Roeland Jago Douma
ee3dc57cbd
Merge pull request #26626 from J0WI/strict-security
...
Make Security module strict
2021-05-18 08:43:13 +02:00
korelstar
b38e8678e4
fix error when using CORS with no auth credentials
2021-05-18 07:11:10 +02:00
Roeland Jago Douma
4a2775a442
Harden apptoken check
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2021-05-17 16:05:45 +02:00
Roeland Jago Douma
44a638f961
Merge pull request #26998 from nextcloud/dependabot/npm_and_yarn/babel/core-7.14.2
...
Bump @babel/core from 7.13.16 to 7.14.2
2021-05-17 15:26:51 +02:00
Lukas Reschke
c4fddd9b5c
Merge pull request #26946 from nextcloud/enh/fed_share/respect_default_permissions
...
Respect default share permissions for federated reshares
2021-05-17 12:01:59 +02:00
dependabot-preview[bot]
93aff09bda
Bump @babel/core from 7.13.16 to 7.14.2
...
Bumps [@babel/core](https://github.com/babel/babel/tree/HEAD/packages/babel-core ) from 7.13.16 to 7.14.2.
- [Release notes](https://github.com/babel/babel/releases )
- [Changelog](https://github.com/babel/babel/blob/main/CHANGELOG.md )
- [Commits](https://github.com/babel/babel/commits/v7.14.2/packages/babel-core )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: npmbuildbot-nextcloud[bot] <npmbuildbot-nextcloud[bot]@users.noreply.github.com>
2021-05-17 09:51:33 +02:00
Roeland Jago Douma
3854e7f8f0
Respect default share permissions for federated reshares
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2021-05-17 09:48:31 +02:00
Morris Jobke
77a4368418
Merge pull request #26846 from nextcloud/followup/26572/reply-with-json-when-not-accepting-html
...
Reply with json when not accepting html on LoginException
2021-05-17 09:36:18 +02:00
Nextcloud bot
06377b7df1
[tx-robot] updated from transifex
2021-05-17 02:26:35 +00:00
Nextcloud bot
5ea903d824
[tx-robot] updated from transifex
2021-05-16 02:26:44 +00:00
François Freitag
3f8fe4f35e
Remove unused apps/dav/js/schedule-response.js
...
File is not included in the schedule-response-options template and is
commented out. The commented code relies on the buttonset() jQuery
plugin, which is deprecated.
https://api.jqueryui.com/buttonset/
If this code was to be re-introduced, it would take a different form.
Signed-off-by: François Freitag <mail@franek.fr>
2021-05-15 10:57:50 +02:00
Nextcloud bot
07476fd991
[tx-robot] updated from transifex
2021-05-15 02:29:20 +00:00
dependabot-preview[bot]
53e03a8b4f
Bump node-sass from 5.0.0 to 6.0.0 in /build
...
Bumps [node-sass](https://github.com/sass/node-sass ) from 5.0.0 to 6.0.0.
- [Release notes](https://github.com/sass/node-sass/releases )
- [Changelog](https://github.com/sass/node-sass/blob/master/CHANGELOG.md )
- [Commits](https://github.com/sass/node-sass/compare/v5.0.0...v6.0.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-05-15 01:14:16 +00:00
Julius Härtl
bcf38692ae
Use parent wrapper to properly handle moves on the same source/target storage
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2021-05-14 09:41:01 +02:00
Nextcloud bot
3e69ed8849
[tx-robot] updated from transifex
2021-05-14 02:24:59 +00:00
blizzz
0ab5b3e265
Merge pull request #26679 from nextcloud/bugfix/noid/fix-unauthorized-ocs-status-in-provisioning
...
Fix unauthorized OCS status in provisioning
2021-05-13 23:39:20 +02:00
blizzz
b8b2e796bf
Merge pull request #26959 from nextcloud/techdebt/noid/verifiyuserdata-iaccountmanager
...
VerifyUserData shall use IAccountManager, not private API
2021-05-12 23:35:39 +02:00
blizzz
a923213b4f
Merge pull request #26961 from nextcloud/techdet/noid/lib-accountmanager-api
...
ValidatePhoneNumber and PersonalInfo to use public IAccountManager
2021-05-12 23:35:28 +02:00
Arthur Schiwon
9977027321
VerifyUserData shall use IAccountManager, not private API
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2021-05-12 22:57:20 +02:00
Arthur Schiwon
a49588bbe5
PersonalInfo settings to use public AccoutManager API
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2021-05-12 22:55:34 +02:00
Arthur Schiwon
2ee34ff76c
Repair job to use public AccoutManager API
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2021-05-12 22:55:28 +02:00
Roeland Jago Douma
9b36252de0
Merge pull request #26958 from nextcloud/enh/MountPublicLinkController/throttling
...
Throttle MountPublicLinkController when share is not found
2021-05-12 21:20:09 +02:00
Roeland Jago Douma
50517a2622
Throttle MountPublicLinkController when share is not found
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2021-05-12 16:26:31 +02:00
Roeland Jago Douma
b01c7289ef
Merge pull request #26962 from nextcloud/fix-cs
...
