Before the public share authentication page is rendered now an event to
load additional scripts is dispatched. Thanks to this any app can load
its own scripts that, when run on the browser, adjust as needed the page
generated by the server.
Note, however, that during the handling of the event apps are only able
to add scripts or styles to be loaded; they can not render arbitrary
content on the page, or change how the content is rendered by the
original template; all those changes have to be done by the scripts at
run-time.
This implies that the scripts of the apps can use only those parameters,
like the token of the share, added to the page when it is generated by
the "publicshareauth" template. Due to this, and given that the event is
being introduced to be used by Talk to inject the UI needed to request
the password for a share, the token of the share is now provided in the
generated page, just like done in the public share page.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
It was already added to the user template but we should add it to all
templates. Else apps that want the locale but use special templating (hi
richdocuments!) will fail.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Added OC.getLanguage() to get Language
<html lang=''> still gets language, though according to IETF BCP47 locale should be good.
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
Now this is in core so the basics (that 99% of the app will want to
use) looks always the same.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This adds persistence to the Nextcloud server 2FA logic so that the server
knows which 2FA providers are enabled for a specific user at any time, even
when the provider is not available.
The `IStatefulProvider` interface was added as tagging interface for providers
that are compatible with this new API.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Before there was a button to "quickly" add the untrusted domain to the config. This button often didn't worked, because the generated URL was often untrusted as well. Thus removing it and providing proper docs seems to be the better approach to handle this rare case.
Also the log should not be spammed by messages for the untrusted domain accesses, because they are user related and not necessarily an administrative issue.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
This fixes a regression caused by 9b668d0, where the css filters to
preview color inversion of the app menu was applied by default. This
commit makes the css filters sensitive on what the current state of the
app menu is.
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Any `\OCP\Authentication\IApacheBackend` previously had to implement `getLogoutAttribute` which returns a string.
This string is directly injected into the logout `<a>` tag, so returning something like `href="foo"` would result
in `<a href="foo">`.
This is rather error prone and also in Nextcloud 12 broken as the logout entry has been moved with
054e161eb5 inside the navigation manager where one cannot simply inject attributes.
Thus this feature is broken in Nextcloud 12 which effectively leads to the bug described at nextcloud/user_saml#112,
people cannot logout anymore when using SAML using SLO. Basically in case of SAML you have a SLO url which redirects
you to the IdP and properly logs you out there as well.
Instead of monkey patching the Navigation manager I decided to instead change `\OCP\Authentication\IApacheBackend` to
use `\OCP\Authentication\IApacheBackend::getLogoutUrl` instead where it can return a string with the appropriate logout
URL. Since this functionality is only prominently used in the SAML plugin. Any custom app would need a small change but
I'm not aware of any and there's simply no way to fix this properly otherwise.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
The pure CSS loading icon uses an ::after pseudo-element, and thus it
can only be used on container elements; the input element is not a
container element, so when the class "icon-loading-small" is set on an
input element it falls back to a loading icon GIF.
This commit modifies the markup of the login button to add a div element
that holds the confirm icon and the loading icon (depending on the
case). In order to position the icon in the same place as before the
input and the icon are both wrapped by another div making possible to
set the absolute position of the icon relative to the input.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
* Nextcloud is not properly loaded in the standalone version (especially the theming)
* it is already not listed anymore in the Nginx config (see nextcloud/documentation#392)
* the index.php-free version doesn't support this
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Use Unified function to emit <link> tags for css loading, obey "Don't Repeat Yourself" ;-)
(Next step might by to combine this with the emit <script> function (even more DRY?) AND move all this to a better place?)
Signed-off-by: Michael Letzgus <michaelletzgus@users.noreply.github.com>
* Create generalized function for emmitting <script defer src=""> tags to templates
* Remove type attribute from inline_js
* Add defer attribute to external <script> tags
Signed-off-by: Michael Letzgus <michaelletzgus@users.noreply.github.com>
* adds a disclaimer that an update via web UI is on own risk
* allows to skip the warning
* fixes#4353
Signed-off-by: Morris Jobke <hey@morrisjobke.de>