Merge pull request #4409 from nextcloud/socialharing_mail

Allow social sharing to specify if a new window is opened

Merge pull request #4404 from Ardinis/master

Remove json handling for files_external:config

Merge pull request #3595 from nextcloud/dav-sharing-changes

Restrict DAV share handling to the owner only

Fix unit tests

Signed-off-by: Morris Jobke <hey@morrisjobke.de>

Merge pull request #4411 from nextcloud/fix-it

Remove accidentially commited module

Remove accidentially commited module

Signed-off-by: Morris Jobke <hey@morrisjobke.de>

Merge pull request #4402 from nextcloud/fix-clickable-area

Fix clickable area in share permissions menu

Merge pull request #4303 from nextcloud/enforce-password-mailshare

allow admin to enforce password on mail shares

fix typo

Signed-off-by: Morris Jobke <hey@morrisjobke.de>

Fix casing

Signed-off-by: Morris Jobke <hey@morrisjobke.de>

fix unit tests

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>

respect password policy for auto generated passwords

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>

improve mail text

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>

create activity if a password was send by mail

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>

allow to set a password for shares which where created without a password before the admin started to enforce the password

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>

templates no longer needed

allow admin to enforce password on mail shares

Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>

Allow social sharing to specify if a new window is opened

For example mail shares should not open a new window because it looks
weird.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

reviewed

Merge pull request #4398 from nextcloud/fix_accesslistcode

Get proper accesslist for userFolder

Merge pull request #4212 from individual-it/master

validate file name before uploading in upload only folder

Fix remaining "PHP Inspection" warnings

Signed-off-by: Joas Schilling <coding@schilljs.com>

Add public access modifier to all methods

Signed-off-by: Joas Schilling <coding@schilljs.com>

Restrict share handling to the owner only

Otherwise group members can remove the share for the complete group,
remove edit permissions and even single user shares for other users.

Signed-off-by: Joas Schilling <coding@schilljs.com>

Get proper accesslist for userFolder

If the accesslist is requested for a users root folder we should
properly construct the path

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Merge pull request #4381 from nextcloud/2954_take_2

Fix group settings routes and fix route regression

[tx-robot] updated from transifex

Merge pull request #4384 from nextcloud/renderHtml-fix

Rename renderHTML to renderHtml

Fix clickable area in share permissions menu

Signed-off-by: Morris Jobke <hey@morrisjobke.de>

Rename renderHTML to renderHtml

* fixes #4383
* improves consistency

Signed-off-by: Morris Jobke <hey@morrisjobke.de>

Merge pull request #4387 from nextcloud/fix-little-glitch

Fix font-weight of settings button

Merge pull request #4388 from nextcloud/remove-unused-stuff

Remove unused CSS styles

Merge pull request #4386 from nextcloud/improve-menu-css

Improve menu CSS

Improve menu CSS

* fix mess with menus and actions in the files app
* reduces amount of !important usages
* keeps the behaviour on mobile as well as on desktop

Signed-off-by: Morris Jobke <hey@morrisjobke.de>

Merge pull request #4385 from nextcloud/remove-unused-css

Remove unused CSS

Merge pull request #4395 from nextcloud/fix_4394

Do not show empty admin sections

Do not show empty admin sections

Fixes #4393

It is far from efficient code. But then again it is easy to understand
and I doubt admins will browse it 24/7

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Merge pull request #4382 from nextcloud/use-proper-reply-to

Add "Reply-To" on ShareByMailProvider mails

Fix indentation

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>

Merge pull request #4350 from nextcloud/adjust-old-bruteforce-protection-annotations

Adjust existing bruteforce protection code

Remove unused CSS styles

* could not find an traces of .popup and .arrow anywhere else

Signed-off-by: Morris Jobke <hey@morrisjobke.de>

Fix font-weight of settings button

Signed-off-by: Morris Jobke <hey@morrisjobke.de>

Remove unused CSS

Signed-off-by: Morris Jobke <hey@morrisjobke.de>

Merge pull request #4371 from nextcloud/dont-allow-dot-usernames

Better validation of allowed user names

[tx-robot] updated from transifex

[tx-robot] updated from transifex

Merge pull request #4369 from nextcloud/fix-translations

Fix translations

Merge pull request #3585 from nextcloud/popover-clickable-area

expand clickable area of popover menu entries to full width

Merge pull request #4379 from nextcloud/nicely-designed-confirmation-mail

Beautify test email

expand clickable area of popover menu entries to full width

Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>

Fix translations

Signed-off-by: Joas Schilling <coding@schilljs.com>

Merge pull request #4380 from nextcloud/show-instance-name-in-from

Add instance name to default sender

Beautify test email

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>

Merge pull request #4372 from nextcloud/smtp-password

Don't put the SMTP password into the HTML code

[tx-robot] updated from transifex

Add "Reply-To" on ShareByMailProvider mails

Fixes https://github.com/nextcloud/server/issues/4209

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>

Fix unit tests

Signed-off-by: Morris Jobke <hey@morrisjobke.de>

Make group settings routes explicit

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Revert "Match slashes in ../{id} resource routes"

