv) b664aad7ab
Move bundles to /dist 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2022-01-08 10:11:58 +07:00
John Molakvoæ bfaeb6ae64
Merge pull request #29531 from nextcloud/bugfix/noid/flow-auth-v2-apptoken 2021-12-30 08:14:23 +07:00
Julius Härtl e00173a71b
Also pass user on flow v2 landing 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2021-12-29 11:52:31 +07:00
Julius Härtl 61dd1d3d97
Pass username prefill through unauthenticated request redirects 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2021-12-29 11:52:31 +07:00
Julius Härtl aa3f4bdf63
Allow using an app token to login with v2 flow auth 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2021-12-03 08:37:42 +07:00
Christopher Ng be5b9e36cd Hide user status from public 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2021-11-23 22:58:44 +07:00
Côme Chilliet 5a20e20e9e
Fix errors in AvatarController when data() returns null 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2021-11-23 09:29:01 +07:00
Christoph Wurst c8caba265f
Explicitly allow some routes without 2FA 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-11-17 18:42:21 +07:00
Joas Schilling fa036b2001
Move common logic to share manager 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-11-09 10:10:53 +07:00
Christopher Ng f4307ef4b1 Respect user enumeration settings on profile 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2021-11-05 21:33:03 +07:00
Vitor Mattos d613b32045
add check isFairUseOfFreePushService on login 
Signed-off-by: Vitor Mattos <vitor@php.rio>
 2021-10-23 00:54:50 +07:00
Joas Schilling 3ce3c0f117
Add an OCS endpoint for the hovercard contact actions 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-10-20 10:22:40 +07:00
Christopher Ng 309354852f Profile backend 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2021-10-19 04:59:35 +07:00
Julius Härtl d68f028251
Merge pull request #27733 from PhrozenByte/enhancement/noid/IURLGenerator-linkToDefaultPageUrl 2021-10-05 13:06:59 +07:00
Pytal 3a94d7c2ea
Merge pull request #28794 from nextcloud/fix/noid/guest-activation-pwd-reset-disabled 
allow using of disabled password reset mechanism for special cases
 2021-09-14 18:29:10 +07:00
Arthur Schiwon a843d3c5db
allow using of disabled password reset mechanism for special cases 
- LostController has three endpoints
- door opener email() still rejects
- resetform(), reachable from mail, checks the token first and may report
  that password reset is disabled
- setPassword() got its check removed as it is behind CSFR anyway and still
  requires a valid token
- this allows special cases like activating a freshly created guest account

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2021-09-10 22:48:16 +07:00
Arthur Schiwon 6857136f06
fixes missing prefix to validate password reset token 
- also fixes the test which missed asserting the presence of it

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2021-09-10 19:06:50 +07:00
Arthur Schiwon a20de15b43
add a job to clean up expired verification tokens 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2021-09-09 14:03:35 +07:00
Arthur Schiwon 19cc757531
move verification token logic out of lost password controller 
- to make it reusable
- needed for local email verification

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2021-09-09 14:03:29 +07:00
Lukas Reschke 2994dbe215
Fix codestyle 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2021-09-06 10:53:01 +07:00
Lukas Reschke dd054b2ee8
Check if SVG path is valid 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2021-09-06 10:46:12 +07:00
Christoph Wurst 4b0e18ae1b
Merge pull request #27294 from pjft/patch-2 
Update TwoFactorChallengeController.php
 2021-08-19 12:40:40 +07:00
Jonas Meurer 7c76e85dde
Use IURLGenerator function to get value of `\OC::$WEBROOT` global 
Signed-off-by: Jonas Meurer <jonas@freesources.org>
 2021-08-16 10:56:47 +07:00
Jonas Meurer 5f5bacde8f
UnifiedSearchController: strip webroot from URL before finding a route 
This should fix route matching in UnifiedSearchController on setups with
Nextcloud in a subfolder (webroot).

