averello/nextcloud-server-mirror
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-03-04 18:28:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,443 Commits 712 Branches 1,186 Tags
stable29
Commit Graph

694 Commits

Author SHA1 Message Date
Marcel Klehr
709b1bb91e fix(TextToImage): Refactor scheduling mechanism 2026-02-05 14:54:16 +00:00
Julien Veyssier
1251cdc637 fix(ai-apis): reject text inputs that are longer than 64K chars 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2025-11-12 12:30:13 +01:00
Richard Steinmetz
7bc0079074 fix: update request token on two-factor pages 
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
 2025-11-12 09:53:53 +01:00
Richard Steinmetz
20259a3dc8 fix: generate csrf tokens if two factor challenge is ongoing 
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
 2025-11-12 09:50:46 +01:00
Joas Schilling
ae98530243 Merge pull request #55794 from nextcloud/backport/55776/stable29
Some checks failed
Integration sqlite / changes (push) Has been cancelled
Integration sqlite / integration-sqlite (8.2, stable29, --tags ~@large files_features) (push) Has been cancelled
Integration sqlite / integration-sqlite (8.2, stable29, capabilities_features) (push) Has been cancelled
Integration sqlite / integration-sqlite (8.2, stable29, collaboration_features) (push) Has been cancelled
Integration sqlite / integration-sqlite (8.2, stable29, comments_features) (push) Has been cancelled
Integration sqlite / integration-sqlite (8.2, stable29, dav_features) (push) Has been cancelled
Integration sqlite / integration-sqlite (8.2, stable29, features) (push) Has been cancelled
Integration sqlite / integration-sqlite (8.2, stable29, federation_features) (push) Has been cancelled
Integration sqlite / integration-sqlite (8.2, stable29, filesdrop_features) (push) Has been cancelled
Integration sqlite / integration-sqlite (8.2, stable29, ldap_features) (push) Has been cancelled
Integration sqlite / integration-sqlite (8.2, stable29, openldap_features) (push) Has been cancelled
Integration sqlite / integration-sqlite (8.2, stable29, openldap_numerical_features) (push) Has been cancelled
Integration sqlite / integration-sqlite (8.2, stable29, remoteapi_features) (push) Has been cancelled
Integration sqlite / integration-sqlite (8.2, stable29, setup_features) (push) Has been cancelled
Integration sqlite / integration-sqlite (8.2, stable29, sharees_features) (push) Has been cancelled
Integration sqlite / integration-sqlite (8.2, stable29, sharing_features) (push) Has been cancelled
Integration sqlite / integration-sqlite (8.2, stable29, videoverification_features) (push) Has been cancelled
Integration sqlite / integration-sqlite-summary (push) Has been cancelled
[stable29] fix(TextToImage): Set better attribute for routes
 2025-10-16 15:01:13 +02:00
Marcel Klehr
5b851f81f5 fix(TextToImage): Set better attribute for routes 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2025-10-15 16:29:14 +02:00
Marcel Klehr
0d79f64ba7 fix(TextProcessingApiController): Set better attribute on routes 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2025-10-15 10:05:52 +02:00
Ferdinand Thiessen
f9b08eecdb fix: handle IDLE timeout 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2025-06-03 15:34:30 +02:00
Richard Steinmetz
a34029b9dc fix(oauth2): retain support for legacy ownCloud clients 
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
 2025-04-02 10:28:21 +02:00
Louis Chemineau
ff5a03e890 feat: Close sessions created for login flow v2 
Sessions created during the login flow v2 should be short lived to not leave an unexpected opened session in the browser.

This commit add a property to the session object to track its origin, and will close it as soon as possible, i.e., on the first non public page request.

Signed-off-by: Louis Chemineau <louis@chmn.me>

[skip ci]

Signed-off-by: Louis Chemineau <louis@chmn.me>
 2025-03-03 11:38:04 +01:00
Julius Härtl
24993f988b fix: Add direct parameter to flow auth v2 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2024-08-06 22:44:34 +02:00
Julius Härtl
23ec547af0 fix: Ignore preview requests for invalid file ids 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2024-07-29 08:16:30 +02:00
Benjamin Gaussorgues
3e2600bf86 feat: don't count failed CSRF as failed login attempt 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-07-11 14:15:20 +02:00
Arthur Schiwon
464cfce9b5 Merge pull request #44977 from nextcloud/backport/44745/stable29 
[stable29] fix(auth): Keep redirect URL during 2FA setup and challenge
 2024-06-12 19:37:41 +02:00
Daniel Kesselberg
73703eb276 test: add tests for ProfilePageController 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2024-06-12 18:21:58 +02:00
provokateurin
ac4ead61af fix(core): Return X-NC-IsCustomAvatar for guest avatars too 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-06-12 11:06:10 +00:00
skjnldsv
7327803816 fix(files_sharing): dark avatar support 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2024-06-12 11:06:10 +00:00
skjnldsv
4ad83e9fa3 fix(core): allow guest avatar fallback 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2024-06-12 11:06:10 +00:00
Arthur Schiwon
f0494ec17a fix(Session): avoid password confirmation on SSO 
SSO backends like SAML and OIDC tried a trick to suppress password
confirmations as they are not possible by design. At least for SAML it was
not reliable when existing user backends where used as user repositories.

