Christoph Wurst
8b6bb0a426
Log user out correctly if max session lifetime is reached ( #24552 )
2016-05-12 12:09:13 +02:00
Christoph Wurst
168ccf90a6
try apache auth too
2016-05-11 13:36:46 +02:00
Christoph Wurst
d8cde414bd
token based auth
...
* Add InvalidTokenException
* add DefaultTokenMapper and use it to check if a auth token exists
* create new token for the browser session if none exists
hash stored token; save user agent
* encrypt login password when creating the token
2016-05-11 13:36:46 +02:00
Roeland Jago Douma
9e1d9871a8
Move OC_User_Database to \OC\User\Database
2016-05-10 19:53:36 +02:00
Joas Schilling
8668560352
Keep the composer instance so we can add psr4 paths later
2016-05-02 14:10:53 +02:00
Thomas Müller
e37b95ae53
Merge pull request #24200 from owncloud/appframework_psr4
...
Move \OC\AppFramework to PSR-4
2016-04-22 17:22:02 +02:00
Thomas Müller
f56be022a3
Disable web updater if ldap or shibboleth are installed - refs https://github.com/owncloud/core/issues/23913#issuecomment-213432232
2016-04-22 15:53:27 +02:00
Roeland Jago Douma
1d33a5ef13
Move \OC\AppFramework to PSR-4
...
* Also moved the autoloader setup a bit up since we need it in initpaths
2016-04-22 15:28:09 +02:00
Lukas Reschke
afad27fafd
Merge pull request #24075 from owncloud/no-html-on-cli
...
In case of fatal php errors and other unhandled exceptions no html er…
2016-04-20 13:50:43 +02:00
Thomas Müller
1773dcbef2
Merge pull request #23973 from owncloud/share_move_post_delete_from_group_hook
...
Move post_removeFromGroup to shareManager
2016-04-19 06:59:58 +02:00
Thomas Müller
c609abf075
In case of fatal php errors and other unhandled exceptions no html error page is expected to be displayed in the console
2016-04-18 22:30:01 +02:00
Lukas Reschke
8222ad5157
Move logout to controller
...
Testable code. Yay.
2016-04-18 21:21:52 +02:00
Thomas Müller
739dfb5c66
Suggest cli based updater in case the instance is bigger - #23913
2016-04-18 17:09:21 +02:00
Lukas Reschke
17dfffefb3
Keep used username in URL
...
This is required until the new controller can also handle POST requests
2016-04-15 19:33:25 +02:00
Lukas Reschke
331e4efacb
Move login form into controller
...
First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is.
2016-04-15 17:36:23 +02:00
Thomas Müller
dc061bae42
Kill movable 3rdparty
2016-04-14 17:59:49 +02:00
Roeland Jago Douma
6144ced7a0
Move post_removeFromGroup to shareManager
...
The last sharing hook to be moved over.
* Added unit tests
* Removed old tests that relied on old behaviour
* Removed old hooks.php
2016-04-13 15:00:12 +02:00
Roeland Douma
495a964ca2
Migrate post_groupDelete hook to share manager ( #23841 )
...
The hook now calls the share manager that will call the responsible
shareProvider to do the proper cleanup.
* Unit tests added
Again nothing should change it is just to cleanup old code
2016-04-12 09:46:25 +02:00
Joas Schilling
8e16e7bf34
Merge pull request #23856 from owncloud/share_remove_addtogroup_hooks
...
Remove pre/post_addToGroup hooks for shares
2016-04-11 15:05:20 +02:00
Roeland Jago Douma
3fae4c82d2
Remove pre/post_addToGroup hooks for shares
...
There is no need to perform the checks for unique targets on add to
group as we have to do this all when mounting the shares anyway.
2016-04-08 11:56:38 +02:00
Stefan Weil
b1a856d7b7
lib: Fix typos (found by codespell)
...
Signed-off-by: Stefan Weil <sw@weilnetz.de>
2016-04-07 19:51:27 +02:00
Joas Schilling
0de15a86f0
Merge pull request #23773 from owncloud/share_move_delete_user_hook
...
Migrate post_userDelete hook to share manager
2016-04-07 13:01:10 +02:00
Roeland Jago Douma
e0cee43cf0
Migrate post_userDelete hook to share manager
...
This makes the post_userDelete hook call the sharemanager. This will
cleanup to and from this user.
* All shares owned by this user
* All shares with this user (user)
* All custom group shares
* All link share initiated by this user (to avoid invisible link shares)
Unit tests are added for the defaultshare provider as well as the
federated share provider
2016-04-04 14:15:38 +02:00
Thomas Müller
1bf4c75e8b
Show individual sql schema migration steps during upgrade - on web as well as on the command line
2016-04-04 12:34:18 +02:00
Bjoern Schiessle
93ed965cbb
fix creation of versions of encrypted files on external storages
...
in order to create a 1:1 copy of a file if a version gets created
we need to store this information on copyBetweenStorage(). This
allows us to by-pass the encryption wrapper if we read the source file.
