sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
82,231 Commits
620 Branches
1167 Tags
9.0 GiB
Commit Graph

779 Commits (dcc6c1956ac7d6d5cf4781cb00a1055dee47d599)

Author SHA1 Message Date
Marcel Klehr 8968573d9f enh(TextToImage): Add getExpectedRuntime to IProvider and run tasks during request lifetime if possible 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-10-20 12:17:17 +07:00
Marcel Klehr 92cc171a61 fix(TextToImage): Fix OpenAPI definitions 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-10-19 11:07:03 +07:00
Marcel Klehr 6238aca6c5 fix(TextToImage): Fix bruteforce protection 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-10-18 14:46:40 +07:00
Marcel Klehr e57e94e11a fix(TextToImage): Add bruteforce protection to API 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-10-18 14:09:19 +07:00
Marcel Klehr d3da49de44 fix(TextToImage): Fix docblock of getImage route 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-10-18 13:31:00 +07:00
Marcel Klehr c5fbe5a7bc enh(TextToImage): Add bruteforce protection for anonymous API usage 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-10-18 13:31:00 +07:00
Marcel Klehr e5efbc88d8 enh(TextToImage): Address review comments 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-10-18 13:21:50 +07:00
Marcel Klehr 1e36d74c3e Update core/Controller/TextToImageApiController.php 
Co-authored-by: Julius Härtl <jus@bitgrid.net>
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-10-18 13:21:50 +07:00
Marcel Klehr 2d44c7c1ed Small fixes 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-10-18 13:21:50 +07:00
Marcel Klehr c8cab9d2fd Implement TextToImage OCP API 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-10-18 13:21:50 +07:00
Ferdinand Thiessen 154a9989a7
Merge pull request #39852 from nextcloud/pragmaHeader 
Stop sending deprecated Pragma header
 2023-10-18 03:30:21 +07:00
Julien Veyssier c6da99474e
rename oauth2_access_token's created_at to code_created_at 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-10-05 14:24:02 +07:00
Julien Veyssier 807f173dec
make oauth2 authorization code expire after 10 minutes 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-10-05 14:24:02 +07:00
Joas Schilling c88b02abff
Merge pull request #40660 from nextcloud/bugfix/noid/fix-missing-user-status-on-autocomplete-api 
fix(autocomplete): Fix missing user status on autocomplete endpoint
 2023-10-04 10:12:14 +07:00
Joas Schilling a7018bc5e8
fix(autocomplete): Fix missing user status on autocomplete endpoint 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-09-28 14:02:18 +07:00
Christoph Wurst dbd666e82b
fix(unifiedsearch): Allow searching for "0" 
empty("0") evaluates to true

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-09-28 10:53:07 +07:00
jld3103 c2d45cb172
Add single status code descriptions for OpenAPI 
Signed-off-by: jld3103 <jld3103yt@gmail.com>
 2023-09-27 08:05:21 +07:00
Côme Chilliet f68d4f7300
Remove deprecated methods Util::writeLog and DIContainer::log 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-09-25 10:37:12 +07:00
jld3103 c72ca72cde
core: Fix OCM OpenAPI 
Signed-off-by: jld3103 <jld3103yt@gmail.com>
 2023-09-23 13:00:58 +07:00
Maxence Lange b5dcd048ae small fixes 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2023-09-20 08:23:45 +07:00
Maxence Lange 8b9e7e235d ocm controller 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2023-09-20 08:23:45 +07:00
jld3103 79b8b5c0f2
core: Fix OpenAPI for reference API 
Signed-off-by: jld3103 <jld3103yt@gmail.com>
 2023-09-14 15:49:13 +07:00
jld3103 8b9b637ec6
ProfileApi: Fix typo 
Signed-off-by: jld3103 <jld3103yt@gmail.com>
 2023-09-03 11:45:48 +07:00
Joas Schilling 25309bcb45
techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-08-28 15:50:45 +07:00
Git'Fellow 066f6ef16c Stop sending deprecated Pragma header 
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
 2023-08-28 15:11:22 +07:00
John Molakvoæ 266fb31180
fix(tests): preview phpunit 
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
 2023-08-17 18:58:21 +07:00
John Molakvoæ 28725c46a8
feat: redirect to the mime icon if no preview available 
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
 2023-08-17 18:56:38 +07:00
jld3103 902e0396e0
Fix text processing OpenAPI 
Signed-off-by: jld3103 <jld3103yt@gmail.com>
 2023-08-11 11:37:56 +07:00
Julien Veyssier f154fe7f8e
fix psalm issue 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-08-07 18:28:58 +07:00
Julius Härtl fca1c309a0
feat: Add delete task API 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2023-08-07 13:27:53 +07:00
Julien Veyssier 41b19cf969
allow anon text processing scheduling 
add a textprocessing_tasks index
convert anotations to method attributes
refactor TP manager
add mapper methods

Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-08-07 13:27:53 +07:00
Julien Veyssier 9986e02097
start implementing ocs endpoint to get task list from user+appId+identifier 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-08-07 13:27:53 +07:00
jld3103 dca22c1d2c core: Document text processing API 
Signed-off-by: jld3103 <jld3103yt@gmail.com>
 2023-07-31 14:09:12 +07:00
Marcel Klehr 7c80d66ee5
Merge pull request #38854 from nextcloud/enh/llm-api 2023-07-21 11:20:31 +07:00
Marcel Klehr 6d568b0d32 Fix tests: Adjust constructor signature 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-07-19 17:33:11 +07:00
Marcel Klehr 7389567c7d Remove Task::factory method 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-07-19 13:15:14 +07:00
Joas Schilling 0d51d8fbcb
fix(core): Add password confirmation requirement for getapppassword 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-07-17 12:07:22 +07:00
Marcel Klehr 95d2d3af5c Fix psalm errors 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-07-14 16:10:39 +07:00
Marcel Klehr ffe27ce14c Massive refactoring: Turn LanguageModel OCP API into TextProcessing API 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-07-14 16:00:31 +07:00
jld3103 1be836273d
core: Add OpenAPI spec 
Signed-off-by: jld3103 <jld3103yt@gmail.com>
 2023-07-13 07:24:15 +07:00
Marcel Klehr bd45c436eb
Update core/Controller/LanguageModelApiController.php 
Co-authored-by: Kate <26026535+provokateurin@users.noreply.github.com>
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-07-11 15:28:37 +07:00
Marcel Klehr d430cbbfca
Update core/Controller/LanguageModelApiController.php 
Co-authored-by: Kate <26026535+provokateurin@users.noreply.github.com>
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-07-11 15:28:22 +07:00
Marcel Klehr 48c8206538 Fix openapi docs 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-07-11 14:37:14 +07:00
Marcel Klehr b7c3b50e41
Update core/Controller/LanguageModelApiController.php 
Co-authored-by: Kate <26026535+provokateurin@users.noreply.github.com>
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-07-11 12:41:31 +07:00
Marcel Klehr 49ea56b306 LanguageModelApiController: Use jsonSerialize method to help psalm 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-07-07 13:39:10 +07:00
Marcel Klehr a4578cd995 cs:fix 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-07-07 13:39:10 +07:00
Marcel Klehr ea4dc4cba8 LLM OCP API: Fix OpenApi docs 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-07-07 13:39:10 +07:00
Marcel Klehr de1cfaae9c LLM OCP API: Fix psalm issues 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-07-07 13:39:10 +07:00
Marcel Klehr 61b9b4f474 LLM OCS API: Add OpenAPI docs 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-07-07 13:39:10 +07:00
Marcel Klehr d33b7a8da4 LLM OCS API: s/tasks/tasktypes/ 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-07-07 13:39:10 +07:00
Marcel Klehr d6d4e0ffe3 LLM OCP API: Fix psam errors 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-07-07 13:39:10 +07:00
Marcel Klehr f7e1e79880 LLM OCP API: Fix security issue 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-07-07 13:39:10 +07:00
Marcel Klehr 94fcf88892 LLM OCP API: Fix copyright 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-07-07 13:39:10 +07:00
Marcel Klehr b00a9a6eae LLM OCP API: Use OCP\Common\Exception\NotFoundException 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-07-07 13:39:10 +07:00
Marcel Klehr 795b097122 LLM OCP API: Implement ocs API 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-07-07 13:39:10 +07:00
Faraz Samapoor 4ce7173f7e Update core/Controller/SetupController.php 
Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>
 2023-06-20 10:38:46 +07:00
Faraz Samapoor 2800436948 Applies agreed-upon indentation convention to the changed controllers. 
Based on https://github.com/nextcloud/server/pull/38636#discussion_r1218167753

Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>
 2023-06-20 10:38:46 +07:00
Faraz Samapoor 9eedeb4012 Refactors controllers by using PHP8's constructor property promotion. 
Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>
 2023-06-20 10:38:46 +07:00
Faraz Samapoor d64aa85b04 Applies agreed-upon indentation convention to the changed controllers. 
Based on https://github.com/nextcloud/server/pull/38636#discussion_r1218167753

Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>
 2023-06-16 19:29:40 +07:00
Faraz Samapoor 73b7096850 Fixes psalm error. 
Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>
 2023-06-16 19:29:40 +07:00
Faraz Samapoor 468aefc649 Fixes php-cs-fixer error. 
Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>
 2023-06-16 19:29:40 +07:00
Faraz Samapoor 4bf610ebaf Refactors controllers by using PHP8's constructor property promotion. 
Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>
 2023-06-16 19:29:40 +07:00
Faraz Samapoor fc0e2a938f Applies agreed-upon indentation convention to the changed controllers. 
Based on https://github.com/nextcloud/server/pull/38636#discussion_r1218167753

Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>
 2023-06-05 18:35:32 +07:00
Faraz Samapoor 25cdc35473
Update core/Controller/AppPasswordController.php 
Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>
 2023-06-05 18:26:27 +07:00
Faraz Samapoor 05784c3244
Update core/Controller/CollaborationResourcesController.php 
Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>
 2023-06-05 16:45:21 +07:00
Faraz Samapoor 2713ab023f
Update core/Controller/AppPasswordController.php 
Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>
 2023-06-05 16:45:01 +07:00
Faraz Samapoor 450bf5c99e Refactors controllers by using PHP8's constructor property promotion. 
Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>
 2023-06-04 23:20:35 +07:00
Faraz Samapoor a1ef0285f8 Refactors "strpos" calls in /core to improve code readability. 
Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>
 2023-06-02 13:13:19 +07:00
Joas Schilling 7ee81b6555
fix(lostpassword): Also rate limit the setPassword endpoint 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-05-15 09:21:07 +07:00
Joas Schilling 9d6ec68b59
feat(translation): Return the detected language so clients can show more details 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-05-02 16:38:33 +07:00
Joas Schilling e5d0ff0c19
feat(translation): Allow guests to use translations as well 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-04-13 09:02:46 +07:00
Joas Schilling 032821d2b5
fix(translation): Use 400 as status code to be distinguishable from server errors 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-04-13 09:02:42 +07:00
Joas Schilling b7c1e61d0b
fix(translation): Properly set the numbers as HTTP status code 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-04-13 09:02:38 +07:00
Joas Schilling 21b056ee2d
fix(translation): Translate error messages on translations API 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-04-13 08:53:15 +07:00
Côme Chilliet 5063b76c8a
Merge pull request #37495 from joshtrichards/jr-trim-pw-reset-username 
Trim the user/email provided for password resets
 2023-04-05 11:36:53 +07:00
Josh Richards 9899b12478
Trim user earlier 
Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
 2023-04-04 10:03:15 +07:00
Christopher Ng 7bc8b543be Improve handling of profile fields 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2023-03-30 17:11:41 +07:00
Josh Richards 203b9131ec
Trim the user/email provided for password resets 
Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
 2023-03-30 11:59:13 +07:00
jld3103 02f9c3a06f
Use implementations instead of interfaces for accessing private methods 
Signed-off-by: jld3103 <jld3103yt@gmail.com>
 2023-03-30 12:33:46 +07:00
Git'Fellow cfd7a57184 Send header to all browsers under HTTPS 
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>

