Commit graph

714 commits

Author SHA1 Message Date
Morris Jobke
200a28255e
Always enable avatars
* we introduced this setting in the begining because our
  avatar support caused some performance issues, but we
  fixed them and should only provide one way how Nextcloud
  looks

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-02-13 17:53:33 -06:00
Morris Jobke
f1c4f4c020
Rename database password toggle
* otherwise submitting the form with the password show will be overwritten
* see 2c9d7eeb76/core/Controller/SetupController.php (L59)
* seems to be a legacy fallback
* fixes #3381

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-02-07 16:59:12 -06:00
Morris Jobke
5bad417e57 Merge pull request #2044 from nextcloud/login-credential-store
Login credential store
2017-01-30 19:30:04 -06:00
John Molakvoæ (skjnldsv)
d0e88e328c
Add clear search button
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2017-01-25 09:15:37 +01:00
Christoph Wurst
7c824a6177
fix scss
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-01-23 09:03:05 +01:00
Christoph Wurst
202509251c
Use flexbox for header and rearrange some elements
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-01-23 09:03:03 +01:00
Christoph Wurst
140555b786
always allow remembered login
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-01-11 19:20:11 +01:00
Cornelius Kölbel
e077e01bf2
Add a TwoFactorException
A Two Factor third party App may throw a TwoFactorException()
with a more detailed error message in case the authentication fails.
The 2FA Controller will then display the message of this Exception
to the user.

Working on #26593

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-01-11 11:01:52 +01:00
Sourav Badami
3dc562bb7a
Fix #24219: Added hint for specifying a port. (#26860)
* Added hint for specifying a port.

* Minor changes.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-12-22 15:55:09 +01:00
Joas Schilling
eed0eaeb86
Use a form so firefox doesn't try to save the space as a password
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-12-19 12:43:31 +01:00
Joas Schilling
924358ef96
Save the timezone on login again
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-12-08 10:45:24 +01:00
Morris Jobke
224c89c1b8 Remove leftovers from #1929
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2016-11-30 01:07:00 +01:00
Felix Epp
6aa79cacfd Fix mail header logo [fixes #1326]
Signed-off-by: Felix A. Epp <work@felixepp.de>
2016-11-30 01:06:47 +01:00
Jan-Christoph Borchardt
e75dede590 fix some outdated naming
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2016-11-24 16:05:05 +01:00
Jan-Christoph Borchardt
56881433c0 show installation spinner correctly, fix #2129
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2016-11-22 15:58:00 +01:00
Joas Schilling
80abb69b60
Show a little explanation above the input field
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-18 12:10:51 +01:00
Joas Schilling
05df523395
Empty the password field on submission of the form
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-18 12:10:51 +01:00
Joas Schilling
d75e35b75e
Introduce the UI for password confirmation
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-18 11:57:16 +01:00
Roeland Jago Douma
740659a04c
Move away from OC_L10N
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-28 21:46:28 +02:00
Roeland Jago Douma
6dbe417c51
Inlince oc.js if possible!
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-25 22:03:18 +02:00
Morris Jobke
89574367bc Merge pull request #1871 from nextcloud/use-csp-nonces
Use CSP nonces
2016-10-25 14:46:00 +02:00
Lukas Reschke
38b3ac8213
Add ContentSecurityPolicyNonceManager
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-24 16:35:31 +02:00
Lukas Reschke
9e6634814e
Add support for CSP nonces
CSP nonces are a feature available with CSP v2. Basically instead of saying "JS resources from the same domain are ok to be served" we now say "Ressources from everywhere are allowed as long as they add a `nonce` attribute to the script tag with the right nonce.

At the moment the nonce is basically just a `<?php p(base64_encode($_['requesttoken'])) ?>`, we have to decode the requesttoken since `:` is not an allowed value in the nonce. So if somebody does on their own include JS files (instead of using the `addScript` public API, they now must also include that attribute.)

IE does currently not implement CSP v2, thus there is a whitelist included that delivers the new CSP v2 policy to newer browsers. Check http://caniuse.com/#feat=contentsecuritypolicy2 for the current browser support list. An alternative approach would be to just add `'unsafe-inline'` as well as `'unsafe-inline'` is ignored by CSPv2 when a nonce is set. But this would make this security feature unusable at all in IE. Not worth it at the moment IMO.

