Commit Graph

812 Commits

Author SHA1 Message Date
Michael Letzgus 0d320fba4b Streamline templates, more DRY
Use Unified function to emit <link> tags for css loading, obey "Don't Repeat Yourself" ;-)

(Next step might by to combine this with the emit <script> function (even more DRY?) AND move all this to a better place?)

Signed-off-by: Michael Letzgus <michaelletzgus@users.noreply.github.com>
2017-05-25 11:13:43 +02:00
Morris Jobke 0dae4946cf Merge pull request #4854 from michaelletzgus/deferred-script-loading-v2
Make page loading faster, deferred script loading, now switchable:
2017-05-20 16:53:30 -05:00
Michael Letzgus fb9f13d4c1 Make page loading faster by deferred script loading:
* Create generalized function for emmitting <script defer src=""> tags to templates
* Remove type attribute from inline_js
* Add defer attribute to external <script> tags

Signed-off-by: Michael Letzgus <michaelletzgus@users.noreply.github.com>
2017-05-20 13:44:04 +02:00
Bjoern Schiessle 3775b14c4c
remove 'Alternative login using app token' in case of oauth login
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-05-18 20:49:05 +02:00
Lukas Reschke 5f71805c35
Add basic implementation for OAuth 2.0 Authorization Code Flow
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 20:49:03 +02:00
Morris Jobke 3fa604cc5e Allow to enforce update via web UI
* adds a disclaimer that an update via web UI is on own risk
* allows to skip the warning
* fixes #4353

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-05-11 10:22:44 -05:00
Morris Jobke abe4a19cbc Properly decide on actual users if instance is too big
* state the reason why NC thinks it is a big instance

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-05-10 22:32:42 -05:00
Lukas Reschke 26f7a3b462
Check if Nextcloud is installed
Fixes https://github.com/nextcloud/server/issues/4735

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-08 15:10:53 +02:00
Lukas Reschke fecf72fb70 Merge pull request #4632 from nextcloud/login-logo-ratio
show non landscape logos bigger on the login page
2017-05-08 12:11:15 +02:00
Robin Appelman c50b7addc7
smaller max logo sizes and cleaner code
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-05-02 13:01:11 -03:00
Robin Appelman fa52f906e3
show non landscape icons bigger on the login page
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-05-01 19:05:21 +02:00
Jan-Christoph Borchardt 7015eb9fe5 Prevent flashing of apps and user menu
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2017-04-29 13:34:44 +02:00
Jan-Christoph Borchardt 241e397326 Merge branch 'master' into contactsmenu
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2017-04-26 00:50:38 +02:00
Christoph Wurst d091793ceb Contacts menu
* load list of contacts from the server
* show last message of each contact

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-04-25 20:47:17 +02:00
Jan-Christoph Borchardt 61af3f41f0
Fix auth flow background color and redirect view layout
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2017-04-25 20:18:49 +02:00
Roeland Jago Douma 05e1092c44
Correctly case the stateToken
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-25 20:18:49 +02:00
Lukas Reschke 6a16df7288
Add new auth flow
This implements the basics for the new app-password based authentication flow for our clients.
The current implementation tries to keep it as simple as possible and works the following way:

1. Unauthenticated client opens `/index.php/login/flow`
2. User will be asked whether they want to grant access to the client
3. If accepted the user has the chance to do so using existing App Token or automatically generate an app password.

If the user chooses to use an existing app token then that one will simply be redirected to the `nc://` protocol handler.
While we can improve on that in the future, I think keeping this smaller at the moment has its advantages. Also, in the
near future we have to think about an automatic migration endpoint so there's that anyways :-)

If the user chooses to use the regular login the following happens:

1. A session state token is written to the session
2. User is redirected to the login page
3. If successfully authenticated they will be redirected to a page redirecting to the POST controller
4. The POST controller will check if the CSRF token as well as the state token is correct, if yes the user will be redirected to the `nc://` protocol handler.