Don't send Clear-Site-Data to Safari

Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>

Fix lint

Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
 2023-03-26 15:29:01 +07:00
jld3103 79507435fa
Fix controller class import for autocomplete 
Signed-off-by: jld3103 <jld3103yt@gmail.com>
 2023-03-16 09:50:43 +07:00
Julius Härtl a0ecc37d03
fix(translation): Allow regular users to use translation api endpoints 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2023-02-28 09:29:57 +07:00
Julius Härtl 3e63298381
feat(translations): Add translation provider API 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2023-02-27 16:52:03 +07:00
MichaIng 0d67fc23f4
Merge pull request #36634 from nextcloud/fix/client-login-flow/state-token-missing-response 
fix(client-login-flow): Use correct response for missing state token
 2023-02-27 16:34:07 +07:00
Julien Veyssier 01cefbd6d6
[reference preview] fix getting null mimetype if the cached reference lacks an image content type 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-02-22 12:39:26 +07:00
Simon L a747be3544
Merge pull request #36443 from nextcloud/fix/23063/fix-login-log-entry 
fix the login log entry
 2023-02-15 18:13:59 +07:00
Christoph Wurst 024adc14b1
fix(client-login-flow): Use correct response for missing state token 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-02-09 14:11:28 +07:00
Joas Schilling 59578817f5
Merge pull request #36489 from nextcloud/bugfix/noid/brute-force-protection-password-reset 
Add bruteforce protection to password reset page
 2023-02-06 22:12:25 +07:00
Christoph Wurst 88d116ba84
fix(client-login-flow): Handle missing stateToken gracefully 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-02-06 09:42:15 +07:00
Joas Schilling 704eb3aa6c
Add bruteforce protection to password reset page 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-02-02 06:13:49 +07:00
Simon L 6496748971 fix the login log entry 
Signed-off-by: Simon L <szaimen@e.mail.de>
 2023-01-30 17:07:44 +07:00
Christoph Wurst 7269766e05
Merge pull request #36363 from nextcloud/feat/app-framework/usesession-attribute 
feat(app-framework): Add UseSession attribute to replace annotation
 2023-01-27 16:59:14 +07:00
Julien Veyssier 8766e4f242
handle and return touchProvider errors 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-01-27 11:10:56 +07:00
Julien Veyssier 946a1af9fd
add 'last used timestamp' management for reference providers 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-01-27 11:10:56 +07:00
Julien Veyssier 6431c5a559
extend the reference API for the new link picker 
- add 2 interfaces for discoverable and searchable reference providers
- new OCS route to get info on discoverable/searchable reference providers
- new abstract ADiscoverableReferenceProvider that only implements jsonSerialize
- listen to RenderReferenceEvent to inject provider list with initial state

Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-01-27 11:10:55 +07:00
Christoph Wurst 20e00cdf17
feat(app-framework): Add UseSession attribute to replace annotation 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-27 09:40:35 +07:00
Côme Chilliet f5c361cf44
composer run cs:fix 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-20 11:45:08 +07:00
Simon L 06a572ff55
Merge pull request #27492 from cyclops8456/feature/24301-remove-can-install-on-occ-maintenance-install 
Remove the CAN_INSTALL file when occ maintenance:install is complete
 2023-01-18 19:53:02 +07:00
Christoph Wurst 20fcfb5739
feat(app framework)!: Inject services into controller methods 
Usually Nextcloud DI goes through constructor injection. This has the
implication that each instance of a class builds the full DI tree. That
is the injected services, their services, etc. Occasionally there is a
service that is only needed for one controller method. Then the DI tree
is build regardless if used or not.

If services are injected into the method, we only build the DI tree if
that method gets executed.

This is also how Laravel allows injection.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-18 14:00:38 +07:00
Christoph Wurst f22101d421
Fix login loop if login CSRF fails and user is not logged in 
If CSRF fails but the user is logged in that they probably logged in in
another tab. This is fine. We can just redirect.
If CSRF fails and the user is also not logged in then something is
fishy. E.g. because Nextcloud contantly regenrates the session and the
CSRF token and the user is stuck in an endless login loop.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-18 09:39:17 +07:00
Alex Harpin 644df591b1 Rename canInstallExists method and add new method for removal 
Rename canInstallExists to shouldRemoveCanInstallFile to cover removal of this file for non-git channels and logging any failure to remove it.

Add new method to detect if this file exists during web based installation.

