sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
65,897 Commits
633 Branches
1167 Tags
8.6 GiB
Commit Graph

262 Commits (fb901b0d93da99b0a49e963a6a35fd82b7051a98)

Author SHA1 Message Date
Côme Chilliet f5c361cf44
composer run cs:fix 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-20 11:45:08 +07:00
Christoph Wurst 20fcfb5739
feat(app framework)!: Inject services into controller methods 
Usually Nextcloud DI goes through constructor injection. This has the
implication that each instance of a class builds the full DI tree. That
is the injected services, their services, etc. Occasionally there is a
service that is only needed for one controller method. Then the DI tree
is build regardless if used or not.

If services are injected into the method, we only build the DI tree if
that method gets executed.

This is also how Laravel allows injection.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-18 14:00:38 +07:00
Christoph Wurst f22101d421
Fix login loop if login CSRF fails and user is not logged in 
If CSRF fails but the user is logged in that they probably logged in in
another tab. This is fine. We can just redirect.
If CSRF fails and the user is also not logged in then something is
fishy. E.g. because Nextcloud contantly regenrates the session and the
CSRF token and the user is stuck in an endless login loop.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-18 09:39:17 +07:00
Christoph Wurst 138deec333
chore: Make the LoginController strict 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2022-12-15 10:52:28 +07:00
Julius Härtl 8629d8e44f
Check share attributes on preview endpoints 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-10-25 11:35:31 +07:00
Côme Chilliet 1cb0c2ac52 Fix LostController test 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-10-18 14:49:02 +07:00
Joas Schilling 67ecd72972
Fix unit tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-08-31 20:54:39 +07:00
Arthur Schiwon b3b6f2d581
fix Controller tests 
- added pageTitle in code was missing in expectations
- fixed warnings of superflouos parameter
- fixed wrong type of mock

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2022-07-22 22:15:41 +07:00
Thomas Citharel abe5ff3654
Make LostController use IInitialState and LoggerInterface 
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2022-06-10 16:41:41 +07:00
Thomas Citharel 6283d14fa6
Modernize the LostControllerTest test 
Remove some depreciated at() calls

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2022-06-10 16:41:41 +07:00
Thomas Citharel 44e13848a1
Add password reset typed events 
These hooks are only used in the Encryption app from what I can see.

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2022-06-10 16:41:41 +07:00
Carl Schwan b70c6a128f Update core to PHP 7.4 standard 
- Typed properties
- Port to LoggerInterface

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-05-20 22:18:06 +07:00
Joas Schilling 6084d691b0
Merge pull request #32375 from nextcloud/bugfix/noid/show-user-account-on-grant-loginflow-step 
Show user account on grant loginflow step
 2022-05-16 11:18:22 +07:00
Joas Schilling 40b9769d4d
Extend tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-05-16 10:33:30 +07:00
Thomas Citharel 232322fe06
Modernize contacts menu 
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2022-05-12 18:31:59 +07:00
John Molakvoæ 3c6253f965
Remove old legacy SvgController and IconsCacher 
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
 2022-05-10 23:24:07 +07:00
Louis Chemineau 8a2cf5bb68 Do not dispatch postSetPassword when setPassword fails 
Also Improve error message when setPassword fails

Signed-off-by: Louis Chemineau <louis@chmn.me>
 2022-05-05 17:21:23 +07:00
Joas Schilling 6e4d721278
Expose shareWithDisplayNameUnique also on autocomplete endpoint 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-05-03 12:51:23 +07:00
Vincent Petry 80388663af Add direct arg to login flow 
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
Co-Authored-by: Carl Schwan <carl@carlschwan.eu>
 2022-03-28 10:28:45 +07:00
Joas Schilling 6dd60b6d30
Only allow avatars in 64 and 512 pixel size 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-02-07 16:47:51 +07:00
Julius Härtl 61dd1d3d97
Pass username prefill through unauthenticated request redirects 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2021-12-29 11:52:31 +07:00
Côme Chilliet 8b271b8a12
Fix tests and avoid PHP errors in them 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2021-11-23 09:29:01 +07:00
Joas Schilling f8463e1fc6
Fix missing import of ILogger 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-11-02 16:47:16 +07:00
Vitor Mattos d613b32045
add check isFairUseOfFreePushService on login 
Signed-off-by: Vitor Mattos <vitor@php.rio>
 2021-10-23 00:54:50 +07:00
Julius Härtl d68f028251
Merge pull request #27733 from PhrozenByte/enhancement/noid/IURLGenerator-linkToDefaultPageUrl 2021-10-05 13:06:59 +07:00
Arthur Schiwon 6857136f06
fixes missing prefix to validate password reset token 
- also fixes the test which missed asserting the presence of it

