Commit Graph

84 Commits

Author SHA1 Message Date
Roeland Jago Douma e0d2ef32e8 Harden apptoken check
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2021-05-18 13:10:20 +00:00
Daniel Calviño Sánchez d2f1225b34 Fix deleting properties of user settings when not given explicitly
The controller can receive an optional subset of the properties of the
user settings; values not given are set to "null" by default. However,
those null values overwrote the previously existing values, so in
practice any value not given was deleted from the user settings. Now
only non null values overwrite the previous values.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2021-04-23 16:53:11 +02:00
Daniel Calviño Sánchez 3304d33e3b Fix TypeError when "email" is not given in the controller request
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2021-04-23 16:53:11 +02:00
Daniel Calviño Sánchez e30271be4f Respect additional user settings not covered by the controller
"AccountManager::updateUser()" wipes previous user data with whichever
user data is given (except for some adjustments, like resetting the
verified status when needed). As the controller overrode the properties
those properties would lose some of their attributes even if they are
not affected by the changes made by the controller. Now the controller
only modifies the attributes set ("value" and "scope") to prevent that.

Note that with this change the controller no longer removes the
"verified" status, but this is not a problem because, as mentioned,
"AccountManager::updateUser()" resets them when needed (for example,
when the value of the website property changes).

This change is a previous step to fix overwritting properties with null
values, and it will prevent the controller from making unexpected
changes if more attributes are added in the future.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2021-04-23 16:53:10 +02:00
Daniel Calviño Sánchez eaedf5fcd9 Use constants from interface rather than class
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2021-04-23 16:53:07 +02:00
Morris Jobke 2ff7bc51a7 Harden setup check for TLS version if host is not reachable
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-12-02 13:30:23 +00:00
Julius Härtl dd4dc60f4c Harden key generation
There might be cases where multiple requests trigger the key generation
at the same time and the instance ends up with a non-fitting
public/private key pair. Therefore the whole key generation should be
locked. Other than that this makes sure that user key generation return
values are properly validated.

Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-10-28 14:14:01 +00:00
Robin Appelman fdc70c08c6 save email as lower case
email addresses are case insensitive

Signed-off-by: Robin Appelman <robin@icewind.nl>
2020-10-27 20:25:30 +00:00
timm2k 76fb914944 Update CheckSetupController.php 2020-10-26 09:00:24 +00:00
Morris Jobke 5ed3f43927
Add app config option to disable "Email was changed by admin" activity
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-08-13 13:31:49 +02:00
Daniel Kesselberg df75d3ab59 Enable passwordless for everyone not only admins.
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2020-06-07 13:07:53 +00:00
Thomas Citharel 26f72d1aec Use \OC::$CLI instead of PHP_SAPI
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2020-06-04 17:06:54 +00:00
Arthur Schiwon 557a3754c1 use the loginname to verify the old password in user password changes
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-05-26 19:20:42 +00:00
GretaD adbdecb1d6 Fix languages empty array
Signed-off-by: GretaD <gretadoci@gmail.com>
2020-05-08 09:25:59 +00:00
Christoph Wurst cb057829f7
Update license headers for 19
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-29 11:57:22 +02:00
Roeland Jago Douma 19171d77e2
Merge pull request #19191 from laurisb/patch-1
Improve Opcache detection
2020-04-15 11:03:05 +02:00
Roeland Jago Douma a307d82e1d
Merge pull request #20427 from nextcloud/bug/noid/fix-password-reset-activity
Fix password reset saying Admin changed my password when reset from login page
2020-04-13 13:15:49 +02:00
Roeland Jago Douma 1cc793888f
Merge pull request #20421 from nextcloud/fix/20393/recommendend_webauthn_mods
Show setup check for recommended php modules
2020-04-12 15:56:10 +02:00
Thomas Citharel 18e8af4bb8
Fix password reset saying Admin changed my password when reset from
login page

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2020-04-10 18:05:43 +02:00
Christoph Wurst 28f8eb5dba
Add visibility to all constants
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 16:54:27 +02:00
Christoph Wurst a7c8d26d31
Add visibility to all properties and move static keyword
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 16:48:31 +02:00
Christoph Wurst caff1023ea
Format control structures, classes, methods and function
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.

