nextcloud

mirror of https://github.com/nextcloud/server.git synced 2026-04-22 14:50:17 -04:00

Author	SHA1	Message	Date
Daniel	64c52006dd	Merge pull request #54272 from nextcloud/enh/noid/taskprocessing-task-add-cleanup-flag feat(taskprocessing): add cleanup flag to tasks	2025-08-15 09:48:47 +02:00
Maxence Lange	cb84ccc57d	feat(preset): share password protection Signed-off-by: Maxence Lange <maxence@artificial-owl.com>	2025-08-12 14:37:32 -01:00
Julien Veyssier	e6adbd921e	feat(taskprocessing): generate OpenAPI specs, fix lint issue, fix tests Signed-off-by: Julien Veyssier <julien-nc@posteo.net>	2025-08-07 15:12:21 +02:00
Julien Veyssier	8c52b6c0fe	feat(taskprocessing): add cleanup flag to tasks to decide if they should be cleaned up automatically Signed-off-by: Julien Veyssier <julien-nc@posteo.net>	2025-08-07 15:12:21 +02:00
Marcel Klehr	e2449bca6f	fix(TaskProcessingApiController): Improve error handling Signed-off-by: Marcel Klehr <mklehr@gmx.net>	2025-07-22 11:21:17 +02:00
John Molakvoæ	2b50d9b2c5	Revert "perf(base): Stop setting up the FS for every basic auth request"	2025-07-11 17:07:44 +02:00
provokateurin	24f7a2e680	fix(core): Stop abusing the cache for avatar upload Signed-off-by: provokateurin <kate@provokateurin.de>	2025-07-08 11:38:59 +02:00
Ferdinand Thiessen	5981b7eb51	chore: apply new CSFixer rules Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de> # Conflicts: # apps/settings/lib/SetupChecks/PhpOpcacheSetup.php	2025-07-01 16:26:50 +02:00
skjnldsv	9806a9830c	feat(files_sharing): allow viewing files with download disabled Signed-off-by: skjnldsv <skjnldsv@protonmail.com>	2025-06-26 11:47:53 +02:00
Richard Steinmetz	c690c6fbd2	fix: update request token on two-factor pages Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>	2025-06-23 11:20:09 +02:00
Richard Steinmetz	fa15cb8b87	fix: generate csrf tokens if two factor challenge is ongoing Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>	2025-06-23 11:20:09 +02:00
Ferdinand Thiessen	495c364268	chore: use consistent casing for header names (required by openAPI) Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2025-06-09 19:24:26 +02:00
Kate	cfeec72fff	Merge pull request #53292 from nextcloud/fix/loginflow	2025-06-03 15:15:44 +02:00
Ferdinand Thiessen	fa7310add9	fix: handle IDLE timeout Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2025-06-03 14:24:51 +02:00
Oleksander Piskun	90e8fa25a6	fix(TaskProcessingApiController): use StreamResponse to return the task file content Signed-off-by: Oleksander Piskun <oleksandr2088@icloud.com>	2025-06-03 13:09:07 +03:00
Anna Larch	08f869dda9	fix: broken password reset form Signed-off-by: Anna Larch <anna@nextcloud.com>	2025-05-26 19:22:07 +02:00
provokateurin	82fb8f8508	refactor: Extend rector to core/ Signed-off-by: provokateurin <kate@provokateurin.de>	2025-05-15 00:16:54 +02:00
Marcel Müller	1addd35b78	fix: Remove unneccesary etag check Signed-off-by: Marcel Müller <marcel-mueller@gmx.de>	2025-04-29 23:15:50 +02:00
Stephan Orbaugh	aa8c0a68cb	Merge pull request #50650 from IONOS-Productivity/feat/login_flow_v2-user_agents-allow-list feat(login-flow-v2): Restrict allowed apps by user agent check	2025-04-24 10:12:19 +02:00
Joas Schilling	9ed33cf6aa	feat(profile): Add an API to get the profile field data Signed-off-by: Joas Schilling <coding@schilljs.com>	2025-04-23 12:38:18 +02:00
Misha M.-Kupriyanov	d1a94f3c9c	feat(login-flow-v2): Restrict allowed apps by user agent check Enable via: ./occ config:system:set core.login_flow_v2.allowed_user_agents 0 --value '/Custom Foo Client/i' ./occ config:system:set core.login_flow_v2.allowed_user_agents 1 --value '/Custom Bar Client/i' if user agent string is unknown the template with "Access forbidden"-"Please use original client" will be displayed Signed-off-by: Misha M.-Kupriyanov <kupriyanov@strato.de>	2025-04-23 09:45:23 +02:00
