nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Côme Chilliet	20c6d1a7e9	feat: Improve init a bit, and add more profiling steps Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2025-05-13 16:08:49 +07:00
Joas Schilling	7964f338dc	fix(throttler): Remove the sleep from the throttler that throws The sleep is not adding benefit when it's being aborted with 429 in other cases anyway. Signed-off-by: Joas Schilling <coding@schilljs.com>	2025-05-02 11:27:29 +07:00
Josh	6951053c90	docs(dispatcher): Correct described return values Signed-off-by: Josh <josh.t.richards@gmail.com>	2025-04-23 22:43:03 +07:00
Côme Chilliet	92038229fa	fix: Remove support for app.php loading It has been deprecated for a long time, and the last known active application to use it (user_saml) is now migrated the modern API. Presence of the file is still checked in order to log an error. This behavior may be removed as well in a few versions. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2025-04-14 14:30:00 +07:00
Louis Chemineau	3bff9ee3e1	fix: Use login name to check the password Signed-off-by: Louis Chemineau <louis@chmn.me>	2025-04-02 15:50:05 +07:00
Côme Chilliet	c7037d7b38	fix: Move getAppInstalledVersions to AppConfig so that it can be used earlier Call it from OC_App to make sure there is only one request to DB. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2025-03-25 16:20:21 +07:00
Joas Schilling	c9aea8ffdf	fix(auth): Allow 2FA challenges for Ephemeral sessions Signed-off-by: Joas Schilling <coding@schilljs.com>	2025-03-18 09:52:51 +07:00
Louis Chemineau	a163fa08d0	fix(login): Properly target public page with attribute Signed-off-by: Louis Chemineau <louis@chmn.me>	2025-03-05 16:36:26 +07:00
Arthur Schiwon	42d752f767	Merge pull request #51116 from nextcloud/enh/noid/nullable-range feat(AppFramework): extend range check to optional parameters	2025-03-04 14:23:21 +07:00
Arthur Schiwon	6594d7d96d	feat(AppFramework): extend range check to optional parameters Now it also applies when a paramater is documtend with a pending \|null, but no further unionation is considered. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2025-02-27 19:49:04 +07:00
Louis Chemineau	47bd75a052	fix(login): Also check legacy annotation for ephemeral sessions Signed-off-by: Louis Chemineau <louis@chmn.me>	2025-02-27 13:12:55 +07:00
Louis	c7900de4f2	Merge pull request #51051 from nextcloud/artonge/fix/login_flow_v2_sessions_2 feat: Close sessions created for login flow v2	2025-02-27 08:52:00 +07:00
Louis Chemineau	c6293204a2	feat: Close sessions created for login flow v2 Sessions created during the login flow v2 should be short lived to not leave an unexpected opened session in the browser. This commit add a property to the session object to track its origin, and will close it as soon as possible, i.e., on the first non public page request. Signed-off-by: Louis Chemineau <louis@chmn.me>	2025-02-26 13:42:18 +07:00
Joas Schilling	095ab4419e	fix(l10n): Improve english source strings - No leading/trailing whitespace - Use asci single quote Signed-off-by: Joas Schilling <coding@schilljs.com>	2025-02-26 09:54:32 +07:00
Côme Chilliet	c1c59f9a6c	chore: Add missing star in phpdoc comment Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2025-02-17 15:26:23 +07:00
Côme Chilliet	fa108d5b54	fix: Correctly tag json encoding in BaseResponse to fix false-positive …in psalm taint analysis Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2025-02-17 15:26:22 +07:00
Joas Schilling	c1655bcde7	fix(ratelimit): Allow to bypass rate-limit from bruteforce allowlist Signed-off-by: Joas Schilling <coding@schilljs.com>	2025-01-27 12:46:15 +07:00
Elizabeth Danzberger	fdfeb7f265	feat(api): File conversion API Signed-off-by: Elizabeth Danzberger <lizzy7128@tutanota.de>	2025-01-15 16:38:18 +07:00
Maxence Lange	bd4a154d64	feat(lexicon): configurable default value Signed-off-by: Maxence Lange <maxence@artificial-owl.com>	2025-01-14 10:36:07 +07:00
provokateurin	7db694f534	fix(Http): Only allow valid HTTP status code values via template Signed-off-by: provokateurin <kate@provokateurin.de>	2025-01-07 15:45:30 +07:00
Maxence Lange	96586ba709	feat(config): implementation of lexicon Signed-off-by: Maxence Lange <maxence@artificial-owl.com>	2024-12-13 11:08:20 +07:00
Joas Schilling	dd101dd0f7	Merge pull request #49515 from nextcloud/bugfix/noid/boolean-false-in-multipart-form-data fix(controller): Fix false booleans in multipart/form-data	2024-11-28 14:46:16 +07:00
Joas Schilling	1909b981a4	fix(controller): Fix false booleans in multipart/form-data Signed-off-by: Joas Schilling <coding@schilljs.com>	2024-11-28 12:18:30 +07:00
Louis Chemineau	a2f2f7ce93	feat: Use inline password confirmation in external storage settings Signed-off-by: Louis Chemineau <louis@chmn.me>	2024-11-28 11:01:54 +07:00
provokateurin	dd0ed02b91	feat(Dispatcher): Add debug log for controller methods returning raw data not wrapped in Response Signed-off-by: provokateurin <kate@provokateurin.de>	2024-11-15 10:09:59 +07:00
