nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Joas Schilling	25309bcb45	techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25 Signed-off-by: Joas Schilling <coding@schilljs.com>	2 years ago
jld3103	1be836273d	core: Add OpenAPI spec Signed-off-by: jld3103 <jld3103yt@gmail.com>	3 years ago
Faraz Samapoor	d64aa85b04	Applies agreed-upon indentation convention to the changed controllers. Based on https://github.com/nextcloud/server/pull/38636#discussion_r1218167753 Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>	3 years ago
Faraz Samapoor	73b7096850	Fixes psalm error. Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>	3 years ago
Faraz Samapoor	468aefc649	Fixes php-cs-fixer error. Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>	3 years ago
Faraz Samapoor	4bf610ebaf	Refactors controllers by using PHP8's constructor property promotion. Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>	3 years ago
Faraz Samapoor	a1ef0285f8	Refactors "strpos" calls in /core to improve code readability. Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>	3 years ago
jld3103	02f9c3a06f	Use implementations instead of interfaces for accessing private methods Signed-off-by: jld3103 <jld3103yt@gmail.com>	3 years ago
Git'Fellow	cfd7a57184	Send header to all browsers under HTTPS Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com> Don't send Clear-Site-Data to Safari Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com> Fix lint Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>	3 years ago
Simon L	6496748971	fix the login log entry Signed-off-by: Simon L <szaimen@e.mail.de>	3 years ago
Christoph Wurst	20e00cdf17	feat(app-framework): Add UseSession attribute to replace annotation Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	3 years ago
Christoph Wurst	20fcfb5739	feat(app framework)!: Inject services into controller methods Usually Nextcloud DI goes through constructor injection. This has the implication that each instance of a class builds the full DI tree. That is the injected services, their services, etc. Occasionally there is a service that is only needed for one controller method. Then the DI tree is build regardless if used or not. If services are injected into the method, we only build the DI tree if that method gets executed. This is also how Laravel allows injection. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	3 years ago
Christoph Wurst	f22101d421	Fix login loop if login CSRF fails and user is not logged in If CSRF fails but the user is logged in that they probably logged in in another tab. This is fine. We can just redirect. If CSRF fails and the user is also not logged in then something is fishy. E.g. because Nextcloud contantly regenrates the session and the CSRF token and the user is stuck in an endless login loop. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	3 years ago
Joas Schilling	9cfaf27142	Also limit the password length on reset Signed-off-by: Joas Schilling <coding@schilljs.com>	3 years ago
Christoph Wurst	138deec333	chore: Make the LoginController strict Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	3 years ago
Joas Schilling	85eb3b2920	Fix wording of undeliverable push notifications Signed-off-by: Joas Schilling <coding@schilljs.com>	3 years ago
Carl Schwan	253118298d	Redesign guest pages for better accessibility - Use white box and put content on it - Improve focus indicator Signed-off-by: Carl Schwan <carl@carlschwan.eu>	4 years ago
Christopher Ng	92500e810f	Identify the login page explicitly by the page title Signed-off-by: Christopher Ng <chrng8@gmail.com>	4 years ago
Carl Schwan	b70c6a128f	Update core to PHP 7.4 standard - Typed properties - Port to LoggerInterface Signed-off-by: Carl Schwan <carl@carlschwan.eu>	4 years ago
Vitor Mattos	d613b32045	add check isFairUseOfFreePushService on login Signed-off-by: Vitor Mattos <vitor@php.rio>	4 years ago
Daniel Rudolf	e478db9161	Deprecate RedirectToDefaultAppResponse Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>	5 years ago
Daniel Rudolf	12059eb65b	Add IUrlGenerator::linkToDefaultPageUrl() Replaces the deprecated \OC_Util::getDefaultPageUrl() and makes this API public. Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>	5 years ago
John Molakvoæ (skjnldsv)	215aef3cbd	Update php licenses Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	5 years ago
Joas Schilling	69290781ff	Handle device login like an alternative login Signed-off-by: Joas Schilling <coding@schilljs.com>	5 years ago
Roeland Jago Douma	4076dfb019	Allow admins to disable the login form In case they want to not allow this because they use SSO (and do not want the users to enter their credentials there by accident). ?direct=1 still works. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	5 years ago
dependabot-preview[bot]	eb502c02ff	Bump nextcloud/coding-standard from 0.3.0 to 0.5.0 Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 0.3.0 to 0.5.0. - [Release notes](https://github.com/nextcloud/coding-standard/releases) - [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md) - [Commits](https://github.com/nextcloud/coding-standard/compare/v0.3.0...v0.5.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	5 years ago
Julius Härtl	d7a80293ab	Keep direct login active when redirecting Signed-off-by: Julius Härtl <jus@bitgrid.net>	5 years ago
Roeland Jago Douma	f57b93098b	Do not redirect to logout after login This can happen when the session was killed due to a timeout. Then logout was triggered. Nobody wants to login only to be logged out again. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	5 years ago