Richard Steinmetz	246da73a36	fix(oauth2): retain support for legacy ownCloud clients Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>	2025-04-01 11:25:52 +02:00
skjnldsv	0179cb4d8d	feat(core): add setup cypress tests Signed-off-by: skjnldsv <skjnldsv@protonmail.com>	2025-03-13 20:51:00 +01:00
skjnldsv	cc12719df5	feat(core): migrate setup to vue Signed-off-by: skjnldsv <skjnldsv@protonmail.com>	2025-03-13 16:00:18 +01:00
Côme Chilliet	71dc34c03c	fix: Deprecate OC_Template, add proper template manager instead Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2025-03-06 15:49:25 +01:00
Louis Chemineau	c6293204a2	feat: Close sessions created for login flow v2 Sessions created during the login flow v2 should be short lived to not leave an unexpected opened session in the browser. This commit add a property to the session object to track its origin, and will close it as soon as possible, i.e., on the first non public page request. Signed-off-by: Louis Chemineau <louis@chmn.me>	2025-02-26 13:42:18 +01:00
Côme Chilliet	e757b649b7	fix: Fix psalm taint false-positives by small refactorings Mostly make it clear that we trust admin input or that we correctly escape strings. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2025-02-17 18:08:23 +01:00
skjnldsv	2c13259093	feat(files): add mime icon endpoint Signed-off-by: skjnldsv <skjnldsv@protonmail.com>	2025-01-22 16:29:36 +00:00
SebastianKrupinski	332fa63850	feat: Two Factor API Signed-off-by: SebastianKrupinski <krupinskis05@gmail.com>	2025-01-16 08:31:58 -05:00
Julien Veyssier	24332e2a06	fix(taskprocessing): /tasktypes endpoint was broken by #49015 Signed-off-by: Julien Veyssier <julien-nc@posteo.net>	2025-01-09 10:06:25 +01:00
Côme Chilliet	f52b4c5eb2	fix: Remove skip of grant page, only skip first step Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2025-01-07 10:34:30 +01:00
Côme Chilliet	e7be008dc1	feat(oauth2): Skip page before login as well for authorized applications Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2025-01-07 10:34:30 +01:00
Côme Chilliet	9b366c65d4	feat(oauth): Allow to skip the grant step for selected applications Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2025-01-07 10:34:30 +01:00
provokateurin	085d4c9364	refactor(OpenAPI): Adjust scopes to match previous behavior Signed-off-by: provokateurin <kate@provokateurin.de>	2025-01-06 14:30:40 +01:00
Stephan Orbaugh	d4715c61f2	Merge pull request #49560 from nextcloud/fix/login-origin feat(login): add origin check at login	2024-12-20 14:53:11 +01:00
Jonas	dd5f560246	fix(ReferenceApiController): Bump rate limit for public resolve endpoint E.g. text documents might contain hundreds of links whose previews need to get loaded. Fixes: nextcloud/collectives#1607 Signed-off-by: Jonas <jonas@freesources.org>	2024-12-16 13:01:55 +01:00
Benjamin Gaussorgues	22051a73c1	feat(login): add origin check at login Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2024-12-05 09:51:53 +01:00
Maxence Lange	4591430c9c	feat(ocm): signing ocm requests Signed-off-by: Maxence Lange <maxence@artificial-owl.com>	2024-12-04 09:30:55 -01:00
Marcel Klehr	3ac14af26b	fix(TaskProcessing): Set up fs in getFileContentsInternal Signed-off-by: Marcel Klehr <mklehr@gmx.net>	2024-11-26 11:07:20 +01:00
skjnldsv	b15fdfd40e	chore(profile): move profile app from core to apps Signed-off-by: skjnldsv <skjnldsv@protonmail.com>	2024-11-14 10:25:02 +01:00
John Molakvoæ	452e4be4f5	Merge pull request #46222 from nextcloud/fix/task-processing-api-controller/dont-use-plus	2024-11-06 09:02:23 +01:00
provokateurin	77114fb327	fix(OpenAPI): Adjust array syntax to avoid ambiguities Signed-off-by: provokateurin <kate@provokateurin.de>	2024-11-05 09:58:11 +01:00
