Commit Graph

397 Commits

Author SHA1 Message Date
Roeland Jago Douma 95ad9ab4ac
Merge pull request #20401 from nextcloud/fix/login-sso-redirct
Fix absolute redirect
2020-04-15 11:28:40 +02:00
Christoph Wurst 28f8eb5dba
Add visibility to all constants
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 16:54:27 +02:00
Christoph Wurst caff1023ea
Format control structures, classes, methods and function
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.

This also removes and empty lines from method/function bodies at the
beginning and end.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 14:19:56 +02:00
Christoph Wurst 14c996d982
Use elseif instead of else if
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 10:35:09 +02:00
John Molakvoæ (skjnldsv) 6c49dc2d1f
Fix absolute redirect
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2020-04-10 08:58:54 +02:00
Christoph Wurst 008e6d7e84
Merge pull request #20391 from nextcloud/refactor/spaces-cleanup
Remove all extra whitespace PSR2 does not like
2020-04-09 20:39:37 +02:00
Christoph Wurst 64510932b8
Merge pull request #20384 from nextcloud/techdebt/lowercase-keywords
Use php keywords in lowercase
2020-04-09 16:25:14 +02:00
Christoph Wurst 44577e4345
Remove trailing and in between spaces
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 16:07:47 +02:00
Christoph Wurst 42625a46be
Remove spaces after method or function call
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 16:05:56 +02:00
Christoph Wurst 36b3bc8148
Use php keywords in lowercase
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 14:04:56 +02:00
Christoph Wurst afbd9c4e6e
Unify function spacing to PSR2 recommendation
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 13:54:22 +02:00
Christoph Wurst 2a529e453a
Use a blank line after the opening tag
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 11:50:14 +02:00
Christoph Wurst 2fbad1ed72
Fix (array) indent style to always use one tab
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 10:16:08 +02:00
Christoph Wurst 85e369cddb
Fix multiline comments
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-08 22:24:54 +02:00
Roeland Jago Douma 19ca921676
Merge pull request #20241 from nextcloud/fix/license-headers-19
Update the license headers for Nextcloud 19
2020-04-01 12:44:21 +02:00
Roeland Jago Douma 53db05a1f6
Start with webauthn
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>
2020-03-31 22:17:07 +02:00
Christoph Wurst 1a9330cd69
Update the license headers for Nextcloud 19
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-31 14:52:54 +02:00
Christoph Wurst 463b388589
Merge pull request #20170 from nextcloud/techdebt/remove-unused-imports
Remove unused imports
2020-03-27 17:14:08 +01:00
Christoph Wurst b80ebc9674
Use the short array syntax, everywhere
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-26 16:34:56 +01:00
Christoph Wurst 74936c49ea
Remove unused imports
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-25 22:08:08 +01:00
Roeland Jago Douma 6ea1aef031
Merge pull request #19723 from nextcloud/bug/18603/avatar-response
Always use status 200 for avatar response
2020-03-03 16:15:14 +01:00
Daniel Kesselberg 68148f4073
Always use status 200 for avatar response
As discussed in #18603 caching a 201 response is hard. It's now possible to distinguish between generated and uploaded avatars by reading the X-NC-IsCustomAvatar (0 = generated, 1 = uploaded) header.

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2020-03-01 00:42:24 +01:00
Joas Schilling a92ab77747
Also cache avatars when it's not allowed
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-02-28 10:44:15 +01:00
Christoph Wurst 6127c288e8 Fix license headers
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-01-13 14:23:49 +01:00
Roeland Jago Douma da81b71f93
Only allow requesting new CSRF tokens if it passes the SameSite Cookie test
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-01-03 13:12:03 +01:00
Christoph Wurst 1b46621cd3
Update license headers for 18
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-12-20 09:23:25 +01:00
Roeland Jago Douma 87104ce510
Merge pull request #17784 from nextcloud/enh/disable-clear-site-data-via-config
Disable Clear-Site-Data for Chrom* (and Opera, Brave, etc)
2019-12-12 21:59:42 +01:00
Christoph Wurst 302558cfd2
Add a dedicated page for the recommended apps installation
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>
2019-12-12 08:13:01 +01:00
Christoph Wurst 5bf3d1bb38
Update license headers
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-12-05 15:38:45 +01:00
Christoph Wurst a8f2e6914d
Add checkbox to install recommended apps during setup
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>
2019-12-04 14:14:38 +01:00
Joas Schilling 738e6bf079
Merge pull request #17715 from nextcloud/fix/5456/respect_avatar_privacy
Honor avatar visibility settings
2019-12-04 10:28:45 +01:00
Daniel Kesselberg 9378a6b411
Send Clear-Site-Data expect for Chrome
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-11-30 15:17:22 +01:00
Christoph Wurst 81e35d0c8a
Trim the login name
Otherwise we keep on using it with leading or trailing whitespaces for
app tokens and other logic. The reason this doesn't throw an error
immediately with local users is that (My)SQL compares strings regardless
of their padding by default. So we look up 'uid ' and get the row for
the user 'uid'.
Other back-ends will lead to a hard error, though, and the user is
unable to log out as all request fail.

