357263a70b
Do not try to autoload built in types
...
This avoids calls to the autoloader (or chain of autoloaders) to see if
for example 'principalPrefix' class can be found. While we already know
it is a string.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-06-04 15:13:32 +02:00
b0c2042a28
Merge pull request #15714 from nextcloud/fix/204_304_rfc
...
Check the actual status code for 204 and 304
2019-05-24 19:51:01 +02:00
b0c030cbb5
Check the actual status code for 204 and 304
...
The header is the full http header like: HTTP/1.1 304 Not Modified
So comparing this to an int always yields false
This also makes the 304 RFC compliant as the resulting content length
should otherwise be the length of the message and not 0.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-05-24 15:18:32 +02:00
22ae682823
Make it possible to show admin settings for sub admins
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-05-23 20:31:40 +02:00
471827cb31
Make sure all middlewares are only registered once
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-05-06 11:28:18 +02:00
a3c9e5b11b
Add a message about disabled global routes
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-03-11 12:43:39 +01:00
4e8b033281
Make sure urlParams are correctly injected in global routes
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-03-11 12:30:44 +01:00
702dcfb728
Make names mandatory
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-03-01 20:56:16 +01:00
0e9903c420
Merge pull request #13969 from nextcloud/enh/additional_scripts_no_on_public_pages
...
No need to emit additonalscript event on public pages
2019-02-07 15:57:14 +01:00
60e5a5eca4
Do not do redirect handling when loggin out
...
Fixes #12568
Since the clearing of the execution context causes another reload. We
should not do the redirect_uri handling as this results in redirecting
back to the logout page on login.
This adds a simple middleware that will just check if the
ClearExecutionContext session variable is set. If that is the case it
will just redirect back to the login page.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-02-06 11:29:32 +01:00
b68567e9ba
Add StandaloneTemplateResponse
...
This can be used by pages that do not have the full Nextcloud UI.
So notifications etc do not load there.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-02-06 11:26:18 +01:00
d88604015a
No need to emit additonalscript event on public pages
...
There already is a separate event for this. This will make it possible
to only inject code with the logged in one on default rendered pages.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-02-05 20:59:36 +01:00
23245904d3
Merge pull request #13694 from b108/duplicate-functionality-in-request-class
...
Remove duplicate functionality
2019-02-01 11:28:25 +01:00
d182037bce
Emit to load additionalscripts
...
Fixes #13662
This will fire of an event after a Template Response has been returned.
There is an event for the generic loading and one when logged in. So
apps can chose to load only on loged in pages.
This is a more generic approach than the files app event. As some things
we might want to load on other pages as well besides the files app.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-01-31 12:11:40 +01:00
92edd40e51
Make RouteConfig strict
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-01-22 14:18:58 +01:00
f8b74cf0a5
Allow resources via OCS as well
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-01-22 14:18:58 +01:00
bf167ad3ac
Remove duplicate functionality
...
This functionality implemented in the next line:
$requestUri = preg_replace('%/{2,}%', '/', $requestUri);
2019-01-20 13:29:58 +04:00
54ff913de6
Cleanup middleware registering
...
Fixes #12224
Since we only use the middleware at 1 location it makes no sense to
register them in each and every container.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-01-03 11:50:01 +01:00
514426e27d
Only trust the X-FORWARDED-HOST header for trusted proxies
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-12-17 15:54:45 +01:00
411d2dece5
Merge pull request #11786 from nextcloud/feature/password_confirmation_backend
...
Expose password confirmation capabilities in the user backend
2018-11-06 00:44:18 +01:00
2452a3ec73
Properly query the methodreflector
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-02 19:20:37 +01:00
0e5147f001
Fix tests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-02 19:20:37 +01:00
bfb5ef4b29
The identityproof manager should be in Server
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-02 19:20:37 +01:00
8f833a309a
No need to register it also in the DI Container
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-02 19:20:37 +01:00
fbd0d0bdcf
The Encryption manager belongs in Server.php
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-02 19:20:37 +01:00
9c28d2d7c4
SearchResult should be difined in Server as it is a core component
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-02 19:20:37 +01:00
964ebed86c
The UserSession is constructed in the server
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-02 19:20:37 +01:00
b2501dbf9a
TimeFactory is already regsitsered in the Server Container
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-02 19:20:37 +01:00
61adb513fe
Request is already regsitered in the Server container
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-02 19:20:36 +01:00
421a40e7db
Was already registered in Server
...