Fixes: #24144
Signed-off-by: Jonas Meurer <jonas@freesources.org>
 2021-08-16 10:56:25 +07:00
Daniel Rudolf 4d7430949a
Remove usage of \OC_Util::getDefaultPageUrl() and \OC_Util::redirectToDefaultPage() 
Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
 2021-08-04 19:02:57 +07:00
Daniel Rudolf aa455e71d9
Merge branch 'master' into enhancement/noid/IURLGenerator-linkToDefaultPageUrl 2021-08-04 18:52:55 +07:00
Daniel Rudolf e478db9161
Deprecate RedirectToDefaultAppResponse 
Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
 2021-07-01 15:13:08 +07:00
Gary Kim b78f3a57d1
Migrate HintException to OCP 
Signed-off-by: Gary Kim <gary@garykim.dev>
 2021-06-30 15:28:02 +07:00
Daniel Rudolf 12059eb65b
Add IUrlGenerator::linkToDefaultPageUrl() 
Replaces the deprecated \OC_Util::getDefaultPageUrl() and makes this API public.

Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
 2021-06-30 16:20:57 +07:00
pjft b1086e25bb Add logging to 2FA failure 
For security reasons, we may want to monitor failures of 2FA challenges in order to ban attackers who might try to access compromised accounts but are stopped by the 2FA challenge.
Right now, the only hindrance is rate-limiting, but it's probably not enough.
Added dependency injection.

Signed-off-by: pjft <paulo.j.tavares@gmail.com>
 2021-06-21 20:43:12 +07:00
Julius Härtl c0474ba364
Use product name in places where it is appropriate rather than the instance name 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2021-06-16 11:42:53 +07:00
Morris Jobke 2ae60b42ab
Merge pull request #26494 from rigrig/fix-php8-deprecations 
Fix some php 8 warnings
 2021-06-07 23:30:59 +07:00
John Molakvoæ (skjnldsv) 215aef3cbd
Update php licenses 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2021-06-04 22:02:41 +07:00
Richard de Boer f23d057ad9 Fix functions taking optional parameters before required ones 
PHP 8 shows deprecation warnings about this, see #25806
Removes the "default" values, as they actually are required parameters anyway.

Signed-off-by: Richard de Boer <git@tubul.net>
 2021-05-29 14:14:52 +07:00
Joas Schilling 69290781ff Handle device login like an alternative login 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-04-20 09:11:33 +07:00
Roeland Jago Douma b43e21d186
Merge pull request #26401 from nextcloud/enh/handle-avatar-upload-errors 
Show informative errors on avatar upload error
 2021-04-08 16:12:36 +07:00
Robin Appelman c232a40bdf
remove leftover debug @NoCSRFRequired introduced with #26198 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2021-04-01 13:51:53 +07:00
Julien Veyssier 7b69897474
show informative errors in log and UI on avatar upload error in user settings 
Signed-off-by: Julien Veyssier <eneiluj@posteo.net>
 2021-04-01 11:55:13 +07:00
Robin Appelman b38618c813
use node search api for legacy file search endpoint 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2021-03-19 16:08:01 +07:00
Roeland Jago Douma 4076dfb019 Allow admins to disable the login form 
In case they want to not allow this because they use SSO (and do not
want the users to enter their credentials there by accident).

