summaryrefslogtreecommitdiffstats
path: root/core/Controller
Commit message (Collapse)AuthorAgeFilesLines
* Move bundles to /distJohn Molakvoæ (skjnldsv)2022-01-081-1/+1
| | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* Merge pull request #29531 from nextcloud/bugfix/noid/flow-auth-v2-apptokenJohn Molakvoæ2021-12-301-0/+46
|\
| * Allow using an app token to login with v2 flow authJulius Härtl2021-12-031-0/+46
| | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* | Also pass user on flow v2 landingJulius Härtl2021-12-291-2/+2
| | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* | Pass username prefill through unauthenticated request redirectsJulius Härtl2021-12-292-2/+4
|/ | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Hide user status from publicChristopher Ng2021-11-231-7/+9
| | | | Signed-off-by: Christopher Ng <chrng8@gmail.com>
* Fix errors in AvatarController when data() returns nullCôme Chilliet2021-11-231-2/+3
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Explicitly allow some routes without 2FAChristoph Wurst2021-11-171-0/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Move common logic to share managerJoas Schilling2021-11-091-29/+6
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Respect user enumeration settings on profileChristopher Ng2021-11-051-13/+58
| | | | Signed-off-by: Christopher Ng <chrng8@gmail.com>
* add check isFairUseOfFreePushService on loginVitor Mattos2021-10-231-1/+17
| | | | Signed-off-by: Vitor Mattos <vitor@php.rio>
* Add an OCS endpoint for the hovercard contact actionsJoas Schilling2021-10-201-0/+84
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Profile backendChristopher Ng2021-10-192-0/+229
| | | | Signed-off-by: Christopher Ng <chrng8@gmail.com>
* Merge pull request #27733 from ↵Julius Härtl2021-10-054-11/+15
|\ | | | | | | PhrozenByte/enhancement/noid/IURLGenerator-linkToDefaultPageUrl
| * Remove usage of \OC_Util::getDefaultPageUrl() and ↵Daniel Rudolf2021-08-042-5/+11
| | | | | | | | | | | | \OC_Util::redirectToDefaultPage() Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
| * Merge branch 'master' into enhancement/noid/IURLGenerator-linkToDefaultPageUrlDaniel Rudolf2021-08-041-3/+3
| |\
| * | Deprecate RedirectToDefaultAppResponseDaniel Rudolf2021-07-012-5/+3
| | | | | | | | | | | | Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
| * | Add IUrlGenerator::linkToDefaultPageUrl()Daniel Rudolf2021-06-302-6/+6
| | | | | | | | | | | | | | | | | | Replaces the deprecated \OC_Util::getDefaultPageUrl() and makes this API public. Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
* | | Merge pull request #28794 from ↵Pytal2021-09-141-17/+15
|\ \ \ | | | | | | | | | | | | | | | | nextcloud/fix/noid/guest-activation-pwd-reset-disabled allow using of disabled password reset mechanism for special cases
| * | | allow using of disabled password reset mechanism for special casesArthur Schiwon2021-09-101-17/+15
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - LostController has three endpoints - door opener email() still rejects - resetform(), reachable from mail, checks the token first and may report that password reset is disabled - setPassword() got its check removed as it is behind CSFR anyway and still requires a valid token - this allows special cases like activating a freshly created guest account Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | | | fixes missing prefix to validate password reset tokenArthur Schiwon2021-09-101-1/+2
|/ / / | | | | | | | | | | | | | | | - also fixes the test which missed asserting the presence of it Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | | add a job to clean up expired verification tokensArthur Schiwon2021-09-091-1/+1
| | | | | | | | | | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | | move verification token logic out of lost password controllerArthur Schiwon2021-09-091-82/+30
| | | | | | | | | | | | | | | | | | | | | - to make it reusable - needed for local email verification Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | | Fix codestyleLukas Reschke2021-09-061-1/+1
| | | | | | | | | | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* | | Check if SVG path is validLukas Reschke2021-09-061-0/+5
| | | | | | | | | | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* | | Merge pull request #27294 from pjft/patch-2Christoph Wurst2021-08-191-1/+10
|\ \ \ | | | | | | | | Update TwoFactorChallengeController.php