Christoph Wurst	cb057829f7	Update license headers for 19 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	28f8eb5dba	Add visibility to all constants Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	caff1023ea	Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
John Molakvoæ (skjnldsv)	6c49dc2d1f	Fix absolute redirect Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	6 years ago
Roeland Jago Douma	53db05a1f6	Start with webauthn Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>	6 years ago
Christoph Wurst	5bf3d1bb38	Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Daniel Kesselberg	9378a6b411	Send Clear-Site-Data expect for Chrome Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	6 years ago
Christoph Wurst	81e35d0c8a	Trim the login name Otherwise we keep on using it with leading or trailing whitespaces for app tokens and other logic. The reason this doesn't throw an error immediately with local users is that (My)SQL compares strings regardless of their padding by default. So we look up 'uid ' and get the row for the user 'uid'. Other back-ends will lead to a hard error, though, and the user is unable to log out as all request fail. Ref https://stackoverflow.com/a/10495807/2239067 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Daniel Kesselberg	6235a66aac	Don't send executionContexts for Clear-Site-Data There are plans to remove executionContexts from the spec: https://github.com/w3c/webappsec-clear-site-data/issues/59 Firefox already removed it https://bugzilla.mozilla.org/show_bug.cgi?id=1548034 Chromium implementation is not finish: https://bugs.chromium.org/p/chromium/issues/detail?id=898503&q=clear-site-data&sort=-modified&colspec=ID%20Pri%20M%20Stars%20ReleaseBlock%20Component%20Status%20Owner%20Summary%20OS%20Modified Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	7 years ago
Christoph Wurst	64c4bb5bce	Vueify the login page Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	7 years ago
Christoph Wurst	170582d4f5	Add a login chain to reduce the complexity of LoginController::tryLogin Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	7 years ago
Roeland Jago Douma	60e5a5eca4	Do not do redirect handling when loggin out Fixes #12568 Since the clearing of the execution context causes another reload. We should not do the redirect_uri handling as this results in redirecting back to the logout page on login. This adds a simple middleware that will just check if the ClearExecutionContext session variable is set. If that is the case it will just redirect back to the login page. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	7 years ago
Michael Weimann	e083e8abc6	Clears the local storage after logout Signed-off-by: Michael Weimann <mail@michael-weimann.eu>	7 years ago
Roeland Jago Douma	e6333c8fe3	Honor remember_login_cookie_lifetime If the remember_login_cookie_lifetime is set to 0 this means we do not want to use remember me at all. In that case we should also not creatae a remember me cookie and should create a proper temp token. Further this specifies that is not 0 the remember me time should always be larger than the session timeout. Because else the behavior is not really defined. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	7 years ago
Roeland Jago Douma	43d6ae7476	Respect the disabled setting for lost_password_link Fixes #11146 As documented when it is set to disabled the user can't request a lost password. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	7 years ago
Rayn0r	85eb43baff	added possibility to disable autocomplete in login form Signed-off-by: Rayn0r <Andre.Weidemann@web.de>	7 years ago
Patrick Conrad	1806baaeaf	Remove cookies from Clear-Site-Data Header In `2f87fb6b45` this header was introduced. The referenced documentation says: > When delivered with a response from https://example.com/clear, the following header will cause cookies associated with the origin https://example.com to be cleared, as well as cookies on any origin in the same registered domain (e.g. https://www.example.com/ and https://more.subdomains.example.com/). This also applies if `https://nextcloud.example.com/` sends the `Clear-Site-Data: "cookies"` header. This is not the behavior we want at this point! So I removed the deletion of cookies from the header. This has no effect on the logout process as this header is supported only recently and the logout works in old browsers as well. Signed-off-by: Patrick Conrad <conrad@iza.org>	7 years ago
Roeland Jago Douma	d9febae5b2	Update all the publickey tokens if needed on web login * On weblogin check if we have invalid public key tokens * If so update them all with the new token This ensures that your marked as invalid tokens work again if you once login on the web. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	7 years ago
Michael Weimann	d855c38e07	Moves the logo files to logo Signed-off-by: Michael Weimann <mail@michael-weimann.eu>	7 years ago
Christoph Wurst	42300d19e9	Fix max length requirements for the throttler metadata If a failed login is logged, we save the username as metadata in the bruteforce throttler. To prevent database error due to very long strings, this truncates the username at 64 bytes in the assumption that no real username is longer than that.long strings, Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	8 years ago
Christoph Wurst	d8197f2b97	Rename providerset method to get primary providers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	8 years ago
Christoph Wurst	c6e47e8a51	Fix login redirection if only one 2FA provider is active Fixes https://github.com/nextcloud/server/issues/10500. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	8 years ago

1 2 3

137 Commits (25309bcb45232bf30fe719bac1776f0136f7cd7a)