nextcloud-server

Commit Graph

Author	SHA1	Message	Date
provokateurin	77114fb327	fix(OpenAPI): Adjust array syntax to avoid ambiguities Signed-off-by: provokateurin <kate@provokateurin.de>	1 year ago
provokateurin	bc5c0262af	refactor(core): Make all attribute arguments named Signed-off-by: provokateurin <kate@provokateurin.de>	2 years ago
provokateurin	c57c3c1573	refactor(core): Replace security annotations with respective attributes Signed-off-by: provokateurin <kate@provokateurin.de>	2 years ago
Benjamin Gaussorgues	e5275dbada	feat: don't count failed CSRF as failed login attempt Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2 years ago
Andy Scherzinger	e07a190641	chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>	2 years ago
Côme Chilliet	ec5133b739	fix: Apply new coding standard to all files Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2 years ago
Ferdinand Thiessen	3fede00732	feat(login): Clear login form (password) after IDLE timeout For security reasons it is recommended to stop the login process at a defined time, this could prevent password leaks by e.g. user forgetting that they entered their password on public devices. Enforced e.g. by the BSI ORP.4.A13 rule. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2 years ago
fenn-cs	2792d8b3f5	feat: Limit email input on auth pages to 255 chars Excessively long emails reported make server unresponsive. We could at some point, consider adding a configuration for sysadmins to bypass this setting on their instance if they want. Signed-off-by: fenn-cs <fenn25.fn@gmail.com>	2 years ago
Eduardo Morales	0de6cc7472	feat: added login's initial possible email-states Signed-off-by: Eduardo Morales <emoral435@gmail.com>	2 years ago
provokateurin	2c51933b6b	refactor(core): Switch to attribute based routing Signed-off-by: provokateurin <kate@provokateurin.de>	2 years ago
provokateurin	d95e500e45	feat(core): Expose the confirm password endpoint Signed-off-by: provokateurin <kate@provokateurin.de>	2 years ago
provokateurin	b64ab5fba8	refactor: Migrate IgnoreOpenAPI attributes to OpenAPI Signed-off-by: provokateurin <kate@provokateurin.de>	2 years ago
Gaspard d'Hautefeuille	08ff644f3c	Keep https check https://github.com/nextcloud/server/issues/41196 + keep https check Co-authored-by: Louis <louis@chmn.me> Signed-off-by: Gaspard d'Hautefeuille <github@dhautefeuille.eu>	2 years ago
Gaspard d'Hautefeuille	85911cbab2	Cancel PR #37405 , remove regression code Signed-off-by: Gaspard d'Hautefeuille <github@dhautefeuille.eu>	2 years ago
Joas Schilling	aa5f037af7	chore: apply changes from Nextcloud coding standards 1.1.1 Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2 years ago
Christoph Wurst	a5422a3998	fix: Show error message when CSRF check fails at login Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2 years ago
Marcel Müller	c2393fb712	Reset BFP for sudo action Signed-off-by: Marcel Müller <marcel-mueller@gmx.de>	2 years ago
Joas Schilling	25309bcb45	techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25 Signed-off-by: Joas Schilling <coding@schilljs.com>	2 years ago
jld3103	1be836273d	core: Add OpenAPI spec Signed-off-by: jld3103 <jld3103yt@gmail.com>	3 years ago
Faraz Samapoor	d64aa85b04	Applies agreed-upon indentation convention to the changed controllers. Based on https://github.com/nextcloud/server/pull/38636#discussion_r1218167753 Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>	3 years ago
Faraz Samapoor	73b7096850	Fixes psalm error. Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>	3 years ago
Faraz Samapoor	468aefc649	Fixes php-cs-fixer error. Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>	3 years ago
Faraz Samapoor	4bf610ebaf	Refactors controllers by using PHP8's constructor property promotion. Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>	3 years ago
Faraz Samapoor	a1ef0285f8	Refactors "strpos" calls in /core to improve code readability. Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>	3 years ago
jld3103	02f9c3a06f	Use implementations instead of interfaces for accessing private methods Signed-off-by: jld3103 <jld3103yt@gmail.com>	3 years ago
Git'Fellow	cfd7a57184	Send header to all browsers under HTTPS Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com> Don't send Clear-Site-Data to Safari Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com> Fix lint Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>	3 years ago
Simon L	6496748971	fix the login log entry Signed-off-by: Simon L <szaimen@e.mail.de>	3 years ago
