archive
/
nextcloud
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
backport/44485/stable27
fix/get-row-outside
fix/remove-old-scheduling-objects
feature/request-803
fix/reset-notification-email
chore/noid/spdx-batch4
backport/44485/stable28
stable28
stable29
backport/44485/stable29
feat/localized-ownership-transfer-target
master
Jerome-Herbinet-better-wordings-in-new-user-modal
Jerome-Herbinet-education-bundle
fix/archive-grey-color
backport/45370/stable28
backport/45370/stable29
backport/45459/stable29
stable25
feat/add-support-for-webhooks
fix/issue-26668
stable26
stable27
stable24
enh/noid/avatar-chinese
fix/subadmin-user-groups
fix/26-caldav-atomic
fix-setupcheck-filelocking
backport/stable28/44905
backport/stable29/44905
release/27.1.10_rc2
createIfNotExists
qb-escape-like
filecache-chunking
def-share-provider-filecache-joins
usermountcache-filecache-joins
jtr/dns-noisy-dns-get-record
fix/psalm/navigation-entries
fix/files-sorting
enh/noid/allow-configure-config.owner
cache-move-select-children
backport/44457/stable27
backport/45390/stable29
backport/45390/stable28
backport/45390/stable27
fix/allow-strict-email
feat/dav/upcoming-events-api
backport/45406/stable29
backport/45406/stable28
automated/noid/stable27-update-psalm-baseline
backport/44062/stable28
fix/files-proper-loading-icon
fix/stable-background-color
fix/update-archive-tar
feature/noid/wrapped-appconfig
backport/44457/stable28
feat/richobjectstrings/missing-talk-file-metadata
fix/caldav-stable26
backport/45355/stable28
backport/44763/stable28
fix/auth/selective-token-activity-update
fix/dav/image-export-plugin-fallback
feat/excalidraw-file-support
automated/noid/stable28-fix-npm-audit
automated/noid/stable29-fix-npm-audit
dependabot/npm_and_yarn/simplewebauthn/types-10.0.0
dependabot/npm_and_yarn/nextcloud/logger-3.0.2
forbid-moving-subfolder
storage-cache-not-exists
fix/blur-chromium
automated/noid/stable27-fix-npm-audit
fix/43612/avoid-pwd-confirm-sso
feat/taskprocessingapi/next-task-endpoint
feature/40205/show-add-menu-in-emptycontent
feat/45085/validate-config-values
add-border-width
techdebt/noid/log-condition-v2
feat/update-rooms-resources-event
backport/45374/stable29
backport/44763/stable27
man/backport/45237/stable27
add-temporary-border-radius-variable
enhanc/audit-tag-creator
fix/ldap-avoid-false-positive-mapping
fix/noid/prevent-duplicate-click-event-on-login
backport/44464/master
backport/44464/stable29
backport/45026/stable27
backport/45026/stable26
backport/45026/stable28
backport/45026/stable29
backport/44464/stable28
fix/ldap-list-remnant-as-disabled
bug/noid/caldav-search-limit-and-timerange
remove-locking-config-sample
fix/import-axios
fix/webdav-aja
fix/new-user-dialog
perf/systemtags-object-mapping-objectid-index
chore/migrate-vite
backport/44218/stable29
dependabot/github_actions/github-actions-aa0aa929e5
dependabot/npm_and_yarn/nextcloud/browserslist-config-3.0.1
jr/meta/issue-template-bugs-closed-link
backport/44791/stable28
perf/sharing-events
backport/44218/stable27
backport/44218/stable28
check-phpoutdated
dependabot/npm_and_yarn/cypress-split-1.23.2
dependabot/npm_and_yarn/nextcloud/browser-storage-0.4.0
dependabot/npm_and_yarn/nextcloud/l10n-3.1.0
dependabot/npm_and_yarn/nextcloud/stylelint-config-3.0.1
feat/bom-js
backport/44496/stable28
backport/45196/stable28
fix/files-source-no-fileid
fix/dav/rate-limit-create-adress-book
feature/add-ability-to-sort-by-last-login
backport/44752/stable27
backport/44752/stable28
backport/44752/stable29
feat/auth/authtoken-clean-up
fix/allow-enforcing-windows-support
fix/ensure-blacklist-is-honored
fix/auth-token-uniq-constraint-violation-handling
