mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
43,667 Commits 349 Branches 696 Tags 1.6 GiB
Commit Graph

119 Commits

Author SHA1 Message Date
Roeland Jago Douma 177c8972cc
Improve login flow 
* Add page explaining you are about to grant access
* Show grant access page after login

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-04-08 13:42:36 +02:00
Joas Schilling dabd7291c3
Make the new autocomplete endpoint OCS 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2018-03-21 09:46:52 +01:00
Roeland Jago Douma 7674e591bd
Move search to proper Controller 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-03-09 14:36:48 +01:00
Christoph Wurst b9720703e8 Add CSRF token controller to retrieve the current CSRF token 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2018-03-08 16:48:50 +01:00
John Molakvoæ (skjnldsv) fb890807c0
Sharing: redirect to download after authentification if requested 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2018-02-28 17:05:55 +01:00
Julius Härtl 922cf44c81
Move to OCS endpoint 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2018-02-12 17:22:33 +01:00
Julius Härtl 96480af159
Add navigation endpoint 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2018-02-12 17:22:32 +01:00
Roeland Jago Douma 0224c61530
Add preview endpoint for the fileid 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-01-24 11:24:18 +01:00
Morris Jobke 31c5c2a592
Change @georgehrke's email 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-11-06 20:38:59 +01:00
Morris Jobke 0eebff152a
Update license headers 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-11-06 16:56:19 +01:00
Roeland Jago Douma 6ce095b166
Add 204 endpoint 
Fixes #6967

This allows clients to check for Walled Garden connections.
The endpoint just responds with a 204 (which is very unlikely with such
a connection)

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-11-02 10:30:16 +01:00
Arthur Schiwon fd6daf8d19
AutoCompletion backend 
* introduce a Controller for requests
* introduce result sorting mechanism
* extend Comments to retrieve commentors (actors) in a tree
* add commenters sorter
* add share recipients sorter

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2017-10-22 14:13:32 +02:00
Roeland Jago Douma 7d8c5f73f5
Add direct preview link to single shared image files 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-09-25 16:18:50 +02:00
Lukas Reschke d8ec399454
Run phan over code base 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-07-19 10:28:11 +02:00
Georg Ehrke 60f9ed6241
add contactsmenu popover 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-04-26 09:26:53 +02:00
Jan-Christoph Borchardt 241e397326 Merge branch 'master' into contactsmenu 
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
 2017-04-26 00:50:38 +02:00
Christoph Wurst 945420baaf Use HTTP POST to retrieve the list of contacts 
We do not want to have sensitive information in the URL and
therefore also not in the access log. Thus the GET request is
replaced by a POST request.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2017-04-25 20:47:18 +02:00
Christoph Wurst d091793ceb Contacts menu 
* load list of contacts from the server
* show last message of each contact

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2017-04-25 20:47:17 +02:00
Lukas Reschke 6a16df7288
Add new auth flow 
This implements the basics for the new app-password based authentication flow for our clients.
The current implementation tries to keep it as simple as possible and works the following way:

1. Unauthenticated client opens `/index.php/login/flow`
2. User will be asked whether they want to grant access to the client
3. If accepted the user has the chance to do so using existing App Token or automatically generate an app password.

If the user chooses to use an existing app token then that one will simply be redirected to the `nc://` protocol handler.
While we can improve on that in the future, I think keeping this smaller at the moment has its advantages. Also, in the
near future we have to think about an automatic migration endpoint so there's that anyways :-)

If the user chooses to use the regular login the following happens:

1. A session state token is written to the session
2. User is redirected to the login page
3. If successfully authenticated they will be redirected to a page redirecting to the POST controller
4. The POST controller will check if the CSRF token as well as the state token is correct, if yes the user will be redirected to the `nc://` protocol handler.

