sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
75,485 Commits
651 Branches
1175 Tags
9.5 GiB
Commit Graph

716 Commits (e1e4ee4d677ac8a491c6afb150b9f7b46473d196)

Author SHA1 Message Date
Jonas 9fe4edca2c
fix(ReferenceApiController): Remove accidently added AnonRateLimit 
Signed-off-by: Jonas <jonas@freesources.org>
 2024-07-17 15:38:09 +07:00
Jonas 1671bf3ef2
feat(Reference): Add public API endpoints to get references 
Calling the public API endpoints will check for matching registered
reference providers that implement `IPublicReferenceProvider` and call
their respective functions. If no matching provider is found, the
default `LinkReferenceProvider` will be used to provide open graph data.

The frontend reference widget components will call these endpoints from
unauthorized sessions, e.g. in public shares.

If present, the sharing token of the origin URL is passed to
`resolveReferencePublic()` as additional information for the reference
provider to determine the access scope. This allows the respective
reference providers to determine whether the origin share has access to
the linked resource.

`getCacheKeyPublic` also gets the sharing token so it can scope the cached
entry to it.

Contributes to #45978

Signed-off-by: Jonas <jonas@freesources.org>
 2024-07-17 12:56:41 +07:00
Julien CHATY-CAPELLE 2d84d0f5bf fix(core): use OC namespace for core ReponseDefinitions instead of OCA 
Signed-off-by: Julien CHATY-CAPELLE <julien@chaty-capelle.fr>
 2024-07-15 11:50:02 +07:00
Ferdinand Thiessen a229723b8c
feat: Add new forbidden filename options to Capabilities 
Allow clients to access the new filename validation options
and make frontend name validation possible.

Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de>
Co-authored-by: Kate <26026535+provokateurin@users.noreply.github.com>
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-07-11 13:31:54 +07:00
Benjamin Gaussorgues e5275dbada feat: don't count failed CSRF as failed login attempt 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-07-11 09:27:33 +07:00
provokateurin f5ff8136ac
feat(TaskProcessingApi): Add endpoint for getting the next task 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-07-01 17:11:12 +07:00
Daniel e5a6698ec0
Merge pull request #45811 from nextcloud/add-test-for-profile-page-controller 
test: add tests for ProfilePageController
 2024-06-12 14:49:03 +07:00
Daniel Kesselberg 98eb190e04
test: add tests for ProfilePageController 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2024-06-12 11:46:12 +07:00
provokateurin c8e767878d fix(core): Return X-NC-IsCustomAvatar for guest avatars too 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-06-12 10:27:29 +07:00
skjnldsv 8bed23288b fix(files_sharing): dark avatar support 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2024-06-12 10:27:29 +07:00
skjnldsv fb11672df6 fix(core): allow guest avatar fallback 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2024-06-12 10:27:29 +07:00
Arthur Schiwon 98b5cdc43d
Merge pull request #43942 from nextcloud/fix/43612/avoid-pwd-confirm-sso 
fix(Session): avoid password confirmation on SSO
 2024-06-07 11:25:36 +07:00
Arthur Schiwon 340939e688
fix(Session): avoid password confirmation on SSO 
SSO backends like SAML and OIDC tried a trick to suppress password
confirmations as they are not possible by design. At least for SAML it was
not reliable when existing user backends where used as user repositories.

