51fa22dc26
fix psalm
...
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2024-01-31 21:13:32 +07:00
86835ee899
sync with new OCP\IAppConfig
...
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2024-01-31 21:13:32 +07:00
85978593fe
Merge pull request #42794 from nextcloud/fix/invalid-trusted-proxies
...
fix(Request): Catch exceptions in `isTrustedProxy`
2024-01-29 16:19:51 +07:00
30ad530814
code style: ommited space, reverted [code review]
2024-01-27 15:11:26 +07:00
446ecbc454
fixing bug #6914 : Config Param 'overwritecondaddr' not working
...
- just ignoring/removing extra parameter 'protocol' as suggested by
blizzz
Signed-off-by: Pavel Kryl <pavel@kryl.eu>
2024-01-27 15:11:26 +07:00
7620d230df
fix(Request): Catch exceptions in `isTrustedProxy`
...
The function fails if the configured trusted proxies contain invalid characters and the underlying IpUtils will throw.
But as it is used by `getRemoteAddress` which is used by logging / templating, thrown errors are not reported but silently fail with error 500.
Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de>
Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com>
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-01-27 14:59:51 +07:00
ce583cb67b
techdebt(Middleware): Add more specific array types so its clickable in IDEs
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-11-30 12:27:08 +07:00
f6b6776c93
fix(API): Use a distinct exception so apps can react to it and customize the return
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-11-28 06:11:57 +07:00
3fa43a529b
enh(dispatcher): enforce psalm ranges in the http dispatcher
...
- allows devs to provide int ranges for API arguments
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2023-11-24 12:46:38 +07:00
aa5f037af7
chore: apply changes from Nextcloud coding standards 1.1.1
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2023-11-23 10:36:13 +07:00
2fa78f6245
Reverse X-Forwarded-For list to read the correct proxy remote address
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-11-16 07:45:19 +07:00
78842348b2
feat(dependencyinjection): Allow optional (nullable) services
...
Allows working with classes that might or might not be available.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-11-03 11:53:43 +07:00
2b7f78fc2e
Merge pull request #40326 from nextcloud/enh/text-to-image-api
...
Implement TextToImage OCP API
2023-10-26 15:53:30 +07:00
eb1d612d96
Add api to register setup checks
...
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2023-10-19 11:43:58 +07:00
c8cab9d2fd
Implement TextToImage OCP API
...
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
2023-10-18 13:21:50 +07:00
356c2219bc
Merge pull request #40865 from nextcloud/bugfix/noid/fix-version-comment
...
Fix version number in ITimeFactory after it was delayed
2023-10-16 08:01:09 +07:00
a8ae09c544
fix(docs): Fix parameter types in docs
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-10-13 11:02:42 +07:00
0a4fbaddc7
Fix version number in ITimeFactory after it was delayed
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-10-11 12:14:41 +07:00
0b8a3b578d
fixed Drone test
...
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
2023-10-06 13:46:37 +07:00
f16c9f42c6
added CORS skip if session was created by AppAPI
...
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
2023-10-02 11:08:21 +07:00
ea06cf2f39
Convert isset ternary to null coalescing operator
...
Signed-off-by: Hamid Dehnavi <hamid.dev.pro@gmail.com>
2023-09-28 17:44:19 +07:00
f68d4f7300
Remove deprecated methods Util::writeLog and DIContainer::log
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-09-25 10:37:12 +07:00
e477bb7eaf
feat(appframework): Expose programmatic rate limiter
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-09-20 20:25:27 +07:00
ce74bdcda2
Refactor `OC\Server::getThemingDefaults`
...
Signed-off-by: Andrew Summers <18727110+summersab@users.noreply.github.com>
2023-08-29 21:33:17 +07:00
25309bcb45
techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-08-28 15:50:45 +07:00
381c35080d
fix(middleware): Fix header injection for bruteforce middleware
...
Calling setHeaders(getHeaders()) breaks the CSP nonce for unknown reasons
So shifting back to old standard practise for now
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-08-22 16:00:39 +07:00
2f06f2355d
feat: Add a header which signals that the request was throttled
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-08-21 16:36:04 +07:00
ccf57e0715
add separate event for rendering login page template
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2023-08-17 10:57:56 +07:00
12f8543815
Rewrite OCS CSRF check to be readable
...
