nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Arthur Schiwon	4ec174197f	fix(Token): make new scope future compatible - "password-unconfirmable" is the effective name for 30, but a draft name was backported. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2024-06-12 11:25:35 +07:00
Arthur Schiwon	86a496d589	fix(Session): avoid password confirmation on SSO SSO backends like SAML and OIDC tried a trick to suppress password confirmations as they are not possible by design. At least for SAML it was not reliable when existing user backends where used as user repositories. Now we are setting a special scope with the token, and also make sure that the scope is taken over when tokens are regenerated. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2024-06-12 11:14:25 +07:00
Florian Klinger	ca655ba100	fix: add check for app_api_system session flag to bypass rate limit Signed-off-by: Florian Klinger <florian.klinger@nextcloud.com> Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>	2024-04-17 11:22:05 +07:00
Joas Schilling	aa5f037af7	chore: apply changes from Nextcloud coding standards 1.1.1 Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2023-11-23 10:36:13 +07:00
Joas Schilling	25309bcb45	techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25 Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-08-28 15:50:45 +07:00
Joas Schilling	1b387bb341	fix!: Remove legacy event dispatching Symfony's GenericEvent from AdditionalScripts Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-07-27 09:57:52 +07:00
Joas Schilling	3a6bc7aba2	fix(middleware): Also abort the request when reaching max delay in afterController Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-05-15 16:20:19 +07:00
Joas Schilling	ecb8b55c5c	feat(security): Add PHP \Attribute for remaining security annotations Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-04-25 14:50:32 +07:00
Joas Schilling	89c3c31402	feat(ratelimit): Add Attributes support to rate limit middleware Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-04-24 12:24:48 +07:00
Christoph Wurst	2c0cfd3772	feat(app-framework): Add native argument types for middleware Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-04-18 17:15:05 +07:00
Joas Schilling	2b49861679	Add a debug message when throttling without defining Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-03-08 12:09:22 +07:00
Joas Schilling	e839eb9b5c	feat(middleware): Migrate BruteForceProtection annotation to PHP Attribute and allow multiple Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-03-08 12:09:22 +07:00
Ferdinand Thiessen	f655f83c84	fix(CORS): CORS should only be bypassed on `PublicPage` if not logged in to prevent CSRF attack vectors Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>	2023-02-16 22:55:18 +07:00
Christoph Wurst	20e00cdf17	feat(app-framework): Add UseSession attribute to replace annotation Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-01-27 09:40:35 +07:00
Côme Chilliet	f5c361cf44	composer run cs:fix Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-01-20 11:45:08 +07:00
Julien Veyssier	4a3f3beb0b	use bruteforce protection on all methods wrapped by PublicShareMiddleware if an invalid token is provided or when share password is wrong Signed-off-by: Julien Veyssier <julien-nc@posteo.net>	2022-12-07 13:24:50 +07:00
Julius Härtl	64a7489958	Fix SessionMiddlewareTest and cover new case with reopening Signed-off-by: Julius Härtl <jus@bitgrid.net>	2022-08-24 10:36:57 +07:00
Joas Schilling	279e06a80f	Merge pull request #32587 from nextcloud/bugfix/noid/improve-jsconfighelper Improve JSConfigHelper code quality a bit	2022-05-31 10:29:30 +07:00
Joas Schilling	f9efc410fa	Restore old behaviour of sending flase for not found apps Signed-off-by: Joas Schilling <coding@schilljs.com>	2022-05-30 12:41:35 +07:00
Carl Schwan	b70c6a128f	Update core to PHP 7.4 standard - Typed properties - Port to LoggerInterface Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2022-05-20 22:18:06 +07:00
Joas Schilling	d078d53683	Fix tests Signed-off-by: Joas Schilling <coding@schilljs.com>	2022-02-23 11:01:58 +07:00
Carl Schwan	6312c0df69	Check style update Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2022-01-13 00:19:07 +07:00
Carl Schwan	6958d8005a	Add admin privilege delegation for admin settings This makes it possible for selected groups to access some settings pages. Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2021-09-29 21:43:31 +07:00
