Commit Graph

696 Commits

Author SHA1 Message Date
Christoph Wurst dfb4d426c2
Add two factor auth to core 2016-05-23 11:21:10 +02:00
Thomas Müller 60bafcda73
Fix #24655 2016-05-17 20:43:02 +02:00
Christoph Wurst d8cde414bd
token based auth
* Add InvalidTokenException
* add DefaultTokenMapper and use it to check if a auth token exists
* create new token for the browser session if none exists
hash stored token; save user agent
* encrypt login password when creating the token
2016-05-11 13:36:46 +02:00
Thomas Müller 7aca13f14c
Allow login by email address 2016-05-02 14:51:01 +02:00
Thomas Müller 739dfb5c66
Suggest cli based updater in case the instance is bigger - #23913 2016-04-18 17:09:21 +02:00
Lukas Reschke fee95084ae
Rename `username` to `loginName`
UID and login name are two different things.
2016-04-15 19:02:19 +02:00
Lukas Reschke 331e4efacb
Move login form into controller
First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is.
2016-04-15 17:36:23 +02:00
Thomas Müller fdee771aca Add unit testing capabilities for templates (#23708)
Add unit testing capabilities for templates
2016-04-12 12:49:11 +02:00
Morris Jobke 22898fa107 Use proper shortcut methods in templates 2016-04-06 10:25:04 +02:00
Morris Jobke 1f7e02e4d4 Add detailed logs hidden and show them on request 2016-04-04 12:34:18 +02:00
Thomas Müller 1bf4c75e8b Show individual sql schema migration steps during upgrade - on web as well as on the command line 2016-04-04 12:34:18 +02:00
Stefan Weil 62a5952a72 core: Fix typos (found by codespell)
Signed-off-by: Stefan Weil <sw@weilnetz.de>
2016-04-04 10:57:17 +02:00
C. Montero Luque 0393e80c7c Merge pull request #16857 from owncloud/printStylesheets
Support for print stylesheets
2016-03-31 22:13:44 +02:00
Lukas Reschke 6ad957906e Consistently use rel=noreferrer
When linking to external entities we should consistently use rel=noreferrer
2016-03-20 15:27:20 +01:00
Daniel Aleksandersen 7a45f05ed5 Stupid clients only literally understand rel="icon"
rel="shortcut icon" hasn’t been relevant in years, isn’t in any
standards, and causes problems for simple pattern matching clients.
https://www.w3.org/TR/html/links.html#linkTypes
2016-03-08 21:09:34 +01:00
Vincent Chan 06b2f11e57 refactoring code 2016-02-10 15:28:14 +01:00
Vincent Chan e7859f705c Remember previous state of remember login checkbox
fixes #22205
2016-02-10 12:37:38 +01:00
Lukas Reschke abc675d87e Move update notification code into app
Moves the update notification code in a single app. This is required since we want to use SSO for the new updater and for this have some code running in ownCloud as well (and we don't want that in core neccessarily). This app can provide that in the future, right now it's only the update notification itself. Will continue working on the SSO right away but wanted to keep the PR small.

Furthermore also makes some more code unit-testable...
2016-02-09 18:05:51 +01:00
Vincent Petry 3b581b051f Expose display name in JS side
Adds a new method `OC.getCurrentUser` to get both the user id and
display name Could be used for a future Js
2016-02-02 18:01:15 +01:00
Morris Jobke 75e6734ef4 Remove OC_Helper::imagePath and use the proper public interface 2016-01-24 18:04:20 +01:00
Morris Jobke d6a63016ae move lost controller to core/controller
* lostpassword.css is unneeded since #11696 is merged - 1b50d4f7ce
* js is already in core/js
* css is moved to core/css/lostpassword
* template is moved to core/templates/lostpassword
2016-01-20 10:42:19 +01:00
Hendrik Leppelsack 99b9ec41c1 support print stylesheets 2016-01-13 15:12:11 +01:00
Roeland Jago Douma 7e44ea5da0 Remove deprecated function OC_User::getManager
Private deprecated function => removed
Replaced all instances with suggested replacement
2015-12-17 16:18:34 +01:00
Roeland Jago Douma 19eeb23b91 OC_Helper::linkTo is deprecated
Replaced with suggested (and calling body of)
2015-12-17 10:53:21 +01:00
Lukas Reschke 4b293dffe5 Use \OCP\Util::sanitizeHTML instead of \OC_Util::sanitizeHTML 2015-12-08 08:56:47 +01:00
Joas Schilling f8f3c9ecf9 Remove password reset when the user can not change the password 2015-12-07 15:14:19 +01:00
Lukas Reschke f3e9106864 Don't trust update server
In case the update server may deliver malicious content this would allow an adversary to inject arbitrary HTML into the response. So very bad stuff.

