sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
81,941 Commits
619 Branches
1167 Tags
9.0 GiB
Commit Graph

433 Commits (b9ab00a59e2d906fdb43eaaea37eb7a4a9cc8a13)

Author SHA1 Message Date
Andy Scherzinger 1f7e2ba599
chore: Add SPDX header 
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
 2024-05-13 17:41:36 +07:00
Christoph Wurst 22dc27810e
fix(auth): Keep redirect URL during 2FA setup and challenge 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2024-04-19 10:24:26 +07:00
Côme Chilliet ec5133b739 fix: Apply new coding standard to all files 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-04-02 14:16:21 +07:00
Ferdinand Thiessen 3fede00732
feat(login): Clear login form (password) after IDLE timeout 
For security reasons it is recommended to stop the login process at a defined time,
this could prevent password leaks by e.g. user forgetting that they entered their password on public devices.

Enforced e.g. by the BSI ORP.4.A13 rule.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-03-25 12:22:53 +07:00
Eduardo Morales 685145714a chore: update logincontroller tests 
Signed-off-by: Eduardo Morales <emoral435@gmail.com>
 2024-03-10 11:36:42 +07:00
Louis Chemineau 72f7b80153
Revert change in TwoFactorAuth CleanupTest.php 
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2024-03-06 16:46:35 +07:00
Louis Chemineau fcdc8b47f2 fix(files_versions): Improve files version listing 
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2024-03-06 10:15:31 +07:00
Anupam Kumar ce24923f4c
add generate-password option and flow fixes 
Signed-off-by: Anupam Kumar <kyteinsky@gmail.com>
 2024-02-24 04:56:52 +07:00
Anupam Kumar a92c507cb6
new user password email option, improved on #29368 
Signed-off-by: Anupam Kumar <kyteinsky@gmail.com>
 2024-02-24 04:56:52 +07:00
Philip Gatzka b587ec39f4
Enable adding E-Mail addresses to new user accounts using the CLI 
Signed-off-by: Philip Gatzka <philip.gatzka@mailbox.org>
 2024-02-24 04:56:52 +07:00
provokateurin 6243a9471d
feat(core): Add OCS endpoint for confirming the user password 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-02-20 14:28:00 +07:00
John Molakvoæ 4a509dfe8e
fix: phpunit 
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
 2024-02-13 21:06:31 +07:00
Maxence Lange f7d0c74b10 lazy AppConfig 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2024-01-15 15:45:13 +07:00
Joas Schilling 2ee5c7a8f9
fix(tests): Fix remaining tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-01-09 15:58:02 +07:00
Louis Chemineau db11313152
Fix tests after slow logout fix 
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2024-01-08 19:09:48 +07:00
Gaspard d'Hautefeuille 85911cbab2 Cancel PR #37405, remove regression code 
Signed-off-by: Gaspard d'Hautefeuille <github@dhautefeuille.eu>
 2024-01-05 04:20:26 +07:00
Joas Schilling aa5f037af7
chore: apply changes from Nextcloud coding standards 1.1.1 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2023-11-23 10:36:13 +07:00
Ferdinand Thiessen 154a9989a7
Merge pull request #39852 from nextcloud/pragmaHeader 
Stop sending deprecated Pragma header
 2023-10-18 03:30:21 +07:00
Côme Chilliet ee39a47e84
Fix Dynamic property timeFactory in ClientFlowLoginControllerTest 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-10-09 10:30:54 +07:00
Julien Veyssier 807f173dec
make oauth2 authorization code expire after 10 minutes 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-10-05 14:24:02 +07:00
Côme Chilliet 0c421975bd Remove last calls to deprecated at matcher in tests/Core 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-09-18 10:21:21 +07:00
Joas Schilling 6f520f2304
Merge pull request #40026 from lhsazevedo/auth-token-commands 
feat: Add auth token list and delete commands
 2023-08-29 08:57:07 +07:00
Joas Schilling 25309bcb45
techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-08-28 15:50:45 +07:00
Git'Fellow 066f6ef16c Stop sending deprecated Pragma header 
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
 2023-08-28 15:11:22 +07:00
Lucas Azevedo 771a7b92cc Add tests for occ user:auth-tokens:delete 
Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>
 2023-08-25 02:27:41 +07:00
John Molakvoæ 266fb31180
fix(tests): preview phpunit 
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
 2023-08-17 18:58:21 +07:00
jld3103 1be836273d
core: Add OpenAPI spec 
Signed-off-by: jld3103 <jld3103yt@gmail.com>
 2023-07-13 07:24:15 +07:00
Faraz Samapoor fd0e2f711a Fixes testcase error. 
Signed-off-by: Faraz Samapoor <fsa@adlas.at>
 2023-06-24 23:14:23 +07:00
Joas Schilling 33385d7ecb
fix(tests): Adjust unit tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-05-15 16:12:14 +07:00
Ferdinand Thiessen dc9d8c42bb fix: Adjust console formatter code to match with Symfony type hints 
Symfony has added type hints on the `OutputFormatterInterface`,
so we must adjust our type hints to match with Symfony.

Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>
 2023-04-17 18:35:10 +07:00
Joshua Trees a4032a3800 Add some tests for input trimming in LostController.php 
Signed-off-by: Joshua Trees <me@jtrees.io>
 2023-04-05 12:15:38 +07:00
Git'Fellow 346054f854
Fix tests 
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
 2023-03-28 09:41:04 +07:00
Joas Schilling 59578817f5
Merge pull request #36489 from nextcloud/bugfix/noid/brute-force-protection-password-reset 
Add bruteforce protection to password reset page
 2023-02-06 22:12:25 +07:00
Joas Schilling 875e6cf7e6
fix(CI): Adjust expected result 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-02-06 11:26:38 +07:00
Christoph Wurst 88d116ba84
fix(client-login-flow): Handle missing stateToken gracefully 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-02-06 09:42:15 +07:00
Côme Chilliet 003cc2b45a
Fix tests failures (number of calls differed with last rebase) 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-24 09:38:20 +07:00
Carl Schwan a23cd7b961
Fix a bunch of deprecation in the phpunit for core 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2023-01-24 09:34:09 +07:00
Joas Schilling 1c099c7f17
Fix broken user:setting command unit test 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-01-23 07:01:22 +07:00
Côme Chilliet f5c361cf44
composer run cs:fix 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-20 11:45:08 +07:00
Christoph Wurst 20fcfb5739
feat(app framework)!: Inject services into controller methods 
Usually Nextcloud DI goes through constructor injection. This has the
implication that each instance of a class builds the full DI tree. That
is the injected services, their services, etc. Occasionally there is a
service that is only needed for one controller method. Then the DI tree
is build regardless if used or not.

If services are injected into the method, we only build the DI tree if
that method gets executed.

This is also how Laravel allows injection.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-18 14:00:38 +07:00
Christoph Wurst f22101d421
Fix login loop if login CSRF fails and user is not logged in 
If CSRF fails but the user is logged in that they probably logged in in
another tab. This is fine. We can just redirect.
If CSRF fails and the user is also not logged in then something is
fishy. E.g. because Nextcloud contantly regenrates the session and the
CSRF token and the user is stuck in an endless login loop.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-18 09:39:17 +07:00
Christoph Wurst 138deec333
chore: Make the LoginController strict 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2022-12-15 10:52:28 +07:00
Julius Härtl 8629d8e44f
Check share attributes on preview endpoints 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-10-25 11:35:31 +07:00
Côme Chilliet 1cb0c2ac52 Fix LostController test 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-10-18 14:49:02 +07:00
Joas Schilling 67ecd72972
Fix unit tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-08-31 20:54:39 +07:00
Arthur Schiwon b3b6f2d581
fix Controller tests 
- added pageTitle in code was missing in expectations
- fixed warnings of superflouos parameter
- fixed wrong type of mock

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2022-07-22 22:15:41 +07:00
Thomas Citharel abe5ff3654
Make LostController use IInitialState and LoggerInterface 
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2022-06-10 16:41:41 +07:00
Thomas Citharel 6283d14fa6
Modernize the LostControllerTest test 
Remove some depreciated at() calls

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2022-06-10 16:41:41 +07:00
Thomas Citharel 44e13848a1
Add password reset typed events 
These hooks are only used in the Encryption app from what I can see.

