nextcloud

mirror of https://github.com/nextcloud/server.git synced 2026-02-25 19:04:38 -05:00

Author	SHA1	Message	Date
Git'Fellow	346054f854	Fix tests Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>	2023-03-28 09:41:04 +02:00
Joas Schilling	59578817f5	Merge pull request #36489 from nextcloud/bugfix/noid/brute-force-protection-password-reset Add bruteforce protection to password reset page	2023-02-06 22:12:25 +01:00
Joas Schilling	875e6cf7e6	fix(CI): Adjust expected result Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-02-06 11:26:38 +01:00
Christoph Wurst	88d116ba84	fix(client-login-flow): Handle missing stateToken gracefully Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-02-06 09:42:15 +01:00
Côme Chilliet	003cc2b45a	Fix tests failures (number of calls differed with last rebase) Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-01-24 09:38:20 +01:00
Carl Schwan	a23cd7b961	Fix a bunch of deprecation in the phpunit for core Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2023-01-24 09:34:09 +01:00
Côme Chilliet	f5c361cf44	composer run cs:fix Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-01-20 11:45:08 +01:00
Christoph Wurst	20fcfb5739	feat(app framework)!: Inject services into controller methods Usually Nextcloud DI goes through constructor injection. This has the implication that each instance of a class builds the full DI tree. That is the injected services, their services, etc. Occasionally there is a service that is only needed for one controller method. Then the DI tree is build regardless if used or not. If services are injected into the method, we only build the DI tree if that method gets executed. This is also how Laravel allows injection. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-01-18 14:00:38 +01:00
Christoph Wurst	f22101d421	Fix login loop if login CSRF fails and user is not logged in If CSRF fails but the user is logged in that they probably logged in in another tab. This is fine. We can just redirect. If CSRF fails and the user is also not logged in then something is fishy. E.g. because Nextcloud contantly regenrates the session and the CSRF token and the user is stuck in an endless login loop. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-01-18 09:39:17 +01:00
Christoph Wurst	138deec333	chore: Make the LoginController strict Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2022-12-15 10:52:28 +01:00
Julius Härtl	8629d8e44f	Check share attributes on preview endpoints Signed-off-by: Julius Härtl <jus@bitgrid.net>	2022-10-25 11:35:31 +02:00
Côme Chilliet	1cb0c2ac52	Fix LostController test Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2022-10-18 14:49:02 +00:00
Joas Schilling	67ecd72972	Fix unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>	2022-08-31 20:54:39 +02:00
Arthur Schiwon	b3b6f2d581	fix Controller tests - added pageTitle in code was missing in expectations - fixed warnings of superflouos parameter - fixed wrong type of mock Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2022-07-22 22:15:41 +02:00
Thomas Citharel	abe5ff3654	Make LostController use IInitialState and LoggerInterface Signed-off-by: Thomas Citharel <tcit@tcit.fr>	2022-06-10 16:41:41 +02:00
Thomas Citharel	6283d14fa6	Modernize the LostControllerTest test Remove some depreciated at() calls Signed-off-by: Thomas Citharel <tcit@tcit.fr>	2022-06-10 16:41:41 +02:00
Thomas Citharel	44e13848a1	Add password reset typed events These hooks are only used in the Encryption app from what I can see. Signed-off-by: Thomas Citharel <tcit@tcit.fr>	2022-06-10 16:41:41 +02:00
Carl Schwan	b70c6a128f	Update core to PHP 7.4 standard - Typed properties - Port to LoggerInterface Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2022-05-20 22:18:06 +02:00
Joas Schilling	6084d691b0	Merge pull request #32375 from nextcloud/bugfix/noid/show-user-account-on-grant-loginflow-step Show user account on grant loginflow step	2022-05-16 11:18:22 +02:00
Joas Schilling	40b9769d4d	Extend tests Signed-off-by: Joas Schilling <coding@schilljs.com>	2022-05-16 10:33:30 +02:00
Thomas Citharel	232322fe06	Modernize contacts menu Signed-off-by: Thomas Citharel <tcit@tcit.fr>	2022-05-12 18:31:59 +02:00
John Molakvoæ	3c6253f965	Remove old legacy SvgController and IconsCacher Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>	2022-05-10 23:24:07 +02:00
Louis Chemineau	8a2cf5bb68	Do not dispatch postSetPassword when setPassword fails Also Improve error message when setPassword fails Signed-off-by: Louis Chemineau <louis@chmn.me>	2022-05-05 17:21:23 +02:00
Joas Schilling	6e4d721278	Expose shareWithDisplayNameUnique also on autocomplete endpoint Signed-off-by: Joas Schilling <coding@schilljs.com>	2022-05-03 12:51:23 +02:00
