Commit graph

3999 commits

Author SHA1 Message Date
Joas Schilling
d2d9f74707
Fix warning with undefined method
Trying to configure method "getRemember" which cannot be configured
because it does not exist, has not been specified, is final, or is
static

Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-20 12:37:59 +02:00
Joas Schilling
a0ada9aab4
Don't use deprecated getMock() anymore
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-20 12:30:21 +02:00
Joas Schilling
24789ba0f4
Restoring the error handler within the error handler causes unexpected results
See http://php.net/manual/en/function.restore-error-handler.php#120879
for more information.

Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-20 12:23:34 +02:00
Joas Schilling
38c901fadf
Delete the correct config value
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-20 12:23:12 +02:00
Joas Schilling
140580f9d8 Merge pull request #4398 from nextcloud/fix_accesslistcode
Get proper accesslist for userFolder
2017-04-20 11:03:22 +02:00
Joas Schilling
b469882595 Merge pull request #4212 from individual-it/master
validate file name before uploading in upload only folder
2017-04-20 10:50:56 +02:00
Roeland Jago Douma
ae2db5e60d
Get proper accesslist for userFolder
If the accesslist is requested for a users root folder we should
properly construct the path

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-20 10:28:32 +02:00
Morris Jobke
16c4755e03
Rename renderHTML to renderHtml
* fixes #4383
* improves consistency

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-19 15:46:41 -05:00
Roeland Jago Douma
ad24b86013 Merge pull request #4350 from nextcloud/adjust-old-bruteforce-protection-annotations
Adjust existing bruteforce protection code
2017-04-19 09:27:23 +02:00
Morris Jobke
f1ddb939a0 Merge pull request #4371 from nextcloud/dont-allow-dot-usernames
Better validation of allowed user names
2017-04-18 20:04:32 -05:00
Morris Jobke
269600a04f Merge pull request #4369 from nextcloud/fix-translations
Fix translations
2017-04-18 18:01:50 -05:00
Joas Schilling
1c0bffe87f
Fix translations
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-18 16:40:53 -05:00
Lukas Reschke
0a54d5a5dd
Beautify test email
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-18 16:18:00 -05:00
Morris Jobke
d379ac7545 Merge pull request #4372 from nextcloud/smtp-password
Don't put the SMTP password into the HTML code
2017-04-18 16:13:31 -05:00
Morris Jobke
d2c4440ed6
Fix unit tests
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-18 15:08:38 -05:00
Lukas Reschke
805419bb95
Add bruteforce protection to changePersonalPassword
While the risk is actually quite low because one would already have the user session and could potentially do other havoc it makes sense to throttle here in case of invalid previous password attempts.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-18 17:55:51 +02:00
Artur Neumann
88f02f27a3 JS tests for upload only function
Signed-off-by: Artur Neumann <info@individual-it.net>
2017-04-18 20:43:25 +05:45
Joas Schilling
fcaa315c96
Fix some more stuff
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-18 16:11:29 +02:00
Joas Schilling
dfca672378
Fix tests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-18 16:08:29 +02:00
Joas Schilling
a3922bbcdc
Better validation of allowed user names
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-18 14:29:34 +02:00
Morris Jobke
10290eb006 Merge pull request #2834 from nextcloud/accesListToShareManager
Access list to share manager
2017-04-15 13:06:24 -05:00
Lukas Reschke
727688ebd9
Adjust existing bruteforce protection code
- Moves code to annotation
- Adds the `throttle()` call on the responses on existing annotations

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-14 13:42:40 +02:00
Lukas Reschke
8149945a91
Make BruteForceProtection annotation more clever
This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware.

Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 23:05:33 +02:00
Lukas Reschke
81d3732bf5 Merge pull request #4308 from nextcloud/lost-password-email
Update email template for lost password email
2017-04-13 20:02:15 +02:00
Morris Jobke
d36751ee38 Merge pull request #2424 from nextcloud/fix-login-controller-test-consolidate-login
Fix login controller test and consolidate login
2017-04-13 12:16:38 -05:00
Joas Schilling
e1d54e3b48
Add more tests for the share helper
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:58:53 +02:00
Joas Schilling
7d416ac1dd
Activate the test
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:58:53 +02:00
Joas Schilling
629b7c0fc3
Adjust docs and make !$currentAccess simpler
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:58:52 +02:00
Joas Schilling
4eeb194ae5
Fix share manager test
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:58:52 +02:00
Joas Schilling
5b57bb955b
Fix default share provider
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:58:52 +02:00
Joas Schilling
2fcf334c6a
Fix tests for ShareHelper
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:58:52 +02:00
Roeland Jago Douma
4437e00f16
Add shareHelper test
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 12:58:50 +02:00
Roeland Jago Douma
12afd7d1d5
Add mail element to access list
* Each provider just returns what they have so adding an element won't
require changing everything
* Added tests

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 12:58:50 +02:00
Roeland Jago Douma
2cbac3357b
Offload acceslist creation to providers
* This allows for effective queries.
* Introduce currentAccess parameter to speciy if the users needs to have
currently acces (deleted incomming group share). (For notifications)

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 12:58:50 +02:00
Roeland Jago Douma
553b3b2928
Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 12:58:49 +02:00
Roeland Jago Douma
7dcc98eb20
Add owner to access list
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 12:58:49 +02:00
Roeland Jago Douma
d84df15590
Add getAccessList to ShareManager
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-13 12:58:48 +02:00
Lukas Reschke
e39e6d0605
Remove expired attempts
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 12:00:18 +02:00
Lukas Reschke
31ae39c569
Add tests for multiple parameters
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 12:00:18 +02:00
Lukas Reschke
a1ae5275f9
Move to dedicated MiddleWare
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 12:00:17 +02:00
Lukas Reschke
66835476b5
Add support for ratelimiting via annotations
This allows adding rate limiting via annotations to controllers, as one example:

```
@UserRateThrottle(limit=5, period=100)
@AnonRateThrottle(limit=1, period=100)
```

Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 12:00:16 +02:00
Lukas Reschke
01f3698175 Merge pull request #3966 from nextcloud/downstream-26570
Override config.php values through environment variables
2017-04-13 10:51:09 +02:00
Morris Jobke
7cb6038fca Merge pull request #3043 from nextcloud/issue-3038-no-logentry-on-email-login
Dont create a log entry on email login
2017-04-13 01:04:11 -05:00
Morris Jobke
1f962f9115
Update email template for lost password email
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-12 15:19:53 -05:00
Roeland Jago Douma
b3b24172e4 Merge pull request #4307 from nextcloud/sharing-emails
New emails for sharebymail
2017-04-12 21:23:11 +02:00
Morris Jobke
ae4c2893a2
Fix unit tests
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-12 12:42:23 -05:00
Joas Schilling
1c8c62272c
Use instance name as alt-text
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-12 17:16:26 +02:00
Morris Jobke
050ce1d40b
Add addBodyButton to add a single button to email templates
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-12 17:16:26 +02:00
Roeland Jago Douma
dccb8928a1 Merge pull request #4325 from nextcloud/downstream-27522
Optimize put - Dont try to fetch filecache for not existing filecache…
2017-04-12 16:04:03 +02:00
Björn Schießle
b90e91144b Merge pull request #3614 from nextcloud/discover-federatedsharing-endpoints
Discover federatedsharing endpoints
2017-04-12 16:01:07 +02:00