Morris Jobke
269600a04f
Merge pull request #4369 from nextcloud/fix-translations
...
Fix translations
2017-04-18 18:01:50 -05:00
Joas Schilling
1c0bffe87f
Fix translations
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-18 16:40:53 -05:00
Lukas Reschke
0a54d5a5dd
Beautify test email
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-18 16:18:00 -05:00
Morris Jobke
d379ac7545
Merge pull request #4372 from nextcloud/smtp-password
...
Don't put the SMTP password into the HTML code
2017-04-18 16:13:31 -05:00
Morris Jobke
d2c4440ed6
Fix unit tests
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-18 15:08:38 -05:00
Lukas Reschke
805419bb95
Add bruteforce protection to changePersonalPassword
...
While the risk is actually quite low because one would already have the user session and could potentially do other havoc it makes sense to throttle here in case of invalid previous password attempts.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-18 17:55:51 +02:00
Artur Neumann
88f02f27a3
JS tests for upload only function
...
Signed-off-by: Artur Neumann <info@individual-it.net>
2017-04-18 20:43:25 +05:45
Joas Schilling
fcaa315c96
Fix some more stuff
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-18 16:11:29 +02:00
Joas Schilling
dfca672378
Fix tests
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-18 16:08:29 +02:00
Joas Schilling
a3922bbcdc
Better validation of allowed user names
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-18 14:29:34 +02:00
Morris Jobke
10290eb006
Merge pull request #2834 from nextcloud/accesListToShareManager
...
Access list to share manager
2017-04-15 13:06:24 -05:00
Lukas Reschke
727688ebd9
Adjust existing bruteforce protection code
...
- Moves code to annotation
- Adds the `throttle()` call on the responses on existing annotations
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-14 13:42:40 +02:00
Lukas Reschke
8149945a91
Make BruteForceProtection annotation more clever
...
This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware.
Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 23:05:33 +02:00
Lukas Reschke
81d3732bf5
Merge pull request #4308 from nextcloud/lost-password-email
...
Update email template for lost password email
2017-04-13 20:02:15 +02:00
Morris Jobke
d36751ee38
Merge pull request #2424 from nextcloud/fix-login-controller-test-consolidate-login
...
Fix login controller test and consolidate login
2017-04-13 12:16:38 -05:00
Joas Schilling
e1d54e3b48
Add more tests for the share helper
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:58:53 +02:00
Joas Schilling
7d416ac1dd
Activate the test
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:58:53 +02:00
Joas Schilling
629b7c0fc3
Adjust docs and make !$currentAccess simpler
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:58:52 +02:00
Joas Schilling
4eeb194ae5
Fix share manager test
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:58:52 +02:00
Joas Schilling
5b57bb955b
Fix default share provider
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:58:52 +02:00
Joas Schilling
2fcf334c6a
Fix tests for ShareHelper
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:58:52 +02:00
Roeland Jago Douma
4437e00f16
Add shareHelper test
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 12:58:50 +02:00
Roeland Jago Douma
12afd7d1d5
Add mail element to access list
...
* Each provider just returns what they have so adding an element won't
require changing everything
* Added tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 12:58:50 +02:00
Roeland Jago Douma
2cbac3357b
Offload acceslist creation to providers
...
* This allows for effective queries.
* Introduce currentAccess parameter to speciy if the users needs to have
currently acces (deleted incomming group share). (For notifications)
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 12:58:50 +02:00
Roeland Jago Douma
553b3b2928
Fix tests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 12:58:49 +02:00
Roeland Jago Douma
7dcc98eb20
Add owner to access list
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 12:58:49 +02:00
Roeland Jago Douma
d84df15590
Add getAccessList to ShareManager
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 12:58:48 +02:00
Lukas Reschke
e39e6d0605
Remove expired attempts
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 12:00:18 +02:00
Lukas Reschke
31ae39c569
Add tests for multiple parameters
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 12:00:18 +02:00
Lukas Reschke
a1ae5275f9
Move to dedicated MiddleWare
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 12:00:17 +02:00
Lukas Reschke
66835476b5
Add support for ratelimiting via annotations
...
This allows adding rate limiting via annotations to controllers, as one example:
```
@UserRateThrottle(limit=5, period=100)
@AnonRateThrottle(limit=1, period=100)
```
Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 12:00:16 +02:00
Lukas Reschke
01f3698175
Merge pull request #3966 from nextcloud/downstream-26570
...
Override config.php values through environment variables
2017-04-13 10:51:09 +02:00
Morris Jobke
7cb6038fca
Merge pull request #3043 from nextcloud/issue-3038-no-logentry-on-email-login
...
Dont create a log entry on email login
2017-04-13 01:04:11 -05:00
Morris Jobke
1f962f9115
Update email template for lost password email
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-12 15:19:53 -05:00
Roeland Jago Douma
b3b24172e4
Merge pull request #4307 from nextcloud/sharing-emails
...
