When a password is reste we should make sure that all users are properly
logged in. Pending states should be cleared. For example a session where
the 2FA code is not entered yet should be cleared.
The token is now removed so the session will be killed the next time
this is checked (within 5 minutes).
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
The password input was shown in the popup menu when passwords were not
enforced, or when they were enforced but no password was set, which
prevented updating/changing the password once set. As the popover menu
is shown only when the share is a link share, and the password input
should be shown too when password are enforced and a password is set no
condition is needed, so now the password input is always shown.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
When the uploaded files have a relative path (that is, when a folder is
uploaded) it is first ensured that all the parent folders exist, which
is done by trying to create them. When a folder is created in the
currently opened folder the file list is updated and a row for the new
folder is added. However, this was done too when the folder already
existed, which caused the previous row to be removed and a new one added
to replace it.
For security reasons, some special headers need to be set in requests;
this is done automatically for jQuery by handling the "ajaxSend" event
in the document. In the case of DAV requests, if the headers are not set
the server rejects the request with "CSRF check not passed".
When a file or folder is dropped on a folder row the jQuery upload
events are chained from the initial drop event, which has the row as its
target. In order to upload the file jQuery performs a request, which
triggers the "ajaxSend" event in the row; this event then bubbles up to
the document, which is then handled by adding the special headers to the
request.
However, when a folder was dropped on a folder row that folder row was
removed when ensuring that the folder exists. The jQuery upload events
were still triggered on the row, but as it had been removed it had no
parent nodes, and thus the events did not bubble up. Due to this the
"ajaxSend" event never reached the document when triggered on the
removed row, the headers were not set, and the upload failed.
All this is simply fixed by not removing the folder row when trying to
create it if it existed already.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
If the remember_login_cookie_lifetime is set to 0 this means we do not
want to use remember me at all. In that case we should also not creatae
a remember me cookie and should create a proper temp token.
Further this specifies that is not 0 the remember me time should always
be larger than the session timeout. Because else the behavior is not
really defined.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Arthur Schiwon
Robin Appelman
Roeland Jago Douma
Roeland Jago Douma
Daniel Calviño Sánchez
Morris Jobke
Nextcloud bot
dependabot[bot]
Christoph Wurst
John Molakvoæ (skjnldsv)
Joas Schilling
John Molakvoæ
Jos Poortvliet