summaryrefslogtreecommitdiffstats
path: root/core/Controller
Commit message (Collapse)AuthorAgeFilesLines
* feat: Close sessions created for login flow v2Louis Chemineau2025-03-031-0/+2
| | | | | | | | | | | | Sessions created during the login flow v2 should be short lived to not leave an unexpected opened session in the browser. This commit add a property to the session object to track its origin, and will close it as soon as possible, i.e., on the first non public page request. Signed-off-by: Louis Chemineau <louis@chmn.me> [skip ci] Signed-off-by: Louis Chemineau <louis@chmn.me>
* fix(ReferenceApiController): Bump rate limit for public resolve endpointbackport/49801/stable30Jonas2024-12-161-1/+1
| | | | | | | | | E.g. text documents might contain hundreds of links whose previews need to get loaded. Fixes: nextcloud/collectives#1607 Signed-off-by: Jonas <jonas@freesources.org>
* fix(TaskProcessing): Set up fs in getFileContentsInternalbackport/49489/stable30Marcel Klehr2024-11-261-0/+3
| | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
* fix(TaskProcessingApiController): Don't use + to merge non-assoc. arraysbackport/46222/stable30Marcel Klehr2024-11-061-3/+3
| | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
* fix(core): Limit valid avatar sizesprovokateurin2024-08-142-9/+8
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* fix: Add direct parameter to flow auth v2Julius Härtl2024-08-051-4/+6
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* chore: Remove deprecated legacy search backendJulius Härtl2024-08-011-46/+0
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* refactor(core): Make all attribute arguments namedprovokateurin2024-07-277-15/+15
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* refactor(core): Replace security annotations with respective attributesprovokateurin2024-07-2636-256/+219
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* Merge pull request #46761 from nextcloud/fix/core/document-csrf-token-endpointKate2024-07-261-2/+7
|\
| * fix(core): Document CSRF token endpointprovokateurin2024-07-251-2/+7
| | | | | | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* | Merge pull request #46672 from nextcloud/fix/preview-invalid-idAndy Scherzinger2024-07-251-0/+4
|\ \ | |/ |/| Avoid using partial file info as valid one
| * fix: Ignore preview requests for invalid file idsJulius Härtl2024-07-221-0/+4
| | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* | fix(taskprocessing): run cs:fixJulien Veyssier2024-07-251-14/+13
| | | | | | | | Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
* | feat(TaskProcessing): Implement enums and default valuesMarcel Klehr2024-07-251-19/+29
|/ | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
* feat(taskprocessing): add support for webhooks (http or AppAPI) in the task ↵Julien Veyssier2024-07-221-2/+8
| | | | | | processing API Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
* refactor: Migrate some legacy and core functions to `IFilenameValidator`Ferdinand Thiessen2024-07-191-2/+1
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* Merge pull request #46368 from nextcloud/fix/task-processingMarcel Klehr2024-07-191-2/+55
|\ | | | | TaskProcessing follow-up
| * fix(TaskProcessing): Update openapi specsMarcel Klehr2024-07-171-1/+7
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * fix(TaskProcessingApiController): Address review commentsMarcel Klehr2024-07-171-5/+5
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * fix: psalm errorsMarcel Klehr2024-07-171-3/+3
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * feat(TaskProcessing): Allow setting task results for file slotsMarcel Klehr2024-07-171-2/+49
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
* | fix(ReferenceApiController): Remove accidently added AnonRateLimitJonas2024-07-171-1/+0
| | | | | | | | Signed-off-by: Jonas <jonas@freesources.org>
* | feat(Reference): Add public API endpoints to get referencesJonas2024-07-171-0/+89
|/ | | | | | | | | | | | | | | | | | | | | | | Calling the public API endpoints will check for matching registered reference providers that implement `IPublicReferenceProvider` and call their respective functions. If no matching provider is found, the default `LinkReferenceProvider` will be used to provide open graph data. The frontend reference widget components will call these endpoints from unauthorized sessions, e.g. in public shares. If present, the sharing token of the origin URL is passed to `resolveReferencePublic()` as additional information for the reference provider to determine the access scope. This allows the respective reference providers to determine whether the origin share has access to the linked resource. `getCacheKeyPublic` also gets the sharing token so it can scope the cached entry to it. Contributes to #45978 Signed-off-by: Jonas <jonas@freesources.org>
