summaryrefslogtreecommitdiffstats
path: root/tests/Core
Commit message (Collapse)AuthorAgeFilesLines
* Use ::class in test mocksMorris Jobke2017-10-244-14/+17
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Set the data from the templateJoas Schilling2017-10-181-36/+21
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Fix testsMorris Jobke2017-09-061-0/+12
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Fix broken testsMorris Jobke2017-09-041-1/+6
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Return the user id in case of an errorJoas Schilling2017-08-291-1/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Merge pull request #6177 from nextcloud/properly-add-slo-urlMorris Jobke2017-08-261-4/+4
|\ | | | | Properly allow \OCP\Authentication\IApacheBackend to specify logout URL
| * Properly allow \OCP\Authentication\IApacheBackend to specify logout URLLukas Reschke2017-08-181-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Any `\OCP\Authentication\IApacheBackend` previously had to implement `getLogoutAttribute` which returns a string. This string is directly injected into the logout `<a>` tag, so returning something like `href="foo"` would result in `<a href="foo">`. This is rather error prone and also in Nextcloud 12 broken as the logout entry has been moved with 054e161eb5f4a5c5c13ee322ae8e93ce66f01b13 inside the navigation manager where one cannot simply inject attributes. Thus this feature is broken in Nextcloud 12 which effectively leads to the bug described at nextcloud/user_saml#112, people cannot logout anymore when using SAML using SLO. Basically in case of SAML you have a SLO url which redirects you to the IdP and properly logs you out there as well. Instead of monkey patching the Navigation manager I decided to instead change `\OCP\Authentication\IApacheBackend` to use `\OCP\Authentication\IApacheBackend::getLogoutUrl` instead where it can return a string with the appropriate logout URL. Since this functionality is only prominently used in the SAML plugin. Any custom app would need a small change but I'm not aware of any and there's simply no way to fix this properly otherwise. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* | No password reset for disabled usersJoas Schilling2017-08-181-0/+29
|/ | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Fix LostControllerTestRoeland Jago Douma2017-08-091-0/+4
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Fix LoginControllerRoeland Jago Douma2017-08-091-0/+4
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Merge pull request #5907 from nextcloud/add-metadata-to-throttle-callMorris Jobke2017-08-011-2/+2
|\ | | | | Add metadata to \OCP\AppFramework\Http\Response::throttle
| * Add metadata to \OCP\AppFramework\Http\Response::throttleLukas Reschke2017-07-271-2/+2
| | | | | | | | | | | | Fixes https://github.com/nextcloud/server/issues/5891 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* | Merge pull request #5877 from nextcloud/typehint_middlewareMorris Jobke2017-08-011-6/+11
|\ \ | | | | | | Prop argument type for Middleware
| * | Fix testsRoeland Jago Douma2017-07-311-6/+11
| |/ | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Fix testsRoeland Jago Douma2017-08-011-3/+3
| | | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Fix settings/Controller/Lukas Reschke2017-08-011-2/+2
| | | | | | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* | Fix 403 and 404 redirectMorris Jobke2017-07-261-20/+0
|/ | | | | | | | * Nextcloud is not properly loaded in the standalone version (especially the theming) * it is already not listed anymore in the Nginx config (see nextcloud/documentation#392) * the index.php-free version doesn't support this Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Merge pull request #5567 from nextcloud/public-capabilitiesRoeland Jago Douma2017-07-121-0/+35
|\ | | | | Public capabilities API
| * Add tests for public capabiltiesJulius Härtl2017-06-301-0/+35
| | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* | Merge pull request #5441 from nextcloud/custom-theme-updateMorris Jobke2017-07-051-0/+82
|\ \ | |/ |/| Add command to apply updates to custom themes
| * Add command to apply updates to custom themesJulius Härtl2017-07-051-0/+82
| | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* | Add Clear-Site-Data headerLukas Reschke2017-06-201-0/+2
|/ | | | | | | | | | This adds a Clear-Site-Data header to the logout response which will delete all relevant data in the caches which may contain potentially sensitive content. See https://w3c.github.io/webappsec-clear-site-data/#header for the definition of the types. Ref https://twitter.com/mikewest/status/877149667909406723 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Add tests for ClientFlowLoginControllerLukas Reschke2017-05-181-19/+181
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Disable the API endpoints as wellJoas Schilling2017-05-111-15/+7
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Automatic injection for CssControllerJoas Schilling2017-05-101-3/+10
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Automatic injection for JsControllerJoas Schilling2017-05-101-1/+9
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Update login flow redirectionMario Danic2017-05-041-2/+2
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* add contactsmenu popoverGeorg Ehrke2017-04-261-0/+31
| | | | Signed-off-by: Georg Ehrke <developer@georgehrke.com>
* Merge branch 'master' into contactsmenuJan-Christoph Borchardt2017-04-261-0/+408
