Commit Graph

259 Commits

Author SHA1 Message Date
Christoph Wurst 0ebffa4a5f do not double encode the redirect url
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-11-09 16:14:46 +01:00
Joas Schilling 9296038d78
Fix preview URLs
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-08 16:39:13 +01:00
Morris Jobke e6b52ef4cd Merge pull request #1347 from nextcloud/bring-back-remember-me
fix remember me login
2016-11-02 18:32:38 +01:00
Christoph Wurst d907666232
bring back remember-me
* try to reuse the old session token for remember me login
* decrypt/encrypt token password and set the session id accordingly
* create remember-me cookies only if checkbox is checked and 2fa solved
* adjust db token cleanup to store remembered tokens longer
* adjust unit tests

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-11-02 13:39:16 +01:00
Lukas Reschke d805df7bb3
Use findAppInDirectories
The other function doesn't work if the appstore is disabled

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-31 17:30:02 +01:00
Lukas Reschke 8acb54aa0b
Add update support
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-31 17:17:47 +01:00
Lukas Reschke df7fd2b57c
Query the timefactory instead of creating it
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-31 17:17:46 +01:00
Lukas Reschke 0e2aee2be6
Replace with exception instead of boolean return value
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-31 17:17:46 +01:00
Lukas Reschke 32cf661215
Use new appstore API
This change introduces the new appstore API in Nextcloud.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-31 17:17:44 +01:00
Roeland Jago Douma 94d09141f8
Remove legacy l10n
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-28 22:16:33 +02:00
Roeland Jago Douma 83e7cfd13a
Fix more tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-28 22:16:28 +02:00
Roeland Jago Douma 740659a04c
Move away from OC_L10N
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-28 21:46:28 +02:00
Roeland Jago Douma b05fe45d52
Fix avatar on exif rotated images
Fixes #1928

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-26 21:37:11 +02:00
Lukas Reschke fdcb8edd78
Add nonce also to legacy CSP
Pages that do not use the AppFramework have its CSP inherited from `\OC_Response::addSecurityHeaders`. While those are not many anymore, there are some examples such as the "Help" page.

To stay completely backwards-compatible we should also add the nonce to the legacy CSP response.

To test that open your browser console and open the help page. Without this you will get a JS error. With this you won't.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-26 09:41:18 +02:00
Joas Schilling 890f752a6b Merge pull request #1452 from nextcloud/appconfig-endpoint
Appconfig endpoint
2016-10-25 10:57:48 +02:00
Morris Jobke 8a231a4223 Merge pull request #1829 from nextcloud/downstream-26256
Fix login page handling for disabled users
2016-10-24 21:35:53 +02:00
Morris Jobke 567e28b01a Merge pull request #1885 from nextcloud/downstream-26295
App dependencies are now analysed on app enable as well - not only on…
2016-10-24 21:26:50 +02:00
RealRancor 14b1d946a8
Remove checks whether OC is running on Windows pt. 2 2016-10-24 16:12:17 +02:00
Thomas Müller 03ec052b4e
App dependencies are now analysed on app enable as well - not only on app install. 2016-10-24 15:59:46 +02:00
Lukas Reschke 1be6213ba4 Merge pull request #1832 from nextcloud/select2-into-core
Select2 into core
2016-10-22 14:35:07 +02:00
John Molakvoæ 3e5e07aa64
Template css order
Select2 systemtags removal
Settings again
Fix Script

Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2016-10-21 16:56:31 +02:00
Joas Schilling 0b1fb180a5
Make AppConfig part of the public API
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-21 09:09:23 +02:00
Joas Schilling 246bb9f33d
Move OC\Files\Storage\Shared to the right namespace 2016-10-20 20:27:44 +02:00
Sergio Bertolín 0417cbafd0
Changed request to not add a prefix to the url (#26256)
* Changed request to not add a prefix to the url

* Expecting forbidden instead of service unavailable

* Handling login exceptions
2016-10-20 17:21:08 +02:00
Morris Jobke f7ca3ec201
Remove unneeded compatibility polyfills
- `Object.create` supported with IE9+: https://developer.mozilla.org/de/docs/Web/JavaScript/Reference/Global_Objects/Object/create#Browser_compatibility
- `Object.keys` supported with IE9+: https://developer.mozilla.org/de/docs/Web/JavaScript/Reference/Global_Objects/Object/keys#Browser_compatibility
- `Array.prototype.filter` supported in IE9+: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/filter#Browser_compatibility
- `Array.prototype.indexOf` supported in IE9+: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/indexOf#Browser_compatibility
- `Array.prototype.map` supported in IE9+: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Array/map#Browser_compatibility
- `Function.prototype.bind` supported in IE9+: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Function/bind#Browser_compatibility
- `String.prototype.trim` supported with IE9+: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/Trim#Browser_compatibility
- `outerHTML` supported with Firefox 11+: https://developer.mozilla.org/en-US/docs/Web/API/Element/outerHTML#Browser_compatibility
- `window.devicePixelRatio` supported in IE11+: http://caniuse.com/#feat=devicepixelratio

