nextcloud

Commit Graph

Author	SHA1	Message	Date
provokateurin	2c51933b6b	refactor(core): Switch to attribute based routing Signed-off-by: provokateurin <kate@provokateurin.de>	3 months ago
provokateurin	b64ab5fba8	refactor: Migrate IgnoreOpenAPI attributes to OpenAPI Signed-off-by: provokateurin <kate@provokateurin.de>	5 months ago
Côme Chilliet	95ea6188dc	Suppress or fix psalm errors related to InvalidTokenException Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	5 months ago
Côme Chilliet	eee9f1eec4	Always catch OCP versions of authentication exceptions And always throw OC versions for BC Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	5 months ago
Joas Schilling	aa5f037af7	chore: apply changes from Nextcloud coding standards 1.1.1 Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	6 months ago
Julien Veyssier	c6da99474e	rename oauth2_access_token's created_at to code_created_at Signed-off-by: Julien Veyssier <julien-nc@posteo.net>	8 months ago
Julien Veyssier	807f173dec	make oauth2 authorization code expire after 10 minutes Signed-off-by: Julien Veyssier <julien-nc@posteo.net>	8 months ago
jld3103	1be836273d	core: Add OpenAPI spec Signed-off-by: jld3103 <jld3103yt@gmail.com>	11 months ago
Faraz Samapoor	fc0e2a938f	Applies agreed-upon indentation convention to the changed controllers. Based on https://github.com/nextcloud/server/pull/38636#discussion_r1218167753 Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>	1 year ago
Faraz Samapoor	450bf5c99e	Refactors controllers by using PHP8's constructor property promotion. Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>	1 year ago
Faraz Samapoor	a1ef0285f8	Refactors "strpos" calls in /core to improve code readability. Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>	1 year ago
Christoph Wurst	20e00cdf17	feat(app-framework): Add UseSession attribute to replace annotation Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	1 year ago
Carl Schwan	b70c6a128f	Update core to PHP 7.4 standard - Typed properties - Port to LoggerInterface Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2 years ago
Joas Schilling	db1813f640	Show user account on grant loginflow step Signed-off-by: Joas Schilling <coding@schilljs.com>	2 years ago
Vincent Petry	80388663af	Add direct arg to login flow Signed-off-by: Vincent Petry <vincent@nextcloud.com> Co-Authored-by: Carl Schwan <carl@carlschwan.eu>	2 years ago
Julius Härtl	61dd1d3d97	Pass username prefill through unauthenticated request redirects Signed-off-by: Julius Härtl <jus@bitgrid.net>	2 years ago
John Molakvoæ (skjnldsv)	215aef3cbd	Update php licenses Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	3 years ago
Christoph Wurst	f8808e260d	Move app_password_created to a typed event Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	3 years ago
Christoph Wurst	2a054e6c04	Update the license headers for Nextcloud 20 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	4 years ago
Joas Schilling	543fabe279	Make magic strings of ClientFlowLogin and v2 publicly available Signed-off-by: Joas Schilling <coding@schilljs.com>	4 years ago
Roeland Jago Douma	ffad3f83fe	Validate app password on alternative login Fixes #20838 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	4 years ago
Christoph Wurst	cb057829f7	Update license headers for 19 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	4 years ago
Christoph Wurst	28f8eb5dba	Add visibility to all constants Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	4 years ago
Christoph Wurst	caff1023ea	Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	4 years ago
Christoph Wurst	14c996d982	Use elseif instead of else if Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	4 years ago
Christoph Wurst	5bf3d1bb38	Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	5 years ago
RussellAult	19791b2460	Check getRedirectUri() for queries Resolves Issue #17885 Check getRedirectUri() for queries, and add a '&' instead of a '?' to $redirectUri if it already has them; otherwise, $redirectUri might end up with two '?'. Signed-off-by: RussellAult <russellault@users.noreply.github.com>	5 years ago
Sergej Nikolaev	1b5d85a4ca	fix oauth client redirect Signed-off-by: Sergej Nikolaev <kinolaev@gmail.com>	5 years ago
Roeland Jago Douma	6dc179ee12	Fix login flow form actions So fun fact. Chrome considers a redirect after submitting a form part of the form actions. Since we redirect to a new protocol (nc://login/). Causing the form submission to work but the redirect failing hard. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	5 years ago
