436f7b92d5
Merge pull request #16544 from nextcloud/bugfix/16540
...
Add missing password reset page to vue
2019-07-31 11:02:20 +02:00
3b0d13944a
Move actual password reset to vue
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-07-31 09:19:07 +02:00
b6dd2ebd39
Use proper exception in lostController
...
There is no need to log the expcetion of most of the stuff here.
We should properly log them but an exception is excessive.
This moves it to a proper exception which we can catch and then log.
The other exceptions will still be fully logged.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-27 20:12:16 +02:00
5c21b29d7f
Merge pull request #16308 from nextcloud/fix/undefined-offset-0
...
Prevent undefined offset 0 in findByUserIdOrMail
2019-07-10 12:16:36 +02:00
d57540ac84
Return first value from $users
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-07-09 19:29:14 +02:00
6235a66aac
Don't send executionContexts for Clear-Site-Data
...
There are plans to remove executionContexts from the spec: https://github.com/w3c/webappsec-clear-site-data/issues/59
Firefox already removed it https://bugzilla.mozilla.org/show_bug.cgi?id=1548034
Chromium implementation is not finish: https://bugs.chromium.org/p/chromium/issues/detail?id=898503&q=clear-site-data&sort=-modified&colspec=ID%20Pri%20M%20Stars%20ReleaseBlock%20Component%20Status%20Owner%20Summary%20OS%20Modified
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-07-09 15:08:25 +02:00
d5805df6c2
Fix subscription tests
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-06-17 16:36:24 +02:00
64c4bb5bce
Vueify the login page
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-05-29 11:05:16 +02:00
98047e8c1c
Stop decryption when maintenance mode is enabled, fixes #8311
...
Signed-off-by: Ruben Homs <ruben@homs.codes>
2019-05-21 09:24:50 +02:00
f03eb7ec3c
Remote wipe support
...
This allows a user to mark a token for remote wipe.
Clients that support this can then wipe the device properly.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-05-20 20:50:27 +02:00
528eb1b223
Merge pull request #15304 from nextcloud/enh/2fa_setup_at_login
...
2FA setup during login
2019-05-17 11:04:42 +02:00
579162d7b9
Allow 2FA to be setup on first login
...
Once 2FA is enforced for a user and they have no 2FA setup yet this will
now prompt them with a setup screen. Given that providers are enabled
that allow setup then.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-05-17 10:11:53 +02:00
2dcb4cfbd6
Allow clients to delete their own apptoken
...
Fixes #15480
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-05-17 09:52:06 +02:00
170582d4f5
Add a login chain to reduce the complexity of LoginController::tryLogin
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-05-07 18:04:36 +02:00
5b4155bd12
Make appstore app:enable test more robust by using only shipped apps
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-03-14 13:39:20 +01:00
55f627d20b
Add an event to the Autocomplete Controller to allow to filter the results
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-02-26 15:32:14 +01:00
e819e97829
Login flow V2
...
This adds the new login flow. The desktop client will open up a browser
and poll a returned endpoint at regular intervals to check if the flow
is done.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-02-25 07:24:50 +01:00
2cc4118629
Merge pull request #14066 from nextcloud/feature/noid/casted-system-values
...
Get typed system values
2019-02-22 11:54:20 +01:00
b4902369fb
Fix unit tests
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-02-22 09:08:53 +01:00
bb2d8bafc9
Use contacts instead of logreader
...
Logreader is not distributed by app store because shipped by default.
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-02-19 21:03:07 +01:00
75b7d6ae4e
Add install logic for enable command
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-02-19 21:03:06 +01:00
76b5f44f05
Strict Types, Return Types
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-02-19 21:03:06 +01:00
03d3192638
Disable multiple apps at once
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-02-19 21:03:05 +01:00
08907ee3e9
Enable multiple apps at once
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-02-19 21:03:00 +01:00
c583c5e7e2
Emit event if app password created
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-02-18 17:47:43 +01:00
149a98edf6
Publish activity for app token created by client login flow
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-02-17 23:49:54 +01:00
2ade2bef8c
Publish activity for app token created by ocs api
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-02-17 23:37:22 +01:00
0e9903c420
Merge pull request #13969 from nextcloud/enh/additional_scripts_no_on_public_pages
...