This approach is quite simple but also allows to be extended in the future. One could for example allow external websites to consume this authentication endpoint as well.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-25 20:18:49 +02:00
Julius Härtl 7548825743
Responsive app menu
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-04-25 17:31:24 +02:00
Morris Jobke 1f962f9115
Update email template for lost password email
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-12 15:19:53 -05:00
Morris Jobke 8fa5141aaa
Removes unused code for link share emails
* now handled by sharebymail app
* see https://github.com/nextcloud/server/pull/657

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-11 17:32:48 -05:00
Lukas Reschke afb5d45705 Merge pull request #4256 from nextcloud/theming
Move OC_Defaults to OCP\Defaults
2017-04-11 14:39:46 +02:00
Lukas Reschke 5ca5ebe584 Merge pull request #2618 from nextcloud/2fa-challenge-text
Move log out and backup codes link into 2fa box for better readability
2017-04-11 11:41:55 +02:00
Morris Jobke 5b4adf66e5
Move OC_Defaults to OCP\Defaults
* currently there are two ways to access default values:
  OCP\Defaults or OC_Defaults (which is extended by
  OCA\Theming\ThemingDefaults)
* our code used a mixture of both of them, which made
  it hard to work on theme values
* this extended the public interface with the missing
  methods and uses them everywhere to only rely on the
  public interface

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-09 21:43:01 -05:00
Jan-Christoph Borchardt 9a75714c22
rename confusing getMailHeaderColor to getColorPrimary, ref #3491
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2017-03-29 18:23:23 +02:00
Joas Schilling a88edce54f Merge pull request #4130 from nextcloud/replace-useless-print-unescaped-with-p
Replace unecessary unescaped prints with print
2017-03-29 10:02:10 +02:00
Pierre Rudloff 19d3133ccf
Web app manifest
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2017-03-28 18:39:57 -06:00
Lukas Reschke 99675b46e9
Replace unecessary unescaped prints with print
There's no need to have those unescaped from what I can see.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-29 00:43:44 +02:00
Roeland Jago Douma 1ae56b054b
Moving the inline js before the CSS
This allows browsers to do smarted parallel downloads

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-28 22:02:22 +02:00
Jan-Christoph Borchardt ea517b489f use theming colors for favicon on macOS
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2017-03-27 15:45:56 +02:00
Morris Jobke 12c5c336ad Merge pull request #4077 from nextcloud/better-navigation-management
Register the app management in the normal way
2017-03-26 15:48:19 -06:00
Joas Schilling 054e161eb5
Manage the right side menu via the navigation manager as well
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-26 19:40:41 +02:00
Joas Schilling ec330c7ac4
Register the app management in the normal way
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-26 19:08:51 +02:00
Jan-Christoph Borchardt 2048e3e201 replace name in top right with icon for less noise
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2017-03-26 18:15:34 +02:00
Lukas Reschke 6a4fde11e6
Merge login JS
Removes 2 requests.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-24 21:18:24 +01:00
Lukas Reschke 29039eb608 Merge pull request #3951 from nextcloud/menu-firefox-fixes
Fix new app menu on firefox
2017-03-20 13:15:43 +01:00
Roeland Jago Douma 376e6f0884 Merge pull request #3915 from michaelletzgus/html5-fix_autocapitalize
Fix value of attribute "autocapitalize"
2017-03-20 13:13:32 +01:00
Julius Härtl c994e7afcd
Fix filter for app icons on firefox
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-03-20 08:27:11 +01:00
Michael Letzgus 0b6ff1706f Fix duplicate id "apps-management"
Make duplicate id "apps-management" a class since IDs must be unique:

https://www.w3.org/TR/2011/WD-html5-20110525/elements.html#the-id-attribute
https://api.jquery.com/id-selector/

Signed-off-by: Michael Letzgus <michaelletzgus@users.noreply.github.com>
2017-03-19 12:36:29 +01:00
Michael Letzgus 98187bf942 Fix value of attribute "autocapitalize"
Change <input> attribute "autocapitalize" from value "off" to "none" regarding to apples dev guide:

https://developer.apple.com/library/content/documentation/AppleApplications/Reference/SafariHTMLRef/Articles/Attributes.html#//apple_ref/doc/uid/TP40008058-autocapitalize

Signed-off-by: Michael Letzgus <michaelletzgus@users.noreply.github.com>
2017-03-18 16:06:57 +01:00
Julius Haertl b8ef616455
Fix html formating issues
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:10 +01:00
Julius Haertl 780400302c
Rebuild menu to keep order of icons correct
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:10 +01:00
Julius Haertl 1d6fba03f4
Make enabling/disabling apps work with the new menu
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:10 +01:00
Julius Haertl 7eae6690ad
Make app management icon act like a normal app icon
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:09 +01:00
Julius Haertl 61dc78e6dc
Fix menu issues
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:09 +01:00
Julius Haertl a630e4629f
Generate seperate menu list for header bar
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:09 +01:00
Julius Haertl 42feab59d5
Show app icons in the header
Signed-off-by: Julius Haertl <jus@bitgrid.net>
2017-03-16 11:55:09 +01:00
Christoph Wurst b15c11b93b
Use button instead of simple links
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-03-06 11:00:58 +01:00
Christoph Wurst 511df0ec99
Move log out and back codes link into 2fa box for better readability
Fixes https://github.com/nextcloud/server/issues/2538

