Commit Graph

151 Commits

Author SHA1 Message Date
Lukas Reschke 6a16df7288
Add new auth flow
This implements the basics for the new app-password based authentication flow for our clients.
The current implementation tries to keep it as simple as possible and works the following way:

1. Unauthenticated client opens `/index.php/login/flow`
2. User will be asked whether they want to grant access to the client
3. If accepted the user has the chance to do so using existing App Token or automatically generate an app password.

If the user chooses to use an existing app token then that one will simply be redirected to the `nc://` protocol handler.
While we can improve on that in the future, I think keeping this smaller at the moment has its advantages. Also, in the
near future we have to think about an automatic migration endpoint so there's that anyways :-)

If the user chooses to use the regular login the following happens:

1. A session state token is written to the session
2. User is redirected to the login page
3. If successfully authenticated they will be redirected to a page redirecting to the POST controller
4. The POST controller will check if the CSRF token as well as the state token is correct, if yes the user will be redirected to the `nc://` protocol handler.

This approach is quite simple but also allows to be extended in the future. One could for example allow external websites to consume this authentication endpoint as well.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-25 20:18:49 +02:00
Robin Appelman dc5ba95469 Merge pull request #4027 from nextcloud/better-spreed-call-urls
Better spreed call urls
2017-03-27 16:21:24 +02:00
Joas Schilling 4174d75f86
Throw a nice HintException when the apps are missing
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-24 15:02:49 +01:00
Joas Schilling bc11c7ba97
Allow to use short URLs for calls
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-24 11:52:42 +01:00
Roeland Jago Douma 8e89ad21a2
[PoC] JS Combiner
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-24 10:58:10 +01:00
Bjoern Schiessle 5086335643
unify endpoints form core and the the provisioning api
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-01-25 11:20:35 +01:00
John Molakvoæ (skjnldsv) 6380d503af
Css cache folder name fix, route fix and various fixes
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2017-01-06 09:42:13 +01:00
John Molakvoæ (skjnldsv) 1caaa7f4cd
Appdata integration 2
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2017-01-06 09:42:13 +01:00
Lukas Reschke 6f4cb12be2
Add identity proof
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-21 11:30:00 +01:00
Joas Schilling d75e35b75e
Introduce the UI for password confirmation
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-18 11:57:16 +01:00
Roeland Jago Douma 1baa2b8deb
Move OC\OCS\Person to OCSController
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-16 19:21:00 +01:00
Roeland Jago Douma 02525fd98b
Move preview endpoint to controller
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-03 14:00:33 +01:00
Roeland Jago Douma 743132650a
Move to AppData
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-03 14:00:32 +01:00
Roeland Jago Douma 958c1289b1
New preview generator
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-03 14:00:32 +01:00
Roeland Jago Douma d5589a15d5
Move oc.js to a proper class
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-25 22:03:02 +02:00
Joas Schilling 0b1fb180a5
Make AppConfig part of the public API
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-21 09:09:23 +02:00
Joas Schilling a1e4b17ff4
Remove unused endpoint
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-09-30 10:21:08 +02:00
Roeland Jago Douma 68ea287ed7
Remove the core tag routes since they are broken
Private internal stuff that nobody *should* be using anyways.
But on top of that already broken for a long time. So nobody could be
using it even.
2016-08-26 15:00:18 +02:00
Lukas Reschke e0ae67545e Merge pull request #956 from nextcloud/fix_952
When using permalinks don't error out if file id can't be found
2016-08-23 00:58:25 +02:00
Morris Jobke 3ccd69707e Merge pull request #865 from nextcloud/ocs_config
Move OCS route /config to proper controller
2016-08-19 09:39:05 +02:00
Roeland Jago Douma 54f79a28f6
When using permalinks don't error out if file id can't be found
Fixes #952

* Use only the index route (since it went to showFile anyways)
* Fix tests
* Use getUserFolder to force init of users mounts
2016-08-19 08:15:30 +02:00
Roeland Jago Douma 532c0dd8ce
Kill ajax/share.php
Using this file will insert invalid shares.
OCS has to be used exclusively!
2016-08-18 20:56:02 +02:00
Roeland Jago Douma 6bc1c6590c
Move /config over to Core OCSController 2016-08-18 09:37:09 +02:00
Roeland Jago Douma 69da896785
Move /cloud/user to Core app 2016-08-09 20:56:31 +02:00
Roeland Jago Douma 02449c8336
Move getCapabilities over to Core 2016-08-09 20:56:31 +02:00
Joas Schilling ba87db3fcc
Fix others 2016-07-21 18:13:57 +02:00
Morris Jobke 2791b8f00d Revert "occ web executor (#24957)"
This reverts commit 854352d9a0.
2016-07-07 12:14:45 +02:00
VicDeo 854352d9a0 occ web executor (#24957)
* Initial web executor

* Fix PHPDoc

Fix broken integration test

OccControllerTests do not require database access - moch them all!

