summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* [tx-robot] updated from transifexNextcloud bot2017-09-0862-224/+316
|
* Merge pull request #6360 from nextcloud/fix/session-timeout-refresh-csrf-tokenLukas Reschke2017-09-071-5/+8
|\ | | | | Fix failing csp/nonce check due to timed out session
| * Fix failing csp/nonce check due to timed out sessionChristoph Wurst2017-09-041-5/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The CSP nonce is based on the CSRF token. This token does not change, unless you log in (or out). In case of the session data being lost, e.g. because php gets rid of old sessions, a new CSRF token is gen- erated. While this is fine in theory, it actually caused some annoying problems where the browser restored a tab and Nextcloud js was blocked due to an outdated nonce. The main problem here is that, while processing the request, we write out security headers relatively early. At that point the CSRF token is known/generated and transformed into a CSP nonce. During this request, however, we also log the user in because the session information was lost. At that point we also refresh the CSRF token, which eventually causes the browser to block any scripts as the nonce in the header does not match the one which is used to include scripts. This patch adds a flag to indicate whether the CSRF token should be refreshed or not. It is assumed that refreshing is only necessary if we want to re-generate the session id too. To my knowledge, this case only happens on fresh logins, not when we recover from a deleted session file. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Merge pull request #6379 from nextcloud/ensure-password-complexityLukas Reschke2017-09-071-1/+3
|\ \ | | | | | | Make sure the password contains special characters
| * | Make sure the password contains special charactersJoas Schilling2017-09-071-1/+3
| | | | | | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | | Merge pull request #6380 from nextcloud/cleanup-oci-setupLukas Reschke2017-09-071-173/+22
|\ \ \ | |/ / |/| | cleanup oci setup code
| * | cleanup oci setup codeRobin Appelman2017-09-061-173/+22
| | | | | | | | | | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* | | Merge pull request #6398 from nextcloud/revert-6394-navigation-mail-fixMorris Jobke2017-09-071-2/+1
|\ \ \ | | | | | | | | Revert "Fix active entry highlight in certain apps"
| * | | Revert "Fix active entry highlight in certain apps"Morris Jobke2017-09-071-2/+1
|/ / /
* | | Merge pull request #6394 from nextcloud/navigation-mail-fixMorris Jobke2017-09-071-1/+2
|\ \ \ | | | | | | | | Fix active entry highlight in certain apps
| * | | Fix active entry highlight in certain appsJan-Christoph Borchardt2017-09-071-1/+2
| | | | | | | | | | | | | | | | Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
* | | | Merge pull request #6329 from nextcloud/ldap-passwordMorris Jobke2017-09-071-3/+9
|\ \ \ \ | | | | | | | | | | Don't log LDAP password when server is not available
| * | | | Don't log LDAP password when server is not availableJoas Schilling2017-09-061-3/+9
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | | | | Merge pull request #6381 from nextcloud/fix-error-messageRoeland Jago Douma2017-09-071-6/+6
|\ \ \ \ \ | |_|/ / / |/| | | | Fix "Uninitialized string offset: 0 at \/media\/psf\/stable9\/lib\/pr…
| * | | | Fix "Uninitialized string offset: 0 at ↵Lukas Reschke2017-09-071-6/+6
|/ / / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | \/media\/psf\/stable9\/lib\/private\/URLGenerator.php#224" The URLGenerator doesn't support `` as target for absolute URLs, we need to link to `/` thus. Regression introduced with https://github.com/nextcloud/server/commit/46229a00f39e507249dbe3ceb7507277da3fa4f8 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* | | | [tx-robot] updated from transifexNextcloud bot2017-09-0710-2/+58
| | | |
* | | | Merge pull request #6332 from lukanetconsult/hotfix/6028-realpath-on-webrootMorris Jobke2017-09-062-64/+68
|\ \ \ \ | | | | | | | | | | Refactor webroot detection in resource locator
| * | | | Refactor webroot detection in resource locatortux-rampage2017-09-062-64/+68
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The current implementation breaks installations with symlinks to directories inside the webroot (i.E. apps). With this change both variants, directory and symlinks, will be detected correctly. Fixes: #6028 Signed-off-by: Axel Helmert <axel.helmert@luka.de>
* | | | | Merge pull request #5304 from ↵Morris Jobke2017-09-064-5/+134
|\ \ \ \ \ | |/ / / / |/| | | | | | | | | | | | | | nextcloud/bugfix/2855/dont_send_invitations_for_past_events don't send invitation emails for past events
| * | | | Sabre/VObject returns DateTimeImmutable, not a simple DateTimeGeorg Ehrke2017-09-052-7/+13
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Georg Ehrke <developer@georgehrke.com>
| * | | | don't send invitation emails for past eventsGeorg Ehrke2017-09-054-5/+128
