Commit Graph

13846 Commits

Author SHA1 Message Date
Christoph Wurst 2c2e1f7988 Use absolute URI for action icons
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-04-25 20:47:17 +02:00
Christoph Wurst b8c2a8ae36 Don't show contacts an entry for themselves
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-04-25 20:47:17 +02:00
Christoph Wurst 36cee1f386 Let apps register contact menu provider via info.xml
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-04-25 20:47:17 +02:00
Christoph Wurst e3efc4979b Show mail address in popover menu
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-04-25 20:47:17 +02:00
Christoph Wurst d091793ceb Contacts menu
* load list of contacts from the server
* show last message of each contact

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-04-25 20:47:17 +02:00
Lukas Reschke 6a16df7288
Add new auth flow
This implements the basics for the new app-password based authentication flow for our clients.
The current implementation tries to keep it as simple as possible and works the following way:

1. Unauthenticated client opens `/index.php/login/flow`
2. User will be asked whether they want to grant access to the client
3. If accepted the user has the chance to do so using existing App Token or automatically generate an app password.

If the user chooses to use an existing app token then that one will simply be redirected to the `nc://` protocol handler.
While we can improve on that in the future, I think keeping this smaller at the moment has its advantages. Also, in the
near future we have to think about an automatic migration endpoint so there's that anyways :-)

If the user chooses to use the regular login the following happens:

1. A session state token is written to the session
2. User is redirected to the login page
3. If successfully authenticated they will be redirected to a page redirecting to the POST controller
4. The POST controller will check if the CSRF token as well as the state token is correct, if yes the user will be redirected to the `nc://` protocol handler.

This approach is quite simple but also allows to be extended in the future. One could for example allow external websites to consume this authentication endpoint as well.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-25 20:18:49 +02:00
Stefan Weil c9e08a6445 Add repair steps for new image mime types
Signed-off-by: Stefan Weil <sw@weilnetz.de>
2017-04-25 18:56:23 +02:00
Noveen Sachdeva 1b1f403a5d
Add duration of last job execution to the table 2017-04-25 17:39:58 +02:00
Julius Härtl 7548825743
Responsive app menu
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-04-25 17:31:24 +02:00
Joas Schilling ac0c21f4a7
Trigger change when a user is enabled/disabled
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-25 17:20:35 +02:00
Victor Dubiniuk 131df248ef
Catch session already closed exception in destructor 2017-04-25 16:28:52 +02:00
Morris Jobke 5a9224fb4c Merge pull request #3531 from nextcloud/theming-scss
Theming using SCSS variables
2017-04-25 10:56:13 -03:00
Joas Schilling f1ffb728b9
Allow meta info and icons
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-25 14:31:21 +02:00
Roeland Jago Douma 82c9eb1c56 Merge pull request #4462 from danxuliu/fix-sharing-password-protected-link
Fix sharing a password protected link
2017-04-25 14:12:44 +02:00
Julius Härtl 1c54463853
Use theming cachebuster for server resources
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-04-25 11:39:49 +02:00
Julius Haertl 68a63ad3f3
Implement scss variable injection by OC_Defaults
Signed-off-by: Julius Haertl <jus@bitgrid.net>

