Christoph Wurst
d907666232
bring back remember-me
...
* try to reuse the old session token for remember me login
* decrypt/encrypt token password and set the session id accordingly
* create remember-me cookies only if checkbox is checked and 2fa solved
* adjust db token cleanup to store remembered tokens longer
* adjust unit tests
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-11-02 13:39:16 +01:00
Joas Schilling
7da3ba3f91
Merge pull request #657 from nextcloud/share-by-mail
...
New share provider: Share by mail
2016-11-02 11:04:33 +01:00
Roeland Jago Douma
42b0a0d2af
Merge pull request #1964 from nextcloud/color-the-trusted-domain-to-alert-the-admin
...
Color the trusted domain to alert the admin a bit more
2016-11-02 10:06:35 +01:00
Roeland Jago Douma
19af06cdea
Merge pull request #1951 from nextcloud/settingsmaxheight
...
restricted the height of the settings area in core/css/apps.css
2016-11-02 08:45:05 +01:00
Nextcloud bot
122fbf0092
[tx-robot] updated from transifex
2016-11-02 01:07:09 +00:00
Bjoern Schiessle
86b362809b
always show correct place holder, mention share by mail only if the share provider is enabled
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-01 19:54:41 +01:00
Bjoern Schiessle
ce08682c2f
enabled by default and add to shipped.json
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-01 19:54:41 +01:00
Bjoern Schiessle
561dd80d57
don't show 'notify by mail' option or permissions not available for mail shares
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-01 19:54:41 +01:00
Bjoern Schiessle
392c8a115f
unified way to display remote shares and mail shares
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-01 19:54:40 +01:00
Bjoern Schiessle
77f74b9780
handle case if no share-by-mail share provider is loaded
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-01 19:54:40 +01:00
Bjoern Schiessle
a17c6a485d
add share by mail share provider
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-01 19:51:11 +01:00
Bjoern Schiessle
0a6f02801f
introduce share by mail, ui part
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-01 19:51:11 +01:00
Nextcloud bot
20f45e6fe4
[tx-robot] updated from transifex
2016-11-01 01:06:57 +00:00
Joas Schilling
247b7f37ce
Color the trusted domain to alert the admin a bit more
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-31 12:22:21 +01:00
Roeland Jago Douma
7f30cf9119
Remove config.php for oc.js
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-31 11:00:39 +01:00
Nextcloud bot
6d2d069c17
[tx-robot] updated from transifex
2016-10-31 01:06:55 +00:00
Marius Blüm
a08a4b5981
Merge pull request #1955 from nextcloud/issue_#1776
...
Issue-1776: Add unshare function to 3-dot menu.
2016-10-30 11:27:57 +01:00
Nextcloud bot
1187a8c183
[tx-robot] updated from transifex
2016-10-30 00:06:56 +00:00
pgys
bd7abc2d0a
restricted the height of the settings area in core/css/apps.css to max 80%
...
Signed-off-by: pgys <info@pexlab.space>
2016-10-29 17:50:51 +02:00
Julia Bode
2d91831b50
Issue-1776: Add unshare function to 3-dot menu.
...
Signed-off-by: Julia Bode <julia.bode@lulisaur.us>
2016-10-29 17:07:06 +02:00
Lukas Reschke
e48fa1c337
Merge pull request #1948 from nextcloud/move_away_lagacy_oc_l10n
...
Move away from legacy OC_L10N
2016-10-29 09:39:22 +02:00
Nextcloud bot
035890aeb1
[tx-robot] updated from transifex
2016-10-29 00:07:14 +00:00
Roeland Jago Douma
740659a04c
Move away from OC_L10N
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-28 21:46:28 +02:00
Nextcloud bot
ad597d498d
[tx-robot] updated from transifex
2016-10-28 00:07:11 +00:00
Lukas Reschke
0a2e2f70f6
Merge pull request #1929 from nextcloud/share_email_to_OCS
...
Remove notify recipient function
2016-10-27 09:03:29 +02:00
Lukas Reschke
7cae758ef9
Merge pull request #1930 from nextcloud/fix_avatars_exif
...
Fix avatar on exif rotated images
2016-10-27 08:56:56 +02:00
Nextcloud bot
9984eba727
[tx-robot] updated from transifex
2016-10-27 00:07:01 +00:00
Roeland Jago Douma
b05fe45d52
Fix avatar on exif rotated images
...
