f22101d421
Fix login loop if login CSRF fails and user is not logged in
If CSRF fails but the user is logged in that they probably logged in in
another tab. This is fine. We can just redirect.
If CSRF fails and the user is also not logged in then something is
fishy. E.g. because Nextcloud contantly regenrates the session and the
CSRF token and the user is stuck in an endless login loop.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
3 years ago
644df591b1
Rename canInstallExists method and add new method for removal
Rename canInstallExists to shouldRemoveCanInstallFile to cover removal of this file for non-git channels and logging any failure to remove it.
Add new method to detect if this file exists during web based installation.
Signed-off-by: Alex Harpin <development@landsofshadow.co.uk>
5 years ago
72af140723
Move CAN_INSTALL check to method and remove unlink from SetupController
Move the check for the CAN_INSTALL file in the config directory to a method in the Setup class and remove the call to unlink from the SetupController as this in now handled in the Setup class.
Signed-off-by: Alex Harpin <development@landsofshadow.co.uk>
5 years ago
b4a29644cc
Add a const for the max user password length
Signed-off-by: Joas Schilling <coding@schilljs.com>
3 years ago
9cfaf27142
Also limit the password length on reset
Signed-off-by: Joas Schilling <coding@schilljs.com>
3 years ago
138deec333
chore: Make the LoginController strict
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
3 years ago
b5f6ecfb00
Fix GH-33187
$this->userId is null when loggedin via app password.
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
3 years ago
fc4dd3041c
Fix default redirect on successful WebAuthn login
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
3 years ago
6c76443e89
Revert unrelated change from #34940
Probably a left over from an experience that I added by mistake in the
change
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
3 years ago
136b2c5949
Fix type of PreviewController::$userId
Can be null if not logged in; currently crashes
Signed-off-by: Varun Patil <varunpatil@ucla.edu>
3 years ago
86d9626901
Add mastodon personal info field
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
3 years ago
8629d8e44f
Check share attributes on preview endpoints
Signed-off-by: Julius Härtl <jus@bitgrid.net>
3 years ago
11bedf1c3b
Use proper error pages instead of always redirecting
Signed-off-by: Julius Härtl <jus@bitgrid.net>
3 years ago
bd303388e3
Cleanup ie and old edge properties
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
5 years ago
71ee292650
Add rate limiting on lost password emails
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
3 years ago
6e03d99ab8
fix reference preview endpoint when no server-side cache configured
Signed-off-by: Julien Veyssier <eneiluj@posteo.net>
3 years ago
0642d17e4f
Fix URLs on reference resolving
The vue-richtext app currently sends leading spaces if they are in the text.
Signed-off-by: Joas Schilling <coding@schilljs.com>
3 years ago
f4a2ab137b
Add cache header for image endpoint if link previews
Signed-off-by: Julius Härtl <jus@bitgrid.net>
3 years ago
5fa7563bf9
Add endpoint to fetch a cachable reference data
Signed-off-by: Julius Härtl <jus@bitgrid.net>
3 years ago
66a7a89898
Add api to load additional section in profile page
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
4 years ago
bc9a488046
Update avatars on update
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
4 years ago
76d0165330
Dark theme for guest avatar
And better caching policy
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
4 years ago
f98ae2b5b0
Avatar new style
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
4 years ago
f44d2586b1
Remake profile picture saving with Vue
Signed-off-by: Christopher Ng <chrng8@gmail.com>
4 years ago
1ab66988bc
Inject all dependnencies and increase cache timeout
Signed-off-by: Julius Härtl <jus@bitgrid.net>
4 years ago
80f6a5834a
Refactor cache handling
Signed-off-by: Julius Härtl <jus@bitgrid.net>
4 years ago
a392235e23
Cleanup
Signed-off-by: Julius Härtl <jus@bitgrid.net>
4 years ago
0ce0d37ac1
Implement image caching
Signed-off-by: Julius Härtl <jus@bitgrid.net>
4 years ago
de3e541fde
API for fetching reference metadata
Signed-off-by: Julius Härtl <jus@bitgrid.net>
4 years ago
85eb3b2920
Fix wording of undeliverable push notifications
Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
9ba11ecefd
Improve handling of profile page
Signed-off-by: Christopher Ng <chrng8@gmail.com>
4 years ago
b03aedf128
Update core/Controller/LostController.php
Co-authored-by: John Molakvoæ <skjnldsv@users.noreply.github.com>
Signed-off-by: NoSleep82 <52562874+NoSleep82@users.noreply.github.com>
4 years ago
61548c520b
Update LostController.php
i would be useful to know who is trying to reset the password (misspelled username or email, ex user or some sort of attack)
Signed-off-by: NoSleep82 <52562874+NoSleep82@users.noreply.github.com>
4 years ago
253118298d
Redesign guest pages for better accessibility
- Use white box and put content on it
- Improve focus indicator
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
4 years ago
92500e810f
Identify the login page explicitly by the page title
Signed-off-by: Christopher Ng <chrng8@gmail.com>
4 years ago
abe5ff3654
Make LostController use IInitialState and LoggerInterface
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
4 years ago
44e13848a1
Add password reset typed events
These hooks are only used in the Encryption app from what I can see.
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
4 years ago
57c66bf7cb
Use Image class from public API
Signed-off-by: Christopher Ng <chrng8@gmail.com>
4 years ago
b70c6a128f
Update core to PHP 7.4 standard
- Typed properties
- Port to LoggerInterface
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
4 years ago
db1813f640
Show user account on grant loginflow step
Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
232322fe06
Modernize contacts menu
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
4 years ago
3c6253f965
Remove old legacy SvgController and IconsCacher
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
4 years ago
6e4d721278
Expose shareWithDisplayNameUnique also on autocomplete endpoint
Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
80388663af
Add direct arg to login flow
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
Co-Authored-by: Carl Schwan <carl@carlschwan.eu>
4 years ago
5f75d2e104
Remove old shortening
Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
a0c7798c7d
Limit the length of app password names
Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
1fc0b4320c
Add global profile toggle config
Signed-off-by: Christopher Ng <chrng8@gmail.com>
4 years ago
36721a8d0d
Fix caching of the user avatar
Now on firefox/safari it is only refetched once a day. On Chrom{e,ium}
we keep the previous behavior of maybe refetching it more often.
This also notify the user about this behavior when they upload an avatar
picture.
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
4 years ago
7dddbd0c35
Improve caching policy
* Cache css with version in url. This makes most js and css requests to
be cached by the browser
* Force caching previews, the etag is in the url so that if the propfind
gives a new etag, we will refresh it otherwise it's no use to try to
fetch the new etag and do tons of DB queries
Tested with firefox and 'debug' => false (important so that the js/css
urls are generated with ?v= parameter)
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
4 years ago
6dd60b6d30
Only allow avatars in 64 and 512 pixel size
Signed-off-by: Joas Schilling <coding@schilljs.com>
4 years ago
Christoph Wurst
Alex Harpin
Joas Schilling
Daniel Kesselberg
Richard Steinmetz
Carl Schwan
Varun Patil
Julius Härtl
John Molakvoæ (skjnldsv)
Côme Chilliet
Julien Veyssier
Christopher Ng
NoSleep82
Thomas Citharel
Vincent Petry