aboutsummaryrefslogtreecommitdiffstats
path: root/core/Controller
Commit message (Collapse)AuthorAgeFilesLines
...
| * | fix: psalm errorsMarcel Klehr2024-07-171-3/+3
| | | | | | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * | feat(TaskProcessing): Allow setting task results for file slotsMarcel Klehr2024-07-171-2/+49
| | | | | | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
* | | fix(ReferenceApiController): Remove accidently added AnonRateLimitJonas2024-07-171-1/+0
| | | | | | | | | | | | Signed-off-by: Jonas <jonas@freesources.org>
* | | feat(Reference): Add public API endpoints to get referencesJonas2024-07-171-0/+89
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Calling the public API endpoints will check for matching registered reference providers that implement `IPublicReferenceProvider` and call their respective functions. If no matching provider is found, the default `LinkReferenceProvider` will be used to provide open graph data. The frontend reference widget components will call these endpoints from unauthorized sessions, e.g. in public shares. If present, the sharing token of the origin URL is passed to `resolveReferencePublic()` as additional information for the reference provider to determine the access scope. This allows the respective reference providers to determine whether the origin share has access to the linked resource. `getCacheKeyPublic` also gets the sharing token so it can scope the cached entry to it. Contributes to #45978 Signed-off-by: Jonas <jonas@freesources.org>
* | fix(core): use OC namespace for core ReponseDefinitions instead of OCAJulien CHATY-CAPELLE2024-07-1511-11/+11
| | | | | | | | Signed-off-by: Julien CHATY-CAPELLE <julien@chaty-capelle.fr>
* | feat: Add new forbidden filename options to CapabilitiesFerdinand Thiessen2024-07-111-1/+4
| | | | | | | | | | | | | | | | | | Allow clients to access the new filename validation options and make frontend name validation possible. Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de> Co-authored-by: Kate <26026535+provokateurin@users.noreply.github.com> Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* | feat: don't count failed CSRF as failed login attemptBenjamin Gaussorgues2024-07-111-4/+12
| | | | | | | | Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
* | feat(TaskProcessingApi): Add endpoint for getting the next taskprovokateurin2024-07-011-46/+137
|/ | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* Merge pull request #45811 from nextcloud/add-test-for-profile-page-controllerDaniel2024-06-121-2/+11
|\ | | | | test: add tests for ProfilePageController
| * test: add tests for ProfilePageControllerDaniel Kesselberg2024-06-121-2/+11
| | | | | | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* | fix(core): Return X-NC-IsCustomAvatar for guest avatars tooprovokateurin2024-06-122-5/+7
| | | | | | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* | fix(files_sharing): dark avatar supportskjnldsv2024-06-121-5/+5
| | | | | | | | Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
* | fix(core): allow guest avatar fallbackskjnldsv2024-06-121-2/+12
|/ | | | Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
* Merge pull request #43942 from nextcloud/fix/43612/avoid-pwd-confirm-ssoArthur Schiwon2024-06-071-1/+4
|\ | | | | fix(Session): avoid password confirmation on SSO
| * fix(Session): avoid password confirmation on SSOArthur Schiwon2024-06-051-1/+4
| | | | | | | | | | | | | | | | | | | | | | SSO backends like SAML and OIDC tried a trick to suppress password confirmations as they are not possible by design. At least for SAML it was not reliable when existing user backends where used as user repositories. Now we are setting a special scope with the token, and also make sure that the scope is taken over when tokens are regenerated. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | fix(core): unsupported browser redirect urlJohn Molakvoæ (skjnldsv)2024-06-011-1/+3
|/ | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* chore: Add SPDX headerAndy Scherzinger2024-05-2741-896/+93
| | | | Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
* Merge pull request #45354 from ↵Kate2024-05-161-29/+20
|\ | | | | | | nextcloud/docs/taskprocessingapi/cleanup-endpoint-descriptions
| * fix(TaskProcessingApi): Cleanup error handlingprovokateurin2024-05-161-10/+2
| | | | | | | | Signed-off-by: provokateurin <kate@provokateurin.de>
| * docs(TaskProcessingApi): Set correct status code messagesprovokateurin2024-05-161-6/+6
