aboutsummaryrefslogtreecommitdiffstats
path: root/core/Controller
Commit message (Collapse)AuthorAgeFilesLines
* fix(oauth2): retain support for legacy ownCloud clientsfix/oauth2/retain-legacy-oc-client-supportRichard Steinmetz2025-04-011-1/+19
| | | | Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
* feat(core): add setup cypress testsskjnldsv2025-03-131-2/+0
| | | | Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
* feat(core): migrate setup to vueskjnldsv2025-03-131-1/+17
| | | | Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
* fix: Deprecate OC_Template, add proper template manager insteadCôme Chilliet2025-03-061-4/+6
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* feat: Close sessions created for login flow v2artonge/fix/login_flow_v2_sessions_2Louis Chemineau2025-02-261-0/+2
| | | | | | | | Sessions created during the login flow v2 should be short lived to not leave an unexpected opened session in the browser. This commit add a property to the session object to track its origin, and will close it as soon as possible, i.e., on the first non public page request. Signed-off-by: Louis Chemineau <louis@chmn.me>
* fix: Fix psalm taint false-positives by small refactoringsfix/fix-psalm-taint-errors-2Côme Chilliet2025-02-171-0/+3
| | | | | | | Mostly make it clear that we trust admin input or that we correctly escape strings. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* feat(files): add mime icon endpointskjnldsv2025-01-221-0/+22
| | | | Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
* feat: Two Factor APIfeat/issue-994-two-factor-apiSebastianKrupinski2025-01-161-0/+99
| | | | Signed-off-by: SebastianKrupinski <krupinskis05@gmail.com>
* fix(taskprocessing): /tasktypes endpoint was broken by #49015Julien Veyssier2025-01-091-20/+60
| | | | Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
* fix: Remove skip of grant page, only skip first stepCôme Chilliet2025-01-071-6/+0
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* feat(oauth2): Skip page before login as well for authorized applicationsCôme Chilliet2025-01-071-1/+1
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* feat(oauth): Allow to skip the grant step for selected applicationsCôme Chilliet2025-01-071-7/+14
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* refactor(OpenAPI): Adjust scopes to match previous behaviorprovokateurin2025-01-069-0/+20
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* Merge pull request #49560 from nextcloud/fix/login-originStephan Orbaugh2024-12-201-8/+27
|\ | | | | feat(login): add origin check at login
| * feat(login): add origin check at loginBenjamin Gaussorgues2024-12-051-8/+27
| | | | | | | | Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
* | fix(ReferenceApiController): Bump rate limit for public resolve endpointfix/resolve_public_rate_limitJonas2024-12-161-1/+1
|/ | | | | | | | | E.g. text documents might contain hundreds of links whose previews need to get loaded. Fixes: nextcloud/collectives#1607 Signed-off-by: Jonas <jonas@freesources.org>
* feat(ocm): signing ocm requestsMaxence Lange2024-12-041-6/+6
| | | | | Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
* fix(TaskProcessing): Set up fs in getFileContentsInternalfix/taskprocessing-api-get-file-contentsMarcel Klehr2024-11-261-0/+3
| | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
* chore(profile): move profile app from core to appsskjnldsv2024-11-141-115/+0
| | | | Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
* Merge pull request #46222 from ↵John Molakvoæ2024-11-061-3/+3
|\ | | | | | | nextcloud/fix/task-processing-api-controller/dont-use-plus
| * fix(TaskProcessingApiController): Don't use + to merge non-assoc. arraysfix/task-processing-api-controller/dont-use-plusMarcel Klehr2024-07-011-3/+3
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
* | fix(OpenAPI): Adjust array syntax to avoid ambiguitiesfix/openapi/array-syntaxprovokateurin2024-11-0521-80/+76
| | | | | | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* | fix: Adjust preview for view-only sharesfix/view-only-previewFerdinand Thiessen2024-10-281-4/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Previously there was a different behavior for public shares (link-shares) and internal shares, if the user disabled the view permission. The legacy UI for public shares simply "disabled" the context menu and hided all download actions. With Nextcloud 31 all share types use the consistent permissions attributes, which simplifies code, but caused a regression: Images can no longer been viewed. Because on 30 and before the attribute was not set, previews for view-only files were still allowed. Now with 31 we need a new way to allow "viewing" shares. So this is allowing previews for those files, but only for internal usage. This is done by settin a special header, which only works with custom requests, and not by opening the URL directly. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* | chore(deps): Bump nextcloud/coding-standard in /vendor-bin/cs-fixerdependabot/composer/vendor-bin/cs-fixer/nextcloud/coding-standard-1.3.2dependabot[bot]2024-10-192-12/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 1.3.1 to 1.3.2. - [Release notes](https://github.com/nextcloud/coding-standard/releases) - [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md) - [Commits](https://github.com/nextcloud/coding-standard/compare/v1.3.1...v1.3.2) --- updated-dependencies: - dependency-name: nextcloud/coding-standard dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: provokateurin <kate@provokateurin.de>
