nextcloud

mirror of https://github.com/nextcloud/server.git synced 2026-02-13 15:54:59 -05:00

Author	SHA1	Message	Date
Louis Chemineau	242164f0fd	feat: Close sessions created for login flow v2 Sessions created during the login flow v2 should be short lived to not leave an unexpected opened session in the browser. This commit add a property to the session object to track its origin, and will close it as soon as possible, i.e., on the first non public page request. Signed-off-by: Louis Chemineau <louis@chmn.me>	2025-03-03 12:07:32 +01:00
Arthur Schiwon	72feb5abcc	Merge pull request #45812 from nextcloud/backport/43942/stable26 [stable26] fix(Session): avoid password confirmation on SSO	2024-06-18 19:10:29 +02:00
Daniel Kesselberg	38a4771f31	test: add tests for ProfilePageController Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2024-06-14 19:09:08 +02:00
Arthur Schiwon	06c64fdbc6	style(PHP): remove unacceptable empty lines Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2024-06-12 19:35:37 +02:00
Arthur Schiwon	eea5e1cca2	fix(Session): avoid password confirmation on SSO SSO backends like SAML and OIDC tried a trick to suppress password confirmations as they are not possible by design. At least for SAML it was not reliable when existing user backends where used as user repositories. Now we are setting a special scope with the token, and also make sure that the scope is taken over when tokens are regenerated. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2024-06-12 19:35:37 +02:00
Julien Veyssier	9805c0f137	make OAuth2 authorization code expire Signed-off-by: Julien Veyssier <julien-nc@posteo.net>	2024-01-22 13:06:15 +01:00
Christoph Wurst	f3c1bd610c	fix(unifiedsearch): Allow searching for "0" empty("0") evaluates to true Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-09-28 15:50:10 +00:00
Maxence Lange	1bd9d9143b	ocm services Signed-off-by: Maxence Lange <maxence@artificial-owl.com>	2023-09-22 19:46:42 -01:00
Joas Schilling	5fdfb65baa	fix(core): Add password confirmation requirement for getapppassword Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-07-17 12:11:08 +02:00
Joas Schilling	e4b987142c	fix(lostpassword): Also rate limit the setPassword endpoint Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-05-15 15:57:25 +02:00
Joas Schilling	35b083449a	feat(translation): Allow guests to use translations as well Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-04-13 09:09:44 +02:00
Joas Schilling	5a502c6973	fix(translation): Use 400 as status code to be distinguishable from server errors Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-04-13 09:09:43 +02:00
Joas Schilling	98e90ebd24	fix(translation): Properly set the numbers as HTTP status code Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-04-13 09:09:43 +02:00
Joas Schilling	e9cb759c97	fix(translation): Translate error messages on translations API Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-04-13 09:09:42 +02:00
Christopher Ng	82bbcca720	Improve handling of profile fields Signed-off-by: Christopher Ng <chrng8@gmail.com> (cherry picked from commit `7bc8b543be`)	2023-04-03 15:52:22 -07:00
Julius Härtl	a0ecc37d03	fix(translation): Allow regular users to use translation api endpoints Signed-off-by: Julius Härtl <jus@bitgrid.net>	2023-02-28 09:29:57 +01:00
Julius Härtl	3e63298381	feat(translations): Add translation provider API Signed-off-by: Julius Härtl <jus@bitgrid.net>	2023-02-27 16:52:03 +01:00
MichaIng	0d67fc23f4	Merge pull request #36634 from nextcloud/fix/client-login-flow/state-token-missing-response fix(client-login-flow): Use correct response for missing state token	2023-02-27 16:34:07 +01:00
Julien Veyssier	01cefbd6d6	[reference preview] fix getting null mimetype if the cached reference lacks an image content type Signed-off-by: Julien Veyssier <julien-nc@posteo.net>	2023-02-22 12:39:26 +01:00
Simon L	a747be3544	Merge pull request #36443 from nextcloud/fix/23063/fix-login-log-entry fix the login log entry	2023-02-15 18:13:59 +01:00
Christoph Wurst	024adc14b1	fix(client-login-flow): Use correct response for missing state token Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-02-09 14:11:28 +01:00
Joas Schilling	59578817f5	Merge pull request #36489 from nextcloud/bugfix/noid/brute-force-protection-password-reset Add bruteforce protection to password reset page	2023-02-06 22:12:25 +01:00
Christoph Wurst	88d116ba84	fix(client-login-flow): Handle missing stateToken gracefully Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-02-06 09:42:15 +01:00
Joas Schilling	704eb3aa6c	Add bruteforce protection to password reset page Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-02-02 06:13:49 +01:00
Simon L	6496748971	fix the login log entry Signed-off-by: Simon L <szaimen@e.mail.de>	2023-01-30 17:07:44 +01:00
Christoph Wurst	7269766e05	Merge pull request #36363 from nextcloud/feat/app-framework/usesession-attribute feat(app-framework): Add UseSession attribute to replace annotation	2023-01-27 16:59:14 +01:00
Julien Veyssier	8766e4f242	handle and return touchProvider errors Signed-off-by: Julien Veyssier <julien-nc@posteo.net>	2023-01-27 11:10:56 +01:00
