sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
78,961 Commits
618 Branches
1167 Tags
9.0 GiB
Commit Graph

741 Commits (b95e31be8666a4b79653d6546dbd4e10ffc41dc6)

Author SHA1 Message Date
Ferdinand Thiessen 931aed3968 fix: handle IDLE timeout 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2025-06-03 13:16:09 +07:00
Ferdinand Thiessen 832f79ac93
chore: apply code style 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2025-04-30 19:04:59 +07:00
Richard Steinmetz 550d8d9fce
fix(oauth2): retain support for legacy ownCloud clients 
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
 2025-04-02 12:23:45 +07:00
Louis Chemineau 9141eb473f
feat: Close sessions created for login flow v2 
Sessions created during the login flow v2 should be short lived to not leave an unexpected opened session in the browser.

This commit add a property to the session object to track its origin, and will close it as soon as possible, i.e., on the first non public page request.

Signed-off-by: Louis Chemineau <louis@chmn.me>

[skip ci]

Signed-off-by: Louis Chemineau <louis@chmn.me>
 2025-03-03 11:38:03 +07:00
Jonas 3737727a04 fix(ReferenceApiController): Bump rate limit for public resolve endpoint 
E.g. text documents might contain hundreds of links whose previews need
to get loaded.

Fixes: nextcloud/collectives#1607

Signed-off-by: Jonas <jonas@freesources.org>
 2024-12-16 15:52:05 +07:00
Marcel Klehr 25f558d004 fix(TaskProcessing): Set up fs in getFileContentsInternal 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-11-26 10:38:17 +07:00
Marcel Klehr 7a309e7a99 fix(TaskProcessingApiController): Don't use + to merge non-assoc. arrays 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-11-06 09:44:11 +07:00
provokateurin e77d6c913d
fix(core): Limit valid avatar sizes 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-08-14 09:29:30 +07:00
Julius Härtl 1aa29441e3 fix: Add direct parameter to flow auth v2 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2024-08-05 12:13:52 +07:00
Julius Härtl a6d421e767
chore: Remove deprecated legacy search backend 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2024-08-01 12:33:18 +07:00
provokateurin bc5c0262af
refactor(core): Make all attribute arguments named 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-07-27 22:36:18 +07:00
provokateurin c57c3c1573
refactor(core): Replace security annotations with respective attributes 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-07-26 07:30:45 +07:00
Kate a9b77c3d12
Merge pull request #46761 from nextcloud/fix/core/document-csrf-token-endpoint 2024-07-26 07:13:26 +07:00
Andy Scherzinger 4f2a29adf9
Merge pull request #46672 from nextcloud/fix/preview-invalid-id 
Avoid using partial file info as valid one
 2024-07-25 19:37:30 +07:00
provokateurin 90e108e548
fix(core): Document CSRF token endpoint 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-07-25 18:04:46 +07:00
Julien Veyssier 060fb26686
fix(taskprocessing): run cs:fix 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2024-07-25 10:10:32 +07:00
Marcel Klehr 799ee8fd51
feat(TaskProcessing): Implement enums and default values 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-07-25 10:10:31 +07:00
Julius Härtl 6c1e896a03 fix: Ignore preview requests for invalid file ids 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2024-07-22 22:32:34 +07:00
Julien Veyssier fffc784769
feat(taskprocessing): add support for webhooks (http or AppAPI) in the task processing API 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2024-07-22 11:34:29 +07:00
Ferdinand Thiessen 9716b0d735 refactor: Migrate some legacy and core functions to `IFilenameValidator` 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-07-19 19:41:46 +07:00
Marcel Klehr a3c3eab09c
Merge pull request #46368 from nextcloud/fix/task-processing 
TaskProcessing follow-up
 2024-07-19 12:38:30 +07:00
Jonas 9fe4edca2c
fix(ReferenceApiController): Remove accidently added AnonRateLimit 
Signed-off-by: Jonas <jonas@freesources.org>
 2024-07-17 15:38:09 +07:00
Marcel Klehr 0d07ad98b0 fix(TaskProcessing): Update openapi specs 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-07-17 13:55:55 +07:00
Marcel Klehr eb0b5f29fb fix(TaskProcessingApiController): Address review comments 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-07-17 13:55:55 +07:00
Marcel Klehr 4ac1ac673e fix: psalm errors 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-07-17 13:55:55 +07:00
Marcel Klehr 4ac7f8275b feat(TaskProcessing): Allow setting task results for file slots 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-07-17 13:55:55 +07:00
Jonas 1671bf3ef2
feat(Reference): Add public API endpoints to get references 
Calling the public API endpoints will check for matching registered
reference providers that implement `IPublicReferenceProvider` and call
their respective functions. If no matching provider is found, the
default `LinkReferenceProvider` will be used to provide open graph data.

