Lukas Reschke
dd03fdebec
Add missing space
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-01 20:36:25 +02:00
Lukas Reschke
a5ccb31e85
Mark IP as whitelisted if brute force protection is disabled
...
Currently, when disabling the brute force protection no new brute force attempts are logged. However, the ones logged within the last 24 hours will still be used for throttling.
This is quite an unexpected behaviour and caused some support issues. With this change when the brute force protection is disabled also the existing attempts within the last 24 hours will be disregarded.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-01 18:31:45 +02:00
Marius Blüm
f26764c790
Rename “Server settings” to “Basic settings”
...
* fixes #4587
Signed-off-by: Marius Blüm <marius@lineone.io>
2017-04-29 17:13:21 +02:00
Arthur Schiwon
99e97f135d
consolidate setEnabled method
...
and fix a unit test
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-04-29 00:59:09 -03:00
Arthur Schiwon
668fe7df51
UserManager can now count disabled users
...
Users page takes advantage of that
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-04-29 00:59:09 -03:00
Morris Jobke
4c37c38051
fix unit tests
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-29 00:59:09 -03:00
Morris Jobke
485d6d6577
use proper return codes and handle failure cases
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-29 00:59:09 -03:00
Morris Jobke
2507e7459d
Improve wording of error messages
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-29 00:59:09 -03:00
Morris Jobke
a8457df064
fix unit tests
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-29 00:59:09 -03:00
Morris Jobke
72550377b4
add unit tests for enable method
2017-04-29 00:59:09 -03:00
Morris Jobke
e521b6799f
add unit tests for disable method
2017-04-29 00:59:09 -03:00
Morris Jobke
79d74a1425
adjust tests to have at least one disabled user
2017-04-29 00:54:30 -03:00
Roeland Jago Douma
84b4d448d0
Fix unit tests
2017-04-29 00:54:30 -03:00
Morris Jobke
a0bf706983
Fix unit tests
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-29 00:13:41 -03:00
Bjoern Schiessle
9b36f2d9ea
fix unit test
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-04-28 23:41:38 -03:00
Bjoern Schiessle
5fa0e6df39
fix email verification status
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-04-28 23:41:37 -03:00
Bjoern Schiessle
71657db4be
updated unit tests
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-04-28 23:41:36 -03:00
Bjoern Schiessle
cbf5acca45
check verification proof and update account table
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-04-28 23:41:36 -03:00
Morris Jobke
f000e22a97
Merge pull request #4522 from nextcloud/downstream-27596
...
Allow to create a user for a specific backend
2017-04-27 16:41:08 -03:00
Joas Schilling
9212089151
Use the new method in the old one to remove duplicate code
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-27 08:56:51 +02:00
Morris Jobke
4dab01d9ed
Merge pull request #4501 from nextcloud/downstream-27144
...
Add duration of last job execution to the table
2017-04-26 23:16:21 -03:00
Morris Jobke
01705b1b6a
Merge pull request #4515 from nextcloud/downstream-27643
...
Adjust query/event logging code in favour of more complex owncloud/di…
2017-04-26 22:58:01 -03:00
Morris Jobke
4a9cb81486
Merge pull request #4526 from nextcloud/downstream-27269
...
Don`t allow upload of files with extension .part
2017-04-26 18:21:13 -03:00
Morris Jobke
aad0794500
Merge pull request #4454 from nextcloud/add-bundles-to-install-page
...
Add app bundles to the apps page and unbundle enterprise apps
2017-04-26 18:20:40 -03:00
Morris Jobke
58fe27f092
Merge pull request #4461 from danxuliu/fix-closing-details-view-when-viewing-file-in-folder
...
Fix details view not closed when viewing a file in its folder
2017-04-26 17:42:55 -03:00
Lukas Reschke
d0e0bc55c8
Fix tests
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-26 20:08:44 +02:00
Lukas Reschke
3df99d8fd6
Add SocialSharingBundle
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-26 20:07:53 +02:00
Lukas Reschke
0c5a48c4a4
Add tests for repairstep
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-26 20:07:52 +02:00
Lukas Reschke
a05295fca3
Add spreed to Groupware bundle
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-26 20:07:52 +02:00
Lukas Reschke
0651d66181
Add tests for bundle code
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-26 20:07:51 +02:00
Lukas Reschke
3f9aaac4a2
Adjust tests
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-26 20:07:51 +02:00
Vincent Petry
1c771c097a
Use regex to detect part files
2017-04-26 16:12:48 +02:00
Piotr Mrówczyński
9fec4031b3
Adjust query/event logging code in favour of more complex owncloud/diagnostics ( #27643 )
...
