feature: Add support for V3 flow in registration process

[Rello]

Background

• The existing Simple-Signup-Process relied on the internal QTWebEngine. This is not available as of macOS sandboxing anymore.
• Additionally, the QTWebEngine accounted for 50% of the whole desktop client (download & install size)

Overview

• The Simple-Signup-Process now opens nextcloud.com with the default browser and adds a flow=V3 url parameter
• This parameter is forwarded from the website (nextcloud-register) to the website backend (nextcloud-theme) and then to the Nextcloud of the provider (prefered_providers)
• The existing flow based on ocsapirequest (old desktop clients & mobile clients) is not touched. In this case, the Nextcloud will return a nc://login/server:{server}&user:{email}&password:{appPassword} response
• When a request arrives with flow=V3, the user is logged in in the webUI and additionally, a nc://login/server:{server} response is triggered
• This response will trigger the existing V2 flow in the client and jump to the "grant access" section right away, without the user needing to perform any additional action

Changes to desktop

• Added a central nc:// URI dispatcher for routing supported actions.
• Kept existing local edit handling under nc://open/....
• Added quick login handling for nc://login/server:{server}
• The login URI now starts the Flow v2 account login directly with the supplied server URL.
• Added validation for malformed or unsupported URI actions so they are rejected before falling through to local-edit handling.
• Added parser coverage for valid login URLs, invalid login URLs, local-edit URLs, and unsupported actions.
• Added macOS URI dispatch logging to make it visible when an nc:// URL reaches the client.
• Updated the setup wizard so an incoming login URI restarts an already-open wizard into the Flow v2 login page instead of only raising the existing window.
• Fixed the provider signup waiting page text so the status text wraps within the available window width.

Dependent PRs:

• Website: prefered_providers
• Website backend nextcloud-theme
• Nextcloud: nextcloud-register
• Desktop: client

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 88a7b6fdb7

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

Preserve legacy OCS flag semantics in password flow

Casting $ocs to a string here changes the existing /password/set/{email}/{token}/{ocs} behavior from a boolean “presence flag” to a value-sensitive flag, but submitPassword() still only triggers client login when ocsapirequest === '1'. As a result, legacy links that use a non-'1' segment (for example the historical ocsapirequest token) will no longer redirect to nc://login/... after password submission and will fall back to web login instead.

Useful? React with 👍 / 👎.

[chatgpt-codex-connector]

Escape flow value before embedding in hidden input

This prints $_['flow'] unescaped into an HTML attribute. The value originates from the public route segment /password/set/{email}/{token}/flow/{flow} and can be attacker-controlled for a valid token URL, so crafted values containing quotes can break out of value="..." and inject markup/script into the page.

Useful? React with 👍 / 👎.

[Rello]

@skjnldsv
A video is attached to the client PR. As this is a coordinated change, I am requesting the individual approvals in each app repo. Marketing and design approval will be done in the client PR