nextcloud-server.git - Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server

	Commit message (Collapse)	Author	Age	Files	Lines
*	Merge pull request #1978 from nextcloud/remove-send-mail-option	Morris Jobke	2016-11-02	1	-40/+16
\|\ \| \| \| \|	Remove send mail option
\| *	remove 'send mail notification' option from sharing, replaced by ↵	Bjoern Schiessle	2016-11-02	1	-40/+16
\| \| \| \| \| \| \| \| \| \| \| \|	send-by-mail feature Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
* \|	Merge pull request #1988 from nextcloud/silly-but-effective-test	Morris Jobke	2016-11-02	1	-0/+68
\|\ \ \| \| \| \| \| \|	Add test for "languageCodes.php"
\| * \|	Add test for "languageCodesTest.php"	Lukas Reschke	2016-11-02	1	-0/+68
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Arguably not the most awesome test but increases coverage and is an easy gain. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* \| \|	Merge pull request #1981 from nextcloud/multibucket-num-buckets	Lukas Reschke	2016-11-02	2	-9/+13
\|\ \ \ \| \| \| \| \| \| \| \|	Allow setting a maximun number of buckets for multibucket
\| * \| \|	Allow setting a maximun number of buckets for multibucket	Robin Appelman	2016-11-02	2	-9/+13
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Signed-off-by: Robin Appelman <robin@icewind.nl>
* \| \| \|	Add tests	Lukas Reschke	2016-11-02	2	-0/+139
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* \| \| \|	Inject config and logger	Joas Schilling	2016-11-02	2	-7/+29
\| \|/ / \|/\| \| \| \| \| \| \| \|	Signed-off-by: Joas Schilling <coding@schilljs.com>
* \| \|	Merge pull request #1347 from nextcloud/bring-back-remember-me	Morris Jobke	2016-11-02	5	-174/+471
\|\ \ \ \| \| \| \| \| \| \| \|	fix remember me login
\| * \| \|	Add missing tests and fix PHPDoc	Lukas Reschke	2016-11-02	2	-3/+160
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
\| * \| \|	inject ISecureRandom into user session and use injected config too	Christoph Wurst	2016-11-02	1	-49/+60
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
\| * \| \|	bring back remember-me	Christoph Wurst	2016-11-02	5	-140/+269
\| \|/ / \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* \| \|	Merge pull request #1940 from nextcloud/new-appstore	Michael Grosser	2016-11-02	15	-1368/+1321
\|\ \ \ \| \|/ / \|/\| \|	Use new appstore API
\| * \|	Add tests for installer method	Lukas Reschke	2016-10-31	4	-0/+522
\| \| \| \| \| \| \| \| \| \| \| \|	Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
\| * \|	Proxy images through usercontent.apps.nextcloud.com	Lukas Reschke	2016-10-31	1	-14/+2
\| \| \| \| \| \| \| \| \| \| \| \|	Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
\| * \|	Add update support	Lukas Reschke	2016-10-31	4	-77/+279
\| \| \| \| \| \| \| \| \| \| \| \|	Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
\| * \|	Use substr and explode instead of a regex	Lukas Reschke	2016-10-31	1	-0/+7
\| \| \| \| \| \| \| \| \| \| \| \|	Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
\| * \|	Fix tests	Lukas Reschke	2016-10-31	4	-5/+12
\| \| \| \| \| \| \| \| \| \| \| \|	Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
\| * \|	Use new appstore API	Lukas Reschke	2016-10-31	8	-1291/+518
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This change introduces the new appstore API in Nextcloud. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* \| \|	Merge pull request #1966 from nextcloud/fix-csrf-token-generation	Roeland Jago Douma	2016-11-02	2	-4/+12
\|\ \ \ \| \|_\|/ \|/\| \|	Fix CSRF token generation / validation
\| * \|	Fix CSRF token generation / validation	Leon Klingele	2016-11-02	2	-4/+12
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Operate on raw bytes instead of base64-encoded strings. Issue was introduced in a977465 Signed-off-by: Leon Klingele <git@leonklingele.de>
* \| \|	add method to check if a share provider for a given type is loaded	Bjoern Schiessle	2016-11-01	1	-0/+40
\|/ / \| \| \| \| \| \|	Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
* \|	Add defaultShareProvider & federatedshareprovider tests	Roeland Jago Douma	2016-11-01	1	-0/+91
\| \| \| \| \| \| \| \|	Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* \|	Add Manager unit tests	Roeland Jago Douma	2016-11-01	1	-6/+77
\| \| \| \| \| \| \| \|	Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* \|	Add getShareTypesInFolder to optimize folder listening	Robin Appelman	2016-10-31	1	-0/+9
\|/ \| \| \|	Signed-off-by: Robin Appelman <icewind@owncloud.com>
*	Fix more tests	Roeland Jago Douma	2016-10-28	3	-143/+4
\| \| \| \|	Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
*	Proper DI of config	Roeland Jago Douma	2016-10-28	5	-31/+61
\| \| \| \| \| \|	* Fixed comments Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
*	introduce callForSeenUsers and countSeenUsers (#26361)	Jörn Friedrich Dreyer	2016-10-28	2	-1/+66
\| \| \| \| \| \| \| \| \| \|	* introduce callForSeenUsers and countSeenUsers * add tests * oracle should support not null on clob * since 9.2.0
*	Merge pull request #1800 from nextcloud/nextcloud-rich-object-strings	Morris Jobke	2016-10-27	2	-29/+74
\|\ \| \| \| \|	Nextcloud rich object strings
\| *	Allow rich object subjects for Notifications	Joas Schilling	2016-10-20	1	-29/+21
\| \| \| \| \| \| \| \|	Signed-off-by: Joas Schilling <coding@schilljs.com>
