sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
79,483 Commits
622 Branches
1167 Tags
9.0 GiB
Commit Graph

301 Commits (9304846bdfd2108efb3e3dbdddd608a8e56172cc)

Author SHA1 Message Date
Côme Chilliet f52b4c5eb2 fix: Remove skip of grant page, only skip first step 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-01-07 10:34:30 +07:00
Côme Chilliet 99e0867f0a chore: Adapt tests to added constructor parameters 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-01-07 10:34:30 +07:00
Benjamin Gaussorgues 22051a73c1
feat(login): add origin check at login 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-12-05 09:51:53 +07:00
skjnldsv b15fdfd40e chore(profile): move profile app from core to apps 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2024-11-14 10:25:02 +07:00
Ferdinand Thiessen c84c256261
fix: Adjust preview for view-only shares 
Previously there was a different behavior for public shares (link-shares) and internal shares,
if the user disabled the view permission.
The legacy UI for public shares simply "disabled" the context menu and hided all download actions.
With Nextcloud 31 all share types use the consistent permissions attributes,
which simplifies code, but caused a regression: Images can no longer been viewed.

Because on 30 and before the attribute was not set, previews for view-only files
were still allowed. Now with 31 we need a new way to allow "viewing" shares.

So this is allowing previews for those files, but only for internal usage.
This is done by settin a special header, which only works with custom requests,
and not by opening the URL directly.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-10-28 15:52:27 +07:00
Julius Knorr 606241caeb
chore(legacy): Introduce public version ct plass and drop version methods from OC_Util 
Signed-off-by: Julius Knorr <jus@bitgrid.net>
 2024-09-20 14:53:34 +07:00
provokateurin 9836e9b164
chore(deps): Update nextcloud/coding-standard to v1.3.1 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-09-19 14:21:20 +07:00
Christoph Wurst 49dd79eabb
refactor: Add void return type to PHPUnit test methods 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2024-09-15 22:32:31 +07:00
Daniel Kesselberg af6de04e9e
style: update codestyle for coding-standard 1.2.3 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2024-08-25 19:34:58 +07:00
Julius Härtl 6c1e896a03 fix: Ignore preview requests for invalid file ids 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2024-07-22 22:32:34 +07:00
Benjamin Gaussorgues e5275dbada feat: don't count failed CSRF as failed login attempt 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-07-11 09:27:33 +07:00
Daniel e5a6698ec0
Merge pull request #45811 from nextcloud/add-test-for-profile-page-controller 
test: add tests for ProfilePageController
 2024-06-12 14:49:03 +07:00
Daniel Kesselberg 98eb190e04
test: add tests for ProfilePageController 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2024-06-12 11:46:12 +07:00
skjnldsv 8bed23288b fix(files_sharing): dark avatar support 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2024-06-12 10:27:29 +07:00
Andy Scherzinger 1f7e2ba599
chore: Add SPDX header 
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
 2024-05-13 17:41:36 +07:00
Christoph Wurst 22dc27810e
fix(auth): Keep redirect URL during 2FA setup and challenge 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2024-04-19 10:24:26 +07:00
Ferdinand Thiessen 3fede00732
feat(login): Clear login form (password) after IDLE timeout 
For security reasons it is recommended to stop the login process at a defined time,
this could prevent password leaks by e.g. user forgetting that they entered their password on public devices.