Vincent Petry	80388663af	Add direct arg to login flow Signed-off-by: Vincent Petry <vincent@nextcloud.com> Co-Authored-by: Carl Schwan <carl@carlschwan.eu>	2022-03-28 10:28:45 +02:00
Joas Schilling	6dd60b6d30	Only allow avatars in 64 and 512 pixel size Signed-off-by: Joas Schilling <coding@schilljs.com>	2022-02-07 16:47:51 +01:00
Julius Härtl	61dd1d3d97	Pass username prefill through unauthenticated request redirects Signed-off-by: Julius Härtl <jus@bitgrid.net>	2021-12-29 11:52:31 +01:00
Côme Chilliet	8b271b8a12	Fix tests and avoid PHP errors in them Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2021-11-23 09:29:01 +01:00
Joas Schilling	f8463e1fc6	Fix missing import of ILogger Signed-off-by: Joas Schilling <coding@schilljs.com>	2021-11-02 16:47:16 +01:00
Vitor Mattos	d613b32045	add check isFairUseOfFreePushService on login Signed-off-by: Vitor Mattos <vitor@php.rio>	2021-10-23 00:54:50 +02:00
Julius Härtl	d68f028251	Merge pull request #27733 from PhrozenByte/enhancement/noid/IURLGenerator-linkToDefaultPageUrl	2021-10-05 13:06:59 +02:00
Arthur Schiwon	6857136f06	fixes missing prefix to validate password reset token - also fixes the test which missed asserting the presence of it Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2021-09-10 19:06:50 +02:00
Arthur Schiwon	19cc757531	move verification token logic out of lost password controller - to make it reusable - needed for local email verification Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2021-09-09 14:03:29 +02:00
Lukas Reschke	19ad636373	Resolve absolute path in tests Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2021-09-06 21:26:27 +02:00
Christoph Wurst	4b0e18ae1b	Merge pull request #27294 from pjft/patch-2 Update TwoFactorChallengeController.php	2021-08-19 12:40:40 +02:00
Daniel Rudolf	aa455e71d9	Merge branch 'master' into enhancement/noid/IURLGenerator-linkToDefaultPageUrl	2021-08-04 18:52:55 +02:00
Daniel Rudolf	e478db9161	Deprecate RedirectToDefaultAppResponse Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>	2021-07-01 15:13:08 +02:00
Gary Kim	b78f3a57d1	Migrate HintException to OCP Signed-off-by: Gary Kim <gary@garykim.dev>	2021-06-30 15:28:02 -04:00
Daniel Rudolf	0df68f0697	Remove unused imports Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>	2021-06-30 16:48:22 +02:00
Daniel Rudolf	12059eb65b	Add IUrlGenerator::linkToDefaultPageUrl() Replaces the deprecated \OC_Util::getDefaultPageUrl() and makes this API public. Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>	2021-06-30 16:20:57 +02:00
pjft	b1086e25bb	Add logging to 2FA failure For security reasons, we may want to monitor failures of 2FA challenges in order to ban attackers who might try to access compromised accounts but are stopped by the 2FA challenge. Right now, the only hindrance is rate-limiting, but it's probably not enough. Added dependency injection. Signed-off-by: pjft <paulo.j.tavares@gmail.com>	2021-06-21 20:43:12 +01:00
Vincent Petry	95e03fba2d	Fix more controller tests in Core subdir Signed-off-by: Vincent Petry <vincent@nextcloud.com>	2021-03-24 09:02:19 +01:00
Vincent Petry	9b8ca1697a	Fix more tests in the Core subdir Signed-off-by: Vincent Petry <vincent@nextcloud.com>	2021-03-24 08:48:28 +01:00
Christoph Wurst	5026d2cca1	Merge pull request #25086 from nextcloud/dependabot/composer/nextcloud/coding-standard-0.5.0 Bump nextcloud/coding-standard from 0.3.0 to 0.5.0	2021-02-18 14:05:54 +01:00
dependabot-preview[bot]	eb502c02ff	Bump nextcloud/coding-standard from 0.3.0 to 0.5.0 Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 0.3.0 to 0.5.0. - [Release notes](https://github.com/nextcloud/coding-standard/releases) - [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md) - [Commits](https://github.com/nextcloud/coding-standard/compare/v0.3.0...v0.5.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2021-02-18 13:31:24 +01:00
Joas Schilling	6ed4aaeeea	Send emails on password reset to the displayname Signed-off-by: Joas Schilling <coding@schilljs.com>	2021-02-18 12:38:43 +01:00
Christoph Wurst	6995223b1e	Add well known handlers API Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-12-16 13:13:05 +01:00
Christoph Wurst	d9015a8c94	Format code to a single space around binary operators Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-10-05 20:25:24 +02:00
Joas Schilling	c2bef528ef	Remove unused members and imports Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-09-08 10:45:35 +02:00
Joas Schilling	a4b2403e29	The privacy setting is only about syncing to other servers Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-09-03 15:46:21 +02:00