Signed-off-by: jld3103 <jld3103yt@gmail.com>
2023-08-16 15:52:36 +07:00
1b387bb341
fix!: Remove legacy event dispatching Symfony's GenericEvent from AdditionalScripts
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-07-27 09:57:52 +07:00
7c80d66ee5
Merge pull request #38854 from nextcloud/enh/llm-api
2023-07-21 11:20:31 +07:00
ffe27ce14c
Massive refactoring: Turn LanguageModel OCP API into TextProcessing API
...
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
2023-07-14 16:00:31 +07:00
82d3b00ab1
LLM OCP API: Add to RegistrationContext
...
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
2023-07-07 13:39:10 +07:00
558e386e46
fix(CardDAV): catch right exception when checking for federated app classes
...
Signed-off-by: Anna Larch <anna@nextcloud.com>
2023-07-06 13:07:14 +07:00
b0001c6010
Add template types to responses
...
Signed-off-by: jld3103 <jld3103yt@gmail.com>
2023-06-30 09:33:29 +07:00
7f4651637a
Allow stdClass in XML responses
...
Signed-off-by: jld3103 <jld3103yt@gmail.com>
2023-06-13 11:44:47 +07:00
9f1d497a0b
Merge pull request #38261 from fsamapoor/replace_strpos_calls_in_lib_private
...
Refactors "strpos" calls in lib/private to improve code readability.
2023-06-01 23:10:00 +07:00
e76d525a43
chore: Drop \OC_App::getAppInfo
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-06-01 11:31:27 +07:00
3a6bc7aba2
fix(middleware): Also abort the request when reaching max delay in afterController
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-05-15 16:20:19 +07:00
e7cc7653b8
Refactors "strpos" calls in lib/private to improve code readability.
...
Signed-off-by: Faraz Samapoor <fsamapoor@gmail.com>
2023-05-15 15:17:19 +07:00
ecb8b55c5c
feat(security): Add PHP \Attribute for remaining security annotations
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-04-25 14:50:32 +07:00
89c3c31402
feat(ratelimit): Add Attributes support to rate limit middleware
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-04-24 12:24:48 +07:00
b294edad80
Merge branch 'master' into enh/type-iconfig-getter-calls
...
Signed-off-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
2023-04-20 16:52:38 +07:00
fd473f89e8
Merge pull request #37674 from nextcloud/feature/speech-to-text
...
feat(SpeechToText): Add SpeechToText OCP provider API
2023-04-19 16:29:44 +07:00
a06898a2d0
fix(security)!: Use consistent HTTP status for strict cookie checks
...
Before: 503/412
Now: 412 + json body explaining the error
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-04-17 16:06:37 +07:00
317521b607
feat(SpeechToText): Add SpeechToText provider API
...
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
2023-04-11 14:59:57 +07:00
426c0341ff
Use typed version of IConfig::getSystemValue as much as possible
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-04-05 12:50:08 +07:00
2b49861679
Add a debug message when throttling without defining
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-03-08 12:09:22 +07:00
e839eb9b5c
feat(middleware): Migrate BruteForceProtection annotation to PHP Attribute and allow multiple
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-03-08 12:09:22 +07:00
c297f8ee96
feat(appframework): ⌚ Make ITimeFactory extend \PSR\Clock\ClockInterface
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-03-03 15:37:13 +07:00
3e63298381
feat(translations): Add translation provider API
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2023-02-27 16:52:03 +07:00
90d2cb09b1
Merge pull request #36396 from nextcloud/fix/cors
2023-02-17 09:42:08 +07:00
f655f83c84
fix(CORS): CORS should only be bypassed on `PublicPage` if not logged in to prevent CSRF attack vectors
...
Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>
2023-02-16 22:55:18 +07:00
a705132c8d
Merge pull request #36656 from nextcloud/route-instrumentation
2023-02-14 10:12:19 +07:00
610a203d31
Merge pull request #36525 from nextcloud/fix/noid/params-put
...
fix: Only get params from PUT content if possible
2023-02-13 10:25:52 +07:00
b68be79464
more routing performance instrumentation
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2023-02-10 11:12:26 +07:00
fe78ef7a38
instrumentation for app booting
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2023-02-09 17:41:43 +07:00
08e7b20c43
add more performance instrumentation for app registering
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2023-02-09 17:41:43 +07:00
ba8a50c059
fix: Throw `NotFoundExceptionInterface` to fulfill PSR container interface if class not found
...
Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>
2023-02-06 14:16:35 +07:00
dc3916e27c
fix: Only get params from PUT content if possible
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2023-02-03 22:30:04 +07:00
4ab3c16403
Pluggable share provider
...
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
Signed-off-by: Louis Chemineau <louis@chmn.me>
2023-02-02 15:41:26 +07:00
20e00cdf17
feat(app-framework): Add UseSession attribute to replace annotation
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-01-27 09:40:35 +07:00
8d9af3e262
feat(app-framework): Add support for global middlewares
...
This allows apps to register middlewares that always register, not just
for the app's own requests
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-01-26 11:54:28 +07:00
907ff68bfc
perf(app-framework): Make the app middleware registration lazy
...
Before this patch, app middlewares were registered on the dispatcher for
every app loaded in a Nextcloud process. With the patch, only
middlewares belonging to the same app of a dispatcher instance are
loaded.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-01-25 09:27:24 +07:00
f5c361cf44
composer run cs:fix
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-01-20 11:45:08 +07:00
2a5e18b67a
Fix types in OCS json answer (status code is an int)
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-01-20 11:22:09 +07:00
f2cdc4f47d
Fix crash in OCS when getting info about an application
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-01-20 11:22:09 +07:00
0c466b7ff5
Attempt at reducing psalm errors
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-01-20 11:22:09 +07:00
20fcfb5739
feat(app framework)!: Inject services into controller methods
...
Usually Nextcloud DI goes through constructor injection. This has the
implication that each instance of a class builds the full DI tree. That
is the injected services, their services, etc. Occasionally there is a
service that is only needed for one controller method. Then the DI tree
is build regardless if used or not.
If services are injected into the method, we only build the DI tree if
that method gets executed.
This is also how Laravel allows injection.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-01-18 14:00:38 +07:00
0af4e9d4fe
Merge pull request #34172 from audriga/add-scim-json-support
...
Add support for application/scim+json
2022-12-20 08:58:33 +07:00
cf508c1e47
Use strict typing in base.php
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2022-12-19 09:10:40 +07:00
7dcd6eb561
Merge branch 'master' into add-scim-json-support
...
Signed-off-by: Stanimir Bozhilov <stanimir.bozhilov.1998@gmail.com>
2022-12-19 09:07:38 +07:00
7adfdf5248
Merge pull request #35537 from nextcloud/fix/dependency-injection-error
...
Improve dependency injection error message
2022-12-16 16:49:23 +07:00
ae6fe874ed
Merge pull request #35780 from nextcloud/fix/http-dispatcher-double-parameter-cast
...
Fix missing cast of double controller parameters
2022-12-16 16:18:35 +07:00
b6dd1a1d7b
fix(app framework): Fix missing cast of double controller parameters
...
``settype`` allows 'double' as alias of 'float'.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2022-12-15 09:33:52 +07:00
81f2857f34
check if params given to API are really an array
...
Signed-off-by: Artur Neumann <artur@jankaritech.com>
2022-12-15 13:45:22 +07:00
b44befa881
Move JSON content type regex to IRequest and make it a const
2022-12-08 15:11:23 +07:00
f0a0bfaaee
Move to str_starts_with
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2022-12-07 22:32:06 +07:00
3899de12b7
Skip querying the app container for server namespace
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2022-12-07 22:32:05 +07:00
d7ecbe32d2
Avoid container dance for appName
...
Sicne the appName is always passed for the DIContainer we can avoid
using the container query logic and instead store and use a property
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2022-12-07 22:32:04 +07:00
4a3f3beb0b
use bruteforce protection on all methods wrapped by PublicShareMiddleware
...
if an invalid token is provided or when share password is wrong
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
2022-12-07 13:24:50 +07:00
2a864ec13c
Improve dependency injection error message
...
Change from display the name of the parameter to the type of the
parameter. This is that in most cases is usefull.
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2022-12-01 12:46:01 +07:00
41b2466d35
Clean up and deprecate app container aliases
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2022-11-02 19:42:09 +07:00
cea2f79bbd
Improve container return type annotations
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2022-10-14 10:45:16 +07:00
46c10c77e1
Fix the JSON content type regex to match all MIME types
...
