Commit Graph

156 Commits

Author SHA1 Message Date
Bernhard Posselt c8e3599cad disallow cookie auth for cors requests
testing ...

fixes

fix test

add php doc

fix small mistake

add another phpdoc

remove not working cors annotations from files app
2015-05-22 14:06:26 +02:00
Lukas Reschke a62190a72d Add support for disallowing domains to the ContentSecurityPolicy
For enhanced security it is important that there is also a way to disallow domains, including the default ones.

With this commit every method gets added a new "disallow" function.
2015-05-20 11:44:37 +02:00
Bernhard Posselt df24a014b8 If the execute method on the mapper receives an assoc array, it binds by value instead of index 2015-03-19 17:08:46 +01:00
Lukas Reschke b29940d956 Add support for 'child-src' directive
This is required when working with stuff such as PDF.js in the files_pdfviewer application. Opt-in only.

Master change only because the stable CSP policies has a failback that allows nearly anything 🙈
2015-02-28 12:27:46 +01:00
Bernhard Posselt 95239ad21e AppFramework StreamResponse
First stab at the StreamResponse, see #12988

The idea is to use an interface ICallbackResponse (I'm not 100% happy with the name yet, suggestions?) that allow the response to output things in its own way, for instance stream the file using readfile

Unittests are atm lacking, plan is to

check if a mock of ICallbackResponse will be used by calling its callback (also unhappy with this name) method
Usage is:

$response = new StreamResponse('path/to/file');

rename io to output, add additional methods and handle error and not modified cases when using StreamResponse

fix indention and uppercasing, also handle forbidden cases

fix indention

fix indention

no forbidden, figuring out if a file is really readable is too complicated to get to work across OSes and streams

remove useless import

remove useless import

fix intendation
2015-02-27 15:42:33 +01:00
Bernhard Posselt f993ed823e fix tabs and spaces 2015-02-25 22:21:24 +01:00
Bernhard Posselt aaf753bc9a fix mappertestutility 2015-02-25 22:21:24 +01:00
Bernhard Posselt 7b2fdbfb0b use IDBConnection and close cursors after insert/update/delete 2015-02-25 22:21:24 +01:00
Lukas Reschke 1c6eae9017 Get the real protocol behind several proxies
X-Forwarded-Proto contains a list of protocols if ownCloud is behind multiple reverse proxies.

This is a revival of https://github.com/owncloud/core/pull/11157 using the new IRequest public API.
2015-02-24 12:24:55 +01:00
Lukas Reschke fcc5f5a4f4 Merge pull request #13777 from owncloud/close-cursor
Close cursor for appframework and manipulation queries if applicable
2015-02-20 20:15:22 +01:00
Clark Tomlinson 8d09cc3b91 Merge pull request #13989 from owncloud/enhancment/security/11857
Allow AppFramework applications to specify a custom CSP header
2015-02-18 10:27:29 -05:00
Lukas Reschke 886bda5f81 Refactor OC_Request into TrustedDomainHelper and IRequest
This changeset removes the static class `OC_Request` and moves the functions either into `IRequest` which is accessible via `\OC::$server::->getRequest()` or into a separated `TrustedDomainHelper` class for some helper methods which should not be publicly exposed.

This changes only internal methods and nothing on the public API. Some public functions in `util.php` have been deprecated though in favour of the new non-static functions.

Unfortunately some part of this code uses things like `__DIR__` and thus is not completely unit-testable. Where tests where possible they ahve been added though.

Fixes https://github.com/owncloud/core/issues/13976 which was requested in https://github.com/owncloud/core/pull/13973#issuecomment-73492969
2015-02-16 22:13:00 +01:00
Lukas Reschke a9d1a01440 Rename to allowEval 2015-02-16 12:30:21 +01:00
Lukas Reschke b20174bdad Allow AppFramework applications to specify a custom CSP header
This change allows AppFramework applications to specify a custom CSP header for example when the default policy is too strict. Furthermore this allows us to partially migrate away from CSS and allowed eval() in our JavaScript components.