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2022-06-10 16:41:41 +07:00
Carl Schwan b70c6a128f Update core to PHP 7.4 standard 
- Typed properties
- Port to LoggerInterface

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-05-20 22:18:06 +07:00
Joas Schilling 6084d691b0
Merge pull request #32375 from nextcloud/bugfix/noid/show-user-account-on-grant-loginflow-step 
Show user account on grant loginflow step
 2022-05-16 11:18:22 +07:00
Joas Schilling 40b9769d4d
Extend tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-05-16 10:33:30 +07:00
Thomas Citharel 232322fe06
Modernize contacts menu 
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2022-05-12 18:31:59 +07:00
John Molakvoæ 3c6253f965
Remove old legacy SvgController and IconsCacher 
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
 2022-05-10 23:24:07 +07:00
Louis Chemineau 8a2cf5bb68 Do not dispatch postSetPassword when setPassword fails 
Also Improve error message when setPassword fails

Signed-off-by: Louis Chemineau <louis@chmn.me>
 2022-05-05 17:21:23 +07:00
Joas Schilling 6e4d721278
Expose shareWithDisplayNameUnique also on autocomplete endpoint 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-05-03 12:51:23 +07:00
John Molakvoæ 3c75a99267
Phpunit 
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
 2022-04-21 19:00:28 +07:00
Vincent Petry 576e4e8f2a
Merge pull request #31592 from nextcloud/fix/direct-arg-flow-v2 
Add direct arg to login flow
 2022-03-29 18:21:40 +07:00
Vincent Petry 80388663af Add direct arg to login flow 
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
Co-Authored-by: Carl Schwan <carl@carlschwan.eu>
 2022-03-28 10:28:45 +07:00
Joas Schilling d078d53683
Fix tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-02-23 11:01:58 +07:00
Joas Schilling 6dd60b6d30
Only allow avatars in 64 and 512 pixel size 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-02-07 16:47:51 +07:00
Julius Härtl 61dd1d3d97
Pass username prefill through unauthenticated request redirects 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2021-12-29 11:52:31 +07:00
Côme Chilliet 8b271b8a12
Fix tests and avoid PHP errors in them 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2021-11-23 09:29:01 +07:00
Joas Schilling f8463e1fc6
Fix missing import of ILogger 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-11-02 16:47:16 +07:00
Vitor Mattos d613b32045
add check isFairUseOfFreePushService on login 
Signed-off-by: Vitor Mattos <vitor@php.rio>
 2021-10-23 00:54:50 +07:00
Julius Härtl d68f028251
Merge pull request #27733 from PhrozenByte/enhancement/noid/IURLGenerator-linkToDefaultPageUrl 2021-10-05 13:06:59 +07:00
Daniel Kesselberg e6ab948949
Make AppsEnableTest and AppsDisableTest independet of the app version number 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2021-10-01 23:08:59 +07:00
Joas Schilling a586739e17
Fix unit tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-09-29 10:02:21 +07:00
Arthur Schiwon 6857136f06
fixes missing prefix to validate password reset token 
- also fixes the test which missed asserting the presence of it

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2021-09-10 19:06:50 +07:00
Arthur Schiwon 19cc757531
move verification token logic out of lost password controller 
- to make it reusable
- needed for local email verification

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2021-09-09 14:03:29 +07:00
Lukas Reschke c21a721fc1
Merge pull request #28725 from nextcloud/disallow-public-page-in-2fa-flow 
Remove 2FA exemption from PublicPage annotation
 2021-09-07 10:44:34 +07:00
Lukas Reschke 19ad636373 Resolve absolute path in tests 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2021-09-06 21:26:27 +07:00
Lukas Reschke 8da6a9bea9
Adjust tests 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2021-09-06 09:09:42 +07:00
Christoph Wurst 4b0e18ae1b
Merge pull request #27294 from pjft/patch-2 
Update TwoFactorChallengeController.php
 2021-08-19 12:40:40 +07:00
Daniel Rudolf aa455e71d9
Merge branch 'master' into enhancement/noid/IURLGenerator-linkToDefaultPageUrl 2021-08-04 18:52:55 +07:00
Daniel Rudolf e478db9161
Deprecate RedirectToDefaultAppResponse 
Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
 2021-07-01 15:13:08 +07:00
Gary Kim b78f3a57d1
Migrate HintException to OCP 
Signed-off-by: Gary Kim <gary@garykim.dev>
 2021-06-30 15:28:02 +07:00
Daniel Rudolf 0df68f0697
Remove unused imports 
Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
 2021-06-30 16:48:22 +07:00
Daniel Rudolf 12059eb65b
Add IUrlGenerator::linkToDefaultPageUrl() 
Replaces the deprecated \OC_Util::getDefaultPageUrl() and makes this API public.

Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
 2021-06-30 16:20:57 +07:00
Joas Schilling a651dbd2c0
Fix app version check 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-06-25 11:49:32 +07:00
pjft b1086e25bb Add logging to 2FA failure 
For security reasons, we may want to monitor failures of 2FA challenges in order to ban attackers who might try to access compromised accounts but are stopped by the 2FA challenge.
Right now, the only hindrance is rate-limiting, but it's probably not enough.
Added dependency injection.

Signed-off-by: pjft <paulo.j.tavares@gmail.com>
 2021-06-21 20:43:12 +07:00
Johannes Leuker d606799ee2 Add commands to manage tags via OCC 
list, add, delete, edit

Signed-off-by: Johannes Leuker <j.leuker@hosting.de>
 2021-05-25 11:29:32 +07:00
Johannes Leuker e9ca59ef0a Change my email address 
Signed-off-by: Johannes Leuker <j.leuker@hosting.de>
 2021-03-24 15:13:56 +07:00
Vincent Petry 95e03fba2d
Fix more controller tests in Core subdir 
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
 2021-03-24 09:02:19 +07:00
Vincent Petry 9b8ca1697a
Fix more tests in the Core subdir 
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
 2021-03-24 08:48:28 +07:00
Vincent Petry c467f64848
Fix core tests command for app enabling/disabling 
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
 2021-03-23 20:40:28 +07:00
Roeland Jago Douma 54cffefed4
Merge pull request #25660 from hosting-de/feature/add-backend-list-groups 
Show group backends in occ group:list --info and group:info
 2021-03-05 08:49:43 +07:00
Johannes Leuker 2796ef80ff Show group backends in occ group:list --info and group:info 
Signed-off-by: Johannes Leuker <j.leuker@hosting.de>
 2021-03-01 16:02:08 +07:00
Christoph Wurst 5026d2cca1
Merge pull request #25086 from nextcloud/dependabot/composer/nextcloud/coding-standard-0.5.0 
Bump nextcloud/coding-standard from 0.3.0 to 0.5.0
 2021-02-18 14:05:54 +07:00
dependabot-preview[bot] eb502c02ff
Bump nextcloud/coding-standard from 0.3.0 to 0.5.0 
Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 0.3.0 to 0.5.0.
- [Release notes](https://github.com/nextcloud/coding-standard/releases)
- [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nextcloud/coding-standard/compare/v0.3.0...v0.5.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-02-18 13:31:24 +07:00
Joas Schilling 6ed4aaeeea
Send emails on password reset to the displayname 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-02-18 12:38:43 +07:00
Konrad Abicht 330315f03e refined name of getOpenSSLEncryptedAndPrivateKey 
Signed-off-by: Konrad Abicht <hi@inspirito.de>
 2021-02-12 13:01:37 +07:00
Konrad Abicht 0bc49d67cd added unit tests for LoginFlowV2Service::createTokens 
Signed-off-by: Konrad Abicht <hi@inspirito.de>
 2021-02-12 12:57:24 +07:00
Konrad Abicht c755165dd4 added unit tests for LoginFlowV2Service::flowDone 
Signed-off-by: Konrad Abicht <hi@inspirito.de>
 2021-02-11 10:45:47 +07:00
Konrad Abicht d60dd8a208 added unit tests for LoginFlowV2Service::startLoginFlow 
Signed-off-by: Konrad Abicht <hi@inspirito.de>
 2021-02-11 09:56:09 +07:00
Konrad Abicht f29748a5e1 added unit tests for LoginFlowV2Service::getByLoginToken 
Signed-off-by: Konrad Abicht <hi@inspirito.de>
 2021-02-11 09:49:39 +07:00
Konrad Abicht b0a2278a7e added unit tests for LoginFlowV2Service::poll 
Signed-off-by: Konrad Abicht <hi@inspirito.de>
 2021-02-11 09:38:29 +07:00
Konrad Abicht a50c615d37 simplified tests 
Signed-off-by: Konrad Abicht <hi@inspirito.de>
 2021-02-09 15:48:37 +07:00
Konrad Abicht a28705064b fixed coding style issue 
Signed-off-by: Konrad Abicht <hi@inspirito.de>
 2021-02-09 15:40:19 +07:00
Konrad Abicht b38a619212 added tests for OC\Core\Data\LoginFlowV2Credentials 
Signed-off-by: Konrad Abicht <hi@inspirito.de>
 2021-02-09 15:25:37 +07:00