nextcloud

mirror of https://github.com/nextcloud/server.git synced 2026-04-22 14:50:17 -04:00

Author	SHA1	Message	Date
Faraz Samapoor	fc0e2a938f	Applies agreed-upon indentation convention to the changed controllers. Based on https://github.com/nextcloud/server/pull/38636#discussion_r1218167753 Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>	2023-06-05 18:35:32 +03:30
Faraz Samapoor	25cdc35473	Update core/Controller/AppPasswordController.php Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com> Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>	2023-06-05 18:26:27 +03:30
Faraz Samapoor	05784c3244	Update core/Controller/CollaborationResourcesController.php Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com> Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>	2023-06-05 16:45:21 +03:30
Faraz Samapoor	2713ab023f	Update core/Controller/AppPasswordController.php Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com> Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>	2023-06-05 16:45:01 +03:30
Faraz Samapoor	450bf5c99e	Refactors controllers by using PHP8's constructor property promotion. Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>	2023-06-04 23:20:35 +03:30
Faraz Samapoor	a1ef0285f8	Refactors "strpos" calls in /core to improve code readability. Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>	2023-06-02 13:13:19 +03:30
Joas Schilling	7ee81b6555	fix(lostpassword): Also rate limit the setPassword endpoint Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-05-15 09:21:07 +02:00
Joas Schilling	9d6ec68b59	feat(translation): Return the detected language so clients can show more details Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-05-02 16:38:33 +02:00
Joas Schilling	e5d0ff0c19	feat(translation): Allow guests to use translations as well Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-04-13 09:02:46 +02:00
Joas Schilling	032821d2b5	fix(translation): Use 400 as status code to be distinguishable from server errors Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-04-13 09:02:42 +02:00
Joas Schilling	b7c1e61d0b	fix(translation): Properly set the numbers as HTTP status code Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-04-13 09:02:38 +02:00
Joas Schilling	21b056ee2d	fix(translation): Translate error messages on translations API Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-04-13 08:53:15 +02:00
Côme Chilliet	5063b76c8a	Merge pull request #37495 from joshtrichards/jr-trim-pw-reset-username Trim the user/email provided for password resets	2023-04-05 11:36:53 +02:00
Josh Richards	9899b12478	Trim user earlier Signed-off-by: Josh Richards <josh.t.richards@gmail.com>	2023-04-04 10:03:15 -04:00
Christopher Ng	7bc8b543be	Improve handling of profile fields Signed-off-by: Christopher Ng <chrng8@gmail.com>	2023-03-30 17:11:41 -07:00
Josh Richards	203b9131ec	Trim the user/email provided for password resets Signed-off-by: Josh Richards <josh.t.richards@gmail.com>	2023-03-30 11:59:13 -04:00
jld3103	02f9c3a06f	Use implementations instead of interfaces for accessing private methods Signed-off-by: jld3103 <jld3103yt@gmail.com>	2023-03-30 12:33:46 +02:00
Git'Fellow	cfd7a57184	Send header to all browsers under HTTPS Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com> Don't send Clear-Site-Data to Safari Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com> Fix lint Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>	2023-03-26 15:29:01 +02:00
jld3103	79507435fa	Fix controller class import for autocomplete Signed-off-by: jld3103 <jld3103yt@gmail.com>	2023-03-16 09:50:43 +01:00
Julius Härtl	a0ecc37d03	fix(translation): Allow regular users to use translation api endpoints Signed-off-by: Julius Härtl <jus@bitgrid.net>	2023-02-28 09:29:57 +01:00
Julius Härtl	3e63298381	feat(translations): Add translation provider API Signed-off-by: Julius Härtl <jus@bitgrid.net>	2023-02-27 16:52:03 +01:00
MichaIng	0d67fc23f4	Merge pull request #36634 from nextcloud/fix/client-login-flow/state-token-missing-response fix(client-login-flow): Use correct response for missing state token	2023-02-27 16:34:07 +01:00
Julien Veyssier	01cefbd6d6	[reference preview] fix getting null mimetype if the cached reference lacks an image content type Signed-off-by: Julien Veyssier <julien-nc@posteo.net>	2023-02-22 12:39:26 +01:00
Simon L	a747be3544	Merge pull request #36443 from nextcloud/fix/23063/fix-login-log-entry fix the login log entry	2023-02-15 18:13:59 +01:00
Christoph Wurst	024adc14b1	fix(client-login-flow): Use correct response for missing state token Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-02-09 14:11:28 +01:00
