Commit Graph

5981 Commits

Author SHA1 Message Date
Christoph Wurst d907666232
bring back remember-me
* try to reuse the old session token for remember me login
* decrypt/encrypt token password and set the session id accordingly
* create remember-me cookies only if checkbox is checked and 2fa solved
* adjust db token cleanup to store remembered tokens longer
* adjust unit tests

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-11-02 13:39:16 +01:00
Joas Schilling 7da3ba3f91 Merge pull request #657 from nextcloud/share-by-mail
New share provider: Share by mail
2016-11-02 11:04:33 +01:00
Roeland Jago Douma 42b0a0d2af Merge pull request #1964 from nextcloud/color-the-trusted-domain-to-alert-the-admin
Color the trusted domain to alert the admin a bit more
2016-11-02 10:06:35 +01:00
Roeland Jago Douma 19af06cdea Merge pull request #1951 from nextcloud/settingsmaxheight
restricted the height of the settings area in core/css/apps.css
2016-11-02 08:45:05 +01:00
Nextcloud bot 122fbf0092
[tx-robot] updated from transifex 2016-11-02 01:07:09 +00:00
Bjoern Schiessle 86b362809b
always show correct place holder, mention share by mail only if the share provider is enabled
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-01 19:54:41 +01:00
Bjoern Schiessle ce08682c2f
enabled by default and add to shipped.json
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-01 19:54:41 +01:00
Bjoern Schiessle 561dd80d57
don't show 'notify by mail' option or permissions not available for mail shares
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-01 19:54:41 +01:00
Bjoern Schiessle 392c8a115f
unified way to display remote shares and mail shares
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-01 19:54:40 +01:00
Bjoern Schiessle 77f74b9780
handle case if no share-by-mail share provider is loaded
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-01 19:54:40 +01:00
Bjoern Schiessle a17c6a485d
add share by mail share provider
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-01 19:51:11 +01:00
Bjoern Schiessle 0a6f02801f
introduce share by mail, ui part
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-11-01 19:51:11 +01:00
Nextcloud bot 20f45e6fe4
[tx-robot] updated from transifex 2016-11-01 01:06:57 +00:00
Joas Schilling 247b7f37ce
Color the trusted domain to alert the admin a bit more
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-31 12:22:21 +01:00
Roeland Jago Douma 7f30cf9119
Remove config.php for oc.js
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-31 11:00:39 +01:00
Nextcloud bot 6d2d069c17
[tx-robot] updated from transifex 2016-10-31 01:06:55 +00:00
Marius Blüm a08a4b5981 Merge pull request #1955 from nextcloud/issue_#1776
Issue-1776: Add unshare function to 3-dot menu.
2016-10-30 11:27:57 +01:00
Nextcloud bot 1187a8c183
[tx-robot] updated from transifex 2016-10-30 00:06:56 +00:00
pgys bd7abc2d0a restricted the height of the settings area in core/css/apps.css to max 80%
Signed-off-by: pgys <info@pexlab.space>
2016-10-29 17:50:51 +02:00
Julia Bode 2d91831b50 Issue-1776: Add unshare function to 3-dot menu.
Signed-off-by: Julia Bode <julia.bode@lulisaur.us>
2016-10-29 17:07:06 +02:00
Lukas Reschke e48fa1c337 Merge pull request #1948 from nextcloud/move_away_lagacy_oc_l10n
Move away from legacy OC_L10N
2016-10-29 09:39:22 +02:00
Nextcloud bot 035890aeb1
[tx-robot] updated from transifex 2016-10-29 00:07:14 +00:00
Roeland Jago Douma 740659a04c
Move away from OC_L10N
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-28 21:46:28 +02:00
Nextcloud bot ad597d498d
[tx-robot] updated from transifex 2016-10-28 00:07:11 +00:00
Lukas Reschke 0a2e2f70f6 Merge pull request #1929 from nextcloud/share_email_to_OCS
Remove notify recipient function
2016-10-27 09:03:29 +02:00
Lukas Reschke 7cae758ef9 Merge pull request #1930 from nextcloud/fix_avatars_exif
Fix avatar on exif rotated images
2016-10-27 08:56:56 +02:00
Nextcloud bot 9984eba727
[tx-robot] updated from transifex 2016-10-27 00:07:01 +00:00
Roeland Jago Douma b05fe45d52
Fix avatar on exif rotated images
Fixes #1928