Morris Jobke	234b510652	Change PHPDoc type hint from PHPUnit_Framework_MockObject_MockObject to \PHPUnit\Framework\MockObject\MockObject Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2020-08-12 13:55:19 +02:00
Joas Schilling	35c6b1236f	Move AutoComplete::filterResults to new event dispatcher and GenericEvent Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-07-01 09:57:33 +02:00
Arthur Schiwon	653162a709	use the loginname to verify the old password in user password changes Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2020-05-26 16:53:25 +02:00
Daniel Kesselberg	df669a2936	Set etag for capabilities endpoint Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2020-04-29 15:26:46 +02:00
Daniel Kesselberg	72a16b1779	Make it possible to resolve svg for apps_paths outside the document root Previous implementation assumes the app path is always a child \OC::$SERVERROOT. That's not always true. Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2020-04-24 16:19:10 +02:00
Roeland Jago Douma	95ad9ab4ac	Merge pull request #20401 from nextcloud/fix/login-sso-redirct Fix absolute redirect	2020-04-15 11:28:40 +02:00
Christoph Wurst	28f8eb5dba	Add visibility to all constants Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-10 16:54:27 +02:00
Christoph Wurst	caff1023ea	Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-10 14:19:56 +02:00
John Molakvoæ (skjnldsv)	6c49dc2d1f	Fix absolute redirect Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	2020-04-10 08:58:54 +02:00
Christoph Wurst	44577e4345	Remove trailing and in between spaces Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-09 16:07:47 +02:00
Christoph Wurst	afbd9c4e6e	Unify function spacing to PSR2 recommendation Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-09 13:54:22 +02:00
Christoph Wurst	2a529e453a	Use a blank line after the opening tag Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-09 11:50:14 +02:00
Christoph Wurst	2fbad1ed72	Fix (array) indent style to always use one tab Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-09 10:16:08 +02:00
Roeland Jago Douma	53db05a1f6	Start with webauthn Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>	2020-03-31 22:17:07 +02:00
Christoph Wurst	463b388589	Merge pull request #20170 from nextcloud/techdebt/remove-unused-imports Remove unused imports	2020-03-27 17:14:08 +01:00
Christoph Wurst	b80ebc9674	Use the short array syntax, everywhere Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-03-26 16:34:56 +01:00
Christoph Wurst	2ee65f177e	Use the shorter phpunit syntax for mocked return values Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-03-25 22:21:27 +01:00
Christoph Wurst	74936c49ea	Remove unused imports Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-03-25 22:08:08 +01:00
Daniel Kesselberg	68148f4073	Always use status 200 for avatar response As discussed in #18603 caching a 201 response is hard. It's now possible to distinguish between generated and uploaded avatars by reading the X-NC-IsCustomAvatar (0 = generated, 1 = uploaded) header. Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2020-03-01 00:42:24 +01:00
Roeland Jago Douma	da81b71f93	Only allow requesting new CSRF tokens if it passes the SameSite Cookie test Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2020-01-03 13:12:03 +01:00
Roeland Jago Douma	87104ce510	Merge pull request #17784 from nextcloud/enh/disable-clear-site-data-via-config Disable Clear-Site-Data for Chrom* (and Opera, Brave, etc)	2019-12-12 21:59:42 +01:00
Joas Schilling	738e6bf079	Merge pull request #17715 from nextcloud/fix/5456/respect_avatar_privacy Honor avatar visibility settings	2019-12-04 10:28:45 +01:00
Daniel Kesselberg	9378a6b411	Send Clear-Site-Data expect for Chrome Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2019-11-30 15:17:22 +01:00
Roeland Jago Douma	3a7cf40aaa	Mode to modern phpunit Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-11-27 15:27:18 +01:00
Roeland Jago Douma	ef4b59d341	More fixes Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-11-27 13:34:42 +01:00
Roeland Jago Douma	c007ca624f	Make phpunit8 compatible Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-11-27 13:34:41 +01:00
Roeland Jago Douma	68748d4f85	Some php-cs fixes * Order the imports * No leading slash on imports * Empty line before namespace * One line per import * Empty after imports * Emmpty line at bottom of file Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-11-22 20:52:10 +01:00
Roeland Jago Douma	54eb27dab2	Update tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-11-13 20:43:20 +01:00
