Sessions created during the login flow v2 should be short lived to not leave an unexpected opened session in the browser.
This commit add a property to the session object to track its origin, and will close it as soon as possible, i.e., on the first non public page request.
Signed-off-by: Louis Chemineau <louis@chmn.me>
[skip ci]
Signed-off-by: Louis Chemineau <louis@chmn.me>
Replace `ValidatePhoneNumber` from Nextcloud 21 with a new repair step,
`ValidateAccountProperties` which validates and sanitizes all account
properties.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
Currently there is a problem if an exception is thrown in `User::delete`,
because at that point the user is already removed from the backend,
but not all data is deleted.
There is no way to recover from this state, as the user is gone no information is available anymore.
This means the data is still available on the server but can not removed by any API anymore.
The solution here is to first set a flag and backup the user home,
this can be used to recover failed user deletions in a way the delete can be re-tried.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* Resolves https://github.com/nextcloud/server/issues/34476
There is no maximum length defined in the standard,
most common the length is between 128 and 200 characters,
but as we store it not in plain data but base64 encoded the length can grow about 1/3.
We had a regression with 'Nitrokey 3' which created IDs with 196 byte length -> 262 bytes encoded base64.
So to be save we increase the size to 512 bytes.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
Require user verification if all tokens are registered
with UV flag, else discourage it
Signed-off-by: S1m <git@sgougeon.fr>
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
When checking for public (web) access to the data directory the status is not enough
as you might have a webserver that forwards to e.g. a login page.
So instead check that the content of the file matches.
For this the `.ncdata` file (renamed from `.ocdata`¹) has minimal text content
to allow checking.
¹The file was renamed from the legacy `.ocdata`, there is a repair step to remove the old one.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
It was commented out because at that time no other share provider
supported the `acceptShare` method. Today it is the same no other provider
supports it, but we should make it discoverable by adding it to the public API
as an additional interface.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
d
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
f
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
d
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