artonge/fix/listen_to_group_removal_for_share
backport/45058/stable29
backport/45058/stable28
backport/45058/stable27
man/backport/44839/stable28
backport/45055/stable29
backport/45055/stable28
feat/workflow-auto-update-node.yml
fix/appframework/csrf-request-checks
dependabot/npm_and_yarn/nextcloud/axios-2.5.0
feat/restore-to-original-dir
test-scanner-no-transactions-26
test-scanner-no-transactions
reshare-permission-logic-27
unmark-login-date
debug/noid/log-reason-token-mismatch
fix/forbidden-files-insensitive
backport/45140/stable29
no-issue-use-correct-exceptions-in-share-class
noissue-refactor-share-class
fix/catch-redis-exception
backport/44838/stable28
backport/44956/stable28
bugfix/noid/sensitive-dav-forbidden-logging
rakekniven-patch-1
backport/45105/stable28
backport/44533/stable29
feat/upload-folders
feature/settings-design-improvements
backport/44938/stable28
fix/user-provider-search-shown
backport/44794/stable27
backport/44972/stable28
backport/44805/stable28
dependabot/npm_and_yarn/nextcloud/cypress-1.0.0-beta.8
backport/44670/stable28
backport/44670/stable27
feat/26668/notifications-for-shared-calendars-2
stable23
forbid-moving-subfolder-24
fix/issue-43115
stable21
stable22
fix/db/two-primary-connections-transaction-isolation-level
backport/44923/stable28
backport/44923/stable27
backport/44973/stable29
backport/44794/stable28
backport/44745/stable29
backport/44745/stable28
backport/44745/stable27
44319-fix-fed-share-user-avatars
fix/lock-session-during-cookie-renew
backport/44884/stable28
backport/44884/stable29
backport/44884/stable27
backport/44805/stable29
backport/43252/stable27
fix/43260
pull_request-trigger
backport/44039/stable29
backport/44039/stable28
backport/44039/stable27
backport/44868/stable29
backport/44838/stable27
backport/44868/stable28
fix/retry-delete-if-locked
backport/43574/stable29
query-req-id-26
fix/side-bar-share-removed
backport/44644/stable29
artonge/feat/add_retry_support_to_query_builder
artonge/chore/user_retry_trait
fix/deps-min-pear
backport/44847/stable29
fix/noid/federation-really-surely-init-token
chore/psalm/more-rules
feat/log-large-assets
db-error-logging-27
db-error-logging
db-error-logging-28
fix/noid/ldap-n-counted-mapped-users
Fix/duplicate-reminders
backport/44756/stable29
feat/assetlinks-json
deps/symfony-polyfill-intl-grapheme
fix/deps/php-seclin
debug-file-exists-backtrace
path-available
backport/44306/stable29
oci-ci-faststart
fix/core-session-logout-logging
fix/auth/authtoken-activity-update-in-transaction
fix-federated-group-shares-when-no-longer-found-in-remote-server
fix/encryption/web-ui-bogus
bugfix/error-on-reshare-after-transfer-ownership
backport/44555/stable27
fix/handle-errors-in-migrate-key-format
dependabot/npm_and_yarn/davclient.js-de93b73
bugfix/noid/consistent-handling-of-SensitiveParameter
backport/44017/stable26
remove-filecache-joins
chore/use-nextcloud-cypress-docker-node
occ-as-root
backport/44075/stable28
backport/44075/stable27
backport/44075/stable26
feat/dav/calendar-object-admin-audit-log
27-shared-null-storage-merged
wrapper-instanceof-resiliant-squash
fix/noid/return-verified-email
backport/44236/stable28
backport/44132/stable28
fix/44288/catch-filesmetadatanotfound-exception
jr/enh/updates/options-buttons-web-ui
enh/users-configured-quota-value
storage-id-cache-memcache
enh/noid/returns-formated-app-values-2
fix/session/transactional-remember-me-renewal
backport/44130/stable28
backport/44130/stable27
backport/44130/stable26
release/29.0.0beta2
enh/noid/fix-personal-settings-layout
fix/dav/abort-incomplete-caldav-changes-sync
fix/noid/null-safe-metadata
login-less-custom-bundle
fieat/profile-pronounces
