Commit Graph

391 Commits

Author SHA1 Message Date
Daniel Kesselberg af6de04e9e style: update codestyle for coding-standard 1.2.3
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2024-08-25 19:34:58 +02:00
Julius Härtl e4fa36e231 fix: Fix failing test for group listing
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2024-08-06 21:06:44 +02:00
Côme Chilliet 1e2155993d chore(tests): Adapt tests to the group:list change
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2024-08-06 14:43:44 +02:00
Julius Härtl 6c1e896a03 fix: Ignore preview requests for invalid file ids
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2024-07-22 22:32:34 +02:00
Benjamin Gaussorgues e5275dbada feat: don't count failed CSRF as failed login attempt
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2024-07-11 09:27:33 +02:00
Daniel e5a6698ec0 Merge pull request #45811 from nextcloud/add-test-for-profile-page-controller
test: add tests for ProfilePageController
2024-06-12 14:49:03 +02:00
Daniel Kesselberg 98eb190e04 test: add tests for ProfilePageController
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2024-06-12 11:46:12 +02:00
skjnldsv 8bed23288b fix(files_sharing): dark avatar support
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
2024-06-12 10:27:29 +02:00
Andy Scherzinger 1f7e2ba599 chore: Add SPDX header
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
2024-05-13 17:41:36 +02:00
Christoph Wurst 22dc27810e fix(auth): Keep redirect URL during 2FA setup and challenge
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2024-04-19 10:24:26 +02:00
Côme Chilliet ec5133b739 fix: Apply new coding standard to all files
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2024-04-02 14:16:21 +02:00
Ferdinand Thiessen 3fede00732 feat(login): Clear login form (password) after IDLE timeout
For security reasons it is recommended to stop the login process at a defined time,
this could prevent password leaks by e.g. user forgetting that they entered their password on public devices.

Enforced e.g. by the BSI ORP.4.A13 rule.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-03-25 12:22:53 +01:00
Eduardo Morales 685145714a chore: update logincontroller tests
Signed-off-by: Eduardo Morales <emoral435@gmail.com>
2024-03-10 11:36:42 -05:00
Louis Chemineau 72f7b80153 Revert change in TwoFactorAuth CleanupTest.php
Signed-off-by: Louis Chemineau <louis@chmn.me>
2024-03-06 16:46:35 +01:00
Louis Chemineau fcdc8b47f2 fix(files_versions): Improve files version listing
Signed-off-by: Louis Chemineau <louis@chmn.me>
2024-03-06 10:15:31 +01:00
Anupam Kumar ce24923f4c add generate-password option and flow fixes
Signed-off-by: Anupam Kumar <kyteinsky@gmail.com>
2024-02-24 04:56:52 +05:30
Anupam Kumar a92c507cb6 new user password email option, improved on #29368
Signed-off-by: Anupam Kumar <kyteinsky@gmail.com>
2024-02-24 04:56:52 +05:30
Philip Gatzka b587ec39f4 Enable adding E-Mail addresses to new user accounts using the CLI
Signed-off-by: Philip Gatzka <philip.gatzka@mailbox.org>
2024-02-24 04:56:52 +05:30
provokateurin 6243a9471d feat(core): Add OCS endpoint for confirming the user password
Signed-off-by: provokateurin <kate@provokateurin.de>
2024-02-20 14:28:00 +01:00
John Molakvoæ 4a509dfe8e fix: phpunit
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
2024-02-13 21:06:31 +01:00
Maxence Lange f7d0c74b10 lazy AppConfig
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2024-01-15 15:45:13 -01:00
Joas Schilling 2ee5c7a8f9 fix(tests): Fix remaining tests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2024-01-09 15:58:02 +01:00
Louis Chemineau db11313152 Fix tests after slow logout fix
Signed-off-by: Louis Chemineau <louis@chmn.me>
2024-01-08 19:09:48 +01:00
Gaspard d'Hautefeuille 85911cbab2 Cancel PR #37405, remove regression code
Signed-off-by: Gaspard d'Hautefeuille <github@dhautefeuille.eu>
2024-01-05 04:20:26 +01:00
Joas Schilling aa5f037af7 chore: apply changes from Nextcloud coding standards 1.1.1
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2023-11-23 10:36:13 +01:00
Ferdinand Thiessen 154a9989a7 Merge pull request #39852 from nextcloud/pragmaHeader
Stop sending deprecated Pragma header
2023-10-18 03:30:21 +02:00
Côme Chilliet ee39a47e84 Fix Dynamic property timeFactory in ClientFlowLoginControllerTest
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-10-09 10:30:54 +02:00
Julien Veyssier 807f173dec make oauth2 authorization code expire after 10 minutes
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
2023-10-05 14:24:02 +02:00
Côme Chilliet 0c421975bd Remove last calls to deprecated at matcher in tests/Core
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-09-18 10:21:21 +02:00
Joas Schilling 6f520f2304 Merge pull request #40026 from lhsazevedo/auth-token-commands
feat: Add auth token list and delete commands
2023-08-29 08:57:07 +02:00
Joas Schilling 25309bcb45 techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-08-28 15:50:45 +02:00
Git'Fellow 066f6ef16c Stop sending deprecated Pragma header
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
2023-08-28 15:11:22 +02:00
Lucas Azevedo 771a7b92cc Add tests for occ user:auth-tokens:delete
Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>
2023-08-25 02:27:41 -03:00
John Molakvoæ 266fb31180 fix(tests): preview phpunit
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
2023-08-17 18:58:21 +02:00
jld3103 1be836273d core: Add OpenAPI spec
Signed-off-by: jld3103 <jld3103yt@gmail.com>
2023-07-13 07:24:15 +02:00
Faraz Samapoor fd0e2f711a Fixes testcase error.
Signed-off-by: Faraz Samapoor <fsa@adlas.at>
2023-06-24 23:14:23 +02:00
Joas Schilling 33385d7ecb fix(tests): Adjust unit tests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-05-15 16:12:14 +02:00
Ferdinand Thiessen dc9d8c42bb fix: Adjust console formatter code to match with Symfony type hints
Symfony has added type hints on the `OutputFormatterInterface`,
so we must adjust our type hints to match with Symfony.

Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>
2023-04-17 18:35:10 +02:00
Joshua Trees a4032a3800 Add some tests for input trimming in LostController.php
Signed-off-by: Joshua Trees <me@jtrees.io>
2023-04-05 12:15:38 +02:00
Git'Fellow 346054f854 Fix tests
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
2023-03-28 09:41:04 +02:00
Joas Schilling 59578817f5 Merge pull request #36489 from nextcloud/bugfix/noid/brute-force-protection-password-reset
Add bruteforce protection to password reset page
2023-02-06 22:12:25 +01:00
Joas Schilling 875e6cf7e6 fix(CI): Adjust expected result
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-02-06 11:26:38 +01:00
Christoph Wurst 88d116ba84 fix(client-login-flow): Handle missing stateToken gracefully
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-02-06 09:42:15 +01:00
Côme Chilliet 003cc2b45a Fix tests failures (number of calls differed with last rebase)
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-01-24 09:38:20 +01:00
Carl Schwan a23cd7b961 Fix a bunch of deprecation in the phpunit for core
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2023-01-24 09:34:09 +01:00
Joas Schilling 1c099c7f17 Fix broken user:setting command unit test
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-01-23 07:01:22 +01:00
Côme Chilliet f5c361cf44 composer run cs:fix
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-01-20 11:45:08 +01:00
Christoph Wurst 20fcfb5739 feat(app framework)!: Inject services into controller methods
Usually Nextcloud DI goes through constructor injection. This has the
implication that each instance of a class builds the full DI tree. That
is the injected services, their services, etc. Occasionally there is a
service that is only needed for one controller method. Then the DI tree
is build regardless if used or not.

If services are injected into the method, we only build the DI tree if
that method gets executed.

This is also how Laravel allows injection.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-01-18 14:00:38 +01:00
Christoph Wurst f22101d421 Fix login loop if login CSRF fails and user is not logged in
If CSRF fails but the user is logged in that they probably logged in in
another tab. This is fine. We can just redirect.
If CSRF fails and the user is also not logged in then something is
fishy. E.g. because Nextcloud contantly regenrates the session and the
CSRF token and the user is stuck in an endless login loop.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-01-18 09:39:17 +01:00
Christoph Wurst 138deec333 chore: Make the LoginController strict
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2022-12-15 10:52:28 +01:00