Commit Graph

884 Commits

Author SHA1 Message Date
John Molakvoæ (skjnldsv) 21441fad9b
Added new search standard
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-06-19 23:53:20 +02:00
Julius Härtl 897898a93b
Add data-id to settings navigation
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-05-08 13:14:02 +02:00
Jan-Christoph Borchardt 0f9ba852bc
Fix form labels and main landmark on log in page
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2018-04-18 16:14:09 +02:00
Jan-Christoph Borchardt 1c00f82ea5
Do not restrict zooming in
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2018-04-18 15:51:52 +02:00
Jan-Christoph Borchardt 0ee9924b16
Add aria-label to more-apps menu as well
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2018-04-18 15:40:47 +02:00
Jan-Christoph Borchardt df3c1ac283
Add proper ARIA attributes and structure to header for accessibility, thanks to @MarcoZehe
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2018-04-18 15:07:42 +02:00
Morris Jobke 0d5142be70
Show a link to the docs instead of a button on the untrusted domain page
Before there was a button to "quickly" add the untrusted domain to the config. This button often didn't worked, because the generated URL was often untrusted as well. Thus removing it and providing proper docs seems to be the better approach to handle this rare case.

Also the log should not be spammed by messages for the untrusted domain accesses, because they are user related and not necessarily an administrative issue.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-04-17 17:47:11 +02:00
Roeland Jago Douma b2350810e0
Merge pull request #9115 from nextcloud/feature/noid/login_flow_wording
Improve login flow
2018-04-09 08:45:27 +02:00
Roeland Jago Douma 177c8972cc
Improve login flow
* Add page explaining you are about to grant access
* Show grant access page after login

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-04-08 13:42:36 +02:00
Roeland Jago Douma caee215120
Always remember me
Fixes #8004

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-04-06 15:44:28 +02:00
Julius Härtl 30e76f9f14
Add footer to public page template
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-04-05 12:22:01 +02:00
Julius Härtl bbeb3402b6
Move styling and menu handling to publicpage.js
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-04-05 12:21:39 +02:00
Morris Jobke 990ca145d7
Remove "Alternative logins" title on login page
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-03-14 11:38:57 +01:00
Roeland Jago Douma 83873e3da1
Remove deprecated URL functions for OCP\Util
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-03-13 22:04:08 +01:00
rakekniven 1046fb5111
Update login.php
Fixed grammar issue.
Reported at Transifex. See https://www.transifex.com/nextcloud/nextcloud/translate/#af/$/124614533?issue=yes
2018-03-08 20:08:11 +01:00
John Molakvoæ (skjnldsv) d9bd6f3253
Fixed public template
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-03-07 11:05:23 +01:00
John Molakvoæ (skjnldsv) 15a3caedc0
Create special option to toggle header menu container
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-03-04 14:12:29 +01:00
Julius Härtl fd830b90eb
Fix acceptance test for new menu structure
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-27 12:25:53 +01:00
Julius Härtl faeb277ece
Fix popovermenu
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-27 12:25:52 +01:00
Julius Härtl d07d66e24b
Add public template
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-27 12:25:52 +01:00
Julius Härtl 74325f1f94
Use array in t() calls in exception template
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-23 11:18:29 +01:00
Roeland Jago Douma cacfe3a360
Fix more templates
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-21 20:30:44 +01:00
Ralph Slooten be42df8e48 Referrer fix (no-referrer)
Blocking referrer information should be done with "no-referrer" and not "never". See
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy

Signed-off-by: Ralph Slooten <axllent@gmail.com>
2018-02-08 08:31:24 +13:00
Morris Jobke a661f043e1
Remove unneeded semicolon and parentheses
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-26 23:46:40 +01:00
Roeland Jago Douma a607d737c6
Fix wording
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-15 21:44:03 +01:00
Roeland Jago Douma 7cab7feb38
Display message when connection is throttled on logi page
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-15 21:43:09 +01:00
Robert Pirritano a82c8f58cc
made small changes to login screen
added height back 70px back to footer and removed .htaccess file

Signed-off-by: Robert R Pirritano <rpirritano@gmail.com>
2018-01-11 12:37:47 +01:00
Julius Härtl 927626cbaa
Fix appmenu svg double invert
This fixes a regression caused by 9b668d0, where the css filters to
preview color inversion of the app menu was applied by default. This
commit makes the css filters sensitive on what the current state of the
app menu is.

Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-01-10 09:11:32 +01:00
Julius Härtl 63b4d7e183
Remove css invert since we are using svg filters for now
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-01-03 14:42:08 +01:00
Julius Härtl 8a226811dc
Invert app icons on IE11 as well
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-01-03 14:42:07 +01:00
Julius Härtl f5f6ed664d
Hide stay logged in checkbox when flow authentication is used
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-12-28 11:15:26 +01:00
John Molakvoæ (skjnldsv) 21fbcba68d
Removed unwanted and unused spacer
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2017-12-12 16:45:56 +01:00
Morris Jobke 369069687f
Adjust style of new password form to default
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-16 21:18:15 +01:00
Jan-Christoph Borchardt 381967f35e
Merge pull request #7013 from nextcloud/forgot-password
Directly show "Forgot password?" link, fix #6808
2017-11-14 15:32:27 +01:00
Lukas Reschke 8c915baa34
Merge pull request #6788 from staabm/master
Prevent XSS in links which open a new browser window
2017-11-08 18:55:35 +01:00
Julius Härtl cd1bfea8c4
Theming: theme flow redirection page
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-11-08 14:56:32 +01:00
John Molakvoæ (skjnldsv) 8fea22314c
Fix template order and animation
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2017-11-05 18:14:52 +01:00
Jan-Christoph Borchardt 494dea2c60 Fix variable name
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2017-11-03 15:17:24 +01:00
Jan-Christoph Borchardt 585e9f9fcd Add some JS to hide and show elements for password reset
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2017-11-02 12:04:35 +01:00
Jan-Christoph Borchardt aca29b0c88 Directly show Forgot password link, fix #6808
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2017-11-02 12:03:31 +01:00
Roeland Jago Douma f2d4c64c9a
Translate Grant Access
Fixes #7038

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-11-01 15:50:34 +01:00
Markus Staab db34b59238 Prevent XSS in links which open a new browser window 2017-10-19 12:16:04 +02:00
Julius Härtl 060eac40d8 Merge pull request #6700 from nextcloud/accessibility-fixes
Accessibility fixes
2017-10-04 16:09:29 +02:00
Martin 4e484fc217 Update enable javascript link to https 2017-10-02 15:37:58 +01:00
Jan-Christoph Borchardt 2cd467f3f0 Remove unneeded tabindex, add keyboard focus feedback for app list
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2017-09-29 20:01:15 +02:00
Jan-Christoph Borchardt d3ae77590a Merge legacy app title h1 into Nextcloud h1, ref #5822
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2017-09-29 19:31:05 +02:00
Jan-Christoph Borchardt 9fb37a2990 Add proper labels to various form elements and buttons
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2017-09-29 19:25:32 +02:00
Jan-Christoph Borchardt 753c6fd07b Add alt text to app icons in header
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2017-09-29 18:14:39 +02:00
Julius Härtl 699c64c750
Add manifest.json to the login page
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-09-12 09:23:13 +02:00
Allan Nordhøy d6adc240c4 Spelling: Shortening and single please. 2017-08-29 16:10:54 +02:00
Morris Jobke 7d8b7d4e4e Merge pull request #4925 from nextcloud/error-styling
Improve design and wording of various error messages
2017-08-29 12:03:16 +02:00
Lukas Reschke a04feff9a7
Properly allow \OCP\Authentication\IApacheBackend to specify logout URL
Any `\OCP\Authentication\IApacheBackend` previously had to implement `getLogoutAttribute` which returns a string.
This string is directly injected into the logout `<a>` tag, so returning something like `href="foo"` would result
in `<a href="foo">`.

This is rather error prone and also in Nextcloud 12 broken as the logout entry has been moved with
054e161eb5 inside the navigation manager where one cannot simply inject attributes.

Thus this feature is broken in Nextcloud 12 which effectively leads to the bug described at nextcloud/user_saml#112,
people cannot logout anymore when using SAML using SLO. Basically in case of SAML you have a SLO url which redirects
you to the IdP and properly logs you out there as well.

Instead of monkey patching the Navigation manager I decided to instead change `\OCP\Authentication\IApacheBackend` to
use `\OCP\Authentication\IApacheBackend::getLogoutUrl` instead where it can return a string with the appropriate logout
URL. Since this functionality is only prominently used in the SAML plugin. Any custom app would need a small change but
I'm not aware of any and there's simply no way to fix this properly otherwise.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-18 12:22:44 +02:00
Morris Jobke 44c6745159 Remove quotes around device name
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-08-14 11:48:56 +02:00
Morris Jobke bd43758118 Highlight client identifier in auth grant page
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-08-14 10:42:19 +02:00
Jan-Christoph Borchardt ebdfcb1fe3 Add heading to account access page
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2017-08-12 19:29:49 +02:00
Jan-Christoph Borchardt faea9cb294 Shorten text of untrusted domain error
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2017-08-12 19:01:42 +02:00
Morris Jobke 83b0191017 fix design of the track trace
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-08-12 18:48:48 +02:00
Jan-Christoph Borchardt 9f67fb86c8 Improve design of various error messages
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2017-08-12 18:48:48 +02:00
Morris Jobke d7645ee928 Merge pull request #5972 from nextcloud/replace-loading-icon-gif-with-pure-css-in-login-button
Replace loading icon GIF with pure CSS in login button
2017-08-08 14:40:35 +02:00
Daniel Calviño Sánchez b237379fa1 Replace loading icon GIF with pure CSS loading icon
The pure CSS loading icon uses an ::after pseudo-element, and thus it
can only be used on container elements; the input element is not a
container element, so when the class "icon-loading-small" is set on an
input element it falls back to a loading icon GIF.