This reverts commit 31f9be7a75712e9f8b7831ed29397527f9fa8baf.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Add instance name to default sender

Otherwise your mail program shows "foo@mail.com" instead of "Nextcloud" or whatever your instance name is.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>

Merge pull request #4376 from nextcloud/add-bruteforce-protection-to-change-self-password

Add bruteforce protection to changePersonalPassword

Add bruteforce protection to changePersonalPassword

While the risk is actually quite low because one would already have the user session and could potentially do other havoc it makes sense to throttle here in case of invalid previous password attempts.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>

remove accidently left over *f*it

Signed-off-by: Artur Neumann <info@individual-it.net>

JS tests for upload only function

Signed-off-by: Artur Neumann <info@individual-it.net>

refactor to make it easier to test

Signed-off-by: Artur Neumann <info@individual-it.net>

Fix some more stuff

Signed-off-by: Joas Schilling <coding@schilljs.com>

Fix tests

Signed-off-by: Joas Schilling <coding@schilljs.com>

Don't put the SMTP password into the HTML code

Signed-off-by: Joas Schilling <coding@schilljs.com>

Better validation of allowed user names

Signed-off-by: Joas Schilling <coding@schilljs.com>

[tx-robot] updated from transifex

[tx-robot] updated from transifex

[tx-robot] updated from transifex

Merge pull request #2834 from nextcloud/accesListToShareManager

Access list to share manager

[tx-robot] updated from transifex

Remove json handling for files_external:config

#4347

Adjust existing bruteforce protection code

- Moves code to annotation
- Adds the `throttle()` call on the responses on existing annotations

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>

Merge pull request #4330 from nextcloud/activities-for-password-mail-change

Add activities when email or password is changed

Merge pull request #4346 from nextcloud/properly-do-bruteforce-protection-via-annotation

Make BruteForceProtection annotation more clever

[tx-robot] updated from transifex

Fix autoloader

Signed-off-by: Morris Jobke <hey@morrisjobke.de>

Make BruteForceProtection annotation more clever

This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware.

Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>

Merge pull request #4326 from nextcloud/downstream-27562

Reorder the entries of the log for easier reading

Merge pull request #4308 from nextcloud/lost-password-email

Update email template for lost password email

Merge pull request #2424 from nextcloud/fix-login-controller-test-consolidate-login

Fix login controller test and consolidate login

Improve PHPDoc

Signed-off-by: Morris Jobke <hey@morrisjobke.de>

Merge pull request #4337 from nextcloud/fix-adblock-share-icon

Fix AdBlock blocking share icon, ref #866

Use constants

Signed-off-by: Joas Schilling <coding@schilljs.com>

Merge pull request #4341 from nextcloud/local-link-explanation

Explain local link

Explain local link

The local link is a clever thing and the clients should support this imho but it might not be clear to all users. For one, the term 'local link' is a bit odd. Local with respect to what? It links directly to the file or folder, so direct link seems to make more sense to me. And we should explain the difference with a public link. So this PR:
* renames local link to direct link
* adds a short explanation, noting it only works for users who have access to this file/folder.

As other links are called public link you could also consider calling this 'private link', I suppose. But the links we sent by mail to ppl could also be called 'private link' (they are for one user, who git it by email) so I think it might be confusing. What do @nextcloud/designers think?

Signed-off-by: Morris Jobke <hey@morrisjobke.de>

Merge pull request #4336 from nextcloud/add-ratelimiting

Add support for ratelimiting via annotations

Merge pull request #4342 from nextcloud/update-certificate-bundle

Update CA bundle

Merge pull request #4344 from nextcloud/dont-load-handlebars

Don't load handlebars in template

Mail shares trigger the public key

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Update autoloader

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Fix server container registration

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Don't load handlebars in template

It's already loaded in core.json

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>

Not needed in the DIContainer anymore

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Do not set full path if not currentAccess

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Add samples to the docs

Signed-off-by: Joas Schilling <coding@schilljs.com>

Add more tests for the share helper

Signed-off-by: Joas Schilling <coding@schilljs.com>