nextcloud

mirror of https://github.com/nextcloud/server.git synced 2026-03-01 04:50:40 -05:00

Author	SHA1	Message	Date
Joas Schilling	9fd8a02555	fix(core): Add password confirmation requirement for getapppassword Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-07-17 12:18:17 +02:00
Joas Schilling	bd5c66c679	fix(lostpassword): Also rate limit the setPassword endpoint Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-05-15 16:05:46 +02:00
Joas Schilling	c679856e90	Add bruteforce protection to password reset page Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-02-07 07:48:53 +01:00
Joas Schilling	cb30df2e69	Show user account on grant loginflow step Signed-off-by: Joas Schilling <coding@schilljs.com>	2022-05-16 13:57:29 +02:00
Vincent Petry	b321a431aa	Add direct arg to login flow Signed-off-by: Vincent Petry <vincent@nextcloud.com> Co-Authored-by: Carl Schwan <carl@carlschwan.eu>	2022-04-14 13:02:29 +02:00
Vincent Petry	b7f192f1a2	Merge pull request #31411 from nextcloud/backport/31354/stable22 [stable22] Fix caching of the user avatar	2022-03-10 15:31:32 +01:00
Carl Schwan	cbcdf1c9b4	Fix caching of the user avatar Now on firefox/safari it is only refetched once a day. On Chrom{e,ium} we keep the previous behavior of maybe refetching it more often. This also notify the user about this behavior when they upload an avatar picture. Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2022-03-02 18:44:54 +01:00
Carl Schwan	1da8fe529f	Improve caching policy * Cache css with version in url. This makes most js and css requests to be cached by the browser * Force caching previews, the etag is in the url so that if the propfind gives a new etag, we will refresh it otherwise it's no use to try to fetch the new etag and do tons of DB queries Tested with firefox and 'debug' => false (important so that the js/css urls are generated with ?v= parameter) Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2022-02-18 14:29:36 +01:00
Christopher Ng	a38ac95ff6	Improve installation pages Signed-off-by: Christopher Ng <chrng8@gmail.com> (cherry picked from commit `22768769c3`) Signed-off-by: nextcloud-command <nextcloud-command@users.noreply.github.com>	2022-01-19 00:48:36 +00:00
Christoph Wurst	c49d49c4b0	Explicitly allow some routes without 2FA Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2021-11-18 13:15:23 +01:00
Arthur Schiwon	151fafcd45	allow using of disabled password reset mechanism for special cases - LostController has three endpoints - door opener email() still rejects - resetform(), reachable from mail, checks the token first and may report that password reset is disabled - setPassword() got its check removed as it is behind CSFR anyway and still requires a valid token - this allows special cases like activating a freshly created guest account Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2021-09-15 01:32:44 +00:00
Arthur Schiwon	3f1e4a0b15	fixes missing prefix to validate password reset token - also fixes the test which missed asserting the presence of it Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2021-09-14 07:52:45 +00:00
Arthur Schiwon	b699e8f487	add a job to clean up expired verification tokens Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2021-09-10 13:18:41 +02:00
Arthur Schiwon	7c48177830	move verification token logic out of lost password controller - to make it reusable - needed for local email verification Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2021-09-10 13:14:02 +02:00
Lukas Reschke	b87649beeb	Fix codestyle Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2021-09-07 06:34:04 +00:00
Lukas Reschke	3061f8a529	Check if SVG path is valid Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2021-09-07 06:34:04 +00:00
Jonas Meurer	55fcffd11a	Use IURLGenerator function to get value of `\OC::$WEBROOT` global Signed-off-by: Jonas Meurer <jonas@freesources.org>	2021-08-16 13:12:00 +00:00
Jonas Meurer	57e20ed566	UnifiedSearchController: strip webroot from URL before finding a route This should fix route matching in UnifiedSearchController on setups with Nextcloud in a subfolder (webroot). Fixes: #24144 Signed-off-by: Jonas Meurer <jonas@freesources.org>	2021-08-16 13:11:59 +00:00
Julius Härtl	c0474ba364	Use product name in places where it is appropriate rather than the instance name Signed-off-by: Julius Härtl <jus@bitgrid.net>	2021-06-16 11:42:53 +02:00
Morris Jobke	2ae60b42ab	Merge pull request #26494 from rigrig/fix-php8-deprecations Fix some php 8 warnings	2021-06-07 23:30:59 +02:00
John Molakvoæ (skjnldsv)	215aef3cbd	Update php licenses Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	2021-06-04 22:02:41 +02:00
Richard de Boer	f23d057ad9	Fix functions taking optional parameters before required ones PHP 8 shows deprecation warnings about this, see #25806 Removes the "default" values, as they actually are required parameters anyway. Signed-off-by: Richard de Boer <git@tubul.net>	2021-05-29 14:14:52 +02:00