This commit modifies the markup of the login button to add a div element
that holds the confirm icon and the loading icon (depending on the
case). In order to position the icon in the same place as before the
input and the icon are both wrapped by another div making possible to
set the absolute position of the icon relative to the input.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2017-08-03 21:09:43 +02:00
Joas Schilling 9abbd6ab13 Revert "Proof of concept #5593 - inline SVG icon for icon-contacts" 2017-08-03 17:27:24 +02:00
Morris Jobke 585e5c6ea5
Logo claim is not used anymore
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-08-02 23:08:45 +02:00
Marin Treselj c658862052 Replace `include` with `file_get_contents`
Signed-off-by: Marin Treselj <marin@pixelipo.com>
2017-08-02 18:27:24 +02:00
Marin Treselj ffcdc96a0b Proof of concept #5593 - inline SVG icon for icon-contacts
Signed-off-by: Marin Treselj <marin@pixelipo.com>
2017-08-02 18:27:24 +02:00
Morris Jobke 6ca4b9eee9 Merge pull request #5920 from nextcloud/gallery-share-view-fix
Top bar buttons in share view are wrong positioned
2017-08-02 16:59:24 +02:00
Marin Treselj 086ce709f7 Fixes nextcloud/gallery#269
Signed-off-by: Marin Treselj <marin@pixelipo.com>
2017-07-28 14:44:29 +02:00
Morris Jobke 0de90cfc67 Fix 403 and 404 redirect
* Nextcloud is not properly loaded in the standalone version (especially the theming)
* it is already not listed anymore in the Nginx config (see nextcloud/documentation#392)
* the index.php-free version doesn't support this

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-07-26 16:30:09 +02:00
Morris Jobke 5d5b1285ec Merge pull request #5520 from nextcloud/disable-click-on-hint
[Small] Hint should not be clickable
2017-07-05 16:19:09 +02:00
Marin Treselj 3470d0a44e
Simplified Nextcloud logo icon
Signed-off-by: Marin Treselj <marin@pixelipo.com>
2017-07-02 14:14:49 +02:00
Maxence Lange 5389ffca86 Hint should not be clickable
Signed-off-by: Maxence Lange <maxence@nextcloud.com>
2017-06-23 09:18:20 -01:00
Morris Jobke 8eb955d5c6 Merge pull request #4993 from michaelletzgus/emit_css-tags
Emit css tags
2017-06-14 11:29:25 -05:00
Morris Jobke 0f83cdc78e Use the guest.css for the maintenance page as well
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-06-13 16:43:25 -05:00
Michael Letzgus 0d320fba4b Streamline templates, more DRY
Use Unified function to emit <link> tags for css loading, obey "Don't Repeat Yourself" ;-)

(Next step might by to combine this with the emit <script> function (even more DRY?) AND move all this to a better place?)

Signed-off-by: Michael Letzgus <michaelletzgus@users.noreply.github.com>
2017-05-25 11:13:43 +02:00
Morris Jobke 0dae4946cf Merge pull request #4854 from michaelletzgus/deferred-script-loading-v2
Make page loading faster, deferred script loading, now switchable:
2017-05-20 16:53:30 -05:00
Michael Letzgus fb9f13d4c1 Make page loading faster by deferred script loading:
* Create generalized function for emmitting <script defer src=""> tags to templates
* Remove type attribute from inline_js
* Add defer attribute to external <script> tags

Signed-off-by: Michael Letzgus <michaelletzgus@users.noreply.github.com>
2017-05-20 13:44:04 +02:00
Bjoern Schiessle 3775b14c4c
remove 'Alternative login using app token' in case of oauth login
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-05-18 20:49:05 +02:00
Lukas Reschke 5f71805c35
Add basic implementation for OAuth 2.0 Authorization Code Flow
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 20:49:03 +02:00
Morris Jobke 3fa604cc5e Allow to enforce update via web UI
* adds a disclaimer that an update via web UI is on own risk
* allows to skip the warning
* fixes #4353

