upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-02-03 20:41:22 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 37
84019 commits 651 branches 1179 tags 8.1 GiB
Commit graph

159 commits

Author SHA1 Message Date
Côme Chilliet
4e83d20837 feat(login): Add rememberme checkbox 
Only present if allowed by configuration.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-11-13 13:25:59 +00:00
Ferdinand Thiessen
5981b7eb51
chore: apply new CSFixer rules 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>

# Conflicts:
#	apps/settings/lib/SetupChecks/PhpOpcacheSetup.php
 2025-07-01 16:26:50 +02:00
provokateurin
82fb8f8508
refactor: Extend rector to core/ 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2025-05-15 00:16:54 +02:00
provokateurin
085d4c9364
refactor(OpenAPI): Adjust scopes to match previous behavior 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2025-01-06 14:30:40 +01:00
Benjamin Gaussorgues
22051a73c1
feat(login): add origin check at login 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-12-05 09:51:53 +01:00
provokateurin
77114fb327
fix(OpenAPI): Adjust array syntax to avoid ambiguities 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-11-05 09:58:11 +01:00
provokateurin
bc5c0262af
refactor(core): Make all attribute arguments named 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-07-27 22:36:18 +02:00
provokateurin
c57c3c1573
refactor(core): Replace security annotations with respective attributes 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-07-26 07:30:45 +02:00
Benjamin Gaussorgues
e5275dbada feat: don't count failed CSRF as failed login attempt 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-07-11 09:27:33 +02:00
Andy Scherzinger
e07a190641
chore: Add SPDX header 
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
 2024-05-27 14:53:40 +02:00
Côme Chilliet
ec5133b739 fix: Apply new coding standard to all files 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-04-02 14:16:21 +02:00
Ferdinand Thiessen
3fede00732
feat(login): Clear login form (password) after IDLE timeout 
For security reasons it is recommended to stop the login process at a defined time,
this could prevent password leaks by e.g. user forgetting that they entered their password on public devices.

Enforced e.g. by the BSI ORP.4.A13 rule.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-03-25 12:22:53 +01:00
fenn-cs
2792d8b3f5 feat: Limit email input on auth pages to 255 chars 
Excessively long emails reported make server unresponsive.

We could at some point, consider adding a configuration for sysadmins to bypass this setting
on their instance if they want.

Signed-off-by: fenn-cs <fenn25.fn@gmail.com>
 2024-03-21 10:34:55 +01:00
Eduardo Morales
0de6cc7472 feat: added login's initial possible email-states 
Signed-off-by: Eduardo Morales <emoral435@gmail.com>
 2024-03-10 10:32:21 -05:00
provokateurin
2c51933b6b
refactor(core): Switch to attribute based routing 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-02-21 12:07:50 +01:00
provokateurin
d95e500e45
feat(core): Expose the confirm password endpoint 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-02-20 08:04:13 +01:00
provokateurin
b64ab5fba8
refactor: Migrate IgnoreOpenAPI attributes to OpenAPI 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-01-18 16:14:17 +01:00
Gaspard d'Hautefeuille
08ff644f3c Keep https check 
https://github.com/nextcloud/server/issues/41196 + keep https check

Co-authored-by: Louis <louis@chmn.me>
Signed-off-by: Gaspard d'Hautefeuille <github@dhautefeuille.eu>
 2024-01-05 04:20:26 +01:00
Gaspard d'Hautefeuille
85911cbab2 Cancel PR #37405, remove regression code 
Signed-off-by: Gaspard d'Hautefeuille <github@dhautefeuille.eu>
 2024-01-05 04:20:26 +01:00
Joas Schilling
aa5f037af7
chore: apply changes from Nextcloud coding standards 1.1.1 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2023-11-23 10:36:13 +01:00
Christoph Wurst
a5422a3998
fix: Show error message when CSRF check fails at login 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-11-08 15:18:34 +01:00
Marcel Müller
c2393fb712 Reset BFP for sudo action 
Signed-off-by: Marcel Müller <marcel-mueller@gmx.de>
 2023-10-28 18:36:43 +02:00
Joas Schilling
25309bcb45
techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-08-28 15:50:45 +02:00
jld3103
1be836273d
core: Add OpenAPI spec 
Signed-off-by: jld3103 <jld3103yt@gmail.com>
 2023-07-13 07:24:15 +02:00
Faraz Samapoor
d64aa85b04 Applies agreed-upon indentation convention to the changed controllers. 
Based on https://github.com/nextcloud/server/pull/38636#discussion_r1218167753

Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>
 2023-06-16 19:29:40 +02:00
Faraz Samapoor
73b7096850 Fixes psalm error. 
Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>
 2023-06-16 19:29:40 +02:00
Faraz Samapoor
468aefc649 Fixes php-cs-fixer error. 
Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>
 2023-06-16 19:29:40 +02:00
Faraz Samapoor
4bf610ebaf Refactors controllers by using PHP8's constructor property promotion. 
Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>
 2023-06-16 19:29:40 +02:00
Faraz Samapoor
a1ef0285f8 Refactors "strpos" calls in /core to improve code readability. 
Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>
 2023-06-02 13:13:19 +03:30
jld3103
02f9c3a06f
Use implementations instead of interfaces for accessing private methods 
Signed-off-by: jld3103 <jld3103yt@gmail.com>
 2023-03-30 12:33:46 +02:00
Git'Fellow
cfd7a57184 Send header to all browsers under HTTPS 
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>

Don't send Clear-Site-Data to Safari

Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>

Fix lint

Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
 2023-03-26 15:29:01 +02:00
Simon L
6496748971 fix the login log entry 
Signed-off-by: Simon L <szaimen@e.mail.de>
 2023-01-30 17:07:44 +01:00
Christoph Wurst
20e00cdf17
feat(app-framework): Add UseSession attribute to replace annotation 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-27 09:40:35 +01:00
Christoph Wurst
20fcfb5739
feat(app framework)!: Inject services into controller methods 
Usually Nextcloud DI goes through constructor injection. This has the
implication that each instance of a class builds the full DI tree. That
is the injected services, their services, etc. Occasionally there is a
service that is only needed for one controller method. Then the DI tree
is build regardless if used or not.

If services are injected into the method, we only build the DI tree if
that method gets executed.

This is also how Laravel allows injection.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-18 14:00:38 +01:00
Christoph Wurst
f22101d421
Fix login loop if login CSRF fails and user is not logged in 
If CSRF fails but the user is logged in that they probably logged in in
another tab. This is fine. We can just redirect.
If CSRF fails and the user is also not logged in then something is
fishy. E.g. because Nextcloud contantly regenrates the session and the
CSRF token and the user is stuck in an endless login loop.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-18 09:39:17 +01:00
Joas Schilling
9cfaf27142
Also limit the password length on reset 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-01-03 16:36:01 +01:00
Christoph Wurst
138deec333
chore: Make the LoginController strict 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2022-12-15 10:52:28 +01:00
Joas Schilling
85eb3b2920
Fix wording of undeliverable push notifications 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-08-31 12:42:31 +02:00
Carl Schwan
253118298d Redesign guest pages for better accessibility 
- Use white box and put content on it
- Improve focus indicator

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-07-27 10:43:21 +02:00
Christopher Ng
92500e810f Identify the login page explicitly by the page title 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2022-07-20 23:55:50 +00:00
Carl Schwan
b70c6a128f Update core to PHP 7.4 standard 
- Typed properties
- Port to LoggerInterface

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-05-20 22:18:06 +02:00
Vitor Mattos
d613b32045
add check isFairUseOfFreePushService on login 
Signed-off-by: Vitor Mattos <vitor@php.rio>
 2021-10-23 00:54:50 +02:00
Daniel Rudolf
e478db9161
Deprecate RedirectToDefaultAppResponse 
Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
 2021-07-01 15:13:08 +02:00
Daniel Rudolf
12059eb65b
Add IUrlGenerator::linkToDefaultPageUrl() 
Replaces the deprecated \OC_Util::getDefaultPageUrl() and makes this API public.

Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
 2021-06-30 16:20:57 +02:00
John Molakvoæ (skjnldsv)
215aef3cbd
Update php licenses 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2021-06-04 22:02:41 +02:00
Joas Schilling
69290781ff Handle device login like an alternative login 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-04-20 09:11:33 +02:00
Roeland Jago Douma
4076dfb019 Allow admins to disable the login form 
In case they want to not allow this because they use SSO (and do not
want the users to enter their credentials there by accident).

?direct=1 still works.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2021-03-08 15:36:47 +01:00
dependabot-preview[bot]
eb502c02ff
Bump nextcloud/coding-standard from 0.3.0 to 0.5.0 
Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 0.3.0 to 0.5.0.
- [Release notes](https://github.com/nextcloud/coding-standard/releases)
- [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nextcloud/coding-standard/compare/v0.3.0...v0.5.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-02-18 13:31:24 +01:00
Julius Härtl
d7a80293ab
Keep direct login active when redirecting 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2021-02-01 14:25:56 +01:00
Roeland Jago Douma
f57b93098b
Do not redirect to logout after login 
This can happen when the session was killed due to a timeout. Then
logout was triggered. Nobody wants to login only to be logged out again.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2021-01-15 09:35:51 +01:00