Christoph Wurst	6d5cfe0c66	Move DateTime::RFC2822 to DateTimeInterface::2822 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2021-06-23 15:30:43 +07:00
Christoph Wurst	770881d5d6	Move DateTime::ATOM to DateTimeInterface::ATOM Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2021-06-23 15:28:07 +07:00
Joas Schilling	181aab416a	Fix warnings about logException Signed-off-by: Joas Schilling <coding@schilljs.com>	2021-06-04 10:57:09 +07:00
Joas Schilling	b6c6527705	Fix unauthorized OCS status in provisioning Signed-off-by: Joas Schilling <coding@schilljs.com>	2021-05-12 08:16:07 +07:00
Christoph Wurst	99f0b10421	Merge pull request #26591 from nextcloud/techdebt/noid/less-ilogger Less ILogger	2021-04-27 15:38:12 +07:00
Joas Schilling	df47445c01	Fix unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>	2021-04-27 14:34:32 +07:00
Joas Schilling	174f4dd043	Fix ratelimit template Signed-off-by: Joas Schilling <coding@schilljs.com>	2021-04-27 13:55:34 +07:00
Roeland Jago Douma	cc744740b7	Remove deprecated \OCP\API Time to remove this forgood now. Remaining constant moved over The world is a tiny bit better Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2021-03-03 20:54:32 +07:00
Morris Jobke	f03bb4716b	Remove OCSResponse type hint - see #23827 Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2020-11-03 10:43:32 +07:00
Christoph Wurst	d9015a8c94	Format code to a single space around binary operators Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-10-05 20:25:24 +07:00
Joas Schilling	a9f22ac7b1	More test fixing Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-08-19 12:40:25 +07:00
Morris Jobke	234b510652	Change PHPDoc type hint from PHPUnit_Framework_MockObject_MockObject to \PHPUnit\Framework\MockObject\MockObject Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2020-08-12 13:55:19 +07:00
Roeland Jago Douma	7d7ba61625	Add real events to load additionalscripts Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2020-07-15 14:07:18 +07:00
Holger Hees	e70249e089	Update SecurityMiddleware.php OC::$WEBROOT can be empty in case if your nextcloud installation has no url prefix. This will result in an empty Location Header. in other areas OC::$WEBROOT is always used together with an /	2020-07-06 21:34:46 +07:00
Roeland Jago Douma	12fa748c49	Move the notmodified check to middleware where it belongs Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2020-05-13 08:11:24 +07:00
Roeland Jago Douma	203d7eb1d3	Add AppFramework GZip middleware to gzip responses Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2020-05-12 09:09:48 +07:00
Christoph Wurst	caff1023ea	Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-10 14:19:56 +07:00
Christoph Wurst	afbd9c4e6e	Unify function spacing to PSR2 recommendation Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-09 13:54:22 +07:00
Christoph Wurst	2a529e453a	Use a blank line after the opening tag Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-09 11:50:14 +07:00
Christoph Wurst	463b388589	Merge pull request #20170 from nextcloud/techdebt/remove-unused-imports Remove unused imports	2020-03-27 17:14:08 +07:00
Christoph Wurst	2ee65f177e	Use the shorter phpunit syntax for mocked return values Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-03-25 22:21:27 +07:00
Christoph Wurst	74936c49ea	Remove unused imports Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-03-25 22:08:08 +07:00
Roeland Jago Douma	3a7cf40aaa	Mode to modern phpunit Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-11-27 15:27:18 +07:00
Roeland Jago Douma	c007ca624f	Make phpunit8 compatible Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-11-27 13:34:41 +07:00
Roeland Jago Douma	68748d4f85	Some php-cs fixes * Order the imports * No leading slash on imports * Empty line before namespace * One line per import * Empty after imports * Emmpty line at bottom of file Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-11-22 20:52:10 +07:00
Roeland Jago Douma	3f12ec95f0	SessionMiddleware: declare session property * Remove request since we don't useit * Update tests as well Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-08-28 13:02:29 +07:00
Roeland Jago Douma	f81817b47d	Add tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-08-10 19:40:13 +07:00

1 2

100 Commits (stable28)