Kill unused sprintf
2016-06-22 13:12:36 +02:00
Lukas Reschke aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Christoph Wurst dfb4d426c2
Add two factor auth to core 2016-05-23 11:21:10 +02:00
Christoph Wurst 53636c73d6
Add controller to generate client tokens 2016-05-11 13:36:46 +02:00
Christoph Wurst d8cde414bd
token based auth
* Add InvalidTokenException
* add DefaultTokenMapper and use it to check if a auth token exists
* create new token for the browser session if none exists
hash stored token; save user agent
* encrypt login password when creating the token
2016-05-11 13:36:46 +02:00
Vincent Petry 093e9dd422
Add route to resolve fileid to files app URL
The following routes will redirect to the files app and display the
matching folder. If the fileid is a file, it will scroll to it.
- http://localhost/owncloud/index.php/f/$fileid
- http://localhost/owncloud/index.php/files/?dir=somedir&fileid=$fileid
2016-05-06 16:46:59 +02:00
Lukas Reschke 8222ad5157
Move logout to controller
Testable code. Yay.
2016-04-18 21:21:52 +02:00
Lukas Reschke 331e4efacb
Move login form into controller
First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is.
2016-04-15 17:36:23 +02:00
Thomas Müller 682821c71e Happy new year! 2016-01-12 15:02:18 +01:00
Lukas Reschke 8f09d5b67c Update license headers 2015-10-26 14:04:01 +01:00
Morris Jobke f63915d0c8 update license headers and authors 2015-06-25 14:13:49 +02:00
Lukas Reschke 1b84a1cd48 Fix routes
Fixes public sharing as reported on https://github.com/owncloud/core/issues/15913
2015-04-28 14:41:14 +02:00
Jenkins for ownCloud b585d87d9d Update license headers 2015-03-26 11:44:36 +01:00
Roeland Jago Douma 1a0f9c375b Avatar controller moved to AppFrameWork
* Original avatarcontroller migrated to the appframework
* Added DataDisplayResponse that show data inline in the browser (used
  to retrun the image)
* Removed some unneeded code
* Added unit tests for the avatarcontroller
2015-03-11 16:37:42 +01:00
Morris Jobke 06aef4e8b1 Revert "Updating license headers"
This reverts commit 6a1a4880f0.
2015-02-26 11:37:37 +01:00
Jenkins for ownCloud 6a1a4880f0 Updating license headers 2015-02-23 12:13:59 +01:00
Morris Jobke dc17019536 adjust paths for search 2015-01-14 15:15:39 +01:00
Lukas Reschke 988c85d292 Refactor file sharing public link handling
fixes download issue introduced by #10755

