sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
82,672 Commits
629 Branches
1167 Tags
9.1 GiB
Commit Graph

301 Commits (e2ea6d46802255cd1dcdedf0c0d5aeabdcaf283d)

Author SHA1 Message Date
Julius Härtl 64a7489958
Fix SessionMiddlewareTest and cover new case with reopening 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-08-24 10:36:57 +07:00
Simon Leiner 09362eaeaa
Support specifying IPv6 proxies in CIDR notation 
Previously, it was not possible to use CIDR notation for IPv6 proxies
in the trusted_proxies parameter of config.php [1]. This patch adds
support for that.

[1]: https://docs.nextcloud.com/server/24/admin_manual/configuration_server/reverse_proxy_configuration.html#defining-trusted-proxies

Signed-off-by: Simon Leiner <simon@leiner.me>
 2022-08-02 17:36:47 +07:00
Thomas Citharel 1d30fb7852
Fix reading blob data as resource 
PostgreSQL returns data as resource when using IQueryBuilder::PARAM_LOB
(which is used for QBMapper).

Previously we just converted this resource using settype, which produced
things like "Resource id #14" instead of the actual resource data.

Now we read the stream correctly if the returned data is a resource

See context at #22472

Fixes #22439

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2022-07-25 09:45:47 +07:00
Côme Chilliet 1bd5222224
Fix PHP 8.2 warnings about undeclared properties 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-06-21 16:17:52 +07:00
Côme Chilliet c7e1c36362
Remove at matcher uses in tests/lib 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-06-16 17:43:17 +07:00
Joas Schilling 279e06a80f
Merge pull request #32587 from nextcloud/bugfix/noid/improve-jsconfighelper 
Improve JSConfigHelper code quality a bit
 2022-05-31 10:29:30 +07:00
Julius Härtl 3901a93c72
Use JSON_THROW_ON_ERROR instead of custom error handling 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-05-30 19:17:49 +07:00
Joas Schilling f9efc410fa
Restore old behaviour of sending flase for not found apps 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-05-30 12:41:35 +07:00
Carl Schwan b70c6a128f Update core to PHP 7.4 standard 
- Typed properties
- Port to LoggerInterface

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-05-20 22:18:06 +07:00
Carl Schwan 7817845538 Add a metadata service to store file metadata 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-04-13 14:06:29 +07:00
Cyrille Bollu c6a5c07041 Adds a "Request password" button to the public share authentication page for shares 
of type TYPE_EMAIL, when the "video verification" checkbox isn't checked. Users accessing
non-anonymous public shares (TYPE_EMAIL shares) can now request a temporary password themselves.

- Creates a migration step for the files_sharing app to add the 'password_expiration_time'
  attribute to the oc_shares table.
- Makes share temporary passwords' expiration time configurable via a system value.
- Adds a system config value to allow permanent share passwords

-Fixes a typo in a comment in apps/files_sharing/src/components/SharingEntryLink.vue

See https://github.com/nextcloud/server/issues/31005

Signed-off-by: Cyrille Bollu <cyrpub@bollu.be>
 2022-04-11 21:58:24 +07:00
Carl Schwan 7d272c54d0 Add a built-in profiler inside Nextcloud 
The webui is provided by a seperate application named profiler

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-04-04 10:28:26 +07:00
Côme Chilliet 61f7f13bd8
Migrate from ILogger to LoggerInterface where needed in the tests 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-03-24 16:21:26 +07:00
Joas Schilling 0acd4b5f82
Merge pull request #31235 from nextcloud/techdebt/noid/extract-request-id 
Extract request id handling to dedicated class so it can be injected without DB dependency
 2022-03-22 12:08:45 +07:00
Julius Härtl bd03dd37be
Allow to set a strict-dynamic CSP through the API 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-03-09 15:10:27 +07:00
Julius Härtl 2dd96fe8da
Fix tests 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-02-28 11:24:41 +07:00
Julius Härtl eede608c0e
Add event logging to app loading 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-02-28 11:24:41 +07:00
Joas Schilling d078d53683
Fix tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-02-23 11:01:58 +07:00
Joas Schilling cc6653e45c
Adjust and add unit tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-02-23 11:01:58 +07:00
Christoph Wurst cb252c5591
Add Transactional trait for atomic DB operations 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2022-02-17 09:58:41 +07:00
Christopher Ng e485451eed Add test 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2022-02-11 23:34:25 +07:00
Robin Appelman c712987878
send request id in response header 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2022-02-01 14:24:01 +07:00
Carl Schwan 6312c0df69
Check style update 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-01-13 00:19:07 +07:00
Côme Chilliet 3a1b3745eb
Fix DateTime constructor calls with null 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2021-11-23 09:28:58 +07:00
Carl Schwan 6958d8005a
Add admin privilege delegation for admin settings 
This makes it possible for selected groups to access some settings
pages.