New emails for sharebymail
2017-04-12 21:23:11 +02:00
Morris Jobke
ae4c2893a2
Fix unit tests
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-12 12:42:23 -05:00
Joas Schilling
1c8c62272c
Use instance name as alt-text
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-12 17:16:26 +02:00
Morris Jobke
050ce1d40b
Add addBodyButton to add a single button to email templates
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-12 17:16:26 +02:00
Roeland Jago Douma
dccb8928a1
Merge pull request #4325 from nextcloud/downstream-27522
...
Optimize put - Dont try to fetch filecache for not existing filecache…
2017-04-12 16:04:03 +02:00
Björn Schießle
b90e91144b
Merge pull request #3614 from nextcloud/discover-federatedsharing-endpoints
...
Discover federatedsharing endpoints
2017-04-12 16:01:07 +02:00
Joas Schilling
30817fa319
Simplify the test
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-12 13:23:55 +02:00
Piotr M
dc78f1251e
Optimize put - Dont try to fetch filecache for not existing filecache in encription
2017-04-12 12:54:20 +02:00
Lukas Reschke
b5d31e4e65
Merge pull request #4309 from nextcloud/remove-unused-code
...
Removes unused code for link share emails
2017-04-12 10:15:59 +02:00
Morris Jobke
be9a514dff
Allow to set text versions for the plain text email
...
* allows different texts for HTML and text version of the email
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-11 17:50:06 -05:00
Morris Jobke
8fa5141aaa
Removes unused code for link share emails
...
* now handled by sharebymail app
* see https://github.com/nextcloud/server/pull/657
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-11 17:32:48 -05:00
Lukas Reschke
280a075c9c
Adjust class references
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-11 17:35:59 +02:00
Lukas Reschke
3600dd4f52
Add IEMailTemplate to public OCP API
...
Also adds `\OCP\Mail\IMailer::createEMailTemplate` as helper so the functionality can easily be used within apps.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-11 16:35:46 +02:00
Bjoern Schiessle
449011dae7
remove discovery manager in favour of the OCSDiscoveryService
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-04-11 15:04:01 +02:00
Bjoern Schiessle
0dea31d48b
add tests for discovery service
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-04-11 15:04:01 +02:00
Lukas Reschke
afb5d45705
Merge pull request #4256 from nextcloud/theming
...
Move OC_Defaults to OCP\Defaults
2017-04-11 14:39:46 +02:00
Morris Jobke
a045f3c4d7
Merge pull request #4146 from nextcloud/unread-comments-folder
...
Allow getting the unread comment count for an entire folder at once
2017-04-10 13:21:39 -05:00
Robin Appelman
a7c611039d
Dont use the permissions mask while scanning
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-04-10 15:19:21 +02:00
Joas Schilling
bc217cdf87
Also send the new account data with the event
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-10 10:22:57 +02:00
Morris Jobke
5b4adf66e5
Move OC_Defaults to OCP\Defaults
...
* currently there are two ways to access default values:
OCP\Defaults or OC_Defaults (which is extended by
OCA\Theming\ThemingDefaults)
* our code used a mixture of both of them, which made
it hard to work on theme values
* this extended the public interface with the missing
methods and uses them everywhere to only rely on the
public interface
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-09 21:43:01 -05:00
Morris Jobke
ca9d25169d
Merge pull request #4136 from nextcloud/expire-date-for-all-shares
...
Unified sharing options
2017-04-07 17:14:05 -05:00
Lukas Reschke
281ad406e8
Add support for theming
...
Add support for theming in generated emails and simplify API
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-07 12:03:47 -05:00
Lukas Reschke
1be75e8db8
Fix tests
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-07 12:03:47 -05:00
Morris Jobke
0560e69913
New layout for welcome email
...
* thanks to @espina2 for make this nice design
* the button says "Set password" if the admin didn't specified a password
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-07 12:03:32 -05:00
Bjoern Schiessle
3323d01db1
update unit tests
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-04-07 15:43:59 +02:00
Roger Szabo
5fa218051b
unit test adjustment
...
Signed-off-by: Roger Szabo <roger.szabo@web.de>
2017-04-07 18:06:50 +08:00
Joas Schilling
9f3d9b5b23
Don't force the use of Accept-Language anymore
...
This is not intended anymore, since it falls back to force english
when the header is not set. Also 0228bc6e66
makes clear that the order should be:
1. User setting
2. Accept language
3. Admin default
This is the case since the commit from above, unless via OCS and DAV.
Both forced to accept-language falling back to english.
By removing the force, it now also matches the w3 priority list:
https://www.w3.org/International/questions/qa-lang-priorities
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-07 11:10:04 +02:00
Joas Schilling
7ad791efb4
Dont create a log entry on email login
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-07 10:15:20 +02:00
Arthur Schiwon
7b3fdfeeaa
do login routine only once when done via LoginController
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-04-06 15:22:42 +02:00
Arthur Schiwon
2994cbc586
fix login controller tests
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-04-06 15:20:17 +02:00
Robin Appelman
baec42e80a
Save the scope of an auth token in the session
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-04-05 17:58:33 +02:00
Roeland Jago Douma
6bdd3a167d
Merge pull request #4123 from nextcloud/allow-password-reset-with-email
...