Daniel Kesselberg	c583c5e7e2	Emit event if app password created Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	5 years ago
Daniel Kesselberg	149a98edf6	Publish activity for app token created by client login flow Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	5 years ago
Roeland Jago Douma	b68567e9ba	Add StandaloneTemplateResponse This can be used by pages that do not have the full Nextcloud UI. So notifications etc do not load there. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	5 years ago
Roeland Jago Douma	66367797df	Fix template paramter Else we get shown an error page instead of the correct 403. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	5 years ago
Roeland Jago Douma	e6ac233947	Fix loginflow with apptoken enter on iOS It seems iOS doesn't like us to change the location. So now we submit it to the server that geneartes the redirect. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	5 years ago
Roeland Jago Douma	763b52d402	Fix SAML Client login flow on Apple devices Because the redirect from the SAML/SSO endpoint is a POST the lax/strict cookies are not properly send. Note that it is not strictly requried on this endpoint as we do not need the remember me data. Only the real session info is enough. The endpoint is also already protected by a state token. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
John Molakvoæ (skjnldsv)	5e4990fadd	Remove redirect page Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	6 years ago
Roeland Jago Douma	92582a350d	Use the proper server for the apptoken flow login If a user can't authenticate normally (because they have 2FA that is not available on their devices for example). The redirect that is generated should be of the proper format. This means 1. Include the protocol 2. Include the possible subfolder Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
Roeland Jago Douma	be2d8cc4e9	Do not invalidate main token on OAuth Fixes #10584 We deleted the main token when using the login flow else mutliple tokens would show up for a single user. However in the case of OAuth this is perfectly fine as the authentication happens really in your browser: 1. You are already logged in, no need to log you out 2. You are not logged in yet, but since you log in into the exact same browser the expected behavior is to stay logged in. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
Roeland Jago Douma	5a97148863	Don't use special chars to avoid confusion Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
Roeland Jago Douma	177c8972cc	Improve login flow * Add page explaining you are about to grant access * Show grant access page after login Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
Morris Jobke	4ef302c0be	Request->getHeader() should always return a string PHPDoc (of the public API) says that this method returns string but it also returns null, which is not allowed in some method calls. This fixes that behaviour and returns an empty string and fixes all code paths that explicitly checked for null to be still compliant. Found while enabling the strict_typing for lib/private for the PHP7+ migration. Signed-off-by: Morris Jobke <hey@morrisjobke.de>	6 years ago
Mario Danic	cc742ce9e7	Fix bug with proxies Signed-off-by: Mario Danic <mario@lovelyhq.com>	6 years ago
Roeland Jago Douma	82f03e1314	Clear login token once apppassword is generated Fixes #7697 When using the new login flow a token will be generated since we login. However after that we generate yet another token to return (as we should). However we should kill the current session token as we are done with it. And will never use it again. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	7 years ago
Mario Danic	c2cd5fc5d3	Fix flow Signed-off-by: Mario Danic <mario@lovelyhq.com>	7 years ago
Julius Härtl	cd1bfea8c4	Theming: theme flow redirection page Signed-off-by: Julius Härtl <jus@bitgrid.net>	7 years ago
Morris Jobke	0eebff152a	Update license headers Signed-off-by: Morris Jobke <hey@morrisjobke.de>	7 years ago
Morris Jobke	504c1abee0	Fix undefined index oauthState Signed-off-by: Morris Jobke <hey@morrisjobke.de>	7 years ago
Lukas Reschke	26ee889fec	Add tests for ClientFlowLoginController Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	7 years ago
Lukas Reschke	b07a0f51ba	Add OAuth state to session Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	7 years ago
Bjoern Schiessle	23b296b66e	use name of oauth app to identify auth token Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	7 years ago

1 2

57 Commits (2c51933b6bc5e8f2633114e9acc493fb72a314d7)