aboutsummaryrefslogtreecommitdiffstats
path: root/core/Controller
Commit message (Collapse)AuthorAgeFilesLines
* fix(OpenAPI): Adjust array syntax to avoid ambiguitiesfix/openapi/array-syntaxprovokateurin2024-11-0521-80/+76
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* fix: Adjust preview for view-only sharesfix/view-only-previewFerdinand Thiessen2024-10-281-4/+9
| | | | | | | | | | | | | | | | | Previously there was a different behavior for public shares (link-shares) and internal shares, if the user disabled the view permission. The legacy UI for public shares simply "disabled" the context menu and hided all download actions. With Nextcloud 31 all share types use the consistent permissions attributes, which simplifies code, but caused a regression: Images can no longer been viewed. Because on 30 and before the attribute was not set, previews for view-only files were still allowed. Now with 31 we need a new way to allow "viewing" shares. So this is allowing previews for those files, but only for internal usage. This is done by settin a special header, which only works with custom requests, and not by opening the URL directly. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* chore(deps): Bump nextcloud/coding-standard in /vendor-bin/cs-fixerdependabot/composer/vendor-bin/cs-fixer/nextcloud/coding-standard-1.3.2dependabot[bot]2024-10-192-12/+12
| | | | | | | | | | | | | | | | | Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 1.3.1 to 1.3.2. - [Release notes](https://github.com/nextcloud/coding-standard/releases) - [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md) - [Commits](https://github.com/nextcloud/coding-standard/compare/v1.3.1...v1.3.2) --- updated-dependencies: - dependency-name: nextcloud/coding-standard dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: provokateurin <kate@provokateurin.de>
* chore(legacy): Introduce public version ct plass and drop version methods ↵clean/version-ocpJulius Knorr2024-09-203-6/+12
| | | | | | from OC_Util Signed-off-by: Julius Knorr <jus@bitgrid.net>
* chore(deps): Update nextcloud/coding-standard to v1.3.1provokateurin2024-09-198-13/+13
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* chore: adjust code to adhere to coding standardAnna Larch2024-09-052-2/+2
| | | | Signed-off-by: Anna Larch <anna@nextcloud.com>
* style: update codestyle for coding-standard 1.2.3Daniel Kesselberg2024-08-2510-32/+32
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* fix(core): Limit valid avatar sizesprovokateurin2024-08-142-9/+8
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* fix: Add direct parameter to flow auth v2Julius Härtl2024-08-051-4/+6
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* chore: Remove deprecated legacy search backendJulius Härtl2024-08-011-46/+0
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* refactor(core): Make all attribute arguments namedprovokateurin2024-07-277-15/+15
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* refactor(core): Replace security annotations with respective attributesprovokateurin2024-07-2636-256/+219
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* Merge pull request #46761 from nextcloud/fix/core/document-csrf-token-endpointKate2024-07-261-2/+7
|\
| * fix(core): Document CSRF token endpointprovokateurin2024-07-251-2/+7
| | | | | | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* | Merge pull request #46672 from nextcloud/fix/preview-invalid-idAndy Scherzinger2024-07-251-0/+4
|\ \ | |/ |/| Avoid using partial file info as valid one
| * fix: Ignore preview requests for invalid file idsJulius Härtl2024-07-221-0/+4
| | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* | fix(taskprocessing): run cs:fixJulien Veyssier2024-07-251-14/+13
| | | | | | | | Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
* | feat(TaskProcessing): Implement enums and default valuesMarcel Klehr2024-07-251-19/+29
|/ | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
* feat(taskprocessing): add support for webhooks (http or AppAPI) in the task ↵Julien Veyssier2024-07-221-2/+8
| | | | | | processing API Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
* refactor: Migrate some legacy and core functions to `IFilenameValidator`Ferdinand Thiessen2024-07-191-2/+1
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* Merge pull request #46368 from nextcloud/fix/task-processingMarcel Klehr2024-07-191-2/+55
|\ | | | | TaskProcessing follow-up
| * fix(TaskProcessing): Update openapi specsMarcel Klehr2024-07-171-1/+7
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * fix(TaskProcessingApiController): Address review commentsMarcel Klehr2024-07-171-5/+5
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * fix: psalm errorsMarcel Klehr2024-07-171-3/+3
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * feat(TaskProcessing): Allow setting task results for file slotsMarcel Klehr2024-07-171-2/+49
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
* | fix(ReferenceApiController): Remove accidently added AnonRateLimitJonas2024-07-171-1/+0
| | | | | | | | Signed-off-by: Jonas <jonas@freesources.org>