backport/43252/stable28
backport/43252/stable26
smb-notify-test
share-mount-check-no-in
backport/41327/stable26
Jerome-Herbinet-better-devices-wipe-action-wording
fixstable26/sharing/locking-orphan-share-delete
enh/displayname-group-search
enh/identityproof/key_storage
enh/set-nest-transactions-with-savepoints
enh/favorite-search
remove-non-accessible-shares
stream-assembly-stream-size
seekable-http-size-24
fix/noid/ldap-displayname-cached
invalidateTokensOnlySeenUsers
remove-unset-parameters
fix/profile/set-config-cache-after-write
fix/download-limit-streaming
merge-token-updates
feat/database/primary-replica-split-stable28
backport/39607/stable26
core/cypress-use-github
feature/minSupportDesktopVerMsg
enh/test-mtime-after-move
fix/updatenotification-legacy-toast
ignore-write-test-unlink-err
enh/add-details-to-code-integrity-check
HolgerHees-fix-csp-nonce-handling
fix/do-not-throw-from-countusers
perf/noid/split-getSharedWith-query-into-more-performance-sets
container-optimizations
certificate-manager-fallback
contctsinteraction-usersetting
dav-fix-birthday-sync
enhancement/passwordless-login-token
backport/42930/stable26
fix/session/log-session-id
chore/ncselect-label-warning
metaGenMemLimit
backport/42971/stable25
backport/42172/stable26
instance-quota
file-info-key-location-27
storage-debug-info
backport/40939/stable28
fix/session/log-session-start-error
refactor/app/remove-register-routes
bugfix/cleanup-s3-multipart
fix/log-login-flow-state-token-errors
fix/adjust-default-color-background-plain-to-new-background
debugging/noid/listener-measuring
add-caldav-repair-middleware
fix/carddav/create-sab-concurrently
revert/41453
optionally-hide-hidden-files-in-public-share-access
enh/noid/gs.federation.auto_accept_shares
obj-delete-not-found-20
obj-delete-not-found
enh/in-app-search
getMountsForFileId-non-sparse
fix/noid/deleted-circles-share
enh/noid/disable-user-unmount
bugfix/noid/improve-installation-speed-of-oracle
location-provider
Jerome-Herbinet-share-with-fix
normlize-less
followup/39574/ocm-provider-without-beautiful-urls
kerberos-saved-ticket-27
feat/expose-nc-groups-to-system-addressbook-contacts
stable20
kerberos-saved-ticket
fix/dashboard--performance-and-refactoring
feat/settings/too-much-caching-setup-check
dept-remove-csrf-dependency-from-request
fix/session/log-likely-lost-session-conditions
oc-wnd-migrate-25
fix/wrong-file-size-unit-used
feat/database/query-result-fetch-associative-fetch-num
oc-wnd-migrate
artonge/debt/core_main.js
feat/cors-on-webdav
fix/noid/refresh-filesize-on-conflict-24
profile-request
dav-push-sync
updater-change-mimetype-objectstore
fix/refactor-user-access-to-file-list
sftp-known-mtime
exceptionsTranslateShare
sftp-fopen-write-stat-cache
revoke-admin-overwrite-8
fix/debounce-account-properties
feat/noid/ratelimit-header
feat/node-dist
stable18
feat/account/add-birthday-prop
fix-remove-auto-guessing-for-preview-semaphore
stable19
log-event-recursion
enh/repair-mimetype-job
repair-tree-invalid-parent
fix-dav-properties-column-type
fix/caldav/event-organizer-interaction
background-job-list-reserved
fix/session-cron
run-test-mime-type-icon-again
fox/noid/extended-auth-on-webdav
files-external-setup-path
share-list-set-owner
enh/a11y-util
7935-download-files-via-post
bugfix/avoid-extra-stream-copy
bug/files-scroll
enh/filepicker-permissions
user-files-debug-info
bugfix/38171/revert-status-when-overwritten
email-template-html-fragment
admin_audit/enh/move-to-event-listeners
chore/security/log-password-confirmation-user-backend
feat-add-iavaialble-in-maintenance-mode
bugfix/noid/unavailable-shares
enh/noid/add-avif
locate-key-fix
external-list-for
