Lukas Reschke
6a16df7288
Add new auth flow
...
This implements the basics for the new app-password based authentication flow for our clients.
The current implementation tries to keep it as simple as possible and works the following way:
1. Unauthenticated client opens `/index.php/login/flow`
2. User will be asked whether they want to grant access to the client
3. If accepted the user has the chance to do so using existing App Token or automatically generate an app password.
If the user chooses to use an existing app token then that one will simply be redirected to the `nc://` protocol handler.
While we can improve on that in the future, I think keeping this smaller at the moment has its advantages. Also, in the
near future we have to think about an automatic migration endpoint so there's that anyways :-)
If the user chooses to use the regular login the following happens:
1. A session state token is written to the session
2. User is redirected to the login page
3. If successfully authenticated they will be redirected to a page redirecting to the POST controller
4. The POST controller will check if the CSRF token as well as the state token is correct, if yes the user will be redirected to the `nc://` protocol handler.
This approach is quite simple but also allows to be extended in the future. One could for example allow external websites to consume this authentication endpoint as well.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-25 20:18:49 +02:00
Robin Appelman
dc5ba95469
Merge pull request #4027 from nextcloud/better-spreed-call-urls
...
Better spreed call urls
2017-03-27 16:21:24 +02:00
Joas Schilling
4174d75f86
Throw a nice HintException when the apps are missing
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-24 15:02:49 +01:00
Joas Schilling
bc11c7ba97
Allow to use short URLs for calls
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-24 11:52:42 +01:00
Roeland Jago Douma
8e89ad21a2
[PoC] JS Combiner
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-24 10:58:10 +01:00
Bjoern Schiessle
5086335643
unify endpoints form core and the the provisioning api
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-01-25 11:20:35 +01:00
John Molakvoæ (skjnldsv)
6380d503af
Css cache folder name fix, route fix and various fixes
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2017-01-06 09:42:13 +01:00
John Molakvoæ (skjnldsv)
1caaa7f4cd
Appdata integration 2
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2017-01-06 09:42:13 +01:00
Lukas Reschke
6f4cb12be2
Add identity proof
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-21 11:30:00 +01:00
Joas Schilling
d75e35b75e
Introduce the UI for password confirmation
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-18 11:57:16 +01:00
Roeland Jago Douma
1baa2b8deb
Move OC\OCS\Person to OCSController
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-16 19:21:00 +01:00
Roeland Jago Douma
02525fd98b
Move preview endpoint to controller
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-03 14:00:33 +01:00
Roeland Jago Douma
743132650a
Move to AppData
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-03 14:00:32 +01:00
Roeland Jago Douma
958c1289b1
New preview generator
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-03 14:00:32 +01:00
Roeland Jago Douma
d5589a15d5
Move oc.js to a proper class
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-25 22:03:02 +02:00
Joas Schilling
0b1fb180a5
Make AppConfig part of the public API
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-21 09:09:23 +02:00
Joas Schilling
a1e4b17ff4
Remove unused endpoint
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-09-30 10:21:08 +02:00
Roeland Jago Douma
68ea287ed7
Remove the core tag routes since they are broken
...
Private internal stuff that nobody *should* be using anyways.
But on top of that already broken for a long time. So nobody could be
using it even.
2016-08-26 15:00:18 +02:00
Lukas Reschke
e0ae67545e
Merge pull request #956 from nextcloud/fix_952
...
When using permalinks don't error out if file id can't be found
2016-08-23 00:58:25 +02:00
Morris Jobke
3ccd69707e
Merge pull request #865 from nextcloud/ocs_config
...
Move OCS route /config to proper controller
2016-08-19 09:39:05 +02:00
Roeland Jago Douma
54f79a28f6
When using permalinks don't error out if file id can't be found
...
Fixes #952
* Use only the index route (since it went to showFile anyways)
* Fix tests
* Use getUserFolder to force init of users mounts
2016-08-19 08:15:30 +02:00
Roeland Jago Douma
532c0dd8ce
Kill ajax/share.php
...
Using this file will insert invalid shares.
OCS has to be used exclusively!
2016-08-18 20:56:02 +02:00
Roeland Jago Douma
6bc1c6590c
Move /config over to Core OCSController
2016-08-18 09:37:09 +02:00
Roeland Jago Douma
69da896785
Move /cloud/user to Core app
2016-08-09 20:56:31 +02:00
Roeland Jago Douma
02449c8336
Move getCapabilities over to Core
2016-08-09 20:56:31 +02:00
Joas Schilling
ba87db3fcc
Fix others
2016-07-21 18:13:57 +02:00
Morris Jobke
2791b8f00d
Revert "occ web executor ( #24957 )"
...
This reverts commit 854352d9a0
.
2016-07-07 12:14:45 +02:00
VicDeo
854352d9a0
occ web executor ( #24957 )
...
* Initial web executor
* Fix PHPDoc
Fix broken integration test
OccControllerTests do not require database access - moch them all!
