sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
81,902 Commits
627 Branches
1167 Tags
9.1 GiB
Commit Graph

579 Commits (stable31)

Author SHA1 Message Date
Côme Chilliet 37b105eff9 feat(log): Add script name and occ command to log details 
This will help when troubleshooting issues. For web request we have
 method and url, but for cron and occ currently we have no way to know if
 it’s one or the other and which command.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-12-15 16:58:53 +07:00
Joas Schilling aa654dca44
fix(unified-search): Register config lexicon of core so the default is working 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-11-19 09:43:40 +07:00
Joas Schilling 6a60d9daf2
feat(rate-limit): Allow overwriting the rate limit 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-11-12 10:58:20 +07:00
Louis Chmn 41f3ec8d95 feat(EphemeralSessions): Introduce lax period 
Signed-off-by: Louis Chmn <louis@chmn.me>
 2025-11-06 10:24:45 +07:00
Joas Schilling 7c485aee3e fix(2fa): Fix 2FA session setup when ephemeral session is used 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-08-26 13:46:57 +07:00
Christoph Wurst 1c004d6b07 fix(session): log when ephemeral sessions are closed 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2025-08-01 10:49:57 +07:00
Louis Chemineau 81e70c99cb fix: Use login name to check the password 
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2025-04-02 17:21:19 +07:00
Joas Schilling 90fff7d6cc fix(auth): Allow 2FA challenges for Ephemeral sessions 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-03-18 09:16:58 +07:00
Louis Chemineau fb41438db1 fix(login): Properly target public page with attribute 
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2025-03-05 17:02:26 +07:00
Louis 4e7a3c1f9e
Merge pull request #51090 from nextcloud/backport/51051/stable31 
[stable31] feat: Close sessions created for login flow v2
 2025-03-03 12:28:48 +07:00
Louis Chemineau ab01b76a19
fix(login): Also check legacy annotation for ephemeral sessions 
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2025-03-03 11:00:29 +07:00
Louis Chemineau e840ee72b2 feat: Close sessions created for login flow v2 
Sessions created during the login flow v2 should be short lived to not leave an unexpected opened session in the browser.

This commit add a property to the session object to track its origin, and will close it as soon as possible, i.e., on the first non public page request.

Signed-off-by: Louis Chemineau <louis@chmn.me>
 2025-02-27 07:59:49 +07:00
Joas Schilling 1a60bca362 fix(l10n): Improve english source strings 
- No leading/trailing whitespace
- Use asci single quote

Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-02-26 13:08:49 +07:00
Joas Schilling 77fddb8f23 fix(ratelimit): Allow to bypass rate-limit from bruteforce allowlist 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-01-27 13:21:36 +07:00
Elizabeth Danzberger fdfeb7f265
feat(api): File conversion API 
Signed-off-by: Elizabeth Danzberger <lizzy7128@tutanota.de>
 2025-01-15 16:38:18 +07:00
Maxence Lange bd4a154d64 feat(lexicon): configurable default value 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2025-01-14 10:36:07 +07:00
provokateurin 7db694f534
fix(Http): Only allow valid HTTP status code values via template 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2025-01-07 15:45:30 +07:00
Maxence Lange 96586ba709 feat(config): implementation of lexicon 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2024-12-13 11:08:20 +07:00
Joas Schilling dd101dd0f7
Merge pull request #49515 from nextcloud/bugfix/noid/boolean-false-in-multipart-form-data 
fix(controller): Fix false booleans in multipart/form-data
 2024-11-28 14:46:16 +07:00
Joas Schilling 1909b981a4
fix(controller): Fix false booleans in multipart/form-data 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-11-28 12:18:30 +07:00
Louis Chemineau a2f2f7ce93
feat: Use inline password confirmation in external storage settings 
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2024-11-28 11:01:54 +07:00
provokateurin dd0ed02b91
feat(Dispatcher): Add debug log for controller methods returning raw data not wrapped in Response 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-11-15 10:09:59 +07:00
skjnldsv b15fdfd40e chore(profile): move profile app from core to apps 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2024-11-14 10:25:02 +07:00
Arthur Schiwon fdd24090ff
fix(Middleware): log deprecation when annotation was actually used 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-11-12 22:15:08 +07:00
Ferdinand Thiessen a8f46af20f
chore: Add proper deprecation dates where missing 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-09-20 00:46:03 +07:00
provokateurin 9836e9b164
chore(deps): Update nextcloud/coding-standard to v1.3.1 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-09-19 14:21:20 +07:00
Ferdinand Thiessen fe05882628
chore!: Remove `OC\AppFramework\Logger` 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-09-19 00:32:25 +07:00
provokateurin 3d9b49815b
fix(BaseResponse): Cast XML element values to string 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-09-15 15:37:27 +07:00
Ferdinand Thiessen deeccd12a3
chore: fix typo in `SameSiteCookieMiddleware` 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-31 00:34:45 +07:00
Ferdinand Thiessen 92f3f7e2d2
chore: Remove unused `CsrfTokenManager` from `CSPMiddleware` 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-31 00:34:41 +07:00
Daniel Kesselberg af6de04e9e
style: update codestyle for coding-standard 1.2.3 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2024-08-25 19:34:58 +07:00
Robin Appelman 8b60df1600
perf: delay getting (sub)admin status for user in the security middleware untill we need it 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2024-08-23 15:26:40 +07:00
Ferdinand Thiessen c82b17d0a3
fix: Support Safari mobile 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-21 13:01:23 +07:00
Holger Hees 73397cd759
fix: Use `CSP_NONCE` env variable in ContentSecurity Header 
We should use 'cspNonceManager' for requesting the NONCE value, because it is doing the same as before, except that it honors a CPS_NONCE environment variable if available.