Signed-off-by: Alex Harpin <development@landsofshadow.co.uk>
 2023-01-10 11:59:06 +07:00
Alex Harpin 72af140723 Move CAN_INSTALL check to method and remove unlink from SetupController 
Move the check for the CAN_INSTALL file in the config directory to a method in the Setup class and remove the call to unlink from the SetupController as this in now handled in the Setup class.

Signed-off-by: Alex Harpin <development@landsofshadow.co.uk>
 2023-01-10 11:59:06 +07:00
Joas Schilling b4a29644cc
Add a const for the max user password length 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-01-04 11:23:43 +07:00
Joas Schilling 9cfaf27142
Also limit the password length on reset 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-01-03 16:36:01 +07:00
Christoph Wurst 138deec333
chore: Make the LoginController strict 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2022-12-15 10:52:28 +07:00
Daniel Kesselberg b5f6ecfb00 Fix GH-33187 
$this->userId is null when loggedin via app password.

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2022-12-12 19:12:18 +07:00
Richard Steinmetz fc4dd3041c
Fix default redirect on successful WebAuthn login 
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
 2022-12-05 12:51:53 +07:00
Simon L 23f336761e
Merge pull request #35385 from pulsejet/patch-previewtype 
Fix type of PreviewController::$userId
 2022-12-03 19:09:37 +07:00
Carl Schwan 6c76443e89 Revert unrelated change from #34940 
Probably a left over from an experience that I added by mistake in the
change

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-12-02 11:29:38 +07:00
Varun Patil 136b2c5949 Fix type of PreviewController::$userId 
Can be null if not logged in; currently crashes

Signed-off-by: Varun Patil <varunpatil@ucla.edu>
 2022-11-24 02:33:31 +07:00
Carl Schwan 86d9626901 Add mastodon personal info field 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-11-21 16:28:56 +07:00
Julius Härtl 8629d8e44f
Check share attributes on preview endpoints 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-10-25 11:35:31 +07:00
Julius Härtl 11bedf1c3b
Use proper error pages instead of always redirecting 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-10-21 15:12:21 +07:00
John Molakvoæ (skjnldsv) bd303388e3
Cleanup ie and old edge properties 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2022-10-19 10:02:51 +07:00
Côme Chilliet 71ee292650 Add rate limiting on lost password emails 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-10-18 14:49:02 +07:00
Julien Veyssier 6e03d99ab8
fix reference preview endpoint when no server-side cache configured 
Signed-off-by: Julien Veyssier <eneiluj@posteo.net>
 2022-10-13 15:18:21 +07:00
Joas Schilling 0642d17e4f
Fix URLs on reference resolving 
The vue-richtext app currently sends leading spaces if they are in the text.

Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-09-30 09:40:43 +07:00
Julius Härtl f4a2ab137b Add cache header for image endpoint if link previews 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-09-28 13:21:28 +07:00
Julius Härtl 5fa7563bf9
Add endpoint to fetch a cachable reference data 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-09-26 17:44:49 +07:00
Carl Schwan 66a7a89898 Add api to load additional section in profile page 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-09-14 12:55:40 +07:00
Carl Schwan bc9a488046
Update avatars on update 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-09-09 14:23:41 +07:00
Carl Schwan 76d0165330
Dark theme for guest avatar 
And better caching policy

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-09-09 13:37:51 +07:00
Carl Schwan f98ae2b5b0
Avatar new style 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-09-09 13:37:51 +07:00
Christopher Ng f44d2586b1 Remake profile picture saving with Vue 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2022-09-02 02:22:57 +07:00
Julius Härtl 1ab66988bc
Inject all dependnencies and increase cache timeout 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-08-31 18:02:57 +07:00
Julius Härtl 80f6a5834a
Refactor cache handling 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-08-31 16:24:35 +07:00
Julius Härtl a392235e23
Cleanup 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-08-31 16:24:33 +07:00
Julius Härtl 0ce0d37ac1
Implement image caching 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-08-31 16:20:06 +07:00
Julius Härtl de3e541fde
API for fetching reference metadata 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-08-31 16:20:05 +07:00
Joas Schilling 85eb3b2920
Fix wording of undeliverable push notifications 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-08-31 12:42:31 +07:00
Christopher Ng 9ba11ecefd Improve handling of profile page 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2022-08-22 19:28:35 +07:00
NoSleep82 b03aedf128
Update core/Controller/LostController.php 
Co-authored-by: John Molakvoæ <skjnldsv@users.noreply.github.com>
Signed-off-by: NoSleep82 <52562874+NoSleep82@users.noreply.github.com>
 2022-08-21 13:16:23 +07:00
NoSleep82 61548c520b
Update LostController.php 
i would be useful to know who is trying to reset the password (misspelled username or email, ex user or some sort of attack)