Ref https://stackoverflow.com/a/10495807/2239067

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-11-28 20:52:05 +01:00
Joas Schilling 06f97c0fd0
Fix autocomplete suggestions with numeric user ids
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-11-26 09:19:49 +01:00
Roeland Jago Douma c7d5b8fc49
Merge pull request #18079 from nextcloud/fixes/phpcs
Some php-cs fixes
2019-11-25 14:07:00 +01:00
Daniel Kesselberg 957c0df01b
Remove exception for settings app from svg controller
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-11-24 17:15:06 +01:00
Roeland Jago Douma 68748d4f85
Some php-cs fixes
* Order the imports
* No leading slash on imports
* Empty line before namespace
* One line per import
* Empty after imports
* Emmpty line at bottom of file

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-22 20:52:10 +01:00
Roeland Jago Douma 54eb27dab2
Update tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-13 20:43:20 +01:00
RussellAult 19791b2460
Check getRedirectUri() for queries
Resolves Issue #17885

Check getRedirectUri() for queries, and add a '&' instead of a '?' to $redirectUri if it already has them; otherwise, $redirectUri might end up with two '?'.

Signed-off-by: RussellAult <russellault@users.noreply.github.com>
2019-11-13 14:05:03 +01:00
Roeland Jago Douma 0bd1378f81
Honor avatar visibility settings
Fixes #5456
Only when an avatar is set to public should we show it to the public.
For now this has an open question as to how to solve federated avatars.
But I assume a dedicated paramter or endpooint would make sense there.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-10-28 13:48:34 +01:00
Roeland Jago Douma 2cf068463f
Harden middleware check
These annotations will allow for extra checks. And thus make it harder
to break things.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-10-25 15:44:37 +02:00
Sergej Nikolaev 1b5d85a4ca fix oauth client redirect
Signed-off-by: Sergej Nikolaev <kinolaev@gmail.com>
2019-10-04 21:09:13 +03:00
Roeland Jago Douma cd1f443804
Allow rotation of apppasswords
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-27 13:46:06 +02:00
Daniel Kesselberg e32b2c4b76
Stop if there is no encrypted token
Fix Argument 1 passed to OC\Security\Crypto::decrypt() must be of the type string, null given

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-08-18 19:58:50 +02:00
Roeland Jago Douma 6dc179ee12
Fix login flow form actions
So fun fact. Chrome considers a redirect after submitting a form part of
the form actions. Since we redirect to a new protocol (nc://login/).
Causing the form submission to work but the redirect failing hard.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-11 19:53:49 +02:00
Roeland Jago Douma 436f7b92d5
Merge pull request #16544 from nextcloud/bugfix/16540
Add missing password reset page to vue
2019-07-31 11:02:20 +02:00
Julius Härtl 3b0d13944a
Move actual password reset to vue
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-07-31 09:19:07 +02:00
Morris Jobke ec7e837d6a
Merge pull request #16563 from nextcloud/enh/lostcontroller/better_exceptions
Use proper exception in lostController
2019-07-29 10:42:36 +02:00
Roeland Jago Douma b6dd2ebd39
Use proper exception in lostController
There is no need to log the expcetion of most of the stuff here.
We should properly log them but an exception is excessive.

This moves it to a proper exception which we can catch and then log.
The other exceptions will still be fully logged.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-27 20:12:16 +02:00
Roeland Jago Douma a2a53848b0
Update PreviewController
The constructor is called with the userId. However if a user is not
logged in this is null. Which means that we get an exception instead of
this being handled gracefully in the middleware.

There are cleaner solutions. But this is the solution that is the
easiest to apply without lots of work and risk of breaking things
(handling the logged in middleware before initializing the controller
etc).

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-26 17:37:11 +02:00