The DIContainaer will query server anyways if it can't find it
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-02 19:20:35 +01:00
603b672a11
Update password confirmation middleware
...
If the userbackend doesn't allow validating the password for a given uid
then there is no need to perform this check.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-02 13:44:45 +01:00
dccfe4bf84
Merge pull request #12036 from olivermg/master
...
Add capability of specifying "trusted_proxies" entries in CIDR notation (IPv4)
2018-10-30 10:49:08 +01:00
c9e6a99637
Merge pull request #12085 from nextcloud/add-gss-to-excluded-backends
...
add global site selector as user back-end which doesn't support password confirmation
2018-10-30 10:16:07 +01:00
401ca28f07
Adding handling of CIDR notation to trusted_proxies for IPv4
...
Signed-off-by: Oliver Wegner <void1976@gmail.com>
2018-10-30 09:15:42 +01:00
85d9f06cb8
add global site selector as user back-end which doesn't support password confirmation
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-10-27 15:43:51 +02:00
986f4df2a5
Add REMOTE_ADDR to getHeader
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-10-25 22:26:49 +02:00
840dd4b39c
Allow to inject/mock `new \DateTime()` similar to time()
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-10-09 15:38:31 +02:00
dccbdc8c01
only catch QueryException when trying to build class
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2018-09-21 18:32:15 +02:00
9319d557a4
Add wrapper Logger in DIContainer
...
This makes sure that for example app for the context is always set.
We can in the future extend this to include more info.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-09-04 10:05:25 +02:00
c0a283fefb
ensure we always return an array from `Request::getParams`
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2018-08-28 18:11:42 +02:00
8c1e75e052
Do not use file as template parameter
...
Using file will overwrite the $file parameter in the template base.
Leading to trying to include a file that is the exception message. Which
will of course fail.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-08-09 16:45:25 +02:00
e7338173e8
Add PublicShareMiddlewareTest
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-20 08:53:37 +02:00
20e514690c
Don't allow public share pages if link sharing is disabled
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-20 08:53:37 +02:00
366981fba6
Move public preview endpoint over
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-20 08:53:37 +02:00
f36ef8ca80
Add the new PublicShareController and PublicShareMiddleware
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-20 08:53:35 +02:00
b4bacf46f3
Do not send a body for "No content", "Not modified" and others
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-05-04 13:46:13 +02:00
f5b143e318
Allow to inject ISearchResult
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-04-26 12:19:15 +02:00
38a90130ce
move log constants to ILogger
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-04-26 10:45:52 +02:00
129a608ebe
OCP\AppFramework\App strict
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-03-09 08:42:03 +01:00
a2db959f5c
Merge pull request #8593 from eneiluj/master
...
Allow public page access to apps with group restrictions
2018-03-08 11:27:52 +01:00
3ad7daeda5
Add tests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-03-08 11:05:18 +01:00
340e8ef16c
Make SecurityMiddleware strict
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-03-08 10:11:47 +01:00
1dd40b1f45
Single quotes
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-03-07 16:50:18 +01:00
559978c50e
Suppress phan error
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-03-07 16:43:16 +01:00
09d8387b00
Try without autoloading
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-03-06 13:56:44 +01:00
97c4c00e3f
Better debugging for "Your test case is not allowed to access the database."
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-03-05 16:06:29 +01:00
7da0812186
Do not throw AppNotEnabledException for app public pages - refs #6962 , refs #5309
...
It allows non-logged user to access public pages of applications restricted to a group
Signed-off-by: Julien Veyssier <eneiluj@posteo.net>
2018-02-28 20:35:53 +01:00
a60d7a8563
Merge pull request #8541 from nextcloud/translate-permission-error-page
...
