Commit graph

143 commits

Author SHA1 Message Date
Michael Weimann
de7606dc68 Adds disabled user unit tests
Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
2018-07-21 13:05:25 +02:00
Morris Jobke
9444a3fad1
Merge pull request #9632 from nextcloud/enhancement/stateful-2fa-providers
Stateful 2fa providers
2018-06-25 15:49:58 +02:00
Robin Appelman
8ed50d4b63
prefill userid for login after password reset
Signed-off-by: Robin Appelman <robin@icewind.nl>
2018-06-21 15:18:07 +02:00
Christoph Wurst
13d93f5b25
Make 2FA providers stateful
This adds persistence to the Nextcloud server 2FA logic so that the server
knows which 2FA providers are enabled for a specific user at any time, even
when the provider is not available.

The `IStatefulProvider` interface was added as tagging interface for providers
that are compatible with this new API.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-06-20 08:30:26 +02:00
Roeland Jago Douma
362e6b2903
Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-14 13:30:22 +02:00
Roeland Jago Douma
2b7d4d5069
Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-04-06 19:58:37 +02:00
Roeland Jago Douma
796b4f19f8
Add Cache-control: immutable
Cache generated CSS forever!
Also cache combined JS forever
Fix tests

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-03-19 14:21:53 +01:00
Christoph Wurst
b9720703e8 Add CSRF token controller to retrieve the current CSRF token
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2018-03-08 16:48:50 +01:00
Julius Härtl
16ac8eaac9
Fix tests
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-03-07 09:17:18 +01:00
Julius Härtl
11b6cc3f68
Replace logout href to avoid new etag on every request
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-03-06 09:51:28 +01:00
Julius Härtl
723b8764d1
Add ETag to NavigationController
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-03-05 12:19:20 +01:00
Roeland Jago Douma
cf83eb5e77
Merge pull request #8336 from nextcloud/cleanup-unused-parameter
Cleanup unused parameter
2018-02-20 10:16:59 +01:00
Morris Jobke
bcf1668cc8
Remove config from AutoCompleteController
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-02-13 21:40:30 +01:00
Julius Härtl
5a23b35ddb
Also rewrite icon url
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-12 21:20:21 +01:00
Julius Härtl
922cf44c81
Move to OCS endpoint
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-12 17:22:33 +01:00
Julius Härtl
8ecac56543
Allow requesting absolute URLs
They might be useful when requesting the navigation from the clients

Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-12 17:22:32 +01:00
Julius Härtl
6211d18dc1
Add tests for NavigationController
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2018-02-12 17:22:32 +01:00
Morris Jobke
4ef302c0be
Request->getHeader() should always return a string
PHPDoc (of the public API) says that this method returns string but it also returns null, which is not allowed in some method calls. This fixes that behaviour and returns an empty string and fixes all code paths that explicitly checked for null to be still compliant.

Found while enabling the strict_typing for lib/private for the PHP7+ migration.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-17 09:51:31 +01:00
Roeland Jago Douma
b1d8084700
Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-15 21:43:11 +01:00
Joas Schilling
7789fbdea6
Add unit test
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-01-15 00:50:52 +01:00
Roeland Jago Douma
8d1dd1945f
Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-13 13:58:06 +01:00
Julius Härtl
f5f6ed664d
Hide stay logged in checkbox when flow authentication is used
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-12-28 11:15:26 +01:00
Roeland Jago Douma
c1fcd6fc98
Merge pull request #7324 from nextcloud/no-sorters-no-instances
don't create sorter instances when none was requested
2017-12-11 15:27:44 +01:00
Morris Jobke
ed7beb929e
Merge pull request #6876 from nextcloud/always_img_avatar
Always generate avatar
2017-12-08 23:58:17 +01:00
Bjoern Schiessle
555fe7047f
fix tests
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-12-08 13:29:33 +01:00
Roeland Jago Douma
8e8fe6b8eb
Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-11-29 14:23:15 +01:00
Arthur Schiwon
96bc03a03a
don't create sorter instances when none was requested
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-11-28 13:30:51 +01:00
Mario Danic
c2cd5fc5d3 Fix flow
Signed-off-by: Mario Danic <mario@lovelyhq.com>
2017-11-09 00:29:34 +01:00
Julius Härtl
cd1bfea8c4
Theming: theme flow redirection page
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-11-08 14:56:32 +01:00
Arthur Schiwon
e2805f02aa
Merge branch 'master' into autocomplete-gui 2017-11-01 15:37:29 +01:00
Arthur Schiwon
25aad121e6
meanwhile we can have exact matches. also show those.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-10-31 14:58:48 +01:00
Arthur Schiwon
fa2f03979b
add search parameter to autocomplete controller
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-10-25 17:26:50 +02:00
Morris Jobke
43e498844e
Use ::class in test mocks
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-10-24 17:45:32 +02:00
Arthur Schiwon
fd6daf8d19
AutoCompletion backend
* introduce a Controller for requests
* introduce result sorting mechanism
* extend Comments to retrieve commentors (actors) in a tree
* add commenters sorter
* add share recipients sorter

