Commit Graph

319 Commits

Author SHA1 Message Date
provokateurin bfb4fe8f86 fix(core): Stop abusing the cache for avatar upload
Signed-off-by: provokateurin <kate@provokateurin.de>
2025-09-25 13:08:14 +02:00
Joas Schilling 3df6d90a4c Revert "perf(base): Stop setting up the FS for every basic auth request" 2025-08-28 17:11:31 +02:00
provokateurin 5057d5fcc5 fix(core): Stop abusing the cache for avatar upload
Signed-off-by: provokateurin <kate@provokateurin.de>
2025-08-28 09:28:11 +00:00
John Molakvoæ 2b50d9b2c5 Revert "perf(base): Stop setting up the FS for every basic auth request" 2025-07-11 17:07:44 +02:00
provokateurin 24f7a2e680 fix(core): Stop abusing the cache for avatar upload
Signed-off-by: provokateurin <kate@provokateurin.de>
2025-07-08 11:38:59 +02:00
Robin Appelman aa15f9d16d chore: run rector
Signed-off-by: Robin Appelman <robin@icewind.nl>
2025-07-01 22:45:52 +02:00
Ferdinand Thiessen 5981b7eb51 chore: apply new CSFixer rules
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>

# Conflicts:
#	apps/settings/lib/SetupChecks/PhpOpcacheSetup.php
2025-07-01 16:26:50 +02:00
skjnldsv 9806a9830c feat(files_sharing): allow viewing files with download disabled
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
2025-06-26 11:47:53 +02:00
Robin Appelman 3561937816 chore: run rector on tests with new rule
Signed-off-by: Robin Appelman <robin@icewind.nl>
2025-06-12 18:38:29 +02:00
Robin Appelman 29e39c0a2e chore: run rector on tests
Signed-off-by: Robin Appelman <robin@icewind.nl>
2025-06-12 18:31:58 +02:00
Ferdinand Thiessen 96d423c8d3 chore: update openAPI files
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2025-06-09 19:24:26 +02:00
Joas Schilling c24f5fb256 test: Finish migrating tests/Core/ to PHPUnit 10 compatible code
Signed-off-by: Joas Schilling <coding@schilljs.com>
2025-05-02 16:47:42 +02:00
Marcel Müller ddd91793bc fix: Add etag tests to NavigationControllerTest
Signed-off-by: Marcel Müller <marcel-mueller@gmx.de>
2025-04-30 21:48:34 +02:00
Marcel Müller 1addd35b78 fix: Remove unneccesary etag check
Signed-off-by: Marcel Müller <marcel-mueller@gmx.de>
2025-04-29 23:15:50 +02:00
Misha M.-Kupriyanov d1a94f3c9c feat(login-flow-v2): Restrict allowed apps by user agent check
Enable via:
./occ config:system:set core.login_flow_v2.allowed_user_agents 0  --value '/Custom Foo Client/i'
./occ config:system:set core.login_flow_v2.allowed_user_agents 1  --value '/Custom Bar Client/i'

if user agent string is unknown
the template with "Access forbidden"-"Please use original client" will be displayed

Signed-off-by: Misha M.-Kupriyanov <kupriyanov@strato.de>
2025-04-23 09:45:23 +02:00
Richard Steinmetz 246da73a36 fix(oauth2): retain support for legacy ownCloud clients
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
2025-04-01 11:25:52 +02:00
Joas Schilling 522be60ff0 fix(phpunit): Remove some more withConsecutive calls
Signed-off-by: Joas Schilling <coding@schilljs.com>
2025-03-31 09:43:22 +02:00
Côme Chilliet f033ef7c18 fix: Migrate all uses of OCP\Template to OCP\Template\ITemplateManager
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-03-06 15:49:25 +01:00
Côme Chilliet f52b4c5eb2 fix: Remove skip of grant page, only skip first step
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-01-07 10:34:30 +01:00
Côme Chilliet 99e0867f0a chore: Adapt tests to added constructor parameters
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-01-07 10:34:30 +01:00
Benjamin Gaussorgues 22051a73c1 feat(login): add origin check at login
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2024-12-05 09:51:53 +01:00
skjnldsv b15fdfd40e chore(profile): move profile app from core to apps
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
2024-11-14 10:25:02 +01:00
Ferdinand Thiessen c84c256261 fix: Adjust preview for view-only shares
Previously there was a different behavior for public shares (link-shares) and internal shares,
if the user disabled the view permission.
The legacy UI for public shares simply "disabled" the context menu and hided all download actions.
With Nextcloud 31 all share types use the consistent permissions attributes,
which simplifies code, but caused a regression: Images can no longer been viewed.

