sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
79,407 Commits
596 Branches
1167 Tags
8.8 GiB
Commit Graph

570 Commits (b42d26b42f5ef5a4fe05af719f1183c20cb43414)

Author SHA1 Message Date
Louis 4e7a3c1f9e
Merge pull request #51090 from nextcloud/backport/51051/stable31 
[stable31] feat: Close sessions created for login flow v2
 2025-03-03 12:28:48 +07:00
Louis Chemineau ab01b76a19
fix(login): Also check legacy annotation for ephemeral sessions 
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2025-03-03 11:00:29 +07:00
Louis Chemineau e840ee72b2 feat: Close sessions created for login flow v2 
Sessions created during the login flow v2 should be short lived to not leave an unexpected opened session in the browser.

This commit add a property to the session object to track its origin, and will close it as soon as possible, i.e., on the first non public page request.

Signed-off-by: Louis Chemineau <louis@chmn.me>
 2025-02-27 07:59:49 +07:00
Joas Schilling 1a60bca362 fix(l10n): Improve english source strings 
- No leading/trailing whitespace
- Use asci single quote

Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-02-26 13:08:49 +07:00
Joas Schilling 77fddb8f23 fix(ratelimit): Allow to bypass rate-limit from bruteforce allowlist 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-01-27 13:21:36 +07:00
Elizabeth Danzberger fdfeb7f265
feat(api): File conversion API 
Signed-off-by: Elizabeth Danzberger <lizzy7128@tutanota.de>
 2025-01-15 16:38:18 +07:00
Maxence Lange bd4a154d64 feat(lexicon): configurable default value 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2025-01-14 10:36:07 +07:00
provokateurin 7db694f534
fix(Http): Only allow valid HTTP status code values via template 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2025-01-07 15:45:30 +07:00
Maxence Lange 96586ba709 feat(config): implementation of lexicon 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2024-12-13 11:08:20 +07:00
Joas Schilling dd101dd0f7
Merge pull request #49515 from nextcloud/bugfix/noid/boolean-false-in-multipart-form-data 
fix(controller): Fix false booleans in multipart/form-data
 2024-11-28 14:46:16 +07:00
Joas Schilling 1909b981a4
fix(controller): Fix false booleans in multipart/form-data 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-11-28 12:18:30 +07:00
Louis Chemineau a2f2f7ce93
feat: Use inline password confirmation in external storage settings 
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2024-11-28 11:01:54 +07:00
provokateurin dd0ed02b91
feat(Dispatcher): Add debug log for controller methods returning raw data not wrapped in Response 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-11-15 10:09:59 +07:00
skjnldsv b15fdfd40e chore(profile): move profile app from core to apps 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2024-11-14 10:25:02 +07:00
Arthur Schiwon fdd24090ff
fix(Middleware): log deprecation when annotation was actually used 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-11-12 22:15:08 +07:00
Ferdinand Thiessen a8f46af20f
chore: Add proper deprecation dates where missing 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-09-20 00:46:03 +07:00
provokateurin 9836e9b164
chore(deps): Update nextcloud/coding-standard to v1.3.1 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-09-19 14:21:20 +07:00
Ferdinand Thiessen fe05882628
chore!: Remove `OC\AppFramework\Logger` 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-09-19 00:32:25 +07:00
provokateurin 3d9b49815b
fix(BaseResponse): Cast XML element values to string 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-09-15 15:37:27 +07:00
Ferdinand Thiessen deeccd12a3
chore: fix typo in `SameSiteCookieMiddleware` 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-31 00:34:45 +07:00
Ferdinand Thiessen 92f3f7e2d2
chore: Remove unused `CsrfTokenManager` from `CSPMiddleware` 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-31 00:34:41 +07:00
Daniel Kesselberg af6de04e9e
style: update codestyle for coding-standard 1.2.3 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2024-08-25 19:34:58 +07:00
Robin Appelman 8b60df1600
perf: delay getting (sub)admin status for user in the security middleware untill we need it 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2024-08-23 15:26:40 +07:00
Ferdinand Thiessen c82b17d0a3
fix: Support Safari mobile 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-21 13:01:23 +07:00
Holger Hees 73397cd759
fix: Use `CSP_NONCE` env variable in ContentSecurity Header 
We should use 'cspNonceManager' for requesting the NONCE value, because it is doing the same as before, except that it honors a CPS_NONCE environment variable if available.

