nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Robin Appelman	aa15f9d16d	chore: run rector Signed-off-by: Robin Appelman <robin@icewind.nl>	2025-07-01 22:45:52 +07:00
Ferdinand Thiessen	5981b7eb51	chore: apply new CSFixer rules Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de> # Conflicts: # apps/settings/lib/SetupChecks/PhpOpcacheSetup.php	2025-07-01 16:26:50 +07:00
Robin Appelman	3561937816	chore: run rector on tests with new rule Signed-off-by: Robin Appelman <robin@icewind.nl>	2025-06-12 18:38:29 +07:00
Robin Appelman	29e39c0a2e	chore: run rector on tests Signed-off-by: Robin Appelman <robin@icewind.nl>	2025-06-12 18:31:58 +07:00
Daniel Kesselberg	be587def0e	fix: use correct format for expires, last-modified, and if-modified-since headers Before: Sat, 10 May 2025 18:17:41 +0000 After: Sat, 10 May 2025 18:17:41 GMT RFC: https://httpwg.org/specs/rfc9110.html#http.date Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2025-06-10 13:15:31 +07:00
Joas Schilling	5f9117b939	test: Fix coding standards Signed-off-by: Joas Schilling <coding@schilljs.com>	2025-05-15 08:48:13 +07:00
Joas Schilling	720ab52e07	test: Fix tests/lib/App* Signed-off-by: Joas Schilling <coding@schilljs.com>	2025-05-15 08:21:24 +07:00
Joas Schilling	53b116b8a5	test: Remove more withConsecutive Signed-off-by: Joas Schilling <coding@schilljs.com>	2025-05-15 08:18:26 +07:00
Joas Schilling	c1655bcde7	fix(ratelimit): Allow to bypass rate-limit from bruteforce allowlist Signed-off-by: Joas Schilling <coding@schilljs.com>	2025-01-27 12:46:15 +07:00
Louis Chemineau	512f3caf57	test:(PasswordConfirmationMiddleware): Fix constructor call Signed-off-by: Louis Chemineau <louis@chmn.me>	2024-11-28 11:05:10 +07:00
Christoph Wurst	49dd79eabb	refactor: Add void return type to PHPUnit test methods Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2024-09-15 22:32:31 +07:00
Ferdinand Thiessen	92f3f7e2d2	chore: Remove unused `CsrfTokenManager` from `CSPMiddleware` Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-08-31 00:34:41 +07:00
Daniel Kesselberg	af6de04e9e	style: update codestyle for coding-standard 1.2.3 Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2024-08-25 19:34:58 +07:00
Robin Appelman	8b60df1600	perf: delay getting (sub)admin status for user in the security middleware untill we need it Signed-off-by: Robin Appelman <robin@icewind.nl>	2024-08-23 15:26:40 +07:00
Ferdinand Thiessen	2916e5df7e	feat: Provide CSP nonce as `<meta>` element This way we use the CSP nonce for dynamically loaded scripts. Important to notice: The CSP nonce must NOT be injected in `content` as this can lead to value exfiltration using e.g. side-channel attacts (CSS selectors). Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-08-13 10:32:44 +07:00
Ferdinand Thiessen	009761be58	test: Adjust tests for CSP nonce Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-08-13 10:06:32 +07:00
skjnldsv	db28aa8cd1	fix(files_sharing): show proper share not found error message Signed-off-by: skjnldsv <skjnldsv@protonmail.com>	2024-08-06 16:25:10 +07:00
Joas Schilling	047479ccf9	feat(security): Add public API to allow validating IP Ranges and checking for "in range" Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2024-07-19 16:28:03 +07:00
Benjamin Gaussorgues	202e5b1e95	feat(security): restrict admin actions to IP ranges Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2024-07-19 16:28:03 +07:00
provokateurin	e5dcdfb9e0	feat(Security): Warn about using annotations instead of attributes Signed-off-by: provokateurin <kate@provokateurin.de>	2024-07-18 11:25:32 +07:00
provokateurin	5aefdc399e	feat(AppFramework): Add ExAppRequired attribute Signed-off-by: provokateurin <kate@provokateurin.de>	2024-07-01 14:41:20 +07:00
Arthur Schiwon	f6d6efef3a	refactor(Token): introduce scope constants Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2024-06-05 19:01:14 +07:00
Arthur Schiwon	340939e688	fix(Session): avoid password confirmation on SSO SSO backends like SAML and OIDC tried a trick to suppress password confirmations as they are not possible by design. At least for SAML it was not reliable when existing user backends where used as user repositories. Now we are setting a special scope with the token, and also make sure that the scope is taken over when tokens are regenerated. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2024-06-05 19:01:13 +07:00
Andy Scherzinger	1f7e2ba599	chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>	2024-05-13 17:41:36 +07:00
