cf69a2b7eb
UPDATE permissions qualify for renaming a node
2016-09-07 11:22:57 +02:00
4c0665b6ec
Only require CREATE permissions when the file does not exist yet
2016-09-07 11:10:48 +02:00
0cb34c2fa5
[master] DAV: Return data-fingerprint always when asked ( #25482 )
...
For owncloud/client#5056
Users can configure arbitrary subfolders for syncing, therefore we should
always return it when asked for.
The sync client makes sure to not always ask for it to save bandwidth.
2016-08-29 14:37:14 +02:00
4d85ffc27c
Merge pull request #1054 from nextcloud/less-cache-hits
...
Reduce the number of cache operations for dav operations
2016-08-27 22:44:29 +02:00
7c4d9add0d
reuse the userfolder's fileinfo when possible during dav setup
2016-08-25 17:22:22 +02:00
6af2efb679
prevent infinite redirect loops if the there is no 2fa provider to pass
...
This fixes infinite loops that are caused whenever a user is about to solve a 2FA
challenge, but the provider app is disabled at the same time. Since the session
value usually indicates that the challenge needs to be solved before we grant access
we have to remove that value instead in this special case.
2016-08-24 10:49:23 +02:00
1fef5d3d06
add dav property to check if a file has a preview available
2016-07-27 12:59:39 +02:00
0215b004da
Update with robin
2016-07-21 18:13:58 +02:00
813f0a0f40
Fix apps/
2016-07-21 18:13:57 +02:00
c385423d10
Merge pull request #479 from nextcloud/add-bruteforce-throttler
...
Implement brute force protection
2016-07-21 00:31:02 +02:00
ba4f12baa0
Implement brute force protection
...
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.
It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
2016-07-20 22:08:56 +02:00
a17ba2f488
Merge pull request #466 from nextcloud/escape-special-characters
...
Escape special characters (#25429 )
2016-07-20 21:24:19 +02:00
e5c4f53eea
Cast share id to string ( #25402 )
2016-07-20 15:10:10 +02:00
7c0de08cc4
Escape special characters ( #25429 )
...
* Escape LIKE parameter
* Escape LIKE parameter
* Escape LIKE parameter
* Escape LIKE parameter
* Escape LIKE parameter
* Use correct method in the AbstractMapping class
* Change the getNamesBySearch method so that input can be properly escaped while still supporting matches
* Don't escape hardcoded wildcard
2016-07-20 14:46:47 +02:00
ea470f8777
Merge pull request #405 from nextcloud/theming-fixes
...
Theming fixes
2016-07-18 15:59:47 +02:00
2c988ecbf4
Use the themed Defaults everywhere
2016-07-15 09:17:30 +02:00
059b7435ab
PasswordLoginForbidden is not a FATAL exception
...
It is just a 'Sabre\DAV\Exception\NotAuthenticated' exception
with some special meaning.
So just log it as DEBUG and not as FATAL.
2016-07-14 22:53:12 +02:00
26e14529be
fix error message
2016-06-30 13:50:31 +02:00
c771368c4e
Add proper throws PHP docs
2016-06-30 13:19:50 +02:00
1e7f0f7341
Add required $message parameter
2016-06-30 13:17:53 +02:00
3571207bd9
add some additonal permission checks to the webdav backend
2016-06-30 11:16:49 +02:00
2340660a5b
PasswordLoginForbidden must extend NotAuthenticated
...
The auth code from Sabre will forward NotAuthenticated exceptions but
in the case of a generic exception, it is packaged as "service not
available".
2016-06-17 15:50:24 +02:00
5a8cfab68f
throw PasswordLoginForbidden on DAV
2016-06-17 11:30:24 +02:00
82b50d126c
add PasswordLoginForbiddenException
2016-06-17 11:02:07 +02:00
331d88bcab
create session token on all APIs
2016-06-13 15:38:34 +02:00
67c3a97401
Merge pull request #25046 from owncloud/fix-the-realm
...
Use the correct realm for basic authentication
2016-06-10 10:41:46 +02:00
543545505d
Merge pull request #25043 from owncloud/webdav-download-mimetype
...
DAV now returns file name with Content-Disposition header
2016-06-10 09:55:59 +02:00
1399e87d57
DAV now returns file name with Content-Disposition header
...
Fixes issue where Chrome would append ".txt" to XML files when
downloaded in the web UI
2016-06-09 15:51:41 +02:00
cf06b17df1
Use the correct realm for basic authentication - fixes #23427
2016-06-09 13:53:32 +02:00
f20c617154
Allow login by email address via webdav as well - fixes #24791
2016-06-09 12:08:49 +02:00
f119769c26
Better handling of forbidden files in dav
2016-06-07 14:01:55 +02:00
371a07e3ab
Fix checkMove() implementation for dav v2 - fixes #24776 ( #24971 )
2016-06-06 17:01:27 +02:00
3ff2bec5fa
Merge pull request #24935 from owncloud/2fa-block-dav
...
block DAV if 2FA challenge needs to be solved first
2016-06-02 15:31:18 +02:00
942e946f06
Catch the ForbiddenException to make sure it gets handled
2016-06-01 16:17:57 +02:00
da03a85c3c
block DAV if 2FA challenge needs to be solved first
2016-06-01 10:42:38 +02:00
aba539703c
Update license headers
2016-05-26 19:57:24 +02:00
28ce7dd262
do not allow client password logins if token auth is enforced or 2FA is enabled
2016-05-24 17:54:02 +02:00
ad10485cec
when generating browser/device token, save the login name for later password checks
2016-05-24 11:49:15 +02:00
87fa86a69a
Merge pull request #24559 from owncloud/2fa
...
two factor auth
2016-05-23 20:50:03 +02:00
dfb4d426c2
Add two factor auth to core
2016-05-23 11:21:10 +02:00
2b30136ae9
ensure comments-href returns a value also when propfind is done against remote.php/files
2016-05-20 16:22:13 +02:00
dd9ee10bc0
Move dav app to PSR-4 ( #24527 )
...
* Move Application to correct namespace and PSR-4 it
* Move dav app to PSR-4
2016-05-12 09:42:40 +02:00
Joas Schilling
Markus Goetz
Lukas Reschke
Robin Appelman
Christoph Wurst
Vincent Petry
Aaron Wood
Björn Schießle
Roeland Jago Douma
Lukas Reschke
Christoph Wurst
Thomas Müller
Robin Appelman
Thomas Müller
Joas Schilling
Arthur Schiwon
Joas Schilling