Because on 30 and before the attribute was not set, previews for view-only files
were still allowed. Now with 31 we need a new way to allow "viewing" shares.

So this is allowing previews for those files, but only for internal usage.
This is done by settin a special header, which only works with custom requests,
and not by opening the URL directly.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-10-28 15:52:27 +01:00
Julius Knorr 606241caeb chore(legacy): Introduce public version ct plass and drop version methods from OC_Util
Signed-off-by: Julius Knorr <jus@bitgrid.net>
2024-09-20 14:53:34 +02:00
provokateurin 9836e9b164 chore(deps): Update nextcloud/coding-standard to v1.3.1
Signed-off-by: provokateurin <kate@provokateurin.de>
2024-09-19 14:21:20 +02:00
Christoph Wurst 49dd79eabb refactor: Add void return type to PHPUnit test methods
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2024-09-15 22:32:31 +02:00
Daniel Kesselberg af6de04e9e style: update codestyle for coding-standard 1.2.3
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2024-08-25 19:34:58 +02:00
Julius Härtl 6c1e896a03 fix: Ignore preview requests for invalid file ids
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2024-07-22 22:32:34 +02:00
Benjamin Gaussorgues e5275dbada feat: don't count failed CSRF as failed login attempt
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2024-07-11 09:27:33 +02:00
Daniel e5a6698ec0 Merge pull request #45811 from nextcloud/add-test-for-profile-page-controller
test: add tests for ProfilePageController
2024-06-12 14:49:03 +02:00
Daniel Kesselberg 98eb190e04 test: add tests for ProfilePageController
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2024-06-12 11:46:12 +02:00
skjnldsv 8bed23288b fix(files_sharing): dark avatar support
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
2024-06-12 10:27:29 +02:00
Andy Scherzinger 1f7e2ba599 chore: Add SPDX header
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
2024-05-13 17:41:36 +02:00
Christoph Wurst 22dc27810e fix(auth): Keep redirect URL during 2FA setup and challenge
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2024-04-19 10:24:26 +02:00
Ferdinand Thiessen 3fede00732 feat(login): Clear login form (password) after IDLE timeout
For security reasons it is recommended to stop the login process at a defined time,
this could prevent password leaks by e.g. user forgetting that they entered their password on public devices.

Enforced e.g. by the BSI ORP.4.A13 rule.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-03-25 12:22:53 +01:00
Eduardo Morales 685145714a chore: update logincontroller tests
Signed-off-by: Eduardo Morales <emoral435@gmail.com>
2024-03-10 11:36:42 -05:00
provokateurin 6243a9471d feat(core): Add OCS endpoint for confirming the user password
Signed-off-by: provokateurin <kate@provokateurin.de>
2024-02-20 14:28:00 +01:00
John Molakvoæ 4a509dfe8e fix: phpunit
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
2024-02-13 21:06:31 +01:00
Joas Schilling 2ee5c7a8f9 fix(tests): Fix remaining tests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2024-01-09 15:58:02 +01:00
Louis Chemineau db11313152 Fix tests after slow logout fix
Signed-off-by: Louis Chemineau <louis@chmn.me>
2024-01-08 19:09:48 +01:00
Gaspard d'Hautefeuille 85911cbab2 Cancel PR #37405, remove regression code
Signed-off-by: Gaspard d'Hautefeuille <github@dhautefeuille.eu>
2024-01-05 04:20:26 +01:00
Joas Schilling aa5f037af7 chore: apply changes from Nextcloud coding standards 1.1.1
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2023-11-23 10:36:13 +01:00
Ferdinand Thiessen 154a9989a7 Merge pull request #39852 from nextcloud/pragmaHeader
Stop sending deprecated Pragma header
2023-10-18 03:30:21 +02:00
Côme Chilliet ee39a47e84 Fix Dynamic property timeFactory in ClientFlowLoginControllerTest
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-10-09 10:30:54 +02:00
Julien Veyssier 807f173dec make oauth2 authorization code expire after 10 minutes
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
2023-10-05 14:24:02 +02:00
Joas Schilling 25309bcb45 techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-08-28 15:50:45 +02:00
Git'Fellow 066f6ef16c Stop sending deprecated Pragma header
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
2023-08-28 15:11:22 +02:00
John Molakvoæ 266fb31180 fix(tests): preview phpunit
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
2023-08-17 18:58:21 +02:00
jld3103 1be836273d core: Add OpenAPI spec
Signed-off-by: jld3103 <jld3103yt@gmail.com>
2023-07-13 07:24:15 +02:00
Joas Schilling 33385d7ecb fix(tests): Adjust unit tests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-05-15 16:12:14 +02:00