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-10-20 10:17:18 +02:00
Morris Jobke a8cf110ec6
Remove unneeded placeholder polyfill
* placeholders are supported in IE11+
* http://caniuse.com/#feat=input-placeholder

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-10-20 00:00:25 +02:00
Morris Jobke 195fc041da Merge pull request #1663 from nextcloud/dont-reparse-info-xml
Dont reparse info xml + cache AppInfo XML
2016-10-10 09:22:43 +02:00
Lukas Reschke 0245dd7221
Simplify isSubDirectory check
Shaves off another 9ms per request as can be seen at https://blackfire.io/profiles/compare/dd54cef3-e58d-4a22-b8f4-c7c4b70697be/graph

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-07 21:56:43 +02:00
Lukas Reschke 0c2b17c80f
Cache AppInfo in Memory Cache if configured
This saves around 20ms on a bare-bone instance, on bigger ones more (depending on the number of installed apps).

See https://blackfire.io/profiles/compare/fc326ad3-100d-49b8-8ea9-8343240f53f3/graph

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-07 21:29:23 +02:00
Thomas Müller 67d3574bdf
Don't parse info.xml but reuse already cached app infos - fixes #25603 (#25968)
* Don't parse info.xml but reuse already cached app infos - fixes #25603

* Use === in InfoParser. Fixes test

* InfoParser should not depend on UrlGenerator - fixes issue with session being closed too early
2016-10-07 20:58:22 +02:00
Lukas Reschke ea9b1cc340 Merge pull request #1306 from nextcloud/simplefs
Introducing AppData
2016-10-06 09:25:15 +02:00
Roeland Jago Douma f23390ed02
Kill users with the reserved name on login
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-05 11:00:16 +02:00
Joas Schilling 53ed3da052
Fallback from "de" to "de_DE" and the other way around
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-04 13:29:54 +02:00
Joas Schilling 3a5022ad5b
Allow multiple names and description
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-09-30 11:00:58 +02:00
Vincent Petry da0cea404d
Kill update simulation
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-09-27 18:43:53 +02:00
Morris Jobke 6a3e0f33b3 Merge pull request #1489 from nextcloud/fix-status-code-when-app-is-disabled
Return 404 on v2.php when the app is disabled
2016-09-27 11:04:57 +02:00
Lukas Reschke 19ad11cce4
Graceful error handling and logging
Right now a failed "copyr" will result in the error log being spammed with not really helpful error messages. Also situations such as `$dir` returning `false` are not really caught.

This adds more error handling and logging to make debugging such situations easier.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-09-25 19:03:42 +02:00
Joas Schilling 78210c8300
Return 404 on v2.php when the app is disabled
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-09-22 12:18:40 +02:00
Joas Schilling 7c0951244a
Deprecate getEditionString() 2016-09-06 16:05:28 +02:00
Joas Schilling b072c6c943
Move navigation entries without order to the end 2016-09-02 09:11:58 +02:00
Thomas Müller df1cc94c23
Some cleanup within OC_Image (#25875) 2016-08-29 14:31:59 +02:00
Lukas Reschke 25f1fdb275 Merge pull request #847 from nextcloud/quota-mount-in-homefolder
fix quota calculation when a filesystem is mounted in a user home
2016-08-28 15:05:46 +02:00
Raghu Nayyar 9dc23592c3 Merge pull request #1105 from nextcloud/usermenu-ordering
fix ordering of user menu entries
2016-08-28 10:30:16 +02:00
Lukas Reschke 4d85ffc27c Merge pull request #1054 from nextcloud/less-cache-hits
Reduce the number of cache operations for dav operations
2016-08-27 22:44:29 +02:00
Jan-Christoph Borchardt 0517f41b3f fix ordering of user menu entries 2016-08-27 22:42:08 +02:00
Robin Appelman 2693ae870e cache user folders 2016-08-25 17:22:25 +02:00
Christoph Wurst 6af2efb679
prevent infinite redirect loops if the there is no 2fa provider to pass
This fixes infinite loops that are caused whenever a user is about to solve a 2FA
challenge, but the provider app is disabled at the same time. Since the session
value usually indicates that the challenge needs to be solved before we grant access
we have to remove that value instead in this special case.
2016-08-24 10:49:23 +02:00
Lukas Reschke 0747e96b9c
Cache registered autoloaders
This saves more than 20ms (!) on every request, the previous problem was that `\OC_App::registerAutoloading` calls `\OC\AppFramework\App::buildAppNamespace` which parses the appinfo.xml. Since that was also called multiple times (e.g. on cloud.nextcloud.com over 200 times) that had a significant performance impact. Also on simple PROPFIND requests.