Now we are setting a special scope with the token, and also make sure that
the scope is taken over when tokens are regenerated.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-06-11 20:19:18 +02:00
John Molakvoæ (skjnldsv)
2c2a5a25ac fix(core): unsupported browser redirect url 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2024-06-07 08:58:58 +02:00
Joas Schilling
7f6ee0cb9f fix(search): Limit maximum number of search results 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-05-15 07:54:00 +00:00
Christoph Wurst
67071f8875 fix(auth): Keep redirect URL during 2FA setup and challenge 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2024-04-23 07:38:33 +00:00
Côme Chilliet
0b332ceac2 fix: Apply new coding standard to all files 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-04-04 11:45:22 +02:00
Ferdinand Thiessen
3fede00732 feat(login): Clear login form (password) after IDLE timeout 
For security reasons it is recommended to stop the login process at a defined time,
this could prevent password leaks by e.g. user forgetting that they entered their password on public devices.

Enforced e.g. by the BSI ORP.4.A13 rule.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-03-25 12:22:53 +01:00
fenn-cs
2792d8b3f5 feat: Limit email input on auth pages to 255 chars 
Excessively long emails reported make server unresponsive.

We could at some point, consider adding a configuration for sysadmins to bypass this setting
on their instance if they want.

Signed-off-by: fenn-cs <fenn25.fn@gmail.com>
 2024-03-21 10:34:55 +01:00
Eduardo Morales
0de6cc7472 feat: added login's initial possible email-states 
Signed-off-by: Eduardo Morales <emoral435@gmail.com>
 2024-03-10 10:32:21 -05:00
Robin Appelman
fd4ca13867 Merge pull request #43471 from nextcloud/cache-path-by-id 
Cache path by id
 2024-03-05 17:26:25 +01:00
Julius Härtl
c7813bfdaf feat: Implement team provider api 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2024-03-05 08:13:58 +01:00
Robin Appelman
e7a7b4a401 perf: switch places that always use the first getById result to getFirstNodeById 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2024-03-04 13:57:31 +01:00
provokateurin
2c51933b6b refactor(core): Switch to attribute based routing 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-02-21 12:07:50 +01:00
provokateurin
6243a9471d feat(core): Add OCS endpoint for confirming the user password 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-02-20 14:28:00 +01:00
provokateurin
d95e500e45 feat(core): Expose the confirm password endpoint 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-02-20 08:04:13 +01:00
John Molakvoæ
4a509dfe8e fix: phpunit 
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
 2024-02-13 21:06:31 +01:00
John Molakvoæ
9593f4d6f9 fix: openapi 
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
 2024-02-13 21:06:31 +01:00
Vincent Petry
839ddaa354 feat: rename users to account or person 
Replace translated text in most locations

Signed-off-by: Vincent Petry <vincent@nextcloud.com>
 2024-02-13 21:06:30 +01:00
Côme Chilliet
6fc5cef6e9 fix: Support other schemes than HTTP and HTTPS in app navigation 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-02-06 09:36:39 +01:00
Côme Chilliet
4f69f49a75 fix: Revert external url support in icon as it’s not allowed 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-02-06 09:36:39 +01:00
Côme Chilliet
4fb5c15db5 Allow application to pass external links in navigation 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-02-06 09:36:39 +01:00
provokateurin
b64ab5fba8 refactor: Migrate IgnoreOpenAPI attributes to OpenAPI 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-01-18 16:14:17 +01:00
Côme Chilliet
95ea6188dc Suppress or fix psalm errors related to InvalidTokenException 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-01-11 14:02:15 +01:00
Côme Chilliet
eee9f1eec4 Always catch OCP versions of authentication exceptions 
And always throw OC versions for BC

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-01-11 14:02:15 +01:00
Joas Schilling
0b591916d6 fix(openapi): Make OpenAPI CI green again 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-01-11 12:29:19 +01:00
Ferdinand Thiessen
949e09ccb7 enh(core): Refactor profile page to use vue components 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-01-10 11:22:27 -06:00
Gaspard d'Hautefeuille
08ff644f3c Keep https check 
https://github.com/nextcloud/server/issues/41196 + keep https check

Co-authored-by: Louis <louis@chmn.me>
Signed-off-by: Gaspard d'Hautefeuille <github@dhautefeuille.eu>
 2024-01-05 04:20:26 +01:00
Gaspard d'Hautefeuille
85911cbab2 Cancel PR #37405, remove regression code 
Signed-off-by: Gaspard d'Hautefeuille <github@dhautefeuille.eu>
 2024-01-05 04:20:26 +01:00
Joas Schilling
aa5f037af7 chore: apply changes from Nextcloud coding standards 1.1.1 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2023-11-23 10:36:13 +01:00
Benjamin Gaussorgues
33837e7d6f Fix invalid users/groups handling in advanced search 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2023-11-15 10:17:43 +01:00
Joas Schilling
0feb55ee93 Merge pull request #41271 from nextcloud/enh/text-processing-iprovider2 
enh(TextProcessing): Add two new provider interfaces
 2023-11-13 10:49:14 +01:00
Benjamin Gaussorgues
c753eefb21 feat(search): Allow multiple search terms in UnifiedController 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2023-11-10 09:21:16 +01:00
Marcel Klehr
b45007f38f Merge branch 'master' into enh/text-processing-iprovider2 2023-11-09 13:46:18 +01:00