Florian Klinger	f3a4abd98c	fix: add check for app_api_system session flag to bypass rate limit Signed-off-by: Florian Klinger <florian.klinger@nextcloud.com> Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>	2024-03-18 20:09:15 +07:00
Joas Schilling	aa5f037af7	chore: apply changes from Nextcloud coding standards 1.1.1 Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2023-11-23 10:36:13 +07:00
Joas Schilling	25309bcb45	techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25 Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-08-28 15:50:45 +07:00
Joas Schilling	1b387bb341	fix!: Remove legacy event dispatching Symfony's GenericEvent from AdditionalScripts Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-07-27 09:57:52 +07:00
Joas Schilling	3a6bc7aba2	fix(middleware): Also abort the request when reaching max delay in afterController Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-05-15 16:20:19 +07:00
Joas Schilling	ecb8b55c5c	feat(security): Add PHP \Attribute for remaining security annotations Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-04-25 14:50:32 +07:00
Joas Schilling	89c3c31402	feat(ratelimit): Add Attributes support to rate limit middleware Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-04-24 12:24:48 +07:00
Christoph Wurst	2c0cfd3772	feat(app-framework): Add native argument types for middleware Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-04-18 17:15:05 +07:00
Joas Schilling	2b49861679	Add a debug message when throttling without defining Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-03-08 12:09:22 +07:00
Joas Schilling	e839eb9b5c	feat(middleware): Migrate BruteForceProtection annotation to PHP Attribute and allow multiple Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-03-08 12:09:22 +07:00
Ferdinand Thiessen	f655f83c84	fix(CORS): CORS should only be bypassed on `PublicPage` if not logged in to prevent CSRF attack vectors Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>	2023-02-16 22:55:18 +07:00
Christoph Wurst	20e00cdf17	feat(app-framework): Add UseSession attribute to replace annotation Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-01-27 09:40:35 +07:00
Côme Chilliet	f5c361cf44	composer run cs:fix Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-01-20 11:45:08 +07:00
Julien Veyssier	4a3f3beb0b	use bruteforce protection on all methods wrapped by PublicShareMiddleware if an invalid token is provided or when share password is wrong Signed-off-by: Julien Veyssier <julien-nc@posteo.net>	2022-12-07 13:24:50 +07:00
Julius Härtl	64a7489958	Fix SessionMiddlewareTest and cover new case with reopening Signed-off-by: Julius Härtl <jus@bitgrid.net>	2022-08-24 10:36:57 +07:00
Joas Schilling	279e06a80f	Merge pull request #32587 from nextcloud/bugfix/noid/improve-jsconfighelper Improve JSConfigHelper code quality a bit	2022-05-31 10:29:30 +07:00
Joas Schilling	f9efc410fa	Restore old behaviour of sending flase for not found apps Signed-off-by: Joas Schilling <coding@schilljs.com>	2022-05-30 12:41:35 +07:00
Carl Schwan	b70c6a128f	Update core to PHP 7.4 standard - Typed properties - Port to LoggerInterface Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2022-05-20 22:18:06 +07:00
Joas Schilling	d078d53683	Fix tests Signed-off-by: Joas Schilling <coding@schilljs.com>	2022-02-23 11:01:58 +07:00
Carl Schwan	6312c0df69	Check style update Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2022-01-13 00:19:07 +07:00
Carl Schwan	6958d8005a	Add admin privilege delegation for admin settings This makes it possible for selected groups to access some settings pages. Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2021-09-29 21:43:31 +07:00
Christoph Wurst	6d5cfe0c66	Move DateTime::RFC2822 to DateTimeInterface::2822 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2021-06-23 15:30:43 +07:00
Christoph Wurst	770881d5d6	Move DateTime::ATOM to DateTimeInterface::ATOM Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2021-06-23 15:28:07 +07:00
Joas Schilling	181aab416a	Fix warnings about logException Signed-off-by: Joas Schilling <coding@schilljs.com>	2021-06-04 10:57:09 +07:00
Joas Schilling	b6c6527705	Fix unauthorized OCS status in provisioning Signed-off-by: Joas Schilling <coding@schilljs.com>	2021-05-12 08:16:07 +07:00
Christoph Wurst	99f0b10421	Merge pull request #26591 from nextcloud/techdebt/noid/less-ilogger Less ILogger	2021-04-27 15:38:12 +07:00

1 2 3

122 Commits (9f3da00aacba89f525678395f2cd8302ff7d4e69)