Conflicts:
	apps/files_sharing/public.php
2014-11-14 16:26:59 +01:00
Thomas Müller a589d61b78 in case a translation javascript is not found we no longer bail out
remove translation.php
2014-10-29 10:09:12 +01:00
Thomas Müller 21412559df remove post setup check 2014-09-22 19:43:55 +02:00
kondou 2a4c51389c Use a route instead of s.php and convert tokens asap 2014-09-04 15:23:55 +02:00
Lukas Reschke f33312f767 Use AppFramework instead of custom controller 2014-08-25 11:50:19 +02:00
Jörn Friedrich Dreyer 91ba1b345e add lookup route for displaynames 2014-08-25 11:50:19 +02:00
Lukas Reschke ab12bd292d Add update route to core 2014-08-19 15:40:08 +02:00
Lukas Reschke 29ae7f55ef Remove loadAppScriptFile from the default routes 2014-08-19 15:37:00 +02:00
Morris Jobke ed8b7fc101 complete renaming uid to userId 2014-06-13 16:18:21 +02:00
Victor Dubiniuk 4b359ad20c Change routes. Update templates 2014-06-13 15:34:52 +02:00
Victor Dubiniuk 218d0add36 Changes according to review 2014-06-13 15:34:52 +02:00
Victor Dubiniuk a7fbd91e53 Use appframework 2014-06-13 15:34:52 +02:00
Victor Dubiniuk 23ed038a27 Basics 2014-06-13 15:34:51 +02:00
Thomas Müller 20893cc3b3 Images on public sharing get downscaled to increase use experience - this will speed up loading time
- adding keep aspect to core/ajax/preview.php
- remove duplicate method Preview::show()
- no more hard coded mimetype of preview
- remove .png from the preview urls
- keep old route preview.png for backwards compatibility
- aspect preserving previews are now cached
2014-05-02 17:02:57 +02:00
Thomas Müller 4900ad9119 update type hint in PHPDoc 2014-03-25 22:59:42 +01:00
Thomas Müller 1291303c5a Replace OC.Router.generate() with OC.generateUrl() 2014-03-02 22:30:24 +01:00
Thomas Müller bf22ed7bdb kill old minimizer code 2014-02-20 13:10:56 +01:00
Thomas Müller 988710b0fc avoid conflict with physical file config.js 2013-12-31 14:34:28 +01:00
Thomas Tanghus 6d3bbc5eeb Fix typo 2013-10-04 19:55:03 +02:00
Thomas Tanghus 12bb197028 JS version of the OCP\ITags interface 2013-10-04 17:21:52 +02:00
kondou c9c5e1b97f Merge branch 'master' into oc_avatars 2013-09-12 07:41:44 +02:00
kondou 8fd76e39cf Use proper controller naming 2013-09-04 22:22:56 +02:00
kondou a1e7614d73 Clean up oc_avatars 2013-09-04 12:56:14 +02:00
Bart Visscher 5539b9e843 Use the namespaced variation of the classname. 2013-09-02 21:25:32 +02:00
kondou aa88eea9cf Sanitize displayname, respect data @ $element, fix routename, clean after cropping, updateAvatar with displayname 2013-08-31 18:27:28 +02:00
kondou 5d653753bd Merge branch 'master' into oc_avatars 2013-08-31 12:56:36 +02:00
kondou c533b80682 Use OC_Cache and finish cropper functionality 2013-08-29 16:56:32 +02:00
kondou 8d8a57de7f Continue work on cropper 2013-08-28 16:39:00 +02:00
kondou 1b45683168 Translate "Permission denied" & use class-autoloader 2013-08-27 12:50:21 +02:00
kondou 31736a1df3 Have a controller instead ofo avatar.php and fix some cropper-design 2013-08-26 16:46:55 +02:00
kondou 4521b54c67 Have /avatar.php as a central avatar-point 2013-08-25 21:04:49 +02:00
kondou fac671b14e Modularize get(), async getAvatar, avatars @ usermgmt
And other small improvements
2013-08-25 21:04:04 +02:00
Georg Ehrke d9e8ebabdc outsource sharing and deleted files previews to apps 2013-08-19 13:24:07 +02:00
Georg Ehrke f2702ff1ca Merge master into oc_preview 2013-08-19 11:24:17 +02:00
kondou 9e8a6b704d Add _many_ newlines at the end of files 2013-08-18 11:06:59 +02:00
Georg Ehrke ac6a3133ec style fixes 2013-07-30 12:33:54 +02:00
Georg Ehrke e01bc7de98 Revert "OC\Preview - outsource static methods"
This reverts commit 14a35267c1.
2013-07-29 14:51:06 +02:00
Georg Ehrke 14a35267c1 OC\Preview - outsource static methods 2013-07-11 20:35:55 +02:00
Georg Ehrke 04292ff16c implement use of preview icons in thrashbin app 2013-07-08 10:53:53 +02:00
Georg Ehrke fa6b96090a move to OC namespace 2013-05-29 12:46:54 +02:00
Georg Ehrke 00985068ca add previews for public files 2013-05-22 15:13:02 +02:00
Georg Ehrke f02aca3f6e add route for previews 2013-04-25 11:42:40 +02:00
Bernhard Posselt 4e55348054 implemented a heartbeat request which is calls the server every 15 minutes to prevent a session timeout 2013-02-26 19:34:46 +01:00
Bart Visscher 3582f7bd09 Execute the post setup check after finishing the setup 2013-02-06 17:56:45 +01:00
Lukas Reschke 68025ac43c Add a route to the JS config 2013-01-20 23:46:46 +01:00
Thomas Tanghus 1147dc9774 Merge branch 'master' of github.com:owncloud/core into vcategories_db
Conflicts:
	lib/vcategories.php
2012-11-05 12:06:59 +01:00
Thomas Tanghus 290d0714df Add routes for vcategory favorites. 2012-11-01 03:05:48 +01:00
Lukas Reschke 7a7f12a0c1 Create only one CSRF token per session
Before, the CSRF token expired every hour. We had a script in place
which should refresh the token but this don't worked in every case.
(Laptop sleeping etc.)

With this commit, the token will only get once created for every
session so that the "Token expired" warning shouldn't appear.
2012-10-31 18:37:59 +01:00
Bart Visscher a9ff5635d8 Move loading setting routing to OC_Router 2012-10-29 15:04:56 +01:00
Bart Visscher ed7accd237 Change search to use routing 2012-10-29 15:04:55 +01:00
Bart Visscher fecfeac55d Fix introduced style errors 2012-10-27 17:45:15 +02:00
Bart Visscher 0a614429af Change the lostpassword flow to a controller 2012-10-17 17:24:49 +02:00
Bart Visscher f3a211c03c Implement routing on javascript side 2012-10-05 09:42:36 +02:00
Bart Visscher de1bfe9d6b Make the core ajax calls use the router 2012-10-02 21:58:42 +02:00
Bart Visscher bb136b9adf Make the settings ajax calls use the router 2012-10-02 18:00:23 +02:00
Bart Visscher d0bd2bbf27 Convert menu entries of settings pages to use router 2012-09-28 23:20:17 +02:00