4829ac57c1
fix: use `OCP\Server`
...
Signed-off-by: John Molakvoæ <skjnldsv@users.noreply.github.com>
2025-08-01 17:00:09 +07:00
14b4d0327e
fix(AppFramework): Log malformed protocol values and unify fallback behavior
...
Signed-off-by: Josh <josh.t.richards@gmail.com>
2025-08-01 17:00:09 +07:00
ab310ce938
fix: Fix issues and tests in DIContainer and friends
...
Some tests related to MiddlewareDispatcher are still failing.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-07-08 13:32:14 +07:00
aa15f9d16d
chore: run rector
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2025-07-01 22:45:52 +07:00
5981b7eb51
chore: apply new CSFixer rules
...
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
# Conflicts:
# apps/settings/lib/SetupChecks/PhpOpcacheSetup.php
2025-07-01 16:26:50 +07:00
3561937816
chore: run rector on tests with new rule
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2025-06-12 18:38:29 +07:00
29e39c0a2e
chore: run rector on tests
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2025-06-12 18:31:58 +07:00
be587def0e
fix: use correct format for expires, last-modified, and if-modified-since headers
...
Before: Sat, 10 May 2025 18:17:41 +0000
After: Sat, 10 May 2025 18:17:41 GMT
RFC: https://httpwg.org/specs/rfc9110.html#http.date
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2025-06-10 13:15:31 +07:00
a10182f6fb
fix(tests): Force lazy ghost initialisation in container tests
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2025-06-05 20:51:23 +07:00
e4ed062d68
fix(RouteParser): bail out if method name contains hashtag
...
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2025-05-15 13:57:14 +07:00
63ba61487b
chore(AppFramework): Remove unused RouteConfig class and migrate tests to RouteParser
...
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2025-05-15 13:57:14 +07:00
5f9117b939
test: Fix coding standards
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2025-05-15 08:48:13 +07:00
720ab52e07
test: Fix tests/lib/App*
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2025-05-15 08:21:24 +07:00
53b116b8a5
test: Remove more withConsecutive
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2025-05-15 08:18:26 +07:00
522be60ff0
fix(phpunit): Remove some more withConsecutive calls
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2025-03-31 09:43:22 +07:00
6594d7d96d
feat(AppFramework): extend range check to optional parameters
...
Now it also applies when a paramater is documtend with a pending |null,
but no further unionation is considered.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2025-02-27 19:49:04 +07:00
ae2cc23658
fix: Change UserAgent to *cloud
...
Co-authored-by: Daniel Kesselberg <mail@danielkesselberg.de>
Signed-off-by: Johannes Endres <je@johannes-endres.de>
2025-02-19 18:51:08 +07:00
c1655bcde7
fix(ratelimit): Allow to bypass rate-limit from bruteforce allowlist
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2025-01-27 12:46:15 +07:00
dd101dd0f7
Merge pull request #49515 from nextcloud/bugfix/noid/boolean-false-in-multipart-form-data
...
fix(controller): Fix false booleans in multipart/form-data
2024-11-28 14:46:16 +07:00
1909b981a4
fix(controller): Fix false booleans in multipart/form-data
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2024-11-28 12:18:30 +07:00
512f3caf57
test:(PasswordConfirmationMiddleware): Fix constructor call
...
Signed-off-by: Louis Chemineau <louis@chmn.me>
2024-11-28 11:05:10 +07:00
54c3aa3f99
fix(entity): Fix mapping of old/sub-types to actually supported database types
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2024-10-23 09:22:05 +07:00
db94e10af0
fix: Prevent breaking change in IQueryBuilder
...
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-10-17 18:31:44 +07:00
ee02e3246d
feat(AppFramework): Add full support for date / time / datetime columns
...
This adds support for all Doctrine supported types, for the column types only the immutable variants needed to be added.
But especially those types are the important ones, as our **Entity** class works by detecting changes through setters.
Meaning if it is mutable, changes like `$entity->date->modfiy()` can not be detected, so the immutable types make more sense here.
Similar the parameter types needed to be added.
`Enity` and `QBMapper` needed to be adjusted so they support (auto map) those types, required when insert or update an entity.
Also added more tests, especially to make sure the mapper really serializes the values correctly.
Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de>
Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-10-17 18:31:42 +07:00
9836e9b164
chore(deps): Update nextcloud/coding-standard to v1.3.1
...