* | feat(Reference): Add public API endpoints to get referencesJonas2024-07-171-0/+89
|/ | | | | | | | | | | | | | | | | | | | | | | Calling the public API endpoints will check for matching registered reference providers that implement `IPublicReferenceProvider` and call their respective functions. If no matching provider is found, the default `LinkReferenceProvider` will be used to provide open graph data. The frontend reference widget components will call these endpoints from unauthorized sessions, e.g. in public shares. If present, the sharing token of the origin URL is passed to `resolveReferencePublic()` as additional information for the reference provider to determine the access scope. This allows the respective reference providers to determine whether the origin share has access to the linked resource. `getCacheKeyPublic` also gets the sharing token so it can scope the cached entry to it. Contributes to #45978 Signed-off-by: Jonas <jonas@freesources.org>
* fix(core): use OC namespace for core ReponseDefinitions instead of OCAJulien CHATY-CAPELLE2024-07-1511-11/+11
| | | | Signed-off-by: Julien CHATY-CAPELLE <julien@chaty-capelle.fr>
* feat: Add new forbidden filename options to CapabilitiesFerdinand Thiessen2024-07-111-1/+4
| | | | | | | | | Allow clients to access the new filename validation options and make frontend name validation possible. Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de> Co-authored-by: Kate <26026535+provokateurin@users.noreply.github.com> Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* feat: don't count failed CSRF as failed login attemptBenjamin Gaussorgues2024-07-111-4/+12
| | | | Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
* feat(TaskProcessingApi): Add endpoint for getting the next taskprovokateurin2024-07-011-46/+137
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* Merge pull request #45811 from nextcloud/add-test-for-profile-page-controllerDaniel2024-06-121-2/+11
|\ | | | | test: add tests for ProfilePageController
| * test: add tests for ProfilePageControllerDaniel Kesselberg2024-06-121-2/+11
| | | | | | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* | fix(core): Return X-NC-IsCustomAvatar for guest avatars tooprovokateurin2024-06-122-5/+7
| | | | | | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* | fix(files_sharing): dark avatar supportskjnldsv2024-06-121-5/+5
| | | | | | | | Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
* | fix(core): allow guest avatar fallbackskjnldsv2024-06-121-2/+12
|/ | | | Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
* Merge pull request #43942 from nextcloud/fix/43612/avoid-pwd-confirm-ssoArthur Schiwon2024-06-071-1/+4
|\ | | | | fix(Session): avoid password confirmation on SSO
| * fix(Session): avoid password confirmation on SSOArthur Schiwon2024-06-051-1/+4
| | | | | | | | | | | | | | | | | | | | | | SSO backends like SAML and OIDC tried a trick to suppress password confirmations as they are not possible by design. At least for SAML it was not reliable when existing user backends where used as user repositories. Now we are setting a special scope with the token, and also make sure that the scope is taken over when tokens are regenerated. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | fix(core): unsupported browser redirect urlJohn Molakvoæ (skjnldsv)2024-06-011-1/+3
|/ | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* chore: Add SPDX headerAndy Scherzinger2024-05-2741-896/+93
| | | | Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
* Merge pull request #45354 from ↵Kate2024-05-161-29/+20
|\ | | | | | | nextcloud/docs/taskprocessingapi/cleanup-endpoint-descriptions
| * fix(TaskProcessingApi): Cleanup error handlingprovokateurin2024-05-161-10/+2
| | | | | | | | Signed-off-by: provokateurin <kate@provokateurin.de>
| * docs(TaskProcessingApi): Set correct status code messagesprovokateurin2024-05-161-6/+6
| | | | | | | | Signed-off-by: provokateurin <kate@provokateurin.de>
| * docs(TaskProcessingApi): Cleanup endpoint descriptionsprovokateurin2024-05-161-13/+12
| | | | | | | | Signed-off-by: provokateurin <kate@provokateurin.de>
| * docs(TaskProcessingApi): Fix result endpoint descriptionprovokateurin2024-05-161-1/+1
| | | | | | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* | Merge pull request #45317 from ↵Joas Schilling2024-05-161-2/+5
|\ \ | |/ |/| | | | | nextcloud/bugfix/noid/limit-maximum-number-of-search-results fix(search): Limit maximum number of search results
| * fix(search): Limit maximum number of search resultsJoas Schilling2024-05-151-2/+5
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | Merge pull request #45094 from nextcloud/enh/taskprocessing-apiMarcel Klehr2024-05-151-0/+430
|\ \ | |/ |/| feat: TaskProcessing API
| * fix(OCS-API): Add endpoint to list user tasksMarcel Klehr2024-05-141-3/+33
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * fix(OCS-API): No csrf required for /tasks/taskId/file/fileIdMarcel Klehr2024-05-141-0/+1
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-30 09:49:20 +0000