?direct=1 still works.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2021-03-08 15:36:47 +07:00
Christoph Wurst 7be2ce82e7
Merge pull request #25544 from nextcloud/refactor/app-password-created-event 
Move app_password_created to a typed event
 2021-03-02 08:18:59 +07:00
Christoph Wurst 5026d2cca1
Merge pull request #25086 from nextcloud/dependabot/composer/nextcloud/coding-standard-0.5.0 
Bump nextcloud/coding-standard from 0.3.0 to 0.5.0
 2021-02-18 14:05:54 +07:00
dependabot-preview[bot] eb502c02ff
Bump nextcloud/coding-standard from 0.3.0 to 0.5.0 
Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 0.3.0 to 0.5.0.
- [Release notes](https://github.com/nextcloud/coding-standard/releases)
- [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nextcloud/coding-standard/compare/v0.3.0...v0.5.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-02-18 13:31:24 +07:00
Joas Schilling 6ed4aaeeea
Send emails on password reset to the displayname 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-02-18 12:38:43 +07:00
Joas Schilling 83755b7b02
Make new result parts optional 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-02-12 16:21:47 +07:00
Christoph Wurst f8808e260d
Move app_password_created to a typed event 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-02-09 18:49:35 +07:00
Julius Härtl d7a80293ab
Keep direct login active when redirecting 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2021-02-01 14:25:56 +07:00
Roeland Jago Douma f57b93098b
Do not redirect to logout after login 
This can happen when the session was killed due to a timeout. Then
logout was triggered. Nobody wants to login only to be logged out again.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2021-01-15 09:35:51 +07:00
Christoph Wurst 9ce3ea3368
Update license headers 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-12-30 14:07:05 +07:00
Christoph Wurst f37e150d1c
Merge pull request #24702 from nextcloud/enhancement/well-known-handler-api 
Add well known handlers API
 2020-12-18 13:34:04 +07:00
Christoph Wurst d89a75be0b
Update all license headers for Nextcloud 21 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-12-16 18:48:22 +07:00
Christoph Wurst 6995223b1e
Add well known handlers API 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-12-16 13:13:05 +07:00
Julius Härtl df769c025a
Do not load nonexisting setup.js 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2020-12-07 07:39:25 +07:00
John Molakvoæ (skjnldsv) e7f5516b4d
Init vue comments tab 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2020-10-20 13:58:06 +07:00
Christoph Wurst d9015a8c94
Format code to a single space around binary operators 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-10-05 20:25:24 +07:00
Joas Schilling a8d9b22beb
Add an ETag for the search providers 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-09-15 09:19:53 +07:00
Morris Jobke 22ff60e088
Merge pull request #22564 from nextcloud/bugfix/noid/show-avatars-again 
The privacy setting is only about syncing to other servers
 2020-09-09 17:35:13 +07:00
Joas Schilling c2bef528ef
Remove unused members and imports 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-09-08 10:45:35 +07:00
Joas Schilling fea294bb29
Move unified search to OCS api 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-09-07 11:06:46 +07:00
Joas Schilling a4b2403e29
The privacy setting is only about syncing to other servers 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-09-03 15:46:21 +07:00
Christoph Wurst 2a054e6c04
Update the license headers for Nextcloud 20 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-08-24 14:54:25 +07:00
Joas Schilling ea8f68bea6 Hand in the route and the parameters of the request 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>
 2020-08-05 12:52:16 +07:00
John Molakvoæ (skjnldsv) d98f7c1bd8
Make apps handle the order logic 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2020-08-05 11:37:45 +07:00
John Molakvoæ (skjnldsv) 1a1b3e20e4 Fix unified search 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>
 2020-08-03 11:26:03 +07:00
Joas Schilling 543fabe279
Make magic strings of ClientFlowLogin and v2 publicly available 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-07-17 09:06:13 +07:00
Joas Schilling 19e1efd1dd
Merge pull request #21439 from nextcloud/feature/noid/move-autocomplete-filter-event-to-new-dispatcher-and-class 
Move AutoComplete::filterResults to new event dispatcher and GenericE…
 2020-07-03 10:03:34 +07:00
Roeland Jago Douma ffc85ad614
Merge pull request #21431 from nextcloud/search-filter-invalid-results 
Filter out search results that have invalid encoding
 2020-07-03 09:09:03 +07:00
Joas Schilling 35c6b1236f
Move AutoComplete::filterResults to new event dispatcher and GenericEvent 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-07-01 09:57:33 +07:00
Joas Schilling 89ed2c37bf
Update share type constant usage 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-06-24 16:49:16 +07:00
Christoph Wurst 4488e846a5
Add unified search API 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-06-24 14:20:25 +07:00
Robin Appelman fda55db4c9
Filter out search results that have invalid encoding 
this prevents a single invalid search results from erroring the entire search request

Signed-off-by: Robin Appelman <robin@icewind.nl>
 2020-06-16 15:45:17 +07:00
Roeland Jago Douma e1be52b97b
Trailing comma's in functin arguments break on 7.2 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-05-13 11:20:54 +07:00
Roeland Jago Douma 4a2a6b65f3
Cache the avatar for a day 
I noticed that on larger systems esp when using talk the avatars get
revalidated like crazy. Because people keep the tab open etc. You can do
with a slightly outdated avatar!

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-05-12 19:37:25 +07:00
Roeland Jago Douma ffad3f83fe
Validate app password on alternative login 
Fixes #20838

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-05-07 16:32:28 +07:00
Daniel Kesselberg df669a2936
Set etag for capabilities endpoint 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2020-04-29 15:26:46 +07:00
Christoph Wurst cb057829f7
Update license headers for 19 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-29 11:57:22 +07:00
Morris Jobke 9b7e24a7a1
Merge pull request #19084 from nextcloud/bug/13556/wrong-paths-for-svg 
Make it possible to resolve svg's outside \OC::$SERVERROOT
 2020-04-27 10:58:34 +07:00
John Molakvoæ (skjnldsv) 25dfaefd01
Fix missing argument in JSConfigHelper 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2020-04-27 08:40:54 +07:00
Daniel Kesselberg 72a16b1779
Make it possible to resolve svg for apps_paths outside the document root 
Previous implementation assumes the app path is always a child \OC::$SERVERROOT. That's not always true.