skjnldsv	b15fdfd40e	chore(profile): move profile app from core to apps Signed-off-by: skjnldsv <skjnldsv@protonmail.com>	2024-11-14 10:25:02 +07:00
Arthur Schiwon	fdd24090ff	fix(Middleware): log deprecation when annotation was actually used Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2024-11-12 22:15:08 +07:00
Ferdinand Thiessen	a8f46af20f	chore: Add proper deprecation dates where missing Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-09-20 00:46:03 +07:00
provokateurin	9836e9b164	chore(deps): Update nextcloud/coding-standard to v1.3.1 Signed-off-by: provokateurin <kate@provokateurin.de>	2024-09-19 14:21:20 +07:00
Ferdinand Thiessen	fe05882628	chore!: Remove `OC\AppFramework\Logger` Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-09-19 00:32:25 +07:00
provokateurin	3d9b49815b	fix(BaseResponse): Cast XML element values to string Signed-off-by: provokateurin <kate@provokateurin.de>	2024-09-15 15:37:27 +07:00
Ferdinand Thiessen	deeccd12a3	chore: fix typo in `SameSiteCookieMiddleware` Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-08-31 00:34:45 +07:00
Ferdinand Thiessen	92f3f7e2d2	chore: Remove unused `CsrfTokenManager` from `CSPMiddleware` Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-08-31 00:34:41 +07:00
Daniel Kesselberg	af6de04e9e	style: update codestyle for coding-standard 1.2.3 Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2024-08-25 19:34:58 +07:00
Robin Appelman	8b60df1600	perf: delay getting (sub)admin status for user in the security middleware untill we need it Signed-off-by: Robin Appelman <robin@icewind.nl>	2024-08-23 15:26:40 +07:00
Ferdinand Thiessen	c82b17d0a3	fix: Support Safari mobile Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-08-21 13:01:23 +07:00
Holger Hees	73397cd759	fix: Use `CSP_NONCE` env variable in ContentSecurity Header We should use 'cspNonceManager' for requesting the NONCE value, because it is doing the same as before, except that it honors a CPS_NONCE environment variable if available. Signed-off-by: Holger Hees <holger.hees@gmail.com>	2024-08-13 09:52:08 +07:00
skjnldsv	db28aa8cd1	fix(files_sharing): show proper share not found error message Signed-off-by: skjnldsv <skjnldsv@protonmail.com>	2024-08-06 16:25:10 +07:00
provokateurin	9d1705259c	fix(AppFramework): Allow requests with OCS-APIRequest header to pass CSRF checks Signed-off-by: provokateurin <kate@provokateurin.de>	2024-07-25 17:31:49 +07:00
SebastianKrupinski	fc0b694d37	feat: mail provider backend Signed-off-by: SebastianKrupinski <krupinskis05@gmail.com>	2024-07-23 16:20:36 +07:00
Joas Schilling	047479ccf9	feat(security): Add public API to allow validating IP Ranges and checking for "in range" Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2024-07-19 16:28:03 +07:00
Benjamin Gaussorgues	202e5b1e95	feat(security): restrict admin actions to IP ranges Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2024-07-19 16:28:03 +07:00
Andrey Borysenko	40f820470a	chore: use "app_api" session key, "app_api_system" is deprecated Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>	2024-07-18 17:16:57 +07:00
Alexander Piskun	b7af6ec200	feat: allow for ExApps to call Admin endpoints marked with specific attr Signed-off-by: Alexander Piskun <bigcat88@icloud.com>	2024-07-18 15:11:39 +07:00
provokateurin	e5dcdfb9e0	feat(Security): Warn about using annotations instead of attributes Signed-off-by: provokateurin <kate@provokateurin.de>	2024-07-18 11:25:32 +07:00
Ferdinand Thiessen	a229723b8c	feat: Add new forbidden filename options to Capabilities Allow clients to access the new filename validation options and make frontend name validation possible. Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de> Co-authored-by: Kate <26026535+provokateurin@users.noreply.github.com> Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-07-11 13:31:54 +07:00
provokateurin	5aefdc399e	feat(AppFramework): Add ExAppRequired attribute Signed-off-by: provokateurin <kate@provokateurin.de>	2024-07-01 14:41:20 +07:00
Joas Schilling	0d383f1f66	fix(logger): Fix scoped PSR logger when running psalm:ci Signed-off-by: Joas Schilling <coding@schilljs.com>	2024-06-11 11:52:18 +07:00
Arthur Schiwon	f6d6efef3a	refactor(Token): introduce scope constants Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2024-06-05 19:01:14 +07:00
Arthur Schiwon	340939e688	fix(Session): avoid password confirmation on SSO SSO backends like SAML and OIDC tried a trick to suppress password confirmations as they are not possible by design. At least for SAML it was not reliable when existing user backends where used as user repositories. Now we are setting a special scope with the token, and also make sure that the scope is taken over when tokens are regenerated. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2024-06-05 19:01:13 +07:00

1 2 3 4 5 ...

582 Commits (20c6d1a7e93ef7bcf40eb64f896b64399efd7104)