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2021-09-29 21:43:31 +07:00
Christoph Wurst 6d5cfe0c66
Move DateTime::RFC2822 to DateTimeInterface::2822 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-06-23 15:30:43 +07:00
Christoph Wurst 770881d5d6
Move DateTime::ATOM to DateTimeInterface::ATOM 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-06-23 15:28:07 +07:00
Joas Schilling 181aab416a
Fix warnings about logException 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-06-04 10:57:09 +07:00
Lukas Reschke 377514aad1 Escape filename in Content-Disposition 
We should escape all occurences of ' and \ in here.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2021-06-02 19:22:17 +07:00
Joas Schilling b6c6527705
Fix unauthorized OCS status in provisioning 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-05-12 08:16:07 +07:00
Christoph Wurst 99f0b10421
Merge pull request #26591 from nextcloud/techdebt/noid/less-ilogger 
Less ILogger
 2021-04-27 15:38:12 +07:00
Joas Schilling df47445c01
Fix unit tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-04-27 14:34:32 +07:00
Joas Schilling 174f4dd043
Fix ratelimit template 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-04-27 13:55:34 +07:00
Roeland Jago Douma 30e096f3f5 Allow overwriting isAuthenticated 
* Some implementations might check for different things
* IT will not change how the current ones work

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2021-03-09 09:17:30 +07:00
Roeland Jago Douma cc744740b7 Remove deprecated \OCP\API 
Time to remove this forgood now.
Remaining constant moved over
The world is a tiny bit better

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2021-03-03 20:54:32 +07:00
Christoph Wurst 8b64e92b92
Bump doctrine/dbal from 2.12.0 to 3.0.0 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-01-08 11:45:19 +07:00
Roeland Jago Douma 48679ae39f
Make sure we just check for the keys 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-12-07 15:44:03 +07:00
Roeland Jago Douma 9163790b7c
Set frame-ancestors to none if none are filled 
frame-ancestors doesn't fall back to default-src. So when we apply a
very restricted CSP we should make sure to set it to 'none' and not
leave it empty.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-11-18 10:13:36 +07:00
Morris Jobke f03bb4716b
Remove OCSResponse type hint - see #23827 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-11-03 10:43:32 +07:00
Roeland Jago Douma fa6a790859
Remove deprecated OCSResponse 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-11-01 14:12:27 +07:00
Morris Jobke 91d445909a
Fix code style 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-10-12 14:54:51 +07:00
Robin Windey 6a1f8fb3be
Fix typo 'shared' 2020-10-12 14:19:41 +07:00
Christoph Wurst d9015a8c94
Format code to a single space around binary operators 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-10-05 20:25:24 +07:00
Joas Schilling 95a301ea57
Fix tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-10-02 10:37:18 +07:00
Joas Schilling a9f22ac7b1
More test fixing 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-08-19 12:40:25 +07:00
Morris Jobke 234b510652
Change PHPDoc type hint from PHPUnit_Framework_MockObject_MockObject to \PHPUnit\Framework\MockObject\MockObject 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-08-12 13:55:19 +07:00
Morris Jobke 0123cd0ae3
Use assertStringContainsString instead of assertContains on strings 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-07-23 17:11:29 +07:00
Christoph Wurst 91e7f12088
Adjust apps' code to use the ContainerInterface 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-07-21 20:43:18 +07:00
Roeland Jago Douma 7d7ba61625
Add real events to load additionalscripts 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-07-15 14:07:18 +07:00
Julius Härtl 81e5593133
Move to lazy panel registration during registration context 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2020-07-15 09:27:57 +07:00
Christoph Wurst f03f88b437
Delegate bootstrap registration lazily 
* Keep the registration context
* Expose the context object for other components
* Ensure registration is only run once