https://blackfire.io/profiles/compare/65a53e6e-7f35-4974-b559-4c81abd01c3b/graph shows the difference nicely.
2016-08-22 23:49:46 +02:00
Roeland Jago Douma 3a17fabd04
Remove unused private classes 2016-08-18 09:37:11 +02:00
Lukas Reschke 5aaa065d6d Merge pull request #848 from nextcloud/public-link-quota
fix getting quota for public links with quota_include_external_storage
2016-08-17 20:13:56 +02:00
Robin Appelman 5a599d5c4e Merge pull request #899 from nextcloud/nfd-default
[us] Disable NFD encoding wrapper by default
2016-08-17 14:46:52 +02:00
Vincent Petry 9f523518f3 Disable NFD encoding wrapper by default
Seems I forgot to set it back to false after testing.
Will give a performance boost for all storages.
2016-08-17 11:54:33 +02:00
Arthur Schiwon 717e22267a
Merge branch 'master' into implement_712 2016-08-16 18:31:59 +02:00
Arthur Schiwon 208e551216
check registered sections and settings after an app got updated to garbage collect orphaned classes 2016-08-16 00:56:17 +02:00
Jörn Friedrich Dreyer 264aaf9ffa
use $userId instead of $user 2016-08-14 19:50:19 +02:00
Thomas Müller 26342061b9
Ensure the user exists before calling a method on it - fixes #24751 2016-08-14 19:50:03 +02:00
Robin Appelman 85d3fb76d7 fix getting quota for public links with quota_include_external_storage 2016-08-12 15:59:19 +02:00
Robin Appelman ef2116a17a fix quota calculation when a filesystem is mounted in a user home 2016-08-12 15:41:37 +02:00
Arthur Schiwon ac04ba6784
register app autoload instead of loading apps 2016-08-12 13:23:14 +02:00
Lukas Reschke 8261ccce1b
Merge branch 'master' into implement_712 2016-08-11 19:37:17 +02:00
Arthur Schiwon f3b15a9ab9
fixes, improvements, and another app:
* setupSettings now also triggered on enable
* fixes detection of present admin section or settings in the DB
* add update routine in such cases
* encryption app migrated
2016-08-11 01:41:18 +02:00
Arthur Schiwon 0fc34c99f4
fix registration of admin settings and section on app install 2016-08-11 00:45:15 +02:00
Arthur Schiwon 1eb8b951c2
more admin page splitup improvements
* bump version to ensure tables are created
* make updatenotification app use settings api
* change IAdmin::render() to getForm() and change return type from Template to TemplateResponse
* adjust User_LDAP accordingly, as well as built-in forms
* add IDateTimeFormatter to AppFramework/DependencyInjection/DIContainer.php. This is important so that \OC::$server->query() is able to resolve the
constructor parameters. We should ensure that all OCP/* stuff that is available from \OC::$server is available here. Kudos to @LukasReschke
* make sure apps that have settings info in their info.xml are loaded before triggering adding the settings setup method
2016-08-10 15:21:25 +02:00
Morris Jobke 93047f5e4d Merge pull request #777 from nextcloud/ocs_capabilities
Move /cloud/capabilities and /cloud/user to Core
2016-08-10 00:43:13 +02:00
Lukas Reschke 9fbdb0efe8 Merge pull request #529 from nextcloud/vendor-maintenance-downgrade
Allow downgrades of maintenance accross vendors
2016-08-10 00:25:53 +02:00
Roeland Jago Douma e2f54559d6
Remove OC_OCS_Cloud and OC\OCS\Cloud 2016-08-09 20:56:31 +02:00
Arthur Schiwon ceeb44bd04
Initial work on Apps page split:
* interfaces for the Admin settings (IAdmin) and section (ISection)
* SettingsManager service
* example setup with LDAP app
2016-08-09 18:05:09 +02:00
Morris Jobke 740349fda3
libxml - compare against loaded version
* if the compiled in version is older than the loaded version Nextcloud doesn't work
* uses the loaded libxml version to check against

