aboutsummaryrefslogtreecommitdiffstats
path: root/tests/Core/Controller
Commit message (Collapse)AuthorAgeFilesLines
* test: Finish migrating tests/Core/ to PHPUnit 10 compatible codetest/noid/more-phpunit-10Joas Schilling2025-05-026-68/+114
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* fix: Add etag tests to NavigationControllerTestfix/52278/remove-unused-etag-checkMarcel Müller2025-04-301-0/+32
| | | | Signed-off-by: Marcel Müller <marcel-mueller@gmx.de>
* fix: Remove unneccesary etag checkMarcel Müller2025-04-291-31/+0
| | | | Signed-off-by: Marcel Müller <marcel-mueller@gmx.de>
* feat(login-flow-v2): Restrict allowed apps by user agent checkMisha M.-Kupriyanov2025-04-231-0/+69
| | | | | | | | | | | Enable via: ./occ config:system:set core.login_flow_v2.allowed_user_agents 0 --value '/Custom Foo Client/i' ./occ config:system:set core.login_flow_v2.allowed_user_agents 1 --value '/Custom Bar Client/i' if user agent string is unknown the template with "Access forbidden"-"Please use original client" will be displayed Signed-off-by: Misha M.-Kupriyanov <kupriyanov@strato.de>
* fix(oauth2): retain support for legacy ownCloud clientsfix/oauth2/retain-legacy-oc-client-supportRichard Steinmetz2025-04-011-2/+8
| | | | Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
* fix(phpunit): Remove some more withConsecutive callstechdebt/noid/prepare-phpunit10Joas Schilling2025-03-311-17/+13
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* fix: Migrate all uses of OCP\Template to OCP\Template\ITemplateManagerCôme Chilliet2025-03-061-3/+3
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix: Remove skip of grant page, only skip first stepCôme Chilliet2025-01-071-4/+0
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* chore: Adapt tests to added constructor parametersCôme Chilliet2025-01-071-30/+24
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* feat(login): add origin check at loginBenjamin Gaussorgues2024-12-051-5/+23
| | | | Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
* chore(profile): move profile app from core to appsskjnldsv2024-11-141-78/+0
| | | | Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
* fix: Adjust preview for view-only sharesfix/view-only-previewFerdinand Thiessen2024-10-281-17/+174
| | | | | | | | | | | | | | | | | Previously there was a different behavior for public shares (link-shares) and internal shares, if the user disabled the view permission. The legacy UI for public shares simply "disabled" the context menu and hided all download actions. With Nextcloud 31 all share types use the consistent permissions attributes, which simplifies code, but caused a regression: Images can no longer been viewed. Because on 30 and before the attribute was not set, previews for view-only files were still allowed. Now with 31 we need a new way to allow "viewing" shares. So this is allowing previews for those files, but only for internal usage. This is done by settin a special header, which only works with custom requests, and not by opening the URL directly. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* chore(legacy): Introduce public version ct plass and drop version methods ↵clean/version-ocpJulius Knorr2024-09-201-11/+17
| | | | | | from OC_Util Signed-off-by: Julius Knorr <jus@bitgrid.net>
* chore(deps): Update nextcloud/coding-standard to v1.3.1provokateurin2024-09-194-20/+20
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* refactor: Add void return type to PHPUnit test methodsChristoph Wurst2024-09-1518-135/+135
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* style: update codestyle for coding-standard 1.2.3Daniel Kesselberg2024-08-255-39/+39
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* fix: Ignore preview requests for invalid file idsJulius Härtl2024-07-221-0/+1
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* feat: don't count failed CSRF as failed login attemptBenjamin Gaussorgues2024-07-111-1/+0
| | | | Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
* Merge pull request #45811 from nextcloud/add-test-for-profile-page-controllerDaniel2024-06-121-0/+78
|\ | | | | test: add tests for ProfilePageController
| * test: add tests for ProfilePageControllerDaniel Kesselberg2024-06-121-0/+78
| | | | | | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* | fix(files_sharing): dark avatar supportskjnldsv2024-06-121-2/+13
|/ | | | Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
* chore: Add SPDX headerAndy Scherzinger2024-05-1320-353/+47
| | | | Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
* fix(auth): Keep redirect URL during 2FA setup and challengeChristoph Wurst2024-04-191-3/+6
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* feat(login): Clear login form (password) after IDLE timeoutFerdinand Thiessen2024-03-251-19/+9