Legacy ownCloud components will still use the previous policy. Application developers can use this as following in their controllers:
```php
$response = new TemplateResponse('activity', 'list', []);
$cspHelper = new ContentSecurityPolicyHelper();
$cspHelper->addAllowedScriptDomain('www.owncloud.org');
$response->addHeader('Content-Security-Policy', $cspHelper->getPolicy());
return $response;
```

Fixes https://github.com/owncloud/core/issues/11857 which is a pre-requisite for https://github.com/owncloud/core/issues/13458 and https://github.com/owncloud/core/issues/11925
2015-02-16 11:00:41 +01:00
Lukas Reschke bd5440a8a3 Merge pull request #13780 from owncloud/cmreflector-inheritance
Additional controllermethodreflector inheritance tests
2015-02-12 18:34:07 +01:00
Thomas Müller c60dabd11b Request requires a second parameter 2015-02-09 23:06:55 +01:00
Vincent Petry 5296767393 Merge pull request #13921 from owncloud/ocs-af
Add a controller and reponse for ocs
2015-02-09 18:11:47 +01:00
Lukas Reschke 770fa761b8 Respect `mod_unique_id` and refactor `OC_Request::getRequestId`
When `mod_unique_id` is enabled the ID generated by it will be used for logging. This allows for correlation of the Apache logs and the ownCloud logs.

Testplan:

- [ ] When `mod_unique_id` is enabled the request ID equals the one generated by `mod_unique_id`.
- [ ] When `mod_unique_id` is not available the request ID is a 20 character long random string
- [ ] The generated Id is stable over the lifespan of one request

Changeset looks a little bit larger since I had to adjust every unit test using the HTTP\Request class for proper DI.

Fixes https://github.com/owncloud/core/issues/13366
2015-02-09 11:53:11 +01:00
Bernhard Posselt 9873aa3d9e fix license email 2015-02-05 14:10:16 +01:00
Bernhard Posselt b89ddcfe41 fix license email 2015-02-05 14:09:01 +01:00
Bernhard Posselt fdc64e370c add a controller and reponse for ocs 2015-02-05 14:02:17 +01:00
Bernhard Posselt 81836ccc7e another test for overriding the docblock 2015-01-29 20:35:07 +01:00
Bernhard Posselt 72d2b6f723 additional inheritance tests 2015-01-29 20:33:05 +01:00
Bernhard Posselt 84a47645b9 fix indention 2015-01-29 20:10:29 +01:00
Bernhard Posselt 983563d7d9 add tests for closing the cursor 2015-01-29 19:23:57 +01:00
Bernhard Posselt 37e8969d34 ignore cursorclosing 2015-01-29 19:16:28 +01:00
Bernhard Posselt bb0c88a577 always set url parameters when they are available in the app dispatch
prefer url parameters passed into the main method. If they are not present, use the containers urlParameters

add space
2015-01-15 15:22:52 +01:00
Bernhard Posselt f195123765 Intelligent container
* resolves dependencies by type hint or variable name
* simpler route.php
* implementation of https://github.com/owncloud/core/issues/12829

Generates and injects parameters automatically. You can now build full classes like

    $c->query('MyClassName')

without having to register it as a service. The resolved object's instance will be saved by using registerService. If a constructor parameter is not type hinted, the parameter name will be taken.

Therefore the following two implementations are identical:

    class Class1 { function __construct(MyClassName $class)
    class Class1 { function __construct($MyClassName)

This makes it possible to also inject primitive values such as strings, arrays etc.

In addition if the query could not be resolved, a `QueryException` is now thrown

Routes can now be returned as an array from `routes.php` and an `appinfo/application.php` is optional

