summaryrefslogtreecommitdiffstats
path: root/core/Controller
Commit message (Collapse)AuthorAgeFilesLines
* fix(core): Add password confirmation requirement for getapppasswordJoas Schilling2023-07-171-0/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* fix(lostpassword): Also rate limit the setPassword endpointJoas Schilling2023-05-151-6/+12
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* feat(translation): Return the detected language so clients can show more detailsJoas Schilling2023-05-021-4/+8
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* feat(translation): Allow guests to use translations as wellJoas Schilling2023-04-131-2/+4
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* fix(translation): Use 400 as status code to be distinguishable from server ↵Joas Schilling2023-04-131-2/+2
| | | | | | errors Signed-off-by: Joas Schilling <coding@schilljs.com>
* fix(translation): Properly set the numbers as HTTP status codeJoas Schilling2023-04-131-2/+2
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* fix(translation): Translate error messages on translations APIJoas Schilling2023-04-131-4/+12
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Merge pull request #37495 from joshtrichards/jr-trim-pw-reset-usernameCôme Chilliet2023-04-051-0/+2
|\ | | | | Trim the user/email provided for password resets
| * Trim user earlierJosh Richards2023-04-041-1/+3
| | | | | | Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
| * Trim the user/email provided for password resetsJosh Richards2023-03-301-1/+1
| | | | | | Signed-off-by: Josh Richards <josh.t.richards@gmail.com>
* | Improve handling of profile fieldsChristopher Ng2023-03-301-0/+1
|/ | | | Signed-off-by: Christopher Ng <chrng8@gmail.com>
* Use implementations instead of interfaces for accessing private methodsjld31032023-03-301-1/+1
| | | | Signed-off-by: jld3103 <jld3103yt@gmail.com>
* Send header to all browsers under HTTPSGit'Fellow2023-03-261-2/+2
| | | | | | | | | | | | Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com> Don't send Clear-Site-Data to Safari Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com> Fix lint Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
* Fix controller class import for autocompletejld31032023-03-161-2/+3
| | | | Signed-off-by: jld3103 <jld3103yt@gmail.com>
* fix(translation): Allow regular users to use translation api endpointsJulius Härtl2023-02-281-0/+6
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* feat(translations): Add translation provider APIJulius Härtl2023-02-271-0/+66
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Merge pull request #36634 from ↵MichaIng2023-02-271-1/+1
|\ | | | | | | | | nextcloud/fix/client-login-flow/state-token-missing-response fix(client-login-flow): Use correct response for missing state token
| * fix(client-login-flow): Use correct response for missing state tokenChristoph Wurst2023-02-091-1/+1
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | [reference preview] fix getting null mimetype if the cached reference lacks ↵Julien Veyssier2023-02-221-1/+4
| | | | | | | | | | | | an image content type Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
* | Merge pull request #36443 from nextcloud/fix/23063/fix-login-log-entrySimon L2023-02-151-2/+2
|\ \ | |/ |/| fix the login log entry
| * fix the login log entrySimon L2023-01-301-2/+2
| | | | | | | | Signed-off-by: Simon L <szaimen@e.mail.de>
* | Merge pull request #36489 from ↵Joas Schilling2023-02-061-1/+5
|\ \ | | | | | | | | | | | | nextcloud/bugfix/noid/brute-force-protection-password-reset Add bruteforce protection to password reset page
| * | Add bruteforce protection to password reset pageJoas Schilling2023-02-021-1/+5
| |/ | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* / fix(client-login-flow): Handle missing stateToken gracefullyChristoph Wurst2023-02-061-3/+26
|/ | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Merge pull request #36363 from nextcloud/feat/app-framework/usesession-attributeChristoph Wurst2023-01-275-15/+20
|\ | | | | feat(app-framework): Add UseSession attribute to replace annotation
| * feat(app-framework): Add UseSession attribute to replace annotationChristoph Wurst2023-01-275-15/+20
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | handle and return touchProvider errorsJulien Veyssier2023-01-271-7/+3
| | | | | | | | Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
* | add 'last used timestamp' management for reference providersJulien Veyssier2023-01-271-1/+19
| | | | | | | | Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
* | extend the reference API for the new link pickerJulien Veyssier2023-01-271-0/+14
