This avoids hitting the backend with multiple requests for the same
token. And will help avoid quick LDAP lockouts.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Instead of one big monolitic sections this is the first step in breaking
down the settings. This should make is easiet to see what does what. As
well as nicely splitting up the sections.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* includes making ICheck not requiring any context setter
* and IFileCheck extending the IEntityCheck as entity data can be handed in
via Dispatcher
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Some user backends (like the database backend) allow us to obtain a user
case insensitive. However the UID itself is case sensitive.
Example:
* create a user User1
* login as User1
- This results the data/User1 folder to be created etc
* now have some code somewhere that obtains the userFolder (from
IRootFolder) but pas in 'uSER1' as uid
- The code will check if that is a valid user. And in this case it is
since User1 and uSER1 both map to the same user
- However the the UID in the user object is used for the folder a new
folder fill be create data/uSER1
With this PR this is avoided now. Since we obtain the real UID casing in
the backend before creating the user object.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This adds the events and the classes to modify the feature policy.
It also adds a default restricted feature policy.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
There is no need to log the expcetion of most of the stuff here.
We should properly log them but an exception is excessive.
This moves it to a proper exception which we can catch and then log.
The other exceptions will still be fully logged.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
With upcoming work for the feature policy header. Splitting this in
smaller classes that just do 1 thing makes sense.
I rather have a few small classes that are tiny and do 1 thing right
(and we all understand what is going on) than have big ones.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
fixing issue in addSubTag()
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
fix const
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
autoload
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
Revert "fixing issue in addSubTag()"
This reverts commit a9ab2ab91b98133c69272f27ea1b51594719e241.
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
syntax
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
The main use case here is storage provided versioning where we dont have
separate file ids for all the versions, by allowing a prefix for the
version we can store separate previews for all the versions.
Additionally, by keeping all the version previews in the same folder as the
"normal" previews they will be cleaned up properly when the file is deleted
Signed-off-by: Robin Appelman <robin@icewind.nl>
This introduces and event that can be listend to when we actually use
the CSP. This means that apps no longer have to always inject their CSP
but only do so when it is required. Yay for being lazy.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
the main difference is passing the `File` object to the provider
instead of a `View` + path
Old providers will still continue to work as before
Signed-off-by: Robin Appelman <robin@icewind.nl>
To have a faster autoloading. We should get rid of those of course. But
for now I do not see it happening any time soon.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Fixes#15675
This makes loading of the actual L10N lazy. So we only detect and load
the actual translations when they are used. Instead of trying to load
them all the time just because an app is enabled.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This allows a user to mark a token for remote wipe.
Clients that support this can then wipe the device properly.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Once 2FA is enforced for a user and they have no 2FA setup yet this will
now prompt them with a setup screen. Given that providers are enabled
that allow setup then.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
This adds the new login flow. The desktop client will open up a browser
and poll a returned endpoint at regular intervals to check if the flow
is done.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Before https://github.com/nextcloud/server/pull/13843 a "photo." file could be created
for unsupported image formats by photocache. Because a file is present but not jpg, png or gif no
photo could be returned for this vcard. These invalid files are removed by this repair step.
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
this provides a reliable way for apps to listen to new files
without the need to of cache wrappers to hook into inserts themselves
(something which isn't 100% reliable)
Signed-off-by: Robin Appelman <robin@icewind.nl>
Fixes#12568
Since the clearing of the execution context causes another reload. We
should not do the redirect_uri handling as this results in redirecting
back to the logout page on login.
This adds a simple middleware that will just check if the
ClearExecutionContext session variable is set. If that is the case it
will just redirect back to the login page.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This can be used by pages that do not have the full Nextcloud UI.
So notifications etc do not load there.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Fixes#13662
This will fire of an event after a Template Response has been returned.
There is an event for the generic loading and one when logged in. So
apps can chose to load only on loged in pages.
This is a more generic approach than the files app event. As some things
we might want to load on other pages as well besides the files app.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This way code using the DB mappers can have try catch blocks on this
type of exceptions if they do not care if there was non or to many.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
-@return mixed
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
Merge remote-tracking branch 'origin/interfaces-fulltextsearch-2' into interfaces-fulltextsearch-2
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
Merge remote-tracking branch 'origin/interface-dashboard' into interface-dashboard
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
moving data object to OCP
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
update autoload files
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
+@since
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
Now that we allow enforcing 2 factor auth it make sense if we also allow
and endpoint where the clients can in the background fetch an
apppassword if they were configured before the login flow was present.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This protects our cookies a bit more. It makes sure that when a 3rdparty
websites embededs a public alendar for example. That all the users see
this in anonymous mode there.
It adds a small helper function.
In the future we can think about protecting other cookies like this as
well. But for now this is sufficient to not have the user logged in at
all when doing 3rdparty requests.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Daniel Kesselberg
Julius Härtl
Roeland Jago Douma
Christoph Wurst
Roeland Jago Douma
Arthur Schiwon
John Molakvoæ
Joas Schilling
Georg Ehrke
Morris Jobke
Maxence Lange
Robin Appelman
Xheni Myrtaj
Michael Weimann
John Molakvoæ (skjnldsv)
Michael Gerber
Bjoern Schiessle
Christoph Wurst
Patrik Kernstock
Jakob Sack