From a285ac15db2d9e4e54d8819d21a43e535d659480 Mon Sep 17 00:00:00 2001 From: s3n-w6i <37022952+s3n-w6i@users.noreply.github.com> Date: Fri, 8 May 2026 12:45:10 +0200 Subject: [PATCH 01/15] Add per-provider enrichLoginIdTokenWithUserinfo setting --- l10n/en_GB.js | 2 ++ lib/Controller/LoginController.php | 8 +++++++- lib/ResponseDefinitions.php | 1 + lib/Service/ProviderService.php | 3 +++ openapi.json | 6 +++++- src/components/AdminSettings.vue | 1 + src/components/SettingsForm.vue | 8 ++++++++ tests/unit/Service/ProviderServiceTest.php | 3 +++ 8 files changed, 30 insertions(+), 2 deletions(-) diff --git a/l10n/en_GB.js b/l10n/en_GB.js index 78d0d2ee8..51fd6baa5 100644 --- a/l10n/en_GB.js +++ b/l10n/en_GB.js @@ -114,6 +114,8 @@ OC.L10N.register( "Should the ID token be included as the id_token_hint GET parameter in the OpenID logout URL? Users are redirected to this URL after logging out of Nextcloud. Enabling this setting exposes the OIDC ID token to the user agent, which may not be necessary depending on the OIDC provider." : "Should the ID token be included as the id_token_hint GET parameter in the OpenID logout URL? Users are redirected to this URL after logging out of Nextcloud. Enabling this setting exposes the OIDC ID token to the user agent, which may not be necessary depending on the OIDC provider.", "Only groups matching the whitelist regex will be created, updated and deleted by the group claim. For example: {regex} allows all groups which ID starts with {substr}" : "Only groups matching the whitelist regex will be created, updated and deleted by the group claim. For example: {regex} allows all groups which ID starts with {substr}", "This will create and update the users groups depending on the groups claim in the ID token. The Format of the groups claim value should be {sample1}, {sample2} or {sample3}" : "This will create and update the users groups depending on the groups claim in the ID token. The Format of the groups claim value should be {sample1}, {sample2} or {sample3}", + "Enrich login ID token with userinfo": "Enrich login ID token with userinfo", + "Fetch additional information not found in the login ID token from the userinfo endpoint. This setting is overwritten if the global enrich_login_id_token_with_userinfo option is enabled.": "Fetch additional information not found in the login ID token from the userinfo endpoint. This setting is overwritten if the global enrich_login_id_token_with_userinfo option is enabled.", "Back to %s" : "Back to %s", "Domain" : "Domain", "your.domain" : "your.domain" diff --git a/lib/Controller/LoginController.php b/lib/Controller/LoginController.php index abba810cc..35b1970b3 100644 --- a/lib/Controller/LoginController.php +++ b/lib/Controller/LoginController.php @@ -539,7 +539,13 @@ public function code(string $state = '', string $code = '', string $scope = '', } // default is false - if (isset($oidcSystemConfig['enrich_login_id_token_with_userinfo']) && $oidcSystemConfig['enrich_login_id_token_with_userinfo']) { + $globalEnrichWithUserinfo = isset($oidcSystemConfig['enrich_login_id_token_with_userinfo']) && $oidcSystemConfig['enrich_login_id_token_with_userinfo']; + $providerEnrichWithUserinfo = $this->providerService->getSetting( + $provider->getId(), + ProviderService::SETTING_ENRICH_LOGIN_ID_TOKEN_WITH_USERINFO, + '0' + ) === '1'; + if ($globalEnrichWithUserinfo || $providerEnrichWithUserinfo) { $userInfo = $this->oidcService->userInfo($provider, $data['access_token']); $this->logger->debug('[UserInfoEnrich] Enriching the JWT payload with userinfo values'); foreach ($userInfo as $key => $value) { diff --git a/lib/ResponseDefinitions.php b/lib/ResponseDefinitions.php index b2c7153d9..bc55c4a21 100644 --- a/lib/ResponseDefinitions.php +++ b/lib/ResponseDefinitions.php @@ -46,6 +46,7 @@ * groupWhitelistRegex: string, * restrictLoginToGroups: bool, * nestedAndFallbackClaims: bool, + * enrichLoginIdTokenWithUserinfo: bool, * } * * @psalm-type UserOIDCProvider = array{ diff --git a/lib/Service/ProviderService.php b/lib/Service/ProviderService.php index f5a82a511..05a2a3646 100644 --- a/lib/Service/ProviderService.php +++ b/lib/Service/ProviderService.php @@ -61,6 +61,7 @@ class ProviderService { public const SETTING_RESTRICT_LOGIN_TO_GROUPS = 'restrictLoginToGroups'; public const SETTING_AZURE_GROUP_NAMES = 'azureGroupNames'; public const SETTING_RESOLVE_NESTED_AND_FALLBACK_CLAIMS_MAPPING = 'nestedAndFallbackClaims'; + public const SETTING_ENRICH_LOGIN_ID_TOKEN_WITH_USERINFO = 'enrichLoginIdTokenWithUserinfo'; public const BOOLEAN_SETTINGS_DEFAULT_VALUES = [ self::SETTING_GROUP_PROVISIONING => false, @@ -72,6 +73,7 @@ class ProviderService { self::SETTING_RESTRICT_LOGIN_TO_GROUPS => false, self::SETTING_AZURE_GROUP_NAMES => false, self::SETTING_RESOLVE_NESTED_AND_FALLBACK_CLAIMS_MAPPING => false, + self::SETTING_ENRICH_LOGIN_ID_TOKEN_WITH_USERINFO => false, ]; public function __construct( @@ -195,6 +197,7 @@ public function getSupportedSettings(): array { self::SETTING_RESTRICT_LOGIN_TO_GROUPS, self::SETTING_AZURE_GROUP_NAMES, self::SETTING_RESOLVE_NESTED_AND_FALLBACK_CLAIMS_MAPPING, + self::SETTING_ENRICH_LOGIN_ID_TOKEN_WITH_USERINFO, ]; } diff --git a/openapi.json b/openapi.json index 1b6450da2..ee522918e 100644 --- a/openapi.json +++ b/openapi.json @@ -124,7 +124,8 @@ "groupProvisioning", "groupWhitelistRegex", "restrictLoginToGroups", - "nestedAndFallbackClaims" + "nestedAndFallbackClaims", + "enrichLoginIdTokenWithUserinfo" ], "properties": { "mappingDisplayName": { @@ -231,6 +232,9 @@ }, "nestedAndFallbackClaims": { "type": "boolean" + }, + "enrichLoginIdTokenWithUserinfo": { + "type": "boolean" } } } diff --git a/src/components/AdminSettings.vue b/src/components/AdminSettings.vue index ea630bfbd..67e6ab399 100644 --- a/src/components/AdminSettings.vue +++ b/src/components/AdminSettings.vue @@ -203,6 +203,7 @@ export default { providerBasedId: false, groupProvisioning: false, sendIdTokenHint: true, + enrichLoginIdTokenWithUserinfo: false, }, }, showNewProvider: false, diff --git a/src/components/SettingsForm.vue b/src/components/SettingsForm.vue index 8abdab669..f0095b192 100644 --- a/src/components/SettingsForm.vue +++ b/src/components/SettingsForm.vue @@ -333,6 +333,14 @@

{{ t('user_oidc', 'Should the ID token be included as the id_token_hint GET parameter in the OpenID logout URL? Users are redirected to this URL after logging out of Nextcloud. Enabling this setting exposes the OIDC ID token to the user agent, which may not be necessary depending on the OIDC provider.') }}

+ + {{ t('user_oidc', 'Enrich login ID token with userinfo') }} + +

+ {{ t('user_oidc', 'Fetch additional information not found in the login ID token from the userinfo endpoint. This setting is overwritten if the global enrich_login_id_token_with_userinfo option is enabled.') }} +

{{ t('user_oidc', 'Cancel') }} diff --git a/tests/unit/Service/ProviderServiceTest.php b/tests/unit/Service/ProviderServiceTest.php index 24fd9ffb5..c22d9e8f9 100644 --- a/tests/unit/Service/ProviderServiceTest.php +++ b/tests/unit/Service/ProviderServiceTest.php @@ -99,6 +99,7 @@ public function testGetProvidersWithSettings() { 'restrictLoginToGroups' => true, 'azureGroupNames' => true, 'nestedAndFallbackClaims' => true, + 'enrichLoginIdTokenWithUserinfo' => false, ], ], [ @@ -146,6 +147,7 @@ public function testGetProvidersWithSettings() { 'restrictLoginToGroups' => true, 'azureGroupNames' => true, 'nestedAndFallbackClaims' => true, + 'enrichLoginIdTokenWithUserinfo' => false, ], ], ], $this->providerService->getProvidersWithSettings()); @@ -189,6 +191,7 @@ public function testSetSettings() { 'restrictLoginToGroups' => false, 'azureGroupNames' => false, 'nestedAndFallbackClaims' => false, + 'enrichLoginIdTokenWithUserinfo' => false, ]; $this->appConfig->expects(self::any()) ->method('getValueString') From 4bd8cff3e72758c410b7d23f532850c0c901fb99 Mon Sep 17 00:00:00 2001 From: s3n-w6i <37022952+s3n-w6i@users.noreply.github.com> Date: Wed, 20 May 2026 01:13:27 +0200 Subject: [PATCH 02/15] Add additional logging --- appinfo/info.xml | 2 +- lib/Controller/LoginController.php | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/appinfo/info.xml b/appinfo/info.xml index 8685f1915..f2dfa546b 100644 --- a/appinfo/info.xml +++ b/appinfo/info.xml @@ -8,7 +8,7 @@ OpenID Connect user backend Use an OpenID Connect backend to login to your Nextcloud Allows flexible configuration of an OIDC server as Nextcloud login user backend. - 8.10.1 + 8.10.2 agpl Roeland Jago Douma Julius Härtl diff --git a/lib/Controller/LoginController.php b/lib/Controller/LoginController.php index 35b1970b3..bea835850 100644 --- a/lib/Controller/LoginController.php +++ b/lib/Controller/LoginController.php @@ -548,7 +548,9 @@ public function code(string $state = '', string $code = '', string $scope = '', if ($globalEnrichWithUserinfo || $providerEnrichWithUserinfo) { $userInfo = $this->oidcService->userInfo($provider, $data['access_token']); $this->logger->debug('[UserInfoEnrich] Enriching the JWT payload with userinfo values'); + $this->logger->debug('[UserInfoEnrich] Full userinfo response: ' . print_r($userInfo, true)); foreach ($userInfo as $key => $value) { + $this->logger->debug('[UserInfoEnrich] Testing if key value pair is set: ' . $key . ': ' . $value); // give priority to id token values, only use userinfo ones if they are missing in the ID token if (!isset($idTokenPayload->{$key})) { $idTokenPayload->{$key} = $value; From 6adfb6a2ed5dcf877c35df07191171824a520f2b Mon Sep 17 00:00:00 2001 From: Nextcloud bot Date: Sat, 9 May 2026 02:05:51 +0000 Subject: [PATCH 03/15] fix(l10n): Update translations from Transifex Signed-off-by: Nextcloud bot --- l10n/ru.js | 2 ++ l10n/ru.json | 2 ++ 2 files changed, 4 insertions(+) diff --git a/l10n/ru.js b/l10n/ru.js index fd6431aeb..c57813f8d 100644 --- a/l10n/ru.js +++ b/l10n/ru.js @@ -4,6 +4,8 @@ OC.L10N.register( "Error" : "Ошибка", "Access forbidden" : "Доступ запрещён", "User conflict" : "Конфликт пользователей", + "Registered Providers" : "Зарегистрированные провайдеры", + "Register new provider" : "Зарегистрировать нового провайдера", "Client ID" : "ID клиента", "Update" : "Обновление", "Remove" : "Исключить", diff --git a/l10n/ru.json b/l10n/ru.json index 56ee76b35..8345c251a 100644 --- a/l10n/ru.json +++ b/l10n/ru.json @@ -2,6 +2,8 @@ "Error" : "Ошибка", "Access forbidden" : "Доступ запрещён", "User conflict" : "Конфликт пользователей", + "Registered Providers" : "Зарегистрированные провайдеры", + "Register new provider" : "Зарегистрировать нового провайдера", "Client ID" : "ID клиента", "Update" : "Обновление", "Remove" : "Исключить", From 2e28e5aa4b4e93f00bf45b6c09dc01d32b3eb40b Mon Sep 17 00:00:00 2001 From: Nextcloud bot Date: Mon, 11 May 2026 02:05:02 +0000 Subject: [PATCH 04/15] fix(l10n): Update translations from Transifex Signed-off-by: Nextcloud bot --- l10n/sv.js | 2 ++ l10n/sv.json | 2 ++ 2 files changed, 4 insertions(+) diff --git a/l10n/sv.js b/l10n/sv.js index 9b86f0627..08304b75c 100644 --- a/l10n/sv.js +++ b/l10n/sv.js @@ -3,6 +3,8 @@ OC.L10N.register( { "Error" : "Fel", "Access forbidden" : "Åtkomst förbjuden", + "Registered Providers" : "Registrerade leverantörer", + "Register new provider" : "Registrera ny leverantör", "Client ID" : "Klient-ID", "Update" : "Uppdatera", "Remove" : "Ta bort", diff --git a/l10n/sv.json b/l10n/sv.json index a7c14e6cb..309ca22e4 100644 --- a/l10n/sv.json +++ b/l10n/sv.json @@ -1,6 +1,8 @@ { "translations": { "Error" : "Fel", "Access forbidden" : "Åtkomst förbjuden", + "Registered Providers" : "Registrerade leverantörer", + "Register new provider" : "Registrera ny leverantör", "Client ID" : "Klient-ID", "Update" : "Uppdatera", "Remove" : "Ta bort", From bbf3f02beffe767a9d8725d1bfec5b23dee26aea Mon Sep 17 00:00:00 2001 From: Nextcloud bot Date: Mon, 18 May 2026 02:12:16 +0000 Subject: [PATCH 05/15] fix(l10n): Update translations from Transifex Signed-off-by: Nextcloud bot --- l10n/tr.js | 1 + l10n/tr.json | 1 + 2 files changed, 2 insertions(+) diff --git a/l10n/tr.js b/l10n/tr.js index 88090c1f9..fa46f7dc7 100644 --- a/l10n/tr.js +++ b/l10n/tr.js @@ -21,6 +21,7 @@ OC.L10N.register( "There is no such OpenID Connect provider." : "Böyle bir OpenID Connect hizmeti sağlayıcısı bulunamadı.", "Could not reach the OpenID Connect provider." : "OpenID Connect hizmeti sağlayıcısına erişilemedi.", "The identity provider failed to authenticate the user." : "Kimlik hizmeti sağlayıcı kullanıcının kimliğini doğrulayamadı.", + "The received state has expired." : "Alınan durumun geçerlilik süresi dolmuş.", "Failed to decrypt the OIDC provider client secret" : "OpenID Connect hizmeti sağlayıcısının parola şifresi çözülemedi", "Failed to contact the OIDC provider token endpoint" : "OpenID Connect hizmeti sağlayıcısı kod uç noktası ile iletişim kurulamadı.", "The issuer does not match the one from the discovery endpoint" : "Yetki veren, keşif uç noktasındakiyle eşleşmiyor", diff --git a/l10n/tr.json b/l10n/tr.json index 1e0bfed59..eb94211fd 100644 --- a/l10n/tr.json +++ b/l10n/tr.json @@ -19,6 +19,7 @@ "There is no such OpenID Connect provider." : "Böyle bir OpenID Connect hizmeti sağlayıcısı bulunamadı.", "Could not reach the OpenID Connect provider." : "OpenID Connect hizmeti sağlayıcısına erişilemedi.", "The identity provider failed to authenticate the user." : "Kimlik hizmeti sağlayıcı kullanıcının kimliğini doğrulayamadı.", + "The received state has expired." : "Alınan durumun geçerlilik süresi dolmuş.", "Failed to decrypt the OIDC provider client secret" : "OpenID Connect hizmeti sağlayıcısının parola şifresi çözülemedi", "Failed to contact the OIDC provider token endpoint" : "OpenID Connect hizmeti sağlayıcısı kod uç noktası ile iletişim kurulamadı.", "The