upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-02-03 20:41:22 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 25
76735 commits 651 branches 1179 tags 8.1 GiB
Commit graph

293 commits

Author SHA1 Message Date
Daniel Kesselberg
af6de04e9e
style: update codestyle for coding-standard 1.2.3 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2024-08-25 19:34:58 +02:00
Julius Härtl
6c1e896a03 fix: Ignore preview requests for invalid file ids 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2024-07-22 22:32:34 +02:00
Benjamin Gaussorgues
e5275dbada feat: don't count failed CSRF as failed login attempt 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-07-11 09:27:33 +02:00
Daniel
e5a6698ec0
Merge pull request #45811 from nextcloud/add-test-for-profile-page-controller 
test: add tests for ProfilePageController
 2024-06-12 14:49:03 +02:00
Daniel Kesselberg
98eb190e04
test: add tests for ProfilePageController 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2024-06-12 11:46:12 +02:00
skjnldsv
8bed23288b fix(files_sharing): dark avatar support 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2024-06-12 10:27:29 +02:00
Andy Scherzinger
1f7e2ba599
chore: Add SPDX header 
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
 2024-05-13 17:41:36 +02:00
Christoph Wurst
22dc27810e
fix(auth): Keep redirect URL during 2FA setup and challenge 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2024-04-19 10:24:26 +02:00
Ferdinand Thiessen
3fede00732
feat(login): Clear login form (password) after IDLE timeout 
For security reasons it is recommended to stop the login process at a defined time,
this could prevent password leaks by e.g. user forgetting that they entered their password on public devices.

Enforced e.g. by the BSI ORP.4.A13 rule.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-03-25 12:22:53 +01:00
Eduardo Morales
685145714a chore: update logincontroller tests 
Signed-off-by: Eduardo Morales <emoral435@gmail.com>
 2024-03-10 11:36:42 -05:00
provokateurin
6243a9471d
feat(core): Add OCS endpoint for confirming the user password 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-02-20 14:28:00 +01:00
John Molakvoæ
4a509dfe8e
fix: phpunit 
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
 2024-02-13 21:06:31 +01:00
Joas Schilling
2ee5c7a8f9
fix(tests): Fix remaining tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-01-09 15:58:02 +01:00
Louis Chemineau
db11313152
Fix tests after slow logout fix 
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2024-01-08 19:09:48 +01:00
Gaspard d'Hautefeuille
85911cbab2 Cancel PR #37405, remove regression code 
Signed-off-by: Gaspard d'Hautefeuille <github@dhautefeuille.eu>
 2024-01-05 04:20:26 +01:00
Joas Schilling
aa5f037af7
chore: apply changes from Nextcloud coding standards 1.1.1 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2023-11-23 10:36:13 +01:00
Ferdinand Thiessen
154a9989a7
Merge pull request #39852 from nextcloud/pragmaHeader 
Stop sending deprecated Pragma header
 2023-10-18 03:30:21 +02:00
Côme Chilliet
ee39a47e84
Fix Dynamic property timeFactory in ClientFlowLoginControllerTest 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-10-09 10:30:54 +02:00
Julien Veyssier
807f173dec
make oauth2 authorization code expire after 10 minutes 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-10-05 14:24:02 +02:00
Joas Schilling
25309bcb45
techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-08-28 15:50:45 +02:00
Git'Fellow
066f6ef16c Stop sending deprecated Pragma header 
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
 2023-08-28 15:11:22 +02:00
John Molakvoæ
266fb31180
fix(tests): preview phpunit 
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
 2023-08-17 18:58:21 +02:00
jld3103
1be836273d
core: Add OpenAPI spec 
Signed-off-by: jld3103 <jld3103yt@gmail.com>
 2023-07-13 07:24:15 +02:00
Joas Schilling
33385d7ecb
fix(tests): Adjust unit tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-05-15 16:12:14 +02:00
Joshua Trees
a4032a3800 Add some tests for input trimming in LostController.php 
Signed-off-by: Joshua Trees <me@jtrees.io>
 2023-04-05 12:15:38 +02:00
Git'Fellow
346054f854
Fix tests 
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
 2023-03-28 09:41:04 +02:00
Joas Schilling
59578817f5
Merge pull request #36489 from nextcloud/bugfix/noid/brute-force-protection-password-reset 
Add bruteforce protection to password reset page
 2023-02-06 22:12:25 +01:00
Joas Schilling
875e6cf7e6
fix(CI): Adjust expected result 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-02-06 11:26:38 +01:00
Christoph Wurst
88d116ba84
fix(client-login-flow): Handle missing stateToken gracefully 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-02-06 09:42:15 +01:00
Côme Chilliet
003cc2b45a
Fix tests failures (number of calls differed with last rebase) 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-24 09:38:20 +01:00
Carl Schwan
a23cd7b961
Fix a bunch of deprecation in the phpunit for core 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2023-01-24 09:34:09 +01:00
Côme Chilliet
f5c361cf44
composer run cs:fix 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-20 11:45:08 +01:00
Christoph Wurst
20fcfb5739
feat(app framework)!: Inject services into controller methods 
Usually Nextcloud DI goes through constructor injection. This has the
implication that each instance of a class builds the full DI tree. That
is the injected services, their services, etc. Occasionally there is a
service that is only needed for one controller method. Then the DI tree
is build regardless if used or not.

