Roeland Jago Douma
54859329ef
Do not invalidate main token on OAuth
...
Fixes #10584
We deleted the main token when using the login flow else mutliple tokens
would show up for a single user.
However in the case of OAuth this is perfectly fine as the
authentication happens really in your browser:
1. You are already logged in, no need to log you out
2. You are not logged in yet, but since you log in into the exact same
browser the expected behavior is to stay logged in.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-09-06 13:28:48 +02:00
Morris Jobke
cf3f4888cc
Change password expiration time from 12h to 7d
...
We use the same logic for creating accounts without a password and there the 12h is a bit short. Users don't expect that the signup link needs to be clicked within 12h - 7d should be a more expected behavior.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-08-31 13:31:03 +02:00
Morris Jobke
6099786c8d
Merge pull request #10670 from nextcloud/fix/login-throttle-username-length
...
Fix max length requirements for the throttler metadata
2018-08-24 16:25:35 +02:00
Bjoern Schiessle
dfec66ca02
only warn about data lose on password reset if per-user keys are used
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-08-15 15:08:34 +02:00
Christoph Wurst
42300d19e9
Fix max length requirements for the throttler metadata
...
If a failed login is logged, we save the username as metadata
in the bruteforce throttler. To prevent database error due to
very long strings, this truncates the username at 64 bytes in
the assumption that no real username is longer than that.long strings,
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-08-13 15:52:09 +02:00
Christoph Wurst
d8197f2b97
Rename providerset method to get primary providers
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-08-08 20:28:21 +02:00
Christoph Wurst
c6e47e8a51
Fix login redirection if only one 2FA provider is active
...
Fixes https://github.com/nextcloud/server/issues/10500 .
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-08-08 15:25:59 +02:00
Joas Schilling
decd196162
Make the info available if the avatar was uploaded or generated
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-08-01 10:56:22 +02:00
Morris Jobke
70fa73404f
Merge pull request #10391 from nextcloud/bugfix/10389/fix-app-navigation-controller
...
Fix app navigation controller to return an array
2018-07-25 14:11:49 +02:00
Julius Härtl
4c773891d7
Fix app navigation controller to return an array
...
This is required to not break compatibility with existing consumers of that endpoint like the apps management or the client
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-07-25 13:50:46 +02:00
Joas Schilling
12efde520d
Allow to access SVGs as guest
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-07-25 12:05:18 +02:00
Michael Weimann
c92d7429d7
Implements handling for deactivated users
...
Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
2018-07-21 13:05:13 +02:00
John Molakvoæ (skjnldsv)
37a4d2bbbc
Php code bump
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-07-19 22:46:32 +02:00
Julius Härtl
bfc6fc8e50
Fix settings icon fetching
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-07-19 08:17:00 +02:00
John Molakvoæ (skjnldsv)
61946819ba
Fixed svg generator regex && added missing icons
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-07-19 08:16:59 +02:00
John Molakvoæ (skjnldsv)
9e5885963c
Fixed icons detection and caching
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-07-19 08:16:58 +02:00
John Molakvoæ (skjnldsv)
8977c71f88
Mixin scss icon api
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-07-19 08:16:58 +02:00
John Molakvoæ (skjnldsv)
ccd70a4099
use built in response cacheFor function
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-07-19 08:16:58 +02:00
John Molakvoæ (skjnldsv)
29ff7efe9a
Svg icon api sass function and upgrade of all styles
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-07-19 08:16:57 +02:00
John Molakvoæ (skjnldsv)
98a0113d40
Svg from app
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-07-19 08:16:30 +02:00
John Molakvoæ (skjnldsv)
84e90e26c0
Svg color api
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-07-19 08:16:30 +02:00
Arthur Schiwon
ca6094f390
wire the frontend
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-07-05 20:29:00 +02:00
Arthur Schiwon
772bbd99be
Backend work to provide NC whats New info to users
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-07-05 14:33:08 +02:00
Morris Jobke
9444a3fad1
Merge pull request #9632 from nextcloud/enhancement/stateful-2fa-providers
...