Search providers are migrated for demonstration.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-07-14 15:33:32 +07:00
Roeland Jago Douma 3f447b9c8c
Fix supporting defaults for routes 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-07-08 19:52:45 +07:00
Roeland Jago Douma edc1c77dd9
Do not create a RouteActionHandler object for each route 
This is not required and doesn't allow us to be properly lazy. On top of
it this doesnt allow us to cache the routes (since closures/objects
can't be cached).

This is the first small step into cleaning up the routing we have

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-07-07 12:33:22 +07:00
Holger Hees e70249e089
Update SecurityMiddleware.php 
OC::$WEBROOT can be empty in case if your nextcloud installation has no url prefix. This will result in an empty Location Header.

in other areas OC::$WEBROOT is always used together with an /
 2020-07-06 21:34:46 +07:00
Christoph Wurst 4a3ea04baa
Callable parameter injection 
This is like what we have to DI and classes, but for callables.

The motivating factor is to get rid of *service locators* in the `boot`
method of apps as a new pattern is about to emerge where we have lots of
`query` calls on the app or server container in order to fetch some
services.

With this little helper it's possible to call another (public) method
and magically have everything injected.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-07-03 14:37:46 +07:00
Joas Schilling 74a9cadc50
Fix IPv6 remote addresses from X_FORWARDED_FOR headers before validating 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-07-02 11:13:13 +07:00
Joas Schilling b7060be18d
Fix robots "noindex, nofollow" signals 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-06-25 08:29:43 +07:00
Christoph Wurst 4488e846a5
Add unified search API 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-06-24 14:20:25 +07:00
blizzz 859941db32
Merge pull request #21479 from nextcloud/fix/21474/allow_specifying_cookie_type 
Allow to specify the cookie type for appframework responses
 2020-06-22 13:00:12 +07:00
Roeland Jago Douma fbf9772a3e
Allow to specify the cookie type for appframework responses 
In general it is good to set them to Lax. But also to give devs more
control over them is not a bad thing.

Helps with #21474

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-06-22 08:38:44 +07:00
Roeland Jago Douma c006b5ff2a
Fix unit test of the ResponseTest 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-06-21 09:44:56 +07:00
Christoph Wurst 2b7b7144d4
Allow crash reporters registration during app bootstrap 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-06-19 10:38:26 +07:00
Christoph Wurst 69571fb536
Add dedicated API for apps' bootstrapping process 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-06-17 09:22:21 +07:00
Roeland Jago Douma 7c15c63b05
Merge pull request #20939 from nextcloud/enh/middleware/not_modified 
Move not modified check to the middleware
 2020-05-13 09:04:56 +07:00
Roeland Jago Douma 4fbea316a7
Merge pull request #20897 from nextcloud/bugfix/httpcache 
Proxy server could cache http response when it is not private
 2020-05-13 08:27:05 +07:00
Roeland Jago Douma 12fa748c49
Move the notmodified check to middleware where it belongs 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-05-13 08:11:24 +07:00
Clement Wong 979dd1b6f5 Fix http cache test 
Signed-off-by: Clement Wong <git@clement.hk>
 2020-05-12 11:50:48 +07:00
Roeland Jago Douma 203d7eb1d3
Add AppFramework GZip middleware to gzip responses 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-05-12 09:09:48 +07:00
Roeland Jago Douma c870b6ab2e
Fix new routing in settings etc 
Also prefix resources
Unify the prefix handling
Handle urls with and without slash

Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-04-22 13:09:25 +07:00
Joas Schilling 250467e842
Extend tests for root url 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-04-18 11:21:28 +07:00
Christoph Wurst 1584c9ae9c
Add visibility to all methods and position of static keyword 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-10 16:51:06 +07:00
Christoph Wurst caff1023ea
Format control structures, classes, methods and function 
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.

