Commit Graph

140 Commits

Author SHA1 Message Date
Robin Appelman 8ed50d4b63
prefill userid for login after password reset
Signed-off-by: Robin Appelman <robin@icewind.nl>
2018-06-21 15:18:07 +02:00
Roeland Jago Douma 362e6b2903
Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-14 13:30:22 +02:00
Roeland Jago Douma 2b7d4d5069
Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-04-06 19:58:37 +02:00
Roeland Jago Douma 796b4f19f8
Add Cache-control: immutable
Cache generated CSS forever!
Also cache combined JS forever
Fix tests

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-03-19 14:21:53 +01:00
Christoph Wurst b9720703e8 Add CSRF token controller to retrieve the current CSRF token
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-03-08 16:48:50 +01:00
Julius Härtl 16ac8eaac9
Fix tests
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-03-07 09:17:18 +01:00
Julius Härtl 11b6cc3f68
Replace logout href to avoid new etag on every request
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-03-06 09:51:28 +01:00
Julius Härtl 723b8764d1
Add ETag to NavigationController
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-03-05 12:19:20 +01:00
Roeland Jago Douma cf83eb5e77
Merge pull request #8336 from nextcloud/cleanup-unused-parameter
Cleanup unused parameter
2018-02-20 10:16:59 +01:00
Morris Jobke bcf1668cc8
Remove config from AutoCompleteController
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-02-13 21:40:30 +01:00
Julius Härtl 5a23b35ddb
Also rewrite icon url
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-12 21:20:21 +01:00
Julius Härtl 922cf44c81
Move to OCS endpoint
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-12 17:22:33 +01:00
Julius Härtl 8ecac56543
Allow requesting absolute URLs
They might be useful when requesting the navigation from the clients

Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-12 17:22:32 +01:00
Julius Härtl 6211d18dc1
Add tests for NavigationController
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-12 17:22:32 +01:00
Morris Jobke 4ef302c0be
Request->getHeader() should always return a string
PHPDoc (of the public API) says that this method returns string but it also returns null, which is not allowed in some method calls. This fixes that behaviour and returns an empty string and fixes all code paths that explicitly checked for null to be still compliant.

Found while enabling the strict_typing for lib/private for the PHP7+ migration.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-17 09:51:31 +01:00
Roeland Jago Douma b1d8084700
Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-15 21:43:11 +01:00
Joas Schilling 7789fbdea6
Add unit test
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-01-15 00:50:52 +01:00
Roeland Jago Douma 8d1dd1945f
Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-13 13:58:06 +01:00
Julius Härtl f5f6ed664d
Hide stay logged in checkbox when flow authentication is used
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-12-28 11:15:26 +01:00
Roeland Jago Douma c1fcd6fc98
Merge pull request #7324 from nextcloud/no-sorters-no-instances
don't create sorter instances when none was requested
2017-12-11 15:27:44 +01:00
Morris Jobke ed7beb929e
Merge pull request #6876 from nextcloud/always_img_avatar
Always generate avatar
2017-12-08 23:58:17 +01:00
Bjoern Schiessle 555fe7047f
fix tests
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-12-08 13:29:33 +01:00
Roeland Jago Douma 8e8fe6b8eb
Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-11-29 14:23:15 +01:00
Arthur Schiwon 96bc03a03a
don't create sorter instances when none was requested
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-11-28 13:30:51 +01:00
Mario Danic c2cd5fc5d3 Fix flow
Signed-off-by: Mario Danic <mario@lovelyhq.com>
2017-11-09 00:29:34 +01:00
Julius Härtl cd1bfea8c4
Theming: theme flow redirection page
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-11-08 14:56:32 +01:00
Arthur Schiwon e2805f02aa
Merge branch 'master' into autocomplete-gui 2017-11-01 15:37:29 +01:00
Arthur Schiwon 25aad121e6
meanwhile we can have exact matches. also show those.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-10-31 14:58:48 +01:00
Arthur Schiwon fa2f03979b
add search parameter to autocomplete controller
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-10-25 17:26:50 +02:00
Morris Jobke 43e498844e
Use ::class in test mocks
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-10-24 17:45:32 +02:00
Arthur Schiwon fd6daf8d19
AutoCompletion backend
* introduce a Controller for requests
* introduce result sorting mechanism
* extend Comments to retrieve commentors (actors) in a tree
* add commenters sorter
* add share recipients sorter