Add Scss variables to example theme and theming app

Signed-off-by: Julius Haertl <jus@bitgrid.net>

Use SCSSCacher to build theming css

Signed-off-by: Julius Härtl <jus@bitgrid.net>

Update theming.scss

Signed-off-by: Julius Härtl <jus@bitgrid.net>

Code cleanup

Signed-off-by: Julius Härtl <jus@bitgrid.net>

Fix tests

Signed-off-by: Julius Härtl <jus@bitgrid.net>

Inject SCSSCacher for easier testing

Signed-off-by: Julius Härtl <jus@bitgrid.net>

Fix typehint

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>

Generate absolute URLs

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>

Fix tests to always use absolute urls for theming images

Signed-off-by: Julius Härtl <jus@bitgrid.net>

MailheaderColor -> ColorPrimary

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-25 11:39:45 +02:00
Joas Schilling 35414884d3
Add lists to HTML emails
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-24 13:48:27 +02:00
Daniel Calviño Sánchez faea890b87 Extract updateSharePasswordIfNeeded function
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-04-24 13:38:36 +02:00
Daniel Calviño Sánchez 51e658da2a Join if block to preceding if chain
If getShareType() returns "email" it can not also return "user", "group"
nor "link", so the if block can be added to the preceding if chain.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-04-24 13:17:46 +02:00
Joas Schilling 3d671cc536 Merge pull request #4443 from nextcloud/cleanup-unused-imports
Remove unused use statements
2017-04-24 11:47:37 +02:00
Daniel Calviño Sánchez dcc8cce28b Fix double hashing of shared link passwords
The plain text password for a shared links was hashed and, then, the
hashed password was hashed again and set as the final password. Due to
this the password introduced in the "Authenticate" page for the shared
link was always a wrong password, and thus the file could not be
accessed.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-04-24 11:33:07 +02:00
Roeland Jago Douma 1c2cdc9d3a Merge pull request #4444 from nextcloud/remove-unused-variables
Remove unused variables
2017-04-24 08:09:01 +02:00
Nextcloud bot a01f946c56
[tx-robot] updated from transifex 2017-04-24 00:07:28 +00:00
Morris Jobke c54a59d51e
Remove unused use statements
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-22 19:23:31 -05:00
Nextcloud bot 11c7953888
[tx-robot] updated from transifex 2017-04-23 00:07:31 +00:00
Morris Jobke 2b6f6dac00
Remove unused variables
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-22 18:20:51 -05:00
Nextcloud bot 363d1c69dd
[tx-robot] updated from transifex 2017-04-22 00:07:36 +00:00
Roeland Jago Douma 867b3ee234 Merge pull request #4396 from nextcloud/scan-non-existing
show error when trying to scan non existing path
2017-04-21 19:47:33 +02:00
Roeland Jago Douma d46b155916 Merge pull request #4428 from nextcloud/file-by-id-limit-user
limit the user when searching for a file by id if we know the user already
2017-04-21 19:43:53 +02:00
Robin Appelman 6fbe991afb
limit the user when searching for a file by id if we know the user already
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-04-21 17:11:26 +02:00
Roeland Jago Douma e9b00f84b8 Merge pull request #4406 from nextcloud/fix-unit-test-problems
Fix unit test problems
2017-04-21 09:35:01 +02:00
Nextcloud bot fb7663cefe
[tx-robot] updated from transifex 2017-04-21 00:07:37 +00:00
Bjoern Schiessle 972b4c04e2
respect password policy for auto generated passwords
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-04-20 16:33:26 +02:00
Bjoern Schiessle d8dcd72118
allow admin to enforce password on mail shares
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-04-20 16:33:26 +02:00
Robin Appelman a0e5107c0b
check for existence before we start the db transaction
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-04-20 13:25:49 +02:00
Joas Schilling 8c703c954d
Fix theming tests
Trying to configure method "shouldReplaceIcons" which cannot be configured
because it does not exist, has not been specified, is final, or is static

Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-20 13:10:34 +02:00
Joas Schilling 9871e4eaee
Kill dead code
> No tests found in class "Test\Share\MailNotificationsTest".

Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-20 12:43:19 +02:00
Joas Schilling 140580f9d8 Merge pull request #4398 from nextcloud/fix_accesslistcode
Get proper accesslist for userFolder
2017-04-20 11:03:22 +02:00
Roeland Jago Douma ae2db5e60d
Get proper accesslist for userFolder
If the accesslist is requested for a users root folder we should
properly construct the path