issuer does not match the one from the discovery endpoint" : "Yetki veren, keşif uç noktasındakiyle eşleşmiyor", From 71515d9e29baeba6d47da3064efe28288dcab7a7 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Fri, 15 May 2026 12:24:03 +0200 Subject: [PATCH 06/15] chore(CI): Adjust testing matrix for Nextcloud 34 on main Signed-off-by: Joas Schilling --- .github/workflows/integration.yml | 3 +++ .github/workflows/phpunit.yml | 5 ++++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/integration.yml b/.github/workflows/integration.yml index fbc8d1b15..b712fad17 100644 --- a/.github/workflows/integration.yml +++ b/.github/workflows/integration.yml @@ -33,6 +33,9 @@ jobs: - php-versions: 8.3 databases: mysql server-versions: stable33 + - php-versions: 8.3 + databases: mysql + server-versions: stable34 - php-versions: 8.4 databases: mysql server-versions: master diff --git a/.github/workflows/phpunit.yml b/.github/workflows/phpunit.yml index d221380ae..05f20e0fb 100644 --- a/.github/workflows/phpunit.yml +++ b/.github/workflows/phpunit.yml @@ -22,7 +22,7 @@ jobs: matrix: php-versions: ['8.2', '8.3', '8.4'] databases: ['mysql'] - server-versions: ['stable31', 'stable32', 'stable33', 'master'] + server-versions: ['stable31', 'stable32', 'stable33', 'stable34', 'master'] exclude: # Reduce matrix - test pgsql only on master and latest stable - databases: pgsql @@ -34,6 +34,9 @@ jobs: - php-versions: 8.5 databases: mysql server-versions: stable33 + - php-versions: 8.5 + databases: mysql + server-versions: stable34 - php-versions: 8.5 databases: mysql server-versions: master From 663580537738bbca12d24b0a34adb9db1299a1e4 Mon Sep 17 00:00:00 2001 From: Joas Schilling Date: Sat, 16 May 2026 01:19:01 +0200 Subject: [PATCH 07/15] feat(deps): Add Nextcloud 35 support Signed-off-by: Joas Schilling --- .github/dependabot.yml | 4 ++++ appinfo/info.xml | 4 ++-- package-lock.json | 4 ++-- package.json | 2 +- 4 files changed, 9 insertions(+), 5 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index a39ec268c..43d864986 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -8,6 +8,8 @@ updates: interval: daily time: "03:00" timezone: Europe/Paris + cooldown: + default-days: 10 open-pull-requests-limit: 10 ignore: - dependency-name: coenjacobs/mozart @@ -20,6 +22,8 @@ updates: interval: daily time: "03:00" timezone: Europe/Paris + cooldown: + default-days: 10 open-pull-requests-limit: 10 ignore: - dependency-name: webpack-cli diff --git a/appinfo/info.xml b/appinfo/info.xml index f2dfa546b..fd5b3bfc9 100644 --- a/appinfo/info.xml +++ b/appinfo/info.xml @@ -8,7 +8,7 @@ OpenID Connect user backend Use an OpenID Connect backend to login to your Nextcloud Allows flexible configuration of an OIDC server as Nextcloud login user backend. - 8.10.2 + 8.11.0-dev.0 agpl Roeland Jago Douma Julius Härtl @@ -23,7 +23,7 @@ https://github.com/nextcloud/user_oidc/issues https://github.com/nextcloud/user_oidc - + OCA\UserOIDC\Settings\AdminSettings diff --git a/package-lock.json b/package-lock.json index c24fda02f..ae06cb9e0 100644 --- a/package-lock.json +++ b/package-lock.json @@ -1,12 +1,12 @@ { "name": "user_oidc", - "version": "8.4.0-dev.0", + "version": "8.11.0-dev.0", "lockfileVersion": 3, "requires": true, "packages": { "": { "name": "user_oidc", - "version": "8.4.0-dev.0", + "version": "8.11.0-dev.0", "license": "AGPL-3.0-or-later", "dependencies": { "@nextcloud/axios": "^2.5.1", diff --git a/package.json b/package.json index 7a72b64e7..f352af376 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "user_oidc", "description": "OIDC connect user backend for Nextcloud", - "version": "8.4.0-dev.0", + "version": "8.11.0-dev.0", "author": "Roeland Jago Douma ", "repository": { "url": "https://github.com/nextcloud/user_oidc", From cf866f2a60e821149c712460980ebccccfc2b306 Mon Sep 17 00:00:00 2001 From: Spitap Date: Mon, 18 May 2026 19:56:51 +0200 Subject: [PATCH 08/15] Revert "Removed exp claim from required BC-LO" This reverts commit 7fcb03d5cb20a4cb7ed8e076a1fd5a4e19d8232d. Signed-off-by: Spitap --- lib/Controller/LoginController.