96ab777817
feat(login): Add rememberme checkbox
...
Only present if allowed by configuration.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-11-17 14:16:40 +07:00
789045a410
Merge pull request #56344 from nextcloud/backport/55434/stable31
...
[stable31] fix(unified-search): Remove hard-coded search result limit
2025-11-13 17:08:02 +07:00
5d01642813
fix(unified-search): Remove hard-coded search result limit
...
A change added in https://github.com/nextcloud/server/pull/45317 introduced
a hard stop (25) that prevents full search results from showing up.
If there are more than 25 search results for a query only 25 can be seen.
So two main issues:
- Only 25 results can be seen in total no matter what.
- Breaks web client pagination, which typically adds 5 results per request.
Signed-off-by: nfebe <fenn25.fn@gmail.com>
2025-11-13 17:04:35 +07:00
822744cc29
fix(team-api): get all teams details in a single request
...
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2025-11-12 21:21:55 +07:00
ca1ebb33a2
fix(ai-apis): reject text inputs that are longer than 64K chars
...
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
2025-11-11 08:09:35 +07:00
a32c93e011
fix: translation on /unsupported screen
...
Signed-off-by: Luka Trovic <luka@nextcloud.com>
2025-10-21 08:31:21 +07:00
8af7739494
fix(TextToImage): Set better attribute for routes
...
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
2025-10-15 16:18:27 +07:00
809f1f0693
fix(TextProcessingApiController): Set better attribute on routes
...
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
2025-10-15 09:59:56 +07:00
393883eab4
feat(unified-search): Use existing min search length config
...
This setting existed already for the legacy unified search.
This commit expose that setting to the new front-end, and
also ignore non valid requests in the backend.
We also take the opportunity to register the config in the lexicon.
Signed-off-by: Louis Chemineau <louis@chmn.me>
2025-09-29 10:55:48 +07:00
f7f2554c15
fix(core): Stop abusing the cache for avatar upload
...
Signed-off-by: provokateurin <kate@provokateurin.de>
2025-09-26 19:36:34 +07:00
b642ce1fc5
fix(auth): allow access to dynamic js files during 2FA
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2025-09-11 15:39:28 +07:00
a9610db902
fix: Run cs:fix
...
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
2025-08-29 09:48:12 +07:00
566c564a6a
fix(TaskProcessingApiController): Don't allow anonymous access anymore
...
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
[skip ci]
2025-08-28 11:15:53 +07:00
58f7fabaa7
feat(ocm): split ocm discovery and capabilities
...
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2025-08-20 14:47:31 +07:00
1042d1458c
fix(TaskProcessingApiController): Improve error handling
...
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
2025-07-22 13:49:45 +07:00
bc93c6afff
fix: update request token on two-factor pages
...
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
2025-06-23 16:01:15 +07:00
3c92e3332e
fix: generate csrf tokens if two factor challenge is ongoing
...
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
2025-06-23 13:57:38 +07:00
ff49774e4f
Merge pull request #53290 from nextcloud/backport/53277/stable31
...
[stable31] fix(TaskProcessingApiController): use StreamResponse to return file content
2025-06-04 11:11:19 +07:00
623859066f
fix(TaskProcessingApiController): use StreamResponse to return the task file content
...
Signed-off-by: Oleksander Piskun <oleksandr2088@icloud.com>
2025-06-03 16:42:12 +07:00
de2f721cce
fix: handle IDLE timeout
...
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2025-06-03 13:16:22 +07:00
3923eaba04
feat(profile): Add an API to get the profile field data
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2025-04-24 00:50:11 +07:00
1653cd2dea
fix(oauth2): retain support for legacy ownCloud clients
...
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
2025-04-02 12:05:18 +07:00
e840ee72b2
feat: Close sessions created for login flow v2
...
Sessions created during the login flow v2 should be short lived to not leave an unexpected opened session in the browser.
This commit add a property to the session object to track its origin, and will close it as soon as possible, i.e., on the first non public page request.
Signed-off-by: Louis Chemineau <louis@chmn.me>
2025-02-27 07:59:49 +07:00
2c13259093
feat(files): add mime icon endpoint
...
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
2025-01-22 16:29:36 +07:00
332fa63850
feat: Two Factor API
...
Signed-off-by: SebastianKrupinski <krupinskis05@gmail.com>
2025-01-16 08:31:58 +07:00
24332e2a06
fix(taskprocessing): /tasktypes endpoint was broken by #49015
...
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
2025-01-09 10:06:25 +07:00
f52b4c5eb2
fix: Remove skip of grant page, only skip first step
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-01-07 10:34:30 +07:00
e7be008dc1
feat(oauth2): Skip page before login as well for authorized applications
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-01-07 10:34:30 +07:00
9b366c65d4
feat(oauth): Allow to skip the grant step for selected applications
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-01-07 10:34:30 +07:00
085d4c9364
refactor(OpenAPI): Adjust scopes to match previous behavior
...