Provide translated error message for permission error
2018-02-26 17:50:21 +01:00
cf35c4b03a
Provide translated error message for permission error
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-02-26 17:00:29 +01:00
043a824e6a
Fix comments
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-22 15:51:19 +01:00
0ee45d3d20
Fix proper types
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-22 15:51:19 +01:00
a229095af1
Make Request strict
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-22 15:51:19 +01:00
fb41a93a95
Merge pull request #8473 from nextcloud/strict_cmr
...
Strict OCP\AppFramework\Utility\IControllerMethodReflector
2018-02-21 22:56:40 +01:00
4859775893
Don't try to match on false
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-21 20:38:14 +01:00
aa060f5332
Strict OCP\AppFramework\Utility\IControllerMethodReflector
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-21 19:55:49 +01:00
ca9f364fd4
Fix tests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-21 10:55:52 +01:00
a773b055fc
Make the middlewareDispatcher strict
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-21 10:55:24 +01:00
bb0c7b2943
Make AppFramework/Http/Dispatcher strict
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-21 08:51:46 +01:00
cf83eb5e77
Merge pull request #8336 from nextcloud/cleanup-unused-parameter
...
Cleanup unused parameter
2018-02-20 10:16:59 +01:00
d3d045dd5c
Remove unused import statements
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-02-14 16:55:43 +01:00
d18d323f21
Remove fromMailAddress from MailSettingsController
...
Was removed in https://github.com/nextcloud/server/pull/4379 (0a54d5ahttps://github.com/nextcloud/server/pull/4380 (bae64e8
2018-02-13 21:40:38 +01:00
01482b32a1
Merge pull request #8062 from nextcloud/use-class
...
Use ::class statement instead of string
2018-01-29 15:25:08 +01:00
c0adfa4375
Don't perform CSRF check on OCS routes with Bearer auth
...
Fixes #5694
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-29 14:37:18 +01:00
eb51f06a3b
Use ::class statement instead of string
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-29 12:03:47 +01:00
870fe20acc
Use $var[] = $a instead of array_push - 2x faster
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-25 22:36:03 +01:00
2a38605545
Properly log the full exception instead of only the message
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-23 10:57:21 +01:00
4ef302c0be
Request->getHeader() should always return a string
...
PHPDoc (of the public API) says that this method returns string but it also returns null, which is not allowed in some method calls. This fixes that behaviour and returns an empty string and fixes all code paths that explicitly checked for null to be still compliant.
Found while enabling the strict_typing for lib/private for the PHP7+ migration.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-17 09:51:31 +01:00
7bc9a69c3f
Remove deprecated core API
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-01-15 17:54:50 +01:00
d44de92c31
Merge pull request #7838 from nextcloud/timefactory_strict
...
Make the ITimeFactory strict + return types
2018-01-15 09:27:37 +01:00
7ffd62bf95
Make the ITimeFactory strict + return types
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-14 21:55:40 +01:00
704133d732
Remove deprecated functions from DI Container
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-13 19:29:52 +01:00
57050146f6
Move passwordconfirmation to its own midleware
...
Add tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-02 21:58:14 +01:00
1bcbeb24bc
disable password confirmation with SSO
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-01-02 20:30:37 +01:00
ca70694502
Also check for empty content lenth
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-12-14 21:48:59 +01:00
31c5c2a592
Change @georgehrke's email
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 20:38:59 +01:00
0eebff152a
Update license headers
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 16:56:19 +01:00
b88db3a389
Merge pull request #6921 from nextcloud/appmanager-securitymiddleware
...
Use proper DI for security middleware for app enabled check
2017-10-24 19:58:24 +02:00
ce0c45a4ea
Use proper DI for security middleware for app enabled check
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-10-24 15:36:28 +02:00
4cfa1c66b8
Doc: Fix phpDoc issues
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-10-23 23:23:56 +02:00
c257cd57d4
Handle SameSiteCookie check for index.php in AppFramework Middleware
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-09-24 21:07:16 +02:00
c4b3198ac2
Rethrow the correct exception when there was an error in an app container
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-12 11:54:13 +02:00
9524badccc
extend the identity proof manager to allow system wide key pairs
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-08-10 14:27:35 +02:00
9717cdfb9e
If there is no content don't error
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-09 15:51:13 +02:00
f93a82b8b0
Remove explicit type hints for Controller
...