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2020-04-24 16:19:10 +07:00
Roeland Jago Douma 95ad9ab4ac
Merge pull request #20401 from nextcloud/fix/login-sso-redirct 
Fix absolute redirect
 2020-04-15 11:28:40 +07:00
Christoph Wurst 28f8eb5dba
Add visibility to all constants 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-10 16:54:27 +07:00
Christoph Wurst caff1023ea
Format control structures, classes, methods and function 
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.

This also removes and empty lines from method/function bodies at the
beginning and end.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-10 14:19:56 +07:00
Christoph Wurst 14c996d982
Use elseif instead of else if 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-10 10:35:09 +07:00
John Molakvoæ (skjnldsv) 6c49dc2d1f
Fix absolute redirect 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2020-04-10 08:58:54 +07:00
Christoph Wurst 008e6d7e84
Merge pull request #20391 from nextcloud/refactor/spaces-cleanup 
Remove all extra whitespace PSR2 does not like
 2020-04-09 20:39:37 +07:00
Christoph Wurst 64510932b8
Merge pull request #20384 from nextcloud/techdebt/lowercase-keywords 
Use php keywords in lowercase
 2020-04-09 16:25:14 +07:00
Christoph Wurst 44577e4345
Remove trailing and in between spaces 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-09 16:07:47 +07:00
Christoph Wurst 42625a46be
Remove spaces after method or function call 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-09 16:05:56 +07:00
Christoph Wurst 36b3bc8148
Use php keywords in lowercase 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-09 14:04:56 +07:00
Christoph Wurst afbd9c4e6e
Unify function spacing to PSR2 recommendation 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-09 13:54:22 +07:00
Christoph Wurst 2a529e453a
Use a blank line after the opening tag 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-09 11:50:14 +07:00
Christoph Wurst 2fbad1ed72
Fix (array) indent style to always use one tab 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-09 10:16:08 +07:00
Christoph Wurst 85e369cddb
Fix multiline comments 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-08 22:24:54 +07:00
Roeland Jago Douma 19ca921676
Merge pull request #20241 from nextcloud/fix/license-headers-19 
Update the license headers for Nextcloud 19
 2020-04-01 12:44:21 +07:00
Roeland Jago Douma 53db05a1f6
Start with webauthn 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>
 2020-03-31 22:17:07 +07:00
Christoph Wurst 1a9330cd69
Update the license headers for Nextcloud 19 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-03-31 14:52:54 +07:00
Christoph Wurst 463b388589
Merge pull request #20170 from nextcloud/techdebt/remove-unused-imports 
Remove unused imports
 2020-03-27 17:14:08 +07:00
Christoph Wurst b80ebc9674
Use the short array syntax, everywhere 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-03-26 16:34:56 +07:00
Christoph Wurst 74936c49ea
Remove unused imports 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-03-25 22:08:08 +07:00
Roeland Jago Douma 6ea1aef031
Merge pull request #19723 from nextcloud/bug/18603/avatar-response 
Always use status 200 for avatar response
 2020-03-03 16:15:14 +07:00
Daniel Kesselberg 68148f4073
Always use status 200 for avatar response 
As discussed in #18603 caching a 201 response is hard. It's now possible to distinguish between generated and uploaded avatars by reading the X-NC-IsCustomAvatar (0 = generated, 1 = uploaded) header.

