summaryrefslogtreecommitdiffstats
path: root/core/Controller
Commit message (Collapse)AuthorAgeFilesLines
* Check getRedirectUri() for queriesRussellAult2019-11-131-3/+11
| | | | | | | | Resolves Issue #17885 Check getRedirectUri() for queries, and add a '&' instead of a '?' to $redirectUri if it already has them; otherwise, $redirectUri might end up with two '?'. Signed-off-by: RussellAult <russellault@users.noreply.github.com>
* Harden middleware checkRoeland Jago Douma2019-10-251-0/+3
| | | | | | | These annotations will allow for extra checks. And thus make it harder to break things. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* fix oauth client redirectSergej Nikolaev2019-10-041-2/+10
| | | | Signed-off-by: Sergej Nikolaev <kinolaev@gmail.com>
* Allow rotation of apppasswordsRoeland Jago Douma2019-08-271-0/+24
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Stop if there is no encrypted tokenDaniel Kesselberg2019-08-181-1/+5
| | | | | | Fix Argument 1 passed to OC\Security\Crypto::decrypt() must be of the type string, null given Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Fix login flow form actionsRoeland Jago Douma2019-08-111-2/+14
| | | | | | | | So fun fact. Chrome considers a redirect after submitting a form part of the form actions. Since we redirect to a new protocol (nc://login/). Causing the form submission to work but the redirect failing hard. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Merge pull request #16544 from nextcloud/bugfix/16540Roeland Jago Douma2019-07-311-5/+12
|\ | | | | Add missing password reset page to vue
| * Move actual password reset to vueJulius Härtl2019-07-311-5/+12
| | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* | Merge pull request #16563 from nextcloud/enh/lostcontroller/better_exceptionsMorris Jobke2019-07-291-18/+13
|\ \ | | | | | | Use proper exception in lostController
| * | Use proper exception in lostControllerRoeland Jago Douma2019-07-271-18/+13
| |/ | | | | | | | | | | | | | | | | | | There is no need to log the expcetion of most of the stuff here. We should properly log them but an exception is excessive. This moves it to a proper exception which we can catch and then log. The other exceptions will still be fully logged. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* / Update PreviewControllerRoeland Jago Douma2019-07-261-6/+1
|/ | | | | | | | | | | | | The constructor is called with the userId. However if a user is not logged in this is null. Which means that we get an exception instead of this being handled gracefully in the middleware. There are cleaner solutions. But this is the solution that is the easiest to apply without lots of work and risk of breaking things (handling the logged in middleware before initializing the controller etc). Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Merge pull request #16308 from nextcloud/fix/undefined-offset-0Morris Jobke2019-07-101-3/+6
|\ | | | | Prevent undefined offset 0 in findByUserIdOrMail
| * Return first value from $usersDaniel Kesselberg2019-07-091-3/+6
| | | | | | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* | Don't send executionContexts for Clear-Site-DataDaniel Kesselberg2019-07-091-1/+1
|/ | | | | | | | | | There are plans to remove executionContexts from the spec: https://github.com/w3c/webappsec-clear-site-data/issues/59 Firefox already removed it https://bugzilla.mozilla.org/show_bug.cgi?id=1548034 Chromium implementation is not finish: https://bugs.chromium.org/p/chromium/issues/detail?id=898503&q=clear-site-data&sort=-modified&colspec=ID%20Pri%20M%20Stars%20ReleaseBlock%20Component%20Status%20Owner%20Summary%20OS%20Modified Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Fall back to black for non-color valuesJoas Schilling2019-06-201-0/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Add extendedSupport to SubscriptionJulius Härtl2019-06-171-0/+1
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Vueify the login pageChristoph Wurst2019-05-291-54/+71
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Remote wipe supportRoeland Jago Douma2019-05-201-0/+98
| | | | | | | | This allows a user to mark a token for remote wipe. Clients that support this can then wipe the device properly. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Merge pull request #15304 from nextcloud/enh/2fa_setup_at_loginRoeland Jago Douma2019-05-171-0/+67
|\ | | | | 2FA setup during login
| * Allow 2FA to be setup on first loginRoeland Jago Douma2019-05-171-0/+67
| | | | | | | | | | | | | | | | | | Once 2FA is enforced for a user and they have no 2FA setup yet this will now prompt them with a setup screen. Given that providers are enabled that allow setup then. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Allow clients to delete their own apptokenRoeland Jago Douma2019-05-171-0/+23
