nextcloud

mirror of https://github.com/nextcloud/server.git synced 2026-02-17 01:41:05 -05:00

Author	SHA1	Message	Date
Côme Chilliet	0cf418462c	Support PHP 7.3 for stable23 Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2022-11-03 17:46:10 +01:00
Côme Chilliet	19c1587ec4	Add rate limiting on lost password emails Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2022-11-03 16:45:37 +01:00
Christopher Ng	726d37f941	Improve handling of profile page Signed-off-by: Christopher Ng <chrng8@gmail.com>	2022-08-22 23:43:19 +00:00
Joas Schilling	7cee0eb8c1	Show user account on grant loginflow step Signed-off-by: Joas Schilling <coding@schilljs.com>	2022-05-16 10:17:11 +00:00
Vincent Petry	eed25090d9	Add direct arg to login flow Signed-off-by: Vincent Petry <vincent@nextcloud.com> Co-Authored-by: Carl Schwan <carl@carlschwan.eu>	2022-04-14 14:31:41 +02:00
Christopher Ng	8bef2ec925	Add global profile toggle config Signed-off-by: Christopher Ng <chrng8@gmail.com> (cherry picked from commit `1fc0b4320c`)	2022-03-25 03:53:54 +00:00
Carl Schwan	4f9fbf8dfb	Fix caching of the user avatar Now on firefox/safari it is only refetched once a day. On Chrom{e,ium} we keep the previous behavior of maybe refetching it more often. This also notify the user about this behavior when they upload an avatar picture. Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2022-03-02 18:42:03 +01:00
Carl Schwan	f6d0bb419e	Improve caching policy * Cache css with version in url. This makes most js and css requests to be cached by the browser * Force caching previews, the etag is in the url so that if the propfind gives a new etag, we will refresh it otherwise it's no use to try to fetch the new etag and do tons of DB queries Tested with firefox and 'debug' => false (important so that the js/css urls are generated with ?v= parameter) Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2022-02-18 14:28:24 +01:00
Christopher Ng	2063c58623	Improve installation pages Signed-off-by: Christopher Ng <chrng8@gmail.com> (cherry picked from commit `22768769c3`) Signed-off-by: nextcloud-command <nextcloud-command@users.noreply.github.com>	2022-01-19 00:42:55 +00:00
Christopher Ng	3a68a36ee4	Hide user status from public Signed-off-by: Christopher Ng <chrng8@gmail.com>	2021-11-24 10:33:33 +00:00
Christoph Wurst	ea38a798f3	Explicitly allow some routes without 2FA Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2021-11-18 13:03:39 +01:00
Joas Schilling	fa036b2001	Move common logic to share manager Signed-off-by: Joas Schilling <coding@schilljs.com>	2021-11-09 10:10:53 +01:00
Christopher Ng	f4307ef4b1	Respect user enumeration settings on profile Signed-off-by: Christopher Ng <chrng8@gmail.com>	2021-11-05 21:33:03 +00:00
Vitor Mattos	d613b32045	add check isFairUseOfFreePushService on login Signed-off-by: Vitor Mattos <vitor@php.rio>	2021-10-23 00:54:50 +02:00
Joas Schilling	3ce3c0f117	Add an OCS endpoint for the hovercard contact actions Signed-off-by: Joas Schilling <coding@schilljs.com>	2021-10-20 10:22:40 +02:00
Christopher Ng	309354852f	Profile backend Signed-off-by: Christopher Ng <chrng8@gmail.com>	2021-10-19 04:59:35 +00:00
Julius Härtl	d68f028251	Merge pull request #27733 from PhrozenByte/enhancement/noid/IURLGenerator-linkToDefaultPageUrl	2021-10-05 13:06:59 +02:00
Pytal	3a94d7c2ea	Merge pull request #28794 from nextcloud/fix/noid/guest-activation-pwd-reset-disabled allow using of disabled password reset mechanism for special cases	2021-09-14 18:29:10 -07:00
Arthur Schiwon	a843d3c5db	allow using of disabled password reset mechanism for special cases - LostController has three endpoints - door opener email() still rejects - resetform(), reachable from mail, checks the token first and may report that password reset is disabled - setPassword() got its check removed as it is behind CSFR anyway and still requires a valid token - this allows special cases like activating a freshly created guest account Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2021-09-10 22:48:16 +02:00
Arthur Schiwon	6857136f06	fixes missing prefix to validate password reset token - also fixes the test which missed asserting the presence of it Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2021-09-10 19:06:50 +02:00
Arthur Schiwon	a20de15b43	add a job to clean up expired verification tokens Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2021-09-09 14:03:35 +02:00
Arthur Schiwon	19cc757531	move verification token logic out of lost password controller - to make it reusable - needed for local email verification Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2021-09-09 14:03:29 +02:00
Lukas Reschke	2994dbe215	Fix codestyle Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2021-09-06 10:53:01 +00:00
Lukas Reschke	dd054b2ee8	Check if SVG path is valid Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2021-09-06 10:46:12 +00:00
Christoph Wurst	4b0e18ae1b	Merge pull request #27294 from pjft/patch-2 Update TwoFactorChallengeController.php	2021-08-19 12:40:40 +02:00