|/ | | | | | | | | - add 2 interfaces for discoverable and searchable reference providers - new OCS route to get info on discoverable/searchable reference providers - new abstract ADiscoverableReferenceProvider that only implements jsonSerialize - listen to RenderReferenceEvent to inject provider list with initial state Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
* composer run cs:fixCôme Chilliet2023-01-205-12/+8
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Merge pull request #27492 from ↵Simon L2023-01-181-5/+3
|\ | | | | | | | | cyclops8456/feature/24301-remove-can-install-on-occ-maintenance-install Remove the CAN_INSTALL file when occ maintenance:install is complete
| * Rename canInstallExists method and add new method for removalAlex Harpin2023-01-101-2/+2
| | | | | | | | | | | | | | | | Rename canInstallExists to shouldRemoveCanInstallFile to cover removal of this file for non-git channels and logging any failure to remove it. Add new method to detect if this file exists during web based installation. Signed-off-by: Alex Harpin <development@landsofshadow.co.uk>
| * Move CAN_INSTALL check to method and remove unlink from SetupControllerAlex Harpin2023-01-101-5/+3
| | | | | | | | | | | | Move the check for the CAN_INSTALL file in the config directory to a method in the Setup class and remove the call to unlink from the SetupController as this in now handled in the Setup class. Signed-off-by: Alex Harpin <development@landsofshadow.co.uk>
* | feat(app framework)!: Inject services into controller methodsChristoph Wurst2023-01-181-11/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Usually Nextcloud DI goes through constructor injection. This has the implication that each instance of a class builds the full DI tree. That is the injected services, their services, etc. Occasionally there is a service that is only needed for one controller method. Then the DI tree is build regardless if used or not. If services are injected into the method, we only build the DI tree if that method gets executed. This is also how Laravel allows injection. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Fix login loop if login CSRF fails and user is not logged inChristoph Wurst2023-01-181-4/+16
|/ | | | | | | | | | If CSRF fails but the user is logged in that they probably logged in in another tab. This is fine. We can just redirect. If CSRF fails and the user is also not logged in then something is fishy. E.g. because Nextcloud contantly regenrates the session and the CSRF token and the user is stuck in an endless login loop. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add a const for the max user password lengthJoas Schilling2023-01-041-1/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Also limit the password length on resetJoas Schilling2023-01-032-1/+5
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* chore: Make the LoginController strictChristoph Wurst2022-12-151-1/+4
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix GH-33187Daniel Kesselberg2022-12-121-1/+1
| | | | | | $this->userId is null when loggedin via app password. Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Fix default redirect on successful WebAuthn loginRichard Steinmetz2022-12-051-2/+8
| | | | Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
* Merge pull request #35385 from pulsejet/patch-previewtypeSimon L2022-12-031-1/+1
|\ | | | | Fix type of PreviewController::$userId
| * Fix type of PreviewController::$userIdVarun Patil2022-11-241-1/+1
| | | | | | | | | | | | Can be null if not logged in; currently crashes Signed-off-by: Varun Patil <varunpatil@ucla.edu>
* | Revert unrelated change from #34940Carl Schwan2022-12-021-1/+1
|/ | | | | | | Probably a left over from an experience that I added by mistake in the change Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* Add mastodon personal info fieldCarl Schwan2022-11-211-1/+1
| | | | Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* Check share attributes on preview endpointsJulius Härtl2022-10-251-0/+11
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Use proper error pages instead of always redirectingJulius Härtl2022-10-211-0/+62
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Cleanup ie and old edge propertiesJohn Molakvoæ (skjnldsv)2022-10-191-0/+51
| | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* Add rate limiting on lost password emailsCôme Chilliet2022-10-181-6/+17
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix reference preview endpoint when no server-side cache configuredJulien Veyssier2022-10-131-4/+7
| | | | Signed-off-by: Julien Veyssier <eneiluj@posteo.net>
* Fix URLs on reference resolvingJoas Schilling2022-09-301-1/+1
| | | | | | The vue-richtext app currently sends leading spaces if they are in the text. Signed-off-by: Joas Schilling <coding@schilljs.com>
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-01 08:30:28 +0000