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2020-03-01 00:42:24 +07:00
Joas Schilling a92ab77747
Also cache avatars when it's not allowed 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-02-28 10:44:15 +07:00
Christoph Wurst 6127c288e8 Fix license headers 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-01-13 14:23:49 +07:00
Roeland Jago Douma da81b71f93
Only allow requesting new CSRF tokens if it passes the SameSite Cookie test 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-01-03 13:12:03 +07:00
Christoph Wurst 1b46621cd3
Update license headers for 18 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2019-12-20 09:23:25 +07:00
Roeland Jago Douma 87104ce510
Merge pull request #17784 from nextcloud/enh/disable-clear-site-data-via-config 
Disable Clear-Site-Data for Chrom* (and Opera, Brave, etc)
 2019-12-12 21:59:42 +07:00
Christoph Wurst 302558cfd2
Add a dedicated page for the recommended apps installation 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>
 2019-12-12 08:13:01 +07:00
Christoph Wurst 5bf3d1bb38
Update license headers 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2019-12-05 15:38:45 +07:00
Christoph Wurst a8f2e6914d
Add checkbox to install recommended apps during setup 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>
 2019-12-04 14:14:38 +07:00
Joas Schilling 738e6bf079
Merge pull request #17715 from nextcloud/fix/5456/respect_avatar_privacy 
Honor avatar visibility settings
 2019-12-04 10:28:45 +07:00
Daniel Kesselberg 9378a6b411
Send Clear-Site-Data expect for Chrome 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2019-11-30 15:17:22 +07:00
Christoph Wurst 81e35d0c8a
Trim the login name 
Otherwise we keep on using it with leading or trailing whitespaces for
app tokens and other logic. The reason this doesn't throw an error
immediately with local users is that (My)SQL compares strings regardless
of their padding by default. So we look up 'uid ' and get the row for
the user 'uid'.
Other back-ends will lead to a hard error, though, and the user is
unable to log out as all request fail.

Ref https://stackoverflow.com/a/10495807/2239067

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2019-11-28 20:52:05 +07:00
Joas Schilling 06f97c0fd0
Fix autocomplete suggestions with numeric user ids 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2019-11-26 09:19:49 +07:00
Roeland Jago Douma c7d5b8fc49
Merge pull request #18079 from nextcloud/fixes/phpcs 
Some php-cs fixes
 2019-11-25 14:07:00 +07:00
Daniel Kesselberg 957c0df01b
Remove exception for settings app from svg controller 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2019-11-24 17:15:06 +07:00
Roeland Jago Douma 68748d4f85
Some php-cs fixes 
* Order the imports
* No leading slash on imports
* Empty line before namespace
* One line per import
* Empty after imports
* Emmpty line at bottom of file

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-11-22 20:52:10 +07:00
Roeland Jago Douma 54eb27dab2
Update tests 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-11-13 20:43:20 +07:00
RussellAult 19791b2460
Check getRedirectUri() for queries 
Resolves Issue #17885

Check getRedirectUri() for queries, and add a '&' instead of a '?' to $redirectUri if it already has them; otherwise, $redirectUri might end up with two '?'.

Signed-off-by: RussellAult <russellault@users.noreply.github.com>
 2019-11-13 14:05:03 +07:00
Roeland Jago Douma 0bd1378f81
Honor avatar visibility settings 
Fixes #5456
Only when an avatar is set to public should we show it to the public.
For now this has an open question as to how to solve federated avatars.
But I assume a dedicated paramter or endpooint would make sense there.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-10-28 13:48:34 +07:00
Roeland Jago Douma 2cf068463f
Harden middleware check 
These annotations will allow for extra checks. And thus make it harder
to break things.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-10-25 15:44:37 +07:00
Sergej Nikolaev 1b5d85a4ca fix oauth client redirect 
Signed-off-by: Sergej Nikolaev <kinolaev@gmail.com>
 2019-10-04 21:09:13 +07:00
Roeland Jago Douma cd1f443804
Allow rotation of apppasswords 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-08-27 13:46:06 +07:00
Daniel Kesselberg e32b2c4b76
Stop if there is no encrypted token 
Fix Argument 1 passed to OC\Security\Crypto::decrypt() must be of the type string, null given

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2019-08-18 19:58:50 +07:00
Roeland Jago Douma 6dc179ee12
Fix login flow form actions 
So fun fact. Chrome considers a redirect after submitting a form part of
the form actions. Since we redirect to a new protocol (nc://login/).
Causing the form submission to work but the redirect failing hard.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-08-11 19:53:49 +07:00
Roeland Jago Douma 436f7b92d5
Merge pull request #16544 from nextcloud/bugfix/16540 
Add missing password reset page to vue
 2019-07-31 11:02:20 +07:00
Julius Härtl 3b0d13944a
Move actual password reset to vue 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2019-07-31 09:19:07 +07:00
Morris Jobke ec7e837d6a
Merge pull request #16563 from nextcloud/enh/lostcontroller/better_exceptions 
Use proper exception in lostController
 2019-07-29 10:42:36 +07:00
Roeland Jago Douma b6dd2ebd39
Use proper exception in lostController 
There is no need to log the expcetion of most of the stuff here.
We should properly log them but an exception is excessive.