| | | | | | | | Signed-off-by: provokateurin <kate@provokateurin.de>
| * docs(TaskProcessingApi): Cleanup endpoint descriptionsprovokateurin2024-05-161-13/+12
| | | | | | | | Signed-off-by: provokateurin <kate@provokateurin.de>
| * docs(TaskProcessingApi): Fix result endpoint descriptionprovokateurin2024-05-161-1/+1
| | | | | | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* | Merge pull request #45317 from ↵Joas Schilling2024-05-161-2/+5
|\ \ | |/ |/| | | | | nextcloud/bugfix/noid/limit-maximum-number-of-search-results fix(search): Limit maximum number of search results
| * fix(search): Limit maximum number of search resultsJoas Schilling2024-05-151-2/+5
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | Merge pull request #45094 from nextcloud/enh/taskprocessing-apiMarcel Klehr2024-05-151-0/+430
|\ \ | |/ |/| feat: TaskProcessing API
| * fix(OCS-API): Add endpoint to list user tasksMarcel Klehr2024-05-141-3/+33
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * fix(OCS-API): No csrf required for /tasks/taskId/file/fileIdMarcel Klehr2024-05-141-0/+1
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * fix(ocs): change /tasktypes response to combine optional and non-optional IO ↵Marcel Klehr2024-05-141-4/+8
| | | | | | | | | | | | slots Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * feat: Add cancel endpoint to OCS APIMarcel Klehr2024-05-141-0/+32
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * fix: update openai specsMarcel Klehr2024-05-141-1/+1
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * refactor: identifier is now customId/custom_idMarcel Klehr2024-05-141-2/+2
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * fix: address review commentsMarcel Klehr2024-05-141-5/+7
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * fix: address review commentsMarcel Klehr2024-05-141-8/+12
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * fix: Update autoloadersMarcel Klehr2024-05-141-0/+1
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * fix: Run cs:fixMarcel Klehr2024-05-141-1/+0
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * fix: psalm issuesMarcel Klehr2024-05-141-1/+1
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * fix: Check if user is authorized to use the files they mentionedMarcel Klehr2024-05-141-3/+14
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * refactor: rename getTaskType to getTaskTypeIdMarcel Klehr2024-05-141-2/+2
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * feat: Add ExApp endpointsMarcel Klehr2024-05-141-5/+71
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * fix: Fix psalm issuesMarcel Klehr2024-05-141-16/+15
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * chore: Regenerate openapi.jsonMarcel Klehr2024-05-141-5/+5
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * chore: Run cs:fixMarcel Klehr2024-05-141-3/+0
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * feat: Add getFileContents endpoint to TaskProcessing OCS APIMarcel Klehr2024-05-141-8/+78
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * feat: TaskProcessing OCS APIMarcel Klehr2024-05-141-0/+214
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
* | docs(preview): Improve API parameter descriptionsprovokateurin2024-05-131-8/+8
|/ | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* fix(auth): Keep redirect URL during 2FA setup and challengeChristoph Wurst2024-04-191-3/+6
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* fix: Apply new coding standard to all filesCôme Chilliet2024-04-021-2/+2
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* feat(login): Clear login form (password) after IDLE timeoutFerdinand Thiessen2024-03-251-24/+17
| | | | | | | | | For security reasons it is recommended to stop the login process at a defined time, this could prevent password leaks by e.g. user forgetting that they entered their password on public devices. Enforced e.g. by the BSI ORP.4.A13 rule. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* feat: Limit email input on auth pages to 255 charsfenn-cs2024-03-212-1/+16
| | | | | | | | | Excessively long emails reported make server unresponsive. We could at some point, consider adding a configuration for sysadmins to bypass this setting on their instance if they want. Signed-off-by: fenn-cs <fenn25.fn@gmail.com>
* feat: added login's initial possible email-statesEduardo Morales2024-03-101-0/+31
| | | | Signed-off-by: Eduardo Morales <emoral435@gmail.com>
generated by cgit v1.2.3 (git 2.39.1) at 2025-06-14 06:23:23 +0000