No need to emit additonalscript event on public pages
2019-02-07 15:57:14 +01:00
94b1b1593b
Remove public interface that was only needed for testing
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-02-07 14:23:16 +01:00
bf1253cb49
Implement guest avatar endpoint
...
Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
2019-02-07 14:23:16 +01:00
b68567e9ba
Add StandaloneTemplateResponse
...
This can be used by pages that do not have the full Nextcloud UI.
So notifications etc do not load there.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-02-06 11:26:18 +01:00
ac8a6e2244
Clean pending 2FA authentication on password reset
...
When a password is reste we should make sure that all users are properly
logged in. Pending states should be cleared. For example a session where
the 2FA code is not entered yet should be cleared.
The token is now removed so the session will be killed the next time
this is checked (within 5 minutes).
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-01-29 13:08:56 +01:00
e6333c8fe3
Honor remember_login_cookie_lifetime
...
If the remember_login_cookie_lifetime is set to 0 this means we do not
want to use remember me at all. In that case we should also not creatae
a remember me cookie and should create a proper temp token.
Further this specifies that is not 0 the remember me time should always
be larger than the session timeout. Because else the behavior is not
really defined.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-01-23 08:46:24 +01:00
66367797df
Fix template paramter
...
Else we get shown an error page instead of the correct 403.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-01-18 15:30:38 +01:00
f42115d6bb
Fix tests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-01-15 15:53:44 +01:00
6734e87171
Fix tests
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-11-29 10:39:01 +01:00
92582a350d
Use the proper server for the apptoken flow login
...
If a user can't authenticate normally (because they have 2FA that is not
available on their devices for example). The redirect that is generated
should be of the proper format.
This means
1. Include the protocol
2. Include the possible subfolder
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-01 11:45:35 +01:00
82c2c10b25
adapted automated test for autocomplete changes
...
Signed-off-by: Rayn0r <Andre.Weidemann@web.de>
2018-10-30 11:36:16 +01:00
d21ded67a7
Keep list of icons in a separate file for use in the accessibility app
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-10-25 12:16:10 +02:00
1806baaeaf
Remove cookies from Clear-Site-Data Header
...
In 2f87fb6b45https://example.com/clear , the following header will cause cookies associated with the origin https://example.com to be cleared, as well as cookies on any origin in the same registered domain (e.g. https://www.example.com/ and https://more.subdomains.example.com/ ).
This also applies if `https://nextcloud.example.com/ ` sends the `Clear-Site-Data: "cookies"` header.
This is not the behavior we want at this point!
So I removed the deletion of cookies from the header. This has no effect on the logout process as this header is supported only recently and the logout works in old browsers as well.
Signed-off-by: Patrick Conrad <conrad@iza.org>
2018-10-15 14:46:06 +02:00
8177fdb0f6
Merge pull request #11765 from nextcloud/feature/mandatory-2fa-for-groups
...
Mandatory 2FA for groups
2018-10-15 10:58:05 +02:00
83e994c11f
Make it possible to enforce mandatory 2FA for groups
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-10-15 08:22:52 +02:00
ec2f02f4a0
Check if TTY is invalid in encryption:encrypt-all and encryption:decrypt-all
...
Signed-off-by: Evgeny Golyshev <eugulixes@gmail.com>
2018-10-14 15:06:14 +03:00
7971ba5cc6
Merge pull request #10898 from nextcloud/feature/10684/default-logo-color-theme-colors
...
Switches the default logo color depending on the primary color
2018-10-08 10:33:22 +02:00
78273cb1e6
Add an endppoint for clients to request an app password
...