This moves it to a proper exception which we can catch and then log.
The other exceptions will still be fully logged.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-07-27 20:12:16 +07:00
Roeland Jago Douma a2a53848b0
Update PreviewController 
The constructor is called with the userId. However if a user is not
logged in this is null. Which means that we get an exception instead of
this being handled gracefully in the middleware.

There are cleaner solutions. But this is the solution that is the
easiest to apply without lots of work and risk of breaking things
(handling the logged in middleware before initializing the controller
etc).

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-07-26 17:37:11 +07:00
Morris Jobke 5c21b29d7f
Merge pull request #16308 from nextcloud/fix/undefined-offset-0 
Prevent undefined offset 0 in findByUserIdOrMail
 2019-07-10 12:16:36 +07:00
Daniel Kesselberg d57540ac84
Return first value from $users 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2019-07-09 19:29:14 +07:00
Daniel Kesselberg 6235a66aac
Don't send executionContexts for Clear-Site-Data 
There are plans to remove executionContexts from the spec: https://github.com/w3c/webappsec-clear-site-data/issues/59

Firefox already removed it https://bugzilla.mozilla.org/show_bug.cgi?id=1548034

Chromium implementation is not finish: https://bugs.chromium.org/p/chromium/issues/detail?id=898503&q=clear-site-data&sort=-modified&colspec=ID%20Pri%20M%20Stars%20ReleaseBlock%20Component%20Status%20Owner%20Summary%20OS%20Modified

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2019-07-09 15:08:25 +07:00
Joas Schilling 05381f00d2
Fall back to black for non-color values 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2019-06-20 15:23:06 +07:00
Julius Härtl df072471a7
Add extendedSupport to Subscription 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2019-06-17 16:36:23 +07:00
Christoph Wurst 64c4bb5bce
Vueify the login page 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2019-05-29 11:05:16 +07:00
Roeland Jago Douma f03eb7ec3c
Remote wipe support 
This allows a user to mark a token for remote wipe.
Clients that support this can then wipe the device properly.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2019-05-20 20:50:27 +07:00
Roeland Jago Douma 528eb1b223
Merge pull request #15304 from nextcloud/enh/2fa_setup_at_login 
2FA setup during login
 2019-05-17 11:04:42 +07:00
Roeland Jago Douma 579162d7b9
Allow 2FA to be setup on first login 
Once 2FA is enforced for a user and they have no 2FA setup yet this will
now prompt them with a setup screen. Given that providers are enabled
that allow setup then.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2019-05-17 10:11:53 +07:00
Roeland Jago Douma 2dcb4cfbd6
Allow clients to delete their own apptoken 
Fixes #15480

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-05-17 09:52:06 +07:00
Christoph Wurst 170582d4f5
Add a login chain to reduce the complexity of LoginController::tryLogin 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2019-05-07 18:04:36 +07:00
Roeland Jago Douma 7e7146db7f
Block install without CAN_INSTALL file 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-04-11 09:32:33 +07:00
Joas Schilling c5560117da
Make the endpoint more robust against faulty resource providers 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2019-03-28 09:26:38 +07:00
Joas Schilling 21425eb964
Return 200 instead of 404 when asking for collections of a resource 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2019-03-19 13:13:53 +07:00
Joas Schilling 3022ef687a
Use rich objects instead of name, link and icon 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2019-03-19 13:06:55 +07:00
Joas Schilling 403b673b93
Replace the icon-class with an absolute link to an image 
Otherwise the icon can not be displayed in mobile apps

Signed-off-by: Joas Schilling <coding@schilljs.com>
 2019-03-19 13:06:55 +07:00
Joas Schilling eecd9323c5
Also check the access to collections on preparing 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2019-03-01 20:56:58 +07:00
Joas Schilling 59c92a7513
Further work on the access cache 
Searching for all is still a problem

