Commit Graph

101 Commits

Author SHA1 Message Date
Lukas Reschke 7976927628 Merge pull request #4894 from nextcloud/generic-security-activities
Change 2FA activities to more generic security activities
2017-05-19 00:50:44 +02:00
Roeland Jago Douma 19a1e01d6c
Update autoloader
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-05-18 22:11:29 +02:00
Joas Schilling c6a5a25b48
Add a migration step to save the data from the accounts table before migrating
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-05-18 10:48:54 +02:00
Joas Schilling 31bb65fa36
Check the name length of database items
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-05-16 16:16:11 +02:00
Joas Schilling 93fc7fcdbe
Check the syntax of the language file
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-05-16 16:16:07 +02:00
Lukas Reschke 9d920ef9b2
Update autoloader map
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-15 14:24:44 +02:00
Lukas Reschke 4d101ca2be Merge pull request #4514 from nextcloud/automatic-mysql-4byte-detection
Automatic mysql 4byte detection
2017-05-08 12:18:40 +02:00
Roeland Jago Douma e3b10f3e6f
Updated autoloader
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-28 23:41:38 -03:00
Joas Schilling 0aa5ddff13
Fix autoloading
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-28 09:35:36 +02:00
Morris Jobke 01705b1b6a Merge pull request #4515 from nextcloud/downstream-27643
Adjust query/event logging code in favour of more complex owncloud/di…
2017-04-26 22:58:01 -03:00
Roeland Jago Douma d0bbae7425
Update autoloader
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-26 22:25:41 +02:00
Lukas Reschke d17a901f8a
Update autoload map
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-26 20:07:54 +02:00
Lukas Reschke 47cd976035
Add app bundles
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-26 20:07:49 +02:00
Jan-Christoph Borchardt 241e397326 Merge branch 'master' into contactsmenu
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2017-04-26 00:50:38 +02:00
Christoph Wurst 5c29fb16c0 Update composer autoloader
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-04-25 20:47:18 +02:00
Christoph Wurst d091793ceb Contacts menu
* load list of contacts from the server
* show last message of each contact

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-04-25 20:47:17 +02:00
Lukas Reschke 6a16df7288
Add new auth flow
This implements the basics for the new app-password based authentication flow for our clients.
The current implementation tries to keep it as simple as possible and works the following way:

1. Unauthenticated client opens `/index.php/login/flow`
2. User will be asked whether they want to grant access to the client
3. If accepted the user has the chance to do so using existing App Token or automatically generate an app password.

If the user chooses to use an existing app token then that one will simply be redirected to the `nc://` protocol handler.
While we can improve on that in the future, I think keeping this smaller at the moment has its advantages. Also, in the
near future we have to think about an automatic migration endpoint so there's that anyways :-)

If the user chooses to use the regular login the following happens:

1. A session state token is written to the session
2. User is redirected to the login page
3. If successfully authenticated they will be redirected to a page redirecting to the POST controller
4. The POST controller will check if the CSRF token as well as the state token is correct, if yes the user will be redirected to the `nc://` protocol handler.

This approach is quite simple but also allows to be extended in the future. One could for example allow external websites to consume this authentication endpoint as well.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-25 20:18:49 +02:00
Joas Schilling 9871e4eaee
Kill dead code
> No tests found in class "Test\Share\MailNotificationsTest".

Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-20 12:43:19 +02:00
Morris Jobke 10290eb006 Merge pull request #2834 from nextcloud/accesListToShareManager
Access list to share manager
2017-04-15 13:06:24 -05:00
Roeland Jago Douma f40b9fa9bd Merge pull request #4330 from nextcloud/activities-for-password-mail-change
Add activities when email or password is changed
2017-04-14 08:16:43 +02:00
Morris Jobke 8e8b345fbd
Fix autoloader
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-13 16:28:07 -05:00
Lukas Reschke 8149945a91
Make BruteForceProtection annotation more clever
This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware.

Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 23:05:33 +02:00
Roeland Jago Douma 6a519abde8
Update autoloader
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 14:56:05 +02:00
Roeland Jago Douma 2cbac3357b
Offload acceslist creation to providers
* This allows for effective queries.
* Introduce currentAccess parameter to speciy if the users needs to have
currently acces (deleted incomming group share). (For notifications)

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 12:58:50 +02:00
Lukas Reschke 54930ac926
Update static autoloadermap
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 12:00:17 +02:00
Björn Schießle b90e91144b Merge pull request #3614 from nextcloud/discover-federatedsharing-endpoints
Discover federatedsharing endpoints
2017-04-12 16:01:07 +02:00
Lukas Reschke 3600dd4f52
Add IEMailTemplate to public OCP API
Also adds `\OCP\Mail\IMailer::createEMailTemplate` as helper so the functionality can easily be used within apps.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-11 16:35:46 +02:00
Roeland Jago Douma 42f40659f6
Update autoloader
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-11 15:04:15 +02:00
Lukas Reschke 8daf3d4a70
Update autoloader
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-07 12:03:47 -05:00
Robin Appelman 07449a4885
update autoloader
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-03-30 11:14:56 +02:00
Roeland Jago Douma be6acbeb52
Update autoloader
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-24 16:11:54 +01:00
Morris Jobke f4ead7c7d3
Fix autoloader
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-22 12:08:41 -06:00
Joas Schilling 348d97dfd6 Merge pull request #3844 from nextcloud/unshare_event
Unshare event
2017-03-21 16:57:09 +01:00
Lukas Reschke 81c1522ad0
Update autoloader
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-20 10:20:13 +01:00
Roeland Jago Douma 57fc7f60d3
Update autoloader
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-17 08:51:03 +01:00
Roeland Jago Douma d6ce7ac465
Bump autoloader
Composer was updated so lets update the autoloader

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-09 14:21:38 +01:00
Robin Appelman 2a8e922d67 Merge pull request #3360 from nextcloud/dav-search
Implement webdav SEARCH
2017-03-08 13:09:19 +01:00
Morris Jobke 1bcd396679
Change language code for languages with only one translation
* then the language is not that specific and get also matched for fi
* fallback from fi_FI to fi is supported - the other way around not
* contains repair script
* contains tests for repair script
* fixes #869

Order results to make postgres happy

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-01 22:35:28 -06:00
Robin Appelman d8c89688f4
autoloader
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-03-01 14:06:40 +01:00
Joas Schilling b26568133f Merge pull request #3605 from nextcloud/single-user
Clean up single user mode
2017-02-24 08:52:26 +01:00
Morris Jobke 9533f4e5ed
Clean up single user mode
Single user mode basically disables WebDAV, OCS and cron execution. Since
we heavily rely on WebDAV and OCS also in the web UI it's basically useless.
An admin only sees a broken interface and can't even change any settings nor
sees any files. Also sharing is not possible.

As this is at least the case since Nextcloud 9 and we haven't received any
reports for this it seems that this feature is not used at all so I removed it.

The encryption commands now rely on the well tested maintenance mode.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-02-22 23:02:31 -06:00
Morris Jobke 2bbf3b18d9
cleanup old and not needed repair steps to speed up the update
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-02-22 22:35:18 -06:00
Morris Jobke c2d3e12e23
Remove unneeded UpdateCertificateStore.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-02-22 21:26:59 -06:00
Robin Appelman fa49c4a13b
Add a single public api for resolving a cloud id to a user and remote and back
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-02-08 15:17:02 +01:00
Morris Jobke 5bad417e57 Merge pull request #2044 from nextcloud/login-credential-store
Login credential store
2017-01-30 19:30:04 -06:00
Robin Appelman 90c011379c
update autoloader
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-01-27 10:51:00 +01:00
Robin Appelman c76fe2b4f5
remote now unneeded AvatarPermissions repair step
Avatars are now stored in appdata

Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-01-26 19:24:55 +01:00
Morris Jobke 4253a9bde3
update autoloader static class files
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-01-19 16:12:09 -06:00
Christoph Wurst a6dca9e7a0
add login credential store
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-01-11 19:20:09 +01:00
Roeland Jago Douma c7f0063a70
Update autoloader
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-01-11 11:02:11 +01:00