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/lib/Controller/LoginController.php b/lib/Controller/LoginController.php index bea835850..c6f01e7a8 100644 --- a/lib/Controller/LoginController.php +++ b/lib/Controller/LoginController.php @@ -897,8 +897,7 @@ public function backChannelLogout(string $providerIdentifier, string $logout_tok // REQUIRED claims check step // https://openid.net/specs/openid-connect-backchannel-1_0.html#LogoutToken - // Note : exp claim is deliberately not checked. See #1432 - $requiredClaims = ['iss', 'aud', 'iat', 'jti', 'events']; + $requiredClaims = ['iss', 'aud', 'iat', 'exp', 'jti', 'events']; $missingClaims = []; $logoutTokenArray = (array)$logoutTokenPayload; foreach ($requiredClaims as $claim) { @@ -968,7 +967,7 @@ public function backChannelLogout(string $providerIdentifier, string $logout_tok ); } - if (isset($logoutTokenPayload->exp) && $logoutTokenPayload->exp < $this->timeFactory->getTime()) { + if ($logoutTokenPayload->exp < $this->timeFactory->getTime()) { return $this->getBackchannelLogoutErrorResponse( 'invalid exp', 'The logout token is expired', From c597de4541bf5a65aafa208eb97c498068358bc5 Mon Sep 17 00:00:00 2001 From: Spitap Date: Tue, 19 May 2026 19:35:08 +0200 Subject: [PATCH 09/15] Make sure exp is not null BC-LO Signed-off-by: Spitap --- lib/Controller/LoginController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/Controller/LoginController.php b/lib/Controller/LoginController.php index c6f01e7a8..fee1de4a1 100644 --- a/lib/Controller/LoginController.php +++ b/lib/Controller/LoginController.php @@ -967,7 +967,7 @@ public function backChannelLogout(string $providerIdentifier, string $logout_tok ); } - if ($logoutTokenPayload->exp < $this->timeFactory->getTime()) { + if (($logoutTokenPayload->exp ?? 0) < $this->timeFactory->getTime()) { return $this->getBackchannelLogoutErrorResponse( 'invalid exp', 'The logout token is expired', From e1b4f46400a47d9297ac541947b38f12b4858365 Mon Sep 17 00:00:00 2001 From: Nextcloud bot Date: Fri, 22 May 2026 02:30:12 +0000 Subject: [PATCH 10/15] fix(l10n): Update translations from Transifex Signed-off-by: Nextcloud bot --- l10n/lv.js | 1 + l10n/lv.json | 1 + l10n/tr.js | 6 +++--- l10n/tr.json | 6 +++--- 4 files changed, 8 insertions(+), 6 deletions(-) diff --git a/l10n/lv.js b/l10n/lv.js index 1b0d678cd..092ec7a04 100644 --- a/l10n/lv.js +++ b/l10n/lv.js @@ -14,6 +14,7 @@ OC.L10N.register( "Submit" : "Iesniegt", "Scope" : "Darbības joma", "Authentication and Access Control Settings" : "Autentificēšanās un piekļuves vadības iestatījumi", + "Back to %s" : "Atgriezties %s", "Domain" : "Domain" }, "nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n != 0 ? 1 : 2);"); diff --git a/l10n/lv.json b/l10n/lv.json index dc9759bba..2f3f177f0 100644 --- a/l10n/lv.json +++ b/l10n/lv.json @@ -12,6 +12,7 @@ "Submit" : "Iesniegt", "Scope" : "Darbības joma", "Authentication and Access Control Settings" : "Autentificēšanās un piekļuves vadības iestatījumi", + "Back to %s" : "Atgriezties %s", "Domain" : "Domain" },"pluralForm" :"nplurals=3; plural=(n%10==1 && n%100!=11 ? 0 : n != 0 ? 1 : 2);" } \ No newline at end of file diff --git a/l10n/tr.js b/l10n/tr.js index fa46f7dc7..b340f14b7 100644 --- a/l10n/tr.js +++ b/l10n/tr.js @@ -105,15 +105,15 @@ OC.L10N.register( "Use group provisioning." : "Grup hazırlama kullanılsın", "Group whitelist regex" : "Grup izin verilenler listesi kurallı ifadesi", "Restrict login for users that are not in any whitelisted group" : "İzin verilenler listesine alınmış herhangi bir grupta olmayan kullanıcıların oturum açması engellensin", - "Users that are not part of any whitelisted group are not created and can not login" : "İzin verilenler listesine alınmış herhangi bir grubun üyesi olmayan kullanıcılar eklenmez ve oturum açamaz", + "Users that are not part of any whitelisted group are not created and can not login" : "İzin verilenler listesine alınmış herhangi bir grubun üyesi olmayan kullanıcılar oluşturulmaz ve oturum açamaz", "Check Bearer token on API and WebDAV requests" : "API ve WebDAV isteklerinde Bearer kodu kontrol edilsin", "Do you want to allow API calls and WebDAV requests that are authenticated with an OIDC ID token or access token?" : "Bir OIDC kimlik kodu veya erişim kodu ile doğrulanmış API çağrılarına ve WebDAV isteğine izin verilsin mi?", "Auto provision user when accessing API and WebDAV with Bearer token" : "Bearer kodu ile API ve WebDAV erişiminde kullanıcı otomatik olarak yetkilendirilsin", "This automatically provisions the user, when sending API and WebDAV requests with a Bearer token. Auto provisioning and Bearer token check have to be activated for this to work." : "Bu seçenek, bir Bearer kodu ile API ve WebDAV istekleri gönderirken kullanıcıyı otomatik olarak yetkilendirir. Çalışması için otomatik yetkilendirme ve Bearer kodu denetiminin açılması gerekir.", "Send ID token hint on logout" : "Oturumu kapatıldığında kimlik kodu ipucu gönderilsin", "Should the ID token be included as the id_token_hint GET parameter in the OpenID logout URL? Users are redirected to this URL after logging