* Adjust query/event logging code in favour of more complex owncloud/diagnostics
* Add descriptions to IQueryLogger and IEventLogger interfaces
2017-04-26 13:19:43 +02:00
Georg Ehrke
f32fc97533
fix ContactsStoreTest
...
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-04-26 09:28:15 +02:00
Georg Ehrke
60f9ed6241
add contactsmenu popover
...
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2017-04-26 09:26:53 +02:00
Morris Jobke
d4329f3355
Merge pull request #4449 from stweil/mimetypes
...
Add mimetypes for jp2 and webp
2017-04-26 01:22:49 -03:00
Morris Jobke
215573fe3c
Merge pull request #4486 from nextcloud/fix-js-unit
...
Remove DOMPurify from srcFiles
2017-04-25 22:39:55 -03:00
Jan-Christoph Borchardt
241e397326
Merge branch 'master' into contactsmenu
...
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2017-04-26 00:50:38 +02:00
Morris Jobke
255c7df3bd
Merge pull request #4499 from nextcloud/downstream-26984
...
Trigger change when a user is enabled/disabled
2017-04-25 18:27:38 -03:00
Christoph Wurst
98f02fad60
Adjust entry unit test to newly added avatar property
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-04-25 20:47:18 +02:00
Christoph Wurst
2c2e1f7988
Use absolute URI for action icons
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-04-25 20:47:17 +02:00
Christoph Wurst
b8c2a8ae36
Don't show contacts an entry for themselves
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-04-25 20:47:17 +02:00
Christoph Wurst
36cee1f386
Let apps register contact menu provider via info.xml
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-04-25 20:47:17 +02:00
Christoph Wurst
d091793ceb
Contacts menu
...
* load list of contacts from the server
* show last message of each contact
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-04-25 20:47:17 +02:00
Roeland Jago Douma
aae079aa29
AppToken to 72 chars
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-25 20:18:49 +02:00
Lukas Reschke
6a16df7288
Add new auth flow
...
This implements the basics for the new app-password based authentication flow for our clients.
The current implementation tries to keep it as simple as possible and works the following way:
1. Unauthenticated client opens `/index.php/login/flow`
2. User will be asked whether they want to grant access to the client
3. If accepted the user has the chance to do so using existing App Token or automatically generate an app password.
If the user chooses to use an existing app token then that one will simply be redirected to the `nc://` protocol handler.
While we can improve on that in the future, I think keeping this smaller at the moment has its advantages. Also, in the
near future we have to think about an automatic migration endpoint so there's that anyways :-)
If the user chooses to use the regular login the following happens:
1. A session state token is written to the session
2. User is redirected to the login page
3. If successfully authenticated they will be redirected to a page redirecting to the POST controller
4. The POST controller will check if the CSRF token as well as the state token is correct, if yes the user will be redirected to the `nc://` protocol handler.
This approach is quite simple but also allows to be extended in the future. One could for example allow external websites to consume this authentication endpoint as well.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-25 20:18:49 +02:00
Stefan Weil
8ba67fbe1e
Add test code for new image mime types
...
Signed-off-by: Stefan Weil <sw@weilnetz.de>
2017-04-25 19:22:46 +02:00
Lukas Reschke
16c8fdece3
Remove DOMPurify from srcFiles
...
It is already included via core.json
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-25 12:50:15 -03:00
Daniel Calviño Sánchez
16b4eecb05
Add acceptance tests for closing details view in Files app
...
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-04-25 17:45:37 +02:00
Noveen Sachdeva
1b1f403a5d
Add duration of last job execution to the table
2017-04-25 17:39:58 +02:00
Joas Schilling
ac0c21f4a7
Trigger change when a user is enabled/disabled
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-25 17:20:35 +02:00
Morris Jobke
5a9224fb4c
Merge pull request #3531 from nextcloud/theming-scss
...