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-03-06 10:48:26 +01:00
Morris Jobke 200a28255e
Always enable avatars
* we introduced this setting in the begining because our
  avatar support caused some performance issues, but we
  fixed them and should only provide one way how Nextcloud
  looks

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-02-13 17:53:33 -06:00
Morris Jobke f1c4f4c020
Rename database password toggle
* otherwise submitting the form with the password show will be overwritten
* see 2c9d7eeb76/core/Controller/SetupController.php (L59)
* seems to be a legacy fallback
* fixes #3381

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-02-07 16:59:12 -06:00
Morris Jobke 5bad417e57 Merge pull request #2044 from nextcloud/login-credential-store
Login credential store
2017-01-30 19:30:04 -06:00
John Molakvoæ (skjnldsv) d0e88e328c
Add clear search button
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2017-01-25 09:15:37 +01:00
Christoph Wurst 7c824a6177
fix scss
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-01-23 09:03:05 +01:00
Christoph Wurst 202509251c
Use flexbox for header and rearrange some elements
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-01-23 09:03:03 +01:00
Christoph Wurst 140555b786
always allow remembered login
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-01-11 19:20:11 +01:00
Cornelius Kölbel e077e01bf2
Add a TwoFactorException
A Two Factor third party App may throw a TwoFactorException()
with a more detailed error message in case the authentication fails.
The 2FA Controller will then display the message of this Exception
to the user.

Working on #26593

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-01-11 11:01:52 +01:00
Sourav Badami 3dc562bb7a
Fix #24219: Added hint for specifying a port. (#26860)
* Added hint for specifying a port.

* Minor changes.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-12-22 15:55:09 +01:00
Joas Schilling eed0eaeb86
Use a form so firefox doesn't try to save the space as a password
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-12-19 12:43:31 +01:00
Joas Schilling 924358ef96
Save the timezone on login again
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-12-08 10:45:24 +01:00
Morris Jobke 224c89c1b8 Remove leftovers from #1929
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-11-30 01:07:00 +01:00
Felix Epp 6aa79cacfd Fix mail header logo [fixes #1326]
Signed-off-by: Felix A. Epp <work@felixepp.de>
2016-11-30 01:06:47 +01:00
Jan-Christoph Borchardt e75dede590 fix some outdated naming
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2016-11-24 16:05:05 +01:00
Jan-Christoph Borchardt 56881433c0 show installation spinner correctly, fix #2129
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2016-11-22 15:58:00 +01:00
Joas Schilling 80abb69b60
Show a little explanation above the input field
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-18 12:10:51 +01:00
Joas Schilling 05df523395
Empty the password field on submission of the form
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-18 12:10:51 +01:00
Joas Schilling d75e35b75e
Introduce the UI for password confirmation
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-18 11:57:16 +01:00
Roeland Jago Douma 740659a04c
Move away from OC_L10N
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-28 21:46:28 +02:00
Roeland Jago Douma 6dbe417c51
Inlince oc.js if possible!
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-25 22:03:18 +02:00
Morris Jobke 89574367bc Merge pull request #1871 from nextcloud/use-csp-nonces
Use CSP nonces
2016-10-25 14:46:00 +02:00
Lukas Reschke 38b3ac8213
Add ContentSecurityPolicyNonceManager
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-24 16:35:31 +02:00
Lukas Reschke 9e6634814e
Add support for CSP nonces
CSP nonces are a feature available with CSP v2. Basically instead of saying "JS resources from the same domain are ok to be served" we now say "Ressources from everywhere are allowed as long as they add a `nonce` attribute to the script tag with the right nonce.

At the moment the nonce is basically just a `<?php p(base64_encode($_['requesttoken'])) ?>`, we have to decode the requesttoken since `:` is not an allowed value in the nonce. So if somebody does on their own include JS files (instead of using the `addScript` public API, they now must also include that attribute.)

IE does currently not implement CSP v2, thus there is a whitelist included that delivers the new CSP v2 policy to newer browsers. Check http://caniuse.com/#feat=contentsecuritypolicy2 for the current browser support list. An alternative approach would be to just add `'unsafe-inline'` as well as `'unsafe-inline'` is ignored by CSPv2 when a nonce is set. But this would make this security feature unusable at all in IE. Not worth it at the moment IMO.

