Morris Jobke
6431f009de
Merge pull request #3511 from nextcloud/backport-3362-stable11
...
[stable11] Fix cookie name (nc_token instead of oc_token)
2017-02-16 11:33:02 -06:00
Morris Jobke
48554db156
fix unit tests
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-02-16 10:29:45 -06:00
Morris Jobke
131945593e
Fix unit tests
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-02-16 13:38:54 +01:00
Lukas Reschke
c025aa88d4
Merge pull request #3436 from nextcloud/stable11-increase-version
...
Increase version to 11.0.2 RC1
2017-02-10 14:03:49 +01:00
Lukas Reschke
592af1fff1
Merge pull request #3259 from nextcloud/add-profile-data-to-provisioning-api-stable11
...
Add profile data to provisioning api stable11
2017-02-10 13:00:04 +01:00
Lukas Reschke
347008f125
Increase version to 11.0.2 RC1
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-02-10 12:55:32 +01:00
Joas Schilling
cf849e621b
Fix tests
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-02-07 17:00:10 +01:00
Bjoern Schiessle
659320dfca
unify endpoints form core and the the provisioning api
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-01-25 14:19:41 +01:00
Joas Schilling
275db05a46
Merge pull request #2953 from nextcloud/backport-2797-sudo-password-with-ldap
...
[stable11] Use login name to fix password confirm with ldap users
2017-01-23 12:09:38 +01:00
Lukas Reschke
2382bf9011
Apply DOMPurify over HTML
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-01-17 11:37:16 +01:00
Morris Jobke
45c12d26ce
Fix JSUnit tests
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-01-17 11:37:06 +01:00
Joas Schilling
964d7b2389
Fix tests
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-01-17 11:36:57 +01:00
Joas Schilling
78e685ce8f
Better fallback for unknown log types
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-01-10 13:01:00 +01:00
Joas Schilling
acf62afe2d
Add tests
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-01-10 13:00:47 +01:00
Robin Appelman
daa4f393cb
dont write a certificate bundle if the shipped ca bundle is empty
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-01-09 21:11:50 +01:00
Christoph Wurst
2625b6297b
Set redirect_url on 2FA challenge page
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-01-09 10:42:23 +01:00
Joas Schilling
a3d8442835
Remove warning
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-01-05 15:16:32 +01:00
Joas Schilling
1179471e41
Fix tests
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-01-05 15:16:24 +01:00
Lukas Reschke
5bf56f67be
Increase version to 11.0.1
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-12-29 18:36:31 +01:00
Joas Schilling
a7aa7de6c2
Add a unit test
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-12-13 13:54:18 +01:00
Lukas Reschke
32bf8ec826
Don't use cached informations for app version
...
When installing an app from the appstore the `\OC_App::getAppVersion` code is triggered twice:
- First when the downloader tries to compare the current version to the new version on the appstore to check if there is a newer version. This protects against downgrade attacks and is implemented in `\OC\Installer::downloadApp`.
- Second, when the app is actually installed the current version is written to the database. (`\OC\Installer::installApp`)
This fails however when the version is actually cached. Because in step 1 the cached version will be set to "0" and then be reused in the second step.
While this is probably not the cleanest version I assume this is an approach that is least invasive. Feedback and suggestions welcome :)
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-12-09 18:01:45 +01:00
Joas Schilling
924358ef96
Save the timezone on login again
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-12-08 10:45:24 +01:00
Morris Jobke
7aa510b2f0
Document updater channel & check for correct PHP version in updater
...
* see https://github.com/nextcloud/updater/issues/53
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-12-06 00:19:13 +01:00
Morris Jobke
aac3024878
Merge pull request #2505 from nextcloud/sudo-mode-provisioning-api
...
Require sudo mode on the provisioning API
2016-12-05 22:29:29 +01:00
Roeland Jago Douma
e368a745aa
Set last-login-check on basic auth
...
Else the last-login-check fails hard because the session value is not
set and thus defaults to 0.
* Started with tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-12-05 20:57:15 +01:00
Christoph Wurst
0478db6506
Merge pull request #2484 from nextcloud/fix-wrong-update-of-email-address
...
make sure that we only update the email address if it really changed
2016-12-05 17:14:23 +01:00
Morris Jobke
1253d1008a
Merge pull request #2411 from nextcloud/fix-encryption-home-storage
...
check if the file should really be encrypted before we update the file cache
2016-12-05 15:38:12 +01:00
Bjoern Schiessle
f25ad2e404
make sure that we only update the email address if it really changed
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-12-02 18:07:08 +01:00
Robin Appelman
1a379b0fdc
update test
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-12-02 18:04:21 +01:00
Lukas Reschke
2ca29f709b
Add tests
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-12-01 18:52:32 +01:00
Morris Jobke
01a62dee30
Language
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-11-30 15:20:04 +01:00
Morris Jobke
62ec31eb7b
Merge pull request #2152 from nextcloud/preview_cleanupjob
...
