nextcloud

mirror of https://github.com/nextcloud/server.git synced 2026-06-17 12:42:50 -04:00

Author	SHA1	Message	Date
Robin Appelman	361b1cffdc	fix: handle NAT64 addresses in isLocalAddress Signed-off-by: Robin Appelman <robin@icewind.nl>	2026-05-19 15:41:53 +00:00
Côme Chilliet	4fd438aad1	chore: Add missing use for PublicKeyToken Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2026-04-23 10:30:19 +02:00
Côme Chilliet	8147294776	fix: Fix type for stable27 Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2026-04-21 15:58:23 +00:00
Côme Chilliet	bb29db1f42	fix: Reduce the mixups between apptokens and session ids Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2026-04-21 15:58:23 +00:00
Joas Schilling	c996325b3e	fix(comments): Check comment object Signed-off-by: Joas Schilling <coding@schilljs.com>	2025-12-11 08:48:49 +01:00
Louis Chmn	707a98a7de	feat(EphemeralSessions): Introduce lax period Signed-off-by: Louis Chmn <louis@chmn.me>	2025-11-06 16:05:40 +01:00
Joas Schilling	b24c4f02e8	fix(2fa): Fix 2FA session setup when ephemeral session is used Signed-off-by: Joas Schilling <coding@schilljs.com>	2025-08-26 13:45:40 +00:00
Christoph Wurst	1ee1c80b19	fix(session): Only mark sessions of permanent tokens as app passwords Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2025-04-09 07:58:56 +02:00
Joas Schilling	e33b001b39	fix(auth): Allow 2FA challenges for Ephemeral sessions Signed-off-by: Joas Schilling <coding@schilljs.com>	2025-03-18 10:30:58 +01:00
Joas Schilling	948ad00b40	Merge pull request #51366 from nextcloud/backport/51361/stable26 [stable26] fix(base.php): Correct order for booting \OC\Server	2025-03-17 21:13:10 +01:00
Ferdinand Thiessen	65ce8c2d7a	fix(lookup-server): disable lookup server for non-global scale setups Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2025-03-12 12:33:46 +01:00
Ferdinand Thiessen	bbc6b46e67	fix(lookup-server): do not query data by default Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2025-03-12 12:03:50 +01:00
Joas Schilling	3d918d488f	fix(base.php): Correct order for booting \OC\Server A recent change had broken authentication with an older FastCGI Apache2 module, because the IRequest object got initialised before the fix from self::handleAuthHeaders() copied the authentication headers into the correct $_SERVER variables. Since this part is completely independent from any Nextcloud code it is now done as a first thing within the init() call. Additionally similar issues could happen when another class would boot too early and read other global PHP settings like ini values and default timezone, so those are now also moved to the beginning. Signed-off-by: Joas Schilling <coding@schilljs.com>	2025-03-10 12:39:10 +01:00
Louis Chemineau	dba818df7b	fix(login): Do not target PublicPage attribute as it does not exists Signed-off-by: Louis Chemineau <louis@chmn.me>	2025-03-05 18:05:00 +01:00
provokateurin	73705d080c	refactor(TempManager): Simplify and unify implementations and remove legacy behavior Signed-off-by: provokateurin <kate@provokateurin.de>	2025-03-04 07:54:34 +01:00
Louis Chemineau	8d0ff42e1c	fix(login): Support subfolder install for ephemeral sessions Signed-off-by: Louis Chemineau <louis@chmn.me>	2025-03-03 12:07:32 +01:00
Louis Chemineau	cc6de88dee	fix(login): Also check legacy annotation for ephemeral sessions Signed-off-by: Louis Chemineau <louis@chmn.me>	2025-03-03 12:07:32 +01:00
Louis Chemineau	242164f0fd	feat: Close sessions created for login flow v2 Sessions created during the login flow v2 should be short lived to not leave an unexpected opened session in the browser. This commit add a property to the session object to track its origin, and will close it as soon as possible, i.e., on the first non public page request. Signed-off-by: Louis Chemineau <louis@chmn.me>	2025-03-03 12:07:32 +01:00
Ferdinand Thiessen	5535a7932c	fix(sharing): Move permission validation to share manager Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2025-01-31 22:18:03 +01:00
Robin Appelman	10b6d92319	fix: fix mimetype not being updated when changing file extention on object store Signed-off-by: Robin Appelman <robin@icewind.nl>	2024-12-11 07:49:18 +00:00
Louis Chemineau	11d92d1ce1	Move oc_file_metadata.metadata migration to a background job Signed-off-by: Louis Chemineau <louis@chmn.me> Signed-off-by: Max <max@nextcloud.com>	2024-12-02 20:15:23 +01:00
Christoph Wurst	c82505366d	fix(migration): Decrypt ownCloud secrets v2 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2024-11-28 09:32:29 +00:00
ernolf	31d56c98aa	fix(share): Ensure unique share tokens - check for token collisions and retry up to three times. - throw after 3 attempts without finding a unique token. Signed-off-by: ernolf <raphael.gradenwitz@googlemail.com>	2024-09-26 10:35:32 +00:00
Côme Chilliet	6283731413	fix: Remove call to non-existing method in 28 and add missing use in test Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2024-08-27 11:17:38 +00:00
Côme Chilliet	798f9ee68e	fix: Remove shares only if there are no more common groups between users Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2024-08-27 11:17:38 +00:00