Stateful 2fa providers
2018-06-25 15:49:58 +02:00
Robin Appelman
8ed50d4b63
prefill userid for login after password reset
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2018-06-21 15:18:07 +02:00
Christoph Wurst
13d93f5b25
Make 2FA providers stateful
...
This adds persistence to the Nextcloud server 2FA logic so that the server
knows which 2FA providers are enabled for a specific user at any time, even
when the provider is not available.
The `IStatefulProvider` interface was added as tagging interface for providers
that are compatible with this new API.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-06-20 08:30:26 +02:00
John Molakvoæ (skjnldsv)
543188d0cb
Removed debug stack
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-06-15 15:40:10 +02:00
John Molakvoæ (skjnldsv)
156da29cea
Avatar imagick bump
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-06-13 18:46:05 +02:00
John Molakvoæ (skjnldsv)
eea6f74ca4
Controller tests fixes
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-06-13 18:46:04 +02:00
John Molakvoæ (skjnldsv)
adf3856d35
Return Svg avatars
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-06-13 18:46:04 +02:00
Roeland Jago Douma
e5cc8be9d5
Fix usage
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-04 08:48:54 +02:00
Morris Jobke
245d20f9ac
Merge pull request #9531 from remyj38/master
...
Fix translation bug on lost password page
2018-05-22 16:31:30 +02:00
Roeland Jago Douma
5a97148863
Don't use special chars to avoid confusion
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-22 09:24:17 +02:00
Rémy Jacquin
04e1cab5ee
Fix translation bug on lost password page
...
Fix nextcloud/password_policy#26
Signed-off-by: Rémy Jacquin <remy@remyj.fr>
2018-05-20 12:51:50 +02:00
Arthur Schiwon
38a90130ce
move log constants to ILogger
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-04-26 10:45:52 +02:00
Roeland Jago Douma
a07f6d46e3
Use proper types
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-04-11 00:21:25 +02:00
Morris Jobke
fd3c97b93b
Avoid to leak a user ID that is not a string to reach a user backend
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-04-11 00:03:30 +02:00
Roeland Jago Douma
b2350810e0
Merge pull request #9115 from nextcloud/feature/noid/login_flow_wording
...
Improve login flow
2018-04-09 08:45:27 +02:00
Roeland Jago Douma
177c8972cc
Improve login flow
...
* Add page explaining you are about to grant access
* Show grant access page after login
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-04-08 13:42:36 +02:00
Roeland Jago Douma
33b93db953
Remove unused parameter
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-04-06 21:44:23 +02:00
Roeland Jago Douma
2b7d4d5069
Fix tests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-04-06 19:58:37 +02:00
Roeland Jago Douma
caee215120
Always remember me
...
Fixes #8004
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-04-06 15:44:28 +02:00
Joas Schilling
dabd7291c3
Make the new autocomplete endpoint OCS
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-03-21 09:46:52 +01:00
Roeland Jago Douma
796b4f19f8
Add Cache-control: immutable
...
Cache generated CSS forever!
Also cache combined JS forever
Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-03-19 14:21:53 +01:00
Roeland Jago Douma
7674e591bd
Move search to proper Controller
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-03-09 14:36:48 +01:00
Christoph Wurst
b9720703e8
Add CSRF token controller to retrieve the current CSRF token
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-03-08 16:48:50 +01:00
Julius Härtl
11b6cc3f68
Replace logout href to avoid new etag on every request
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-03-06 09:51:28 +01:00
Julius Härtl
723b8764d1
Add ETag to NavigationController
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-03-05 12:19:20 +01:00
Bjoern Schiessle
7d0102bf73
expose capabilities in js
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-02-27 12:29:25 +01:00
Joas Schilling
226e63695f
Merge pull request #8026 from nextcloud/feature/noid/allow-custom-html-in-html-emails
...
Allow custom HTML in HTML Emails
2018-02-26 13:38:39 +01:00