Adds background job to cleanup all previews.
2016-11-30 10:39:21 +01:00
Bjoern Schiessle
0f8fe77b3a
check if the file should really be encrypted before we update the file cache
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-29 20:34:45 +01:00
Morris Jobke
d86b29b42b
Merge pull request #2066 from nextcloud/fix-redirect-double-encoding
...
do not double encode the redirect url
2016-11-29 17:21:43 +01:00
Lukas Reschke
3950ce9223
Merge pull request #2351 from nextcloud/remember-session-default
...
do not remember session tokens by default
2016-11-28 14:05:04 +01:00
Lukas Reschke
0cc771ce19
Merge pull request #2353 from nextcloud/renew-session-token-remember
...
copy remember-me value when renewing a session token
2016-11-28 14:04:13 +01:00
Christoph Wurst
6543182d13
fix parameter order
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-11-28 10:00:53 +01:00
Christoph Wurst
ad610ae772
Merge pull request #2327 from nextcloud/exclude-pre-releases
...
Exclude pre-release versions as per SemVer
2016-11-28 09:55:24 +01:00
Christoph Wurst
2183a1f3e6
copy remember-me value when renewing a session token
...
On renew, a session token is duplicated. For some reason we did
not copy over the remember-me attribute value. Hence, the new token
was deleted too early in the background job and remember-me did
not work properly.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-11-27 14:19:57 +01:00
Christoph Wurst
9b808c4014
do not remember session tokens by default
...
We have to respect the value of the remember-me checkbox. Due to an error
in the source code the default value for the session token was to remember
it.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-11-27 14:03:28 +01:00
Morris Jobke
64fb0fb3dd
Merge pull request #2276 from nextcloud/update-email-address
...
Update email address
2016-11-25 11:40:20 +01:00
Lukas Reschke
29402e2c0a
Exclude pre-release versions as per SemVer
...
As SemVer can be used apps could define a release like "10.0.0-alpha". This is something that we don't support at the moment in the server and we should filter all prereleases.
Ref https://github.com/nextcloud/server/pull/2307#issuecomment-262911588
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-25 11:32:46 +01:00
Bjoern Schiessle
0de685c562
bring back setEmailAddress for the user management
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-25 10:26:48 +01:00
Bjoern Schiessle
3fc75073b8
update accounts table if email address or display name changes from outside
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-25 10:26:47 +01:00
Roeland Jago Douma
72f9920a58
Add Identityproof tests
...
* Add tests for Key
* Add tests for Manager
* Add tests for Signer
* Removed URLGenerator from Signer
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-24 21:50:19 +01:00
Lukas Reschke
6a4c0cf237
Loop for newest version in appstore response
...
The current implementation when fetching apps from the appstore is to assume that the first element is the newest version, this is now always applicable and leads to the fact that for some apps (e.g. nextant) the newest version is not delivered. This can be easily tested by comparing the version of the downloaded Nextant version.
This change will loop over all releases delivered by the appstore and chooses the newest compatible one. While not the cleanest solution, it does its job.
Most of the code are actually unit tests. Whereas I have copied the whole original response from the appstore and also have performed the transformation. So that's why the diff looks so huge.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-24 14:29:57 +01:00
Bjoern Schiessle
546989959c
update email address correctly
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-23 20:19:31 +01:00
Lukas Reschke
a05b8b7953
Harden cookies more appropriate
...
This adds the __Host- prefix to the same-site cookies. This is a small but yet nice security hardening.
See https://googlechrome.github.io/samples/cookie-prefixes/ for the implications.
Fixes https://github.com/nextcloud/server/issues/1412
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-23 12:53:44 +01:00
Roeland Jago Douma
df215625f1
Merge pull request #1972 from nextcloud/invalid-files-from-scanner
...
Make sure we don't scan files that can not be accessed
2016-11-22 12:55:54 +01:00
Robin Appelman
cd24010fa4
Merge pull request #2214 from nextcloud/remove-logging
...
remove old logging section
2016-11-21 17:17:02 +01:00