Enforced e.g. by the BSI ORP.4.A13 rule.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-03-25 12:22:53 +07:00
Eduardo Morales 685145714a chore: update logincontroller tests 
Signed-off-by: Eduardo Morales <emoral435@gmail.com>
 2024-03-10 11:36:42 +07:00
provokateurin 6243a9471d
feat(core): Add OCS endpoint for confirming the user password 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-02-20 14:28:00 +07:00
John Molakvoæ 4a509dfe8e
fix: phpunit 
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
 2024-02-13 21:06:31 +07:00
Joas Schilling 2ee5c7a8f9
fix(tests): Fix remaining tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-01-09 15:58:02 +07:00
Louis Chemineau db11313152
Fix tests after slow logout fix 
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2024-01-08 19:09:48 +07:00
Gaspard d'Hautefeuille 85911cbab2 Cancel PR #37405, remove regression code 
Signed-off-by: Gaspard d'Hautefeuille <github@dhautefeuille.eu>
 2024-01-05 04:20:26 +07:00
Joas Schilling aa5f037af7
chore: apply changes from Nextcloud coding standards 1.1.1 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2023-11-23 10:36:13 +07:00
Ferdinand Thiessen 154a9989a7
Merge pull request #39852 from nextcloud/pragmaHeader 
Stop sending deprecated Pragma header
 2023-10-18 03:30:21 +07:00
Côme Chilliet ee39a47e84
Fix Dynamic property timeFactory in ClientFlowLoginControllerTest 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-10-09 10:30:54 +07:00
Julien Veyssier 807f173dec
make oauth2 authorization code expire after 10 minutes 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-10-05 14:24:02 +07:00
Joas Schilling 25309bcb45
techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-08-28 15:50:45 +07:00
Git'Fellow 066f6ef16c Stop sending deprecated Pragma header 
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
 2023-08-28 15:11:22 +07:00
John Molakvoæ 266fb31180
fix(tests): preview phpunit 
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
 2023-08-17 18:58:21 +07:00
jld3103 1be836273d
core: Add OpenAPI spec 
Signed-off-by: jld3103 <jld3103yt@gmail.com>
 2023-07-13 07:24:15 +07:00
Joas Schilling 33385d7ecb
fix(tests): Adjust unit tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-05-15 16:12:14 +07:00
Joshua Trees a4032a3800 Add some tests for input trimming in LostController.php 
Signed-off-by: Joshua Trees <me@jtrees.io>
 2023-04-05 12:15:38 +07:00
Git'Fellow 346054f854
Fix tests 
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
 2023-03-28 09:41:04 +07:00
Joas Schilling 59578817f5
Merge pull request #36489 from nextcloud/bugfix/noid/brute-force-protection-password-reset 
Add bruteforce protection to password reset page
 2023-02-06 22:12:25 +07:00
Joas Schilling 875e6cf7e6
fix(CI): Adjust expected result 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-02-06 11:26:38 +07:00
Christoph Wurst 88d116ba84
fix(client-login-flow): Handle missing stateToken gracefully 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-02-06 09:42:15 +07:00
Côme Chilliet 003cc2b45a
Fix tests failures (number of calls differed with last rebase) 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-24 09:38:20 +07:00
Carl Schwan a23cd7b961
Fix a bunch of deprecation in the phpunit for core 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2023-01-24 09:34:09 +07:00
Côme Chilliet f5c361cf44
composer run cs:fix 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-20 11:45:08 +07:00
Christoph Wurst 20fcfb5739
feat(app framework)!: Inject services into controller methods 
Usually Nextcloud DI goes through constructor injection. This has the
implication that each instance of a class builds the full DI tree. That
is the injected services, their services, etc. Occasionally there is a
service that is only needed for one controller method. Then the DI tree
is build regardless if used or not.

If services are injected into the method, we only build the DI tree if
that method gets executed.

This is also how Laravel allows injection.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-18 14:00:38 +07:00
Christoph Wurst f22101d421
Fix login loop if login CSRF fails and user is not logged in 
If CSRF fails but the user is logged in that they probably logged in in
another tab. This is fine. We can just redirect.
If CSRF fails and the user is also not logged in then something is
fishy. E.g. because Nextcloud contantly regenrates the session and the
CSRF token and the user is stuck in an endless login loop.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-18 09:39:17 +07:00
Christoph Wurst 138deec333
chore: Make the LoginController strict 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2022-12-15 10:52:28 +07:00
Julius Härtl 8629d8e44f
Check share attributes on preview endpoints 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-10-25 11:35:31 +07:00
Côme Chilliet 1cb0c2ac52 Fix LostController test 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-10-18 14:49:02 +07:00
Joas Schilling 67ecd72972
Fix unit tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-08-31 20:54:39 +07:00
Arthur Schiwon b3b6f2d581
fix Controller tests 
- added pageTitle in code was missing in expectations
- fixed warnings of superflouos parameter
- fixed wrong type of mock

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2022-07-22 22:15:41 +07:00
Thomas Citharel abe5ff3654
Make LostController use IInitialState and LoggerInterface 
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2022-06-10 16:41:41 +07:00
Thomas Citharel 6283d14fa6
Modernize the LostControllerTest test 
Remove some depreciated at() calls

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2022-06-10 16:41:41 +07:00
Thomas Citharel 44e13848a1
Add password reset typed events 
These hooks are only used in the Encryption app from what I can see.

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2022-06-10 16:41:41 +07:00