Joas Schilling	59578817f5	Merge pull request #36489 from nextcloud/bugfix/noid/brute-force-protection-password-reset Add bruteforce protection to password reset page	2023-02-06 22:12:25 +01:00
Christoph Wurst	88d116ba84	fix(client-login-flow): Handle missing stateToken gracefully Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-02-06 09:42:15 +01:00
Joas Schilling	704eb3aa6c	Add bruteforce protection to password reset page Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-02-02 06:13:49 +01:00
Simon L	6496748971	fix the login log entry Signed-off-by: Simon L <szaimen@e.mail.de>	2023-01-30 17:07:44 +01:00
Christoph Wurst	7269766e05	Merge pull request #36363 from nextcloud/feat/app-framework/usesession-attribute feat(app-framework): Add UseSession attribute to replace annotation	2023-01-27 16:59:14 +01:00
Julien Veyssier	8766e4f242	handle and return touchProvider errors Signed-off-by: Julien Veyssier <julien-nc@posteo.net>	2023-01-27 11:10:56 +01:00
Julien Veyssier	946a1af9fd	add 'last used timestamp' management for reference providers Signed-off-by: Julien Veyssier <julien-nc@posteo.net>	2023-01-27 11:10:56 +01:00
Julien Veyssier	6431c5a559	extend the reference API for the new link picker - add 2 interfaces for discoverable and searchable reference providers - new OCS route to get info on discoverable/searchable reference providers - new abstract ADiscoverableReferenceProvider that only implements jsonSerialize - listen to RenderReferenceEvent to inject provider list with initial state Signed-off-by: Julien Veyssier <julien-nc@posteo.net>	2023-01-27 11:10:55 +01:00
Christoph Wurst	20e00cdf17	feat(app-framework): Add UseSession attribute to replace annotation Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-01-27 09:40:35 +01:00
Côme Chilliet	f5c361cf44	composer run cs:fix Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-01-20 11:45:08 +01:00
Simon L	06a572ff55	Merge pull request #27492 from cyclops8456/feature/24301-remove-can-install-on-occ-maintenance-install Remove the CAN_INSTALL file when occ maintenance:install is complete	2023-01-18 19:53:02 +01:00
Christoph Wurst	20fcfb5739	feat(app framework)!: Inject services into controller methods Usually Nextcloud DI goes through constructor injection. This has the implication that each instance of a class builds the full DI tree. That is the injected services, their services, etc. Occasionally there is a service that is only needed for one controller method. Then the DI tree is build regardless if used or not. If services are injected into the method, we only build the DI tree if that method gets executed. This is also how Laravel allows injection. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-01-18 14:00:38 +01:00
Christoph Wurst	f22101d421	Fix login loop if login CSRF fails and user is not logged in If CSRF fails but the user is logged in that they probably logged in in another tab. This is fine. We can just redirect. If CSRF fails and the user is also not logged in then something is fishy. E.g. because Nextcloud contantly regenrates the session and the CSRF token and the user is stuck in an endless login loop. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-01-18 09:39:17 +01:00
Alex Harpin	644df591b1	Rename canInstallExists method and add new method for removal Rename canInstallExists to shouldRemoveCanInstallFile to cover removal of this file for non-git channels and logging any failure to remove it. Add new method to detect if this file exists during web based installation. Signed-off-by: Alex Harpin <development@landsofshadow.co.uk>	2023-01-10 11:59:06 +00:00
Alex Harpin	72af140723	Move CAN_INSTALL check to method and remove unlink from SetupController Move the check for the CAN_INSTALL file in the config directory to a method in the Setup class and remove the call to unlink from the SetupController as this in now handled in the Setup class. Signed-off-by: Alex Harpin <development@landsofshadow.co.uk>	2023-01-10 11:59:06 +00:00
Joas Schilling	b4a29644cc	Add a const for the max user password length Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-01-04 11:23:43 +01:00
Joas Schilling	9cfaf27142	Also limit the password length on reset Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-01-03 16:36:01 +01:00
Christoph Wurst	138deec333	chore: Make the LoginController strict Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2022-12-15 10:52:28 +01:00
Daniel Kesselberg	b5f6ecfb00	Fix GH-33187 $this->userId is null when loggedin via app password. Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2022-12-12 19:12:18 +00:00