Now we are setting a special scope with the token, and also make sure that
the scope is taken over when tokens are regenerated.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-06-05 19:01:13 +07:00
John Molakvoæ (skjnldsv) fc3ee65526 fix(core): unsupported browser redirect url 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2024-06-01 09:34:22 +07:00
Andy Scherzinger e07a190641
chore: Add SPDX header 
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
 2024-05-27 14:53:40 +07:00
Kate 7bc4ccba6a
Merge pull request #45354 from nextcloud/docs/taskprocessingapi/cleanup-endpoint-descriptions 2024-05-16 20:09:06 +07:00
provokateurin a8abe9d3c2
fix(TaskProcessingApi): Cleanup error handling 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-05-16 15:17:10 +07:00
provokateurin 4c375c98a4
docs(TaskProcessingApi): Set correct status code messages 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-05-16 14:57:34 +07:00
provokateurin eabbb73173
docs(TaskProcessingApi): Cleanup endpoint descriptions 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-05-16 12:43:39 +07:00
provokateurin 79e153735c
docs(TaskProcessingApi): Fix result endpoint description 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-05-16 12:43:22 +07:00
Joas Schilling ef1c32a222
Merge pull request #45317 from nextcloud/bugfix/noid/limit-maximum-number-of-search-results 
fix(search): Limit maximum number of search results
 2024-05-16 10:10:09 +07:00
Marcel Klehr f3e72aff7c
Merge pull request #45094 from nextcloud/enh/taskprocessing-api 
feat: TaskProcessing API
 2024-05-15 11:43:08 +07:00
Joas Schilling 2bd54d30e5
fix(search): Limit maximum number of search results 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-05-15 09:48:23 +07:00
Marcel Klehr a8afa7f23d fix(OCS-API): Add endpoint to list user tasks 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-05-14 11:38:41 +07:00
Marcel Klehr f3a88f04ec fix(OCS-API): No csrf required for /tasks/taskId/file/fileId 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-05-14 11:38:41 +07:00
Marcel Klehr ec94a672d7 fix(ocs): change /tasktypes response to combine optional and non-optional IO slots 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-05-14 11:38:41 +07:00
Marcel Klehr c079a61181 feat: Add cancel endpoint to OCS API 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-05-14 11:38:41 +07:00
Marcel Klehr 4d9a0eab5f fix: update openai specs 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-05-14 11:38:41 +07:00
Marcel Klehr 4a3b9b826e refactor: identifier is now customId/custom_id 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-05-14 11:38:41 +07:00
Marcel Klehr ec27c538b5 fix: address review comments 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-05-14 11:38:41 +07:00
Marcel Klehr 2c878099f1 fix: address review comments 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-05-14 11:38:40 +07:00
Marcel Klehr b85a0edc92 fix: Update autoloaders 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-05-14 11:38:40 +07:00
Marcel Klehr a5053d33c2 fix: Run cs:fix 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-05-14 11:38:40 +07:00
Marcel Klehr 8ccb29ae3b fix: psalm issues 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-05-14 11:38:40 +07:00
Marcel Klehr 6203c1c7da fix: Check if user is authorized to use the files they mentioned 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-05-14 11:38:40 +07:00
Marcel Klehr b150d779f3 refactor: rename getTaskType to getTaskTypeId 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-05-14 11:38:40 +07:00
Marcel Klehr 8e5662602a feat: Add ExApp endpoints 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-05-14 11:38:39 +07:00
Marcel Klehr 7a947980db fix: Fix psalm issues 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-05-14 11:38:39 +07:00
Marcel Klehr 3b0925a064 chore: Regenerate openapi.json 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-05-14 11:38:39 +07:00
Marcel Klehr 29cbb3cf71 chore: Run cs:fix 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-05-14 11:38:39 +07:00
Marcel Klehr b2b93e4219 feat: Add getFileContents endpoint to TaskProcessing OCS API 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-05-14 11:38:39 +07:00
Marcel Klehr 44b896f999 feat: TaskProcessing OCS API 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-05-14 11:38:39 +07:00
provokateurin dd997b6ac7
docs(preview): Improve API parameter descriptions 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-05-13 12:47:24 +07:00
Christoph Wurst 22dc27810e
fix(auth): Keep redirect URL during 2FA setup and challenge 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2024-04-19 10:24:26 +07:00
Côme Chilliet ec5133b739 fix: Apply new coding standard to all files 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-04-02 14:16:21 +07:00
Ferdinand Thiessen 3fede00732
feat(login): Clear login form (password) after IDLE timeout 
For security reasons it is recommended to stop the login process at a defined time,
this could prevent password leaks by e.g. user forgetting that they entered their password on public devices.

Enforced e.g. by the BSI ORP.4.A13 rule.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-03-25 12:22:53 +07:00
fenn-cs 2792d8b3f5 feat: Limit email input on auth pages to 255 chars 
Excessively long emails reported make server unresponsive.

We could at some point, consider adding a configuration for sysadmins to bypass this setting
on their instance if they want.

Signed-off-by: fenn-cs <fenn25.fn@gmail.com>
 2024-03-21 10:34:55 +07:00
Eduardo Morales 0de6cc7472 feat: added login's initial possible email-states 
Signed-off-by: Eduardo Morales <emoral435@gmail.com>
 2024-03-10 10:32:21 +07:00
Robin Appelman fd4ca13867
Merge pull request #43471 from nextcloud/cache-path-by-id 
Cache path by id
 2024-03-05 17:26:25 +07:00
Julius Härtl c7813bfdaf
feat: Implement team provider api 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2024-03-05 08:13:58 +07:00