JonathanTreffler-stop-spamming-deprecations
storage-cache-init-in-transaction
enh/trashbin-scan-command
enh/extend-allowed-cloud-id-characters
trashbin-skip-logging
fix-migration-closures
direct-access-shared-calendar
add-vtimezone-data-when-creating-personal-calendar
artonge/feat/download_providers
fix/theming-variables
hidden-folder
add-setting-to-hide-birthday-deceased-contacts
file-cache-insertion-atomic
extract-caldav-sharing-plugin
enh/noid/add-imagick-destroy
remove_depreated_files
chore/catch-missing-non-optional-controller-parameter
enhancement/typed-db-entity
multi-object-store
feat/mail-admin-vue
enhancement/caldav-resources-sync-command
enh/noid/getcachebuster-in-webmanifest
home-storage-lazy-datadir
fix/noid/identity-proof-key-checksum
use_HSTS
share-null-source
upload-chunk-locking
setupmanager-lazy-user
introduce/orm
mountcache-lazy-user
share-lazy-user
add-integration-tests-for-getting-folder-sizes
enh/noid/iconfig
add-clear-add-to-user-status-public-api
cache-mimtype-mapping
stable17
stable16
work/sharing_trash
fix/wrong-image-type
dont-allow-reusing-usernames
stable15
stable14
stable13
stable12
stable-swift-v3
stable11
stable10
stable9
v28.0.6
v29.0.1
v29.0.1rc1
v27.1.10rc1
v28.0.6rc1
v28.0.5
v27.1.9
v29.0.0
v27.1.9rc1
v28.0.5rc1
v29.0.0rc5
v29.0.0rc4
v29.0.0rc3
v29.0.0rc2
v29.0.0rc1
v26.0.13
v27.1.8
v28.0.4
v29.0.0beta6
v29.0.0beta5
v28.0.4rc1
v27.1.8rc1
v26.0.13rc1
v29.0.0beta4
v29.0.0beta3
v29.0.0beta2
v29.0.0beta1
v26.0.12
v27.1.7
v28.0.3
v27.1.7rc2
v26.0.12rc2
v28.0.3rc2
v28.0.3rc1
v27.1.7rc1
v26.0.12rc1
v28.0.2
v28.0.2rc5
v28.0.2rc4
v26.0.11
v27.1.6
v28.0.2rc3
v28.0.2rc2
v27.1.6rc2
v26.0.11rc2
v28.0.2rc1
v27.1.6rc1
v26.0.11rc1
v28.0.1
v28.0.1rc1
v26.0.10
v27.1.5
v28.0.0
v28.0.0rc4
v28.0.0rc3
v27.1.5rc1
v26.0.10rc1
v28.0.0rc2
v28.0.0rc1
v27.1.4
v26.0.9
v28.0.0beta4
v27.1.4rc1
v26.0.9rc1
v28.0.0beta3
v28.0.0beta2
v28.0.0beta1
v25.0.13
v26.0.8
v27.1.3
v27.1.3rc2
v26.0.8rc2
v25.0.13rc2
v25.0.13rc1
v26.0.8rc1
v27.1.3rc1
v27.1.2
v27.1.2rc1
v27.1.1
v26.0.7
v25.0.12
v27.1.0
v27.1.0rc4
v26.0.6
v25.0.11
v27.1.0rc3
v27.1.0rc2
v25.0.11rc1
v26.0.6rc1
v27.1.0rc1
v27.1.0beta3
v27.1.0beta2
v26.0.5
v25.0.10
v27.0.2
v27.0.2rc1
v26.0.5rc1
v25.0.10rc1
v25.0.9
v26.0.4
v27.0.1
v25.0.9rc2
v26.0.4rc2
v27.0.1rc2
v27.0.1rc1
v26.0.4rc1
v25.0.9rc1
v25.0.8
v26.0.3
v26.0.3rc2
v25.0.8rc2
v26.0.3rc1
v25.0.8rc1
v27.0.0
v27.0.0rc4
v27.0.0rc3
v27.0.0rc2
v26.0.2
v25.0.7
v26.0.2rc1
v25.0.7rc1
v27.0.0rc1
v27.0.0beta2
v27.0.0beta1
v24.0.12
v25.0.6
v26.0.1
v26.0.1rc1
v24.0.12rc1
v25.0.6rc1
v25.0.5
v24.0.11
v26.0.0
v25.0.5rc1
v24.0.11rc1
v26.0.0rc3
v26.0.0rc2
v26.0.0rc1
v26.0.0beta5
v24.0.10
v25.0.4
v26.0.0beta4
v25.0.4rc1
v24.0.10rc1
v26.0.0beta3
v26.0.0beta2
v26.0.0beta1
v24.0.9
v25.0.3
v24.0.9rc2
v25.0.3rc2
v25.0.3rc1
v24.0.9rc1
v23.0.12
v24.0.8
v25.0.2
v25.0.2rc3
v23.0.12rc2
v24.0.8rc2
v25.0.2rc2
v25.0.2rc1
v23.0.12rc1
v24.0.8rc1
v25.0.1
v24.0.7
v23.0.11
v24.0.7rc1
v25.0.1rc1
v23.0.11rc1
v25.0.0
v25.0.0rc5
v25.0.0rc4
v25.0.0rc3
v24.0.6
v23.0.10
v25.0.0rc2
v24.0.6rc1
v23.0.10rc1
v25.0.0rc1
v25.0.0beta7
v25.0.0beta6
v25.0.0beta5
v24.0.5
v23.0.9
v25.0.0beta4
v24.0.5rc1
v23.0.9rc1
v25.0.0beta3
v25.0.0beta2
v25.0.0beta1
v24.0.4
v23.0.8
v24.0.4rc1
v23.0.8rc1
v22.2.10
v23.0.7
v24.0.3
v23.0.7rc2
v22.2.10rc2
v24.0.3rc2
v22.2.10rc1
v23.0.7rc1
v24.0.3rc1
v24.0.2
v23.0.6
v22.2.9
v22.2.9rc1
v23.0.6rc1
v24.0.2rc1
v24.0.1
v23.0.5
v22.2.8
v22.2.8rc1
v23.0.5rc1
v24.0.1rc1
v24.0.0
v24.0.0rc3
v24.0.0rc2
v23.0.4
v22.2.7
v23.0.4rc1
v22.2.7rc1
v24.0.0rc1
v24.0.0beta3
v24.0.0beta2
v24.0.0beta1
v23.0.3
v22.2.6
v23.0.3rc2
v22.2.6rc2
v22.2.6rc1
v23.0.3rc1
v21.0.9
v22.2.5
v23.0.2
v21.0.9rc1
v22.2.5rc1
v23.0.2rc1
v21.0.8
v22.2.4
v23.0.1
v22.2.4rc3