* | chore(legacy): Introduce public version ct plass and drop version methods ↵clean/version-ocpJulius Knorr2024-09-203-6/+12
| | | | | | | | | | | | from OC_Util Signed-off-by: Julius Knorr <jus@bitgrid.net>
* | chore(deps): Update nextcloud/coding-standard to v1.3.1provokateurin2024-09-198-13/+13
| | | | | | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* | chore: adjust code to adhere to coding standardAnna Larch2024-09-052-2/+2
| | | | | | | | Signed-off-by: Anna Larch <anna@nextcloud.com>
* | style: update codestyle for coding-standard 1.2.3Daniel Kesselberg2024-08-2510-32/+32
| | | | | | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* | fix(core): Limit valid avatar sizesprovokateurin2024-08-142-9/+8
| | | | | | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* | fix: Add direct parameter to flow auth v2Julius Härtl2024-08-051-4/+6
| | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* | chore: Remove deprecated legacy search backendJulius Härtl2024-08-011-46/+0
| | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* | refactor(core): Make all attribute arguments namedprovokateurin2024-07-277-15/+15
| | | | | | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* | refactor(core): Replace security annotations with respective attributesprovokateurin2024-07-2636-256/+219
| | | | | | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* | Merge pull request #46761 from nextcloud/fix/core/document-csrf-token-endpointKate2024-07-261-2/+7
|\ \
| * | fix(core): Document CSRF token endpointprovokateurin2024-07-251-2/+7
| | | | | | | | | | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* | | Merge pull request #46672 from nextcloud/fix/preview-invalid-idAndy Scherzinger2024-07-251-0/+4
|\ \ \ | |/ / |/| | Avoid using partial file info as valid one
| * | fix: Ignore preview requests for invalid file idsJulius Härtl2024-07-221-0/+4
| | | | | | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* | | fix(taskprocessing): run cs:fixJulien Veyssier2024-07-251-14/+13
| | | | | | | | | | | | Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
* | | feat(TaskProcessing): Implement enums and default valuesMarcel Klehr2024-07-251-19/+29
|/ / | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
* | feat(taskprocessing): add support for webhooks (http or AppAPI) in the task ↵Julien Veyssier2024-07-221-2/+8
| | | | | | | | | | | | processing API Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
* | refactor: Migrate some legacy and core functions to `IFilenameValidator`Ferdinand Thiessen2024-07-191-2/+1
| | | | | | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* | Merge pull request #46368 from nextcloud/fix/task-processingMarcel Klehr2024-07-191-2/+55
|\ \ | | | | | | TaskProcessing follow-up
| * | fix(TaskProcessing): Update openapi specsMarcel Klehr2024-07-171-1/+7
| | | | | | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * | fix(TaskProcessingApiController): Address review commentsMarcel Klehr2024-07-171-5/+5
| | | | | | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * | fix: psalm errorsMarcel Klehr2024-07-171-3/+3
| | | | | | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * | feat(TaskProcessing): Allow setting task results for file slotsMarcel Klehr2024-07-171-2/+49
| | | | | | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
* | | fix(ReferenceApiController): Remove accidently added AnonRateLimitJonas2024-07-171-1/+0
| | | | | | | | | | | | Signed-off-by: Jonas <jonas@freesources.org>
* | | feat(Reference): Add public API endpoints to get referencesJonas2024-07-171-0/+89
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Calling the public API endpoints will check for matching registered reference providers that implement `IPublicReferenceProvider` and call their respective functions. If no matching provider is found, the default `LinkReferenceProvider` will be used to provide open graph data. The frontend reference widget components will call these endpoints from unauthorized sessions, e.g. in public shares. If present, the sharing token of the origin URL is passed to `resolveReferencePublic()` as additional information for the reference provider to determine the access scope. This allows the respective reference providers to determine whether the origin share has access to the linked resource. `getCacheKeyPublic` also gets the sharing token so it can scope the cached entry to it. Contributes to #45978 Signed-off-by: Jonas <jonas@freesources.org>
* | fix(core): use OC namespace for core ReponseDefinitions instead of OCAJulien CHATY-CAPELLE2024-07-1511-11/+11
| | | | | | | | Signed-off-by: Julien CHATY-CAPELLE <julien@chaty-capelle.fr>
* | feat: Add new forbidden filename options to CapabilitiesFerdinand Thiessen2024-07-111-1/+4
| | | | | | | | | | | | | | | | | | Allow clients to access the new filename validation options and make frontend name validation possible. Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de> Co-authored-by: Kate <26026535+provokateurin@users.noreply.github.com> Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-30 02:25:38 +0000