Signed-off-by: provokateurin <kate@provokateurin.de>
2025-01-06 14:30:40 +07:00
d4715c61f2
Merge pull request #49560 from nextcloud/fix/login-origin
...
feat(login): add origin check at login
2024-12-20 14:53:11 +07:00
dd5f560246
fix(ReferenceApiController): Bump rate limit for public resolve endpoint
...
E.g. text documents might contain hundreds of links whose previews need
to get loaded.
Fixes : nextcloud/collectives#1607
Signed-off-by: Jonas <jonas@freesources.org>
2024-12-16 13:01:55 +07:00
22051a73c1
feat(login): add origin check at login
...
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2024-12-05 09:51:53 +07:00
4591430c9c
feat(ocm): signing ocm requests
...
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2024-12-04 09:30:55 +07:00
3ac14af26b
fix(TaskProcessing): Set up fs in getFileContentsInternal
...
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
2024-11-26 11:07:20 +07:00
b15fdfd40e
chore(profile): move profile app from core to apps
...
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
2024-11-14 10:25:02 +07:00
452e4be4f5
Merge pull request #46222 from nextcloud/fix/task-processing-api-controller/dont-use-plus
2024-11-06 09:02:23 +07:00
77114fb327
fix(OpenAPI): Adjust array syntax to avoid ambiguities
...
Signed-off-by: provokateurin <kate@provokateurin.de>
2024-11-05 09:58:11 +07:00
c84c256261
fix: Adjust preview for view-only shares
...
Previously there was a different behavior for public shares (link-shares) and internal shares,
if the user disabled the view permission.
The legacy UI for public shares simply "disabled" the context menu and hided all download actions.
With Nextcloud 31 all share types use the consistent permissions attributes,
which simplifies code, but caused a regression: Images can no longer been viewed.
Because on 30 and before the attribute was not set, previews for view-only files
were still allowed. Now with 31 we need a new way to allow "viewing" shares.
So this is allowing previews for those files, but only for internal usage.
This is done by settin a special header, which only works with custom requests,
and not by opening the URL directly.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-10-28 15:52:27 +07:00
bb598c8451
chore(deps): Bump nextcloud/coding-standard in /vendor-bin/cs-fixer
...
Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard ) from 1.3.1 to 1.3.2.
- [Release notes](https://github.com/nextcloud/coding-standard/releases )
- [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md )
- [Commits](https://github.com/nextcloud/coding-standard/compare/v1.3.1...v1.3.2 )
---
updated-dependencies:
- dependency-name: nextcloud/coding-standard
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: provokateurin <kate@provokateurin.de>
2024-10-19 07:57:35 +07:00
606241caeb
chore(legacy): Introduce public version ct plass and drop version methods from OC_Util
...
Signed-off-by: Julius Knorr <jus@bitgrid.net>
2024-09-20 14:53:34 +07:00
9836e9b164
chore(deps): Update nextcloud/coding-standard to v1.3.1
...
Signed-off-by: provokateurin <kate@provokateurin.de>
2024-09-19 14:21:20 +07:00
8af7ecb257
chore: adjust code to adhere to coding standard
...
Signed-off-by: Anna Larch <anna@nextcloud.com>
2024-09-05 21:23:38 +07:00
af6de04e9e
style: update codestyle for coding-standard 1.2.3
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2024-08-25 19:34:58 +07:00
e77d6c913d
fix(core): Limit valid avatar sizes
...
Signed-off-by: provokateurin <kate@provokateurin.de>
2024-08-14 09:29:30 +07:00
1aa29441e3
fix: Add direct parameter to flow auth v2
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2024-08-05 12:13:52 +07:00
a6d421e767
chore: Remove deprecated legacy search backend
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2024-08-01 12:33:18 +07:00
bc5c0262af
refactor(core): Make all attribute arguments named
...
Signed-off-by: provokateurin <kate@provokateurin.de>
2024-07-27 22:36:18 +07:00
c57c3c1573
refactor(core): Replace security annotations with respective attributes
...
Signed-off-by: provokateurin <kate@provokateurin.de>
2024-07-26 07:30:45 +07:00
a9b77c3d12
Merge pull request #46761 from nextcloud/fix/core/document-csrf-token-endpoint
2024-07-26 07:13:26 +07:00
Côme Chilliet
Stephan Orbaugh
nfebe
Maxence Lange
Julien Veyssier
Luka Trovic
Marcel Klehr
Louis Chemineau
provokateurin
Christoph Wurst
Richard Steinmetz
Alexander Piskun
Ferdinand Thiessen
Joas Schilling
skjnldsv
SebastianKrupinski
Jonas
Benjamin Gaussorgues
John Molakvoæ
dependabot[bot]
Julius Knorr
Anna Larch
Daniel Kesselberg
Kate