v21.0.8rc3
v23.0.1rc3
v23.0.1rc2
v22.2.4rc2
v21.0.8rc2
v21.0.8rc1
v22.2.4rc1
v23.0.1rc1
v23.0.0
v23.0.0rc3
v21.0.7
v22.2.3
v22.2.2
v23.0.0rc2
v23.0.0rc1
v20.0.14
v21.0.6
v22.2.1
v23.0.0beta3
v20.0.14rc1
v21.0.6rc1
v22.2.1rc1
v23.0.0beta2
v23.0.0beta1
v21.0.5
v22.2.0
v20.0.13
v20.0.13rc1
v22.2.0rc2
v21.0.5rc1
v22.1.1
v22.1.1rc2
v22.1.1rc1
v22.1.0
v21.0.4
v20.0.12
22.1.0
20.0.12rc1
v21.0.4rc1
v22.1.0rc1
v22.0.0
v19.0.13
v20.0.11
v21.0.3
v22.0.0rc2
v21.0.3rc1
v20.0.11rc1
v19.0.13rc1
v22.0.0rc1
v22.0.0beta5
v22.0.0beta4
v22.0.0beta3
v22.0.0beta2
v22.0.0beta1
v19.0.12
v19.0.11
v20.0.10
v21.0.2
v19.0.11RC1
v20.0.10RC1
v21.0.2RC1
v19.0.10
v20.0.9
v21.0.1
v21.0.1RC1
v20.0.9RC1
v19.0.10RC1
v20.0.8
v19.0.9
v21.0.0
v19.0.9RC1
v20.0.8RC1
v21.0.0RC2
v21.0.0RC1
v20.0.7
v20.0.7RC1
v21.0.0beta8
v20.0.6
v19.0.8
v18.0.14
v21.0.0beta7
v18.0.14RC1
v19.0.8RC1
v20.0.6RC1
v21.0.0beta6
v20.0.5
v19.0.7
v18.0.13
v20.0.5RC2
v21.0.0beta5
v20.0.5RC1
v19.0.7RC1
v18.0.13RC1
v21.0.0beta4
v21.0.0beta3
v21.0.0beta2
v20.0.4
v21.0.0beta1
v18.0.12
v19.0.6
v20.0.3
v20.0.3RC2
v19.0.6RC2
v18.0.12RC2
v20.0.2
v19.0.5
v18.0.11
v20.0.2RC2
v19.0.5RC2
v18.0.11RC2
v20.0.2RC1
v18.0.11RC1
v19.0.5RC1
v20.0.1
v20.0.1RC1
v19.0.4
v18.0.10
v17.0.10
v18.0.10RC2
v19.0.4RC2
v20.0.0
v19.0.40RC1
v18.0.10RC1
v17.0.10RC1
v20.0.0RC2
v20.0.0RC1
v20.0.0beta4
v18.0.9
v19.0.3
v18.0.9RC1
v19.0.3RC1
v20.0.0beta3
v20.0.0beta2
v19.0.2
v18.0.8
v17.0.9
v17.0.9RC2
v18.0.8RC2
v19.0.2RC2
v20.0.0beta1
v19.0.2RC1
v18.0.8RC1
v17.0.9RC1
v19.0.1
v18.0.7
v17.0.8
v19.0.1RC1
v18.0.7RC1
v17.0.8RC1
v18.0.6
v16.0.11
v17.0.7
v18.0.5
v17.0.5RC1
v17.0.7RC1
v16.0.11RC1
v19.0.0
v19.0.0RC3
v19.0.0RC2
v19.0.0RC1
v19.0.0beta7
v19.0.0beta6
v19.0.0beta5
v16.0.10
v17.0.6
v18.0.4
v17.0.6RC2
v16.0.10RC2
v18.0.4RC2
v19.0.0beta4
v19.0.0beta3
v16.0.10RC1
v17.0.6RC1
v18.0.4RC1
v19.0.0beta2
v19.0.0beta1
v18.0.2
v17.0.4
v16.0.9
v18.0.2RC2
v17.0.4RC2
v16.0.9RC2
v16.0.9RC1
v17.0.4RC1
v18.0.2RC1
v18.0.1
v18.0.1RC3
v18.0.1RC2
v18.0.1RC1
v17.0.3
v16.0.8
v16.0.8RC1
v17.0.3RC1
v18.0.0
v18.0.0RC2
v18.0.0RC1
v18.0.0beta4
v18.0.0beta3
v17.0.2
v16.0.7
v15.0.14
v15.0.14RC1
v16.0.7RC1
v17.0.2RC1
v18.0.0beta2
v18.0.0beta1
v16.0.6
v15.0.13
v17.0.1
v16.0.6rc1
v15.0.13rc1
v17.0.1rc1
v17.0.0
v16.0.5
v15.0.12
v15.0.12RC1
v16.0.5RC1
v17.0.0rc2
v17.0.0rc1
v17.0.0beta4
v17.0.0beta3
v17.0.0beta2
v17.0.0beta1
v16.0.4
v15.0.11
v14.0.14
15.0.11
16.0.4
v16.0.4RC1
v15.0.11RC1
v14.0.14RC1
v16.0.3
v15.0.10
v14.0.13
v15.0.9
v16.0.2
v14.0.13RC1
v15.0.9RC1
v14.0.12
v16.0.1
v15.0.8
v14.0.11
v14.0.11RC1
v15.0.8RC1
v16.0.1RC1
v16.0.0
16.0.0RC2
v16.0.0RC1
v14.0.10
v15.0.7
v16.0.0beta3
v14.0.9
v15.0.6
v15.0.6RC1
v14.0.9RC1
v16.0.0beta2
v16.0.0beta1
v16.0.0alpha1
v15.0.5
v14.0.8
v13.0.12
v14.0.8RC2
v15.0.5RC2
v15.0.5RC1
v14.0.8RC1
v13.0.12RC1
v15.0.4
v15.0.3
v14.0.7
v13.0.11
v15.0.3RC1
v14.0.7RC1
v13.0.11RC1
v15.0.2
v14.0.6
v13.0.10
v15.0.1
v14.0.5
v13.0.9
v13.0.9RC2
v14.0.5RC2
v15.0.1RC2
v13.0.9RC1
v14.0.5RC1
v15.0.1RC1
v15.0.0
v15.0.0RC3
v15.0.0RC2
v15.0.0RC1
v14.0.4
v13.0.8
v12.0.13
v14.0.4RC2
v13.0.8RC2
v12.0.13RC2
v15.0.0beta2
v14.0.4RC1
v13.0.8RC1
v12.0.13RC1
v15.0.0beta1
v14.0.3
v14.0.2
v13.0.7
v12.0.12
v14.0.2RC2
v13.0.7RC2
v12.0.12RC2
v12.0.12RC1
v13.0.7RC1
v14.0.2RC1
14.0.2RC1
12.0.12RC1
13.0.7RC1
v14.0.1
v14.0.1RC1
v14.0.0
v14.0.0RC2
v12.0.11
v13.0.6
v14.0.0RC1
v12.0.11RC1
v13.0.6RC1
v14.0.0beta4
v14.0.0beta3
v14.0.0beta2
v14.0.0beta1
v12.0.10
v13.0.5
v13.0.5RC2
v12.0.10RC1
v13.0.5RC1
v12.0.9
v13.0.4
v12.0.8
v13.0.3
v13.0.3RC2
v13.0.3RC1
v12.0.8RC1
v12.0.7
v13.0.2
v12.0.7RC1
v13.0.2RC1
v11.0.8
v12.0.6
v13.0.1
v13.0.1RC1
v12.0.6RC1
v11.0.8RC1
v13.0.0
v13.0.0RC4
v13.0.0RC3
v11.0.7
v12.0.5
v12.0.5RC3
v11.0.7RC3
v13.0.0RC2
