nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Joas Schilling	ce583cb67b	techdebt(Middleware): Add more specific array types so its clickable in IDEs Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-11-30 12:27:08 +07:00
Joas Schilling	aa5f037af7	chore: apply changes from Nextcloud coding standards 1.1.1 Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2023-11-23 10:36:13 +07:00
Alexander Piskun	0b8a3b578d	fixed Drone test Signed-off-by: Alexander Piskun <bigcat88@icloud.com>	2023-10-06 13:46:37 +07:00
Alexander Piskun	f16c9f42c6	added CORS skip if session was created by AppAPI Signed-off-by: Alexander Piskun <bigcat88@icloud.com>	2023-10-02 11:08:21 +07:00
Christoph Wurst	e477bb7eaf	feat(appframework): Expose programmatic rate limiter Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-09-20 20:25:27 +07:00
Joas Schilling	25309bcb45	techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25 Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-08-28 15:50:45 +07:00
Joas Schilling	381c35080d	fix(middleware): Fix header injection for bruteforce middleware Calling setHeaders(getHeaders()) breaks the CSP nonce for unknown reasons So shifting back to old standard practise for now Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-08-22 16:00:39 +07:00
Joas Schilling	2f06f2355d	feat: Add a header which signals that the request was throttled Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-08-21 16:36:04 +07:00
Robin Appelman	ccf57e0715	add separate event for rendering login page template Signed-off-by: Robin Appelman <robin@icewind.nl>	2023-08-17 10:57:56 +07:00
jld3103	12f8543815	Rewrite OCS CSRF check to be readable Signed-off-by: jld3103 <jld3103yt@gmail.com>	2023-08-16 15:52:36 +07:00
Joas Schilling	1b387bb341	fix!: Remove legacy event dispatching Symfony's GenericEvent from AdditionalScripts Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-07-27 09:57:52 +07:00
Robin Appelman	9f1d497a0b	Merge pull request #38261 from fsamapoor/replace_strpos_calls_in_lib_private Refactors "strpos" calls in lib/private to improve code readability.	2023-06-01 23:10:00 +07:00
Joas Schilling	3a6bc7aba2	fix(middleware): Also abort the request when reaching max delay in afterController Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-05-15 16:20:19 +07:00
Faraz Samapoor	e7cc7653b8	Refactors "strpos" calls in lib/private to improve code readability. Signed-off-by: Faraz Samapoor <fsamapoor@gmail.com>	2023-05-15 15:17:19 +07:00
Joas Schilling	ecb8b55c5c	feat(security): Add PHP \Attribute for remaining security annotations Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-04-25 14:50:32 +07:00
Joas Schilling	89c3c31402	feat(ratelimit): Add Attributes support to rate limit middleware Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-04-24 12:24:48 +07:00
Christoph Wurst	a06898a2d0	fix(security)!: Use consistent HTTP status for strict cookie checks Before: 503/412 Now: 412 + json body explaining the error Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-04-17 16:06:37 +07:00
Joas Schilling	2b49861679	Add a debug message when throttling without defining Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-03-08 12:09:22 +07:00
Joas Schilling	e839eb9b5c	feat(middleware): Migrate BruteForceProtection annotation to PHP Attribute and allow multiple Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-03-08 12:09:22 +07:00
Ferdinand Thiessen	f655f83c84	fix(CORS): CORS should only be bypassed on `PublicPage` if not logged in to prevent CSRF attack vectors Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>	2023-02-16 22:55:18 +07:00
Christoph Wurst	20e00cdf17	feat(app-framework): Add UseSession attribute to replace annotation Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-01-27 09:40:35 +07:00
Côme Chilliet	f5c361cf44	composer run cs:fix Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-01-20 11:45:08 +07:00
Julien Veyssier	4a3f3beb0b	use bruteforce protection on all methods wrapped by PublicShareMiddleware if an invalid token is provided or when share password is wrong Signed-off-by: Julien Veyssier <julien-nc@posteo.net>	2022-12-07 13:24:50 +07:00
Jonas Rittershofer	c8b7a233a5	Allow CSRF on CORS routes Co-authored-by: Julius Härtl <jus@bitgrid.net> Co-authored-by: Andreas Brinner <andreas@everlanes.net> Signed-off-by: Jonas Rittershofer <jotoeri@users.noreply.github.com>	2022-09-21 10:42:00 +07:00
