Lukas Reschke
4893d2c0ed
Show login again instead of JSON if CSRF check fails
...
Previously a JSON error page was shown to the user in-case the CSRF token was not valid. This was confusing and prevented people from login.
With this at least the login page is shown again and not a JSON error message. I consider this as sufficient since adding a new error page just for this sake would uneededly make lib/base.php even more cluttered and this is a edge-case which optimally should anyways not happen that often.
This can be tested by opening the login page, then clearing the cookies, and trying to login.
2014-09-23 14:55:08 +02:00
Thomas Müller
bb18fe1384
send browsers timezone back tp the server on login
2014-09-22 14:01:45 +02:00
Thomas Müller
b1d0a0f3bf
Merge pull request #10939 from owncloud/add-port-to-trusted-domain-wizard
...
Append port to trusted domain in case it's not 80 or 443
2014-09-22 10:04:02 +02:00
Lukas Reschke
d0d3b7457b
Move BasicAuth check to "isLoggedIn()"
...
Ensures that Basic Auth works properly for APIs and removes the need for some even uglier lines of code.
2014-09-18 16:14:07 +02:00
Robin Appelman
6fa3280c2a
Inject config into checkserver and cleanup tests
2014-09-18 13:33:13 +02:00
Lukas Reschke
c19bc1917b
Move basic auth check
...
At the previous point not all apps were initialized. Now the basic auth check happens together at the same location as all others.
Fixes https://github.com/owncloud/core/issues/11129
2014-09-17 16:04:12 +02:00
Lukas Reschke
07b14bcd4f
Merge pull request #10960 from owncloud/use-intl-module-master
...
use intl's native normalizer_normalize() in case the module is available
2014-09-15 14:13:30 +02:00
Thomas Müller
59209e0f2b
use intl's native normalizer_normalize() in case the module is available
2014-09-11 10:24:31 +02:00
kondou
69f2c0544e
Refresh if maintenance mode is over
...
Using status.php for this.
I modified status.php to also show, whether we're in maintenance.
Checks every 20 seconds if maintenance is over, if yes: reload.
2014-09-09 17:26:11 +02:00
Lukas Reschke
2590a4dc85
Append port to trusted domain in case it's not 80 or 443
...
Ref https://github.com/owncloud/core/pull/10584#issuecomment-54677059
2014-09-08 16:15:31 +02:00
Vincent Petry
d6bfd90bf8
Do not load extra user backends when an upgrade is due
...
Whenever an upgrade is due, do not load extra user backends
2014-09-08 12:30:04 +02:00
Lukas Reschke
c9afa60f62
Move trusted domain check to init()
...
handleRequest() is not called from remote.php or public.php which made these files party available but all included apps in there produced errors.
As the expected behaviour is anyways that a trusted domain warning is shown I moved this to init()
Fixes https://github.com/owncloud/core/issues/10064
2014-09-05 14:10:35 +02:00
Lukas Reschke
63a90a129b
Use proper RNG generator
...
OC_Util::generateRandomBytes() only returns lowercase alphanumeric values.
We should use the new RNG which has a broader characterset.
2014-09-03 17:46:48 +02:00
Robin Appelman
3c618a0252
Also setup the filesystem when matching routes
2014-09-02 16:15:42 +02:00
Robin Appelman
a9a37b5363
Don't automatically setup the filesystem the moment we load OC\Files\FileSystem
2014-09-02 16:15:42 +02:00
Robin Appelman
d0266c0bf8
Use public api for getting l10n
2014-08-31 10:08:22 +02:00
Jörn Friedrich Dreyer
f687794a4a
be correct in deprecation documentation
2014-08-29 10:22:21 +02:00
Jörn Friedrich Dreyer
f551917a3c
kill OC::$session
...
maintain deprecated \OC::$session when getting or setting the session via the server container or UserSession
restore order os OC::$session and OC::$CLI
remove unneded initialization of dummy session
write back session when $useCustomSession is true
log warning when deprecated app is used
2014-08-29 10:22:21 +02:00
Georg Ehrke
f82b788ba5
add moment.js
2014-08-26 17:39:15 +02:00
Lukas Reschke
97b536e3df
Add a trusted domain wizard
...
Adds a little button to the trusted domain warning, if an admin clicks on the warning he will be redirected to ownCloud and asked whether he want to trust this domain.
By far not the cleanest code, or clean at all, but does the job and I don't see a reason to make a lot of changes for this little improvement.
2014-08-21 22:22:35 +02:00
blizzz
52d5429768
Merge pull request #10522 from owncloud/removeLoadAppScript
...