Richard Steinmetz	fc4dd3041c	Fix default redirect on successful WebAuthn login Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>	2022-12-05 12:51:53 +01:00
Simon L	23f336761e	Merge pull request #35385 from pulsejet/patch-previewtype Fix type of PreviewController::$userId	2022-12-03 19:09:37 +01:00
Carl Schwan	6c76443e89	Revert unrelated change from #34940 Probably a left over from an experience that I added by mistake in the change Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2022-12-02 11:29:38 +01:00
Varun Patil	136b2c5949	Fix type of PreviewController::$userId Can be null if not logged in; currently crashes Signed-off-by: Varun Patil <varunpatil@ucla.edu>	2022-11-24 02:33:31 -08:00
Carl Schwan	86d9626901	Add mastodon personal info field Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2022-11-21 16:28:56 +01:00
Julius Härtl	8629d8e44f	Check share attributes on preview endpoints Signed-off-by: Julius Härtl <jus@bitgrid.net>	2022-10-25 11:35:31 +02:00
Julius Härtl	11bedf1c3b	Use proper error pages instead of always redirecting Signed-off-by: Julius Härtl <jus@bitgrid.net>	2022-10-21 15:12:21 +02:00
John Molakvoæ (skjnldsv)	bd303388e3	Cleanup ie and old edge properties Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	2022-10-19 10:02:51 +02:00
Côme Chilliet	71ee292650	Add rate limiting on lost password emails Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2022-10-18 14:49:02 +00:00
Julien Veyssier	6e03d99ab8	fix reference preview endpoint when no server-side cache configured Signed-off-by: Julien Veyssier <eneiluj@posteo.net>	2022-10-13 15:18:21 +02:00
Joas Schilling	0642d17e4f	Fix URLs on reference resolving The vue-richtext app currently sends leading spaces if they are in the text. Signed-off-by: Joas Schilling <coding@schilljs.com>	2022-09-30 09:40:43 +02:00
Julius Härtl	f4a2ab137b	Add cache header for image endpoint if link previews Signed-off-by: Julius Härtl <jus@bitgrid.net>	2022-09-28 13:21:28 +00:00
Julius Härtl	5fa7563bf9	Add endpoint to fetch a cachable reference data Signed-off-by: Julius Härtl <jus@bitgrid.net>	2022-09-26 17:44:49 +02:00
Carl Schwan	66a7a89898	Add api to load additional section in profile page Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2022-09-14 12:55:40 +02:00
Carl Schwan	bc9a488046	Update avatars on update Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2022-09-09 14:23:41 +02:00
Carl Schwan	76d0165330	Dark theme for guest avatar And better caching policy Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2022-09-09 13:37:51 +02:00
Carl Schwan	f98ae2b5b0	Avatar new style Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2022-09-09 13:37:51 +02:00
Christopher Ng	f44d2586b1	Remake profile picture saving with Vue Signed-off-by: Christopher Ng <chrng8@gmail.com>	2022-09-02 02:22:57 +00:00
Julius Härtl	1ab66988bc	Inject all dependnencies and increase cache timeout Signed-off-by: Julius Härtl <jus@bitgrid.net>	2022-08-31 18:02:57 +02:00
Julius Härtl	80f6a5834a	Refactor cache handling Signed-off-by: Julius Härtl <jus@bitgrid.net>	2022-08-31 16:24:35 +02:00
Julius Härtl	a392235e23	Cleanup Signed-off-by: Julius Härtl <jus@bitgrid.net>	2022-08-31 16:24:33 +02:00
Julius Härtl	0ce0d37ac1	Implement image caching Signed-off-by: Julius Härtl <jus@bitgrid.net>	2022-08-31 16:20:06 +02:00
Julius Härtl	de3e541fde	API for fetching reference metadata Signed-off-by: Julius Härtl <jus@bitgrid.net>	2022-08-31 16:20:05 +02:00
Joas Schilling	85eb3b2920	Fix wording of undeliverable push notifications Signed-off-by: Joas Schilling <coding@schilljs.com>	2022-08-31 12:42:31 +02:00
Christopher Ng	9ba11ecefd	Improve handling of profile page Signed-off-by: Christopher Ng <chrng8@gmail.com>	2022-08-22 19:28:35 +00:00
NoSleep82	b03aedf128	Update core/Controller/LostController.php Co-authored-by: John Molakvoæ <skjnldsv@users.noreply.github.com> Signed-off-by: NoSleep82 <52562874+NoSleep82@users.noreply.github.com>	2022-08-21 13:16:23 +02:00
NoSleep82	61548c520b	Update LostController.php i would be useful to know who is trying to reset the password (misspelled username or email, ex user or some sort of attack) Signed-off-by: NoSleep82 <52562874+NoSleep82@users.noreply.github.com>	2022-08-19 18:30:32 +02:00
Carl Schwan	253118298d	Redesign guest pages for better accessibility - Use white box and put content on it - Improve focus indicator Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2022-07-27 10:43:21 +02:00
Christopher Ng	92500e810f	Identify the login page explicitly by the page title Signed-off-by: Christopher Ng <chrng8@gmail.com>	2022-07-20 23:55:50 +00:00