Ferdinand Thiessen	c84c256261	fix: Adjust preview for view-only shares Previously there was a different behavior for public shares (link-shares) and internal shares, if the user disabled the view permission. The legacy UI for public shares simply "disabled" the context menu and hided all download actions. With Nextcloud 31 all share types use the consistent permissions attributes, which simplifies code, but caused a regression: Images can no longer been viewed. Because on 30 and before the attribute was not set, previews for view-only files were still allowed. Now with 31 we need a new way to allow "viewing" shares. So this is allowing previews for those files, but only for internal usage. This is done by settin a special header, which only works with custom requests, and not by opening the URL directly. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-10-28 15:52:27 +01:00
dependabot[bot]	bb598c8451	chore(deps): Bump nextcloud/coding-standard in /vendor-bin/cs-fixer Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 1.3.1 to 1.3.2. - [Release notes](https://github.com/nextcloud/coding-standard/releases) - [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md) - [Commits](https://github.com/nextcloud/coding-standard/compare/v1.3.1...v1.3.2) --- updated-dependencies: - dependency-name: nextcloud/coding-standard dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: provokateurin <kate@provokateurin.de>	2024-10-19 07:57:35 +02:00
Julius Knorr	606241caeb	chore(legacy): Introduce public version ct plass and drop version methods from OC_Util Signed-off-by: Julius Knorr <jus@bitgrid.net>	2024-09-20 14:53:34 +02:00
provokateurin	9836e9b164	chore(deps): Update nextcloud/coding-standard to v1.3.1 Signed-off-by: provokateurin <kate@provokateurin.de>	2024-09-19 14:21:20 +02:00
Anna Larch	8af7ecb257	chore: adjust code to adhere to coding standard Signed-off-by: Anna Larch <anna@nextcloud.com>	2024-09-05 21:23:38 +02:00
Daniel Kesselberg	af6de04e9e	style: update codestyle for coding-standard 1.2.3 Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2024-08-25 19:34:58 +02:00
provokateurin	e77d6c913d	fix(core): Limit valid avatar sizes Signed-off-by: provokateurin <kate@provokateurin.de>	2024-08-14 09:29:30 +02:00
Julius Härtl	1aa29441e3	fix: Add direct parameter to flow auth v2 Signed-off-by: Julius Härtl <jus@bitgrid.net>	2024-08-05 12:13:52 +02:00
Julius Härtl	a6d421e767	chore: Remove deprecated legacy search backend Signed-off-by: Julius Härtl <jus@bitgrid.net>	2024-08-01 12:33:18 +02:00
provokateurin	bc5c0262af	refactor(core): Make all attribute arguments named Signed-off-by: provokateurin <kate@provokateurin.de>	2024-07-27 22:36:18 +02:00
provokateurin	c57c3c1573	refactor(core): Replace security annotations with respective attributes Signed-off-by: provokateurin <kate@provokateurin.de>	2024-07-26 07:30:45 +02:00
Kate	a9b77c3d12	Merge pull request #46761 from nextcloud/fix/core/document-csrf-token-endpoint	2024-07-26 07:13:26 +02:00
Andy Scherzinger	4f2a29adf9	Merge pull request #46672 from nextcloud/fix/preview-invalid-id Avoid using partial file info as valid one	2024-07-25 19:37:30 +02:00
provokateurin	90e108e548	fix(core): Document CSRF token endpoint Signed-off-by: provokateurin <kate@provokateurin.de>	2024-07-25 18:04:46 +02:00
Julien Veyssier	060fb26686	fix(taskprocessing): run cs:fix Signed-off-by: Julien Veyssier <julien-nc@posteo.net>	2024-07-25 10:10:32 +02:00
Marcel Klehr	799ee8fd51	feat(TaskProcessing): Implement enums and default values Signed-off-by: Marcel Klehr <mklehr@gmx.net>	2024-07-25 10:10:31 +02:00
Julius Härtl	6c1e896a03	fix: Ignore preview requests for invalid file ids Signed-off-by: Julius Härtl <jus@bitgrid.net>	2024-07-22 22:32:34 +02:00
