nextcloud
/
server
mirror of https://github.com/nextcloud/server
0
0
Fork 0
Code Issues Releases Wiki Activity
74,395 Commits 400 Branches 984 Tags 3.7 GiB
Commit Graph

383 Commits

Author SHA1 Message Date
Andy Scherzinger 1f7e2ba599
chore: Add SPDX header 
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
 2024-05-13 17:41:36 +02:00
Christoph Wurst 22dc27810e
fix(auth): Keep redirect URL during 2FA setup and challenge 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2024-04-19 10:24:26 +02:00
Côme Chilliet ec5133b739 fix: Apply new coding standard to all files 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-04-02 14:16:21 +02:00
Ferdinand Thiessen 3fede00732
feat(login): Clear login form (password) after IDLE timeout 
For security reasons it is recommended to stop the login process at a defined time,
this could prevent password leaks by e.g. user forgetting that they entered their password on public devices.

Enforced e.g. by the BSI ORP.4.A13 rule.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-03-25 12:22:53 +01:00
Eduardo Morales 685145714a chore: update logincontroller tests 
Signed-off-by: Eduardo Morales <emoral435@gmail.com>
 2024-03-10 11:36:42 -05:00
Louis Chemineau 72f7b80153
Revert change in TwoFactorAuth CleanupTest.php 
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2024-03-06 16:46:35 +01:00
Louis Chemineau fcdc8b47f2 fix(files_versions): Improve files version listing 
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2024-03-06 10:15:31 +01:00
Anupam Kumar ce24923f4c
add generate-password option and flow fixes 
Signed-off-by: Anupam Kumar <kyteinsky@gmail.com>
 2024-02-24 04:56:52 +05:30
Anupam Kumar a92c507cb6
new user password email option, improved on #29368 
Signed-off-by: Anupam Kumar <kyteinsky@gmail.com>
 2024-02-24 04:56:52 +05:30
Philip Gatzka b587ec39f4
Enable adding E-Mail addresses to new user accounts using the CLI 
Signed-off-by: Philip Gatzka <philip.gatzka@mailbox.org>
 2024-02-24 04:56:52 +05:30
provokateurin 6243a9471d
feat(core): Add OCS endpoint for confirming the user password 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-02-20 14:28:00 +01:00
John Molakvoæ 4a509dfe8e
fix: phpunit 
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
 2024-02-13 21:06:31 +01:00
Maxence Lange f7d0c74b10 lazy AppConfig 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2024-01-15 15:45:13 -01:00
Joas Schilling 2ee5c7a8f9
fix(tests): Fix remaining tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-01-09 15:58:02 +01:00
Louis Chemineau db11313152
Fix tests after slow logout fix 
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2024-01-08 19:09:48 +01:00
Gaspard d'Hautefeuille 85911cbab2 Cancel PR #37405, remove regression code 
Signed-off-by: Gaspard d'Hautefeuille <github@dhautefeuille.eu>
 2024-01-05 04:20:26 +01:00
Joas Schilling aa5f037af7
chore: apply changes from Nextcloud coding standards 1.1.1 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2023-11-23 10:36:13 +01:00
Ferdinand Thiessen 154a9989a7
Merge pull request #39852 from nextcloud/pragmaHeader 
Stop sending deprecated Pragma header
 2023-10-18 03:30:21 +02:00
Côme Chilliet ee39a47e84
Fix Dynamic property timeFactory in ClientFlowLoginControllerTest 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-10-09 10:30:54 +02:00
Julien Veyssier 807f173dec
make oauth2 authorization code expire after 10 minutes 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-10-05 14:24:02 +02:00
Côme Chilliet 0c421975bd Remove last calls to deprecated at matcher in tests/Core 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-09-18 10:21:21 +02:00
Joas Schilling 6f520f2304
Merge pull request #40026 from lhsazevedo/auth-token-commands 
feat: Add auth token list and delete commands
 2023-08-29 08:57:07 +02:00
Joas Schilling 25309bcb45
techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-08-28 15:50:45 +02:00
Git'Fellow 066f6ef16c Stop sending deprecated Pragma header 
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
 2023-08-28 15:11:22 +02:00
Lucas Azevedo 771a7b92cc Add tests for occ user:auth-tokens:delete 
Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>
 2023-08-25 02:27:41 -03:00
John Molakvoæ 266fb31180
fix(tests): preview phpunit 
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
 2023-08-17 18:58:21 +02:00
jld3103 1be836273d
core: Add OpenAPI spec 
Signed-off-by: jld3103 <jld3103yt@gmail.com>
 2023-07-13 07:24:15 +02:00
Faraz Samapoor fd0e2f711a Fixes testcase error. 
Signed-off-by: Faraz Samapoor <fsa@adlas.at>
 2023-06-24 23:14:23 +02:00
Joas Schilling 33385d7ecb
fix(tests): Adjust unit tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-05-15 16:12:14 +02:00
Ferdinand Thiessen dc9d8c42bb fix: Adjust console formatter code to match with Symfony type hints 
Symfony has added type hints on the `OutputFormatterInterface`,
so we must adjust our type hints to match with Symfony.

Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>
 2023-04-17 18:35:10 +02:00
Joshua Trees a4032a3800 Add some tests for input trimming in LostController.php 
Signed-off-by: Joshua Trees <me@jtrees.io>
 2023-04-05 12:15:38 +02:00
Git'Fellow 346054f854
Fix tests 
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
 2023-03-28 09:41:04 +02:00
Joas Schilling 59578817f5
Merge pull request #36489 from nextcloud/bugfix/noid/brute-force-protection-password-reset 
Add bruteforce protection to password reset page
 2023-02-06 22:12:25 +01:00
Joas Schilling 875e6cf7e6
fix(CI): Adjust expected result 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-02-06 11:26:38 +01:00
Christoph Wurst 88d116ba84
fix(client-login-flow): Handle missing stateToken gracefully 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-02-06 09:42:15 +01:00
Côme Chilliet 003cc2b45a
Fix tests failures (number of calls differed with last rebase) 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-24 09:38:20 +01:00
Carl Schwan a23cd7b961
Fix a bunch of deprecation in the phpunit for core 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2023-01-24 09:34:09 +01:00
Joas Schilling 1c099c7f17
Fix broken user:setting command unit test 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-01-23 07:01:22 +01:00
Côme Chilliet f5c361cf44
composer run cs:fix 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-20 11:45:08 +01:00
Christoph Wurst 20fcfb5739
feat(app framework)!: Inject services into controller methods 
Usually Nextcloud DI goes through constructor injection. This has the
implication that each instance of a class builds the full DI tree. That
is the injected services, their services, etc. Occasionally there is a
service that is only needed for one controller method. Then the DI tree
is build regardless if used or not.

If services are injected into the method, we only build the DI tree if
that method gets executed.

This is also how Laravel allows injection.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-18 14:00:38 +01:00
Christoph Wurst f22101d421
Fix login loop if login CSRF fails and user is not logged in 
If CSRF fails but the user is logged in that they probably logged in in
another tab. This is fine. We can just redirect.
If CSRF fails and the user is also not logged in then something is
fishy. E.g. because Nextcloud contantly regenrates the session and the
CSRF token and the user is stuck in an endless login loop.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-18 09:39:17 +01:00
Christoph Wurst 138deec333
chore: Make the LoginController strict 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2022-12-15 10:52:28 +01:00
Julius Härtl 8629d8e44f
Check share attributes on preview endpoints 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-10-25 11:35:31 +02:00
Côme Chilliet 1cb0c2ac52 Fix LostController test 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-10-18 14:49:02 +00:00
Joas Schilling 67ecd72972
Fix unit tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-08-31 20:54:39 +02:00
Arthur Schiwon b3b6f2d581
fix Controller tests 
- added pageTitle in code was missing in expectations
- fixed warnings of superflouos parameter
- fixed wrong type of mock

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2022-07-22 22:15:41 +02:00
Thomas Citharel abe5ff3654
Make LostController use IInitialState and LoggerInterface 
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2022-06-10 16:41:41 +02:00
Thomas Citharel 6283d14fa6
Modernize the LostControllerTest test 
Remove some depreciated at() calls

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2022-06-10 16:41:41 +02:00
Thomas Citharel 44e13848a1
Add password reset typed events 
These hooks are only used in the Encryption app from what I can see.

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2022-06-10 16:41:41 +02:00
Carl Schwan b70c6a128f Update core to PHP 7.4 standard 
- Typed properties
- Port to LoggerInterface

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-05-20 22:18:06 +02:00