out of Nextcloud. Enabling this setting exposes the OIDC ID token to the user agent, which may not be necessary depending on the OIDC provider." : "OpenID oturumu kapatma adresine id_token_hint GET parametresi olarak kimlik kodu eklensin mi? Kullanıcılar Nextcloud oturumlarını kapattıktan sonra bu adrese yönlendirilir. Bu ayarı açmak, OIDC kimlik kodunu kullanıcı uygulamasına sunar. Bu işlem OIDC hizmeti sağlayıcısına bağlı olarak gerekli olmayabilir.", - "Only groups matching the whitelist regex will be created, updated and deleted by the group claim. For example: {regex} allows all groups which ID starts with {substr}" : "Yalnızca izin verilenler listesi kurallı ifadesine uygun gruplar grup isteği tarafından eklenir, güncellenir ve silinir. Örneğin: {regex} ifadesi, kimliği {substr} ile başlayan tüm gruplara izin verir", - "This will create and update the users groups depending on the groups claim in the ID token. The Format of the groups claim value should be {sample1}, {sample2} or {sample3}" : "Bu seçenek, kimlik kodundaki grupların isteğine bağlı olarak kullanıcı gruplarını ekler ve günceller. İstek gruplarının biçim değeri {sample1}, {sample2} veya {sample3} olabilir", + "Only groups matching the whitelist regex will be created, updated and deleted by the group claim. For example: {regex} allows all groups which ID starts with {substr}" : "Yalnızca izin verilenler listesi kurallı ifadesine uygun gruplar grup isteği tarafından oluşturulur, güncellenir ve silinir. Örneğin: {regex} ifadesi, kimliği {substr} ile başlayan tüm gruplara izin verir", + "This will create and update the users groups depending on the groups claim in the ID token. The Format of the groups claim value should be {sample1}, {sample2} or {sample3}" : "Bu seçenek, kimlik kodundaki grupların isteğine bağlı olarak kullanıcı gruplarını oluşturur ve günceller. İstek gruplarının biçim değeri {sample1}, {sample2} veya {sample3} olabilir", "Back to %s" : "%s sayfasına dön", "Domain" : "Etki alanı", "your.domain" : "etki.alaniniz" diff --git a/l10n/tr.json b/l10n/tr.json index eb94211fd..7273fae8a 100644 --- a/l10n/tr.json +++ b/l10n/tr.json @@ -103,15 +103,15 @@ "Use group provisioning." : "Grup hazırlama kullanılsın", "Group whitelist regex" : "Grup izin verilenler listesi kurallı ifadesi", "Restrict login for users that are not in any whitelisted group" : "İzin verilenler listesine alınmış herhangi bir grupta olmayan kullanıcıların oturum açması engellensin", - "Users that are not part of any whitelisted group are not created and can not login" : "İzin verilenler listesine alınmış herhangi bir grubun üyesi olmayan kullanıcılar eklenmez ve oturum açamaz", + "Users that are not part of any whitelisted group are not created and can not login" : "İzin verilenler listesine alınmış herhangi bir grubun üyesi olmayan kullanıcılar oluşturulmaz ve oturum açamaz", "Check Bearer token on API and WebDAV requests" : "API ve WebDAV isteklerinde Bearer kodu kontrol edilsin", "Do you want to allow API calls and WebDAV requests that are authenticated with an OIDC ID token or access token?" : "Bir OIDC kimlik kodu veya erişim kodu ile doğrulanmış API çağrılarına ve WebDAV isteğine izin verilsin mi?", "Auto provision user when accessing API and WebDAV with Bearer token" : "Bearer kodu ile API ve WebDAV erişiminde kullanıcı otomatik olarak yetkilendirilsin", "This automatically provisions the user, when sending API and WebDAV requests with a Bearer token. Auto provisioning and Bearer token check have to be activated for this to work." : "Bu seçenek, bir Bearer kodu ile API ve WebDAV istekleri gönderirken kullanıcıyı otomatik olarak yetkilendirir. Çalışması için otomatik yetkilendirme ve Bearer kodu denetiminin açılması gerekir.", "Send ID token hint on logout" : "Oturumu kapatıldığında kimlik kodu ipucu gönderilsin", "Should the ID token be included as the id_token_hint GET parameter in the OpenID logout URL? Users are redirected to this URL after logging out of Nextcloud. Enabling this setting exposes the OIDC ID token to the user agent, which may not be necessary depending on the OIDC provider." : "OpenID oturumu kapatma adresine id_token_hint GET parametresi olarak kimlik kodu eklensin mi? Kullanıcılar Nextcloud oturumlarını kapattıktan sonra bu adrese yönlendirilir. Bu ayarı açmak, OIDC kimlik kodunu kullanıcı uygulamasına sunar. Bu işlem OIDC hizmeti sağlayıcısına bağlı olarak gerekli olmayabilir.", - "Only groups matching the whitelist regex will be created, updated and deleted by the group claim. For example: {regex} allows all groups which ID starts