RussellAult	19791b2460	Check getRedirectUri() for queries Resolves Issue #17885 Check getRedirectUri() for queries, and add a '&' instead of a '?' to $redirectUri if it already has them; otherwise, $redirectUri might end up with two '?'. Signed-off-by: RussellAult <russellault@users.noreply.github.com>	2019-11-13 14:05:03 +01:00
Sergej Nikolaev	1b5d85a4ca	fix oauth client redirect Signed-off-by: Sergej Nikolaev <kinolaev@gmail.com>	2019-10-04 21:09:13 +03:00
Christoph Wurst	de6940352a	Move settings to an app Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>	2019-09-28 09:39:28 +00:00
Daniel Kesselberg	9c4c5ee818	Add test case for existing user with token null Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2019-08-18 23:27:03 +02:00
Daniel Kesselberg	7f7c6e49b6	Return the disabled user mock instead of the existing Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2019-08-18 23:18:39 +02:00
Roeland Jago Douma	6dc179ee12	Fix login flow form actions So fun fact. Chrome considers a redirect after submitting a form part of the form actions. Since we redirect to a new protocol (nc://login/). Causing the form submission to work but the redirect failing hard. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-08-11 19:53:49 +02:00
Roeland Jago Douma	436f7b92d5	Merge pull request #16544 from nextcloud/bugfix/16540 Add missing password reset page to vue	2019-07-31 11:02:20 +02:00
Julius Härtl	3b0d13944a	Move actual password reset to vue Signed-off-by: Julius Härtl <jus@bitgrid.net>	2019-07-31 09:19:07 +02:00
Roeland Jago Douma	b6dd2ebd39	Use proper exception in lostController There is no need to log the expcetion of most of the stuff here. We should properly log them but an exception is excessive. This moves it to a proper exception which we can catch and then log. The other exceptions will still be fully logged. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-07-27 20:12:16 +02:00
Morris Jobke	5c21b29d7f	Merge pull request #16308 from nextcloud/fix/undefined-offset-0 Prevent undefined offset 0 in findByUserIdOrMail	2019-07-10 12:16:36 +02:00
Daniel Kesselberg	d57540ac84	Return first value from $users Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2019-07-09 19:29:14 +02:00
Daniel Kesselberg	6235a66aac	Don't send executionContexts for Clear-Site-Data There are plans to remove executionContexts from the spec: https://github.com/w3c/webappsec-clear-site-data/issues/59 Firefox already removed it https://bugzilla.mozilla.org/show_bug.cgi?id=1548034 Chromium implementation is not finish: https://bugs.chromium.org/p/chromium/issues/detail?id=898503&q=clear-site-data&sort=-modified&colspec=ID%20Pri%20M%20Stars%20ReleaseBlock%20Component%20Status%20Owner%20Summary%20OS%20Modified Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2019-07-09 15:08:25 +02:00
Julius Härtl	d5805df6c2	Fix subscription tests Signed-off-by: Julius Härtl <jus@bitgrid.net>	2019-06-17 16:36:24 +02:00
Christoph Wurst	64c4bb5bce	Vueify the login page Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2019-05-29 11:05:16 +02:00
Roeland Jago Douma	f03eb7ec3c	Remote wipe support This allows a user to mark a token for remote wipe. Clients that support this can then wipe the device properly. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2019-05-20 20:50:27 +02:00
Roeland Jago Douma	528eb1b223	Merge pull request #15304 from nextcloud/enh/2fa_setup_at_login 2FA setup during login	2019-05-17 11:04:42 +02:00
Roeland Jago Douma	579162d7b9	Allow 2FA to be setup on first login Once 2FA is enforced for a user and they have no 2FA setup yet this will now prompt them with a setup screen. Given that providers are enabled that allow setup then. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2019-05-17 10:11:53 +02:00
Roeland Jago Douma	2dcb4cfbd6	Allow clients to delete their own apptoken Fixes #15480 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-05-17 09:52:06 +02:00
Christoph Wurst	170582d4f5	Add a login chain to reduce the complexity of LoginController::tryLogin Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2019-05-07 18:04:36 +02:00
Joas Schilling	55f627d20b	Add an event to the Autocomplete Controller to allow to filter the results Signed-off-by: Joas Schilling <coding@schilljs.com>	2019-02-26 15:32:14 +01:00
Roeland Jago Douma	e819e97829	Login flow V2 This adds the new login flow. The desktop client will open up a browser and poll a returned endpoint at regular intervals to check if the flow is done. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-02-25 07:24:50 +01:00
Daniel Kesselberg	c583c5e7e2	Emit event if app password created Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2019-02-18 17:47:43 +01:00

1 2 3 4 5 ...

318 commits