Theming using SCSS variables
2017-04-25 10:56:13 -03:00
Morris Jobke
6f2df5e495
Merge pull request #3195 from nextcloud/settings-apps-tabular
...
Make apps settings tabular
2017-04-25 10:25:29 -03:00
Roeland Jago Douma
82c9eb1c56
Merge pull request #4462 from danxuliu/fix-sharing-password-protected-link
...
Fix sharing a password protected link
2017-04-25 14:12:44 +02:00
Julius Haertl
68a63ad3f3
Implement scss variable injection by OC_Defaults
...
Signed-off-by: Julius Haertl <jus@bitgrid.net>
Add Scss variables to example theme and theming app
Signed-off-by: Julius Haertl <jus@bitgrid.net>
Use SCSSCacher to build theming css
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Update theming.scss
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Code cleanup
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Fix tests
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Inject SCSSCacher for easier testing
Signed-off-by: Julius Härtl <jus@bitgrid.net>
Fix typehint
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Generate absolute URLs
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
Fix tests to always use absolute urls for theming images
Signed-off-by: Julius Härtl <jus@bitgrid.net>
MailheaderColor -> ColorPrimary
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-25 11:39:45 +02:00
Christoph Wurst
bb1d191f82
Fix remember redirect_url on failed login attempts
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-04-25 09:38:19 +02:00
Felix A. Epp
2fbf1114ac
Add installed category in AppSettingsControlerTest
...
Signed-off-by: Felix A. Epp <work@felixepp.de>
2017-04-25 00:22:57 +02:00
Roeland Jago Douma
41f492ada7
Merge pull request #4477 from danxuliu/acceptance-macos-nitpicking
...
Fix minor code style issues in acceptance test runner
2017-04-24 19:30:03 +02:00
Joas Schilling
6300be160a
Add unit tests for mounts of delete users
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-24 16:43:25 +02:00
blizzz
42e805f057
Merge pull request #1023 from GitHubUser4234/ldap_password_renew_pr
...
Handle password expiry in user_ldap
2017-04-24 12:17:04 +02:00
Daniel Calviño Sánchez
a56fb75e69
Add missing unit test for updateShare with email share
...
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-04-24 11:33:07 +02:00
Daniel Calviño Sánchez
de6b05a911
Add missing hook check
...
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-04-24 11:33:07 +02:00
Daniel Calviño Sánchez
dcc8cce28b
Fix double hashing of shared link passwords
...
The plain text password for a shared links was hashed and, then, the
hashed password was hashed again and set as the final password. Due to
this the password introduced in the "Authenticate" page for the shared
link was always a wrong password, and thus the file could not be
accessed.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-04-24 11:33:07 +02:00
Daniel Calviño Sánchez
316710bcb1
Add acceptance tests for sharing password protected links
...
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-04-24 11:33:07 +02:00
Daniel Calviño Sánchez
13c84f6629
Add system to share data between acceptance test steps
...
The data storage (the "notebook") is shared between all the actors, so
the data can be stored and retrieved between different steps by any
actor in the same scenario.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-04-24 11:33:07 +02:00
Daniel Calviño Sánchez
b0b32eff1f
Fix minor code style issues (also known as nitpicking)
...
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-04-22 17:50:37 +02:00
Morris Jobke
db7eedccc9
Run acceptance tests on macOS
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-21 14:11:56 -05:00
Roeland Jago Douma
eaa6f766e6
Merge pull request #4208 from danxuliu/add-basic-acceptance-test-system
...
Add basic acceptance test system
2017-04-21 20:53:32 +02:00
Daniel Calviño Sánchez
e970b5261f
Make test passwords valid for the password_policy app
...
As requested by Morris Jobke, the passwords in the acceptance tests were
modified to make them valid both for a clean Nextcloud server and one
with the password_policy app enabled.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-04-21 14:47:44 +02:00
Daniel Calviño Sánchez
2f80025ec2
Move acceptance tests from build/acceptance to tests/acceptance
...
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-04-21 14:44:29 +02:00
Joas Schilling
ec2f2b75be
Make sure we use a new encryption module all the time
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-20 13:48:14 +02:00
Joas Schilling
06e60f88c5
Don't assume the admin didn't configure Opcache correctly...