with {substr}" : "Yalnızca izin verilenler listesi kurallı ifadesine uygun gruplar grup isteği tarafından eklenir, güncellenir ve silinir. Örneğin: {regex} ifadesi, kimliği {substr} ile başlayan tüm gruplara izin verir", - "This will create and update the users groups depending on the groups claim in the ID token. The Format of the groups claim value should be {sample1}, {sample2} or {sample3}" : "Bu seçenek, kimlik kodundaki grupların isteğine bağlı olarak kullanıcı gruplarını ekler ve günceller. İstek gruplarının biçim değeri {sample1}, {sample2} veya {sample3} olabilir", + "Only groups matching the whitelist regex will be created, updated and deleted by the group claim. For example: {regex} allows all groups which ID starts with {substr}" : "Yalnızca izin verilenler listesi kurallı ifadesine uygun gruplar grup isteği tarafından oluşturulur, güncellenir ve silinir. Örneğin: {regex} ifadesi, kimliği {substr} ile başlayan tüm gruplara izin verir", + "This will create and update the users groups depending on the groups claim in the ID token. The Format of the groups claim value should be {sample1}, {sample2} or {sample3}" : "Bu seçenek, kimlik kodundaki grupların isteğine bağlı olarak kullanıcı gruplarını oluşturur ve günceller. İstek gruplarının biçim değeri {sample1}, {sample2} veya {sample3} olabilir", "Back to %s" : "%s sayfasına dön", "Domain" : "Etki alanı", "your.domain" : "etki.alaniniz" From c7c7ed42d1d824285f36585f3ce0e369bfe8509f Mon Sep 17 00:00:00 2001 From: JATippit <11259172+JATippit@users.noreply.github.com> Date: Thu, 21 May 2026 22:48:08 -0400 Subject: [PATCH 11/15] Fixed Disable Other Login Methods command Fixed Disable Other Login Methods command. Missed a / Signed-off-by: JATippit <11259172+JATippit@users.noreply.github.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index fc315ea9d..10278f48f 100644 --- a/README.md +++ b/README.md @@ -215,7 +215,7 @@ login. Admins can still use the regular login through adding the `?direct=1` parameter to the login URL. ```bash -sudo -u www-data php var/www/nextcloud/occ config:app:set --type=string --value=0 user_oidc allow_multiple_user_backends +sudo -u www-data php /var/www/nextcloud/occ config:app:set --type=string --value=0 user_oidc allow_multiple_user_backends ``` ### PKCE From 43ee01121a1774acd4477a18242fb3f70d6f09f0 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sat, 9 May 2026 01:31:47 +0000 Subject: [PATCH 12/15] Chore(deps-dev): Bump fast-uri from 3.1.0 to 3.1.2 Bumps [fast-uri](https://github.com/fastify/fast-uri) from 3.1.0 to 3.1.2. - [Release notes](https://github.com/fastify/fast-uri/releases) - [Commits](https://github.com/fastify/fast-uri/compare/v3.1.0...v3.1.2) --- updated-dependencies: - dependency-name: fast-uri dependency-version: 3.1.2 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- package-lock.json | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/package-lock.json b/package-lock.json index ae06cb9e0..1188100af 100644 --- a/package-lock.json +++ b/package-lock.json @@ -8954,9 +8954,9 @@ "peer": true }, "node_modules/fast-uri": { - "version": "3.1.0", - "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.0.tgz", - "integrity": "sha512-iPeeDKJSWf4IEOasVVrknXpaBV0IApz/gp7S2bb7Z4Lljbl2MGJRqInZiUrQwV16cpzw/D3S5j5Julj/gT52AA==", + "version": "3.1.2", + "resolved": "https://registry.npmjs.org/fast-uri/-/fast-uri-3.1.2.tgz", + "integrity": "sha512-rVjf7ArG3LTk+FS6Yw81V1DLuZl1bRbNrev6Tmd/9RaroeeRRJhAt7jg/6YFxbvAQXUCavSoZhPPj6oOx+5KjQ==", "dev": true, "funding": [ { @@ -8967,8 +8967,7 @@ "type": "opencollective", "url": "https://opencollective.com/fastify" } - ], - "license": "BSD-3-Clause" + ] }, "node_modules/fast-xml-parser": { "version": "4.5.6", From b5b5855e3f36bd87dfe301dc3d5f7a61a2d2aac7 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 6 May 2026 17:19:05 +0000 Subject: [PATCH 13/15] Chore(deps): Bump phpseclib/phpseclib from 2.0.53 to 2.0.54 Bumps [phpseclib/phpseclib](https://github.com/phpseclib/phpseclib) from 2.0.53 to 2.0.54. - [Release notes](https://github.com/phpseclib/phpseclib/releases) - [Changelog](https://github.com/phpseclib/phpseclib/blob/master/CHANGELOG.md) - [Commits](https://github.com/phpseclib/phpseclib/compare/2.0.53...2.0.54) --- updated-dependencies: - dependency-name: phpseclib/phpseclib dependency-version: 2.0.54 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- composer.