Temporary disabled the short cut again to solve issues with CalDAV/CardDAV
clients like DAVx5 that use cookies and need a session. See
https://github.com/nextcloud/server/issues/37277#issuecomment-1476366147
and the other comments for further information.
Signed-off-by: Joas Schilling <coding@schilljs.com>
- add 2 interfaces for discoverable and searchable reference providers
- new OCS route to get info on discoverable/searchable reference providers
- new abstract ADiscoverableReferenceProvider that only implements jsonSerialize
- listen to RenderReferenceEvent to inject provider list with initial state
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
If basic auth is used on WebDAV endpoints, we will not setup a session
by default but instead set a test cookie. Clients which handle session
cookies properly will send back the cookie then on the second request
and a session will be initialized which can be resued for
authentication.
Signed-off-by: Julius Härtl <jus@bitgrid.net>
- the events are not emitted anymore
- OC_Filesystem::isBlacklisted() is not called from anywhere else
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Sessions are a locking operation until we write close them, so close
them early and reopen later in case we want to write to them
Signed-off-by: Julius Härtl <jus@bitgrid.net>
This removes ambiguity with a 503 returned by app code, web server or
similar. Front-end and clients can then handle this state accordingly.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
If front-end or an application requests JSON/XML, there is no point in
redirecting to the default page if that response doesn't exist. In the
worst case that would just cause another request, therefore server load,
traffic and a response that is meaningless to the requester.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
current the `request` and `runtime` events overlap with the `init` event which makes it hard to create usefull visualizations.
this reorders things a bit to remove an overlap
Signed-off-by: Robin Appelman <robin@icewind.nl>
In the admin guide:
* https://docs.nextcloud.com/server/latest/admin_manual/configuration_files/big_file_upload_configuration.html
it is mentioned that you can tweek:
* max_input_time
* max_execution_time
in order to enable larger file uploads. However, the current codebase
will hard code these values to one hour, no matter what the user sets in
php.ini.
This patch will allow the user to set these settings in php.ini and they
will be respected, if and only if, they are set to something bigger than
3600 seconds.
Signed-off-by: Micke Nordin <kano@sunet.se>
It sends a 400 to the client, so I could even argue that it should be an error.
But currently as an admin, I'm quiet surprised that I get a 400 in the UI, and nothing in the log with the default level.
I saw this commit that explains the reason why info. But I disagree.
Feel free to close the PR if you don't agree with it.
Signed-off-by: Pierre Ozoux <pierre@ozoux.net>
Don't try to login when a client is trying to get a OAuth token.
OAuth needs to support basic auth too, so the login is not valid
inside Nextcloud and the Login exception would ruin it.
Signed-off-by: Joas Schilling <coding@schilljs.com>
Reduces calls to DI container by reusing already fetched dependencies.
For status.php it went from 355 to 344.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
During app installation we run migration steps. Those steps may use
services the app registers or classes from composer. Hence we have to
make sure the app runs through the registration.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Ref #14552
This adds a BeforeUserRemovedEvent to the LDAP backend because it was missing. It's not really before, but we don't have the before state.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
It's not used anyways and allowed to manipulate the state of the session. Also removed the code handling this.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Right now if you want to get events via the Node API you have to have a
real instance of the Root. Which in turns sets up the whole FS.
We should make sure this is done lazy. Else enabling the preview
generator for example makes you setup the whole FS on each and every
authenticated call.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.
This also removes and empty lines from method/function bodies at the
beginning and end.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
a listener to the post login events can still reject a login, so that a
user is not necessarily available at the time.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
Joas Schilling
Christoph Wurst
Julius Härtl
Joas Schilling
Anna Larch
Julien Veyssier
Côme Chilliet
Simon L
Arthur Schiwon
Andy Xheli
Christoph Wurst
Carl Schwan
Robin Appelman
Louis
Micke Nordin
Git'Fellow
Mikael Nordin
Pierre Ozoux
Louis Chemineau
John Molakvoæ (skjnldsv)
Valdnet
Daniel Rudolf
Gary Kim
J0WI
Roeland Jago Douma
Morris Jobke
Daniel Kesselberg
Roeland Jago Douma
John Molakvoæ
Jose Quinteiro