This also removes and empty lines from method/function bodies at the
beginning and end.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-10 14:19:56 +07:00
Christoph Wurst 14c996d982
Use elseif instead of else if 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-10 10:35:09 +07:00
Christoph Wurst 44577e4345
Remove trailing and in between spaces 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-09 16:07:47 +07:00
Christoph Wurst afbd9c4e6e
Unify function spacing to PSR2 recommendation 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-09 13:54:22 +07:00
Christoph Wurst 2a529e453a
Use a blank line after the opening tag 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-09 11:50:14 +07:00
Christoph Wurst 41b5e5923a
Use exactly one empty line after the namespace declaration 
For PSR2

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-09 11:48:10 +07:00
Christoph Wurst 2fbad1ed72
Fix (array) indent style to always use one tab 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-09 10:16:08 +07:00
Christoph Wurst 85e369cddb
Fix multiline comments 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-08 22:24:54 +07:00
Christoph Wurst 463b388589
Merge pull request #20170 from nextcloud/techdebt/remove-unused-imports 
Remove unused imports
 2020-03-27 17:14:08 +07:00
Christoph Wurst b80ebc9674
Use the short array syntax, everywhere 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-03-26 16:34:56 +07:00
Christoph Wurst 2ee65f177e
Use the shorter phpunit syntax for mocked return values 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-03-25 22:21:27 +07:00
Christoph Wurst 74936c49ea
Remove unused imports 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-03-25 22:08:08 +07:00
Daniel Kesselberg 7af3bcb4bc
Add test to trigger "Trying to access array offset on value of type int" 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2020-01-23 10:18:14 +07:00
Daniel Kesselberg 8331d8296b
Make getServerHost more robust to faulty user input 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2020-01-16 11:26:29 +07:00
Daniel Kesselberg d393b1612b
Modify regex to match some other chromium browsers 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2019-12-27 17:24:52 +07:00
Roeland Jago Douma 3a7cf40aaa
Mode to modern phpunit 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-11-27 15:27:18 +07:00
Roeland Jago Douma c007ca624f
Make phpunit8 compatible 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-11-27 13:34:41 +07:00
Roeland Jago Douma b607e3e6f4
Merge pull request #17948 from nextcloud/enh/check-if-property-is-bool 
Make isXXX available for bool properties only
 2019-11-26 12:25:36 +07:00
Roeland Jago Douma 68748d4f85
Some php-cs fixes 
* Order the imports
* No leading slash on imports
* Empty line before namespace
* One line per import
* Empty after imports
* Emmpty line at bottom of file

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-11-22 20:52:10 +07:00
Daniel Kesselberg a27c10daa6
Make isXXX available for bool properties only 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2019-11-16 00:39:48 +07:00
Christoph Wurst de6940352a Move settings to an app 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>
 2019-09-28 09:39:28 +07:00
Roeland Jago Douma 3f12ec95f0
SessionMiddleware: declare session property 
* Remove request since we don't useit
* Update tests as well

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-08-28 13:02:29 +07:00
Roeland Jago Douma f81817b47d
Add tests 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-08-10 19:40:13 +07:00
Roeland Jago Douma b8c5008acf
Add feature policy header 
This adds the events and the classes to modify the feature policy.
It also adds a default restricted feature policy.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-08-10 14:26:22 +07:00
Roeland Jago Douma cf647451e5
Update CSP test cases to handle the new form-action 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-07-31 15:16:10 +07:00
Roeland Jago Douma 37a4282c7a
Split up security middleware 
With upcoming work for the feature policy header. Splitting this in
smaller classes that just do 1 thing makes sense.