v12.0.5RC2
v11.0.7RC2
v13.0.0RC1
v11.0.7RC1
v12.0.5RC1
v13.0.0beta4
v13.0.0beta3
v13.0.0beta2
v11.0.6
v12.0.4
v12.0.4RC3
v11.0.6RC1
v12.0.4RC2
v12.0.4RC1
v13.0.0beta1
v12.0.3
v11.0.5
v12.0.3RC2
v11.0.5RC1
v12.0.3RC1
v12.0.2
v10.0.6
v11.0.4
v12.0.1
v12.0.1RC5
v12.0.1RC4
v12.0.1RC3
v12.0.1RC2
v10.0.6RC1
v11.0.4RC1
v12.0.1RC1
v12.0.0
v12.0.0RC3
v12.0.0RC2
v12.0.0RC1
v12.0.0beta4
v12.0.0beta3
v12.0.0beta2
v12.0.0beta1
v9.0.58
v10.0.5
v11.0.3
v10.0.5RC2
v11.0.3RC2
v11.0.3RC1
v10.0.5RC1
v9.0.58RC1
v9.0.57
v10.0.4
v11.0.2
v9.0.57RC1
v10.0.4RC1
v11.0.2RC1
v11.0.1
v10.0.3
v9.0.56
v9.0.56RC1
v10.0.3RC1
v11.0.1RC1
v11.0.0
v9.0.7
v9.1.3
v11.0RC2
v9.0.55
v10.0.2
v9.1.3RC1
v9.0.7RC1
v9.1.2
v9.0.6
v8.2.9
v8.1.11
v8.0.16
v9.1.2RC2
v9.0.6RC2
v8.2.9RC2
v8.1.11RC2
v8.0.16RC2
v9.1.2RC1
v9.0.6RC1
v8.2.9RC1
v8.1.11RC1
v8.0.16RC1
v9.1.1
v9.0.5
v8.2.8
v8.1.10
v8.0.15
v9.0.54RC1
v9.1.1RC3
v9.1.1RC2
v9.0.5RC2
v8.2.8RC2
v10.0.0
v10.0RC1
v9.1.1RC1
v9.0.5RC1
v8.2.8RC1
v8.1.10RC1
v8.0.15RC1
v9.0.53
v9.1.0RC4
v9.0.4
v8.2.7
v8.1.9
v8.0.14
v9.1.0RC3
v9.1.0RC2
v9.0.4RC1
v8.2.7RC1
v8.1.9RC2
v8.0.14RC2
v9.0.52
v9.0.52RC1
v8.1.9RC1
v9.1.0RC1
v9.0.51
v9.0.3RC1
v9.0.50
v9.0.1beta2
v9.1.0beta2
v9.1.0beta1
v7.0.15
v8.0.13
v8.1.8
v8.2.5
v7.0.15RC2
v8.0.13RC2
v8.1.8RC2
v8.2.5RC2
v7.0.15RC1
v8.0.13RC1
v8.1.8RC1
v8.2.5RC1
v7.0.14
v8.0.12
v8.1.7
v8.2.4
v9.0.2
v7.0.14RC2
v8.0.12RC2
v8.1.7RC2
v8.2.4RC2
v9.0.2RC2
v7.0.14RC1
v8.0.12RC1
v8.1.7RC1
v8.2.4RC1
v9.0.2RC1
v9.0.1
v9.0.1RC2
v9.0.1RC1
v9.0.1beta
v7.0.13
v8.0.11
v8.1.6
v8.2.3
v9.0.0
v9.0.0RC3
v7.0.13RC2
v8.0.11RC2
v8.1.6RC2
v8.2.3RC2
v9.0.0RC2
v7.0.13RC1
v8.0.11RC1
v8.1.6RC1
v8.2.3RC1
v9.0.0RC1
v9.0.0beta2
v9.0beta1
v7.0.12
v8.0.10
v8.1.5
v8.2.2
v7.0.12RC1
v8.0.10RC1
v8.1.5RC1
v8.2.2RC1
v8.2.1
v8.2.1RC4
v8.2.1RC3
v8.2.1RC2
v8.2.1RC1
v7.0.11
v8.0.9
v8.1.4
v7.0.11RC2
v8.0.9RC2
v8.1.4RC2
v7.0.11RC1
v8.0.9RC1
v8.1.4RC1
v8.2.0
v8.2RC3
v8.2RC2
v8.2RC1
v8.2beta1
v7.0.10
v8.1.2
v8.0.7
v7.0.9
v8.1.2RC1
v8.0.7RC1
v7.0.9RC1
v8.1.1
v8.0.6
v7.0.8
v7.0.8RC1
v8.0.6RC1
v8.1.1RC1
v6.0.10beta1
v7.0.8beta1
v8.0.6beta1
v8.1.1beta1
v8.1.1beta
v6.0.9
v7.0.7
v8.0.5
v8.1.0
v8.1RC2
v6.0.9RC1
v7.0.7RC1
v8.0.5RC1
v6.0.9beta
v7.0.7beta
v8.0.5beta
v6.0.8
v7.0.6
v8.0.4
v6.0.8RC2
v7.0.6RC2
v8.0.4RC2
v8.0.4RC1
v6.0.8RC1
v7.0.6RC1
v8.1.0beta2
v8.1.0beta1
v8.0.3
v8.0.3RC4
v8.1.0alpha2
v8.0.3RC3
v8.1.0alpha1
v8.0.3RC2
v8.0.3RC1
v8.0.2
v8.0.1
v8.0.1RC1
v5.0.19
v6.0.7
v7.0.5
v8.0.0
v8.0.0RC2
v8.0.0RC1
v8.0.0beta2
v8.0.0beta1
v8.0.0alpha2
v8.0.0alpha1
v7.0.4
v7.0.4RC2
v7.0.4RC1
v6.0.6
v7.0.3
v7.0.3RC3
v7.0.3RC2
v6.0.6RC1
v7.0.3RC1
v7.0.3alpha1
v6.0.5
v7.0.2
v3.0alpha1
v3.0RC1
v2.0beta3
v1.0RC1
v1.1
v1.0.0beta1
v6.0.5RC1
v7.0.2RC1
v7.0.1
v7.0.1RC1
v7.0.0
v7.0.0RC3
v7.0.0RC2
v7.0.0RC1
v7.0.0beta1
v5.0.17
v6.0.4
v7.0.0alpha2
v6.0.4beta1
v5.0.17beta1
v5.0.16
v6.0.3
v6.0.3RC1
v5.0.16RC1
v5.0.15
v6.0.2
v5.0.15RC1
v6.0.2RC1
v6.0.1
v6.0.1RC1
v5.0.14a
v5.0.14
v6.0.0a
v6.0.0
v6.0.0RC4
v6.0.0RC3
v6.0.0RC2
v6.0.0RC1
v6.0.0beta5
v6.0.0beta4
v6.0.0beta3
v5.0.13
v6.0.0beta2
v6.0.0alpha2
v5.0.12
v5.0.11
v5.0.10
v5.0.9
v5.0.8
v4.5.13
v5.0.7
v4.0.16
v4.5.12
v5.0.6
v4.5.11
v4.0.15
v4.5.10
v5.0.5
v5.0.5RC1
v4.5.10RC1
v4.0.14
v4.5.9
v5.0.4
v5.0.4RC1
v5.0.3
v5.0.2
v5.0.1
v4.0.13
v4.5.8
v5.0.0
v5.0.0RC3
v5.0.0RC2
v5.0.0RC1
v5.0.0beta2
v5.0.0beta1
v4.0.12
v4.5.7
v5.0.0alpha1
v4.0.11
v4.5.6
v4.5.5
v4.0.10
v4.5.4
v4.5.3
v4.0.9
v4.5.2
v4.5.1a
v4.5.1
v4.0.8
v4.5.0
v4.5.0RC3
v4.5.0RC2
v4.5.0RC1
v4.5.0beta4
v4.5.0beta3
v4.5.0beta2
v4.5.0beta1
v4.0.7
v4.0.6
v4.0.5
v4.0.4
v4.0.3
v4.0.2
v4.0.1
v4.0.0
v4.0.0RC2
v4.0.0RC
v4.0.0beta
v3.0.1
v3.0
list
theming-1.4.5
v10.0.1
v10.0.1RC1
v16.0.2RC1
v8.0.8
v8.1.3
v8.2.6
v8.2.6RC1
v9.0.3
v9.0.54