\| *	Add Rich Object Definitions and a validator	Joas Schilling	2016-10-20	1	-0/+53
\| \| \| \| \| \| \| \|	Signed-off-by: Joas Schilling <coding@schilljs.com>
* \|	Remove internal share mail function	Roeland Jago Douma	2016-10-26	1	-48/+0
\| \| \| \| \| \| \| \|	Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* \|	Merge pull request #1920 from ↵	Roeland Jago Douma	2016-10-26	1	-0/+14
\|\ \ \| \| \| \| \| \| \| \| \| \| \| \|	nextcloud/legacy-pages-should-also-receive-the-nonce Add nonce also to legacy CSP
\| * \|	Identify Chromium as Chrome	Joas Schilling	2016-10-26	1	-0/+14
\| \| \| \| \| \| \| \| \| \| \| \|	Signed-off-by: Joas Schilling <coding@schilljs.com>
* \| \|	Merge pull request #1738 from ↵	Morris Jobke	2016-10-26	3	-6/+133
\|\ \ \ \| \|/ / \|/\| \| \| \| \| \| \| \|	nextcloud/comments-provide-displaynames-with-mentions comment mentions: show displayname not uid
\| * \|	add missing methods to test fake manager	Arthur Schiwon	2016-10-20	1	-0/+4
\| \| \| \| \| \| \| \| \| \| \| \|	Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
\| * \|	resolve displayname via manager and registerable resolvers	Arthur Schiwon	2016-10-19	1	-0/+78
\| \| \| \| \| \| \| \| \| \| \| \|	Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
\| * \|	move mention extraction to (I)Comment and report mentions via DAV	Arthur Schiwon	2016-10-19	1	-6/+51
\| \| \| \| \| \| \| \| \| \| \| \|	Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* \| \|	Move browserSupportsCspV3 to CSPNonceManager	Roeland Jago Douma	2016-10-25	2	-6/+13
\| \| \| \| \| \| \| \| \| \| \| \|	Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* \| \|	Merge pull request #1878 from nextcloud/downstream-25936	Morris Jobke	2016-10-25	2	-7/+8
\|\ \ \ \| \| \| \| \| \| \| \|	Adjust unit tests to upstream
\| * \| \|	[9.2] Add missing unit tests (#25936)	Thomas Müller	2016-10-24	2	-7/+8
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	* Adjust unit test execution after folder rename * Adjust login controller tests to match current behavior * Fix broken unit tests
* \| \| \|	Merge pull request #1871 from nextcloud/use-csp-nonces	Morris Jobke	2016-10-25	5	-1/+156
\|\ \ \ \ \| \| \| \| \| \| \| \| \| \|	Use CSP nonces
\| * \| \| \|	Add ContentSecurityPolicyNonceManager	Lukas Reschke	2016-10-24	1	-0/+57
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
\| * \| \| \|	Add support for CSP nonces	Lukas Reschke	2016-10-24	4	-1/+99
\| \|/ / / \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	CSP nonces are a feature available with CSP v2. Basically instead of saying "JS resources from the same domain are ok to be served" we now say "Ressources from everywhere are allowed as long as they add a `nonce` attribute to the script tag with the right nonce. At the moment the nonce is basically just a `<?php p(base64_encode($_['requesttoken'])) ?>`, we have to decode the requesttoken since `:` is not an allowed value in the nonce. So if somebody does on their own include JS files (instead of using the `addScript` public API, they now must also include that attribute.) IE does currently not implement CSP v2, thus there is a whitelist included that delivers the new CSP v2 policy to newer browsers. Check http://caniuse.com/#feat=contentsecuritypolicy2 for the current browser support list. An alternative approach would be to just add `'unsafe-inline'` as well as `'unsafe-inline'` is ignored by CSPv2 when a nonce is set. But this would make this security feature unusable at all in IE. Not worth it at the moment IMO. Implementing this offers the following advantages: 1. Security: As we host resources from the same domain by design we don't have to worry about 'self' anymore being in the whitelist 2. Performance: We can move oc.js again to inline JS. This makes the loading way quicker as we don't have to load on every load of a new web page a blocking dynamically non-cached JavaScript file. If you want to toy with CSP see also https://csp-evaluator.withgoogle.com/ Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* \| \| \|	Merge pull request #1884 from nextcloud/downstream-26292	Lukas Reschke	2016-10-25	1	-34/+43
\|\ \ \ \ \| \| \| \| \| \| \| \| \| \|	Fix logClientIn for non-existing users (#26292)
\| * \| \| \|	Fix and cleanup SessionTest	Roeland Jago Douma	2016-10-25	1	-43/+26
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
\| * \| \| \|	Fix logClientIn for non-existing users (#26292)	Vincent Petry	2016-10-25	1	-0/+26
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	The check for two factor enforcement would return true for non-existing users. This fix makes it return false in order to be able to perform the regular login which will then fail and return false. This prevents throwing PasswordLoginForbidden for non-existing users.
* \| \| \| \|	Merge pull request #1452 from nextcloud/appconfig-endpoint	Joas Schilling	2016-10-25	2	-3/+20
\|\ \ \ \ \ \| \|/ / / / \|/\| \| \| \|	Appconfig endpoint
\| * \| \| \|	Make AppConfig part of the public API	Joas Schilling	2016-10-21	2	-3/+20
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Signed-off-by: Joas Schilling <coding@schilljs.com>
* \| \| \| \|	App dependencies are now analysed on app enable as well - not only on app ↵	Thomas Müller	2016-10-24	1	-26/+30
\| \|/ / / \|/\| \| \| \| \| \| \| \| \| \| \|	install.