Old commit messages:

make it possible to return the routes instead of having to intialize the application
try to get the controller by convention
add first implementation of automatic resolve
add another test just to be sure
store the resolved object
more tests
add phpdoc to public app.php method
use the same variable for the public app.php method
deprecate old methods and add services for public interfaces
deprecated getServer method
disallow private api injection for apps other than core or settings (settings should be an app goddamnit :D)
register userid because its such an often used variable
fix indention and leading slash
use test namespace
add deprecation reasons, remove private api usage checks and remove deprecation from getServer()
add additional public interfaces
add public interface for rootfolder
fix syntax error
remove deprecation from methods where no alternative is there yet
remove deprecated from method which has no alternative
add timezone public service for #12881
add another deprecation hint
move deprecation into separate branch
remove dead comment
first try to get the namespace from the info.xml, if it does not exist, just uppercase the first letter
also trim the namespace name
add an interface for timefactory
move timefactory to public and add icontrollermethodreflector
keep core interface
fix copyright date in headers
2014-12-23 09:50:42 +01:00
Morris Jobke b6975143ff Merge pull request #12619 from owncloud/use-also-original-hea
Merge headers
2014-12-04 16:59:42 +01:00
Lukas Reschke d2e8358da2 Fix unit test 2014-12-04 15:54:32 +01:00
Morris Jobke bf1b62a34a PHP < 5.4 is not supported anymore - see #12606 2014-12-04 11:05:45 +01:00
Morris Jobke 2c5e4b3d3f Remove last traces of travis integration 2014-12-04 10:09:13 +01:00
Lukas Reschke 048139074d Add functions to modify cookies to response class
Currently there is no AppFramework way to modify cookies, which makes it unusable for quite some use-cases or results in untestable code.

This PR adds some basic functionalities to add and invalidate cookies.

Usage:
```php
$response = new TemplateResponse(...);
$response->addCookie('foo', 'bar');
$response->invalidateCookie('foo');
$response->addCookie('bar', 'foo', new \DateTime('2015-01-01 00:00'));
```

Existing cookies can be accessed with the AppFramework using `$this->request->getCookie($name)`.
2014-11-27 14:19:00 +01:00
Thomas Müller ddacd7f900 Merge pull request #12294 from owncloud/route-postfix
Add route postfix to allow url versioning when only the http method changed
2014-11-24 16:32:54 +01:00
Joas Schilling 6202ca33ba Make remaining files extend the test base 2014-11-19 14:53:59 +01:00
Bernhard Posselt 4e90c44301 add postfix
add postfix
2014-11-19 12:01:42 +01:00
Lukas Reschke cd5925036a Check if app is enabled for user
Fixes https://github.com/owncloud/core/issues/12188 for AppFramework apps
2014-11-15 11:13:55 +01:00
Bernhard Posselt 91a23bfa9c fix typo in content type 2014-11-05 12:04:56 +01:00
Thomas Müller f776bcd4a0 remove unnecessary require calls - the ownCloud class loader is supposed to take care of this 2014-10-30 17:20:40 +01:00
Bernhard Posselt 0696099bad add dataresponse
fix docstrings

adjust copyright date

another copyright date update

another header update

implement third headers argument, fix indention, fix docstrings

fix docstrings
2014-10-29 09:43:47 +01:00
Thomas Müller 02c5933af8 introduce SessionMiddleWare to control session handling via an annotation 2014-10-22 12:44:19 +02:00
Patrick Paysant cb5416b798 Allow default values for route parameters. 2014-09-09 23:00:29 +02:00
Oliver Gasser 47a2e31c93 Make Entity properties ```protected``` as in docs
Entity properties are marked as ```protected``` to correctly reflect the
documentation.