This is public API and breaks the middlewares of existing apps. Since this also requires maintaining two different code paths for 12 and 13 I'm at the moment voting for reverting this change.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-01 17:32:03 +02:00
84c22fdeef
Merge pull request #5907 from nextcloud/add-metadata-to-throttle-call
...
Add metadata to \OCP\AppFramework\Http\Response::throttle
2017-08-01 14:43:47 +02:00
6010c4f267
Merge pull request #5877 from nextcloud/typehint_middleware
...
Prop argument type for Middleware
2017-08-01 14:28:16 +02:00
ede15f0988
Fix L10N::t
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-01 08:20:17 +02:00
3548603a88
Fix middleware implementations signatures
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-07-31 16:54:19 +02:00
f22ab3e665
Add metadata to \OCP\AppFramework\Http\Response::throttle
...
Fixes https://github.com/nextcloud/server/issues/5891
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-27 14:17:45 +02:00
5f227bd93b
More phpstorm inspection fixes
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-07-24 11:39:29 +02:00
7c2d473d76
add new config switched for the global scale architecture
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-05-29 18:19:28 +02:00
72c1b24844
Check whether the $_SERVER['REQUEST_*'] vars exist before using them
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-05-15 14:33:27 +02:00
bdc7bb1f26
Add IPv6 to “localhost” regex ( #440 )
...
Signed-off-by: Oliver Hanraths <olli@coderkun.de>
2017-05-14 21:29:03 +02:00
ca39940614
Automatic creation of Identity manager
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-05-10 09:45:11 +02:00
c54a59d51e
Remove unused use statements
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-22 19:23:31 -05:00
d12ec7cff1
Revert "Match slashes in ../{id} resource routes"
...
This reverts commit 31f9be7a75
2017-04-18 21:50:36 +02:00
8149945a91
Make BruteForceProtection annotation more clever
...
This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware.
Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 23:05:33 +02:00
d0c0f6cfc1
Merge pull request #4326 from nextcloud/downstream-27562
...
Reorder the entries of the log for easier reading
2017-04-13 13:11:47 -05:00
695696a4a6
Use constants
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:04:32 -05:00
a1ae5275f9
Move to dedicated MiddleWare
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 12:00:17 +02:00
511524c668
Add isset() as it can be an empty result
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 12:00:17 +02:00
d729bde98c
Register in ServerContainer
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 12:00:16 +02:00
66835476b5
Add support for ratelimiting via annotations
...
This allows adding rate limiting via annotations to controllers, as one example:
```
@UserRateThrottle(limit=5, period=100)
@AnonRateThrottle(limit=1, period=100)
```
Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 12:00:16 +02:00
38e5135cb9
Reorder the entries of the log for easier reading
2017-04-12 13:03:19 +02:00
fa4107893d
Merge pull request #4138 from nextcloud/resources_match_fullid
...
Match slashes in ../{id} resource routes
2017-04-04 15:52:53 -05:00
31f9be7a75
Match slashes in ../{id} resource routes
...
Fixes #2954
Before we could match on <prefix>/{id} however if the id contains a /
this would not match properly. But since we define the resource routes
internally we now make sure that we match all chars (up until the ?).
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-04 08:37:11 +02:00
2a9192334e
Don't try to parse empty body if there is no body
...
Fixes #3890
If we do a put request without a body the current code still tries to
read the body. This patch makes sure that we do not try to read the body
if the content length is 0.
See RFC 2616 Section 4.3
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-04 08:22:33 +02:00
3f86f1276f
Also cache the namespace from appinfo
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-22 11:50:31 +01:00
5695a4ec92
Don't do a recursive search
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-22 10:44:13 +01:00
9208f6379c
buildAppNamespace already has the fallback
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-22 10:13:14 +01:00
67909cf87b
Make DI work for all apps
...
As stated in https://github.com/nextcloud/server/pull/3901#issuecomment-288135309
appid's don't have to match the namespace.
Work around this
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-21 20:53:37 +01:00
92f50c7d87
Core is also a special app
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-21 10:42:33 +01:00
48c34522ed
Move a lot of stuff over to the ServerContainer
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-21 10:29:59 +01:00
c92b9ce2c4
Fix settings tests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-21 08:52:20 +01:00
21641302a9
Add DI intergration tests
...