|\ | | | | | | Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
| * AppToken to 72 charsRoeland Jago Douma2017-04-251-2/+2
| | | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
| * Add new auth flowLukas Reschke2017-04-251-0/+408
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This implements the basics for the new app-password based authentication flow for our clients. The current implementation tries to keep it as simple as possible and works the following way: 1. Unauthenticated client opens `/index.php/login/flow` 2. User will be asked whether they want to grant access to the client 3. If accepted the user has the chance to do so using existing App Token or automatically generate an app password. If the user chooses to use an existing app token then that one will simply be redirected to the `nc://` protocol handler. While we can improve on that in the future, I think keeping this smaller at the moment has its advantages. Also, in the near future we have to think about an automatic migration endpoint so there's that anyways :-) If the user chooses to use the regular login the following happens: 1. A session state token is written to the session 2. User is redirected to the login page 3. If successfully authenticated they will be redirected to a page redirecting to the POST controller 4. The POST controller will check if the CSRF token as well as the state token is correct, if yes the user will be redirected to the `nc://` protocol handler. This approach is quite simple but also allows to be extended in the future. One could for example allow external websites to consume this authentication endpoint as well. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* | Let apps register contact menu provider via info.xmlChristoph Wurst2017-04-251-5/+11
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Contacts menuChristoph Wurst2017-04-251-0/+73
|/ | | | | | | * load list of contacts from the server * show last message of each contact Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix remember redirect_url on failed login attemptsChristoph Wurst2017-04-251-4/+6
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Rename renderHTML to renderHtmlMorris Jobke2017-04-191-3/+3
| | | | | | | * fixes #4383 * improves consistency Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Merge pull request #4350 from ↵Roeland Jago Douma2017-04-192-55/+23
|\ | | | | | | | | nextcloud/adjust-old-bruteforce-protection-annotations Adjust existing bruteforce protection code
| * Adjust existing bruteforce protection codeLukas Reschke2017-04-142-55/+23
| | | | | | | | | | | | | | - Moves code to annotation - Adds the `throttle()` call on the responses on existing annotations Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* | Add bruteforce protection to changePersonalPasswordLukas Reschke2017-04-181-39/+31
|/ | | | | | While the risk is actually quite low because one would already have the user session and could potentially do other havoc it makes sense to throttle here in case of invalid previous password attempts. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Make BruteForceProtection annotation more cleverLukas Reschke2017-04-131-130/+3
| | | | | | | | This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware. Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Merge pull request #4308 from nextcloud/lost-password-emailLukas Reschke2017-04-131-6/+52
|\ | | | | Update email template for lost password email
| * Update email template for lost password emailMorris Jobke2017-04-121-6/+52
| | | | | | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* | Merge pull request #2424 from ↵Morris Jobke2017-04-131-12/+14
|\ \ | | | | | | | | | | | | nextcloud/fix-login-controller-test-consolidate-login Fix login controller test and consolidate login
| * | do login routine only once when done via LoginControllerArthur Schiwon2017-04-061-8/+8
| | | | | | | | | | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
| * | fix login controller testsArthur Schiwon2017-04-061-6/+8
| | | | | | | | | | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | | Merge pull request #3043 from nextcloud/issue-3038-no-logentry-on-email-loginMorris Jobke2017-04-131-54/+54
|\ \ \ | |_|/ |/| | Dont create a log entry on email login
| * | Dont create a log entry on email loginJoas Schilling2017-04-071-54/+54
| |/ | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* / Move OC_Defaults to OCP\DefaultsMorris Jobke2017-04-091-3/+3
|/ | | | | | | | | | | | | * currently there are two ways to access default values: OCP\Defaults or OC_Defaults (which is extended by OCA\Theming\ThemingDefaults) * our code used a mixture of both of them, which made it hard to work on theme values * this extended the public interface with the missing methods and uses them everywhere to only rely on the public interface Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Merge pull request #4123 from nextcloud/allow-password-reset-with-emailRoeland Jago Douma2017-04-051-10/+75
|\ | | | | Allow to reset the password with the email as an input
| * Allow to reset the password with the email as an inputJoas Schilling2017-03-281-10/+75
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | Fix gzip files for SafariMorris Jobke2017-03-292-2/+2
| | | | | | | | | | | | | | * Safari support gzip only if the filename does not end on .gz - so this renames them to .gzip Signed-off-by: Morris Jobke <hey@morrisjobke.de>
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-22 05:57:42 +0000