wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
38908 commits 157 branches 562 tags 714 MiB
Commit graph

6872 commits

Author SHA1 Message Date
Georg Ehrke
6bbc682c4b
handle 404 separately 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-04-26 09:30:21 +02:00
Georg Ehrke
99b201a188
unit test jquery.contactsmenu 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-04-26 09:28:15 +02:00
Georg Ehrke
e61cf83faf
better detection whether or not contactsmenu target was clicked 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-04-26 09:28:14 +02:00
Georg Ehrke
399f08bd33
add contactsmenu popover to resharer infobox 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-04-26 09:28:14 +02:00
Georg Ehrke
4d60aff6ec
Contactsmenu popover: show proper message when server throws error 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-04-26 09:28:14 +02:00
Georg Ehrke
8f404c1f56
don't toggle sharing popover together with contactsmenu popover 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-04-26 09:28:14 +02:00
Georg Ehrke
c844b2931e
close menu again when clicking on avatar 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-04-26 09:26:56 +02:00
Georg Ehrke
60f9ed6241
add contactsmenu popover 
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
 2017-04-26 09:26:53 +02:00
Nextcloud bot
e5fe41e16b
[tx-robot] updated from transifex 2017-04-26 00:07:43 +00:00
Jan-Christoph Borchardt
241e397326 Merge branch 'master' into contactsmenu 
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
 2017-04-26 00:50:38 +02:00
Jan-Christoph Borchardt
0f0b04b7d9 Fix test 
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
 2017-04-26 00:06:56 +02:00
Morris Jobke
417bc606e4 Merge pull request #4508 from nextcloud/fix/remove-js-debug-logging 
Remove js debug logging
 2017-04-25 18:26:53 -03:00
Christoph Wurst
fd74ad452a Remove js debug logging 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2017-04-25 21:42:38 +02:00
Jan-Christoph Borchardt
2ccaae8968 Fix emptycontent HTML and wording 
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
 2017-04-25 20:47:18 +02:00
Jan-Christoph Borchardt
4ae5340814 Fix spinner position of Contacts menu 
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
 2017-04-25 20:47:18 +02:00
Christoph Wurst
945420baaf Use HTTP POST to retrieve the list of contacts 
We do not want to have sensitive information in the URL and
therefore also not in the access log. Thus the GET request is
replaced by a POST request.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2017-04-25 20:47:18 +02:00
Christoph Wurst
5c61852c25 Fix failing contacts menu js test data 
When we test wheter action menus in the contacts menu close
when clicking other ones, we have to provide test data
that actually causes the view to render the menu.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2017-04-25 20:47:18 +02:00
Christoph Wurst
ecd408d524 Fix icon of second action 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2017-04-25 20:47:17 +02:00
Christoph Wurst
2c2e1f7988 Use absolute URI for action icons 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2017-04-25 20:47:17 +02:00
Christoph Wurst
36cee1f386 Let apps register contact menu provider via info.xml 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2017-04-25 20:47:17 +02:00
Christoph Wurst
5762cd9436 Use tooltop for contact's top action title 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2017-04-25 20:47:17 +02:00
Christoph Wurst
d091793ceb Contacts menu 
* load list of contacts from the server
* show last message of each contact

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2017-04-25 20:47:17 +02:00
Jan-Christoph Borchardt
61af3f41f0
Fix auth flow background color and redirect view layout 
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
 2017-04-25 20:18:49 +02:00
Roeland Jago Douma
aae079aa29
AppToken to 72 chars 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-04-25 20:18:49 +02:00
Roeland Jago Douma
bb5e5efa6d
Do not remove the state token to early 
we should check the stateToken before we remove it. Else the check will
always fail.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-04-25 20:18:49 +02:00
Roeland Jago Douma
05e1092c44
Correctly case the stateToken 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-04-25 20:18:49 +02:00
Lukas Reschke
6a16df7288
Add new auth flow 
This implements the basics for the new app-password based authentication flow for our clients.
The current implementation tries to keep it as simple as possible and works the following way:

1. Unauthenticated client opens `/index.php/login/flow`
2. User will be asked whether they want to grant access to the client
3. If accepted the user has the chance to do so using existing App Token or automatically generate an app password.