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-10-22 14:13:32 +02:00
Joas Schilling 3119fd41ce
Set the data from the template
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-10-18 15:12:03 +02:00
Morris Jobke 444779ce96
Fix tests
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-09-06 16:38:24 +02:00
Morris Jobke 0326c2c54f
Fix broken tests
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-09-04 14:17:03 +02:00
Joas Schilling 0aff1c9268
Return the user id in case of an error
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-29 11:10:30 +02:00
Morris Jobke 0b652648cc Merge pull request #6177 from nextcloud/properly-add-slo-url
Properly allow \OCP\Authentication\IApacheBackend to specify logout URL
2017-08-26 18:50:52 +02:00
Joas Schilling d5c6d56170
No password reset for disabled users
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-18 13:21:53 +02:00
Lukas Reschke a04feff9a7
Properly allow \OCP\Authentication\IApacheBackend to specify logout URL
Any `\OCP\Authentication\IApacheBackend` previously had to implement `getLogoutAttribute` which returns a string.
This string is directly injected into the logout `<a>` tag, so returning something like `href="foo"` would result
in `<a href="foo">`.

This is rather error prone and also in Nextcloud 12 broken as the logout entry has been moved with
054e161eb5 inside the navigation manager where one cannot simply inject attributes.

Thus this feature is broken in Nextcloud 12 which effectively leads to the bug described at nextcloud/user_saml#112,
people cannot logout anymore when using SAML using SLO. Basically in case of SAML you have a SLO url which redirects
you to the IdP and properly logs you out there as well.

Instead of monkey patching the Navigation manager I decided to instead change `\OCP\Authentication\IApacheBackend` to
use `\OCP\Authentication\IApacheBackend::getLogoutUrl` instead where it can return a string with the appropriate logout
URL. Since this functionality is only prominently used in the SAML plugin. Any custom app would need a small change but
I'm not aware of any and there's simply no way to fix this properly otherwise.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-18 12:22:44 +02:00
Roeland Jago Douma ba7cf03daf
Fix LostControllerTest
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-09 15:51:13 +02:00
Roeland Jago Douma 3bd104ef7c
Fix LoginController
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-09 15:12:02 +02:00
Morris Jobke 84c22fdeef Merge pull request #5907 from nextcloud/add-metadata-to-throttle-call
Add metadata to \OCP\AppFramework\Http\Response::throttle
2017-08-01 14:43:47 +02:00
Roeland Jago Douma 2fae696d35
Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-01 08:20:17 +02:00
Lukas Reschke c25e782dd6
Fix settings/Controller/
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-01 08:20:15 +02:00
Lukas Reschke f22ab3e665
Add metadata to \OCP\AppFramework\Http\Response::throttle
Fixes https://github.com/nextcloud/server/issues/5891

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-27 14:17:45 +02:00
Julius Härtl 01093604d3
Add tests for public capabilties
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-06-30 11:21:15 +02:00
Lukas Reschke 2f87fb6b45
Add Clear-Site-Data header
This adds a Clear-Site-Data header to the logout response which will delete all relevant data in the caches which may contain potentially sensitive content.

See https://w3c.github.io/webappsec-clear-site-data/#header for the definition of the types.

Ref https://twitter.com/mikewest/status/877149667909406723

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-06-20 19:46:10 +02:00
Lukas Reschke 26ee889fec
Add tests for ClientFlowLoginController
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 20:49:08 +02:00
Joas Schilling 0828df5ed4
Disable the API endpoints as well
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-05-11 17:03:57 +02:00
Joas Schilling d418ea550b
Automatic injection for CssController
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-05-10 09:42:40 +02:00
Joas Schilling 9c8fe82000
Automatic injection for JsController
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-05-10 09:42:15 +02:00