v9.1.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'eee9f1eec4'
${ noResults }
nextcloud/apps/oauth2/lib/Controller/OauthApiController.php

230 lines
8.0 KiB
PHP
Raw Blame History

<?php
declare(strict_types=1);
/**
* @copyright Copyright (c) 2017 Lukas Reschke <lukas@statuscode.ch>
*
* @author Christoph Wurst <christoph@winzerhof-wurst.at>
* @author Lukas Reschke <lukas@statuscode.ch>
* @author Roeland Jago Douma <roeland@famdouma.nl>
* @author Kate Döen <kate.doeen@nextcloud.com>
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
namespace OCA\OAuth2\Controller;
use OC\Authentication\Token\IProvider as TokenProvider;
use OCA\OAuth2\Db\AccessTokenMapper;
use OCA\OAuth2\Db\ClientMapper;
use OCA\OAuth2\Exceptions\AccessTokenNotFoundException;
use OCA\OAuth2\Exceptions\ClientNotFoundException;
use OCP\AppFramework\Controller;
use OCP\AppFramework\Http;
use OCP\AppFramework\Http\JSONResponse;
use OCP\AppFramework\Utility\ITimeFactory;
use OCP\Authentication\Exceptions\ExpiredTokenException;
use OCP\Authentication\Exceptions\InvalidTokenException;
use OCP\DB\Exception;
use OCP\IRequest;
use OCP\Security\Bruteforce\IThrottler;
use OCP\Security\ICrypto;
use OCP\Security\ISecureRandom;
use Psr\Log\LoggerInterface;
class OauthApiController extends Controller {
// the authorization code expires after 10 minutes
public const AUTHORIZATION_CODE_EXPIRES_AFTER = 10 * 60;
public function __construct(
string $appName,
IRequest $request,
private ICrypto $crypto,
private AccessTokenMapper $accessTokenMapper,
private ClientMapper $clientMapper,
private TokenProvider $tokenProvider,
private ISecureRandom $secureRandom,
private ITimeFactory $time,
private LoggerInterface $logger,
private IThrottler $throttler,
private ITimeFactory $timeFactory,
) {
parent::__construct($appName, $request);
}
/**
* @PublicPage
* @NoCSRFRequired
* @BruteForceProtection(action=oauth2GetToken)
*
* Get a token
*
* @param string $grant_type Token type that should be granted
* @param ?string $code Code of the flow
* @param ?string $refresh_token Refresh token
* @param ?string $client_id Client ID
* @param ?string $client_secret Client secret
* @throws Exception
* @return JSONResponse<Http::STATUS_OK, array{access_token: string, token_type: string, expires_in: int, refresh_token: string, user_id: string}, array{}>|JSONResponse<Http::STATUS_BAD_REQUEST, array{error: string}, array{}>
*
* 200: Token returned
* 400: Getting token is not possible
*/
public function getToken(
string $grant_type, ?string $code, ?string $refresh_token,
?string $client_id, ?string $client_secret
): JSONResponse {
// We only handle two types
if ($grant_type !== 'authorization_code' && $grant_type !== 'refresh_token') {
$response = new JSONResponse([
'error' => 'invalid_grant',
], Http::STATUS_BAD_REQUEST);
$response->throttle(['invalid_grant' => $grant_type]);
return $response;
}
// We handle the initial and refresh tokens the same way
if ($grant_type === 'refresh_token') {
$code = $refresh_token;
}
try {
$accessToken = $this->accessTokenMapper->getByCode($code);
} catch (AccessTokenNotFoundException $e) {
$response = new JSONResponse([
'error' => 'invalid_request',
], Http::STATUS_BAD_REQUEST);
$response->throttle(['invalid_request' => 'token not found', 'code' => $code]);
return $response;
}
if ($grant_type === 'authorization_code') {
// check this token is in authorization code state
$deliveredTokenCount = $accessToken->getTokenCount();
if ($deliveredTokenCount > 0) {
$response = new JSONResponse([
'error' => 'invalid_request',
], Http::STATUS_BAD_REQUEST);
$response->throttle(['invalid_request' => 'authorization_code_received_for_active_token']);
return $response;