2016-03-31 19:24:47 +02:00
Thomas Müller
61c5717281
Merge pull request #23463 from owncloud/lets-consistently-use-no-referer
...
Consistently use rel=noreferrer
2016-03-23 09:14:54 +01:00
Lukas Reschke
6ad957906e
Consistently use rel=noreferrer
...
When linking to external entities we should consistently use rel=noreferrer
2016-03-20 15:27:20 +01:00
Lukas Reschke
24abe1e1e1
Use raw PATH_INFO
...
PATH_INFO will be empty at this point and thus the logic in base.php did not catch this. Changing this to "getRawPathInfo" will ensure that the path info is properly read.
Fixes https://github.com/owncloud/core/issues/23199
2016-03-17 17:32:38 +01:00
Morris Jobke
0864851001
Replace unneded OC::needUpgrade with OCP method
2016-03-14 10:10:29 +01:00
Thomas Müller
51072f742e
Merge pull request #21582 from owncloud/core_composer
...
Composers PSR-4 autoloader in core
2016-03-10 12:06:44 +01:00
Roeland Jago Douma
f7729cdc40
Add composers default autoloader to core
...
This introduces the defacto standard PSR-4 autoloader from composer into
core. This will allow proper PSR-4 naming of our classes.
Since our original autoloader is still available we can slowly switch
over classes to PSR-4.
2016-03-09 16:53:27 +01:00
Vincent Petry
12b2192038
Do not set response status in CLI in case of error
2016-03-09 15:40:34 +01:00
Arthur Schiwon
adf5d111f6
don't hide server not available exception, fixes #20536
2016-03-03 01:15:41 +01:00
Lukas Reschke
933f60e314
Update author information
...
Probably nice for the people that contributed to 9.0 to see themselves in the AUTHORS file :)
2016-03-01 17:25:15 +01:00
Vincent Petry
1dbe240b0e
Disable app that bricks the server after enabling
...
If an app is getting enabled in the web UI, an ajax call is now made to
make sure the server still works. If it doesn't, it sends an emergency
app disabling call to disable the breaking app.
2016-02-29 12:07:37 +01:00
Joachim Bauch
0173063923
Pass checked host as "domain" variable to "untrustedDomain" template.
...
Currently the "SERVER_NAME" is passed to the template, which in some cases doesn't match the host returned by "getInsecureServerHost" (or is empty).
2016-02-15 17:02:14 +01:00
Thomas Müller
b01d50216e
The local address book is replaced now by the system addressbook as part of the dav app
2016-02-02 10:56:33 +01:00
Lukas Reschke
f32827e903
Ignore GD JPEG warnings
...
Fixes https://github.com/owncloud/core/issues/21873
2016-01-27 13:59:15 +01:00
Morris Jobke
06fe4cabfc
move setup controller to core/controller
2016-01-20 10:23:57 +01:00
Thomas Müller
682821c71e
Happy new year!
2016-01-12 15:02:18 +01:00
Roeland Jago Douma
876fb83ddc
getMediumStrengthGenerator is deprecated and does not do anything anymore
2016-01-11 20:06:30 +01:00
Roeland Jago Douma
1a592e5745
Only '/tests' to be autoloaded when running unit tests
2016-01-10 21:36:14 +01:00
Roeland Jago Douma
fce8c42240
OC autoloader is not allowed to load 3rdparty
2016-01-10 21:32:52 +01:00
Lukas Reschke
74876fa6e7
Remove code related to session regeneration after some time
...
I do not really consider this necessary or a real security addition. Let's get rid of it thus, cleans up the code and makes the logic easier.
2016-01-10 11:01:30 +01:00
Lukas Reschke
a58ca89e7f
Use ISession::clear
...
The native approach using the PHP calls will not work properly with the cryptowrapper and thus this code is effectively doing nothing at the moment.
2016-01-10 10:39:22 +01:00
Lukas Reschke
0e561afe79
Check if app does exists
2016-01-07 21:29:45 +01:00
Lukas Reschke
fec41e7539
Move regeneration of session ID into session classes
...
There were code paths that nowadays call ISession::login directly thus bypassing the desired regeneration of the session ID. This moves the session regeneration deeper into the session handling and thus ensures that it is always called. Furthermore, I also added the session regeneration to the remember me cookie plus added some test case expectations for this.
2016-01-04 15:09:01 +01:00
Morris Jobke
6f00729124
Refactor OC_Util::callCheck
2015-12-22 09:32:14 +01:00
Morris Jobke
ed98cdf532
Use OCP\Util::getVersion instead of the internal private implementation
2015-12-18 15:26:54 +01:00
Roeland Jago Douma
6fb60815c5
Use SystemConfig internally
2015-12-18 11:53:41 +01:00