nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Marcel Klehr	e2449bca6f	fix(TaskProcessingApiController): Improve error handling Signed-off-by: Marcel Klehr <mklehr@gmx.net>	2025-07-22 11:21:17 +07:00
John Molakvoæ	2b50d9b2c5	Revert "perf(base): Stop setting up the FS for every basic auth request"	2025-07-11 17:07:44 +07:00
provokateurin	24f7a2e680	fix(core): Stop abusing the cache for avatar upload Signed-off-by: provokateurin <kate@provokateurin.de>	2025-07-08 11:38:59 +07:00
Ferdinand Thiessen	5981b7eb51	chore: apply new CSFixer rules Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de> # Conflicts: # apps/settings/lib/SetupChecks/PhpOpcacheSetup.php	2025-07-01 16:26:50 +07:00
skjnldsv	9806a9830c	feat(files_sharing): allow viewing files with download disabled Signed-off-by: skjnldsv <skjnldsv@protonmail.com>	2025-06-26 11:47:53 +07:00
Richard Steinmetz	c690c6fbd2	fix: update request token on two-factor pages Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>	2025-06-23 11:20:09 +07:00
Richard Steinmetz	fa15cb8b87	fix: generate csrf tokens if two factor challenge is ongoing Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>	2025-06-23 11:20:09 +07:00
Ferdinand Thiessen	495c364268	chore: use consistent casing for header names (required by openAPI) Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2025-06-09 19:24:26 +07:00
Kate	cfeec72fff	Merge pull request #53292 from nextcloud/fix/loginflow	2025-06-03 15:15:44 +07:00
Ferdinand Thiessen	fa7310add9	fix: handle IDLE timeout Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2025-06-03 14:24:51 +07:00
Oleksander Piskun	90e8fa25a6	fix(TaskProcessingApiController): use StreamResponse to return the task file content Signed-off-by: Oleksander Piskun <oleksandr2088@icloud.com>	2025-06-03 13:09:07 +07:00
Anna Larch	08f869dda9	fix: broken password reset form Signed-off-by: Anna Larch <anna@nextcloud.com>	2025-05-26 19:22:07 +07:00
provokateurin	82fb8f8508	refactor: Extend rector to core/ Signed-off-by: provokateurin <kate@provokateurin.de>	2025-05-15 00:16:54 +07:00
Marcel Müller	1addd35b78	fix: Remove unneccesary etag check Signed-off-by: Marcel Müller <marcel-mueller@gmx.de>	2025-04-29 23:15:50 +07:00
Stephan Orbaugh	aa8c0a68cb	Merge pull request #50650 from IONOS-Productivity/feat/login_flow_v2-user_agents-allow-list feat(login-flow-v2): Restrict allowed apps by user agent check	2025-04-24 10:12:19 +07:00
Joas Schilling	9ed33cf6aa	feat(profile): Add an API to get the profile field data Signed-off-by: Joas Schilling <coding@schilljs.com>	2025-04-23 12:38:18 +07:00
Misha M.-Kupriyanov	d1a94f3c9c	feat(login-flow-v2): Restrict allowed apps by user agent check Enable via: ./occ config:system:set core.login_flow_v2.allowed_user_agents 0 --value '/Custom Foo Client/i' ./occ config:system:set core.login_flow_v2.allowed_user_agents 1 --value '/Custom Bar Client/i' if user agent string is unknown the template with "Access forbidden"-"Please use original client" will be displayed Signed-off-by: Misha M.-Kupriyanov <kupriyanov@strato.de>	2025-04-23 09:45:23 +07:00
Richard Steinmetz	246da73a36	fix(oauth2): retain support for legacy ownCloud clients Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>	2025-04-01 11:25:52 +07:00
skjnldsv	0179cb4d8d	feat(core): add setup cypress tests Signed-off-by: skjnldsv <skjnldsv@protonmail.com>	2025-03-13 20:51:00 +07:00
skjnldsv	cc12719df5	feat(core): migrate setup to vue Signed-off-by: skjnldsv <skjnldsv@protonmail.com>	2025-03-13 16:00:18 +07:00
Côme Chilliet	71dc34c03c	fix: Deprecate OC_Template, add proper template manager instead Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2025-03-06 15:49:25 +07:00
Louis Chemineau	c6293204a2	feat: Close sessions created for login flow v2 Sessions created during the login flow v2 should be short lived to not leave an unexpected opened session in the browser. This commit add a property to the session object to track its origin, and will close it as soon as possible, i.e., on the first non public page request. Signed-off-by: Louis Chemineau <louis@chmn.me>	2025-02-26 13:42:18 +07:00
Côme Chilliet	e757b649b7	fix: Fix psalm taint false-positives by small refactorings Mostly make it clear that we trust admin input or that we correctly escape strings. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2025-02-17 18:08:23 +07:00
skjnldsv	2c13259093	feat(files): add mime icon endpoint Signed-off-by: skjnldsv <skjnldsv@protonmail.com>	2025-01-22 16:29:36 +07:00
SebastianKrupinski	332fa63850	feat: Two Factor API Signed-off-by: SebastianKrupinski <krupinskis05@gmail.com>	2025-01-16 08:31:58 +07:00
Julien Veyssier	24332e2a06	fix(taskprocessing): /tasktypes endpoint was broken by #49015 Signed-off-by: Julien Veyssier <julien-nc@posteo.net>	2025-01-09 10:06:25 +07:00
Côme Chilliet	f52b4c5eb2	fix: Remove skip of grant page, only skip first step Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2025-01-07 10:34:30 +07:00