Louis Chemineau	45a90ee7a7	fix(files_sharing): Delete user shares if needed when user is removed from a group Signed-off-by: Louis Chemineau <louis@chmn.me>	2024-08-27 11:17:38 +00:00
Arthur Schiwon	c6d8aff393	fix(Token): take over scope in token refresh with login by cookie Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2024-07-29 13:48:51 +02:00
Arthur Schiwon	7335c064fc	fix(Session): avoid race conditions on clustered setups - re-stablishes old behaviour with cache to return null instead of throwing an InvalidTokenException when the token is cached as non-existing - token invalidation and re-generation are bundled in a DB transaction now Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2024-07-10 18:54:25 +02:00
Arthur Schiwon	bea11a744f	fix(Token): add FILESYSTEM scope with SCOPE_SKIP_PASSWORD_VALIDATION The scope design requires scopes to be either not specified, or specified explicitely. Therefore, when setting the skip-password-validation scope for user authentication from mechanisms like SAML, we also have to set the filesystem scope, otherwise they will lack access to the filesystem. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2024-06-25 07:37:07 +00:00
Arthur Schiwon	72feb5abcc	Merge pull request #45812 from nextcloud/backport/43942/stable26 [stable26] fix(Session): avoid password confirmation on SSO	2024-06-18 19:10:29 +02:00
Arthur Schiwon	6ea40ab742	Merge pull request #45759 from nextcloud/backport/45355/stable26 [stable26] fix: delete user credentials stored in storages_credentials when user gets deleted	2024-06-18 18:39:58 +02:00
Arthur Schiwon	06c64fdbc6	style(PHP): remove unacceptable empty lines Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2024-06-12 19:35:37 +02:00
Arthur Schiwon	0f5c8f9111	fix(Token): make new scope future compatible - "password-unconfirmable" is the effective name for 30, but a draft name was backported. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2024-06-12 19:35:37 +02:00
Arthur Schiwon	eea5e1cca2	fix(Session): avoid password confirmation on SSO SSO backends like SAML and OIDC tried a trick to suppress password confirmations as they are not possible by design. At least for SAML it was not reliable when existing user backends where used as user repositories. Now we are setting a special scope with the token, and also make sure that the scope is taken over when tokens are regenerated. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2024-06-12 19:35:37 +02:00
Louis Chemineau	9f3d1b792c	fix(files): Use isRetryable to catch retryable exceptions Signed-off-by: Louis Chemineau <louis@chmn.me>	2024-06-12 08:11:18 +00:00
yemkareems	c9c3c1422e	fix: added missing ICredentialsManager fix: added missing ICredentialsManager Signed-off-by: yemkareems <yemkareems@gmail.com>	2024-06-11 10:21:41 +05:30
yemkareems	8b1b965d3c	fix: delete user credentials stored in storages_credentials when user gets deleted Signed-off-by: yemkareems <yemkareems@gmail.com> [skip ci]	2024-06-10 12:21:03 +00:00
Arthur Schiwon	dc8332deb0	Merge pull request #45463 from nextcloud/backport/45340/stable26 [stable26] fix: Extend SVG reference check	2024-05-23 11:16:30 +02:00
Joas Schilling	eab019c8b3	fix: Correctly check result of function Signed-off-by: Joas Schilling <coding@schilljs.com>	2024-05-22 17:36:46 +02:00
Joas Schilling	350300e584	fix: Extend SVG reference check Signed-off-by: Joas Schilling <coding@schilljs.com>	2024-05-22 15:26:16 +00:00
Louis Chemineau	69bb0bf3e8	feat(files)): Add retry logic to cover deadlock situations when moving many files Signed-off-by: Louis Chemineau <louis@chmn.me>	2024-05-07 10:42:24 +02:00
Joas Schilling	404fe47820	fix(CI): Suppress psalm UndefinedClass Signed-off-by: Joas Schilling <coding@schilljs.com>	2024-04-24 09:28:24 +00:00
Joas Schilling	8689e6eb07	fix(files): Also skip cross storage move with access control Signed-off-by: Joas Schilling <coding@schilljs.com>	2024-04-24 09:28:24 +00:00
Christopher Ng	b2335b453e	fix: Fix avatar images Signed-off-by: Christopher Ng <chrng8@gmail.com>	2024-04-08 17:10:55 -07:00
Robin Appelman	f0e5ed3681	fix SeekableHttpStream::stream_stat errors on failed open Signed-off-by: Robin Appelman <robin@icewind.nl>	2024-03-27 17:15:07 +01:00
Nextcloud bot	45e4076592	Fix(l10n): Update translations from Transifex Signed-off-by: Nextcloud bot <bot@nextcloud.com>	2024-03-26 00:19:52 +00:00
Nextcloud bot	faa751e30b	Fix(l10n): Update translations from Transifex Signed-off-by: Nextcloud bot <bot@nextcloud.com>	2024-03-25 00:20:26 +00:00
Nextcloud bot	7e5720c7c2	Fix(l10n): Update translations from Transifex Signed-off-by: Nextcloud bot <bot@nextcloud.com>	2024-03-24 00:20:30 +00:00
Robin Appelman	5ab8439c00	fix: ensure nested mount points are handled in the correct order Signed-off-by: Robin Appelman <robin@icewind.nl>	2024-03-21 18:01:26 +01:00
Maxence Lange	b688b556c6	fix(share): use share owner to confirm reshare Signed-off-by: Maxence Lange <maxence@artificial-owl.com>	2024-03-20 11:11:26 +00:00

1 2 3 4 5 ...

22058 commits