Implementing this offers the following advantages:

1. **Security:** As we host resources from the same domain by design we don't have to worry about 'self' anymore being in the whitelist
2. **Performance:** We can move oc.js again to inline JS. This makes the loading way quicker as we don't have to load on every load of a new web page a blocking dynamically non-cached JavaScript file.

If you want to toy with CSP see also https://csp-evaluator.withgoogle.com/

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-10-24 12:27:50 +02:00
Robin Appelman
7427fb170f
show empty folder message in filepicker
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-10-21 16:35:55 +02:00
Robin Appelman
14f78369d7
Use a table for the filepicker list and add size column
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-10-19 14:18:21 +02:00
Jan-Christoph Borchardt
cf5d30387b Merge pull request #1641 from nextcloud/log-in-button
bring back dedicated log in button to make log in more usable
2016-10-17 18:28:27 +02:00
Jan-Christoph Borchardt
aa4eaf3a7e finish up layout of log in page, postpone forgot password link for later
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2016-10-17 14:28:49 +02:00
Robin Appelman
6d43942125
filepicker styling
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-10-14 17:36:08 +02:00
Jan-Christoph Borchardt
ee231759e5 update styles of log in
Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>
2016-10-11 13:58:10 +02:00
Joas Schilling
b8030e6d02 Use name from theming 2016-10-07 09:44:42 +02:00
Roeland Jago Douma
19485e3ec9
Set proper web title for apple
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-06 20:57:32 +02:00
Jan-Christoph Borchardt
75ec1541e4 fix log in button layout 2016-10-06 19:08:32 +02:00
Jan-Christoph Borchardt
3141680feb bring back dedicated log in button to make log in more usable 2016-10-06 16:48:10 +02:00
Joas Schilling
7c0951244a
Deprecate getEditionString() 2016-09-06 16:05:28 +02:00
Lukas Reschke
06fa486706 Merge pull request #1158 from nextcloud/cache_avatars
Cache avatars
2016-09-05 15:08:43 +02:00
Christoph Wurst
8acb734854
add 2fa backup codes app
* add backup codes app unit tests
* add integration tests for the backup codes app
2016-09-05 08:51:13 +02:00
coderkun
56862e3fdc Add attribute “tabindex” to login form (fixes #1110) 2016-08-31 21:58:10 +02:00
Roeland Jago Douma
14136295b7
Cache avatars properly
* Set proper caching headers for avatars (15 minutes)
* For our own avatar use some extra logic to invalidate when we update
2016-08-30 09:00:16 +02:00
Raghu Nayyar
b580c3664d Merge pull request #1093 from nextcloud/mail-fontstack
use proper font stack for email
2016-08-28 10:30:50 +02:00
Christoph Wurst
78bb02d27a
list 2FA providers as buttons 2016-08-27 12:27:05 +02:00
Christoph Wurst
4a91673154
use centered h2 for 2FA page headers 2016-08-27 11:33:15 +02:00
Christoph Wurst
c93c5d142e
fix 2fa challenge page wording 2016-08-27 11:12:12 +02:00
Christoph Wurst
dc57b89f37
reorder 2fa challenge HTML 2016-08-27 11:12:12 +02:00
Jan-Christoph Borchardt
042c744ac6 use proper font stack for email 2016-08-26 22:59:24 +02:00
Lukas Reschke
8a6b5a1d86
Remove uninterpreted PHP
This is in an HTML file. The PHP won't be executed 🙈
2016-08-19 14:24:26 +02:00
Lukas Reschke
fb183f8143
Add cachebuster to right navigation 2016-08-18 12:36:14 +02:00
Lukas Reschke
3c7d2544b9
Add cache buster to left menu bar 2016-08-18 12:34:55 +02:00
Morris Jobke
bded787d0c
Empty tags are not allowed for image and feColorMatrix in IE11 and below 2016-08-17 15:59:30 +02:00
Arthur Schiwon
ceeb44bd04
Initial work on Apps page split:
* interfaces for the Admin settings (IAdmin) and section (ISection)
* SettingsManager service
* example setup with LDAP app
2016-08-09 18:05:09 +02:00
Jan-Christoph Borchardt
835dc59d6a reduce info on update screens, introduce button to refresh 2016-08-04 12:48:25 +02:00