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2021-09-10 19:06:50 +07:00
Arthur Schiwon 19cc757531
move verification token logic out of lost password controller 
- to make it reusable
- needed for local email verification

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2021-09-09 14:03:29 +07:00
Lukas Reschke 19ad636373 Resolve absolute path in tests 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2021-09-06 21:26:27 +07:00
Christoph Wurst 4b0e18ae1b
Merge pull request #27294 from pjft/patch-2 
Update TwoFactorChallengeController.php
 2021-08-19 12:40:40 +07:00
Daniel Rudolf aa455e71d9
Merge branch 'master' into enhancement/noid/IURLGenerator-linkToDefaultPageUrl 2021-08-04 18:52:55 +07:00
Daniel Rudolf e478db9161
Deprecate RedirectToDefaultAppResponse 
Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
 2021-07-01 15:13:08 +07:00
Gary Kim b78f3a57d1
Migrate HintException to OCP 
Signed-off-by: Gary Kim <gary@garykim.dev>
 2021-06-30 15:28:02 +07:00
Daniel Rudolf 0df68f0697
Remove unused imports 
Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
 2021-06-30 16:48:22 +07:00
Daniel Rudolf 12059eb65b
Add IUrlGenerator::linkToDefaultPageUrl() 
Replaces the deprecated \OC_Util::getDefaultPageUrl() and makes this API public.

Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
 2021-06-30 16:20:57 +07:00
pjft b1086e25bb Add logging to 2FA failure 
For security reasons, we may want to monitor failures of 2FA challenges in order to ban attackers who might try to access compromised accounts but are stopped by the 2FA challenge.
Right now, the only hindrance is rate-limiting, but it's probably not enough.
Added dependency injection.

Signed-off-by: pjft <paulo.j.tavares@gmail.com>
 2021-06-21 20:43:12 +07:00
Vincent Petry 95e03fba2d
Fix more controller tests in Core subdir 
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
 2021-03-24 09:02:19 +07:00
Vincent Petry 9b8ca1697a
Fix more tests in the Core subdir 
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
 2021-03-24 08:48:28 +07:00
Christoph Wurst 5026d2cca1
Merge pull request #25086 from nextcloud/dependabot/composer/nextcloud/coding-standard-0.5.0 
Bump nextcloud/coding-standard from 0.3.0 to 0.5.0
 2021-02-18 14:05:54 +07:00
dependabot-preview[bot] eb502c02ff
Bump nextcloud/coding-standard from 0.3.0 to 0.5.0 
Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 0.3.0 to 0.5.0.
- [Release notes](https://github.com/nextcloud/coding-standard/releases)
- [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nextcloud/coding-standard/compare/v0.3.0...v0.5.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-02-18 13:31:24 +07:00
Joas Schilling 6ed4aaeeea
Send emails on password reset to the displayname 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-02-18 12:38:43 +07:00
Christoph Wurst 6995223b1e
Add well known handlers API 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-12-16 13:13:05 +07:00
Christoph Wurst d9015a8c94
Format code to a single space around binary operators 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-10-05 20:25:24 +07:00
Joas Schilling c2bef528ef
Remove unused members and imports 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-09-08 10:45:35 +07:00
Joas Schilling a4b2403e29
The privacy setting is only about syncing to other servers 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-09-03 15:46:21 +07:00
Morris Jobke 234b510652
Change PHPDoc type hint from PHPUnit_Framework_MockObject_MockObject to \PHPUnit\Framework\MockObject\MockObject 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-08-12 13:55:19 +07:00
Joas Schilling 35c6b1236f
Move AutoComplete::filterResults to new event dispatcher and GenericEvent 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-07-01 09:57:33 +07:00
Arthur Schiwon 653162a709
use the loginname to verify the old password in user password changes 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2020-05-26 16:53:25 +07:00
Daniel Kesselberg df669a2936
Set etag for capabilities endpoint 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2020-04-29 15:26:46 +07:00
Daniel Kesselberg 72a16b1779
Make it possible to resolve svg for apps_paths outside the document root 
Previous implementation assumes the app path is always a child \OC::$SERVERROOT. That's not always true.

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2020-04-24 16:19:10 +07:00
Roeland Jago Douma 95ad9ab4ac
Merge pull request #20401 from nextcloud/fix/login-sso-redirct 
Fix absolute redirect
 2020-04-15 11:28:40 +07:00