Thomas Citharel	abe5ff3654	Make LostController use IInitialState and LoggerInterface Signed-off-by: Thomas Citharel <tcit@tcit.fr>	2022-06-10 16:41:41 +02:00
Thomas Citharel	44e13848a1	Add password reset typed events These hooks are only used in the Encryption app from what I can see. Signed-off-by: Thomas Citharel <tcit@tcit.fr>	2022-06-10 16:41:41 +02:00
Christopher Ng	57c66bf7cb	Use Image class from public API Signed-off-by: Christopher Ng <chrng8@gmail.com>	2022-06-02 00:37:36 +00:00
Carl Schwan	b70c6a128f	Update core to PHP 7.4 standard - Typed properties - Port to LoggerInterface Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2022-05-20 22:18:06 +02:00
Joas Schilling	6084d691b0	Merge pull request #32375 from nextcloud/bugfix/noid/show-user-account-on-grant-loginflow-step Show user account on grant loginflow step	2022-05-16 11:18:22 +02:00
Joas Schilling	db1813f640	Show user account on grant loginflow step Signed-off-by: Joas Schilling <coding@schilljs.com>	2022-05-13 10:50:30 +02:00
Thomas Citharel	232322fe06	Modernize contacts menu Signed-off-by: Thomas Citharel <tcit@tcit.fr>	2022-05-12 18:31:59 +02:00
John Molakvoæ	3c6253f965	Remove old legacy SvgController and IconsCacher Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>	2022-05-10 23:24:07 +02:00
Joas Schilling	6e4d721278	Expose shareWithDisplayNameUnique also on autocomplete endpoint Signed-off-by: Joas Schilling <coding@schilljs.com>	2022-05-03 12:51:23 +02:00
Vincent Petry	576e4e8f2a	Merge pull request #31592 from nextcloud/fix/direct-arg-flow-v2 Add direct arg to login flow	2022-03-29 18:21:40 +02:00
Vincent Petry	80388663af	Add direct arg to login flow Signed-off-by: Vincent Petry <vincent@nextcloud.com> Co-Authored-by: Carl Schwan <carl@carlschwan.eu>	2022-03-28 10:28:45 +02:00
Joas Schilling	5f75d2e104	Remove old shortening Signed-off-by: Joas Schilling <coding@schilljs.com>	2022-03-23 21:42:29 +01:00
Joas Schilling	a0c7798c7d	Limit the length of app password names Signed-off-by: Joas Schilling <coding@schilljs.com>	2022-03-23 10:47:56 +01:00
Christopher Ng	1fc0b4320c	Add global profile toggle config Signed-off-by: Christopher Ng <chrng8@gmail.com>	2022-03-18 02:55:12 +00:00
Carl Schwan	36721a8d0d	Fix caching of the user avatar Now on firefox/safari it is only refetched once a day. On Chrom{e,ium} we keep the previous behavior of maybe refetching it more often. This also notify the user about this behavior when they upload an avatar picture. Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2022-02-25 14:24:07 +01:00
Carl Schwan	7dddbd0c35	Improve caching policy * Cache css with version in url. This makes most js and css requests to be cached by the browser * Force caching previews, the etag is in the url so that if the propfind gives a new etag, we will refresh it otherwise it's no use to try to fetch the new etag and do tons of DB queries Tested with firefox and 'debug' => false (important so that the js/css urls are generated with ?v= parameter) Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2022-02-16 11:35:57 +01:00
Joas Schilling	6dd60b6d30	Only allow avatars in 64 and 512 pixel size Signed-off-by: Joas Schilling <coding@schilljs.com>	2022-02-07 16:47:51 +01:00
Christopher Ng	22768769c3	Improve installation pages Signed-off-by: Christopher Ng <chrng8@gmail.com>	2022-01-14 19:59:46 +00:00
John Molakvoæ (skjnldsv)	b664aad7ab	Move bundles to /dist Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	2022-01-08 10:11:58 +01:00
John Molakvoæ	bfaeb6ae64	Merge pull request #29531 from nextcloud/bugfix/noid/flow-auth-v2-apptoken	2021-12-30 08:14:23 +01:00
Julius Härtl	e00173a71b	Also pass user on flow v2 landing Signed-off-by: Julius Härtl <jus@bitgrid.net>	2021-12-29 11:52:31 +01:00
Julius Härtl	61dd1d3d97	Pass username prefill through unauthenticated request redirects Signed-off-by: Julius Härtl <jus@bitgrid.net>	2021-12-29 11:52:31 +01:00
Julius Härtl	aa3f4bdf63	Allow using an app token to login with v2 flow auth Signed-off-by: Julius Härtl <jus@bitgrid.net>	2021-12-03 08:37:42 +01:00
Christopher Ng	be5b9e36cd	Hide user status from public Signed-off-by: Christopher Ng <chrng8@gmail.com>	2021-11-23 22:58:44 +00:00
Côme Chilliet	5a20e20e9e	Fix errors in AvatarController when data() returns null Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2021-11-23 09:29:01 +01:00
Christoph Wurst	c8caba265f	Explicitly allow some routes without 2FA Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2021-11-17 18:42:21 +01:00
Joas Schilling	fa036b2001	Move common logic to share manager Signed-off-by: Joas Schilling <coding@schilljs.com>	2021-11-09 10:10:53 +01:00

1 2 3 4 5 ...

617 commits