}
// check authorization code expiration
$now = $this->timeFactory->now()->getTimestamp();
$codeCreatedAt = $accessToken->getCodeCreatedAt();
if ($codeCreatedAt < $now - self::AUTHORIZATION_CODE_EXPIRES_AFTER) {
// we know this token is not useful anymore
$this->accessTokenMapper->delete($accessToken);
$response = new JSONResponse([
'error' => 'invalid_request',
], Http::STATUS_BAD_REQUEST);
$expiredSince = $now - self::AUTHORIZATION_CODE_EXPIRES_AFTER - $codeCreatedAt;
$response->throttle(['invalid_request' => 'authorization_code_expired', 'expired_since' => $expiredSince]);
return $response;
}
}
try {
$client = $this->clientMapper->getByUid($accessToken->getClientId());
} catch (ClientNotFoundException $e) {
$response = new JSONResponse([
'error' => 'invalid_request',
], Http::STATUS_BAD_REQUEST);
$response->throttle(['invalid_request' => 'client not found', 'client_id' => $accessToken->getClientId()]);
return $response;
}
if (isset($this->request->server['PHP_AUTH_USER'])) {
$client_id = $this->request->server['PHP_AUTH_USER'];
$client_secret = $this->request->server['PHP_AUTH_PW'];
}
try {
$storedClientSecret = $this->crypto->decrypt($client->getSecret());
} catch (\Exception $e) {
$this->logger->error('OAuth client secret decryption error', ['exception' => $e]);
// we don't throttle here because it might not be a bruteforce attack
return new JSONResponse([
'error' => 'invalid_client',
], Http::STATUS_BAD_REQUEST);
}
// The client id and secret must match. Else we don't provide an access token!
if ($client->getClientIdentifier() !== $client_id || $storedClientSecret !== $client_secret) {
$response = new JSONResponse([
'error' => 'invalid_client',
], Http::STATUS_BAD_REQUEST);
$response->throttle(['invalid_client' => 'client ID or secret does not match']);
return $response;
}
$decryptedToken = $this->crypto->decrypt($accessToken->getEncryptedToken(), $code);
// Obtain the appToken associated
try {
$appToken = $this->tokenProvider->getTokenById($accessToken->getTokenId());
} catch (ExpiredTokenException $e) {
$appToken = $e->getToken();
} catch (InvalidTokenException $e) {
//We can't do anything...
$this->accessTokenMapper->delete($accessToken);
$response = new JSONResponse([
'error' => 'invalid_request',
], Http::STATUS_BAD_REQUEST);
$response->throttle(['invalid_request' => 'token is invalid']);
return $response;
}
// Rotate the apptoken (so the old one becomes invalid basically)
$newToken = $this->secureRandom->generate(72, ISecureRandom::CHAR_ALPHANUMERIC);
$appToken = $this->tokenProvider->rotate(
$appToken,
$decryptedToken,
$newToken
);
// Expiration is in 1 hour again
$appToken->setExpires($this->time->getTime() + 3600);
$this->tokenProvider->updateToken($appToken);
// Generate a new refresh token and encrypt the new apptoken in the DB
$newCode = $this->secureRandom->generate(128, ISecureRandom::CHAR_ALPHANUMERIC);
$accessToken->setHashedCode(hash('sha512', $newCode));
$accessToken->setEncryptedToken($this->crypto->encrypt($newToken, $newCode));
// increase the number of delivered oauth token
// this helps with cleaning up DB access token when authorization code has expired
// and it never delivered any oauth token
$tokenCount = $accessToken->getTokenCount();
$accessToken->setTokenCount($tokenCount + 1);
$this->accessTokenMapper->update($accessToken);
$this->throttler->resetDelay($this->request->getRemoteAddress(), 'login', ['user' => $appToken->getUID()]);
return new JSONResponse(
[
'access_token' => $newToken,
'token_type' => 'Bearer',
'expires_in' => 3600,
'refresh_token' => $newCode,
'user_id' => $appToken->getUID(),
]
);
}
}
Reference in New Issue View Git Blame Copy Permalink