Signed-off-by: Joas Schilling <coding@schilljs.com>
 2019-03-01 20:56:19 +07:00
Joas Schilling dee6f7f61f
Fix doc blocks 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2019-03-01 20:56:18 +07:00
Julius Härtl e404ce7096
Implement search and rename in backend 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2019-03-01 20:56:18 +07:00
Julius Härtl 53ac9bdda1
Implement frontend for search/rename 
Signed-off-by: Julius Härtl <jus@bitgrid.net>

Move to vuex

Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2019-03-01 20:56:18 +07:00
Julius Härtl 88aa3de784
Add iconClass to resources 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2019-03-01 20:56:17 +07:00
Julius Härtl 555afff015
Make sure we query the node before fetching the name 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2019-03-01 20:56:17 +07:00
Julius Härtl a72a6d73a3
Adjust parameter names on createCollectionOnResource 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2019-03-01 20:56:16 +07:00
Joas Schilling 702dcfb728
Make names mandatory 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2019-03-01 20:56:16 +07:00
Joas Schilling 5dfc56e925
Allow to create collections 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2019-03-01 20:56:15 +07:00
Joas Schilling 136d2c39ac
Provider functionality 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2019-03-01 20:56:15 +07:00
Joas Schilling 65a9ab47ea
Add a controller with the most important methods 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2019-03-01 20:56:15 +07:00
Joas Schilling 55f627d20b
Add an event to the Autocomplete Controller to allow to filter the results 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2019-02-26 15:32:14 +07:00
Morris Jobke 5cbe6532a0
Fix typo in info log for autoconfig 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2019-02-25 21:28:22 +07:00
Roeland Jago Douma e819e97829
Login flow V2 
This adds the new login flow. The desktop client will open up a browser
and poll a returned endpoint at regular intervals to check if the flow
is done.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-02-25 07:24:50 +07:00
Daniel Kesselberg c583c5e7e2
Emit event if app password created 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2019-02-18 17:47:43 +07:00
Daniel Kesselberg 149a98edf6
Publish activity for app token created by client login flow 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2019-02-17 23:49:54 +07:00
Daniel Kesselberg 2ade2bef8c
Publish activity for app token created by ocs api 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2019-02-17 23:37:22 +07:00
Morris Jobke 0e9903c420
Merge pull request #13969 from nextcloud/enh/additional_scripts_no_on_public_pages 
No need to emit additonalscript event on public pages
 2019-02-07 15:57:14 +07:00
Michael Weimann bf1253cb49
Implement guest avatar endpoint 
Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
 2019-02-07 14:23:16 +07:00
Roeland Jago Douma 60e5a5eca4
Do not do redirect handling when loggin out 
Fixes #12568
Since the clearing of the execution context causes another reload. We
should not do the redirect_uri handling as this results in redirecting
back to the logout page on login.

This adds a simple middleware that will just check if the
ClearExecutionContext session variable is set. If that is the case it
will just redirect back to the login page.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-02-06 11:29:32 +07:00
Roeland Jago Douma b68567e9ba
Add StandaloneTemplateResponse 
This can be used by pages that do not have the full Nextcloud UI.
So notifications etc do not load there.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-02-06 11:26:18 +07:00
Roeland Jago Douma deb7d2364f
Merge pull request #13869 from nextcloud/enh/clean_pending_2fa_session_on_password_change 
Clean pending 2FA authentication on password reset
 2019-01-29 19:50:15 +07:00
Roeland Jago Douma ac8a6e2244
Clean pending 2FA authentication on password reset 
When a password is reste we should make sure that all users are properly
logged in. Pending states should be cleared. For example a session where
the 2FA code is not entered yet should be cleared.

The token is now removed so the session will be killed the next time
this is checked (within 5 minutes).

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-01-29 13:08:56 +07:00
Michael Weimann e083e8abc6
Clears the local storage after logout 
Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
 2019-01-29 09:02:52 +07:00
Roeland Jago Douma e6333c8fe3
Honor remember_login_cookie_lifetime 
If the remember_login_cookie_lifetime is set to 0 this means we do not
want to use remember me at all. In that case we should also not creatae
a remember me cookie and should create a proper temp token.