Fixes #1928
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-26 21:37:11 +02:00
Roeland Jago Douma
57e61250ac
Remove notify recipient option
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-26 20:52:36 +02:00
Nextcloud bot
a973c1bfb9
[tx-robot] updated from transifex
2016-10-26 00:07:12 +00:00
Lukas Reschke
015affb082
Missing returns + autoloader file
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-25 22:13:09 +02:00
Roeland Jago Douma
6dbe417c51
Inlince oc.js if possible!
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-25 22:03:18 +02:00
Roeland Jago Douma
d5589a15d5
Move oc.js to a proper class
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-25 22:03:02 +02:00
Lukas Reschke
08268bca39
Merge pull request #1891 from nextcloud/downstream-26430
...
add upgrade command before repair, handle NeedsUpgradeException better
2016-10-25 18:42:44 +02:00
Morris Jobke
89574367bc
Merge pull request #1871 from nextcloud/use-csp-nonces
...
Use CSP nonces
2016-10-25 14:46:00 +02:00
Nextcloud bot
e23a298a81
[tx-robot] updated from transifex
2016-10-25 09:36:09 +00:00
Joas Schilling
890f752a6b
Merge pull request #1452 from nextcloud/appconfig-endpoint
...
Appconfig endpoint
2016-10-25 10:57:48 +02:00
Lukas Reschke
79706e0ddc
Merge pull request #1283 from nextcloud/us_files-ui-webdav-upload
...
Use Webdav PUT for uploads
2016-10-25 10:31:03 +02:00
Roeland Jago Douma
1ff328ae65
Merge pull request #1823 from nextcloud/filepicker-folder-fix
...
Fix picking a folder with the filepicker
2016-10-25 08:22:59 +02:00
Roeland Jago Douma
60fa82d92f
Merge pull request #1860 from ryanwr/feature-sort-favorite
...
Sort favorite files first
2016-10-25 08:22:33 +02:00
Roeland Jago Douma
44e9f5d5a1
Merge pull request #1850 from nextcloud/filepicker-empty-folder
...
show empty folder message in filepicker
2016-10-25 08:20:57 +02:00
Vincent Petry
f374eb5f1d
More fixes to file upload
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-24 21:45:00 +02:00
Vincent Petry
25d9dce067
JS utility function to compare paths
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-24 21:45:00 +02:00
ryanwr
3e96f33995
Sort favorite files first Issue #1802
...
Signed-off-by: Ryan Welch <ryantwr@gmail.com>
2016-10-24 17:55:47 +01:00
Jörn Friedrich Dreyer
817729dc3f
add upgrade command before repair, handle NeedsUpgradeExcaption better
2016-10-24 17:52:49 +02:00
Lukas Reschke
38b3ac8213
Add ContentSecurityPolicyNonceManager
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-24 16:35:31 +02:00
Lukas Reschke
9e6634814e
Add support for CSP nonces
...
CSP nonces are a feature available with CSP v2. Basically instead of saying "JS resources from the same domain are ok to be served" we now say "Ressources from everywhere are allowed as long as they add a `nonce` attribute to the script tag with the right nonce.
At the moment the nonce is basically just a `<?php p(base64_encode($_['requesttoken'])) ?>`, we have to decode the requesttoken since `:` is not an allowed value in the nonce. So if somebody does on their own include JS files (instead of using the `addScript` public API, they now must also include that attribute.)
IE does currently not implement CSP v2, thus there is a whitelist included that delivers the new CSP v2 policy to newer browsers. Check http://caniuse.com/#feat=contentsecuritypolicy2 for the current browser support list. An alternative approach would be to just add `'unsafe-inline'` as well as `'unsafe-inline'` is ignored by CSPv2 when a nonce is set. But this would make this security feature unusable at all in IE. Not worth it at the moment IMO.
Implementing this offers the following advantages:
1. **Security:** As we host resources from the same domain by design we don't have to worry about 'self' anymore being in the whitelist
2. **Performance:** We can move oc.js again to inline JS. This makes the loading way quicker as we don't have to load on every load of a new web page a blocking dynamically non-cached JavaScript file.
If you want to toy with CSP see also https://csp-evaluator.withgoogle.com/
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-24 12:27:50 +02:00
Joas Schilling
2aca56f207
Fix missing semicolon
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-24 09:26:30 +02:00
Lukas Reschke
038d02a27d
Merge pull request #1852 from nextcloud/downstream-25579
...
Adding Open Graph Support for public shares
2016-10-22 14:01:19 +02:00
Lukas Reschke
2b22a5fafd
Merge pull request #1841 from nextcloud/oc_26359
...
Bumo zxcvbn && Fix zxcvbn path in setup page (26359)
2016-10-22 13:54:19 +02:00