Now that we allow enforcing 2 factor auth it make sense if we also allow
and endpoint where the clients can in the background fetch an
apppassword if they were configured before the login flow was present.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-03 19:05:20 +02:00
a45ec3d324
Refactors the scss svg functions
...
Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
2018-10-02 08:37:55 +02:00
259c0ce11d
Add mandatory 2FA service/class
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-09-30 11:47:29 +02:00
7586b19e52
Only allow 2FA state changs if providers support the operation
...
Ref https://github.com/nextcloud/server/issues/11019 .
Add `twofactorauth:cleanup` command
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-09-25 09:54:20 +02:00
ef97ef72f6
Merge pull request #10743 from danielkesselberg/bugfix/noid/allow-password-reset-for-duplicate-email
...
Enable password reset for user with same email address when only one is active
2018-09-13 10:48:30 +02:00
cf3f4888cc
Change password expiration time from 12h to 7d
...
We use the same logic for creating accounts without a password and there the 12h is a bit short. Users don't expect that the signup link needs to be clicked within 12h - 7d should be a more expected behavior.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-08-31 13:31:03 +02:00
a0b84bc0fc
Merge pull request #10334 from denismosolov/group-add
...
Add options to create/remove groups via occ
2018-08-24 13:46:16 +03:00
031fdfb1fc
Enable password reset for user with same email address when only one is active
...
When two or more user share the same email address its not possible to
reset password by email. Even when only one account is active.
This pr reduce list of users returned by getByEmail by disabled users.
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-08-19 16:32:46 +02:00
0b18e2c75d
Add an options to create and remove groups via occ
...
Signed-off-by: Denis Mosolov <denismosolov@gmail.com>
2018-08-16 10:31:20 +03:00
3c5fb2b52b
update unit tests
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-08-15 15:08:36 +02:00
c6e47e8a51
Fix login redirection if only one 2FA provider is active
...
Fixes https://github.com/nextcloud/server/issues/10500 .
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-08-08 15:25:59 +02:00
38fffffe18
Fix unit test
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-08-01 14:46:44 +02:00
4c773891d7
Fix app navigation controller to return an array
...
This is required to not break compatibility with existing consumers of that endpoint like the apps management or the client
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-07-25 13:50:46 +02:00
de7606dc68
Adds disabled user unit tests
...
Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
2018-07-21 13:05:25 +02:00
9bd48e7c0d
Adds an info if the maintenance mode is already enabled/disabled.
...
Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
2018-07-01 20:56:27 +02:00
9444a3fad1
Merge pull request #9632 from nextcloud/enhancement/stateful-2fa-providers
...
Stateful 2fa providers
2018-06-25 15:49:58 +02:00
8ed50d4b63
prefill userid for login after password reset
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2018-06-21 15:18:07 +02:00
13d93f5b25
Make 2FA providers stateful
...
This adds persistence to the Nextcloud server 2FA logic so that the server
knows which 2FA providers are enabled for a specific user at any time, even
when the provider is not available.
The `IStatefulProvider` interface was added as tagging interface for providers
that are compatible with this new API.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-06-20 08:30:26 +02:00
362e6b2903
Fix tests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-14 13:30:22 +02:00
058f8123e6
Set the default log rotate size to 100 MB
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-04-11 00:27:51 +02:00
2b7d4d5069
Fix tests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-04-06 19:58:37 +02:00
796b4f19f8
Add Cache-control: immutable
...
Cache generated CSS forever!
Also cache combined JS forever
Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-03-19 14:21:53 +01:00
b9720703e8
Add CSRF token controller to retrieve the current CSRF token
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-03-08 16:48:50 +01:00
16ac8eaac9
Fix tests
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-03-07 09:17:18 +01:00
11b6cc3f68
Replace logout href to avoid new etag on every request
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-03-06 09:51:28 +01:00
723b8764d1
Add ETag to NavigationController
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-03-05 12:19:20 +01:00
3a33683364
update unit tests
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-03-02 15:20:35 +01:00
cf83eb5e77
Merge pull request #8336 from nextcloud/cleanup-unused-parameter
...