If the user chooses to use an existing app token then that one will simply be redirected to the `nc://` protocol handler.
While we can improve on that in the future, I think keeping this smaller at the moment has its advantages. Also, in the
near future we have to think about an automatic migration endpoint so there's that anyways :-)

If the user chooses to use the regular login the following happens:

1. A session state token is written to the session
2. User is redirected to the login page
3. If successfully authenticated they will be redirected to a page redirecting to the POST controller
4. The POST controller will check if the CSRF token as well as the state token is correct, if yes the user will be redirected to the `nc://` protocol handler.

This approach is quite simple but also allows to be extended in the future. One could for example allow external websites to consume this authentication endpoint as well.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-04-25 20:18:49 +02:00
Julius Härtl
27b19aaba1
Fix loading spinner for new app menu 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2017-04-25 17:31:25 +02:00
Julius Härtl
7548825743
Responsive app menu 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2017-04-25 17:31:24 +02:00
Morris Jobke
6f2df5e495 Merge pull request #3195 from nextcloud/settings-apps-tabular 
Make apps settings tabular
 2017-04-25 10:25:29 -03:00
Roeland Jago Douma
82c9eb1c56 Merge pull request #4462 from danxuliu/fix-sharing-password-protected-link 
Fix sharing a password protected link
 2017-04-25 14:12:44 +02:00
Christoph Wurst
bb1d191f82
Fix remember redirect_url on failed login attempts 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2017-04-25 09:38:19 +02:00
Nextcloud bot
133f3fdc9a
[tx-robot] updated from transifex 2017-04-25 00:07:30 +00:00
Jan-Christoph Borchardt
88bc43182f Fix app icon being inverted for app store apps too 
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
 2017-04-25 00:22:57 +02:00
Jan-Christoph Borchardt
b48d81d59f Show placeholder for image-less apps in app management 
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
 2017-04-25 00:22:57 +02:00
Daniel Calviño Sánchez
58cc1251be Use "complete" callback in onPasswordEntered 
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
 2017-04-24 22:18:52 +02:00
Daniel Calviño Sánchez
e0b0115f99 Extract common ajax call for addShare and updateShare 
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
 2017-04-24 22:07:08 +02:00
Daniel Calviño Sánchez
3ab2958930 Document options parameter in saveLinkShare 
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
 2017-04-24 22:05:34 +02:00
Daniel Calviño Sánchez
6e9f49f397 Add "complete" callback support for addShare 
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
 2017-04-24 21:31:53 +02:00
Daniel Calviño Sánchez
488020cf2e Add "complete" callback support for updateShare 
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
 2017-04-24 21:24:30 +02:00
Daniel Calviño Sánchez
726c6c73f4 Add missing unit test cases and conditions 
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
 2017-04-24 21:24:05 +02:00
Morris Jobke
fd7257332d Merge pull request #4321 from nextcloud/improve-sharing-tooltip 
change sharing tooltip with a more general description of all available share options
 2017-04-24 11:12:41 -03:00
Roeland Jago Douma
7a81d46fcb
Fix link password toggle 
We took the wrong field from the share api response. So the password was
never shown as set.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-04-24 14:41:41 +02:00
Roeland Jago Douma
c5617f4e8a Merge pull request #4463 from danxuliu/fix-working-icon-placement-on-password-save 
Fix working icon placement on password save
 2017-04-24 14:34:56 +02:00
Roeland Jago Douma
97c27395aa Merge pull request #4458 from nextcloud/fix/sinon-stub-deprecation-warnings 
Fix sinon.stub deprecation warnings
 2017-04-24 13:47:46 +02:00
Daniel Calviño Sánchez
36f55b5867 Fix working icon placement on password save 
Before, the icon appeared below the text input for the password. Now, it
appears inside the text input, to the right end.

The CSS was adjusted based on other icons shown in that position for
other text inputs in the Share tab view, like the information icon or
the clipboard icon.

Fixes #4135

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
 2017-04-24 11:50:06 +02:00
Joas Schilling
3d671cc536 Merge pull request #4443 from nextcloud/cleanup-unused-imports 
Remove unused use statements
 2017-04-24 11:47:37 +02:00
Daniel Calviño Sánchez
153d053ee7 Fix working icon not hidden when successfully setting a password 
When a request to set the password of a shared link is sent a working
icon is shown. However, as there was no "success" callback, the icon was
never hidden again after successfully setting the password (it worked
fine if there was an error, though).