This also removes and empty lines from method/function bodies at the
beginning and end.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 14:19:56 +02:00
Roeland Jago Douma 75836f004d
Show setup check for recommended php modules
Fixes #20393

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-04-10 13:25:12 +02:00
Christoph Wurst 14c996d982
Use elseif instead of else if
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 10:35:09 +02:00
Christoph Wurst afbd9c4e6e
Unify function spacing to PSR2 recommendation
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 13:54:22 +02:00
Christoph Wurst 2a529e453a
Use a blank line after the opening tag
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 11:50:14 +02:00
Christoph Wurst 41b5e5923a
Use exactly one empty line after the namespace declaration
For PSR2

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 11:48:10 +02:00
Christoph Wurst 2fbad1ed72
Fix (array) indent style to always use one tab
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 10:16:08 +02:00
Christoph Wurst 85e369cddb
Fix multiline comments
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-08 22:24:54 +02:00
Joas Schilling bc6a5ef5c4
Merge pull request #19890 from nextcloud/enh/comments-reference-id
Add optional comments reference_id
2020-04-02 11:34:21 +02:00
Roeland Jago Douma 19ca921676
Merge pull request #20241 from nextcloud/fix/license-headers-19
Update the license headers for Nextcloud 19
2020-04-01 12:44:21 +02:00
Roeland Jago Douma 53db05a1f6
Start with webauthn
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>
2020-03-31 22:17:07 +02:00
Christoph Wurst 1a9330cd69
Update the license headers for Nextcloud 19
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-31 14:52:54 +02:00
Joas Schilling 720dc4e93d
Add optional column oc_comments.reference_id
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-03-31 10:51:15 +02:00
Christoph Wurst 463b388589
Merge pull request #20170 from nextcloud/techdebt/remove-unused-imports
Remove unused imports
2020-03-27 17:14:08 +01:00
Christoph Wurst b80ebc9674
Use the short array syntax, everywhere
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-26 16:34:56 +01:00
Christoph Wurst 74936c49ea
Remove unused imports
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-25 22:08:08 +01:00
Roeland Jago Douma 3b26bfe879
Merge pull request #20127 from nextcloud/bugfix/noid/check-user-on-remote-wipe
Check the user on remote wipe
2020-03-24 20:26:52 +01:00
Roeland Jago Douma b0ea022a3e
Add basic reverseproxy misconfig detection to setupchecks
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-03-23 10:37:08 +01:00
Julius Härtl 381decca49 Add setting to restrict user enumeration to groups
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-03-20 10:43:55 +01:00
Daniel Kesselberg 73643fe70b
Make sure app_install_overwrite is an array
otherwise in_array will complain.

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2020-03-16 22:33:47 +01:00
Joas Schilling 9935c71ec3
Check the user on remote wipe
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-03-16 09:29:28 +01:00
Roeland Jago Douma c8a360cd7a
Merge pull request #19580 from nextcloud/debt/noid/outdated-check
Update check for outdated php version.
2020-03-10 20:10:54 +01:00
Julius Härtl f65e36a70c
Hide development notice when subscription is valid
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-03-06 13:08:23 +01:00
Christoph Wurst d47daefe38
Revive the "send email to new users" toggle for the user form
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-02-28 14:01:03 +01:00
Daniel Kesselberg f228d73b38
Update check for outdated php version.
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2020-02-24 20:14:13 +01:00
Daniel Kesselberg 8e8e912015
Make sure quota_preset is using numerical indexes
If one set quota_present to "default, none, 1 GB, 5 GB, 10 GB" the old implementation will remove default and none but keep the array indexes. Later json_encode will recognize a array with 2 as first index as object and hence quotaPreset.reduce will fail.

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2020-02-22 20:06:16 +01:00
Joas Schilling f464f2313f
Fix unit tests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-02-10 10:14:02 +01:00
Joas Schilling bf74c4f21b
Warn admins about delayed cron executions
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-02-08 10:21:54 +01:00
Roeland Jago Douma af8ad96285
Use the l10n from settings
Fixes #19261

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-02-03 09:44:59 +01:00