Fix CS check
2021-05-12 16:25:12 +02:00
Robin Appelman
8d7fae8fae
fmt
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2021-05-12 16:11:55 +02:00
Robin Appelman
a9eb1f6af3
update public interface with new methods
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2021-05-12 16:11:35 +02:00
Robin Appelman
0e6321957d
allow excluding groups from creating link shares
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2021-05-12 16:11:31 +02:00
Robin Appelman
b1dca57a1c
load share settings from the share manager in more places
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2021-05-12 16:11:28 +02:00
Roeland Jago Douma
749dd1374c
Fix CS check
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2021-05-12 16:01:05 +02:00
blizzz
7e1c842d96
Merge pull request #26923 from nextcloud/techdebt/noid/provapi-no-private-accountmanager
...
provisioning API to use only public API of IAccountManager
2021-05-12 14:17:50 +02:00
Roeland Jago Douma
6c741724fb
Merge pull request #26941 from nextcloud/enh/register-multiselect-fileactions
...
Allow apps to register a file action for multiselect
2021-05-12 10:53:58 +02:00
Roeland Jago Douma
a2a96466fc
Merge pull request #26922 from nextcloud/techdebt/noid/dav-no-private-class
...
dav: Converter & SyncService shall not use private AccountManager
2021-05-12 10:22:49 +02:00
Roeland Jago Douma
024ed97e7e
Merge pull request #26945 from nextcloud/enh/shareinfo/throttle
...
Add bruteforce protection to the shareinfo endpoint
2021-05-12 10:07:28 +02:00
Julius Härtl
96515d7338
Allow apps to register a file action for multiselect
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2021-05-12 09:48:52 +02:00
Roeland Jago Douma
701294520a
Add bruteforce protection to the shareinfo endpoint
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2021-05-12 09:34:45 +02:00
Joas Schilling
b6c6527705
Fix unauthorized OCS status in provisioning
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-05-12 08:16:07 +02:00
Joas Schilling
236f1b64f9
Reply with JSON when html is not accepted like in SecurityMiddleware
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-05-12 08:02:53 +02:00
Joas Schilling
a2d5d2d613
Reply with UNAUTHORIZED like on APIs when login exception was thrown
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-05-12 08:02:53 +02:00
Julius Härtl
0599a8060c
Merge pull request #26949 from nextcloud/fix-add-app-password
...
fix occ command user:add-app-password
2021-05-12 07:24:32 +02:00
Nextcloud bot
0df326ab20
[tx-robot] updated from transifex
2021-05-12 02:26:16 +00:00
Arthur Schiwon
8413ed9475
allow to set valid scopes only in AccountProperty
...
the auto-fallback to v2-local is removed as well to react on wrong input
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2021-05-12 01:31:15 +02:00
Arthur Schiwon
665ffbdf80
remove private AccountManager from SyncService
...
and fix test
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2021-05-11 23:38:31 +02:00
Bjoern Schiessle
da21e86a07
use the UID as loginName and not the display name.
...
Otherwise the app password will not work for users with a display name different to the UID.
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2021-05-11 20:38:54 +02:00
Roeland Jago Douma
bf86050c77
Merge pull request #26751 from nextcloud/3rdparty/archive_tar/1.4.13
...
[3rdparty] Archive tar 1.4.13 bump
2021-05-11 09:17:43 +02:00
Nextcloud bot
b2ad201644
[tx-robot] updated from transifex
2021-05-11 02:26:02 +00:00
Roeland Jago Douma
ec6df60062
[3rdparty] Archive tar 1.4.13 bump
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2021-05-10 12:40:08 +02:00
Roeland Jago Douma
ca49ba6441
Merge pull request #26917 from nextcloud/dependabot/npm_and_yarn/build/hosted-git-info-2.8.9
...
[Security] Bump hosted-git-info from 2.7.1 to 2.8.9 in /build
2021-05-10 10:22:09 +02:00
dependabot-preview[bot]
cc3654ce37
[Security] Bump hosted-git-info from 2.7.1 to 2.8.9 in /build
...
Bumps [hosted-git-info](https://github.com/npm/hosted-git-info ) from 2.7.1 to 2.8.9. **This update includes a security fix.**
- [Release notes](https://github.com/npm/hosted-git-info/releases )
- [Changelog](https://github.com/npm/hosted-git-info/blob/v2.8.9/CHANGELOG.md )
- [Commits](https://github.com/npm/hosted-git-info/compare/v2.7.1...v2.8.9 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
2021-05-10 07:27:01 +00:00
Roeland Jago Douma
87d6b3fa01
Merge pull request #26919 from nextcloud/dependabot/npm_and_yarn/hosted-git-info-2.8.9
...
[Security] Bump hosted-git-info from 2.8.8 to 2.8.9
2021-05-10 09:25:20 +02:00
Valdnet
99e6849906
Change the values in test
...
Signed-off-by: Valdnet <47037905+Valdnet@users.noreply.github.com>
2021-05-10 09:22:39 +02:00