averello/nextcloud-server-mirror
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-29 12:24:50 +02:00
Code Issues Packages Projects Releases Wiki Activity
88,512 Commits 1,008 Branches 1,229 Tags
executeUpdateRemove
Commit Graph

70 Commits

Author SHA1 Message Date
Carl Schwan 734904e7f0 feat(oauth2): Add commands for adding and deleting clients 
Refactor the code for doing that from the controller to a seperate
service.

Signed-off-by: Carl Schwan <carlschwan@kde.org>
 2026-06-15 13:06:09 +02:00
Côme Chilliet 1ab09ec753 chore: Apply new coding standard to all files 
The diff can be checked using: git diff --ignore-all-space --ignore-blank-lines
To see only the changes not related to blank lines.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2026-06-01 13:46:39 +02:00
Peter Ringelmann 4b1c3fbe3b fix(settings,oauth2): preserve wipe state across admin deletion paths 
Signed-off-by: Peter Ringelmann <peter.ringelmann@nextcloud.com>
 2026-05-26 16:41:02 +02:00
Julien Veyssier 59b3d7a5b2 fix(oauth): rotate the auth token only if the access token rotation was successful 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2026-04-22 11:23:47 +02:00
Julien Veyssier c639dfdbfc fix(oauth): make the throttling reason more specific 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2026-04-22 11:23:47 +02:00
Julien Veyssier 72c4d0f72a fix(oauth): wrap token rotation in a transaction, only rotate if the token hasn't been modified since we have read it 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2026-04-22 11:23:47 +02:00
Kate bce67a250f Merge pull request #59764 from nextcloud/fix/add-missing-password-required 
fix: Add missing PasswordConfirmationRequired attributes
 2026-04-21 15:41:15 +02:00
Côme Chilliet cfd5f04116 fix: Add missing PasswordConfirmationRequired attributes 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2026-04-21 10:21:07 +02:00
Côme Chilliet 135a8128d4 fix(oauth2): Add missing urlencode for failure redirection 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2026-04-21 09:34:48 +02:00
Côme Chilliet 5c1b58c380 fix(oauth2): Do not store the code in throttle metadata 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2026-03-19 14:40:12 +01:00
provokateurin 1b4722c330 fix(oauth2): Limit allowed grant_type values in getToken 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2025-08-25 13:40:35 +02:00
Richard Steinmetz 246da73a36 fix(oauth2): retain support for legacy ownCloud clients 
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
 2025-04-01 11:25:52 +02:00
Côme Chilliet 75f8bb51ed fix: Rename config option to skipAuthPickerApplications to match what it does 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-01-07 10:34:30 +01:00
Côme Chilliet e7be008dc1 feat(oauth2): Skip page before login as well for authorized applications 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-01-07 10:34:30 +01:00
provokateurin 085d4c9364 refactor(OpenAPI): Adjust scopes to match previous behavior 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2025-01-06 14:30:40 +01:00
provokateurin 381077028a refactor(apps): Use constructor property promotion when possible 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-10-21 12:37:59 +02:00
Côme Chilliet 1a4978c4ea chore: Apply rector configuration to apps folder 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-09-20 17:51:00 +02:00
provokateurin 9836e9b164 chore(deps): Update nextcloud/coding-standard to v1.3.1 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-09-19 14:21:20 +02:00
Julien Veyssier 034917b790 fix(oauth2): store hashed secret instead of encrypted 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2024-09-02 14:38:39 +02:00
Artur Neumann cc44ec54ad invalidate oauth2 tokens only for seen users 
Signed-off-by: Artur Neumann <artur@jankaritech.com>
 2024-08-16 10:33:52 +02:00
provokateurin d8adbce1be refactor(oauth2): Replace security annotations with respective attributes 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-07-29 16:45:54 +02:00
Andy Scherzinger cc1686dba9 chore: Add SPDX header 
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
 2024-05-31 10:38:47 +02:00
Côme Chilliet eee9f1eec4 Always catch OCP versions of authentication exceptions 
And always throw OC versions for BC