Signed-off-by: Holger Hees <holger.hees@gmail.com>
 2024-08-13 09:52:08 +07:00
skjnldsv db28aa8cd1 fix(files_sharing): show proper share not found error message 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2024-08-06 16:25:10 +07:00
provokateurin 9d1705259c
fix(AppFramework): Allow requests with OCS-APIRequest header to pass CSRF checks 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-07-25 17:31:49 +07:00
SebastianKrupinski fc0b694d37 feat: mail provider backend 
Signed-off-by: SebastianKrupinski <krupinskis05@gmail.com>
 2024-07-23 16:20:36 +07:00
Joas Schilling 047479ccf9
feat(security): Add public API to allow validating IP Ranges and checking for "in range" 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-07-19 16:28:03 +07:00
Benjamin Gaussorgues 202e5b1e95
feat(security): restrict admin actions to IP ranges 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-07-19 16:28:03 +07:00
Andrey Borysenko 40f820470a
chore: use "app_api" session key, "app_api_system" is deprecated 
Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
 2024-07-18 17:16:57 +07:00
Alexander Piskun b7af6ec200
feat: allow for ExApps to call Admin endpoints marked with specific attr 
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
 2024-07-18 15:11:39 +07:00
provokateurin e5dcdfb9e0
feat(Security): Warn about using annotations instead of attributes 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-07-18 11:25:32 +07:00
Ferdinand Thiessen a229723b8c
feat: Add new forbidden filename options to Capabilities 
Allow clients to access the new filename validation options
and make frontend name validation possible.

Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de>
Co-authored-by: Kate <26026535+provokateurin@users.noreply.github.com>
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-07-11 13:31:54 +07:00
provokateurin 5aefdc399e
feat(AppFramework): Add ExAppRequired attribute 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-07-01 14:41:20 +07:00
Joas Schilling 0d383f1f66
fix(logger): Fix scoped PSR logger when running psalm:ci 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-06-11 11:52:18 +07:00
Arthur Schiwon f6d6efef3a
refactor(Token): introduce scope constants 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-06-05 19:01:14 +07:00
Arthur Schiwon 340939e688
fix(Session): avoid password confirmation on SSO 
SSO backends like SAML and OIDC tried a trick to suppress password
confirmations as they are not possible by design. At least for SAML it was
not reliable when existing user backends where used as user repositories.

Now we are setting a special scope with the token, and also make sure that
the scope is taken over when tokens are regenerated.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-06-05 19:01:13 +07:00
Andy Scherzinger dae7c159f7
chore: Add SPDX header 
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
 2024-05-24 13:11:22 +07:00
Marcel Klehr ec27c538b5 fix: address review comments 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-05-14 11:38:41 +07:00
Marcel Klehr 00894e2420 feat: first pass at TaskProcessing API 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-05-14 11:38:39 +07:00
Côme Chilliet 672923f0a6
fix: Fix newly spotted psalm issues, add exhaustive typed magic properties for LDAP classes 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-04-30 09:23:58 +07:00
Côme Chilliet 644036ab4e
fix: Migrate away from OC_App toward the IAppManager 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-04-22 12:14:58 +07:00
Ferdinand Thiessen 3aa9c53a87
Merge pull request #44644 from nextcloud/enh/noid/returns-formated-app-values 
fix(appconfig): format app values
 2024-04-17 17:11:36 +07:00
Côme Chilliet ab6afe0111 fix: Fix new psalm errors from update 
Not sure about the SimpleContainer modification, let’s see what CI says
 about that.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-04-08 11:29:09 +07:00
Maxence Lange 97e59b12a1 fix(appconfig): only convert single entry on searchValues() 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2024-04-05 17:49:34 +07:00
Côme Chilliet ec5133b739 fix: Apply new coding standard to all files 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-04-02 14:16:21 +07:00
Florian Klinger f3a4abd98c
fix: add check for app_api_system session flag to bypass rate limit 
Signed-off-by: Florian Klinger <florian.klinger@nextcloud.com>
Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
 2024-03-18 20:09:15 +07:00
John Molakvoæ bbb7955cad
Merge branch 'master' into refactor/OC-Server-getThemingDefaults 2024-03-15 13:12:32 +07:00
Andrey Borysenko 865fd3ba08
fix: add missing copyrights and strict types 
Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
 2024-03-12 18:14:40 +07:00