Implementing this offers the following advantages:

1. **Security:** As we host resources from the same domain by design we don't have to worry about 'self' anymore being in the whitelist
2. **Performance:** We can move oc.js again to inline JS. This makes the loading way quicker as we don't have to load on every load of a new web page a blocking dynamically non-cached JavaScript file.

If you want to toy with CSP see also https://csp-evaluator.withgoogle.com/

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-24 12:27:50 +02:00
Robin Appelman 7427fb170f
show empty folder message in filepicker
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-10-21 16:35:55 +02:00
Robin Appelman 14f78369d7
Use a table for the filepicker list and add size column
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-10-19 14:18:21 +02:00
Jan-Christoph Borchardt cf5d30387b Merge pull request #1641 from nextcloud/log-in-button
bring back dedicated log in button to make log in more usable
2016-10-17 18:28:27 +02:00
Jan-Christoph Borchardt aa4eaf3a7e finish up layout of log in page, postpone forgot password link for later
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2016-10-17 14:28:49 +02:00
Robin Appelman 6d43942125
filepicker styling
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-10-14 17:36:08 +02:00
Jan-Christoph Borchardt ee231759e5 update styles of log in
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2016-10-11 13:58:10 +02:00
Joas Schilling b8030e6d02 Use name from theming 2016-10-07 09:44:42 +02:00
Roeland Jago Douma 19485e3ec9
Set proper web title for apple
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-06 20:57:32 +02:00
Jan-Christoph Borchardt 75ec1541e4 fix log in button layout 2016-10-06 19:08:32 +02:00
Jan-Christoph Borchardt 3141680feb bring back dedicated log in button to make log in more usable 2016-10-06 16:48:10 +02:00
Joas Schilling 7c0951244a
Deprecate getEditionString() 2016-09-06 16:05:28 +02:00
Lukas Reschke 06fa486706 Merge pull request #1158 from nextcloud/cache_avatars
Cache avatars
2016-09-05 15:08:43 +02:00
Christoph Wurst 8acb734854
add 2fa backup codes app
* add backup codes app unit tests
* add integration tests for the backup codes app
2016-09-05 08:51:13 +02:00
coderkun 56862e3fdc Add attribute “tabindex” to login form (fixes #1110) 2016-08-31 21:58:10 +02:00
Roeland Jago Douma 14136295b7
Cache avatars properly
* Set proper caching headers for avatars (15 minutes)
* For our own avatar use some extra logic to invalidate when we update
2016-08-30 09:00:16 +02:00
Raghu Nayyar b580c3664d Merge pull request #1093 from nextcloud/mail-fontstack
use proper font stack for email
2016-08-28 10:30:50 +02:00
Christoph Wurst 78bb02d27a
list 2FA providers as buttons 2016-08-27 12:27:05 +02:00
Christoph Wurst 4a91673154
use centered h2 for 2FA page headers 2016-08-27 11:33:15 +02:00
Christoph Wurst c93c5d142e
fix 2fa challenge page wording 2016-08-27 11:12:12 +02:00
Christoph Wurst dc57b89f37
reorder 2fa challenge HTML 2016-08-27 11:12:12 +02:00
Jan-Christoph Borchardt 042c744ac6 use proper font stack for email 2016-08-26 22:59:24 +02:00
Lukas Reschke 8a6b5a1d86
Remove uninterpreted PHP
This is in an HTML file. The PHP won't be executed 🙈
2016-08-19 14:24:26 +02:00
Lukas Reschke fb183f8143
Add cachebuster to right navigation 2016-08-18 12:36:14 +02:00
Lukas Reschke 3c7d2544b9
Add cache buster to left menu bar 2016-08-18 12:34:55 +02:00
Morris Jobke bded787d0c
Empty tags are not allowed for image and feColorMatrix in IE11 and below 2016-08-17 15:59:30 +02:00
Arthur Schiwon ceeb44bd04
Initial work on Apps page split:
* interfaces for the Admin settings (IAdmin) and section (ISection)
* SettingsManager service
* example setup with LDAP app
2016-08-09 18:05:09 +02:00
Jan-Christoph Borchardt 835dc59d6a reduce info on update screens, introduce button to refresh 2016-08-04 12:48:25 +02:00
Jan-Christoph Borchardt 2f9725469d switch nested containers in update to semibold style 2016-08-03 18:58:44 +02:00
Morris Jobke d97fe1775a
Shake the login fields if password is wrong 2016-08-01 21:42:29 +02:00