Côme Chilliet	e7be008dc1	feat(oauth2): Skip page before login as well for authorized applications Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2025-01-07 10:34:30 +07:00
Côme Chilliet	9b366c65d4	feat(oauth): Allow to skip the grant step for selected applications Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2025-01-07 10:34:30 +07:00
provokateurin	085d4c9364	refactor(OpenAPI): Adjust scopes to match previous behavior Signed-off-by: provokateurin <kate@provokateurin.de>	2025-01-06 14:30:40 +07:00
Stephan Orbaugh	d4715c61f2	Merge pull request #49560 from nextcloud/fix/login-origin feat(login): add origin check at login	2024-12-20 14:53:11 +07:00
Jonas	dd5f560246	fix(ReferenceApiController): Bump rate limit for public resolve endpoint E.g. text documents might contain hundreds of links whose previews need to get loaded. Fixes: nextcloud/collectives#1607 Signed-off-by: Jonas <jonas@freesources.org>	2024-12-16 13:01:55 +07:00
Benjamin Gaussorgues	22051a73c1	feat(login): add origin check at login Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2024-12-05 09:51:53 +07:00
Maxence Lange	4591430c9c	feat(ocm): signing ocm requests Signed-off-by: Maxence Lange <maxence@artificial-owl.com>	2024-12-04 09:30:55 +07:00
Marcel Klehr	3ac14af26b	fix(TaskProcessing): Set up fs in getFileContentsInternal Signed-off-by: Marcel Klehr <mklehr@gmx.net>	2024-11-26 11:07:20 +07:00
skjnldsv	b15fdfd40e	chore(profile): move profile app from core to apps Signed-off-by: skjnldsv <skjnldsv@protonmail.com>	2024-11-14 10:25:02 +07:00
John Molakvoæ	452e4be4f5	Merge pull request #46222 from nextcloud/fix/task-processing-api-controller/dont-use-plus	2024-11-06 09:02:23 +07:00
provokateurin	77114fb327	fix(OpenAPI): Adjust array syntax to avoid ambiguities Signed-off-by: provokateurin <kate@provokateurin.de>	2024-11-05 09:58:11 +07:00
Ferdinand Thiessen	c84c256261	fix: Adjust preview for view-only shares Previously there was a different behavior for public shares (link-shares) and internal shares, if the user disabled the view permission. The legacy UI for public shares simply "disabled" the context menu and hided all download actions. With Nextcloud 31 all share types use the consistent permissions attributes, which simplifies code, but caused a regression: Images can no longer been viewed. Because on 30 and before the attribute was not set, previews for view-only files were still allowed. Now with 31 we need a new way to allow "viewing" shares. So this is allowing previews for those files, but only for internal usage. This is done by settin a special header, which only works with custom requests, and not by opening the URL directly. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-10-28 15:52:27 +07:00
dependabot[bot]	bb598c8451	chore(deps): Bump nextcloud/coding-standard in /vendor-bin/cs-fixer Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 1.3.1 to 1.3.2. - [Release notes](https://github.com/nextcloud/coding-standard/releases) - [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md) - [Commits](https://github.com/nextcloud/coding-standard/compare/v1.3.1...v1.3.2) --- updated-dependencies: - dependency-name: nextcloud/coding-standard dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: provokateurin <kate@provokateurin.de>	2024-10-19 07:57:35 +07:00
Julius Knorr	606241caeb	chore(legacy): Introduce public version ct plass and drop version methods from OC_Util Signed-off-by: Julius Knorr <jus@bitgrid.net>	2024-09-20 14:53:34 +07:00
provokateurin	9836e9b164	chore(deps): Update nextcloud/coding-standard to v1.3.1 Signed-off-by: provokateurin <kate@provokateurin.de>	2024-09-19 14:21:20 +07:00
Anna Larch	8af7ecb257	chore: adjust code to adhere to coding standard Signed-off-by: Anna Larch <anna@nextcloud.com>	2024-09-05 21:23:38 +07:00
Daniel Kesselberg	af6de04e9e	style: update codestyle for coding-standard 1.2.3 Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2024-08-25 19:34:58 +07:00
provokateurin	e77d6c913d	fix(core): Limit valid avatar sizes Signed-off-by: provokateurin <kate@provokateurin.de>	2024-08-14 09:29:30 +07:00
Julius Härtl	1aa29441e3	fix: Add direct parameter to flow auth v2 Signed-off-by: Julius Härtl <jus@bitgrid.net>	2024-08-05 12:13:52 +07:00
Julius Härtl	a6d421e767	chore: Remove deprecated legacy search backend Signed-off-by: Julius Härtl <jus@bitgrid.net>	2024-08-01 12:33:18 +07:00
provokateurin	bc5c0262af	refactor(core): Make all attribute arguments named Signed-off-by: provokateurin <kate@provokateurin.de>	2024-07-27 22:36:18 +07:00
provokateurin	c57c3c1573	refactor(core): Replace security annotations with respective attributes Signed-off-by: provokateurin <kate@provokateurin.de>	2024-07-26 07:30:45 +07:00
Kate	a9b77c3d12	Merge pull request #46761 from nextcloud/fix/core/document-csrf-token-endpoint	2024-07-26 07:13:26 +07:00

1 2 3 4 5 ...

779 Commits (dcc6c1956ac7d6d5cf4781cb00a1055dee47d599)