Joas Schilling	69290781ff	Handle device login like an alternative login Signed-off-by: Joas Schilling <coding@schilljs.com>	2021-04-20 09:11:33 +02:00
Roeland Jago Douma	b43e21d186	Merge pull request #26401 from nextcloud/enh/handle-avatar-upload-errors Show informative errors on avatar upload error	2021-04-08 16:12:36 +02:00
Robin Appelman	c232a40bdf	remove leftover debug @NoCSRFRequired introduced with #26198 Signed-off-by: Robin Appelman <robin@icewind.nl>	2021-04-01 13:51:53 +02:00
Julien Veyssier	7b69897474	show informative errors in log and UI on avatar upload error in user settings Signed-off-by: Julien Veyssier <eneiluj@posteo.net>	2021-04-01 11:55:13 +02:00
Robin Appelman	b38618c813	use node search api for legacy file search endpoint Signed-off-by: Robin Appelman <robin@icewind.nl>	2021-03-19 16:08:01 +01:00
Roeland Jago Douma	4076dfb019	Allow admins to disable the login form In case they want to not allow this because they use SSO (and do not want the users to enter their credentials there by accident). ?direct=1 still works. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2021-03-08 15:36:47 +01:00
Christoph Wurst	7be2ce82e7	Merge pull request #25544 from nextcloud/refactor/app-password-created-event Move app_password_created to a typed event	2021-03-02 08:18:59 +01:00
Christoph Wurst	5026d2cca1	Merge pull request #25086 from nextcloud/dependabot/composer/nextcloud/coding-standard-0.5.0 Bump nextcloud/coding-standard from 0.3.0 to 0.5.0	2021-02-18 14:05:54 +01:00
dependabot-preview[bot]	eb502c02ff	Bump nextcloud/coding-standard from 0.3.0 to 0.5.0 Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 0.3.0 to 0.5.0. - [Release notes](https://github.com/nextcloud/coding-standard/releases) - [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md) - [Commits](https://github.com/nextcloud/coding-standard/compare/v0.3.0...v0.5.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2021-02-18 13:31:24 +01:00
Joas Schilling	6ed4aaeeea	Send emails on password reset to the displayname Signed-off-by: Joas Schilling <coding@schilljs.com>	2021-02-18 12:38:43 +01:00
Joas Schilling	83755b7b02	Make new result parts optional Signed-off-by: Joas Schilling <coding@schilljs.com>	2021-02-12 16:21:47 +01:00
Christoph Wurst	f8808e260d	Move app_password_created to a typed event Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2021-02-09 18:49:35 +01:00
Julius Härtl	d7a80293ab	Keep direct login active when redirecting Signed-off-by: Julius Härtl <jus@bitgrid.net>	2021-02-01 14:25:56 +01:00
Roeland Jago Douma	f57b93098b	Do not redirect to logout after login This can happen when the session was killed due to a timeout. Then logout was triggered. Nobody wants to login only to be logged out again. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2021-01-15 09:35:51 +01:00
Christoph Wurst	9ce3ea3368	Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-12-30 14:07:05 +01:00
Christoph Wurst	f37e150d1c	Merge pull request #24702 from nextcloud/enhancement/well-known-handler-api Add well known handlers API	2020-12-18 13:34:04 +01:00
Christoph Wurst	d89a75be0b	Update all license headers for Nextcloud 21 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-12-16 18:48:22 +01:00
Christoph Wurst	6995223b1e	Add well known handlers API Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-12-16 13:13:05 +01:00
Julius Härtl	df769c025a	Do not load nonexisting setup.js Signed-off-by: Julius Härtl <jus@bitgrid.net>	2020-12-07 07:39:25 +01:00
John Molakvoæ (skjnldsv)	e7f5516b4d	Init vue comments tab Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	2020-10-20 13:58:06 +02:00
Christoph Wurst	d9015a8c94	Format code to a single space around binary operators Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-10-05 20:25:24 +02:00
Joas Schilling	a8d9b22beb	Add an ETag for the search providers Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-09-15 09:19:53 +02:00
Morris Jobke	22ff60e088	Merge pull request #22564 from nextcloud/bugfix/noid/show-avatars-again The privacy setting is only about syncing to other servers	2020-09-09 17:35:13 +02:00
Joas Schilling	c2bef528ef	Remove unused members and imports Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-09-08 10:45:35 +02:00
Joas Schilling	fea294bb29	Move unified search to OCS api Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-09-07 11:06:46 +02:00
Joas Schilling	a4b2403e29	The privacy setting is only about syncing to other servers Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-09-03 15:46:21 +02:00
Christoph Wurst	2a054e6c04	Update the license headers for Nextcloud 20 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-08-24 14:54:25 +02:00
Joas Schilling	ea8f68bea6	Hand in the route and the parameters of the request Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>	2020-08-05 12:52:16 +00:00

1 2 3 4 5 ...

464 commits