| * | | Add logging to 2FA failurepjft2021-06-211-1/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For security reasons, we may want to monitor failures of 2FA challenges in order to ban attackers who might try to access compromised accounts but are stopped by the 2FA challenge. Right now, the only hindrance is rate-limiting, but it's probably not enough. Added dependency injection. Signed-off-by: pjft <paulo.j.tavares@gmail.com>
* | | | Use IURLGenerator function to get value of `\OC::$WEBROOT` globalJonas Meurer2021-08-161-2/+8
| | | | | | | | | | | | | | | | Signed-off-by: Jonas Meurer <jonas@freesources.org>
* | | | UnifiedSearchController: strip webroot from URL before finding a routeJonas Meurer2021-08-161-1/+9
| |_|/ |/| | | | | | | | | | | | | | | | | | | | This should fix route matching in UnifiedSearchController on setups with Nextcloud in a subfolder (webroot). Fixes: #24144 Signed-off-by: Jonas Meurer <jonas@freesources.org>
* | | Migrate HintException to OCPGary Kim2021-06-301-3/+3
| |/ |/| | | | | Signed-off-by: Gary Kim <gary@garykim.dev>
* | Use product name in places where it is appropriate rather than the instance nameJulius Härtl2021-06-161-1/+1
| | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* | Merge pull request #26494 from rigrig/fix-php8-deprecationsMorris Jobke2021-06-071-2/+2
|\ \ | | | | | | Fix some php 8 warnings
| * | Fix functions taking optional parameters before required onesRichard de Boer2021-05-291-2/+2
| |/ | | | | | | | | | | | | PHP 8 shows deprecation warnings about this, see #25806 Removes the "default" values, as they actually are required parameters anyway. Signed-off-by: Richard de Boer <git@tubul.net>
* / Update php licensesJohn Molakvoæ (skjnldsv)2021-06-0429-62/+34
|/ | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* Handle device login like an alternative loginJoas Schilling2021-04-201-0/+3
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Merge pull request #26401 from nextcloud/enh/handle-avatar-upload-errorsRoeland Jago Douma2021-04-081-1/+13
|\ | | | | Show informative errors on avatar upload error
| * show informative errors in log and UI on avatar upload error in user settingsJulien Veyssier2021-04-011-1/+13
| | | | | | | | Signed-off-by: Julien Veyssier <eneiluj@posteo.net>
* | remove leftover debug @NoCSRFRequired introduced with #26198Robin Appelman2021-04-011-1/+0
|/ | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* use node search api for legacy file search endpointRobin Appelman2021-03-191-0/+1
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* Allow admins to disable the login formRoeland Jago Douma2021-03-081-0/+2
| | | | | | | | | In case they want to not allow this because they use SSO (and do not want the users to enter their credentials there by accident). ?direct=1 still works. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Merge pull request #25544 from nextcloud/refactor/app-password-created-eventChristoph Wurst2021-03-022-13/+15
|\ | | | | Move app_password_created to a typed event
| * Move app_password_created to a typed eventChristoph Wurst2021-02-092-13/+15
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Merge pull request #25086 from ↵Christoph Wurst2021-02-183-3/+3
|\ \ | | | | | | | | | | | | nextcloud/dependabot/composer/nextcloud/coding-standard-0.5.0 Bump nextcloud/coding-standard from 0.3.0 to 0.5.0
| * | Bump nextcloud/coding-standard from 0.3.0 to 0.5.0dependabot-preview[bot]2021-02-183-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 0.3.0 to 0.5.0. - [Release notes](https://github.com/nextcloud/coding-standard/releases) - [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md) - [Commits](https://github.com/nextcloud/coding-standard/compare/v0.3.0...v0.5.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | | Send emails on password reset to the displaynameJoas Schilling2021-02-181-1/+1
|/ / | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* / Make new result parts optionalJoas Schilling2021-02-121-3/+3
|/ | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Keep direct login active when redirectingJulius Härtl2021-02-011-1/+1
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Do not redirect to logout after loginRoeland Jago Douma2021-01-151-1/+4
| | | | | | | This can happen when the session was killed due to a timeout. Then logout was triggered. Nobody wants to login only to be logged out again. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Update license headersChristoph Wurst2020-12-301-3/+4
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Merge pull request #24702 from nextcloud/enhancement/well-known-handler-apiChristoph Wurst2020-12-181-0/+67
|\ | | | | Add well known handlers API
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-04 19:20:37 +0000