* fix(core): use OC namespace for core ReponseDefinitions instead of OCAJulien CHATY-CAPELLE2024-07-1511-11/+11
| | | | Signed-off-by: Julien CHATY-CAPELLE <julien@chaty-capelle.fr>
* feat: Add new forbidden filename options to CapabilitiesFerdinand Thiessen2024-07-111-1/+4
| | | | | | | | | Allow clients to access the new filename validation options and make frontend name validation possible. Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de> Co-authored-by: Kate <26026535+provokateurin@users.noreply.github.com> Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* feat: don't count failed CSRF as failed login attemptBenjamin Gaussorgues2024-07-111-4/+12
| | | | Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
* feat(TaskProcessingApi): Add endpoint for getting the next taskprovokateurin2024-07-011-46/+137
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* Merge pull request #45811 from nextcloud/add-test-for-profile-page-controllerDaniel2024-06-121-2/+11
|\ | | | | test: add tests for ProfilePageController
| * test: add tests for ProfilePageControllerDaniel Kesselberg2024-06-121-2/+11
| | | | | | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* | fix(core): Return X-NC-IsCustomAvatar for guest avatars tooprovokateurin2024-06-122-5/+7
| | | | | | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* | fix(files_sharing): dark avatar supportskjnldsv2024-06-121-5/+5
| | | | | | | | Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
* | fix(core): allow guest avatar fallbackskjnldsv2024-06-121-2/+12
|/ | | | Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
* Merge pull request #43942 from nextcloud/fix/43612/avoid-pwd-confirm-ssoArthur Schiwon2024-06-071-1/+4
|\ | | | | fix(Session): avoid password confirmation on SSO
| * fix(Session): avoid password confirmation on SSOArthur Schiwon2024-06-051-1/+4
| | | | | | | | | | | | | | | | | | | | | | SSO backends like SAML and OIDC tried a trick to suppress password confirmations as they are not possible by design. At least for SAML it was not reliable when existing user backends where used as user repositories. Now we are setting a special scope with the token, and also make sure that the scope is taken over when tokens are regenerated. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | fix(core): unsupported browser redirect urlJohn Molakvoæ (skjnldsv)2024-06-011-1/+3
|/ | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* chore: Add SPDX headerAndy Scherzinger2024-05-2741-896/+93
| | | | Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
* Merge pull request #45354 from ↵Kate2024-05-161-29/+20
|\ | | | | | | nextcloud/docs/taskprocessingapi/cleanup-endpoint-descriptions
| * fix(TaskProcessingApi): Cleanup error handlingprovokateurin2024-05-161-10/+2
| | | | | | | | Signed-off-by: provokateurin <kate@provokateurin.de>
| * docs(TaskProcessingApi): Set correct status code messagesprovokateurin2024-05-161-6/+6
| | | | | | | | Signed-off-by: provokateurin <kate@provokateurin.de>
| * docs(TaskProcessingApi): Cleanup endpoint descriptionsprovokateurin2024-05-161-13/+12
| | | | | | | | Signed-off-by: provokateurin <kate@provokateurin.de>
| * docs(TaskProcessingApi): Fix result endpoint descriptionprovokateurin2024-05-161-1/+1
| | | | | | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* | Merge pull request #45317 from ↵Joas Schilling2024-05-161-2/+5
|\ \ | |/ |/| | | | | nextcloud/bugfix/noid/limit-maximum-number-of-search-results fix(search): Limit maximum number of search results
| * fix(search): Limit maximum number of search resultsJoas Schilling2024-05-151-2/+5
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | Merge pull request #45094 from nextcloud/enh/taskprocessing-apiMarcel Klehr2024-05-151-0/+430
|\ \ | |/ |/| feat: TaskProcessing API
| * fix(OCS-API): Add endpoint to list user tasksMarcel Klehr2024-05-141-3/+33
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * fix(OCS-API): No csrf required for /tasks/taskId/file/fileIdMarcel Klehr2024-05-141-0/+1
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * fix(ocs): change /tasktypes response to combine optional and non-optional IO ↵Marcel Klehr2024-05-141-4/+8
| | | | | | | | | | | | slots Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * feat: Add cancel endpoint to OCS APIMarcel Klehr2024-05-141-0/+32
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * fix: update openai specsMarcel Klehr2024-05-141-1/+1
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-23 20:02:40 +0000