Remove loadAppScriptFile
2014-08-21 19:59:31 +02:00
Lukas Reschke
ea2a45f19d
Remove loadAppScriptFile
2014-08-19 15:16:49 +02:00
Lukas Reschke
fdb203ff1e
Merge pull request #10409 from owncloud/iShallNotCopyStuffWithoutThinking
...
Add a copied_sample_config switch
2014-08-19 11:03:57 +02:00
Lukas Reschke
c33d1cacd4
Add a copied_sample_config switch
...
Hopefully this will stop people from copying the sample config. I'm so annoyed by all those wrong bug reports...
Add some explanation about this switch
Move check to init
2014-08-19 09:57:03 +02:00
Lukas Reschke
a822a31ce3
Merge pull request #10442 from owncloud/move-failed-logins
...
Move authentication failed logging to checkPassword
2014-08-15 16:50:28 +02:00
Lukas Reschke
5bb4772858
Move authentication failed logging to checkPassword
...
Fixes https://github.com/owncloud/core/issues/10366
2014-08-15 12:13:00 +02:00
Lukas Reschke
a4a897d26d
Remove ability to trigger DEBUG mode via cookie
...
Users should not be able to enable debug mode on their own by setting a cookie. Using debug mode might leak too much information about the environment or have other unexpected behaviour.
We should backport this.
2014-08-15 11:21:56 +02:00
Jörn Friedrich Dreyer
fd798fd982
update deprecation docs
2014-08-14 12:22:34 +02:00
blizzz
54491e8c68
Merge pull request #10323 from gekmihesg/master
...
Load authentication backends before tryBasicAuth
2014-08-13 16:08:48 +02:00
gekmihesg
578a57f0fb
Load authentication backends before tryBasicAuth
2014-08-10 13:29:32 +02:00
marc0s
f2e20757f6
Fix checking of NULL or empty OC::$THIRDPARTYROOT/OC::$THIRDPARTYWEBROOT
...
Fixes #10065
2014-07-30 23:24:55 +02:00
Morris Jobke
521934ee0d
Merge pull request #10029 from owncloud/fix-thirdparty
...
Fix silent crash if 3rdparty dir is not available
2014-07-30 18:34:55 +02:00
Victor Dubiniuk
eb9bd200fa
Replace exit with return
2014-07-30 14:03:31 +02:00
Victor Dubiniuk
31e7fdb9bf
Fix silent crash if 3rdparty dir is not available
2014-07-30 14:03:31 +02:00
Andreas Fischer
a8fbc709ce
Add registerAutoloaderCache().
2014-07-29 11:18:40 +02:00
Andreas Fischer
9be8ac5867
Memcache\Factory: Remove static, use globalPrefix.
2014-07-29 11:14:36 +02:00
Andreas Fischer
da391b8932
InstanceId is properly injected into factory. Remove comment.
2014-07-29 11:03:10 +02:00
Thomas Müller
a3411e3719
Merge pull request #9641 from owncloud/localuser-addressbook
...
ownCloud users are exported as address book
2014-07-28 12:18:56 +02:00
Jörn Friedrich Dreyer
ec7a10f882
reorder if statements to remove negation, indentation correction
2014-07-25 19:39:29 +02:00
Thomas Müller
176ecbd311
ownCloud users are exported as address book
2014-07-24 17:35:02 +02:00
Thomas Müller
2594fb80aa
don't silently exit in cli-mode in case ownCloud in not yet installed
2014-07-24 13:45:06 +02:00
Lukas Reschke
1c16d012ab
Remove uneeded strip_tags
...
This `strip_tags` seems to be completely unneeded and will cause problems with passwords containing stripped characters. (e.g. `<` or `>`)
Needs https://github.com/owncloud/core/pull/9735 to be merged first.
2014-07-19 10:17:24 +02:00
Andreas Fischer
bfd59bddf4
Extract Auth Header logic into new function handleAuthHeaders().
2014-07-19 02:21:18 +02:00
Andreas Fischer
fafed17c60
Deduplicate user/password extraction from alternative HTTP headers.
2014-07-19 02:06:37 +02:00
Joas Schilling
5d3e1bc023
Only calculate the WEBROOT from scriptName if it contains $SUBURI
...
If not we are most likely in CLI mode. However to be able to still
generate valid URLs, we need to use the overwrite webroot instead.
Fix #9490
2014-07-07 15:08:46 +02:00
Bjoern Schiessle
3c45925e74
fix hook names
2014-07-03 13:52:58 +02:00
Volkan Gezer
ae68a773c0
more strings to translate in utils also some fixes in defaults
2014-06-28 13:29:24 +02:00
Vincent Petry
a120d6e9a3
Bring back loadApps() in base.php
...
loadApps() had been deleted by mistake in
799205488c
2014-06-24 17:37:58 +02:00
Vincent Petry
799205488c
Prevent loadApps on upgrade
...
