Apps implementing OCM endpoints via OCMEndpointRequestEvent (e.g.
SUNET/nextcloud-ocm_request_share for request-share, nextcloud/contacts
for invite-accepted) need to apply the same identity check that the
built-in addShare and receiveNotification handlers apply, so it makes
sense to make it publicly accessible.
It also allows us to refactor RequestHandlerController::confirmSignedOrigin
to use the new public method and drop the confirmNotificationIdentity helper.
Signed-off-by: Micke Nordin <kano@sunet.se>
This commit switches the default signature algorithm to
ecdsa-p256-sha256 instead of Ed25519. This allows us to make sodium
optional again, and we only pull it in to use it for verifying incomming
signatures. If sodium is not installed, we throw on Ed25519 signatures
instead. At least it is easy for most people to make their Nextcloud
install fully RFC compliant by installing sodium.
I also renamed all the Ed25519 function names to be more precis, using
Jwks for the JSON Web Keys, and RFC9421 for the http-signature code,
where it is needed to distinguish from draft-cavage signatures.
Signed-off-by: Micke Nordin <kano@sunet.se>
Promote ext-sodium from recommended to required so RFC 9421 Ed25519
signing/verifying can rely on libsodium unconditionally. Add the
matching openssl + sodium psalm stubs.
Signed-off-by: Micke Nordin <kano@sunet.se>
Adds an NcDialog confirmation to the Revoke action; deletion was
previously instant on click. When the token is marked for remote
wipe, the dialog surfaces a warning and the destructive button
switches to "Cancel wipe and revoke" so cancelling an in-flight
wipe is an explicit opt-in.
Also migrates the existing Wipe confirm from the legacy
window.OC.dialogs.confirm helper to NcDialog, matching the new
delete dialog. The auth token store actions are now pure API
callers; the UI does the gating.
Signed-off-by: Peter Ringelmann <peter.ringelmann@nextcloud.com>
iconv transliteration is locale- and config-dependent and fails silently
on some setups. UnicodeString::ascii() from symfony/string uses a built-in
transliteration table backed by symfony/polyfill-intl-normalizer, so it
works on all setups without requiring optional PHP extensions.
Assisted-by: Claude:claude-sonnet-4-6
Signed-off-by: Christoph Wurst <1374172+ChristophWurst@users.noreply.github.com>
- resolves https://github.com/nextcloud/end_to_end_encryption/issues/1733
The internal basename is often not known by users, e.g. groupfolders or
in this case e2ee can define displaynames other than the shown name.
Same for e.g. mount points of shares.
So we need to show the displayname instead.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
Was fixed in Nextcloud 16, so future versions should not generate this anymore.
So the delete attempt can be skipped, after doing it once.
We are keeping this to ensure it also runs after migrating from ownCloud
Signed-off-by: Joas Schilling <coding@schilljs.com>