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-10-22 14:13:32 +02:00
Joas Schilling
3119fd41ce
Set the data from the template
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-10-18 15:12:03 +02:00
Morris Jobke
444779ce96
Fix tests
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-09-06 16:38:24 +02:00
Morris Jobke
0326c2c54f
Fix broken tests
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-09-04 14:17:03 +02:00
Joas Schilling
0aff1c9268
Return the user id in case of an error
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-29 11:10:30 +02:00
Morris Jobke
0b652648cc Merge pull request #6177 from nextcloud/properly-add-slo-url
Properly allow \OCP\Authentication\IApacheBackend to specify logout URL
2017-08-26 18:50:52 +02:00
Joas Schilling
d5c6d56170
No password reset for disabled users
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-18 13:21:53 +02:00
Lukas Reschke
a04feff9a7
Properly allow \OCP\Authentication\IApacheBackend to specify logout URL
Any `\OCP\Authentication\IApacheBackend` previously had to implement `getLogoutAttribute` which returns a string.
This string is directly injected into the logout `<a>` tag, so returning something like `href="foo"` would result
in `<a href="foo">`.

This is rather error prone and also in Nextcloud 12 broken as the logout entry has been moved with
054e161eb5 inside the navigation manager where one cannot simply inject attributes.

Thus this feature is broken in Nextcloud 12 which effectively leads to the bug described at nextcloud/user_saml#112,
people cannot logout anymore when using SAML using SLO. Basically in case of SAML you have a SLO url which redirects
you to the IdP and properly logs you out there as well.

Instead of monkey patching the Navigation manager I decided to instead change `\OCP\Authentication\IApacheBackend` to
use `\OCP\Authentication\IApacheBackend::getLogoutUrl` instead where it can return a string with the appropriate logout
URL. Since this functionality is only prominently used in the SAML plugin. Any custom app would need a small change but
I'm not aware of any and there's simply no way to fix this properly otherwise.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-18 12:22:44 +02:00
Roeland Jago Douma
ba7cf03daf
Fix LostControllerTest
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-09 15:51:13 +02:00
Roeland Jago Douma
3bd104ef7c
Fix LoginController
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-09 15:12:02 +02:00
Morris Jobke
84c22fdeef Merge pull request #5907 from nextcloud/add-metadata-to-throttle-call
Add metadata to \OCP\AppFramework\Http\Response::throttle
2017-08-01 14:43:47 +02:00
Roeland Jago Douma
2fae696d35
Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-01 08:20:17 +02:00
Lukas Reschke
c25e782dd6
Fix settings/Controller/
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-01 08:20:15 +02:00
Lukas Reschke
f22ab3e665
Add metadata to \OCP\AppFramework\Http\Response::throttle
Fixes https://github.com/nextcloud/server/issues/5891

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-27 14:17:45 +02:00
Julius Härtl
01093604d3
Add tests for public capabilties
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-06-30 11:21:15 +02:00
Lukas Reschke
2f87fb6b45
Add Clear-Site-Data header
This adds a Clear-Site-Data header to the logout response which will delete all relevant data in the caches which may contain potentially sensitive content.

See https://w3c.github.io/webappsec-clear-site-data/#header for the definition of the types.

Ref https://twitter.com/mikewest/status/877149667909406723

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-06-20 19:46:10 +02:00
Lukas Reschke
26ee889fec
Add tests for ClientFlowLoginController
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 20:49:08 +02:00