Allow to reset the password with the email as an input
2017-04-05 09:12:41 +02:00
Morris Jobke
95a21e2f2a
Check for boolean false and add tests
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-04 15:56:50 -05:00
Morris Jobke
0fcb37adcb
OC_ -> NC_
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-04 15:56:50 -05:00
Philipp Schaffrath
695a17804e
Override config.php values through ENV variables ( #26570 )
...
* added functionality to override config.php values with 'OC_' prefixed environment variables
* use getenv to read environment variables since apache does not set $_ENV variables, fixed test
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-04 15:56:50 -05:00
Lukas Reschke
e0227cb458
Merge pull request #2095 from nextcloud/bruteforcesetttings
...
Introduce bruteforce settings
2017-04-04 11:57:43 +02:00
Roeland Jago Douma
efb21a948e
Merge pull request #4093 from nextcloud/endorse-password-protection
...
Endorse password protection
2017-04-04 11:04:21 +02:00
Roeland Jago Douma
aee2d6318f
Fix tests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-04 10:29:12 +02:00
Roeland Jago Douma
2a9192334e
Don't try to parse empty body if there is no body
...
Fixes #3890
If we do a put request without a body the current code still tries to
read the body. This patch makes sure that we do not try to read the body
if the content length is 0.
See RFC 2616 Section 4.3
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-04 08:22:33 +02:00
Bjoern Schiessle
5e7197e49f
fix unit tests
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-04-03 10:58:25 +02:00
Morris Jobke
ed00bab80b
Fixed layout of bruteforcesettings
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-02 21:19:30 +02:00
Roeland Jago Douma
4e0479f3a8
Update App Manager test
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-02 21:13:51 +02:00
Roeland Jago Douma
be674c19a5
Respect bruteforce settings in the Throttler
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-02 21:13:50 +02:00
Roeland Jago Douma
dca555b7f3
Adds security section to the admin page
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-02 21:13:09 +02:00
Roeland Jago Douma
6a40dce138
Initial commit of the bruteforcesettings app
...
This adds the bruteforce settings app that allows to configure (for now)
subnets that are to be ignored when doing brute force analysis. This can
for example be the LAN since we trust people from there.
* Add app
* Add php tests
* Add js tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-02 21:08:53 +02:00
Robin Appelman
48df99f2e0
fix quote helper test
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-03-30 12:49:05 +02:00
Robin Appelman
2a4d9f71af
update FakeManager
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-03-30 12:48:34 +02:00
Robin Appelman
212d9fd277
Add test for getting unread comment count by folder
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-03-30 12:48:27 +02:00
Robin Appelman
d4a7cfec7c
rename fun to func
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-03-30 11:15:06 +02:00
Robin Appelman
fee818f493
Add tests for query builder (i)like
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-03-30 11:15:03 +02:00
Robin Appelman
4279b13270
Add function builder to the query builder
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-03-30 11:09:26 +02:00
Robin Appelman
a65652fc1e
add support for escaping like parameters when using the query builder
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-03-30 11:09:22 +02:00
Morris Jobke
9813023aab
Fix gzip files for Safari
...
* Safari support gzip only if the filename does not
end on .gz - so this renames them to .gzip
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-29 00:11:51 -06:00
Morris Jobke
f9bc53146d
Fix unit tests
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-28 21:00:12 -06:00
Roeland Jago Douma
3a0ef65f33
Fix controller tests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-28 23:42:20 +02:00
Roeland Jago Douma
a40405531c
Fix tests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-28 23:13:59 +02:00
Joas Schilling
4bae7ef96d
Allow to reset the password with the email as an input
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-28 21:17:37 +02:00
Morris Jobke
f76a3b532d
Merge pull request #4096 from nextcloud/touch-floor
...
round the mtime in touch
2017-03-27 09:46:10 -06:00
Robin Appelman
8de4209c3e
round the mtime in touch
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-03-27 17:07:48 +02:00
Joas Schilling
e0b040d623
Allow multiple navigation links from info.xml
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-26 21:15:25 +02:00
Lukas Reschke
d81cdcbe88
Don't run JSCombiner when not installed
...
When the instance is not installed don't run the JSCombiner as the appdata folder does not yet exist.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-25 15:25:06 +01:00
Roeland Jago Douma
677e11b1a4
Tests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-24 11:31:48 +01:00
Roeland Jago Douma
34632de102
Merge pull request #4025 from nextcloud/downstream-27292
...
Update karma
2017-03-24 08:44:42 +01:00
Morris Jobke
1397b84777
Merge pull request #3928 from nextcloud/downstream-17978
...
Adjust 4 byte MySQL code to upstream
2017-03-23 23:45:43 -06:00
Vincent Petry
46a32045d7
Update karma, use sinon from npm
...
Update karma library and use sinon JS library provided by
karma-jasmine-sinon instead of local file.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-23 23:35:41 -06:00
Roeland Jago Douma
35a21b4180
Fix tests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-22 20:14:18 +01:00