Cleanup unused parameter
2018-02-20 10:16:59 +01:00
bcf1668cc8
Remove config from AutoCompleteController
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-02-13 21:40:30 +01:00
5a23b35ddb
Also rewrite icon url
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-12 21:20:21 +01:00
922cf44c81
Move to OCS endpoint
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-12 17:22:33 +01:00
8ecac56543
Allow requesting absolute URLs
...
They might be useful when requesting the navigation from the clients
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-12 17:22:32 +01:00
6211d18dc1
Add tests for NavigationController
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-12 17:22:32 +01:00
4ef302c0be
Request->getHeader() should always return a string
...
PHPDoc (of the public API) says that this method returns string but it also returns null, which is not allowed in some method calls. This fixes that behaviour and returns an empty string and fixes all code paths that explicitly checked for null to be still compliant.
Found while enabling the strict_typing for lib/private for the PHP7+ migration.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-17 09:51:31 +01:00
b1d8084700
Fix tests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-15 21:43:11 +01:00
7789fbdea6
Add unit test
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-01-15 00:50:52 +01:00
8d1dd1945f
Fix tests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-13 13:58:06 +01:00
f5f6ed664d
Hide stay logged in checkbox when flow authentication is used
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-12-28 11:15:26 +01:00
094d41937a
Fix tests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-18 21:06:52 +01:00
c1fcd6fc98
Merge pull request #7324 from nextcloud/no-sorters-no-instances
...
don't create sorter instances when none was requested
2017-12-11 15:27:44 +01:00
ed7beb929e
Merge pull request #6876 from nextcloud/always_img_avatar
...
Always generate avatar
2017-12-08 23:58:17 +01:00
555fe7047f
fix tests
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-12-08 13:29:33 +01:00
8e8fe6b8eb
Fix tests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-11-29 14:23:15 +01:00
96bc03a03a
don't create sorter instances when none was requested
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-11-28 13:30:51 +01:00
c2cd5fc5d3
Fix flow
...
Signed-off-by: Mario Danic <mario@lovelyhq.com>
2017-11-09 00:29:34 +01:00
cd1bfea8c4
Theming: theme flow redirection page
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-11-08 14:56:32 +01:00
e2805f02aa
Merge branch 'master' into autocomplete-gui
2017-11-01 15:37:29 +01:00
25aad121e6
meanwhile we can have exact matches. also show those.
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-10-31 14:58:48 +01:00
fa2f03979b
add search parameter to autocomplete controller
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-10-25 17:26:50 +02:00
43e498844e
Use ::class in test mocks
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-10-24 17:45:32 +02:00
fd6daf8d19
AutoCompletion backend
...
* introduce a Controller for requests
* introduce result sorting mechanism
* extend Comments to retrieve commentors (actors) in a tree
* add commenters sorter
* add share recipients sorter
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-10-22 14:13:32 +02:00
3119fd41ce
Set the data from the template
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-10-18 15:12:03 +02:00
444779ce96
Fix tests
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-09-06 16:38:24 +02:00
0326c2c54f
Fix broken tests
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-09-04 14:17:03 +02:00
0aff1c9268
Return the user id in case of an error
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-29 11:10:30 +02:00
0b652648cc
Merge pull request #6177 from nextcloud/properly-add-slo-url
...
Properly allow \OCP\Authentication\IApacheBackend to specify logout URL
2017-08-26 18:50:52 +02:00
Roeland Jago Douma
Julius Härtl
Roeland Jago Douma
Morris Jobke
Daniel Kesselberg
Christoph Wurst
Ruben Homs
Joas Schilling
Joas Schilling
Michael Weimann
John Molakvoæ (skjnldsv)
Rayn0r
Patrick Conrad
Evgeny Golyshev
blizzz
Denis Mosolov
Bjoern Schiessle
Robin Appelman
Mario Danic