This allows a user to mark a token for remote wipe.
Clients that support this can then wipe the device properly.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Once 2FA is enforced for a user and they have no 2FA setup yet this will
now prompt them with a setup screen. Given that providers are enabled
that allow setup then.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Changed the implementation for getProxyUri with
fd1d85365c
If proxy is already null then we don't ask for proxyuserpwd. Test
failed because we expected getSystemValue to be called once with
proxyuserpwd
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
For #14179
By default responses should have the strictest (and simplest) CSP
possible. Only template responses should require an actual CSP.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
File names are no longer shown directly in the ".filename" element, but
split in two "span" elements inside a ".filename-parts" element, so now
the texts in those span elements need to be concatenated to get the file
name.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
Fixes#14793
This is caused by the mess we have with OC\Settings mapping to settings
and lib/private/Settings.
Anyway this is the quick fix. Moving stuff around for 17 seems better.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
The bundle acceptance tests fails after #14578 sometimes. This is
because of a race condition. not all apps have compatible 16 versions
yet. So trying to enable them results in those apps doing 💥.
Because of #14578 we do show them now. So we try to enable them. However
depending on which requests finishes first the disable button for the
audit app either shows up or now.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* tests/acceptance/features/login.feature:15
<details><summary>Show full log</summary>
```
Scenario: log in with valid user and invalid password once fixed by admin # /drone/src/github.com/nextcloud/server/tests/acceptance/features/login.feature:15
Given I act as John # ActorContext::iActAs()
And I can not log in with user user0 and password 654231 # LoginPageContext::iCanNotLogInWithUserAndPassword()
When I act as Jane # ActorContext::iActAs()
And I am logged in as the admin # LoginPageContext::iAmLoggedInAsTheAdmin()
And I open the User settings # SettingsMenuContext::iOpenTheUserSettings()
And I set the password for user0 to 654321 # UsersSettingsContext::iSetTheFieldForUserTo()
And I act as John # ActorContext::iActAs()
And I log in with user user0 and password 654321 # LoginPageContext::iLogInWithUserAndPassword()
Then I see that the current page is the Files app # FilesAppContext::iSeeThatTheCurrentPageIsTheFilesApp()
Failed asserting that 'http://acceptance-login/index.php/login?user=user0' starts with "http://acceptance-login/index.php/apps/files/".
```
</details>
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Fails with:
* tests/acceptance/features/app-files.feature:90
<details><summary>Show full log</summary>
```
Scenario: show favorites # /drone/src/github.com/nextcloud/server/tests/acceptance/features/app-files.feature:90
Given I am logged in # LoginPageContext::iAmLoggedIn()
And I mark "welcome.txt" as favorite # FileListContext::iMarkAsFavorite()
When I open the "Favorites" section # AppNavigationContext::iOpenTheSection()
Then I see that the current section is "Favorites" # AppNavigationContext::iSeeThatTheCurrentSectionIs()
Then I see that the file list contains a file named "welcome.txt" # FileListContext::iSeeThatTheFileListContainsAFileNamed()
Row for file welcome.txt in file list could not be found after 100 seconds (NoSuchElementException)
```
</details>
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Fails with:
* tests/acceptance/features/apps.feature:66
<details><summary>Show full log</summary>
```
Scenario: Show section from app store # /drone/src/github.com/nextcloud/server/tests/acceptance/features/apps.feature:66
Given I act as Jane # ActorContext::iActAs()
And I am logged in as the admin # LoginPageContext::iAmLoggedInAsTheAdmin()
And I open the Apps management # SettingsMenuContext::iOpenTheAppsManagement()
And I see that the current section is "Your apps" # AppNavigationContext::iSeeThatTheCurrentSectionIs()
When I open the "Files" section # AppNavigationContext::iOpenTheSection()
Files section item in App Navigation could not be found after 100 seconds (NoSuchElementException)
Then I see that there some apps listed from the app store # AppsManagementContext::iSeeThatThereSomeAppsListedFromTheAppStore()
And I see that the current section is "Files" # AppNavigationContext::iSeeThatTheCurrentSectionIs()
```
</details>
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Fails with:
* tests/acceptance/features/app-files-tags.feature:42
<details><summary>Show full log</summary>
```
Scenario: add tags using the dropdown in the details view # /drone/src/github.com/nextcloud/server/tests/acceptance/features/app-files-tags.feature:42
Given I am logged in as the admin # LoginPageContext::iAmLoggedInAsTheAdmin()
And I visit the settings page # SettingsMenuContext::iVisitTheSettingsPage()
And I open the "Tag management" section # AppNavigationContext::iOpenTheSection()
And I see that the button to select tags is shown # SettingsContext::iSeeThatTheButtonToSelectTagsIsShown()
And I create the tag "tag1" in the settings # SettingsContext::iCreateTheTagInTheSettings()
And I create the tag "tag2" in the settings # SettingsContext::iCreateTheTagInTheSettings()