While signing the response would be better and something we can also do in the future (considering the code signing work), this is already a good first start.
2015-11-28 12:21:53 +01:00
Jan-Christoph Borchardt cd88854369 update page: fix heading whitespace and unbold less important sections 2015-11-25 13:16:00 +01:00
Jürgen Weigert b167eb743f Update untrustedDomain.php 2015-11-12 14:33:59 +01:00
Thomas Müller 2e8d8bf4ef Merge pull request #20236 from maprambo/safari-pinned-tab-icon
added Safari tabbed pin icon
2015-11-09 11:12:38 +01:00
Thomas Müller 164f4d7d37 Merge pull request #18039 from owncloud/favicon-up-to-ie10
Add favicon for IE8-10
2015-11-06 14:51:24 +01:00
Jan-Christoph Borchardt 93f9577258 do not bold header of update screen 2015-11-05 16:36:37 +01:00
maprambo edb1fee610 Added Safari tabbed pin icon
Added the necessary code and a black and inverted version of the favicon/ touch icon in svg format
2015-11-04 19:31:17 +01:00
Morris Jobke 069ed71dbe Add favicon for IE 8+ 2015-11-03 14:24:20 +01:00
Hendrik Leppelsack cf0ebfc7aa don't validate searchbox 2015-11-03 10:10:52 +01:00
Thomas Müller 053effaa51 Merge pull request #20220 from owncloud/keep-search-open
Keep searchbox open if it is in action
2015-11-02 13:58:10 +01:00
Hendrik Leppelsack 9669a2be78 keep searchbox open if it is in action 2015-11-02 12:14:54 +01:00
Joas Schilling f04151f69b Close the user menu when clicking it again 2015-11-02 10:09:13 +01:00
Thomas Müller 6911d8f0a4 Merge pull request #20175 from owncloud/login-arrow
remove unneeded icons from input fields to not distract from submit button, fix #18940
2015-10-30 15:56:13 +01:00
Jan-Christoph Borchardt a05ea0fb1e remove unneeded icons from input fields to not distract from submit button, fix #18940 2015-10-30 11:11:37 +01:00
Stephen Colebrook 6feb31bf96 Allow separate templates for internal and external share notifications 2015-10-29 10:24:24 +01:00
Jan-Christoph Borchardt aed9b2a626 change wording from 'remember' to more understandable 'Stay logged in' 2015-10-23 10:44:41 +13:00
Vincent Petry bf2a876094 Fix login arrow in login page 2015-09-29 17:13:10 +02:00
Hendrik Leppelsack c23cac3322 fix login 2015-09-25 00:51:39 +02:00
Thomas Müller ac8da41ccd Merge pull request #18709 from owncloud/cleanup-login-semantics
Pushes input inside the bottom group - login.
2015-09-21 16:08:48 +02:00
Thomas Müller 7ff12d74d9 Merge pull request #17998 from owncloud/highres_avatar
Highres avatar in top bar
2015-09-16 22:03:11 +02:00
Hendrik Leppelsack 88bc478055 use label:before instead of label 2015-09-16 09:06:05 +02:00
Raghu Nayyar 7ccd02ec95 Fixes white and black checkboxes in core, files will be next. 2015-09-16 09:06:05 +02:00
Roeland Jago Douma c39db52cfa Use srcset to select best avatar size
* Allow the browser to select the best available avatar for the screen
2015-09-14 12:58:45 +02:00
Raghu Nayyar 1d9128c557 Squashing all commits in one, remove typos. 2015-09-12 15:24:56 +05:30
Lukas Reschke 436c149fbb Prevent referer from being sent
Nice hardening for enhanced privacy. Especially useful when using embedded viewers such as files_pdfviewer.