| | | | | | | | | | | | | | | | | | | | Signed-off-by: Georg Ehrke <developer@georgehrke.com>
* | | | | Merge pull request #5571 from Luzifer/5570_backend_adminMorris Jobke2017-09-063-0/+10
|\ \ \ \ \ | | | | | | | | | | | | Allow group backend to declare users as admins
| * | | | | Add @since tag to constantKnut Ahlers2017-09-051-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Knut Ahlers <knut@ahlers.me>
| * | | | | Allow group backend to declare users as adminsKnut Ahlers2017-06-303-0/+7
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Knut Ahlers <knut@ahlers.me>
* | | | | | Merge pull request #6377 from nextcloud/fix-included-fileMorris Jobke2017-09-061-1/+1
|\ \ \ \ \ \ | | | | | | | | | | | | | | Properly include file
| * | | | | | Properly include fileLukas Reschke2017-09-061-1/+1
| | |_|/ / / | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | Regression from https://github.com/nextcloud/server/commit/005ef115fbffecb22a7ac9e65425419aca90c1aa Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* | | | | | Merge pull request #6247 from nextcloud/oauth-state-undefinedMorris Jobke2017-09-062-0/+13
|\ \ \ \ \ \ | | | | | | | | | | | | | | Fix undefined index oauthState
| * | | | | | Fix testsMorris Jobke2017-09-061-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
| * | | | | | Fix undefined index oauthStateMorris Jobke2017-09-061-0/+1
| |/ / / / / | | | | | | | | | | | | | | | | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* | | | | | Merge pull request #6384 from nextcloud/failed-storage-testsMorris Jobke2017-09-061-8/+7
|\ \ \ \ \ \ | | | | | | | | | | | | | | adjust tests to new failed storage handling
| * | | | | | adjust tests to new failed storage handlingRobin Appelman2017-09-061-8/+7
| |/ / / / / | | | | | | | | | | | | | | | | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* | | | | | Merge pull request #6364 from nextcloud/fix_login_loopMorris Jobke2017-09-062-2/+5
|\ \ \ \ \ \ | |/ / / / / |/| | | | | Fix login with basic auth
| * | | | | Fix login with basic authRoeland Jago Douma2017-09-052-2/+5
| | |/ / / | |/| | | | | | | | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | | | | Merge pull request #6370 from nextcloud/fix-alternative-loginsMorris Jobke2017-09-062-6/+27
|\ \ \ \ \ | | | | | | | | | | | | Fix layout of alternative login buttons
| * | | | | Fix layout of alternative login buttonsMorris Jobke2017-09-062-6/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * fixes #6367 Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* | | | | | Merge pull request #5415 from nextcloud/search-cache-nodeMorris Jobke2017-09-066-15/+55
|\ \ \ \ \ \ | | | | | | | | | | | | | | cache nodes from search results
| * | | | | | Fix testRobin Appelman2017-08-261-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
| * | | | | | cache nodes from search resultsRobin Appelman2017-08-265-12/+52
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* | | | | | | [tx-robot] updated from transifexNextcloud bot2017-09-0612-0/+48
| |/ / / / / |/| | | | |
* | | | | | Merge pull request #6358 from nextcloud/fix-mixup-of-id-and-nameMorris Jobke2017-09-0513-55/+51
|\ \ \ \ \ \ | | | | | | | | | | | | | | Set the meta data before everything
| * | | | | | Fix testsMorris Jobke2017-09-052-2/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
| * | | | | | Fix unit testsJoas Schilling2017-09-041-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
| * | | | | | Merge setMetaData into constructorJoas Schilling2017-09-0410-41/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This ensures that the meta data is set in the beginning Signed-off-by: Joas Schilling <coding@schilljs.com>
| * | | | | | Set the meta data before everythingJoas Schilling2017-09-041-12/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | | | | | | Merge pull request #5642 from tobru/fix/groupOfUniqueNames_in_WizardMorris Jobke2017-09-051-1/+1
|\ \ \ \ \ \ \ | |_|_|/ / / / |/| | | | | | recognize groupOfUniqueNames as valid LDAP group object
| * | | | | | recognize groupOfUniqueNames as valid LDAP group objectTobias Brunner2017-07-071-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This was already partly done in f88109b but was missed in the fetchGroups function.
* | | | | | | [tx-robot] updated from transifexNextcloud bot2017-09-052-0/+14
| | | | | | |
* | | | | | | Merge pull request #5466 from jlehtoranta/ldap-connectivity-fixesMorris Jobke2017-09-042-26/+132
|\ \ \ \ \ \ \ | | | | | | | | | | | | | | | | LDAP Connectivity Fixes
| * | | | | | | LDAP: Simplify conditions in establishConnectionJarkko Lehtoranta2017-07-231-9/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Jarkko Lehtoranta <devel@jlranta.com>
| * | | | | | | LDAP: Add testStartTlsNegotiationFailure unit testJarkko Lehtoranta2017-07-231-0/+50
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Jarkko Lehtoranta <devel@jlranta.com>
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-14 16:56:03 +0000