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
 2017-04-24 11:33:07 +02:00
Christoph Wurst
2317d7bb49
Fix sinon.stub deprecation warnings 
Calls to `sinon.stub(obj, 'meth', fn)` are deprecated and therefore
replaced by `sinon.stub(obj, 'meth).callsFake(fn)` as instructed by
the deprecation warning.

This makes the js unit testing output readable again.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2017-04-24 10:39:37 +02:00
Lukas Reschke
8a1d3c7e87 Merge pull request #4434 from nextcloud/add-rate-limiting-to-solve-challenge-controller 
Add rate limit to TOTP solve challenge controller
 2017-04-24 10:03:19 +02:00
Nextcloud bot
a01f946c56
[tx-robot] updated from transifex 2017-04-24 00:07:28 +00:00
Morris Jobke
c54a59d51e
Remove unused use statements 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-04-22 19:23:31 -05:00
Nextcloud bot
11c7953888
[tx-robot] updated from transifex 2017-04-23 00:07:31 +00:00
Lukas Reschke
d0d34d308a
Add at most 10 password reset requests per 5 minutes and IP range 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-04-22 08:12:54 +02:00
Lukas Reschke
c1b8f152d8
Add rate limit to TOTP solve challenge controller 
Fixes https://github.com/nextcloud/server/issues/2626

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-04-22 07:59:40 +02:00
Nextcloud bot
363d1c69dd
[tx-robot] updated from transifex 2017-04-22 00:07:36 +00:00
Roeland Jago Douma
b101c6f5fe
Update core.js 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-04-21 16:44:11 +02:00
Lukas Reschke
f4755218a1
Bump to DOMPurify 0.8.6 
Fixes https://github.com/nextcloud/server/issues/4424

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-04-21 16:33:00 +02:00
Nextcloud bot
fb7663cefe
[tx-robot] updated from transifex 2017-04-21 00:07:37 +00:00
Morris Jobke
9536cbf739 Merge pull request #4409 from nextcloud/socialharing_mail 
Allow social sharing to specify if a new window is opened
 2017-04-20 17:59:55 -05:00
Bjoern Schiessle
f0651cb066
allow to set a password for shares which where created without a password before the admin started to enforce the password 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2017-04-20 16:33:26 +02:00
Bjoern Schiessle
d8dcd72118
allow admin to enforce password on mail shares 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2017-04-20 16:33:26 +02:00
Roeland Jago Douma
48fd0ee9f0
Allow social sharing to specify if a new window is opened 
For example mail shares should not open a new window because it looks
weird.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-04-20 16:32:46 +02:00
Nextcloud bot
adf316c3af
[tx-robot] updated from transifex 2017-04-20 00:07:36 +00:00
Morris Jobke
16c4755e03
Rename renderHTML to renderHtml 
* fixes #4383
* improves consistency

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-04-19 15:46:41 -05:00
Morris Jobke
01c9d00e1d Merge pull request #4387 from nextcloud/fix-little-glitch 
Fix font-weight of settings button
 2017-04-19 14:45:48 -05:00
Morris Jobke
a55f5c0173 Merge pull request #4388 from nextcloud/remove-unused-stuff 
Remove unused CSS styles
 2017-04-19 14:45:32 -05:00
Morris Jobke
4be923e459
Improve menu CSS 
* fix mess with menus and actions in the files app
* reduces amount of !important usages
* keeps the behaviour on mobile as well as on desktop

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-04-19 12:42:23 -05:00
Roeland Jago Douma
ac9d0fd14c Merge pull request #4385 from nextcloud/remove-unused-css 
Remove unused CSS
 2017-04-19 19:27:05 +02:00
Roeland Jago Douma
ad24b86013 Merge pull request #4350 from nextcloud/adjust-old-bruteforce-protection-annotations 
Adjust existing bruteforce protection code
 2017-04-19 09:27:23 +02:00
Morris Jobke
1dfd7de10e
Remove unused CSS styles 
* could not find an traces of .popup and .arrow anywhere else