Signed-off-by: NoSleep82 <52562874+NoSleep82@users.noreply.github.com>
 2022-08-19 18:30:32 +07:00
Carl Schwan 253118298d Redesign guest pages for better accessibility 
- Use white box and put content on it
- Improve focus indicator

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-07-27 10:43:21 +07:00
Christopher Ng 92500e810f Identify the login page explicitly by the page title 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2022-07-20 23:55:50 +07:00
Thomas Citharel abe5ff3654
Make LostController use IInitialState and LoggerInterface 
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2022-06-10 16:41:41 +07:00
Thomas Citharel 44e13848a1
Add password reset typed events 
These hooks are only used in the Encryption app from what I can see.

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2022-06-10 16:41:41 +07:00
Christopher Ng 57c66bf7cb Use Image class from public API 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2022-06-02 00:37:36 +07:00
Carl Schwan b70c6a128f Update core to PHP 7.4 standard 
- Typed properties
- Port to LoggerInterface

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-05-20 22:18:06 +07:00
Joas Schilling 6084d691b0
Merge pull request #32375 from nextcloud/bugfix/noid/show-user-account-on-grant-loginflow-step 
Show user account on grant loginflow step
 2022-05-16 11:18:22 +07:00
Joas Schilling db1813f640
Show user account on grant loginflow step 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-05-13 10:50:30 +07:00
Thomas Citharel 232322fe06
Modernize contacts menu 
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2022-05-12 18:31:59 +07:00
John Molakvoæ 3c6253f965
Remove old legacy SvgController and IconsCacher 
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
 2022-05-10 23:24:07 +07:00
Joas Schilling 6e4d721278
Expose shareWithDisplayNameUnique also on autocomplete endpoint 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-05-03 12:51:23 +07:00
Vincent Petry 576e4e8f2a
Merge pull request #31592 from nextcloud/fix/direct-arg-flow-v2 
Add direct arg to login flow
 2022-03-29 18:21:40 +07:00
Vincent Petry 80388663af Add direct arg to login flow 
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
Co-Authored-by: Carl Schwan <carl@carlschwan.eu>
 2022-03-28 10:28:45 +07:00
Joas Schilling 5f75d2e104
Remove old shortening 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-03-23 21:42:29 +07:00
Joas Schilling a0c7798c7d
Limit the length of app password names 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-03-23 10:47:56 +07:00
Christopher Ng 1fc0b4320c Add global profile toggle config 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2022-03-18 02:55:12 +07:00
Carl Schwan 36721a8d0d Fix caching of the user avatar 
Now on firefox/safari it is only refetched once a day. On Chrom{e,ium}
we keep the previous behavior of maybe refetching it more often.

This also notify the user about this behavior when they upload an avatar
picture.

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-02-25 14:24:07 +07:00
Carl Schwan 7dddbd0c35 Improve caching policy 
* Cache css with version in url. This makes most js and css requests to
  be cached by the browser

* Force caching previews, the etag is in the url so that if the propfind
  gives a new etag, we will refresh it otherwise it's no use to try to
  fetch the new etag and do tons of DB queries

Tested with firefox and 'debug' => false (important so that the js/css
urls are generated with ?v= parameter)