This approach is quite simple but also allows to be extended in the future. One could for example allow external websites to consume this authentication endpoint as well.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-04-25 20:18:49 +02:00
Robin Appelman dc5ba95469 Merge pull request #4027 from nextcloud/better-spreed-call-urls 
Better spreed call urls
 2017-03-27 16:21:24 +02:00
Joas Schilling 4174d75f86
Throw a nice HintException when the apps are missing 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-03-24 15:02:49 +01:00
Joas Schilling bc11c7ba97
Allow to use short URLs for calls 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-03-24 11:52:42 +01:00
Roeland Jago Douma 8e89ad21a2
[PoC] JS Combiner 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-03-24 10:58:10 +01:00
Bjoern Schiessle 5086335643
unify endpoints form core and the the provisioning api 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2017-01-25 11:20:35 +01:00
John Molakvoæ (skjnldsv) 6380d503af
Css cache folder name fix, route fix and various fixes 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2017-01-06 09:42:13 +01:00
John Molakvoæ (skjnldsv) 1caaa7f4cd
Appdata integration 2 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2017-01-06 09:42:13 +01:00
Lukas Reschke 6f4cb12be2
Add identity proof 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-11-21 11:30:00 +01:00
Joas Schilling d75e35b75e
Introduce the UI for password confirmation 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2016-11-18 11:57:16 +01:00
Roeland Jago Douma 1baa2b8deb
Move OC\OCS\Person to OCSController 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-11-16 19:21:00 +01:00
Roeland Jago Douma 02525fd98b
Move preview endpoint to controller 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-11-03 14:00:33 +01:00
Roeland Jago Douma 743132650a
Move to AppData 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-11-03 14:00:32 +01:00
Roeland Jago Douma 958c1289b1
New preview generator 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-11-03 14:00:32 +01:00
Roeland Jago Douma d5589a15d5
Move oc.js to a proper class 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-10-25 22:03:02 +02:00
Joas Schilling 0b1fb180a5
Make AppConfig part of the public API 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2016-10-21 09:09:23 +02:00
Joas Schilling a1e4b17ff4
Remove unused endpoint 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2016-09-30 10:21:08 +02:00
Roeland Jago Douma 68ea287ed7
Remove the core tag routes since they are broken 
Private internal stuff that nobody *should* be using anyways.
But on top of that already broken for a long time. So nobody could be
using it even.
 2016-08-26 15:00:18 +02:00
Lukas Reschke e0ae67545e Merge pull request #956 from nextcloud/fix_952 
When using permalinks don't error out if file id can't be found
 2016-08-23 00:58:25 +02:00
Morris Jobke 3ccd69707e Merge pull request #865 from nextcloud/ocs_config 
Move OCS route /config to proper controller
 2016-08-19 09:39:05 +02:00
Roeland Jago Douma 54f79a28f6
When using permalinks don't error out if file id can't be found 
Fixes #952

* Use only the index route (since it went to showFile anyways)
* Fix tests
* Use getUserFolder to force init of users mounts
 2016-08-19 08:15:30 +02:00
Roeland Jago Douma 532c0dd8ce
Kill ajax/share.php 
Using this file will insert invalid shares.
OCS has to be used exclusively!
 2016-08-18 20:56:02 +02:00
Roeland Jago Douma 6bc1c6590c
Move /config over to Core OCSController 2016-08-18 09:37:09 +02:00
Roeland Jago Douma 69da896785
Move /cloud/user to Core app 2016-08-09 20:56:31 +02:00
Roeland Jago Douma 02449c8336
Move getCapabilities over to Core 2016-08-09 20:56:31 +02:00
Joas Schilling ba87db3fcc
Fix others 2016-07-21 18:13:57 +02:00
Morris Jobke 2791b8f00d Revert "occ web executor (#24957)" 
This reverts commit 854352d9a0.
 2016-07-07 12:14:45 +02:00
VicDeo 854352d9a0 occ web executor (#24957) 
* Initial web executor

* Fix PHPDoc

Fix broken integration test

OccControllerTests do not require database access - moch them all!

Kill unused sprintf
 2016-06-22 13:12:36 +02:00
Lukas Reschke aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Christoph Wurst dfb4d426c2
Add two factor auth to core 2016-05-23 11:21:10 +02:00
Christoph Wurst 53636c73d6
Add controller to generate client tokens 2016-05-11 13:36:46 +02:00
Christoph Wurst d8cde414bd
token based auth 
* Add InvalidTokenException
* add DefaultTokenMapper and use it to check if a auth token exists
* create new token for the browser session if none exists
hash stored token; save user agent
* encrypt login password when creating the token
 2016-05-11 13:36:46 +02:00