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-01-11 14:02:15 +01:00
Joas Schilling aa5f037af7 chore: apply changes from Nextcloud coding standards 1.1.1 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2023-11-23 10:36:13 +01:00
Julien Veyssier d56950a6c9 adjust phpdoc types in OauthApiController 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-10-05 14:24:03 +02:00
Julien Veyssier c6da99474e rename oauth2_access_token's created_at to code_created_at 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-10-05 14:24:02 +02:00
Julien Veyssier 779e1d51ac delete oauth access token when receiving a code that has expired 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-10-05 14:24:02 +02:00
Julien Veyssier 1ab45bad5d refuse oauth authorization code if a token has already been delivered (active token) 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-10-05 14:24:02 +02:00
Julien Veyssier 7bba410997 cleanup access tokens that are still in authorization state and that have expired 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-10-05 14:24:02 +02:00
Julien Veyssier 2995b0948f add tests for oauth2 authorization code expiration 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-10-05 14:24:02 +02:00
Julien Veyssier 807f173dec make oauth2 authorization code expire after 10 minutes 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-10-05 14:24:02 +02:00
Joas Schilling 25309bcb45 techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-08-28 15:50:45 +02:00
jld3103 1c19c567fe oauth2: Add OpenAPI spec 
Signed-off-by: jld3103 <jld3103yt@gmail.com>
 2023-07-12 07:32:30 +02:00
Julien Veyssier 629adc318f add bruteforce protection in OauthApiController 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-06-19 11:18:06 +02:00
Julien Veyssier 18c742a901 encrypt oauth2 client secrets 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-06-07 11:36:08 +02:00
Artur Neumann f634badf12 public interface to invalidate tokens of user 
Signed-off-by: Artur Neumann <artur@jankaritech.com>
 2023-03-14 17:13:29 +01:00
Artur Neumann 21be557e2a invalidate existing tokens when deleting an oauth client 
Signed-off-by: Artur Neumann <artur@jankaritech.com>
 2023-03-14 17:13:23 +01:00
luz paz 9d26671f05 Fix typos in apps/ subdirectory 
Found via `codespell -q 3 -S l10n,./apps/files_external/3rdparty -L adn,ba,boxs,keypair,jus,optionel,ressource,tabel ./apps/`

Signed-off-by: luz paz <luzpaz@github.com>
Signed-off-by: nextcloud-command <nextcloud-command@users.noreply.github.com>
 2022-09-05 12:59:54 +00:00
Joas Schilling c6ae53096c More test fixing 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-12-01 22:17:19 +01:00
J0WI 3b656446af Introduce ISecureRandom::CHAR_ALPHANUMERIC 
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
 2021-07-08 15:11:31 +02:00
John Molakvoæ (skjnldsv) 215aef3cbd Update php licenses 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2021-06-04 22:02:41 +02:00
Christoph Wurst cb057829f7 Update license headers for 19 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-29 11:57:22 +02:00
Christoph Wurst 28f8eb5dba Add visibility to all constants 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-10 16:54:27 +02:00
Christoph Wurst caff1023ea Format control structures, classes, methods and function 
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.

This also removes and empty lines from method/function bodies at the
beginning and end.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-10 14:19:56 +02:00
Christoph Wurst 44577e4345 Remove trailing and in between spaces 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-09 16:07:47 +02:00
Christoph Wurst 1a9330cd69 Update the license headers for Nextcloud 19 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-03-31 14:52:54 +02:00
Daniel Kesselberg 509af24bc9 Fix invalid instantiation of TemplateResponse if client not found 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2020-03-15 11:55:07 +01:00
Christoph Wurst 5bf3d1bb38 Update license headers 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2019-12-05 15:38:45 +01:00
Roeland Jago Douma 68748d4f85 Some php-cs fixes 
* Order the imports
* No leading slash on imports
* Empty line before namespace
* One line per import
* Empty after imports
* Emmpty line at bottom of file

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-11-22 20:52:10 +01:00
Roeland Jago Douma 9e2bb5ef36 Move oauth admin settings to initialstate 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>
 2019-09-28 13:30:34 +00:00