Julien Veyssier	946a1af9fd	add 'last used timestamp' management for reference providers Signed-off-by: Julien Veyssier <julien-nc@posteo.net>	2023-01-27 11:10:56 +01:00
Julien Veyssier	6431c5a559	extend the reference API for the new link picker - add 2 interfaces for discoverable and searchable reference providers - new OCS route to get info on discoverable/searchable reference providers - new abstract ADiscoverableReferenceProvider that only implements jsonSerialize - listen to RenderReferenceEvent to inject provider list with initial state Signed-off-by: Julien Veyssier <julien-nc@posteo.net>	2023-01-27 11:10:55 +01:00
Christoph Wurst	20e00cdf17	feat(app-framework): Add UseSession attribute to replace annotation Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-01-27 09:40:35 +01:00
Côme Chilliet	f5c361cf44	composer run cs:fix Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-01-20 11:45:08 +01:00
Simon L	06a572ff55	Merge pull request #27492 from cyclops8456/feature/24301-remove-can-install-on-occ-maintenance-install Remove the CAN_INSTALL file when occ maintenance:install is complete	2023-01-18 19:53:02 +01:00
Christoph Wurst	20fcfb5739	feat(app framework)!: Inject services into controller methods Usually Nextcloud DI goes through constructor injection. This has the implication that each instance of a class builds the full DI tree. That is the injected services, their services, etc. Occasionally there is a service that is only needed for one controller method. Then the DI tree is build regardless if used or not. If services are injected into the method, we only build the DI tree if that method gets executed. This is also how Laravel allows injection. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-01-18 14:00:38 +01:00
Christoph Wurst	f22101d421	Fix login loop if login CSRF fails and user is not logged in If CSRF fails but the user is logged in that they probably logged in in another tab. This is fine. We can just redirect. If CSRF fails and the user is also not logged in then something is fishy. E.g. because Nextcloud contantly regenrates the session and the CSRF token and the user is stuck in an endless login loop. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-01-18 09:39:17 +01:00
Alex Harpin	644df591b1	Rename canInstallExists method and add new method for removal Rename canInstallExists to shouldRemoveCanInstallFile to cover removal of this file for non-git channels and logging any failure to remove it. Add new method to detect if this file exists during web based installation. Signed-off-by: Alex Harpin <development@landsofshadow.co.uk>	2023-01-10 11:59:06 +00:00
Alex Harpin	72af140723	Move CAN_INSTALL check to method and remove unlink from SetupController Move the check for the CAN_INSTALL file in the config directory to a method in the Setup class and remove the call to unlink from the SetupController as this in now handled in the Setup class. Signed-off-by: Alex Harpin <development@landsofshadow.co.uk>	2023-01-10 11:59:06 +00:00
Joas Schilling	b4a29644cc	Add a const for the max user password length Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-01-04 11:23:43 +01:00
Joas Schilling	9cfaf27142	Also limit the password length on reset Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-01-03 16:36:01 +01:00
Christoph Wurst	138deec333	chore: Make the LoginController strict Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2022-12-15 10:52:28 +01:00
Daniel Kesselberg	b5f6ecfb00	Fix GH-33187 $this->userId is null when loggedin via app password. Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2022-12-12 19:12:18 +00:00
Richard Steinmetz	fc4dd3041c	Fix default redirect on successful WebAuthn login Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>	2022-12-05 12:51:53 +01:00
Simon L	23f336761e	Merge pull request #35385 from pulsejet/patch-previewtype Fix type of PreviewController::$userId	2022-12-03 19:09:37 +01:00
Carl Schwan	6c76443e89	Revert unrelated change from #34940 Probably a left over from an experience that I added by mistake in the change Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2022-12-02 11:29:38 +01:00
Varun Patil	136b2c5949	Fix type of PreviewController::$userId Can be null if not logged in; currently crashes Signed-off-by: Varun Patil <varunpatil@ucla.edu>	2022-11-24 02:33:31 -08:00
Carl Schwan	86d9626901	Add mastodon personal info field Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2022-11-21 16:28:56 +01:00
Julius Härtl	8629d8e44f	Check share attributes on preview endpoints Signed-off-by: Julius Härtl <jus@bitgrid.net>	2022-10-25 11:35:31 +02:00
Julius Härtl	11bedf1c3b	Use proper error pages instead of always redirecting Signed-off-by: Julius Härtl <jus@bitgrid.net>	2022-10-21 15:12:21 +02:00
John Molakvoæ (skjnldsv)	bd303388e3	Cleanup ie and old edge properties Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	2022-10-19 10:02:51 +02:00
Côme Chilliet	71ee292650	Add rate limiting on lost password emails Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2022-10-18 14:49:02 +00:00
Julien Veyssier	6e03d99ab8	fix reference preview endpoint when no server-side cache configured Signed-off-by: Julien Veyssier <eneiluj@posteo.net>	2022-10-13 15:18:21 +02:00

1 2 3 4 5 ...

563 commits