Signed-off-by: provokateurin <kate@provokateurin.de>
2024-09-19 14:21:20 +07:00
8a32881633
Merge pull request #48008 from nextcloud/fix/entity/strict-types
2024-09-16 11:08:35 +07:00
d46f271b1f
Merge pull request #48049 from nextcloud/refactor/void-tests
...
refactor: Add void return type to PHPUnit test methods
2024-09-16 00:11:41 +07:00
49dd79eabb
refactor: Add void return type to PHPUnit test methods
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2024-09-15 22:32:31 +07:00
1ee833efab
refactor: Replace __CLASS__ with ::class references
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2024-09-15 21:40:55 +07:00
247b1dd70e
fix(Entity): Fix magic setter call for custom strong typed setters
...
Signed-off-by: provokateurin <kate@provokateurin.de>
2024-09-15 15:14:54 +07:00
359bbce3af
chore: Adapt tests to OC_API refactoring
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2024-09-09 10:46:29 +07:00
4d2556d4cf
refactor(IMenuAction): Make public menu actions use the new Vue UI
...
This removes custom rendering code an replaces it with the declarative menu actions.
Also adjust the template to allow the Vue UI to mount.
Custom entries still are possible.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-09-03 16:07:49 +07:00
92f3f7e2d2
chore: Remove unused `CsrfTokenManager` from `CSPMiddleware`
...
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-08-31 00:34:41 +07:00
af6de04e9e
style: update codestyle for coding-standard 1.2.3
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2024-08-25 19:34:58 +07:00
8b60df1600
perf: delay getting (sub)admin status for user in the security middleware untill we need it
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2024-08-23 15:26:40 +07:00
2916e5df7e
feat: Provide CSP nonce as `<meta>` element
...
This way we use the CSP nonce for dynamically loaded scripts.
Important to notice: The CSP nonce must NOT be injected in `content` as
this can lead to value exfiltration using e.g. side-channel attacts (CSS selectors).
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-08-13 10:32:44 +07:00
009761be58
test: Adjust tests for CSP nonce
...
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-08-13 10:06:32 +07:00
db28aa8cd1
fix(files_sharing): show proper share not found error message
...
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
2024-08-06 16:25:10 +07:00
9d1705259c
fix(AppFramework): Allow requests with OCS-APIRequest header to pass CSRF checks
...
Signed-off-by: provokateurin <kate@provokateurin.de>
2024-07-25 17:31:49 +07:00
047479ccf9
feat(security): Add public API to allow validating IP Ranges and checking for "in range"
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2024-07-19 16:28:03 +07:00
202e5b1e95
feat(security): restrict admin actions to IP ranges
...
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2024-07-19 16:28:03 +07:00
e5dcdfb9e0
feat(Security): Warn about using annotations instead of attributes
...
Signed-off-by: provokateurin <kate@provokateurin.de>
2024-07-18 11:25:32 +07:00
5aefdc399e
feat(AppFramework): Add ExAppRequired attribute
...
Signed-off-by: provokateurin <kate@provokateurin.de>
2024-07-01 14:41:20 +07:00
f6d6efef3a
refactor(Token): introduce scope constants
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2024-06-05 19:01:14 +07:00
340939e688
fix(Session): avoid password confirmation on SSO
...
SSO backends like SAML and OIDC tried a trick to suppress password
confirmations as they are not possible by design. At least for SAML it was
not reliable when existing user backends where used as user repositories.
Now we are setting a special scope with the token, and also make sure that
the scope is taken over when tokens are regenerated.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2024-06-05 19:01:13 +07:00
1f7e2ba599
chore: Add SPDX header
...
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
2024-05-13 17:41:36 +07:00
a0be3ffdf2
fix: Fix tests following OC_App migrations to IAppManager
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2024-04-22 12:21:55 +07:00
f3a4abd98c
fix: add check for app_api_system session flag to bypass rate limit
...
Signed-off-by: Florian Klinger <florian.klinger@nextcloud.com>
Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
2024-03-18 20:09:15 +07:00
747aeded9d
fix xml ocs response for serializable objects
...
Signed-off-by: sualko <klaus@jsxc.org>
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
2024-02-23 14:49:22 +07:00
9ed3ab7d87
test(request): Add tests to strip the port when forwarding requests
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2024-02-13 16:51:13 +07:00
John Molakvoæ
Josh
Côme Chilliet
Robin Appelman
Ferdinand Thiessen
Daniel Kesselberg
provokateurin
Joas Schilling
Arthur Schiwon
Johannes Endres
Joas Schilling
Louis Chemineau
Kate
Anna
Christoph Wurst
skjnldsv
Benjamin Gaussorgues
Andy Scherzinger
Florian Klinger
Klaus