And I create the tag "tag3" in the settings # SettingsContext::iCreateTheTagInTheSettings()
And I create the tag "tag4" in the settings # SettingsContext::iCreateTheTagInTheSettings()
And I see that the dropdown for tags in the settings eventually contains the tag "tag1" # SettingsContext::iSeeThatTheDropdownForTagsInTheSettingsEventuallyContainsTheTag()
And I see that the dropdown for tags in the settings eventually contains the tag "tag2" # SettingsContext::iSeeThatTheDropdownForTagsInTheSettingsEventuallyContainsTheTag()
And I see that the dropdown for tags in the settings eventually contains the tag "tag3" # SettingsContext::iSeeThatTheDropdownForTagsInTheSettingsEventuallyContainsTheTag()
And I see that the dropdown for tags in the settings eventually contains the tag "tag4" # SettingsContext::iSeeThatTheDropdownForTagsInTheSettingsEventuallyContainsTheTag()
And I log out # SettingsMenuContext::iLogOut()
And I am logged in # LoginPageContext::iAmLoggedIn()
And I open the details view for "welcome.txt" # FileListContext::iOpenTheDetailsViewFor()
And I open the input field for tags in the details view # FilesAppContext::iOpenTheInputFieldForTagsInTheDetailsView()
When I check the tag "tag2" in the dropdown for tags in the details view # FilesAppContext::iCheckTheTagInTheDropdownForTagsInTheDetailsView()
And I check the tag "tag4" in the dropdown for tags in the details view # FilesAppContext::iCheckTheTagInTheDropdownForTagsInTheDetailsView()
Then I see that the tag "tag2" in the dropdown for tags in the details view is checked # FilesAppContext::iSeeThatTheTagInTheDropdownForTagsInTheDetailsViewIsChecked()
And I see that the tag "tag4" in the dropdown for tags in the details view is checked # FilesAppContext::iSeeThatTheTagInTheDropdownForTagsInTheDetailsViewIsChecked()
And I see that the input field for tags in the details view contains the tag "tag2" # FilesAppContext::iSeeThatTheInputFieldForTagsInTheDetailsViewContainsTheTag()
Failed asserting that false is true.
And I see that the input field for tags in the details view contains the tag "tag4" # FilesAppContext::iSeeThatTheInputFieldForTagsInTheDetailsViewContainsTheTag()
```
</details>
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
This adds the new login flow. The desktop client will open up a browser
and poll a returned endpoint at regular intervals to check if the flow
is done.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
This can be used by pages that do not have the full Nextcloud UI.
So notifications etc do not load there.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
There already is a separate event for this. This will make it possible
to only inject code with the logged in one on default rendered pages.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Fixes#13662
This will fire of an event after a Template Response has been returned.
There is an event for the generic loading and one when logged in. So
apps can chose to load only on loged in pages.
This is a more generic approach than the files app event. As some things
we might want to load on other pages as well besides the files app.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Some code cleanup
- willReturn instead of will(returnValue)
- Annotation for mocked objects
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
When a password is reste we should make sure that all users are properly
logged in. Pending states should be cleared. For example a session where
the 2FA code is not entered yet should be cleared.
The token is now removed so the session will be killed the next time
this is checked (within 5 minutes).
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
By requesting the plain logout url we allow it to be properly cached by
the caching router. We just add the requesttoken manually.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
If the remember_login_cookie_lifetime is set to 0 this means we do not
want to use remember me at all. In that case we should also not creatae
a remember me cookie and should create a proper temp token.
Further this specifies that is not 0 the remember me time should always
be larger than the session timeout. Because else the behavior is not
really defined.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Fixes#12224
Since we only use the middleware at 1 location it makes no sense to
register them in each and every container.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
When run with php's build-in server (for instance on localhost:8080), IP provided through $this->server['REMOTE_ADDR'] is [::1], which is not an acceptable format for \inet_pton. This removes the brackets if there's any.
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
Fixes#7084
Now entering wrongly cased email (roeland@ instead of Roeland@) for
password reset etc. Will also work.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Admin should _not_ be able to change password when:
- if an encryption module is loaded and it uses per-user keys
- if encryption is enabled but no encryption modules are loaded
Admin should be able to change the password when:
- no encryption module is loaded and encryption is disabled
- encryption module is loaded but it doesn't require per user keys
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
This prevent the object store and cache from getting out of sync
when an objectstore silently fails or the php process get's killed
during the upload without giving us the chance to cleanup
Signed-off-by: Robin Appelman <robin@icewind.nl>