mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
45,833 Commits 349 Branches 696 Tags 1.6 GiB
Commit Graph

8901 Commits

Author SHA1 Message Date
Roeland Jago Douma d9febae5b2
Update all the publickey tokens if needed on web login 
* On weblogin check if we have invalid public key tokens
* If so update them all with the new token

This ensures that your marked as invalid tokens work again if you once
login on the web.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-10-02 19:50:54 +02:00
Roeland Jago Douma 00e99af586
Mark token as invalid if the password doesn't match 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-10-02 19:50:44 +02:00
Christoph Wurst d01905200a
Merge pull request #11433 from nextcloud/feature/all_lax_cookies2 
Make authenticated cookies lax
 2018-10-02 10:28:05 +02:00
Roeland Jago Douma a95154642d
Emit event on enablign or disabling of 2FA provider 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-10-01 15:35:24 +02:00
Morris Jobke 1034efd640
Merge pull request #11461 from nextcloud/feature/noid/drop-find-and-pass-additional-paths 
Dont use find to lookup binaries
 2018-10-01 11:47:07 +02:00
Christoph Wurst 259c0ce11d
Add mandatory 2FA service/class 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2018-09-30 11:47:29 +02:00
Daniel Kesselberg d4dec43f8f
Dont use find to lookup binaries 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2018-09-29 20:25:19 +02:00
Roeland Jago Douma 9a7265babf
Make authenticated cookies lax 
This protects our cookies a bit more. It makes sure that when a 3rdparty
websites embededs a public alendar for example. That all the users see
this in anonymous mode there.

It adds a small helper function.

In the future we can think about protecting other cookies like this as
well. But for now this is sufficient to not have the user logged in at
all when doing 3rdparty requests.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-09-28 16:44:37 +02:00
Roeland Jago Douma c9e93b8084
Compile contactmenu handlebars templates 
Fixes #11029
For https://github.com/orgs/nextcloud/projects/18

Ship the compiled handlebars templates. This makes it possible to have a
scricter CSP.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-09-27 20:33:58 +02:00
Christoph Wurst f71ffc73db
Remove unused constructor argument 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2018-09-27 09:44:21 +02:00
Christoph Wurst 0259792614
Reduce settings manager complexity by loading sections via DI 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2018-09-27 09:44:21 +02:00
blizzz ff55bcdad5
Merge pull request #11150 from nextcloud/feature/noid/unit-test-find-webroot 
Extract logic for webroot into method and add test
 2018-09-26 15:22:30 +02:00
Morris Jobke ee73f6c416
Merge pull request #11240 from nextcloud/feature/noid/consider-openssl-settings-from-config.php 
Consider openssl settings from config.php
 2018-09-25 18:04:20 +02:00
Roeland Jago Douma b8418b502d
Merge pull request #11316 from nextcloud/container-queryexception-only 
only catch QueryException when trying to build class
 2018-09-25 16:21:55 +02:00
Christoph Wurst 7586b19e52
Only allow 2FA state changs if providers support the operation 
Ref https://github.com/nextcloud/server/issues/11019.

Add `twofactorauth:cleanup` command

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2018-09-25 09:54:20 +02:00
Roeland Jago Douma 92fa373314
Merge pull request #11297 from nextcloud/bugfix/noid/this-database-dude 
Copy the expiration from 480864b3e3 to …
 2018-09-25 09:04:44 +02:00
blizzz 67da97c362
Merge pull request #11222 from nextcloud/gs-and-saml 
make the server ready to use global scale with SAML as auth back-end
 2018-09-24 12:00:13 +02:00
Robin Appelman dccbdc8c01
only catch QueryException when trying to build class 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2018-09-21 18:32:15 +02:00
Joas Schilling f258e65f13
Also adjust the expiration of PublicKeyTokenProvider 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2018-09-20 09:54:27 +02:00
Joas Schilling 5e6187926f
Copy the expiration from 480864b3e3 to getTokenById 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2018-09-19 17:55:48 +02:00
Joas Schilling b026b5deb0
Merge pull request #11134 from nextcloud/locale-template-fix 
Use user locale as default in the template
 2018-09-19 16:06:35 +02:00
John Molakvoæ (skjnldsv) 3095ec4125 Fix icons cacher regex for compressed output 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2018-09-19 13:06:04 +02:00
Daniel Kesselberg 90a9a1ecc6
Consider openssl settings from config.php 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2018-09-16 11:51:15 +02:00
Bjoern Schiessle bb86a8ca36
add back-end as parameter to the pre-login hook 
This is needed for the Global Scale setup to allow the master
node to perform different operations during login, depending
on the user management. Because in case of SAML, the authentication
at the idp happens at the master node.