Signed-off-by: Stanimir Bozhilov <stanimir@audriga.com>
2022-09-26 11:51:44 +07:00
d80f8f6c82
Type hint JSON content type regex and use preg_match less
...
Signed-off-by: Stanimir Bozhilov <stanimir@audriga.com>
2022-09-22 11:25:39 +07:00
f286a9d6ac
Use regex for all JSON-related content types
...
Signed-off-by: Stanimir Bozhilov <stanimir@audriga.com>
2022-09-21 16:36:01 +07:00
0ace70488a
Treat application/json and application/scim+json in same if-block
...
Signed-off-by: Stanimir Bozhilov <stanimir@audriga.com>
2022-09-21 15:31:50 +07:00
c8b7a233a5
Allow CSRF on CORS routes
...
Co-authored-by: Julius Härtl <jus@bitgrid.net>
Co-authored-by: Andreas Brinner <andreas@everlanes.net>
Signed-off-by: Jonas Rittershofer <jotoeri@users.noreply.github.com>
2022-09-21 10:42:00 +07:00
f0dbe1148a
Add support for application/scim+json content type
...
Signed-off-by: Stanimir Bozhilov <stanimir@audriga.com>
2022-09-20 16:18:52 +07:00
68d0038eb0
Move registration to IBootstrap
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2022-08-31 16:20:06 +07:00
9b4b72826a
Reopen sessions if we need to write to them instead of keeping them open
...
Sessions are a locking operation until we write close them, so close
them early and reopen later in case we want to write to them
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2022-08-17 12:10:26 +07:00
f8b13ecd60
Merge pull request #32363 from nextcloud/cleanup/remove-long-deprecated-classes
...
Remove OCP\App and OCP\BackgroundJob
2022-08-08 17:05:11 +07:00
cbd5cef2cc
Merge pull request #33398 from nextcloud/enh/noid/sensitive-methods-apps
...
allow apps to specify methods carrying sensitive parameters
2022-08-05 14:09:55 +07:00
09362eaeaa
Support specifying IPv6 proxies in CIDR notation
...
Previously, it was not possible to use CIDR notation for IPv6 proxies
in the trusted_proxies parameter of config.php [1]. This patch adds
support for that.
[1]: https://docs.nextcloud.com/server/24/admin_manual/configuration_server/reverse_proxy_configuration.html#defining-trusted-proxies
Signed-off-by: Simon Leiner <simon@leiner.me>
2022-08-02 17:36:47 +07:00
458c2fa297
Remove OCP\App and OCP\BackgroundJob
...
Both deprecated since NC 23
IAppManager is the replacement for OCP\App unfortunately it can't be
dependency injected in classes used by the installed otherwise the
database connection is initialised too early
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2022-08-01 09:46:40 +07:00
2a6f46e689
allow apps to specify methods carrying sensitive parameters
...
… in order to remove them from logging.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2022-07-28 23:30:17 +07:00
368f83095d
Fix typos in lib/private subdirectory
...
Found via `codespell -q 3 -S l10n -L jus ./lib/private`
Signed-off-by: luz paz <luzpaz@github.com>
2022-07-27 08:52:17 +07:00
523572fcea
load widgets only of enabled apps
...
- per design, all enabled apps have their registration run
- limitations, e.g. enabled by group, are not considered in that state,
because we do not have a session (and might need apps?)
- before instantiation of widget it has to be checked whether the providing
app is actually enabled for the logged in user.
- a public interface is being changed, but it is not meant to be
implemented or used outside of the core handling. Therefore save to
backport.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2022-06-22 21:58:13 +07:00
b70c6a128f
Update core to PHP 7.4 standard
...
- Typed properties
- Port to LoggerInterface
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2022-05-20 22:18:06 +07:00
Maxence Lange
Ferdinand Thiessen
Pavel Kryl
Joas Schilling
Arthur Schiwon
Christoph Wurst
Joas Schilling
Carl Schwan
Marcel Klehr
Alexander Piskun
Hamid Dehnavi
Côme Chilliet
Andrew Summers
Robin Appelman
jld3103
Anna Larch
Faraz Samapoor
Côme Chilliet
Julius Härtl
Ferdinand Thiessen
Louis Chemineau
Stanimir Bozhilov
Vincent Petry
Artur Neumann
Stanimir Bozhilov
Julien Veyssier
Jonas Rittershofer
Simon Leiner
luz paz