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/composer.lock b/composer.lock index e41e91796..535f95bc8 100644 --- a/composer.lock +++ b/composer.lock @@ -174,16 +174,16 @@ }, { "name": "phpseclib/phpseclib", - "version": "2.0.53", + "version": "2.0.54", "source": { "type": "git", "url": "https://github.com/phpseclib/phpseclib.git", - "reference": "2d1a664b940b9b8f367185307dc010d11a2790f3" + "reference": "a96a835067c39ee7a709329fe70869817da18081" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/2d1a664b940b9b8f367185307dc010d11a2790f3", - "reference": "2d1a664b940b9b8f367185307dc010d11a2790f3", + "url": "https://api.github.com/repos/phpseclib/phpseclib/zipball/a96a835067c39ee7a709329fe70869817da18081", + "reference": "a96a835067c39ee7a709329fe70869817da18081", "shasum": "" }, "require": { @@ -264,7 +264,7 @@ ], "support": { "issues": "https://github.com/phpseclib/phpseclib/issues", - "source": "https://github.com/phpseclib/phpseclib/tree/2.0.53" + "source": "https://github.com/phpseclib/phpseclib/tree/2.0.54" }, "funding": [ { @@ -280,7 +280,7 @@ "type": "tidelift" } ], - "time": "2026-04-10T01:30:02+00:00" + "time": "2026-04-27T06:59:24+00:00" } ], "packages-dev": [ From 2796cf5331a8da0f281ac2c7c6f8510aef471603 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 May 2026 10:02:24 +0000 Subject: [PATCH 14/15] Chore(deps): Bump postcss from 8.5.6 to 8.5.13 Bumps [postcss](https://github.com/postcss/postcss) from 8.5.6 to 8.5.13. - [Release notes](https://github.com/postcss/postcss/releases) - [Changelog](https://github.com/postcss/postcss/blob/main/CHANGELOG.md) - [Commits](https://github.com/postcss/postcss/compare/8.5.6...8.5.13) --- updated-dependencies: - dependency-name: postcss dependency-version: 8.5.13 dependency-type: indirect ... Signed-off-by: dependabot[bot] --- package-lock.json | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/package-lock.json b/package-lock.json index 1188100af..a1c8462ae 100644 --- a/package-lock.json +++ b/package-lock.json @@ -13191,9 +13191,9 @@ } }, "node_modules/postcss": { - "version": "8.5.6", - "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.6.tgz", - "integrity": "sha512-3Ybi1tAuwAP9s0r1UQ2J4n5Y0G05bJkpUIO0/bI9MhwmD70S5aTWbXGBwxHrelT+XM1k6dM0pk+SwNkpTRN7Pg==", + "version": "8.5.13", + "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.13.tgz", + "integrity": "sha512-qif0+jGGZoLWdHey3UFHHWP0H7Gbmsk8T5VEqyYFbWqPr1XqvLGBbk/sl8V5exGmcYJklJOhOQq1pV9IcsiFag==", "funding": [ { "type": "opencollective", @@ -13208,7 +13208,6 @@ "url": "https://github.com/sponsors/ai" } ], - "license": "MIT", "dependencies": { "nanoid": "^3.3.11", "picocolors": "^1.1.1", From 3160bb81dd0021b80ff2b3d1b20b9ec99d5a6485 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 4 May 2026 01:04:30 +0000 Subject: [PATCH 15/15] Chore(deps-dev): Bump symfony/event-dispatcher from 7.4.8 to 7.4.9 Bumps [symfony/event-dispatcher](https://github.com/symfony/event-dispatcher) from 7.4.8 to 7.4.9. - [Release notes](https://github.com/symfony/event-dispatcher/releases) - [Changelog](https://github.com/symfony/event-dispatcher/blob/8.1/CHANGELOG.md) - [Commits](https://github.com/symfony/event-dispatcher/compare/v7.4.8...v7.4.9) --- updated-dependencies: - dependency-name: symfony/event-dispatcher dependency-version: 7.4.9 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] --- composer.lock | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/composer.lock b/composer.lock index 535f95bc8..0bf30538e 100644 --- a/composer.lock +++ b/composer.lock @@ -2578,16 +2578,16 @@ }, { "name": "symfony/event-dispatcher", - "version": "v7.4.8", + "version": "v7.4.9", "source": { "type": "git", "url": "https://github.com/symfony/event-dispatcher.git", - "reference": "f57b899fa736fd71121168ef268f23c206083f0a" + "reference": "e4a2e29753c7801f7a8340e066cfa788f3bc8101" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/symfony/event-dispatcher/zipball/f57b899fa736fd71121168ef268f23c206083f0a", - "reference": "f57b899fa736fd71121168ef268f23c206083f0a", + "url": "https://api.github.com/repos/symfony/event-dispatcher/zipball/e4a2e29753c7801f7a8340e066cfa788f3bc8101", + "reference": "e4a2e29753c7801f7a8340e066cfa788f3bc8101", "shasum": "" }, "require": { @@ -2639,7 +2639,7 @@ "description": "Provides tools that allow your application components to communicate with each other by dispatching events and listening to them", "homepage": "https://symfony.com", "support": { - "source": "https://github.com/symfony/event-dispatcher/tree/v7.4.8" + "source": "https://github.com/symfony/event-dispatcher/tree/v7.4.9" }, "funding": [ { @@ -2659,7 +2659,7 @@ "type": "tidelift" } ], - "time": "2026-03-30T13:54:39+00:00" + "time": "2026-04-18T13:18:21+00:00" }, { "name": "symfony/event-dispatcher-contracts",