Kill unused sprintf
2016-06-22 13:12:36 +02:00
Lukas Reschke
aba539703c
Update license headers
2016-05-26 19:57:24 +02:00
Christoph Wurst
dfb4d426c2
Add two factor auth to core
2016-05-23 11:21:10 +02:00
Christoph Wurst
53636c73d6
Add controller to generate client tokens
2016-05-11 13:36:46 +02:00
Christoph Wurst
d8cde414bd
token based auth
...
* Add InvalidTokenException
* add DefaultTokenMapper and use it to check if a auth token exists
* create new token for the browser session if none exists
hash stored token; save user agent
* encrypt login password when creating the token
2016-05-11 13:36:46 +02:00
Vincent Petry
093e9dd422
Add route to resolve fileid to files app URL
...
The following routes will redirect to the files app and display the
matching folder. If the fileid is a file, it will scroll to it.
- http://localhost/owncloud/index.php/f/$fileid
- http://localhost/owncloud/index.php/files/?dir=somedir&fileid=$fileid
2016-05-06 16:46:59 +02:00
Lukas Reschke
8222ad5157
Move logout to controller
...
Testable code. Yay.
2016-04-18 21:21:52 +02:00
Lukas Reschke
331e4efacb
Move login form into controller
...
First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is.
2016-04-15 17:36:23 +02:00
Thomas Müller
682821c71e
Happy new year!
2016-01-12 15:02:18 +01:00
Lukas Reschke
8f09d5b67c
Update license headers
2015-10-26 14:04:01 +01:00
Morris Jobke
f63915d0c8
update license headers and authors
2015-06-25 14:13:49 +02:00
Lukas Reschke
1b84a1cd48
Fix routes
...
Fixes public sharing as reported on https://github.com/owncloud/core/issues/15913
2015-04-28 14:41:14 +02:00
Jenkins for ownCloud
b585d87d9d
Update license headers
2015-03-26 11:44:36 +01:00
Roeland Jago Douma
1a0f9c375b
Avatar controller moved to AppFrameWork
...
* Original avatarcontroller migrated to the appframework
* Added DataDisplayResponse that show data inline in the browser (used
to retrun the image)
* Removed some unneeded code
* Added unit tests for the avatarcontroller
2015-03-11 16:37:42 +01:00
Morris Jobke
06aef4e8b1
Revert "Updating license headers"
...
This reverts commit 6a1a4880f0
.
2015-02-26 11:37:37 +01:00
Jenkins for ownCloud
6a1a4880f0
Updating license headers
2015-02-23 12:13:59 +01:00
Morris Jobke
dc17019536
adjust paths for search
2015-01-14 15:15:39 +01:00
Lukas Reschke
988c85d292
Refactor file sharing public link handling
...
fixes download issue introduced by #10755
Conflicts:
apps/files_sharing/public.php
2014-11-14 16:26:59 +01:00
Thomas Müller
a589d61b78
in case a translation javascript is not found we no longer bail out
...
remove translation.php
2014-10-29 10:09:12 +01:00
Thomas Müller
21412559df
remove post setup check
2014-09-22 19:43:55 +02:00
kondou
2a4c51389c
Use a route instead of s.php and convert tokens asap
2014-09-04 15:23:55 +02:00
Lukas Reschke
f33312f767
Use AppFramework instead of custom controller
2014-08-25 11:50:19 +02:00
Jörn Friedrich Dreyer
91ba1b345e
add lookup route for displaynames
2014-08-25 11:50:19 +02:00
Lukas Reschke
ab12bd292d
Add update route to core
2014-08-19 15:40:08 +02:00
Lukas Reschke
29ae7f55ef
Remove loadAppScriptFile from the default routes
2014-08-19 15:37:00 +02:00
Morris Jobke
ed8b7fc101
complete renaming uid to userId
2014-06-13 16:18:21 +02:00
Victor Dubiniuk
4b359ad20c
Change routes. Update templates
2014-06-13 15:34:52 +02:00
Victor Dubiniuk
218d0add36
Changes according to review
2014-06-13 15:34:52 +02:00
Victor Dubiniuk
a7fbd91e53
Use appframework
2014-06-13 15:34:52 +02:00
Victor Dubiniuk
23ed038a27
Basics
2014-06-13 15:34:51 +02:00
Thomas Müller
20893cc3b3
Images on public sharing get downscaled to increase use experience - this will speed up loading time
...
- adding keep aspect to core/ajax/preview.php
- remove duplicate method Preview::show()
- no more hard coded mimetype of preview
- remove .png from the preview urls
- keep old route preview.png for backwards compatibility
- aspect preserving previews are now cached
2014-05-02 17:02:57 +02:00
Thomas Müller
4900ad9119
update type hint in PHPDoc
2014-03-25 22:59:42 +01:00
Thomas Müller
1291303c5a
Replace OC.Router.generate() with OC.generateUrl()
2014-03-02 22:30:24 +01:00
Thomas Müller
bf22ed7bdb
kill old minimizer code
2014-02-20 13:10:56 +01:00
Thomas Müller
988710b0fc
avoid conflict with physical file config.js
2013-12-31 14:34:28 +01:00
Thomas Tanghus
6d3bbc5eeb
Fix typo
2013-10-04 19:55:03 +02:00
Thomas Tanghus
12bb197028
JS version of the OCP\ITags interface
2013-10-04 17:21:52 +02:00
kondou
c9c5e1b97f
Merge branch 'master' into oc_avatars
2013-09-12 07:41:44 +02:00
kondou
8fd76e39cf
Use proper controller naming
2013-09-04 22:22:56 +02:00
kondou
a1e7614d73
Clean up oc_avatars
2013-09-04 12:56:14 +02:00
Bart Visscher
5539b9e843
Use the namespaced variation of the classname.