Signed-off-by: Holger Hees <holger.hees@gmail.com>
 2024-08-13 09:52:08 +07:00
skjnldsv db28aa8cd1 fix(files_sharing): show proper share not found error message 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2024-08-06 16:25:10 +07:00
provokateurin 9d1705259c
fix(AppFramework): Allow requests with OCS-APIRequest header to pass CSRF checks 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-07-25 17:31:49 +07:00
SebastianKrupinski fc0b694d37 feat: mail provider backend 
Signed-off-by: SebastianKrupinski <krupinskis05@gmail.com>
 2024-07-23 16:20:36 +07:00
Joas Schilling 047479ccf9
feat(security): Add public API to allow validating IP Ranges and checking for "in range" 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-07-19 16:28:03 +07:00
Benjamin Gaussorgues 202e5b1e95
feat(security): restrict admin actions to IP ranges 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-07-19 16:28:03 +07:00
Andrey Borysenko 40f820470a
chore: use "app_api" session key, "app_api_system" is deprecated 
Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
 2024-07-18 17:16:57 +07:00
Alexander Piskun b7af6ec200
feat: allow for ExApps to call Admin endpoints marked with specific attr 
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
 2024-07-18 15:11:39 +07:00
provokateurin e5dcdfb9e0
feat(Security): Warn about using annotations instead of attributes 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-07-18 11:25:32 +07:00
Ferdinand Thiessen a229723b8c
feat: Add new forbidden filename options to Capabilities 
Allow clients to access the new filename validation options
and make frontend name validation possible.

Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de>
Co-authored-by: Kate <26026535+provokateurin@users.noreply.github.com>
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-07-11 13:31:54 +07:00
provokateurin 5aefdc399e
feat(AppFramework): Add ExAppRequired attribute 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-07-01 14:41:20 +07:00
Joas Schilling 0d383f1f66
fix(logger): Fix scoped PSR logger when running psalm:ci 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-06-11 11:52:18 +07:00
Arthur Schiwon f6d6efef3a
refactor(Token): introduce scope constants 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-06-05 19:01:14 +07:00
Arthur Schiwon 340939e688
fix(Session): avoid password confirmation on SSO 
SSO backends like SAML and OIDC tried a trick to suppress password
confirmations as they are not possible by design. At least for SAML it was
not reliable when existing user backends where used as user repositories.

Now we are setting a special scope with the token, and also make sure that
the scope is taken over when tokens are regenerated.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-06-05 19:01:13 +07:00
Andy Scherzinger dae7c159f7
chore: Add SPDX header 
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
 2024-05-24 13:11:22 +07:00
Marcel Klehr ec27c538b5 fix: address review comments 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-05-14 11:38:41 +07:00
Marcel Klehr 00894e2420 feat: first pass at TaskProcessing API 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-05-14 11:38:39 +07:00