Further this specifies that is not 0 the remember me time should always
be larger than the session timeout. Because else the behavior is not
really defined.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-01-23 08:46:24 +07:00
Roeland Jago Douma 66367797df
Fix template paramter 
Else we get shown an error page instead of the correct 403.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-01-18 15:30:38 +07:00
Roeland Jago Douma d0397f9b53
Generic message on password reset 
There is no need to inform the user if the account existed or not.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-01-15 15:53:43 +07:00
Christoph Wurst 208788173d
Npmize (vendor) scripts 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2019-01-09 15:01:59 +07:00
Roeland Jago Douma e6ac233947
Fix loginflow with apptoken enter on iOS 
It seems iOS doesn't like us to change the location. So now we submit it
to the server that geneartes the redirect.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-01-04 21:51:36 +07:00
Roeland Jago Douma 763b52d402
Fix SAML Client login flow on Apple devices 
Because the redirect from the SAML/SSO endpoint is a POST the lax/strict
cookies are not properly send.

Note that it is not strictly requried on this endpoint as we do not need
the remember me data. Only the real session info is enough. The endpoint
is also already protected by a state token.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-12-17 12:50:32 +07:00
John Molakvoæ (skjnldsv) 5e4990fadd
Remove redirect page 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2018-11-29 10:27:22 +07:00
Roeland Jago Douma 43d6ae7476
Respect the disabled setting for lost_password_link 
Fixes #11146
As documented when it is set to disabled the user can't request a lost
password.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-11-20 13:28:40 +07:00
Roeland Jago Douma 92582a350d
Use the proper server for the apptoken flow login 
If a user can't authenticate normally (because they have 2FA that is not
available on their devices for example). The redirect that is generated
should be of the proper format.

This means

1. Include the protocol
2. Include the possible subfolder

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-11-01 11:45:35 +07:00
Rayn0r 85eb43baff added possibility to disable autocomplete in login form 
Signed-off-by: Rayn0r <Andre.Weidemann@web.de>
 2018-10-30 11:36:16 +07:00
Julius Härtl d21ded67a7
Keep list of icons in a separate file for use in the accessibility app 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2018-10-25 12:16:10 +07:00
Morris Jobke e0f9257be9
Merge pull request #11847 from iPaat/Fix/DeleteCookiesThroughClearSiteData 
Remove cookies from Clear-Site-Data Header
 2018-10-23 17:04:45 +07:00
Thomas Citharel d63de5471b Don't require Same Site Cookies on assets 
Which can be used for public iframe embeeding

See https://github.com/nextcloud/calendar/issues/169

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2018-10-17 09:24:21 +07:00
Patrick Conrad 1806baaeaf
Remove cookies from Clear-Site-Data Header 
In 2f87fb6b45 this header was introduced. The referenced documentation says:

> When delivered with a response from https://example.com/clear, the following header will cause cookies associated with the origin https://example.com to be cleared, as well as cookies on any origin in the same registered domain (e.g. https://www.example.com/ and https://more.subdomains.example.com/).

This also applies if `https://nextcloud.example.com/` sends the `Clear-Site-Data: "cookies"` header.
This is not the behavior we want at this point!

So I removed the deletion of cookies from the header. This has no effect on the logout process as this header is supported only recently and the logout works in old browsers as well.

Signed-off-by: Patrick Conrad <conrad@iza.org>
 2018-10-15 14:46:06 +07:00
Morris Jobke 7971ba5cc6
Merge pull request #10898 from nextcloud/feature/10684/default-logo-color-theme-colors 
Switches the default logo color depending on the primary color
 2018-10-08 10:33:22 +07:00
Roeland Jago Douma 78273cb1e6
Add an endppoint for clients to request an app password 
Now that we allow enforcing 2 factor auth it make sense if we also allow
and endpoint where the clients can in the background fetch an
apppassword if they were configured before the login flow was present.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-10-03 19:05:20 +07:00
Roeland Jago Douma d9febae5b2
Update all the publickey tokens if needed on web login 
* On weblogin check if we have invalid public key tokens
* If so update them all with the new token

This ensures that your marked as invalid tokens work again if you once
login on the web.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-10-02 19:50:54 +07:00
Michael Weimann a45ec3d324
Refactors the scss svg functions 
Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
 2018-10-02 08:37:55 +07:00
Michael Weimann d855c38e07
Moves the logo files to logo 
Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
 2018-10-02 08:37:54 +07:00
blizzz ef97ef72f6
Merge pull request #10743 from danielkesselberg/bugfix/noid/allow-password-reset-for-duplicate-email 
Enable password reset for user with same email address when only one is active
 2018-09-13 10:48:30 +07:00