If services are injected into the method, we only build the DI tree if
that method gets executed.

This is also how Laravel allows injection.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-18 14:00:38 +01:00
Christoph Wurst
f22101d421
Fix login loop if login CSRF fails and user is not logged in 
If CSRF fails but the user is logged in that they probably logged in in
another tab. This is fine. We can just redirect.
If CSRF fails and the user is also not logged in then something is
fishy. E.g. because Nextcloud contantly regenrates the session and the
CSRF token and the user is stuck in an endless login loop.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-18 09:39:17 +01:00
Christoph Wurst
138deec333
chore: Make the LoginController strict 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2022-12-15 10:52:28 +01:00
Julius Härtl
8629d8e44f
Check share attributes on preview endpoints 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-10-25 11:35:31 +02:00
Côme Chilliet
1cb0c2ac52 Fix LostController test 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-10-18 14:49:02 +00:00
Joas Schilling
67ecd72972
Fix unit tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-08-31 20:54:39 +02:00
Arthur Schiwon
b3b6f2d581
fix Controller tests 
- added pageTitle in code was missing in expectations
- fixed warnings of superflouos parameter
- fixed wrong type of mock

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2022-07-22 22:15:41 +02:00
Thomas Citharel
abe5ff3654
Make LostController use IInitialState and LoggerInterface 
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2022-06-10 16:41:41 +02:00
Thomas Citharel
6283d14fa6
Modernize the LostControllerTest test 
Remove some depreciated at() calls

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2022-06-10 16:41:41 +02:00
Thomas Citharel
44e13848a1
Add password reset typed events 
These hooks are only used in the Encryption app from what I can see.

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2022-06-10 16:41:41 +02:00
Carl Schwan
b70c6a128f Update core to PHP 7.4 standard 
- Typed properties
- Port to LoggerInterface

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-05-20 22:18:06 +02:00
Joas Schilling
6084d691b0
Merge pull request #32375 from nextcloud/bugfix/noid/show-user-account-on-grant-loginflow-step 
Show user account on grant loginflow step
 2022-05-16 11:18:22 +02:00
Joas Schilling
40b9769d4d
Extend tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-05-16 10:33:30 +02:00
Thomas Citharel
232322fe06
Modernize contacts menu 
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2022-05-12 18:31:59 +02:00
John Molakvoæ
3c6253f965
Remove old legacy SvgController and IconsCacher 
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
 2022-05-10 23:24:07 +02:00
Louis Chemineau
8a2cf5bb68 Do not dispatch postSetPassword when setPassword fails 
Also Improve error message when setPassword fails

Signed-off-by: Louis Chemineau <louis@chmn.me>
 2022-05-05 17:21:23 +02:00
Joas Schilling
6e4d721278
Expose shareWithDisplayNameUnique also on autocomplete endpoint 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-05-03 12:51:23 +02:00
Vincent Petry
80388663af Add direct arg to login flow 
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
Co-Authored-by: Carl Schwan <carl@carlschwan.eu>
 2022-03-28 10:28:45 +02:00