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-05-11 10:22:44 -05:00
Morris Jobke abe4a19cbc Properly decide on actual users if instance is too big
* state the reason why NC thinks it is a big instance

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-05-10 22:32:42 -05:00
Lukas Reschke 26f7a3b462
Check if Nextcloud is installed
Fixes https://github.com/nextcloud/server/issues/4735

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-08 15:10:53 +02:00
Lukas Reschke fecf72fb70 Merge pull request #4632 from nextcloud/login-logo-ratio
show non landscape logos bigger on the login page
2017-05-08 12:11:15 +02:00
Robin Appelman c50b7addc7
smaller max logo sizes and cleaner code
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-05-02 13:01:11 -03:00
Robin Appelman fa52f906e3
show non landscape icons bigger on the login page
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-05-01 19:05:21 +02:00
Jan-Christoph Borchardt 7015eb9fe5 Prevent flashing of apps and user menu
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2017-04-29 13:34:44 +02:00
Jan-Christoph Borchardt 241e397326 Merge branch 'master' into contactsmenu
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2017-04-26 00:50:38 +02:00
Christoph Wurst d091793ceb Contacts menu
* load list of contacts from the server
* show last message of each contact

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-04-25 20:47:17 +02:00
Jan-Christoph Borchardt 61af3f41f0
Fix auth flow background color and redirect view layout
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2017-04-25 20:18:49 +02:00
Roeland Jago Douma 05e1092c44
Correctly case the stateToken
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-25 20:18:49 +02:00
Lukas Reschke 6a16df7288
Add new auth flow
This implements the basics for the new app-password based authentication flow for our clients.
The current implementation tries to keep it as simple as possible and works the following way:

1. Unauthenticated client opens `/index.php/login/flow`
2. User will be asked whether they want to grant access to the client
3. If accepted the user has the chance to do so using existing App Token or automatically generate an app password.

If the user chooses to use an existing app token then that one will simply be redirected to the `nc://` protocol handler.
While we can improve on that in the future, I think keeping this smaller at the moment has its advantages. Also, in the
near future we have to think about an automatic migration endpoint so there's that anyways :-)

If the user chooses to use the regular login the following happens:

1. A session state token is written to the session
2. User is redirected to the login page
3. If successfully authenticated they will be redirected to a page redirecting to the POST controller
4. The POST controller will check if the CSRF token as well as the state token is correct, if yes the user will be redirected to the `nc://` protocol handler.

This approach is quite simple but also allows to be extended in the future. One could for example allow external websites to consume this authentication endpoint as well.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-25 20:18:49 +02:00
Julius Härtl 7548825743
Responsive app menu
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-04-25 17:31:24 +02:00
Morris Jobke 1f962f9115
Update email template for lost password email
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-12 15:19:53 -05:00
Morris Jobke 8fa5141aaa
Removes unused code for link share emails
* now handled by sharebymail app
* see https://github.com/nextcloud/server/pull/657

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-11 17:32:48 -05:00
Lukas Reschke afb5d45705 Merge pull request #4256 from nextcloud/theming
Move OC_Defaults to OCP\Defaults
2017-04-11 14:39:46 +02:00
Lukas Reschke 5ca5ebe584 Merge pull request #2618 from nextcloud/2fa-challenge-text
Move log out and backup codes link into 2fa box for better readability
2017-04-11 11:41:55 +02:00
Morris Jobke 5b4adf66e5
Move OC_Defaults to OCP\Defaults
* currently there are two ways to access default values:
  OCP\Defaults or OC_Defaults (which is extended by
  OCA\Theming\ThemingDefaults)
* our code used a mixture of both of them, which made
  it hard to work on theme values
* this extended the public interface with the missing
  methods and uses them everywhere to only rely on the
  public interface

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-09 21:43:01 -05:00
Jan-Christoph Borchardt 9a75714c22
rename confusing getMailHeaderColor to getColorPrimary, ref #3491
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2017-03-29 18:23:23 +02:00
Joas Schilling a88edce54f Merge pull request #4130 from nextcloud/replace-useless-print-unescaped-with-p
Replace unecessary unescaped prints with print
2017-03-29 10:02:10 +02:00
Pierre Rudloff 19d3133ccf
Web app manifest
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2017-03-28 18:39:57 -06:00
Lukas Reschke 99675b46e9
Replace unecessary unescaped prints with print
There's no need to have those unescaped from what I can see.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-29 00:43:44 +02:00
Roeland Jago Douma 1ae56b054b
Moving the inline js before the CSS
This allows browsers to do smarted parallel downloads

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-28 22:02:22 +02:00