Julien Veyssier	fffc784769	feat(taskprocessing): add support for webhooks (http or AppAPI) in the task processing API Signed-off-by: Julien Veyssier <julien-nc@posteo.net>	2024-07-22 11:34:29 +02:00
Ferdinand Thiessen	9716b0d735	refactor: Migrate some legacy and core functions to `IFilenameValidator` Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-07-19 19:41:46 +02:00
Marcel Klehr	a3c3eab09c	Merge pull request #46368 from nextcloud/fix/task-processing TaskProcessing follow-up	2024-07-19 12:38:30 +02:00
Jonas	9fe4edca2c	fix(ReferenceApiController): Remove accidently added AnonRateLimit Signed-off-by: Jonas <jonas@freesources.org>	2024-07-17 15:38:09 +02:00
Marcel Klehr	0d07ad98b0	fix(TaskProcessing): Update openapi specs Signed-off-by: Marcel Klehr <mklehr@gmx.net>	2024-07-17 13:55:55 +02:00
Marcel Klehr	eb0b5f29fb	fix(TaskProcessingApiController): Address review comments Signed-off-by: Marcel Klehr <mklehr@gmx.net>	2024-07-17 13:55:55 +02:00
Marcel Klehr	4ac1ac673e	fix: psalm errors Signed-off-by: Marcel Klehr <mklehr@gmx.net>	2024-07-17 13:55:55 +02:00
Marcel Klehr	4ac7f8275b	feat(TaskProcessing): Allow setting task results for file slots Signed-off-by: Marcel Klehr <mklehr@gmx.net>	2024-07-17 13:55:55 +02:00
Jonas	1671bf3ef2	feat(Reference): Add public API endpoints to get references Calling the public API endpoints will check for matching registered reference providers that implement `IPublicReferenceProvider` and call their respective functions. If no matching provider is found, the default `LinkReferenceProvider` will be used to provide open graph data. The frontend reference widget components will call these endpoints from unauthorized sessions, e.g. in public shares. If present, the sharing token of the origin URL is passed to `resolveReferencePublic()` as additional information for the reference provider to determine the access scope. This allows the respective reference providers to determine whether the origin share has access to the linked resource. `getCacheKeyPublic` also gets the sharing token so it can scope the cached entry to it. Contributes to #45978 Signed-off-by: Jonas <jonas@freesources.org>	2024-07-17 12:56:41 +02:00
Julien CHATY-CAPELLE	2d84d0f5bf	fix(core): use OC namespace for core ReponseDefinitions instead of OCA Signed-off-by: Julien CHATY-CAPELLE <julien@chaty-capelle.fr>	2024-07-15 11:50:02 +02:00
Ferdinand Thiessen	a229723b8c	feat: Add new forbidden filename options to Capabilities Allow clients to access the new filename validation options and make frontend name validation possible. Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de> Co-authored-by: Kate <26026535+provokateurin@users.noreply.github.com> Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-07-11 13:31:54 +02:00
Benjamin Gaussorgues	e5275dbada	feat: don't count failed CSRF as failed login attempt Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2024-07-11 09:27:33 +02:00
Marcel Klehr	224779c33f	fix(TaskProcessingApiController): Don't use + to merge non-assoc. arrays Signed-off-by: Marcel Klehr <mklehr@gmx.net>	2024-07-01 18:46:59 +02:00
provokateurin	f5ff8136ac	feat(TaskProcessingApi): Add endpoint for getting the next task Signed-off-by: provokateurin <kate@provokateurin.de>	2024-07-01 17:11:12 +02:00
Daniel	e5a6698ec0	Merge pull request #45811 from nextcloud/add-test-for-profile-page-controller test: add tests for ProfilePageController	2024-06-12 14:49:03 +02:00
Daniel Kesselberg	98eb190e04	test: add tests for ProfilePageController Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2024-06-12 11:46:12 +02:00
provokateurin	c8e767878d	fix(core): Return X-NC-IsCustomAvatar for guest avatars too Signed-off-by: provokateurin <kate@provokateurin.de>	2024-06-12 10:27:29 +02:00
skjnldsv	8bed23288b	fix(files_sharing): dark avatar support Signed-off-by: skjnldsv <skjnldsv@protonmail.com>	2024-06-12 10:27:29 +02:00