2015-09-09 18:07:43 +02:00
Jan-Christoph Borchardt acc9fa49fc use SVG for toggle image instead of PNG, fix installation and personal settings toggle 2015-09-03 11:49:28 +02:00
Christoph Wurst ba9457264f add title attribute for the login button 2015-09-02 12:32:16 +02:00
Jan-Christoph Borchardt cea3247d49 show feedback spinner for log in process 2015-08-27 21:08:46 +02:00
Jan-Christoph Borchardt 2a935f1b47 move log in button into fields and use icon instead of text 2015-08-27 20:52:47 +02:00
Morris Jobke 40b1054530 Merge pull request #18254 from owncloud/mitigate-breach
Add mitigation against BREACH
2015-08-24 09:14:27 +02:00
Jan-Christoph Borchardt f21cf516da fix wording of update header 2015-08-20 12:59:13 +02:00
Morris Jobke 06d8edd963 Merge pull request #17434 from owncloud/update-showappnameonappupdate
Display app names in update page for app updates
2015-08-20 11:50:01 +02:00
Vincent Petry a2674b2b30 Additions to update page
Apps to update and to disable will always be shown.
Main title changes only when apps need updated, not core.
Added bullet style.
Exclude incompatible apps from updated apps list.
2015-08-20 11:14:30 +02:00
Vincent Petry b919ae96f0 Display app names in update page for app updates
Whenever the update page is displayed for apps, show app names instead
of the core update text.
2015-08-19 18:03:35 +02:00
Lukas Reschke df2ce8a075 Remove search box $_POST since it is unused 2015-08-14 01:31:32 +02:00
Jan-Christoph Borchardt e16cf0c45f more understandable 'Wrong password' feedback 2015-08-12 18:43:09 +02:00
Thomas Müller aff11d7a79 Merge pull request #17966 from owncloud/remove-mssql
Remove remainings of mssql
2015-07-29 22:59:31 +02:00
Thomas Müller 5ed38a75d6 Remove remainings of mssql 2015-07-29 18:19:31 +02:00
Jan-Christoph Borchardt 0b27bcba76 add theme-color for better Android browser integration 2015-07-29 18:16:01 +02:00
Brewal eac117fc8f Changed a p element by a div
A p element cannot contain a div element (here `<div style="clear: both;"></div>`). It should be change by a div element to fits standards.
2015-06-08 15:22:52 +02:00
Jan-Christoph Borchardt 78a0464354 replace logo-wide on share page as well with better icon + text 2015-05-22 00:04:47 +02:00
Morris Jobke 176b9674d2 Add hint about additional PHP database modules
* fixes #16391
2015-05-18 22:59:35 +02:00
Morris Jobke cd516eedcd Use OC.Notification for update notifications
* instead of a static rendering inside PHP use the
  JS OC.Notification.showTemporary to hide the
  notification after 7 seconds automatically
* fixes #14811
2015-05-03 17:26:03 +02:00
Jörn Friedrich Dreyer 8964c5068c do not disclose information, show generic error on login page
Conflicts:
	core/templates/login.php
	lib/base.php
2015-04-10 09:12:37 +02:00
Jan-Christoph Borchardt dd7e519cda add link to installation documentation to setup page 2015-04-09 11:39:46 +02:00
Lukas Reschke 0816cf9142 Add experimental applications switch
Allows administrators to disable or enabled experimental applications as well as show the trust level.