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-02-16 11:35:57 +07:00
Joas Schilling 6dd60b6d30
Only allow avatars in 64 and 512 pixel size 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-02-07 16:47:51 +07:00
Christopher Ng 22768769c3 Improve installation pages 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2022-01-14 19:59:46 +07:00
John Molakvoæ (skjnldsv) b664aad7ab
Move bundles to /dist 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2022-01-08 10:11:58 +07:00
John Molakvoæ bfaeb6ae64
Merge pull request #29531 from nextcloud/bugfix/noid/flow-auth-v2-apptoken 2021-12-30 08:14:23 +07:00
Julius Härtl e00173a71b
Also pass user on flow v2 landing 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2021-12-29 11:52:31 +07:00
Julius Härtl 61dd1d3d97
Pass username prefill through unauthenticated request redirects 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2021-12-29 11:52:31 +07:00
Julius Härtl aa3f4bdf63
Allow using an app token to login with v2 flow auth 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2021-12-03 08:37:42 +07:00
Christopher Ng be5b9e36cd Hide user status from public 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2021-11-23 22:58:44 +07:00
Côme Chilliet 5a20e20e9e
Fix errors in AvatarController when data() returns null 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2021-11-23 09:29:01 +07:00
Christoph Wurst c8caba265f
Explicitly allow some routes without 2FA 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-11-17 18:42:21 +07:00
Joas Schilling fa036b2001
Move common logic to share manager 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-11-09 10:10:53 +07:00
Christopher Ng f4307ef4b1 Respect user enumeration settings on profile 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2021-11-05 21:33:03 +07:00
Vitor Mattos d613b32045
add check isFairUseOfFreePushService on login 
Signed-off-by: Vitor Mattos <vitor@php.rio>
 2021-10-23 00:54:50 +07:00
Joas Schilling 3ce3c0f117
Add an OCS endpoint for the hovercard contact actions 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-10-20 10:22:40 +07:00
Christopher Ng 309354852f Profile backend 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2021-10-19 04:59:35 +07:00
Julius Härtl d68f028251
Merge pull request #27733 from PhrozenByte/enhancement/noid/IURLGenerator-linkToDefaultPageUrl 2021-10-05 13:06:59 +07:00
Pytal 3a94d7c2ea
Merge pull request #28794 from nextcloud/fix/noid/guest-activation-pwd-reset-disabled 
allow using of disabled password reset mechanism for special cases
 2021-09-14 18:29:10 +07:00
Arthur Schiwon a843d3c5db
allow using of disabled password reset mechanism for special cases 
- LostController has three endpoints
- door opener email() still rejects
- resetform(), reachable from mail, checks the token first and may report
  that password reset is disabled
- setPassword() got its check removed as it is behind CSFR anyway and still
  requires a valid token
- this allows special cases like activating a freshly created guest account

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2021-09-10 22:48:16 +07:00
Arthur Schiwon 6857136f06
fixes missing prefix to validate password reset token 
- also fixes the test which missed asserting the presence of it

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2021-09-10 19:06:50 +07:00
Arthur Schiwon a20de15b43
add a job to clean up expired verification tokens 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2021-09-09 14:03:35 +07:00
Arthur Schiwon 19cc757531
move verification token logic out of lost password controller 
- to make it reusable
- needed for local email verification

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2021-09-09 14:03:29 +07:00
Lukas Reschke 2994dbe215
Fix codestyle 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2021-09-06 10:53:01 +07:00
Lukas Reschke dd054b2ee8
Check if SVG path is valid 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2021-09-06 10:46:12 +07:00
Christoph Wurst 4b0e18ae1b
Merge pull request #27294 from pjft/patch-2 
Update TwoFactorChallengeController.php
 2021-08-19 12:40:40 +07:00
Jonas Meurer 7c76e85dde
Use IURLGenerator function to get value of `\OC::$WEBROOT` global 
Signed-off-by: Jonas Meurer <jonas@freesources.org>
 2021-08-16 10:56:47 +07:00
Jonas Meurer 5f5bacde8f
UnifiedSearchController: strip webroot from URL before finding a route 
This should fix route matching in UnifiedSearchController on setups with
Nextcloud in a subfolder (webroot).