* Moved some interface definitions to Server.php (more to come)
* Build/Query only for existing classes in the AppContainer
* Build/Query only for classes of the App in the AppContainer
* Offload other stuff to the servercontainer
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-21 08:52:20 +01:00
7cece61ff6
Extend DI tests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-21 08:52:20 +01:00
246e9ce547
More elegant handling of recursion
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-21 08:52:20 +01:00
df14684817
PoC of moving the interface classes to the servercontainer
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-21 08:52:20 +01:00
886202123c
Update query method for DIContainer
...
To align with https://github.com/nextcloud/server/issues/2043#issuecomment-287348294
This would mean that AppContainers only hold the AppSpecific services
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-21 08:52:17 +01:00
8626ccab1c
dont require strict same site cookies for ocs requests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-03-09 16:48:48 +01:00
f8c459f1a4
Merge pull request #3607 from nextcloud/api-to-resend-welcome-message
...
OCS API endpoint to resend welcome message
2017-03-03 13:50:30 +01:00
e399097e3a
Remove deprecated OC_User::isLoggedIn
...
Signed-off-by: Sebastian Wessalowski <sebastian@wessalowski.org>
2017-03-02 22:59:39 +01:00
552921d429
Fix injection of defaults
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-02-28 16:30:34 -06:00
50f3efad6f
OCS API endpoint to resend welcome message
...
* send a POST request to ocs/v1.php/cloud/users/USERNAME/resendWelcomeMessage to trigger
the welcome message to be send
* fixes #3367
example curl statement:
curl -i https://example.org/ocs/v1.php/cloud/users/USERNAME/welcome -H "OCS-APIRequest: true" -u admin:password -X POST
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-02-28 16:30:33 -06:00
0be2921966
Fix DI of the cloud id manager into apps
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-02-14 12:47:46 +01:00
dfaaebd765
Merge pull request #3417 from nextcloud/push-notification
...
Push notification
2017-02-10 16:00:47 -06:00
33fb86f68b
Fix detection of the new iOS app
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-02-10 10:10:21 +01:00
efdc51c155
Make sure to use the right appdata directory
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-02-09 15:03:00 +01:00
5e728d0eda
oc_token should be nc_token
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-02-02 21:56:44 +01:00
5bad417e57
Merge pull request #2044 from nextcloud/login-credential-store
...
Login credential store
2017-01-30 19:30:04 -06:00
32e0ec3e58
handle optional annotation parameters
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-01-18 15:25:16 +01:00
29a0a23918
Fix the regex for annotations with values
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-01-18 15:25:16 +01:00
df296249d6
introduce brute force protection for api calls
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-01-18 15:25:15 +01:00
a6dca9e7a0
add login credential store
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-01-11 19:20:09 +01:00
bc3da3a8f5
Remove IDb interface which was deprecated for 3 years already
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-12-14 11:42:16 +01:00
61e15988a0
Allow to overwrite the message which we already do in SubadminMiddleware
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-12-08 16:23:49 +01:00
d86b29b42b
Merge pull request #2066 from nextcloud/fix-redirect-double-encoding
...
do not double encode the redirect url
2016-11-29 17:21:43 +01:00
da9468522b
Add an event merger and use it for the files activities
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-25 15:36:11 +01:00
a05b8b7953
Harden cookies more appropriate
...
This adds the __Host- prefix to the same-site cookies. This is a small but yet nice security hardening.
See https://googlechrome.github.io/samples/cookie-prefixes/ for the implications.
Fixes https://github.com/nextcloud/server/issues/1412
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-23 12:53:44 +01:00
332eaec4c0
Merge pull request #1447 from nextcloud/password-confirmation-for-some-actions
...
Password confirmation for some actions
2016-11-18 15:42:30 +01:00
Roeland Jago Douma
Roeland Jago Douma
Christoph Wurst
Joas Schilling
Morris Jobke
b108@volgograd
Oliver Wegner
Bjoern Schiessle
Daniel Kesselberg
Robin Appelman
Arthur Schiwon
Julien Veyssier
Julius Härtl
Lukas Reschke
coderkun
Juan Pablo Villafáñez
Sebastian Wessalowski