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-20 10:28:32 +02:00
Joas Schilling 799b229a68 Merge pull request #4381 from nextcloud/2954_take_2
Fix group settings routes and fix route regression
2017-04-20 10:25:16 +02:00
Nextcloud bot adf316c3af
[tx-robot] updated from transifex 2017-04-20 00:07:36 +00:00
Morris Jobke fbedea0807
Add PHPDoc and handle exception in ScanAppData as well
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-19 17:04:16 -05:00
Morris Jobke 16c4755e03
Rename renderHTML to renderHtml
* fixes #4383
* improves consistency

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-19 15:46:41 -05:00
Robin Appelman ce2dba0796
show error when trying to scan non existing path
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-04-19 14:36:38 +02:00
Lukas Reschke a3569a1452 Merge pull request #4382 from nextcloud/use-proper-reply-to
Add "Reply-To" on ShareByMailProvider mails
2017-04-19 12:04:18 +02:00
Morris Jobke f1ddb939a0 Merge pull request #4371 from nextcloud/dont-allow-dot-usernames
Better validation of allowed user names
2017-04-18 20:04:32 -05:00
Nextcloud bot febe01f571
[tx-robot] updated from transifex 2017-04-19 00:07:40 +00:00
Nextcloud bot 6b490f45fd
[tx-robot] updated from transifex 2017-04-18 23:08:43 +00:00
Morris Jobke 269600a04f Merge pull request #4369 from nextcloud/fix-translations
Fix translations
2017-04-18 18:01:50 -05:00
Joas Schilling 1c0bffe87f
Fix translations
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-18 16:40:53 -05:00
Morris Jobke 47fe5e8f41 Merge pull request #4380 from nextcloud/show-instance-name-in-from
Add instance name to default sender
2017-04-18 16:22:56 -05:00
Lukas Reschke 203ef88509
Add "Reply-To" on ShareByMailProvider mails
Fixes https://github.com/nextcloud/server/issues/4209

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-18 22:23:07 +02:00
Roeland Jago Douma d12ec7cff1
Revert "Match slashes in ../{id} resource routes"
This reverts commit 31f9be7a75.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-18 21:50:36 +02:00
Lukas Reschke bae64e810e
Add instance name to default sender
Otherwise your mail program shows "foo@mail.com" instead of "Nextcloud" or whatever your instance name is.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-18 21:44:37 +02:00
Joas Schilling a5b4308a51
Don't put the SMTP password into the HTML code
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-18 15:44:20 +02:00
Joas Schilling a3922bbcdc
Better validation of allowed user names
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-18 14:29:34 +02:00
Nextcloud bot b072d2c49d
[tx-robot] updated from transifex 2017-04-18 00:07:25 +00:00
Nextcloud bot df2235c71f
[tx-robot] updated from transifex 2017-04-17 00:07:33 +00:00
Nextcloud bot 69e0e2420c
[tx-robot] updated from transifex 2017-04-16 00:07:23 +00:00
Morris Jobke 10290eb006 Merge pull request #2834 from nextcloud/accesListToShareManager
Access list to share manager
2017-04-15 13:06:24 -05:00
Nextcloud bot dafa9c740a
[tx-robot] updated from transifex 2017-04-15 00:07:36 +00:00
Roeland Jago Douma f40b9fa9bd Merge pull request #4330 from nextcloud/activities-for-password-mail-change
Add activities when email or password is changed
2017-04-14 08:16:43 +02:00
Roeland Jago Douma 6b79bf0960 Merge pull request #4346 from nextcloud/properly-do-bruteforce-protection-via-annotation
Make BruteForceProtection annotation more clever
2017-04-14 08:15:55 +02:00
Nextcloud bot 0f96d5a641
[tx-robot] updated from transifex 2017-04-14 00:07:36 +00:00
Morris Jobke 8e8b345fbd
Fix autoloader
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-13 16:28:07 -05:00
Lukas Reschke 8149945a91
Make BruteForceProtection annotation more clever
This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware.

Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 23:05:33 +02:00
Morris Jobke d0c0f6cfc1 Merge pull request #4326 from nextcloud/downstream-27562
Reorder the entries of the log for easier reading
2017-04-13 13:11:47 -05:00
Lukas Reschke 81d3732bf5 Merge pull request #4308 from nextcloud/lost-password-email
Update email template for lost password email
2017-04-13 20:02:15 +02:00
Morris Jobke d36751ee38 Merge pull request #2424 from nextcloud/fix-login-controller-test-consolidate-login
Fix login controller test and consolidate login
2017-04-13 12:16:38 -05:00
Morris Jobke ac05d6dd67
Improve PHPDoc
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-13 12:16:12 -05:00
Joas Schilling 695696a4a6
Use constants
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:04:32 -05:00
Roeland Jago Douma 6a519abde8
Update autoloader
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 14:56:05 +02:00
Roeland Jago Douma 0f5682321e
Fix server container registration
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 14:52:09 +02:00
Roeland Jago Douma aef95b9b7d
Not needed in the DIContainer anymore
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 13:37:39 +02:00
Roeland Jago Douma b96297e9cc
Do not set full path if not currentAccess
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 12:58:53 +02:00
Joas Schilling f57ef55249
Add samples to the docs
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:58:53 +02:00
Joas Schilling 29f2088a7b
Catch exceptions and use as many results as possible
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:58:53 +02:00
Joas Schilling 629b7c0fc3
Adjust docs and make !$currentAccess simpler
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:58:52 +02:00
Joas Schilling 5b57bb955b
Fix default share provider
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:58:52 +02:00
Joas Schilling 2fcf334c6a
Fix tests for ShareHelper
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:58:52 +02:00
Joas Schilling 3c1365c0d1
Fix returned paths for remote shares
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:58:51 +02:00
Joas Schilling 4bcb7d88b5
Return the token as well
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:58:51 +02:00
Joas Schilling cf7c320949
Also return the token
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:58:51 +02:00
Joas Schilling 91e650791d
Return the paths for the users without setting them all up
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:58:50 +02:00
Roeland Jago Douma 0c2dc3bc8c
Fix comments
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 12:58:50 +02:00
Roeland Jago Douma 12afd7d1d5
Add mail element to access list
* Each provider just returns what they have so adding an element won't
require changing everything
* Added tests

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 12:58:50 +02:00
Roeland Jago Douma 2cbac3357b
Offload acceslist creation to providers
* This allows for effective queries.
* Introduce currentAccess parameter to speciy if the users needs to have
currently acces (deleted incomming group share). (For notifications)

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 12:58:50 +02:00
Roeland Jago Douma 97f8ca6595
Added ShareHelper
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 12:58:49 +02:00
Roeland Jago Douma a1edcc8ecf
Port Encryption/file to new getAccessList
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 12:58:49 +02:00
Roeland Jago Douma 88299ec27c
Added to public interface
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 12:58:49 +02:00
Roeland Jago Douma 7dcc98eb20
Add owner to access list
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 12:58:49 +02:00
Roeland Jago Douma d84df15590
Add getAccessList to ShareManager
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 12:58:48 +02:00
Joas Schilling 1110b51aa3
Allow to read the old email on the hook as well
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:34:02 +02:00
Lukas Reschke e39e6d0605
Remove expired attempts
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 12:00:18 +02:00
Lukas Reschke 54930ac926
Update static autoloadermap
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 12:00:17 +02:00
Lukas Reschke a1ae5275f9
Move to dedicated MiddleWare
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 12:00:17 +02:00
Lukas Reschke 511524c668
Add isset() as it can be an empty result
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 12:00:17 +02:00
Lukas Reschke d729bde98c
Register in ServerContainer
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 12:00:16 +02:00
Lukas Reschke 66835476b5
Add support for ratelimiting via annotations
This allows adding rate limiting via annotations to controllers, as one example:

```
@UserRateThrottle(limit=5, period=100)
@AnonRateThrottle(limit=1, period=100)
```

Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 12:00:16 +02:00
Joas Schilling f23a36b0a6
Add activities when email or password is changed
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 11:13:19 +02:00