Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>

Calendar invitation: use system default instead of sender's language as fallback

Public interfaces Files_FullTextSearch

Expired tokens should not trigger bruteforce protection

Signed-off-by: Maxence Lange <maxence@artificial-owl.com>

Merge remote-tracking branch 'origin/interfaces-files-fulltextsearch' into interfaces-files-fulltextsearch

Signed-off-by: Maxence Lange <maxence@artificial-owl.com>

Public interfaces FullTextSearch

Extending documentation in config.sample.php for `trusted_proxies`

Fixes #12131

If we hit an expired token there is no need to continue checking. Since
we know it is a token.

We also should not register this with the bruteforce throttler as it is
actually a valid token. Just expired. Instead the authentication should
fail. And buisness continues as usual.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Sharing user consolidation

Feature/read only public share

Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
-@return mixed

Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
Merge remote-tracking branch 'origin/interfaces-fulltextsearch-2' into interfaces-fulltextsearch-2

Signed-off-by: Maxence Lange <maxence@artificial-owl.com>

Signed-off-by: Oliver Wegner <void1976@gmail.com>

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>

Hiding the download does not depend on other settings and it does not
affect other settings either (for example, it would be possible to hide
the downloads yet make the share editable), so a simple checkbox was
added to the menu. However, note that this option is only available for
files, but not for folders.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>

When the "hide download" property of a share is set the public share
page will not show the download button nor the menu with the download,
direct link and "Add to your Nextcloud" actions; the "downloadURL"
hidden field will not be included either in the generated HTML.

Despite that, note that the "downloadURL" parameter is still set and
passed to the template, as this could be needed anyway to generate
previews (for example, of audio files).

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

make .button inline-block

Fix JS namespace of files_external app

Signed-off-by: Julius Härtl <jus@bitgrid.net>

Signed-off-by: Julius Härtl <jus@bitgrid.net>

Reset bruteforce on token refresh OAuth

LDAP: announce display name changes so that addressbook picks it up

fix #3752

Signed-off-by: Jonas Sulzer <jonas@violoncello.ch>

… when an unmapped user logs in for the first time when background job
mode is ajax and no memcache was configured.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

Signed-off-by: Julius Härtl <jus@bitgrid.net>

Signed-off-by: Julius Härtl <jus@bitgrid.net>

When using atoken obtained via OAuth the token expires. Resulting in
brute force attempts hitting the requesting IP.

This resets the brute force attempts for that UID on a valid refresh of
the token.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

Add capability of specifying "trusted_proxies" entries in CIDR notation (IPv4)

Signed-off-by: Julius Härtl <jus@bitgrid.net>

Signed-off-by: Julius Härtl <jus@bitgrid.net>

Signed-off-by: Julius Härtl <jus@bitgrid.net>

Signed-off-by: Julius Härtl <jus@bitgrid.net>

Signed-off-by: Julius Härtl <jus@bitgrid.net>

Signed-off-by: Julius Härtl <jus@bitgrid.net>

Signed-off-by: Julius Härtl <jus@bitgrid.net>