Moved OC::needUpgrade() to OCP\Util::needUpgrade() to make it accessible
form the router.
Moved maintenance + upgrade check to the router.
2014-06-18 11:10:07 +02:00
Lukas Reschke
d4bdcb7a9b
Merge pull request #9047 from owncloud/fix_preload_fundamental_apps
...
Load fundamental apps, before any possible customizing app may follow
2014-06-18 07:29:04 +02:00
Lukas Reschke
f2fc214ce0
Add deprecation notice to load* functions
...
This functions are deprecated and/or removed since ownCloud 7. Additionally a issubdirectory check has been added here to prevent developers to use this function in a potentially insecure way.
Port of https://github.com/owncloud/core/pull/9033
2014-06-16 20:33:04 +02:00
Arthur Schiwon
7b704eeb5e
Load fundamental apps, before any possible customizing app may follow
2014-06-16 13:12:21 +02:00
Morris Jobke
63c5c7bd21
set logger before registrate to an error handler
2014-06-09 10:02:23 +02:00
Thomas Müller
289accc31b
Merge pull request #8159 from owncloud/mobile-sidebar-swipe
...
Mobile sidebar swipe
2014-06-06 11:27:04 +02:00
Jan-Christoph Borchardt
9e56acbdc9
add snap.js script
2014-06-05 11:52:17 +02:00
Lukas Reschke
7c4abce373
Move authentication to it's own call
2014-06-05 11:45:45 +02:00
Lukas Reschke
ac7fb1b23e
Remove legacy routing code
...
The getfile routing code was absolutely legacy and not needed anymore. Additionally \OC::$REQUESTEDAPP was never set to the actually accessed application.
This commit removes the legacy routing code and ensures that $REQUESTEDAPP is always set so that other applications (e.g. the firewall or a two-factor authentication) can intercept the currently accessed app.
Testplan:
[x] Installation works
[x] Login with DB works
[x] Logout works
[x] Login with alternate backend works (tested with user_webdavauth)
[x] Other apps are accessible
[x] Redirect on login works (e.g. index.php?redirect_url=%2Fcore%2Findex.php%2Fsettings%2Fapps%3Finstalled)
[x] Personal settings are accessible
[x] Admin settings are accessible
[x] Sharing files works
[x] DAV works
[x] OC::$REQUESTEDAPP contains the requested application and can be intercepted by other applications
2014-06-05 11:45:45 +02:00
Thomas Müller
1c20c72efe
Merge pull request #8620 from owncloud/design-navigation-two
...
Toggle app navigation not only on mobile, but on desktop as well
2014-06-05 10:53:22 +02:00
Vincent Petry
95fda3c17c
Do not load apps when upgrade is needed
...
This prevents routes like "core/js/oc.js" to automatically load apps and
trigger their update prematurely.
2014-06-04 18:52:52 +02:00
Jan-Christoph Borchardt
35308f5b09
hide navigation by default, not only on small screens, first step
2014-06-04 14:29:46 +02:00
Bernhard Posselt
ade6ed3797
Merge pull request #8701 from owncloud/slide-up-toggle
...
Create reusable data attribute for apps setting slideup
2014-06-04 11:31:04 +02:00
Jan-Christoph Borchardt
a244172219
Merge pull request #8853 from owncloud/design-typeface
...
Use Open Sans as typeface
2014-06-04 11:16:03 +02:00
Jan-Christoph Borchardt
6b2b903ea6
Merge pull request #8468 from owncloud/remove-infieldlabels
...
Remove infieldlabels
2014-06-04 09:28:20 +02:00
Morris Jobke
3a1994d001
Merge pull request #8686 from owncloud/session-early
...
Make the session available as early as possible
2014-06-03 19:23:30 +02:00
Jan-Christoph Borchardt
80627dfd2c
use Open Sans as typeface
2014-06-03 19:07:08 +02:00
Morris Jobke
cea7d4961e
move to updated version of placeholder
2014-06-03 16:18:06 +02:00
Jan-Christoph Borchardt
7177d3a496
first step of infield label removal, fix login screen
2014-06-03 15:28:59 +02:00
Robin Appelman
3e14affa9b
Add some comments
2014-06-03 10:57:18 +02:00
Vincent Petry
4e957c7b18
Merge pull request #8443 from owncloud/csrf-on-login-and-logout
...
Add CSRF check on login and logout
2014-06-02 11:27:20 +02:00
Lukas Reschke
705242d390
Merge pull request #8727 from owncloud/upgrade-overview
...
Added update overview page
2014-05-29 21:28:47 +02:00
Lukas Reschke
ce9d5df6df
Merge pull request #8681 from owncloud/logintimestamp
...