I rather have a few small classes that are tiny and do 1 thing right
(and we all understand what is going on) than have big ones.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-07-27 16:11:45 +07:00
Roeland Jago Douma b0c2042a28
Merge pull request #15714 from nextcloud/fix/204_304_rfc 
Check the actual status code for 204 and 304
 2019-05-24 19:51:01 +07:00
Roeland Jago Douma b0c030cbb5
Check the actual status code for 204 and 304 
The header is the full http header like: HTTP/1.1 304 Not Modified
So comparing this to an int always yields false
This also makes the 304 RFC compliant as the resulting content length
should otherwise be the length of the message and not 0.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2019-05-24 15:18:32 +07:00
Christoph Wurst 22ae682823
Make it possible to show admin settings for sub admins 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2019-05-23 20:31:40 +07:00
Roeland Jago Douma 7276735eb4
Set empty CSP by default 
For #14179

By default responses should have the strictest (and simplest) CSP
possible. Only template responses should require an actual CSP.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-04-16 14:09:39 +07:00
Marius David Wieschollek 5aeb8eac2b
[#11236] Set parameter type in QBMapper 
Signed-off-by: Marius David Wieschollek <git.public@mdns.eu>
 2019-03-24 22:43:45 +07:00
Roeland Jago Douma b68567e9ba
Add StandaloneTemplateResponse 
This can be used by pages that do not have the full Nextcloud UI.
So notifications etc do not load there.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-02-06 11:26:18 +07:00
Roeland Jago Douma d88604015a
No need to emit additonalscript event on public pages 
There already is a separate event for this. This will make it possible
to only inject code with the logged in one on default rendered pages.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-02-05 20:59:36 +07:00
Roeland Jago Douma d182037bce
Emit to load additionalscripts 
Fixes #13662

This will fire of an event after a Template Response has been returned.
There is an event for the generic loading and one when logged in. So
apps can chose to load only on loged in pages.

This is a more generic approach than the files app event. As some things
we might want to load on other pages as well besides the files app.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-01-31 12:11:40 +07:00
Joas Schilling f8b74cf0a5
Allow resources via OCS as well 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2019-01-22 14:18:58 +07:00
Roeland Jago Douma ad676c0102
Set default frame-ancestors to 'self' 
For #13042

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-01-08 15:36:40 +07:00
Roeland Jago Douma 64244e1a4f
CSP: Allow fonts to be provided in data 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-01-07 15:07:06 +07:00
Roeland Jago Douma 54ff913de6
Cleanup middleware registering 
Fixes #12224

Since we only use the middleware at 1 location it makes no sense to
register them in each and every container.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-01-03 11:50:01 +07:00
Roeland Jago Douma 514426e27d
Only trust the X-FORWARDED-HOST header for trusted proxies 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-12-17 15:54:45 +07:00
Roeland Jago Douma 0e5147f001
Fix tests 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-11-02 19:20:37 +07:00
Oliver Wegner 401ca28f07 Adding handling of CIDR notation to trusted_proxies for IPv4 
Signed-off-by: Oliver Wegner <void1976@gmail.com>
 2018-10-30 09:15:42 +07:00
Roeland Jago Douma 579822b6a5
Add report-uri to CSP 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-10-21 13:38:32 +07:00
Roeland Jago Douma 5b61ef9213
Disallow unsafe-eval by default 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-10-14 20:45:34 +07:00
Roeland Jago Douma 8c1e75e052
Do not use file as template parameter 
Using file will overwrite the $file parameter in the template base.
Leading to trying to include a file that is the exception message. Which
will of course fail.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-08-09 16:45:25 +07:00
Roeland Jago Douma 5455045a9b
Fix direct access to authen page 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-06-20 08:57:13 +07:00
Roeland Jago Douma 1bb8bc8ff9
Add AuthPublicShareControllerTest 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-06-20 08:53:38 +07:00
Roeland Jago Douma 61e445da88
Add PublicShareControllerTests 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-06-20 08:53:38 +07:00
Roeland Jago Douma e7338173e8
Add PublicShareMiddlewareTest 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-06-20 08:53:37 +07:00
Roeland Jago Douma a34495933e
Move caching logic to response 
This avoids having to do it at all the places we want cached responses.

We can't inject the ITimeFactor without breaking public API.
However we can perfectly overwrite the service (resulting in the same
testable effect).