fixes #205
2016-07-28 08:30:33 +02:00
Arthur Schiwon 686cb599b6
fix autoloading in LPAP integration tests, resolves #544 2016-07-25 11:05:59 +02:00
Joas Schilling 5c34346479
Allow downgrades of maintenance accross vendors 2016-07-22 14:51:43 +02:00
Joas Schilling 0215b004da
Update with robin 2016-07-21 18:13:58 +02:00
Joas Schilling ba87db3fcc
Fix others 2016-07-21 18:13:57 +02:00
Lukas Reschke 4f42c3d725
Revert "Remove "Help" link from personal sidebar"
This reverts commit deef15a3c7.
2016-07-21 02:25:00 +02:00
Lukas Reschke 7c6896f091
Link to proper clients 2016-07-21 01:56:47 +02:00
Lukas Reschke 9a1ff29351
Use proper documentation links
Since it is just faking the 10 we need to hardcode this here...
2016-07-21 00:36:52 +02:00
Lukas Reschke c385423d10 Merge pull request #479 from nextcloud/add-bruteforce-throttler
Implement brute force protection
2016-07-21 00:31:02 +02:00
Lukas Reschke ba4f12baa0
Implement brute force protection
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.

It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
2016-07-20 22:08:56 +02:00
Lukas Reschke 020a2a6958 Merge pull request #476 from nextcloud/port-same-site-cookies
[master] Port Same-Site Cookies to master
2016-07-20 21:35:02 +02:00
Lukas Reschke a299fa38a9
[master] Port Same-Site Cookies to master
Fixes https://github.com/nextcloud/server/issues/50
2016-07-20 18:37:57 +02:00
Morris Jobke e9c85e02ac Merge pull request #462 from nextcloud/master-explode
[master] Use explode() instead of split()
2016-07-20 18:31:11 +02:00
Klaas Freitag 99316ec02c
Show app name in error message if app could not be loaded. (#25441) 2016-07-20 15:16:16 +02:00
Lukas Reschke 4f90447150
[master] Use explode() instead of split()
Sync from https://github.com/owncloud/core/pull/25488
2016-07-20 14:36:39 +02:00
Björn Schießle ea470f8777 Merge pull request #405 from nextcloud/theming-fixes
Theming fixes
2016-07-18 15:59:47 +02:00
Roeland Jago Douma 72464f1ce4
Remove asset pipelin
Fixes #215

The asset pipeline has shown to do more harm than good. Some apps fail
hard with it. Also it makes sure that you download a huge file on each
unvisited page.
2016-07-15 20:14:11 +02:00
Joas Schilling 2c988ecbf4
Use the themed Defaults everywhere 2016-07-15 09:17:30 +02:00
Morris Jobke c2d88a08b7
Remove unneeded checks if it runs on a Windows machine
* the setup check is still there
2016-07-08 15:55:17 +02:00
Lukas Reschke 27b699bdbc Migrate logic to dynamic controller
Also adds support for having custom login backgrounds
2016-06-27 10:26:23 +02:00
Bjoern Schiessle 10f6ca20bc write theme settings to database 2016-06-27 10:26:22 +02:00
Lukas Reschke 7a9d60d87e
Merge remote-tracking branch 'upstream/master' into master-upstream-sync 2016-06-26 12:55:05 +02:00
Christoph Wurst 7f22aeb5d6 redirect to new login route (#25099)
* redirect to new login route

* encode anchor in url and restore it client-side
2016-06-21 16:14:51 +02:00
Morris Jobke e95c15e53a
fix more strings 2016-06-20 13:14:24 +02:00
Arthur Schiwon 42c66efea5
Merge branch 'master' of https://github.com/owncloud/core into downstream-160611 2016-06-11 15:34:43 +02:00
Christoph Wurst 7b3dc806eb
Check 2FA state for raw php files too 2016-06-10 09:52:52 +02:00
Arthur Schiwon a636e4ff28
Downstream 2016-06-09
Merge branch 'master' of https://github.com/owncloud/core into downstream-160609
2016-06-09 18:45:12 +02:00
blizzz 51fd2602a7 Revert "Downstream 2016-06-08" 2016-06-09 17:41:57 +02:00
Vincent Petry 6ba18934e6 Merge pull request #25000 from owncloud/fix-email-login-dav
Allow login by email address via webdav as well
2016-06-09 16:28:06 +02:00
Robin Appelman bee918693a
dissalow symlinks in local storages that point outside the datadir 2016-06-09 14:00:01 +02:00
Thomas Müller f20c617154
Allow login by email address via webdav as well - fixes #24791 2016-06-09 12:08:49 +02:00
Vincent Petry 90c1ec1c49 Merge pull request #25014 from owncloud/admin-datadircheck-fix
Use temporary htaccesstest.txt for data dir security check
2016-06-09 11:58:28 +02:00
Jan-Christoph Borchardt 81145ee57c THIS IS NEXTCLOUD! adjusting the design 2016-06-08 17:02:18 +02:00