Record login timestamp per user. Required for new user managament.
2014-05-28 19:06:47 +02:00
Thomas Müller
f03a3d9d05
remove legacy OC_Filesystem being used in a hook callback
2014-05-28 00:13:54 +02:00
Vincent Petry
02f682b156
Now showing disabled apps as upgrade status line
...
- Added app id in update overview.
- Added status message for disabled app for CLI upgrade and web upgrade
2014-05-27 15:20:33 +02:00
Vincent Petry
146583a98d
Added update overview page
2014-05-27 14:53:08 +02:00
Bernhard Posselt
c2330e558e
rename to apps.js
2014-05-26 17:31:41 +02:00
Lukas Reschke
c03e7fcfa9
Clarify comment
2014-05-24 10:24:42 +02:00
Bernhard Posselt
db1511a11d
add a slideup mechanism
2014-05-23 18:49:16 +02:00
Robin Appelman
8b56d52398
Make the session available as early as possible
2014-05-23 13:27:27 +02:00
Arthur Schiwon
2c89962919
clean up tryRememberLogin and save the timestamp of users last login
2014-05-21 18:03:37 +02:00
scolebrook
954d5b27ff
use custom logfile path if defined, otherwise use default of owncloud.log in data directory
2014-05-20 11:29:59 -04:00
Thomas Müller
f8cb8f4803
Merge branch 'master' into csrf-on-login-and-logout
...
Conflicts:
core/templates/login.php
2014-05-19 20:40:55 +02:00
Morris Jobke
dc36d30953
Remove all occurences of @brief and @returns from PHPDoc
...
* test case added to avoid adding them later
2014-05-19 17:50:53 +02:00
Thomas Müller
04e6c12fe2
Merge pull request #8557 from owncloud/custom_session_handling
...
Allow apps to create custom session handlers.
2014-05-19 15:58:30 +02:00
Robin McCorkell
bd3bf4b507
Change parameter order of implode
2014-05-13 19:08:14 +01:00
ringmaster
75bc25f906
Allow apps to create custom session handlers.
2014-05-12 11:08:28 -04:00
Thomas Müller
3cd32dcb7c
adding X-Robots-Tag to all responses of ownCloud + move addSecurityHeaders() to OC_Response, which seems to be a more reasonable place
2014-05-12 15:14:01 +02:00
Lukas Reschke
fd5b2d11d6
Rename issubdirectory to isSubDirectory
2014-05-11 15:50:59 +02:00
Lukas Reschke
e1e1009ccc
Redirect to index if the logout link is accessed without valid session
...
This is needed to prevent "Token expired" messages while login if a session is expired
@see https://github.com/owncloud/core/pull/8443#issuecomment-42425583
2014-05-11 13:09:46 +02:00
Lukas Reschke
73b914ddbc
Add CSRF check on login and logout
...
This is a minor issue and not worth a backport in my opinion as it could break more things than it's worth having it.
2014-05-04 13:56:21 +02:00
Bernhard Posselt
906061a07b
Merge pull request #8171 from owncloud/fix-import
...
be nice and use a relative import so people can use the class without fi...
2014-05-02 22:43:19 +02:00
Thomas Müller
7c0340c63c
Merge pull request #7852 from josh4trunks/basic_auth_fix
...
Fixes login / logout when HTTP Basic Headers are avilable.
2014-04-28 21:46:52 +02:00
Thomas Müller
6935364b33
add class Pimple to autloader
2014-04-28 20:57:44 +02:00
Lukas Reschke
1d9ac38da6
Remove an added t by the github webeditor
...
Notice to myself: Stick to my IDE.
2014-04-27 16:41:09 +02:00
Lukas Reschke
7a8bfeae6e
Grammatical fixes
2014-04-27 16:31:04 +02:00
Lukas Reschke
b6612ef04a
Clarify the trusted_domain error page
2014-04-26 23:11:29 +02:00
Volkan Gezer
ff0dab6e92
This adds one more missing untranslated text from lib/share
...
Also displays the untrusted domain warning in English
2014-04-24 01:42:18 +02:00
Lukas Reschke
e88731a477
Some more PHPDoc fixes
2014-04-21 15:44:54 +02:00
Lukas Reschke
c123dc7de4
Fix typo
...
Thanks @DeepDiver1975
2014-04-14 10:15:31 +02:00
Lukas Reschke
387d46cb98
Typo + Line breaks
2014-04-13 12:54:26 +02:00
Lukas Reschke
df67a04385
Move security headers to base.php
...
Some headers were currently only added to the templates but not to other components (e.g. SabreDAV / JSON / etc...)
The migration to base.php ensures that the headers are served to all requests passing base.php
2014-04-13 11:51:03 +02:00