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-26 21:37:11 +02:00
Roeland Jago Douma 57e61250ac
Remove notify recipient option
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-26 20:52:36 +02:00
Nextcloud bot a973c1bfb9
[tx-robot] updated from transifex 2016-10-26 00:07:12 +00:00
Lukas Reschke 015affb082
Missing returns + autoloader file
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-25 22:13:09 +02:00
Roeland Jago Douma 6dbe417c51
Inlince oc.js if possible!
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-25 22:03:18 +02:00
Roeland Jago Douma d5589a15d5
Move oc.js to a proper class
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-25 22:03:02 +02:00
Lukas Reschke 08268bca39 Merge pull request #1891 from nextcloud/downstream-26430
add upgrade command before repair, handle NeedsUpgradeException better
2016-10-25 18:42:44 +02:00
Morris Jobke 89574367bc Merge pull request #1871 from nextcloud/use-csp-nonces
Use CSP nonces
2016-10-25 14:46:00 +02:00
Nextcloud bot e23a298a81
[tx-robot] updated from transifex 2016-10-25 09:36:09 +00:00
Joas Schilling 890f752a6b Merge pull request #1452 from nextcloud/appconfig-endpoint
Appconfig endpoint
2016-10-25 10:57:48 +02:00
Lukas Reschke 79706e0ddc Merge pull request #1283 from nextcloud/us_files-ui-webdav-upload
Use Webdav PUT for uploads
2016-10-25 10:31:03 +02:00
Roeland Jago Douma 1ff328ae65 Merge pull request #1823 from nextcloud/filepicker-folder-fix
Fix picking a folder with the filepicker
2016-10-25 08:22:59 +02:00
Roeland Jago Douma 60fa82d92f Merge pull request #1860 from ryanwr/feature-sort-favorite
Sort favorite files first
2016-10-25 08:22:33 +02:00
Roeland Jago Douma 44e9f5d5a1 Merge pull request #1850 from nextcloud/filepicker-empty-folder
show empty folder message in filepicker
2016-10-25 08:20:57 +02:00
Vincent Petry f374eb5f1d
More fixes to file upload
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-24 21:45:00 +02:00
Vincent Petry 25d9dce067
JS utility function to compare paths
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-24 21:45:00 +02:00
ryanwr 3e96f33995 Sort favorite files first Issue #1802
Signed-off-by: Ryan Welch <ryantwr@gmail.com>
2016-10-24 17:55:47 +01:00
Jörn Friedrich Dreyer 817729dc3f
add upgrade command before repair, handle NeedsUpgradeExcaption better 2016-10-24 17:52:49 +02:00
Lukas Reschke 38b3ac8213
Add ContentSecurityPolicyNonceManager
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-24 16:35:31 +02:00
Lukas Reschke 9e6634814e
Add support for CSP nonces
CSP nonces are a feature available with CSP v2. Basically instead of saying "JS resources from the same domain are ok to be served" we now say "Ressources from everywhere are allowed as long as they add a `nonce` attribute to the script tag with the right nonce.

At the moment the nonce is basically just a `<?php p(base64_encode($_['requesttoken'])) ?>`, we have to decode the requesttoken since `:` is not an allowed value in the nonce. So if somebody does on their own include JS files (instead of using the `addScript` public API, they now must also include that attribute.)

IE does currently not implement CSP v2, thus there is a whitelist included that delivers the new CSP v2 policy to newer browsers. Check http://caniuse.com/#feat=contentsecuritypolicy2 for the current browser support list. An alternative approach would be to just add `'unsafe-inline'` as well as `'unsafe-inline'` is ignored by CSPv2 when a nonce is set. But this would make this security feature unusable at all in IE. Not worth it at the moment IMO.

Implementing this offers the following advantages:

1. **Security:** As we host resources from the same domain by design we don't have to worry about 'self' anymore being in the whitelist
2. **Performance:** We can move oc.js again to inline JS. This makes the loading way quicker as we don't have to load on every load of a new web page a blocking dynamically non-cached JavaScript file.

If you want to toy with CSP see also https://csp-evaluator.withgoogle.com/

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-24 12:27:50 +02:00
Joas Schilling 2aca56f207
Fix missing semicolon
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-10-24 09:26:30 +02:00
Lukas Reschke 038d02a27d Merge pull request #1852 from nextcloud/downstream-25579
Adding Open Graph Support for public shares
2016-10-22 14:01:19 +02:00
Lukas Reschke 2b22a5fafd Merge pull request #1841 from nextcloud/oc_26359
Bumo zxcvbn && Fix zxcvbn path in setup page (26359)
2016-10-22 13:54:19 +02:00