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2018-09-14 17:23:06 +02:00
Daniel Kesselberg 3b7ac0c94d
Change visibility to private 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2018-09-13 12:24:06 +02:00
John Molakvoæ (skjnldsv) 92fbb6d795
Fallback to $lang if no $locale match 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2018-09-13 11:37:40 +02:00
Daniel Kesselberg 603a578a1c
Change return false to throw new 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2018-09-10 22:45:40 +02:00
Daniel Kesselberg 62c03beb1d
Extract logic for webroot into method and add test 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2018-09-10 22:33:35 +02:00
John Molakvoæ (skjnldsv) 7d158c62ce
Typehint 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2018-09-10 11:17:03 +02:00
John Molakvoæ (skjnldsv) df143cb72a
Use user locale as default in the template 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2018-09-10 10:42:08 +02:00
Roeland Jago Douma c44368b9a3
Merge pull request #11096 from nextcloud/bugfix/11080/set-cookie-null-argument 
replace setcookie value with '' instead of null.
 2018-09-07 19:31:30 +02:00
Roeland Jago Douma 47b46fa69d
Expire tokens hardening 
Just to be sure that the field is also not 0

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-09-07 10:01:31 +02:00
MartB fe21b10de5 replace setcookie value with '' instead of null. 
The php documentation states that an empty string should be used for a cookie when it has no real value.
null leads to the following error: expects parameter 2 to be string, null given

Signed-off-by: Martin Böh <mart.b@outlook.de>
 2018-09-06 20:34:16 +02:00
Christoph Wurst b4b095ca91
Fix @since version on new API 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2018-09-05 20:58:39 +02:00
Christoph Wurst ff58732c0d
Add breadcrumb support to crash reporters 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2018-09-05 20:58:39 +02:00
Roeland Jago Douma adbeb74dc1
Merge pull request #11046 from nextcloud/feature/10725/applogger 
Add wrapper Logger in DIContainer
 2018-09-04 12:15:43 +02:00
Roeland Jago Douma 9319d557a4
Add wrapper Logger in DIContainer 
This makes sure that for example app for the context is always set.
We can in the future extend this to include more info.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-09-04 10:05:25 +02:00
Roeland Jago Douma 8354c50911
Deprecate the childSrc functions 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-09-04 07:35:44 +02:00
Roeland Jago Douma c8fe4b4fc8
Add workerSrc to CSP 
Fixes #11035

Since the child-src directive is deprecated (we should kill it at some
point) we need to have the proper worker-src available

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-09-04 07:35:44 +02:00
Christoph Wurst fb98db7da7
Fix handlng of concurrent inserts of the 2FA provider registry DAO 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2018-08-31 11:46:27 +02:00
Roeland Jago Douma 625c81bd11
Merge pull request #10906 from nextcloud/request-params-array 
ensure we always return an array from `Request::getParams`
 2018-08-30 21:07:49 +02:00
Julius Härtl e8938df198
Move SCSS variable fetching before the variables.scss to properly calculate color values 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2018-08-29 16:47:39 +02:00
Robin Appelman c0a283fefb
ensure we always return an array from `Request::getParams` 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2018-08-28 18:11:42 +02:00
Morris Jobke c6b1c21b8f
Merge pull request #10854 from nextcloud/fix-10764 
Allow same section class for multiple section types (fix #10764)
 2018-08-28 17:50:20 +02:00
sualko 61370549f3 Allow same section class for multiple section types (fix #10764) 
Signed-off-by: Klaus Herberth <klaus@jsxc.org>
 2018-08-25 17:32:19 +02:00
Roeland Jago Douma ac932309a2
Merge pull request #10827 from steiny2k/HEICHEIF 
HEIC previews as JPG rather than PNGs to save space.
 2018-08-24 21:49:33 +02:00
Roeland Jago Douma 4758942121
Fixes 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-08-24 21:27:21 +02:00
Morris Jobke 48f5cbe439
Merge pull request #10841 from nextcloud/load-app-catch-exceptions 
also catch exceptions when loading apps
 2018-08-24 19:29:47 +02:00
Robin Appelman be9ab8b879
also catch exceptions when loading apps 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2018-08-24 17:16:54 +02:00
Morris Jobke e8817ed3ea
Merge pull request #10724 from nextcloud/large-share-count-performance 
Improve performance when dealing with large numbers of shares
 2018-08-24 17:10:17 +02:00