The frontend reference widget components will call these endpoints from
unauthorized sessions, e.g. in public shares.

If present, the sharing token of the origin URL is passed to
`resolveReferencePublic()` as additional information for the reference
provider to determine the access scope. This allows the respective
reference providers to determine whether the origin share has access to
the linked resource.

`getCacheKeyPublic` also gets the sharing token so it can scope the cached
entry to it.

Contributes to #45978

Signed-off-by: Jonas <jonas@freesources.org>
 2024-07-17 12:56:41 +07:00
Julien CHATY-CAPELLE 2d84d0f5bf fix(core): use OC namespace for core ReponseDefinitions instead of OCA 
Signed-off-by: Julien CHATY-CAPELLE <julien@chaty-capelle.fr>
 2024-07-15 11:50:02 +07:00
Ferdinand Thiessen a229723b8c
feat: Add new forbidden filename options to Capabilities 
Allow clients to access the new filename validation options
and make frontend name validation possible.

Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de>
Co-authored-by: Kate <26026535+provokateurin@users.noreply.github.com>
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-07-11 13:31:54 +07:00
Benjamin Gaussorgues e5275dbada feat: don't count failed CSRF as failed login attempt 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-07-11 09:27:33 +07:00
provokateurin f5ff8136ac
feat(TaskProcessingApi): Add endpoint for getting the next task 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-07-01 17:11:12 +07:00
Daniel e5a6698ec0
Merge pull request #45811 from nextcloud/add-test-for-profile-page-controller 
test: add tests for ProfilePageController
 2024-06-12 14:49:03 +07:00
Daniel Kesselberg 98eb190e04
test: add tests for ProfilePageController 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2024-06-12 11:46:12 +07:00
provokateurin c8e767878d fix(core): Return X-NC-IsCustomAvatar for guest avatars too 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-06-12 10:27:29 +07:00
skjnldsv 8bed23288b fix(files_sharing): dark avatar support 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2024-06-12 10:27:29 +07:00
skjnldsv fb11672df6 fix(core): allow guest avatar fallback 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2024-06-12 10:27:29 +07:00
Arthur Schiwon 98b5cdc43d
Merge pull request #43942 from nextcloud/fix/43612/avoid-pwd-confirm-sso 
fix(Session): avoid password confirmation on SSO
 2024-06-07 11:25:36 +07:00
Arthur Schiwon 340939e688
fix(Session): avoid password confirmation on SSO 
SSO backends like SAML and OIDC tried a trick to suppress password
confirmations as they are not possible by design. At least for SAML it was
not reliable when existing user backends where used as user repositories.

Now we are setting a special scope with the token, and also make sure that
the scope is taken over when tokens are regenerated.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-06-05 19:01:13 +07:00
John Molakvoæ (skjnldsv) fc3ee65526 fix(core): unsupported browser redirect url 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2024-06-01 09:34:22 +07:00
Andy Scherzinger e07a190641
chore: Add SPDX header 
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
 2024-05-27 14:53:40 +07:00
Kate 7bc4ccba6a
Merge pull request #45354 from nextcloud/docs/taskprocessingapi/cleanup-endpoint-descriptions 2024-05-16 20:09:06 +07:00
provokateurin a8abe9d3c2
fix(TaskProcessingApi): Cleanup error handling 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-05-16 15:17:10 +07:00
provokateurin 4c375c98a4
docs(TaskProcessingApi): Set correct status code messages 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-05-16 14:57:34 +07:00
provokateurin eabbb73173
docs(TaskProcessingApi): Cleanup endpoint descriptions 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-05-16 12:43:39 +07:00
provokateurin 79e153735c
docs(TaskProcessingApi): Fix result endpoint description 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-05-16 12:43:22 +07:00
Joas Schilling ef1c32a222
Merge pull request #45317 from nextcloud/bugfix/noid/limit-maximum-number-of-search-results 
fix(search): Limit maximum number of search results
 2024-05-16 10:10:09 +07:00
Marcel Klehr f3e72aff7c
Merge pull request #45094 from nextcloud/enh/taskprocessing-api 
feat: TaskProcessing API
 2024-05-15 11:43:08 +07:00
Joas Schilling 2bd54d30e5
fix(search): Limit maximum number of search results 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-05-15 09:48:23 +07:00
Marcel Klehr a8afa7f23d fix(OCS-API): Add endpoint to list user tasks 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-05-14 11:38:41 +07:00
Marcel Klehr f3a88f04ec fix(OCS-API): No csrf required for /tasks/taskId/file/fileId 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-05-14 11:38:41 +07:00