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-04-18 22:26:18 -05:00
Morris Jobke
6fa7e41047
Fix font-weight of settings button 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-04-18 21:38:49 -05:00
Morris Jobke
74936e15d1
Remove unused CSS 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-04-18 20:36:54 -05:00
Nextcloud bot
febe01f571
[tx-robot] updated from transifex 2017-04-19 00:07:40 +00:00
Nextcloud bot
6b490f45fd
[tx-robot] updated from transifex 2017-04-18 23:08:43 +00:00
Morris Jobke
269600a04f Merge pull request #4369 from nextcloud/fix-translations 
Fix translations
 2017-04-18 18:01:50 -05:00
Jan-Christoph Borchardt
535ec04245
expand clickable area of popover menu entries to full width 
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
 2017-04-18 16:59:35 -05:00
Joas Schilling
1c0bffe87f
Fix translations 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-04-18 16:40:53 -05:00
Nextcloud bot
c40b7acb09
[tx-robot] updated from transifex 2017-04-18 20:47:45 +00:00
Bjoern Schiessle
c6ae57ecee
simplify share placeholder 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2017-04-18 12:08:35 +02:00
Nextcloud bot
b072d2c49d
[tx-robot] updated from transifex 2017-04-18 00:07:25 +00:00
Nextcloud bot
df2235c71f
[tx-robot] updated from transifex 2017-04-17 00:07:33 +00:00
Nextcloud bot
dafa9c740a
[tx-robot] updated from transifex 2017-04-15 00:07:36 +00:00
Lukas Reschke
727688ebd9
Adjust existing bruteforce protection code 
- Moves code to annotation
- Adds the `throttle()` call on the responses on existing annotations

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-04-14 13:42:40 +02:00
Roeland Jago Douma
6b79bf0960 Merge pull request #4346 from nextcloud/properly-do-bruteforce-protection-via-annotation 
Make BruteForceProtection annotation more clever
 2017-04-14 08:15:55 +02:00
Nextcloud bot
0f96d5a641
[tx-robot] updated from transifex 2017-04-14 00:07:36 +00:00
Lukas Reschke
8149945a91
Make BruteForceProtection annotation more clever 
This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware.

Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-04-13 23:05:33 +02:00
Lukas Reschke
81d3732bf5 Merge pull request #4308 from nextcloud/lost-password-email 
Update email template for lost password email
 2017-04-13 20:02:15 +02:00
Morris Jobke
d36751ee38 Merge pull request #2424 from nextcloud/fix-login-controller-test-consolidate-login 
Fix login controller test and consolidate login
 2017-04-13 12:16:38 -05:00
Morris Jobke
ec034757fa Merge pull request #4337 from nextcloud/fix-adblock-share-icon 
Fix AdBlock blocking share icon, ref #866
 2017-04-13 12:10:37 -05:00
Lukas Reschke
66835476b5
Add support for ratelimiting via annotations 
This allows adding rate limiting via annotations to controllers, as one example:

```
@UserRateThrottle(limit=5, period=100)
@AnonRateThrottle(limit=1, period=100)
```

Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-04-13 12:00:16 +02:00
Morris Jobke
7cb6038fca Merge pull request #3043 from nextcloud/issue-3038-no-logentry-on-email-login 
Dont create a log entry on email login
 2017-04-13 01:04:11 -05:00
Nextcloud bot
396618fd19
[tx-robot] updated from transifex 2017-04-13 00:08:02 +00:00
Roeland Jago Douma
3eb6f88019
Move to handlebars.min.js 
core.js is now below 1mb!

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-04-12 22:22:38 +02:00
Morris Jobke
1f962f9115
Update email template for lost password email 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-04-12 15:19:53 -05:00
Roeland Jago Douma
abe887cd48
Moved to jquery-ui.custom.min.js 
Shaves off about 200kb of the default loaded js libs

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-04-12 20:03:00 +02:00
Bjoern Schiessle
a3c9dcf82a
change sharing tooltip with a more general description of all available share options 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2017-04-12 16:07:42 +02:00
Jan-Christoph Borchardt
37145a275f Fix AdBlock blocking share icon, ref #866 
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
 2017-04-12 15:04:12 +02:00
Lukas Reschke
b5d31e4e65 Merge pull request #4309 from nextcloud/remove-unused-code 
Removes unused code for link share emails
 2017-04-12 10:15:59 +02:00
Nextcloud bot
633b952358
[tx-robot] updated from transifex 2017-04-12 00:07:44 +00:00