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-06-04 08:48:54 +07:00
Morris Jobke a2db959f5c
Merge pull request #8593 from eneiluj/master 
Allow public page access to apps with group restrictions
 2018-03-08 11:27:52 +07:00
Roeland Jago Douma 3ad7daeda5
Add tests 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-03-08 11:05:18 +07:00
Roeland Jago Douma d179186430
Remove testcase 
Since a token now always requires a string we don't need to test for
null

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-03-05 16:14:46 +07:00
Julius Härtl 5a4aa2b7dd
Add test for PublicTemplateResponse 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2018-02-27 12:25:53 +07:00
Morris Jobke a60d7a8563
Merge pull request #8541 from nextcloud/translate-permission-error-page 
Provide translated error message for permission error
 2018-02-26 17:50:21 +07:00
Morris Jobke cf35c4b03a
Provide translated error message for permission error 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-02-26 17:00:29 +07:00
Roeland Jago Douma 0ee45d3d20
Fix proper types 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-02-22 15:51:19 +07:00
Roeland Jago Douma ca9f364fd4
Fix tests 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-02-21 10:55:52 +07:00
Roeland Jago Douma 7405dfb544
Update tests 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-01-29 14:37:18 +07:00
Joas Schilling bf2be08c9f
Fix risky tests without assertions 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2018-01-25 11:33:25 +07:00
Joas Schilling 870023365c
Fix "Undefined method setExpectedException()" 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2018-01-24 18:10:16 +07:00
Morris Jobke 2a38605545
Properly log the full exception instead of only the message 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-01-23 10:57:21 +07:00
Morris Jobke c70927eaa0
Remove not needed 3rdparty app disabling during upgrade for PHP 5.x 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-01-19 14:00:27 +07:00
Joas Schilling 7bc9a69c3f
Remove deprecated core API 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2018-01-15 17:54:50 +07:00
Roeland Jago Douma 57050146f6
Move passwordconfirmation to its own midleware 
Add tests

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-01-02 21:58:14 +07:00
Bjoern Schiessle 1bcbeb24bc
disable password confirmation with SSO 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2018-01-02 20:30:37 +07:00
Bjoern Schiessle f0202245ee
allow 'Nextcloud' in the user agent string of Android 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2017-12-12 12:16:01 +07:00
Roeland Jago Douma b88db3a389 Merge pull request #6921 from nextcloud/appmanager-securitymiddleware 
Use proper DI for security middleware for app enabled check
 2017-10-24 19:58:24 +07:00
Morris Jobke 43e498844e
Use ::class in test mocks 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-10-24 17:45:32 +07:00
Morris Jobke ce0c45a4ea
Use proper DI for security middleware for app enabled check 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-10-24 15:36:28 +07:00
Roeland Jago Douma c257cd57d4
Handle SameSiteCookie check for index.php in AppFramework Middleware 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-09-24 21:07:16 +07:00
Thomas Citharel ecf347bd1a Add CSP frame-ancestors support 
Didn't set the @since annotation yet.

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2017-09-15 15:23:10 +07:00
Lukas Reschke f93a82b8b0
Remove explicit type hints for Controller 
This is public API and breaks the middlewares of existing apps. Since this also requires maintaining two different code paths for 12 and 13 I'm at the moment voting for reverting this change.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-08-01 17:32:03 +07:00
Morris Jobke 84c22fdeef Merge pull request #5907 from nextcloud/add-metadata-to-throttle-call 
Add metadata to \OCP\AppFramework\Http\Response::throttle
 2017-08-01 14:43:47 +07:00
Roeland Jago Douma f71dc7523f
Fix tests 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-07-31 16:54:19 +07:00
Roeland Jago Douma 3548603a88
Fix middleware implementations signatures 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-07-31 16:54:19 +07:00
Lukas Reschke f22ab3e665
Add metadata to \OCP\AppFramework\Http\Response::throttle 
Fixes https://github.com/nextcloud/server/issues/5891

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-07-27 14:17:45 +07:00
Roeland Jago Douma 0b495ceff8
Remove deprecated Controller Functions 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-07-20 11:03:12 +07:00
Lukas Reschke 8149945a91
Make BruteForceProtection annotation more clever 
This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware.

Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-04-13 23:05:33 +07:00
Lukas Reschke 31ae39c569
Add tests for multiple parameters 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-04-13 12:00:18 +07:00