| | | | | | | | | For security reasons it is recommended to stop the login process at a defined time, this could prevent password leaks by e.g. user forgetting that they entered their password on public devices. Enforced e.g. by the BSI ORP.4.A13 rule. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* chore: update logincontroller testsEduardo Morales2024-03-101-5/+12
| | | | Signed-off-by: Eduardo Morales <emoral435@gmail.com>
* feat(core): Add OCS endpoint for confirming the user passwordprovokateurin2024-02-201-1/+19
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* fix: phpunitJohn Molakvoæ2024-02-131-1/+1
| | | | Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
* fix(tests): Fix remaining testsJoas Schilling2024-01-091-1/+7
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Fix tests after slow logout fixLouis Chemineau2024-01-081-1/+4
| | | | Signed-off-by: Louis Chemineau <louis@chmn.me>
* Cancel PR #37405, remove regression codeGaspard d'Hautefeuille2024-01-051-4/+25
| | | | Signed-off-by: Gaspard d'Hautefeuille <github@dhautefeuille.eu>
* chore: apply changes from Nextcloud coding standards 1.1.1Joas Schilling2023-11-231-1/+1
| | | | | Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
* Merge pull request #39852 from nextcloud/pragmaHeaderFerdinand Thiessen2023-10-182-6/+0
|\ | | | | Stop sending deprecated Pragma header
| * Stop sending deprecated Pragma headerGit'Fellow2023-08-282-6/+0
| | | | | | | | Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
* | Fix Dynamic property timeFactory in ClientFlowLoginControllerTestCôme Chilliet2023-10-091-1/+2
| | | | | | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* | make oauth2 authorization code expire after 10 minutesJulien Veyssier2023-10-051-1/+4
| | | | | | | | Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
* | techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25Joas Schilling2023-08-281-3/+3
|/ | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* fix(tests): preview phpunitJohn Molakvoæ2023-08-171-2/+2
| | | | Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
* core: Add OpenAPI specjld31032023-07-131-1/+1
| | | | Signed-off-by: jld3103 <jld3103yt@gmail.com>
* fix(tests): Adjust unit testsJoas Schilling2023-05-151-8/+8
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Add some tests for input trimming in LostController.phpJoshua Trees2023-04-051-0/+36
| | | | Signed-off-by: Joshua Trees <me@jtrees.io>
* Fix testsGit'Fellow2023-03-281-25/+4
| | | Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
* Merge pull request #36489 from ↵Joas Schilling2023-02-061-0/+1
|\ | | | | | | | | nextcloud/bugfix/noid/brute-force-protection-password-reset Add bruteforce protection to password reset page
| * fix(CI): Adjust expected resultJoas Schilling2023-02-061-0/+1
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | fix(client-login-flow): Handle missing stateToken gracefullyChristoph Wurst2023-02-061-0/+6
|/ | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix tests failures (number of calls differed with last rebase)Côme Chilliet2023-01-241-15/+15
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Fix a bunch of deprecation in the phpunit for coreCarl Schwan2023-01-243-49/+48
| | | | Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* composer run cs:fixCôme Chilliet2023-01-2014-14/+0
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* feat(app framework)!: Inject services into controller methodsChristoph Wurst2023-01-181-20/+17
| | | | | | | | | | | | | | | Usually Nextcloud DI goes through constructor injection. This has the implication that each instance of a class builds the full DI tree. That is the injected services, their services, etc. Occasionally there is a service that is only needed for one controller method. Then the DI tree is build regardless if used or not. If services are injected into the method, we only build the DI tree if that method gets executed. This is also how Laravel allows injection. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix login loop if login CSRF fails and user is not logged inChristoph Wurst2023-01-181-10/+11
| | | | | | | | | | If CSRF fails but the user is logged in that they probably logged in in another tab. This is fine. We can just redirect. If CSRF fails and the user is also not logged in then something is fishy. E.g. because Nextcloud contantly regenrates the session and the CSRF token and the user is stuck in an endless login loop. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* chore: Make the LoginController strictChristoph Wurst2022-12-151-4/+17
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
generated by cgit v1.2.3 (git 2.39.1) at 2025-06-04 15:35:51 +0000