Christoph Wurst	20e00cdf17	feat(app-framework): Add UseSession attribute to replace annotation Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	3 years ago
Christoph Wurst	20fcfb5739	feat(app framework)!: Inject services into controller methods Usually Nextcloud DI goes through constructor injection. This has the implication that each instance of a class builds the full DI tree. That is the injected services, their services, etc. Occasionally there is a service that is only needed for one controller method. Then the DI tree is build regardless if used or not. If services are injected into the method, we only build the DI tree if that method gets executed. This is also how Laravel allows injection. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	3 years ago
Christoph Wurst	f22101d421	Fix login loop if login CSRF fails and user is not logged in If CSRF fails but the user is logged in that they probably logged in in another tab. This is fine. We can just redirect. If CSRF fails and the user is also not logged in then something is fishy. E.g. because Nextcloud contantly regenrates the session and the CSRF token and the user is stuck in an endless login loop. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	3 years ago
Joas Schilling	9cfaf27142	Also limit the password length on reset Signed-off-by: Joas Schilling <coding@schilljs.com>	3 years ago
Christoph Wurst	138deec333	chore: Make the LoginController strict Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	3 years ago
Joas Schilling	85eb3b2920	Fix wording of undeliverable push notifications Signed-off-by: Joas Schilling <coding@schilljs.com>	3 years ago
Carl Schwan	253118298d	Redesign guest pages for better accessibility - Use white box and put content on it - Improve focus indicator Signed-off-by: Carl Schwan <carl@carlschwan.eu>	4 years ago
Christopher Ng	92500e810f	Identify the login page explicitly by the page title Signed-off-by: Christopher Ng <chrng8@gmail.com>	4 years ago
Carl Schwan	b70c6a128f	Update core to PHP 7.4 standard - Typed properties - Port to LoggerInterface Signed-off-by: Carl Schwan <carl@carlschwan.eu>	4 years ago
Vitor Mattos	d613b32045	add check isFairUseOfFreePushService on login Signed-off-by: Vitor Mattos <vitor@php.rio>	4 years ago
Daniel Rudolf	e478db9161	Deprecate RedirectToDefaultAppResponse Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>	5 years ago
Daniel Rudolf	12059eb65b	Add IUrlGenerator::linkToDefaultPageUrl() Replaces the deprecated \OC_Util::getDefaultPageUrl() and makes this API public. Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>	5 years ago
John Molakvoæ (skjnldsv)	215aef3cbd	Update php licenses Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	5 years ago
Joas Schilling	69290781ff	Handle device login like an alternative login Signed-off-by: Joas Schilling <coding@schilljs.com>	5 years ago
Roeland Jago Douma	4076dfb019	Allow admins to disable the login form In case they want to not allow this because they use SSO (and do not want the users to enter their credentials there by accident). ?direct=1 still works. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	5 years ago
dependabot-preview[bot]	eb502c02ff	Bump nextcloud/coding-standard from 0.3.0 to 0.5.0 Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 0.3.0 to 0.5.0. - [Release notes](https://github.com/nextcloud/coding-standard/releases) - [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md) - [Commits](https://github.com/nextcloud/coding-standard/compare/v0.3.0...v0.5.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	5 years ago
Julius Härtl	d7a80293ab	Keep direct login active when redirecting Signed-off-by: Julius Härtl <jus@bitgrid.net>	5 years ago
Roeland Jago Douma	f57b93098b	Do not redirect to logout after login This can happen when the session was killed due to a timeout. Then logout was triggered. Nobody wants to login only to be logged out again. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	5 years ago
Christoph Wurst	cb057829f7	Update license headers for 19 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	28f8eb5dba	Add visibility to all constants Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	caff1023ea	Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
John Molakvoæ (skjnldsv)	6c49dc2d1f	Fix absolute redirect Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	6 years ago
Roeland Jago Douma	53db05a1f6	Start with webauthn Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>	6 years ago

1 2 3 4

154 Commits (d53fde8eef13d408fcf035ea8a95e6345df9b99b)