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-20 13:17:21 +02:00
Joas Schilling
b2deb6deb0
Use the correct class
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-20 12:55:11 +02:00
Joas Schilling
0de5fc9020
Import some classes
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-20 12:54:14 +02:00
Joas Schilling
ada615eb86
Use the correct Dummy and Backend class
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-20 12:48:51 +02:00
Joas Schilling
9871e4eaee
Kill dead code
...
> No tests found in class "Test\Share\MailNotificationsTest".
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-20 12:43:19 +02:00
Joas Schilling
d2d9f74707
Fix warning with undefined method
...
Trying to configure method "getRemember" which cannot be configured
because it does not exist, has not been specified, is final, or is
static
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-20 12:37:59 +02:00
Joas Schilling
a0ada9aab4
Don't use deprecated getMock() anymore
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-20 12:30:21 +02:00
Joas Schilling
24789ba0f4
Restoring the error handler within the error handler causes unexpected results
...
See http://php.net/manual/en/function.restore-error-handler.php#120879
for more information.
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-20 12:23:34 +02:00
Joas Schilling
38c901fadf
Delete the correct config value
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-20 12:23:12 +02:00
Joas Schilling
140580f9d8
Merge pull request #4398 from nextcloud/fix_accesslistcode
...
Get proper accesslist for userFolder
2017-04-20 11:03:22 +02:00
Joas Schilling
b469882595
Merge pull request #4212 from individual-it/master
...
validate file name before uploading in upload only folder
2017-04-20 10:50:56 +02:00
Roeland Jago Douma
ae2db5e60d
Get proper accesslist for userFolder
...
If the accesslist is requested for a users root folder we should
properly construct the path
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-20 10:28:32 +02:00
Morris Jobke
16c4755e03
Rename renderHTML to renderHtml
...
* fixes #4383
* improves consistency
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-19 15:46:41 -05:00
Roeland Jago Douma
ad24b86013
Merge pull request #4350 from nextcloud/adjust-old-bruteforce-protection-annotations
...
Adjust existing bruteforce protection code
2017-04-19 09:27:23 +02:00
Morris Jobke
f1ddb939a0
Merge pull request #4371 from nextcloud/dont-allow-dot-usernames
...
Better validation of allowed user names
2017-04-18 20:04:32 -05:00
Morris Jobke
269600a04f
Merge pull request #4369 from nextcloud/fix-translations
...
Fix translations
2017-04-18 18:01:50 -05:00
Joas Schilling
1c0bffe87f
Fix translations
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-18 16:40:53 -05:00
Lukas Reschke
0a54d5a5dd
Beautify test email
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-18 16:18:00 -05:00
Morris Jobke
d379ac7545
Merge pull request #4372 from nextcloud/smtp-password
...
Don't put the SMTP password into the HTML code
2017-04-18 16:13:31 -05:00
Morris Jobke
d2c4440ed6
Fix unit tests
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-18 15:08:38 -05:00
Lukas Reschke
805419bb95
Add bruteforce protection to changePersonalPassword
...
While the risk is actually quite low because one would already have the user session and could potentially do other havoc it makes sense to throttle here in case of invalid previous password attempts.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-18 17:55:51 +02:00
Artur Neumann
88f02f27a3
JS tests for upload only function
...
Signed-off-by: Artur Neumann <info@individual-it.net>
2017-04-18 20:43:25 +05:45
Joas Schilling
fcaa315c96
Fix some more stuff
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-18 16:11:29 +02:00
Joas Schilling
dfca672378
Fix tests
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-18 16:08:29 +02:00
Joas Schilling
a3922bbcdc
Better validation of allowed user names
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-18 14:29:34 +02:00
Morris Jobke
10290eb006
Merge pull request #2834 from nextcloud/accesListToShareManager
...
Access list to share manager
2017-04-15 13:06:24 -05:00
Lukas Reschke
727688ebd9
Adjust existing bruteforce protection code
...
- Moves code to annotation
- Adds the `throttle()` call on the responses on existing annotations
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-14 13:42:40 +02:00
Lukas Reschke
8149945a91
Make BruteForceProtection annotation more clever
...
This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware.
Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 23:05:33 +02:00
Lukas Reschke
81d3732bf5
Merge pull request #4308 from nextcloud/lost-password-email
...
Update email template for lost password email
2017-04-13 20:02:15 +02:00