skjnldsv	fb11672df6	fix(core): allow guest avatar fallback Signed-off-by: skjnldsv <skjnldsv@protonmail.com>	2024-06-12 10:27:29 +02:00
Arthur Schiwon	98b5cdc43d	Merge pull request #43942 from nextcloud/fix/43612/avoid-pwd-confirm-sso fix(Session): avoid password confirmation on SSO	2024-06-07 11:25:36 +02:00
Arthur Schiwon	340939e688	fix(Session): avoid password confirmation on SSO SSO backends like SAML and OIDC tried a trick to suppress password confirmations as they are not possible by design. At least for SAML it was not reliable when existing user backends where used as user repositories. Now we are setting a special scope with the token, and also make sure that the scope is taken over when tokens are regenerated. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2024-06-05 19:01:13 +02:00
John Molakvoæ (skjnldsv)	fc3ee65526	fix(core): unsupported browser redirect url Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	2024-06-01 09:34:22 +02:00
Andy Scherzinger	e07a190641	chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>	2024-05-27 14:53:40 +02:00
Kate	7bc4ccba6a	Merge pull request #45354 from nextcloud/docs/taskprocessingapi/cleanup-endpoint-descriptions	2024-05-16 20:09:06 +02:00
provokateurin	a8abe9d3c2	fix(TaskProcessingApi): Cleanup error handling Signed-off-by: provokateurin <kate@provokateurin.de>	2024-05-16 15:17:10 +02:00
provokateurin	4c375c98a4	docs(TaskProcessingApi): Set correct status code messages Signed-off-by: provokateurin <kate@provokateurin.de>	2024-05-16 14:57:34 +02:00
provokateurin	eabbb73173	docs(TaskProcessingApi): Cleanup endpoint descriptions Signed-off-by: provokateurin <kate@provokateurin.de>	2024-05-16 12:43:39 +02:00
provokateurin	79e153735c	docs(TaskProcessingApi): Fix result endpoint description Signed-off-by: provokateurin <kate@provokateurin.de>	2024-05-16 12:43:22 +02:00
Joas Schilling	ef1c32a222	Merge pull request #45317 from nextcloud/bugfix/noid/limit-maximum-number-of-search-results fix(search): Limit maximum number of search results	2024-05-16 10:10:09 +02:00
Marcel Klehr	f3e72aff7c	Merge pull request #45094 from nextcloud/enh/taskprocessing-api feat: TaskProcessing API	2024-05-15 11:43:08 +02:00
Joas Schilling	2bd54d30e5	fix(search): Limit maximum number of search results Signed-off-by: Joas Schilling <coding@schilljs.com>	2024-05-15 09:48:23 +02:00
Marcel Klehr	a8afa7f23d	fix(OCS-API): Add endpoint to list user tasks Signed-off-by: Marcel Klehr <mklehr@gmx.net>	2024-05-14 11:38:41 +02:00
Marcel Klehr	f3a88f04ec	fix(OCS-API): No csrf required for /tasks/taskId/file/fileId Signed-off-by: Marcel Klehr <mklehr@gmx.net>	2024-05-14 11:38:41 +02:00
Marcel Klehr	ec94a672d7	fix(ocs): change /tasktypes response to combine optional and non-optional IO slots Signed-off-by: Marcel Klehr <mklehr@gmx.net>	2024-05-14 11:38:41 +02:00
Marcel Klehr	c079a61181	feat: Add cancel endpoint to OCS API Signed-off-by: Marcel Klehr <mklehr@gmx.net>	2024-05-14 11:38:41 +02:00
Marcel Klehr	4d9a0eab5f	fix: update openai specs Signed-off-by: Marcel Klehr <mklehr@gmx.net>	2024-05-14 11:38:41 +02:00
Marcel Klehr	4a3b9b826e	refactor: identifier is now customId/custom_id Signed-off-by: Marcel Klehr <mklehr@gmx.net>	2024-05-14 11:38:41 +02:00
Marcel Klehr	ec27c538b5	fix: address review comments Signed-off-by: Marcel Klehr <mklehr@gmx.net>	2024-05-14 11:38:41 +02:00
Marcel Klehr	2c878099f1	fix: address review comments Signed-off-by: Marcel Klehr <mklehr@gmx.net>	2024-05-14 11:38:40 +02:00
Marcel Klehr	b85a0edc92	fix: Update autoloaders Signed-off-by: Marcel Klehr <mklehr@gmx.net>	2024-05-14 11:38:40 +02:00
Marcel Klehr	a5053d33c2	fix: Run cs:fix Signed-off-by: Marcel Klehr <mklehr@gmx.net>	2024-05-14 11:38:40 +02:00

1 2 3 4 5 ...

833 commits