We do not want to have sensitive information in the URL and
therefore also not in the access log. Thus the GET request is
replaced by a POST request.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
When we test wheter action menus in the contacts menu close
when clicking other ones, we have to provide test data
that actually causes the view to render the menu.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
This implements the basics for the new app-password based authentication flow for our clients.
The current implementation tries to keep it as simple as possible and works the following way:
1. Unauthenticated client opens `/index.php/login/flow`
2. User will be asked whether they want to grant access to the client
3. If accepted the user has the chance to do so using existing App Token or automatically generate an app password.
If the user chooses to use an existing app token then that one will simply be redirected to the `nc://` protocol handler.
While we can improve on that in the future, I think keeping this smaller at the moment has its advantages. Also, in the
near future we have to think about an automatic migration endpoint so there's that anyways :-)
If the user chooses to use the regular login the following happens:
1. A session state token is written to the session
2. User is redirected to the login page
3. If successfully authenticated they will be redirected to a page redirecting to the POST controller
4. The POST controller will check if the CSRF token as well as the state token is correct, if yes the user will be redirected to the `nc://` protocol handler.
This approach is quite simple but also allows to be extended in the future. One could for example allow external websites to consume this authentication endpoint as well.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Before, the icon appeared below the text input for the password. Now, it
appears inside the text input, to the right end.
The CSS was adjusted based on other icons shown in that position for
other text inputs in the Share tab view, like the information icon or
the clipboard icon.
Fixes#4135
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
When a request to set the password of a shared link is sent a working
icon is shown. However, as there was no "success" callback, the icon was
never hidden again after successfully setting the password (it worked
fine if there was an error, though).
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Calls to `sinon.stub(obj, 'meth', fn)` are deprecated and therefore
replaced by `sinon.stub(obj, 'meth).callsFake(fn)` as instructed by
the deprecation warning.
This makes the js unit testing output readable again.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Roeland Jago Douma
Lukas Reschke
Robin Appelman
Ivan Sein
Vincent Petry
Georg Ehrke
Jan-Christoph Borchardt
Morris Jobke
Christoph Wurst
Julius Härtl
Daniel Calviño Sánchez
Roeland Jago Douma
Bjoern Schiessle
Joas Schilling