Julius Härtl	9b4b72826a	Reopen sessions if we need to write to them instead of keeping them open Sessions are a locking operation until we write close them, so close them early and reopen later in case we want to write to them Signed-off-by: Julius Härtl <jus@bitgrid.net>	2022-08-17 12:10:26 +07:00
luz paz	368f83095d	Fix typos in lib/private subdirectory Found via `codespell -q 3 -S l10n -L jus ./lib/private` Signed-off-by: luz paz <luzpaz@github.com>	2022-07-27 08:52:17 +07:00
Carl Schwan	b70c6a128f	Update core to PHP 7.4 standard - Typed properties - Port to LoggerInterface Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2022-05-20 22:18:06 +07:00
Vincent Petry	80388663af	Add direct arg to login flow Signed-off-by: Vincent Petry <vincent@nextcloud.com> Co-Authored-by: Carl Schwan <carl@carlschwan.eu>	2022-03-28 10:28:45 +07:00
Carl Schwan	6312c0df69	Check style update Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2022-01-13 00:19:07 +07:00
Julius Härtl	61dd1d3d97	Pass username prefill through unauthenticated request redirects Signed-off-by: Julius Härtl <jus@bitgrid.net>	2021-12-29 11:52:31 +07:00
Carl Schwan	6958d8005a	Add admin privilege delegation for admin settings This makes it possible for selected groups to access some settings pages. Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2021-09-29 21:43:31 +07:00
Christoph Wurst	6d5cfe0c66	Move DateTime::RFC2822 to DateTimeInterface::2822 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2021-06-23 15:30:43 +07:00
John Molakvoæ (skjnldsv)	215aef3cbd	Update php licenses Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	2021-06-04 22:02:41 +07:00
korelstar	b38e8678e4	fix error when using CORS with no auth credentials	2021-05-18 07:11:10 +07:00
Joas Schilling	b6c6527705	Fix unauthorized OCS status in provisioning Signed-off-by: Joas Schilling <coding@schilljs.com>	2021-05-12 08:16:07 +07:00
Christoph Wurst	99f0b10421	Merge pull request #26591 from nextcloud/techdebt/noid/less-ilogger Less ILogger	2021-04-27 15:38:12 +07:00
Joas Schilling	56ae87c281	Less ILogger Signed-off-by: Joas Schilling <coding@schilljs.com>	2021-04-27 14:34:32 +07:00
Joas Schilling	174f4dd043	Fix ratelimit template Signed-off-by: Joas Schilling <coding@schilljs.com>	2021-04-27 13:55:34 +07:00
Roeland Jago Douma	cc744740b7	Remove deprecated \OCP\API Time to remove this forgood now. Remaining constant moved over The world is a tiny bit better Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2021-03-03 20:54:32 +07:00
Christoph Wurst	d9015a8c94	Format code to a single space around binary operators Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-10-05 20:25:24 +07:00
Julius Härtl	8ab2422b6c	Add acutal response to BeforeTemplateRenderedEvent Signed-off-by: Julius Härtl <jus@bitgrid.net>	2020-09-24 20:00:23 +07:00
Christoph Wurst	2a054e6c04	Update the license headers for Nextcloud 20 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-08-24 14:54:25 +07:00
Joas Schilling	35a8519591	Fix CS Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-08-19 11:20:36 +07:00
Joas Schilling	e66bc4a8a7	Send "429 Too Many Requests" in case of brute force protection Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-08-19 11:20:35 +07:00
Julius Härtl	e1b696929f	Move NotFoundResponse to a proper TemplateResponse Signed-off-by: Julius Härtl <jus@bitgrid.net>	2020-07-24 08:58:14 +07:00
Roeland Jago Douma	7d7ba61625	Add real events to load additionalscripts Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2020-07-15 14:07:18 +07:00
Holger Hees	e70249e089	Update SecurityMiddleware.php OC::$WEBROOT can be empty in case if your nextcloud installation has no url prefix. This will result in an empty Location Header. in other areas OC::$WEBROOT is always used together with an /	2020-07-06 21:34:46 +07:00
Morris Jobke	4e49e1da16	Allow TemplateResponse to be compressed Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2020-05-15 08:38:39 +07:00
Roeland Jago Douma	12fa748c49	Move the notmodified check to middleware where it belongs Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2020-05-13 08:11:24 +07:00
Roeland Jago Douma	203d7eb1d3	Add AppFramework GZip middleware to gzip responses Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2020-05-12 09:09:48 +07:00

1 2 3

137 Commits (8904bf645b30fbdfdcb00a2ea607d752ee69d865)