|/ | | | | | Fixes #15480 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add a login chain to reduce the complexity of LoginController::tryLoginChristoph Wurst2019-05-071-126/+37
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Block install without CAN_INSTALL fileRoeland Jago Douma2019-04-111-0/+16
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Make the endpoint more robust against faulty resource providersJoas Schilling2019-03-281-13/+59
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Return 200 instead of 404 when asking for collections of a resourceJoas Schilling2019-03-191-1/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Use rich objects instead of name, link and iconJoas Schilling2019-03-191-7/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Replace the icon-class with an absolute link to an imageJoas Schilling2019-03-191-1/+1
| | | | | | Otherwise the icon can not be displayed in mobile apps Signed-off-by: Joas Schilling <coding@schilljs.com>
* Also check the access to collections on preparingJoas Schilling2019-03-011-0/+4
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Further work on the access cacheJoas Schilling2019-03-011-17/+11
| | | | | | Searching for all is still a problem Signed-off-by: Joas Schilling <coding@schilljs.com>
* Fix doc blocksJoas Schilling2019-03-011-3/+3
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Implement search and rename in backendJulius Härtl2019-03-011-1/+43
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Implement frontend for search/renameJulius Härtl2019-03-011-1/+1
| | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net> Move to vuex Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Add iconClass to resourcesJulius Härtl2019-03-011-2/+3
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Make sure we query the node before fetching the nameJulius Härtl2019-03-011-0/+4
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Adjust parameter names on createCollectionOnResourceJulius Härtl2019-03-011-2/+2
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Make names mandatoryJoas Schilling2019-03-011-8/+9
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Allow to create collectionsJoas Schilling2019-03-011-1/+33
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Provider functionalityJoas Schilling2019-03-011-5/+16
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Add a controller with the most important methodsJoas Schilling2019-03-011-0/+163
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Add an event to the Autocomplete Controller to allow to filter the resultsJoas Schilling2019-02-261-5/+24
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Fix typo in info log for autoconfigMorris Jobke2019-02-251-1/+1
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Login flow V2Roeland Jago Douma2019-02-251-0/+299
| | | | | | | | This adds the new login flow. The desktop client will open up a browser and poll a returned endpoint at regular intervals to check if the flow is done. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Emit event if app password createdDaniel Kesselberg2019-02-182-56/+18
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Publish activity for app token created by client login flowDaniel Kesselberg2019-02-171-1/+30
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Publish activity for app token created by ocs apiDaniel Kesselberg2019-02-171-2/+31
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Merge pull request #13969 from ↵Morris Jobke2019-02-072-13/+13
|\ | | | | | | | | nextcloud/enh/additional_scripts_no_on_public_pages No need to emit additonalscript event on public pages
| * Add StandaloneTemplateResponseRoeland Jago Douma2019-02-062-13/+13
| | | | | | | | | | | | | | This can be used by pages that do not have the full Nextcloud UI. So notifications etc do not load there. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Implement guest avatar endpointMichael Weimann2019-02-072-1/+107
| | | | | | | | Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
* | Do not do redirect handling when loggin outRoeland Jago Douma2019-02-061-1/+3
|/ | | | | | | | | | | | | Fixes #12568 Since the clearing of the execution context causes another reload. We should not do the redirect_uri handling as this results in redirecting back to the logout page on login. This adds a simple middleware that will just check if the ClearExecutionContext session variable is set. If that is the case it will just redirect back to the login page. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Merge pull request #13869 from ↵Roeland Jago Douma2019-01-291-2/+8
|\ | | | | | | | | nextcloud/enh/clean_pending_2fa_session_on_password_change Clean pending 2FA authentication on password reset
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-26 16:33:58 +0000