Jonas Meurer	7c76e85dde	Use IURLGenerator function to get value of `\OC::$WEBROOT` global Signed-off-by: Jonas Meurer <jonas@freesources.org>	2021-08-16 10:56:47 +02:00
Jonas Meurer	5f5bacde8f	UnifiedSearchController: strip webroot from URL before finding a route This should fix route matching in UnifiedSearchController on setups with Nextcloud in a subfolder (webroot). Fixes: #24144 Signed-off-by: Jonas Meurer <jonas@freesources.org>	2021-08-16 10:56:25 +02:00
Daniel Rudolf	4d7430949a	Remove usage of \OC_Util::getDefaultPageUrl() and \OC_Util::redirectToDefaultPage() Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>	2021-08-04 19:02:57 +02:00
Daniel Rudolf	aa455e71d9	Merge branch 'master' into enhancement/noid/IURLGenerator-linkToDefaultPageUrl	2021-08-04 18:52:55 +02:00
Daniel Rudolf	e478db9161	Deprecate RedirectToDefaultAppResponse Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>	2021-07-01 15:13:08 +02:00
Gary Kim	b78f3a57d1	Migrate HintException to OCP Signed-off-by: Gary Kim <gary@garykim.dev>	2021-06-30 15:28:02 -04:00
Daniel Rudolf	12059eb65b	Add IUrlGenerator::linkToDefaultPageUrl() Replaces the deprecated \OC_Util::getDefaultPageUrl() and makes this API public. Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>	2021-06-30 16:20:57 +02:00
pjft	b1086e25bb	Add logging to 2FA failure For security reasons, we may want to monitor failures of 2FA challenges in order to ban attackers who might try to access compromised accounts but are stopped by the 2FA challenge. Right now, the only hindrance is rate-limiting, but it's probably not enough. Added dependency injection. Signed-off-by: pjft <paulo.j.tavares@gmail.com>	2021-06-21 20:43:12 +01:00
Julius Härtl	c0474ba364	Use product name in places where it is appropriate rather than the instance name Signed-off-by: Julius Härtl <jus@bitgrid.net>	2021-06-16 11:42:53 +02:00
Morris Jobke	2ae60b42ab	Merge pull request #26494 from rigrig/fix-php8-deprecations Fix some php 8 warnings	2021-06-07 23:30:59 +02:00
John Molakvoæ (skjnldsv)	215aef3cbd	Update php licenses Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	2021-06-04 22:02:41 +02:00
Richard de Boer	f23d057ad9	Fix functions taking optional parameters before required ones PHP 8 shows deprecation warnings about this, see #25806 Removes the "default" values, as they actually are required parameters anyway. Signed-off-by: Richard de Boer <git@tubul.net>	2021-05-29 14:14:52 +02:00
Joas Schilling	69290781ff	Handle device login like an alternative login Signed-off-by: Joas Schilling <coding@schilljs.com>	2021-04-20 09:11:33 +02:00
Roeland Jago Douma	b43e21d186	Merge pull request #26401 from nextcloud/enh/handle-avatar-upload-errors Show informative errors on avatar upload error	2021-04-08 16:12:36 +02:00
Robin Appelman	c232a40bdf	remove leftover debug @NoCSRFRequired introduced with #26198 Signed-off-by: Robin Appelman <robin@icewind.nl>	2021-04-01 13:51:53 +02:00
Julien Veyssier	7b69897474	show informative errors in log and UI on avatar upload error in user settings Signed-off-by: Julien Veyssier <eneiluj@posteo.net>	2021-04-01 11:55:13 +02:00
Robin Appelman	b38618c813	use node search api for legacy file search endpoint Signed-off-by: Robin Appelman <robin@icewind.nl>	2021-03-19 16:08:01 +01:00
Roeland Jago Douma	4076dfb019	Allow admins to disable the login form In case they want to not allow this because they use SSO (and do not want the users to enter their credentials there by accident). ?direct=1 still works. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2021-03-08 15:36:47 +01:00
Christoph Wurst	7be2ce82e7	Merge pull request #25544 from nextcloud/refactor/app-password-created-event Move app_password_created to a typed event	2021-03-02 08:18:59 +01:00
Christoph Wurst	5026d2cca1	Merge pull request #25086 from nextcloud/dependabot/composer/nextcloud/coding-standard-0.5.0 Bump nextcloud/coding-standard from 0.3.0 to 0.5.0	2021-02-18 14:05:54 +01:00
dependabot-preview[bot]	eb502c02ff	Bump nextcloud/coding-standard from 0.3.0 to 0.5.0 Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 0.3.0 to 0.5.0. - [Release notes](https://github.com/nextcloud/coding-standard/releases) - [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md) - [Commits](https://github.com/nextcloud/coding-standard/compare/v0.3.0...v0.5.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2021-02-18 13:31:24 +01:00
Joas Schilling	6ed4aaeeea	Send emails on password reset to the displayname Signed-off-by: Joas Schilling <coding@schilljs.com>	2021-02-18 12:38:43 +01:00
Joas Schilling	83755b7b02	Make new result parts optional Signed-off-by: Joas Schilling <coding@schilljs.com>	2021-02-12 16:21:47 +01:00
Christoph Wurst	f8808e260d	Move app_password_created to a typed event Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2021-02-09 18:49:35 +01:00
Julius Härtl	d7a80293ab	Keep direct login active when redirecting Signed-off-by: Julius Härtl <jus@bitgrid.net>	2021-02-01 14:25:56 +01:00

1 2 3 4 5 ...

479 commits