summaryrefslogtreecommitdiffstats
path: root/core/Controller
Commit message (Collapse)AuthorAgeFilesLines
* Improve handling of profile pageChristopher Ng2022-08-221-1/+1
| | | | Signed-off-by: Christopher Ng <chrng8@gmail.com>
* Update core/Controller/LostController.phpNoSleep822022-08-211-1/+1
| | | | Co-authored-by: John Molakvoæ <skjnldsv@users.noreply.github.com> Signed-off-by: NoSleep82 <52562874+NoSleep82@users.noreply.github.com>
* Update LostController.phpNoSleep822022-08-191-2/+2
| | | | | i would be useful to know who is trying to reset the password (misspelled username or email, ex user or some sort of attack) Signed-off-by: NoSleep82 <52562874+NoSleep82@users.noreply.github.com>
* Redesign guest pages for better accessibilityCarl Schwan2022-07-271-0/+1
| | | | | | | - Use white box and put content on it - Improve focus indicator Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* Identify the login page explicitly by the page titleChristopher Ng2022-07-201-1/+5
| | | | Signed-off-by: Christopher Ng <chrng8@gmail.com>
* Make LostController use IInitialState and LoggerInterfaceThomas Citharel2022-06-101-15/+15
| | | | Signed-off-by: Thomas Citharel <tcit@tcit.fr>
* Add password reset typed eventsThomas Citharel2022-06-101-1/+10
| | | | | | These hooks are only used in the Encryption app from what I can see. Signed-off-by: Thomas Citharel <tcit@tcit.fr>
* Use Image class from public APIChristopher Ng2022-06-021-3/+3
| | | | Signed-off-by: Christopher Ng <chrng8@gmail.com>
* Update core to PHP 7.4 standardCarl Schwan2022-05-2027-548/+174
| | | | | | | - Typed properties - Port to LoggerInterface Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* Merge pull request #32375 from ↵Joas Schilling2022-05-162-0/+17
|\ | | | | | | | | nextcloud/bugfix/noid/show-user-account-on-grant-loginflow-step Show user account on grant loginflow step
| * Show user account on grant loginflow stepJoas Schilling2022-05-132-0/+17
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | Modernize contacts menuThomas Citharel2022-05-121-16/+7
|/ | | | Signed-off-by: Thomas Citharel <tcit@tcit.fr>
* Remove old legacy SvgController and IconsCacherJohn Molakvoæ2022-05-101-151/+0
| | | | Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
* Expose shareWithDisplayNameUnique also on autocomplete endpointJoas Schilling2022-05-031-0/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Merge pull request #31592 from nextcloud/fix/direct-arg-flow-v2Vincent Petry2022-03-291-11/+6
|\ | | | | Add direct arg to login flow
| * Add direct arg to login flowVincent Petry2022-03-281-11/+6
| | | | | | | | | | Signed-off-by: Vincent Petry <vincent@nextcloud.com> Co-Authored-by: Carl Schwan <carl@carlschwan.eu>
* | Remove old shorteningJoas Schilling2022-03-232-7/+0
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | Limit the length of app password namesJoas Schilling2022-03-232-0/+7
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | Add global profile toggle configChristopher Ng2022-03-181-21/+1
|/ | | | Signed-off-by: Christopher Ng <chrng8@gmail.com>
* Fix caching of the user avatarCarl Schwan2022-02-251-1/+1
| | | | | | | | | | Now on firefox/safari it is only refetched once a day. On Chrom{e,ium} we keep the previous behavior of maybe refetching it more often. This also notify the user about this behavior when they upload an avatar picture. Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* Improve caching policyCarl Schwan2022-02-161-2/+4
| | | | | | | | | | | | | | * Cache css with version in url. This makes most js and css requests to be cached by the browser * Force caching previews, the etag is in the url so that if the propfind gives a new etag, we will refresh it otherwise it's no use to try to fetch the new etag and do tons of DB queries Tested with firefox and 'debug' => false (important so that the js/css urls are generated with ?v= parameter) Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* Only allow avatars in 64 and 512 pixel sizeJoas Schilling2022-02-072-8/+18
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Improve installation pagesChristopher Ng2022-01-141-9/+4
| | | | Signed-off-by: Christopher Ng <chrng8@gmail.com>
* Move bundles to /distJohn Molakvoæ (skjnldsv)2022-01-081-1/+1
| | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* Merge pull request #29531 from nextcloud/bugfix/noid/flow-auth-v2-apptokenJohn Molakvoæ2021-12-301-0/+46
|\
| * Allow using an app token to login with v2 flow authJulius Härtl2021-12-031-0/+46
| | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* | Also pass user on flow v2 landingJulius Härtl2021-12-291-2/+2
| | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* | Pass username prefill through unauthenticated request redirectsJulius Härtl2021-12-292-2/+4
|/ | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Hide user status from publicChristopher Ng2021-11-231-7/+9
| | | | Signed-off-by: Christopher Ng <chrng8@gmail.com>
* Fix errors in AvatarController when data() returns nullCôme Chilliet2021-11-231-2/+3
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Explicitly allow some routes without 2FAChristoph Wurst2021-11-171-0/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Move common logic to share managerJoas Schilling2021-11-091-29/+6
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Respect user enumeration settings on profileChristopher Ng2021-11-051-13/+58
| | | | Signed-off-by: Christopher Ng <chrng8@gmail.com>
* add check isFairUseOfFreePushService on loginVitor Mattos2021-10-231-1/+17
| | | | Signed-off-by: Vitor Mattos <vitor@php.rio>
* Add an OCS endpoint for the hovercard contact actionsJoas Schilling2021-10-201-0/+84
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Profile backendChristopher Ng2021-10-192-0/+229
| | | | Signed-off-by: Christopher Ng <chrng8@gmail.com>
* Merge pull request #27733 from ↵Julius Härtl2021-10-054-11/+15
|\ | | | | | | PhrozenByte/enhancement/noid/IURLGenerator-linkToDefaultPageUrl
| * Remove usage of \OC_Util::getDefaultPageUrl() and ↵Daniel Rudolf2021-08-042-5/+11
| | | | | | | | | | | | \OC_Util::redirectToDefaultPage() Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
| * Merge branch 'master' into enhancement/noid/IURLGenerator-linkToDefaultPageUrlDaniel Rudolf2021-08-041-3/+3
| |\
| * | Deprecate RedirectToDefaultAppResponseDaniel Rudolf2021-07-012-5/+3
| | | | | | | | | | | | Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
| * | Add IUrlGenerator::linkToDefaultPageUrl()Daniel Rudolf2021-06-302-6/+6
| | | | | | | | | | | | | | | | | | Replaces the deprecated \OC_Util::getDefaultPageUrl() and makes this API public. Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
* | | Merge pull request #28794 from ↵Pytal2021-09-141-17/+15
|\ \ \ | | | | | | | | | | | | | | | | nextcloud/fix/noid/guest-activation-pwd-reset-disabled allow using of disabled password reset mechanism for special cases
| * | | allow using of disabled password reset mechanism for special casesArthur Schiwon2021-09-101-17/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - LostController has three endpoints - door opener email() still rejects - resetform(), reachable from mail, checks the token first and may report that password reset is disabled - setPassword() got its check removed as it is behind CSFR anyway and still requires a valid token - this allows special cases like activating a freshly created guest account Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | | | fixes missing prefix to validate password reset tokenArthur Schiwon2021-09-101-1/+2
|/ / / | | | | | | | | | | | | | | | - also fixes the test which missed asserting the presence of it Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | | add a job to clean up expired verification tokensArthur Schiwon2021-09-091-1/+1
| | | | | | | | | | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | | move verification token logic out of lost password controllerArthur Schiwon2021-09-091-82/+30
| | | | | | | | | | | | | | | | | | | | | - to make it reusable - needed for local email verification Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | | Fix codestyleLukas Reschke2021-09-061-1/+1
| | | | | | | | | | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* | | Check if SVG path is validLukas Reschke2021-09-061-0/+5
| | | | | | | | | | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* | | Merge pull request #27294 from pjft/patch-2Christoph Wurst2021-08-191-1/+10
|\ \ \ | | | | | | | | Update TwoFactorChallengeController.php
| * | | Add logging to 2FA failurepjft2021-06-211-1/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For security reasons, we may want to monitor failures of 2FA challenges in order to ban attackers who might try to access compromised accounts but are stopped by the 2FA challenge. Right now, the only hindrance is rate-limiting, but it's probably not enough. Added dependency injection. Signed-off-by: pjft <paulo.j.tavares@gmail.com>
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-28 19:45:08 +0000