Fixes: #24144
Signed-off-by: Jonas Meurer <jonas@freesources.org>
 2021-08-16 10:56:25 +07:00
Daniel Rudolf 4d7430949a
Remove usage of \OC_Util::getDefaultPageUrl() and \OC_Util::redirectToDefaultPage() 
Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
 2021-08-04 19:02:57 +07:00
Daniel Rudolf aa455e71d9
Merge branch 'master' into enhancement/noid/IURLGenerator-linkToDefaultPageUrl 2021-08-04 18:52:55 +07:00
Daniel Rudolf e478db9161
Deprecate RedirectToDefaultAppResponse 
Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
 2021-07-01 15:13:08 +07:00
Gary Kim b78f3a57d1
Migrate HintException to OCP 
Signed-off-by: Gary Kim <gary@garykim.dev>
 2021-06-30 15:28:02 +07:00
Daniel Rudolf 12059eb65b
Add IUrlGenerator::linkToDefaultPageUrl() 
Replaces the deprecated \OC_Util::getDefaultPageUrl() and makes this API public.

Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
 2021-06-30 16:20:57 +07:00
pjft b1086e25bb Add logging to 2FA failure 
For security reasons, we may want to monitor failures of 2FA challenges in order to ban attackers who might try to access compromised accounts but are stopped by the 2FA challenge.
Right now, the only hindrance is rate-limiting, but it's probably not enough.
Added dependency injection.

Signed-off-by: pjft <paulo.j.tavares@gmail.com>
 2021-06-21 20:43:12 +07:00
Julius Härtl c0474ba364
Use product name in places where it is appropriate rather than the instance name 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2021-06-16 11:42:53 +07:00
Morris Jobke 2ae60b42ab
Merge pull request #26494 from rigrig/fix-php8-deprecations 
Fix some php 8 warnings
 2021-06-07 23:30:59 +07:00
John Molakvoæ (skjnldsv) 215aef3cbd
Update php licenses 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2021-06-04 22:02:41 +07:00
Richard de Boer f23d057ad9 Fix functions taking optional parameters before required ones 
PHP 8 shows deprecation warnings about this, see #25806
Removes the "default" values, as they actually are required parameters anyway.

Signed-off-by: Richard de Boer <git@tubul.net>
 2021-05-29 14:14:52 +07:00
Joas Schilling 69290781ff Handle device login like an alternative login 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-04-20 09:11:33 +07:00
Roeland Jago Douma b43e21d186
Merge pull request #26401 from nextcloud/enh/handle-avatar-upload-errors 
Show informative errors on avatar upload error
 2021-04-08 16:12:36 +07:00
Robin Appelman c232a40bdf
remove leftover debug @NoCSRFRequired introduced with #26198 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2021-04-01 13:51:53 +07:00
Julien Veyssier 7b69897474
show informative errors in log and UI on avatar upload error in user settings 
Signed-off-by: Julien Veyssier <eneiluj@posteo.net>
 2021-04-01 11:55:13 +07:00
Robin Appelman b38618c813
use node search api for legacy file search endpoint 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2021-03-19 16:08:01 +07:00
Roeland Jago Douma 4076dfb019 Allow admins to disable the login form 
In case they want to not allow this because they use SSO (and do not
want the users to enter their credentials there by accident).

?direct=1 still works.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2021-03-08 15:36:47 +07:00
Christoph Wurst 7be2ce82e7
Merge pull request #25544 from nextcloud/refactor/app-password-created-event 
Move app_password_created to a typed event
 2021-03-02 08:18:59 +07:00
Christoph Wurst 5026d2cca1
Merge pull request #25086 from nextcloud/dependabot/composer/nextcloud/coding-standard-0.5.0 
Bump nextcloud/coding-standard from 0.3.0 to 0.5.0
 2021-02-18 14:05:54 +07:00
dependabot-preview[bot] eb502c02ff
Bump nextcloud/coding-standard from 0.3.0 to 0.5.0 
Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 0.3.0 to 0.5.0.
- [Release notes](https://github.com/nextcloud/coding-standard/releases)
- [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nextcloud/coding-standard/compare/v0.3.0...v0.5.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-02-18 13:31:24 +07:00
Joas Schilling 6ed4aaeeea
Send emails on password reset to the displayname 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-02-18 12:38:43 +07:00
Joas Schilling 83755b7b02
Make new result parts optional 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-02-12 16:21:47 +07:00
Christoph Wurst f8808e260d
Move app_password_created to a typed event 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-02-09 18:49:35 +07:00
Julius Härtl d7a80293ab
Keep direct login active when redirecting 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2021-02-01 14:25:56 +07:00