2015-04-03 13:21:24 +02:00
Volker E f4502b4670 fixing #15344 - `title` has no added value here (not on screen readers not for robots) 2015-04-01 21:10:48 +02:00
Morris Jobke 1a06f8df57 add title to entries in app menu 2015-04-01 09:10:19 +02:00
Jan-Christoph Borchardt cd88ddddaf fix accessibility of ownCloud logo and navigation entries, fix #15013g 2015-03-26 10:31:00 +01:00
Morris Jobke e07a2fd8a2 Merge pull request #15012 from Volker-E/master
fixing #15011 by adding ARIA roles where distinct
2015-03-24 12:07:26 +01:00
Volker E 599ee5ce4e fixing #15023, getting comments out of HTML output 2015-03-21 07:10:46 +01:00
Robin Appelman 2df20aaffb show exception type in debug mode 2015-03-20 03:51:21 +01:00
Volker E 0e4d52f9d2 fixing #15027, cleaning up obsolete IE5-7 workaround code 2015-03-19 09:10:58 +01:00
Volker E 0d0c73cf2b fixing #15011 by adding ARIA roles where distinct 2015-03-18 19:29:15 +01:00
Volker E 790324b313 addressing #14984 removing redundant type attributes 2015-03-18 05:33:17 +01:00
Volker E 4c46d0c46c addressing #14983 obsolete Google Chrome Frame 2015-03-18 02:11:47 +01:00
Volker E 6ad76b5cc2 addressing #14982 self-closing tags ending slash doesn't have a purpose & should be removed 2015-03-17 23:57:23 +01:00
Volker E 25b77159c4 adressing #14979 meta charset declaration should be first in head 2015-03-17 23:36:05 +01:00
Volker E e8c99a60ec addressing #14978 - remove html root classes targeting IE6/IE7 2015-03-17 23:16:42 +01:00
Volker E f3cd552797 addressing #14978 - remove html root classes targeting IE6/IE7 2015-03-17 22:35:20 +01:00
Roeland Jago Douma 1a0f9c375b Avatar controller moved to AppFrameWork
* Original avatarcontroller migrated to the appframework
* Added DataDisplayResponse that show data inline in the browser (used
  to retrun the image)
* Removed some unneeded code
* Added unit tests for the avatarcontroller
2015-03-11 16:37:42 +01:00
Joas Schilling 0f09989824 Maintenance mode message might be misleading 2015-03-02 09:51:25 +01:00
Lukas Reschke 8818165e07 Fix avatars in master 2015-02-27 12:03:58 +01:00
Jan-Christoph Borchardt 83bc951630 Merge pull request #12213 from sebomoto/add-loadfeedback
Add loadfeedback
2015-02-18 19:42:18 +01:00
Lukas Reschke 20d57c8bfe Remove Null Byte Check
This is not relevant anymore since we require PHP 5.4
2015-02-17 14:19:20 +01:00
Lukas Reschke c6705ab574 Merge pull request #13890 from owncloud/add-no-referrer
Add `rel="noreferrer"` where possible and switch to HTTPS
2015-02-16 14:36:44 +01:00
Lode Hoste 27b35500a7 Disable application-specific favicons for non-user pages 2015-02-11 20:09:03 +01:00
Joas Schilling 4172ba48d4 Deduplicate template code and do not translate the links 2015-02-09 16:01:52 +01:00
Morris Jobke b05e4e085c Merge pull request #13435 from Zillode/app-favicon
Allow application-specific favicons
2015-02-07 13:29:18 +01:00
cmeh 6abb28e2a6 Update installation.php
In line 161, "SQLite" has now the same capitalisation as in line 159.
2015-02-06 11:19:56 +01:00
Thomas Müller d748368ecb Don't highly discourage 2015-02-05 17:21:10 +01:00
Sebastian Bolt 7ffd2557ff changed image to classed div for spinner animation 2015-02-04 22:27:38 +01:00
Thomas Müller f86c73c9f6 enhance sqlite warning on admin page as well as during setup - fixes #13906 2015-02-04 20:55:54 +01:00
Lukas Reschke b432ea29c9 Add `rel="noreferrer"` where possible and switch to HTTPS
Just to follow good practise and prevent some automated scanners to complain about "Cross-domain Referer leakage".
2015-02-04 16:25:37 +01:00