2013-09-02 21:25:32 +02:00
kondou
aa88eea9cf
Sanitize displayname, respect data @ $element, fix routename, clean after cropping, updateAvatar with displayname
2013-08-31 18:27:28 +02:00
kondou
5d653753bd
Merge branch 'master' into oc_avatars
2013-08-31 12:56:36 +02:00
kondou
c533b80682
Use OC_Cache and finish cropper functionality
2013-08-29 16:56:32 +02:00
kondou
8d8a57de7f
Continue work on cropper
2013-08-28 16:39:00 +02:00
kondou
1b45683168
Translate "Permission denied" & use class-autoloader
2013-08-27 12:50:21 +02:00
kondou
31736a1df3
Have a controller instead ofo avatar.php and fix some cropper-design
2013-08-26 16:46:55 +02:00
kondou
4521b54c67
Have /avatar.php as a central avatar-point
2013-08-25 21:04:49 +02:00
kondou
fac671b14e
Modularize get(), async getAvatar, avatars @ usermgmt
...
And other small improvements
2013-08-25 21:04:04 +02:00
Georg Ehrke
d9e8ebabdc
outsource sharing and deleted files previews to apps
2013-08-19 13:24:07 +02:00
Georg Ehrke
f2702ff1ca
Merge master into oc_preview
2013-08-19 11:24:17 +02:00
kondou
9e8a6b704d
Add _many_ newlines at the end of files
2013-08-18 11:06:59 +02:00
Georg Ehrke
ac6a3133ec
style fixes
2013-07-30 12:33:54 +02:00
Georg Ehrke
e01bc7de98
Revert "OC\Preview - outsource static methods"
...
This reverts commit 14a35267c1
.
2013-07-29 14:51:06 +02:00
Georg Ehrke
14a35267c1
OC\Preview - outsource static methods
2013-07-11 20:35:55 +02:00
Georg Ehrke
04292ff16c
implement use of preview icons in thrashbin app
2013-07-08 10:53:53 +02:00
Georg Ehrke
fa6b96090a
move to OC namespace
2013-05-29 12:46:54 +02:00
Georg Ehrke
00985068ca
add previews for public files
2013-05-22 15:13:02 +02:00
Georg Ehrke
f02aca3f6e
add route for previews
2013-04-25 11:42:40 +02:00
Bernhard Posselt
4e55348054
implemented a heartbeat request which is calls the server every 15 minutes to prevent a session timeout
2013-02-26 19:34:46 +01:00
Bart Visscher
3582f7bd09
Execute the post setup check after finishing the setup
2013-02-06 17:56:45 +01:00
Lukas Reschke
68025ac43c
Add a route to the JS config
2013-01-20 23:46:46 +01:00
Thomas Tanghus
1147dc9774
Merge branch 'master' of github.com:owncloud/core into vcategories_db
...
Conflicts:
lib/vcategories.php
2012-11-05 12:06:59 +01:00
Thomas Tanghus
290d0714df
Add routes for vcategory favorites.
2012-11-01 03:05:48 +01:00
Lukas Reschke
7a7f12a0c1
Create only one CSRF token per session
...
Before, the CSRF token expired every hour. We had a script in place
which should refresh the token but this don't worked in every case.
(Laptop sleeping etc.)
With this commit, the token will only get once created for every
session so that the "Token expired" warning shouldn't appear.
2012-10-31 18:37:59 +01:00
Bart Visscher
a9ff5635d8
Move loading setting routing to OC_Router
2012-10-29 15:04:56 +01:00
Bart Visscher
ed7accd237
Change search to use routing
2012-10-29 15:04:55 +01:00
Bart Visscher
fecfeac55d
Fix introduced style errors
2012-10-27 17:45:15 +02:00
Bart Visscher
0a614429af
Change the lostpassword flow to a controller
2012-10-17 17:24:49 +02:00
Bart Visscher
f3a211c03c
Implement routing on javascript side
2012-10-05 09:42:36 +02:00
Bart Visscher
de1bfe9d6b
Make the core ajax calls use the router
2012-10-02 21:58:42 +02:00
Bart Visscher
bb136b9adf
Make the settings ajax calls use the router
2012-10-02 18:00:23 +02:00
Bart Visscher
d0bd2bbf27
Convert menu entries of settings pages to use router
2012-09-28 23:20:17 +02:00