See also owncloud/documentation@644f2eedac
2014-08-27 13:31:51 +02:00
Morris Jobke e717833b07 mark tests as skipped - TODO travis
* swift causes some timeouts and test failures
2014-08-05 18:35:47 +02:00
Thomas Müller 9ee8c60b5f kill unused require of MapperTestUtility.php 2014-07-17 16:35:00 +02:00
Thomas Müller d430e743b3 fixing namespace of MapperTestUtility
and rename file to be lowercase
2014-07-17 11:22:27 +02:00
Morris Jobke 9ee1c7ff71 Merge pull request #9228 from owncloud/remove-routing-singular-issues
Routing: Dont strip the s from the resource id to prevent possible weird behavior with irregular english plural nouns
2014-07-14 17:10:07 +02:00
Morris Jobke d31e532780 fix redirect URL unit test 2014-07-02 01:06:58 +02:00
Bernhard Posselt 2662c4c61b use id instead of resourceId 2014-06-26 14:20:35 +02:00
Bernhard Posselt 5496ca234b dont strip the s from the resource 2014-06-26 14:02:20 +02:00
Bernhard Posselt 93169eca1e also handle lowercase headers 2014-06-11 01:20:09 +02:00
Bernhard Posselt 1002281dae handle http accept headers more gracefully 2014-06-11 00:54:25 +02:00
Bernhard Posselt 587a8df566 remove controller serializers 2014-06-05 18:00:36 +02:00
Bernhard Posselt d5e48a4806 fix assertions 2014-05-28 15:23:57 +02:00
Bernhard Posselt 5e9ea2b365 fix 8757, get rid of service locator antipattern 2014-05-28 02:15:16 +02:00
Bernhard Posselt 9e36c33104 use fetch method instead of fetchRow because fetchRow is only an owncloud internal alias that exists purely for compability 2014-05-14 01:09:48 +02:00
Bernhard Posselt a152e320f6 make it possible to omit parameters and use the default parameters from the controller method 2014-05-13 10:40:49 +02:00
Morris Jobke 6499995474 Merge pull request #8477 from owncloud/better-controllers
Better appframework controllers
2014-05-12 01:07:49 +02:00
Morris Jobke 7a6ff56b13 Merge pull request #8274 from owncloud/appframework-db
Port database layer from appframework to core
2014-05-12 00:12:19 +02:00
Bernhard Posselt 63f2f16b85 use new controllermethodreflector for corsmiddleware 2014-05-11 17:55:59 +02:00
Bernhard Posselt 1d45239c65 adjust license headers to new mail address 2014-05-11 17:54:08 +02:00
Bernhard Posselt cb666c18d6 rename formatter to responder, formatResponse to buildResponse 2014-05-11 17:54:08 +02:00
Bernhard Posselt d8da79cab0 add test for not failing when adding more comments after type parameters, do not limit x-www-form-urlencoded to POST 2014-05-11 17:54:08 +02:00
Bernhard Posselt 80648da431 implement most of the basic stuff that was suggested in #8290 2014-05-11 17:54:08 +02:00
Bernhard Posselt 9a4d204b55 add cors middleware
remove methodannotationreader namespace

fix namespace for server container

fix tests

fail if with cors credentials header is set to true, implement a reusable preflighted cors method in the controller baseclass, make corsmiddleware private and register it for every request

remove uneeded  local in cors middleware registratio

dont uppercase cors to easily use it from routes

fix indention

comment fixes

explicitely set allow credentials header to false

dont depend on better controllers PR, fix that stuff later

split cors methods to be in a seperate controller for exposing apis

remove protected definitions from apicontroller since controller has it
2014-05-09 23:34:41 +02:00
Bernhard Posselt 5199e4508a dont update entity and dont run an update query if an entity wasnt changed at all 2014-04-23 13:43:17 +02:00
Bernhard Posselt 7e447f4f42 make download and redirectresponse public 2014-04-20 16:12:46 +02:00
Bernhard Posselt 309aa3bcd2 fix phpdoc for entities 2014-04-20 02:55:59 +02:00
Bernhard Posselt 4a7e0561ca move db into iservercontainer 2014-04-19 19:30:12 +02:00
Bernhard Posselt 0fe4db0992 remove unusued variable 2014-04-19 16:02:15 +02:00
Bernhard Posselt f4bc5ee863 remove unusued variable 2014-04-19 16:00:19 +02:00
Bernhard Posselt 93237d87ec fix scrutinizer issues 2014-04-19 15:25:36 +02:00
Bernhard Posselt f260951825 port database layer from appframework to core 2014-04-19 14:56:16 +02:00
Morris Jobke 5a1a056c6d Merge pull request #8183 from owncloud/move-security-headers
Move security headers
2014-04-16 23:46:20 +02:00
Lukas Reschke b04d95b116 Remove uneeded usages of nosniff 2014-04-13 12:48:16 +02:00
Bernhard Posselt 62cce982bb default to GET request when no method is set to fix unittests, also set parsed json parameters on the post attribute 2014-04-12 16:17:49 +02:00
Bernhard Posselt 70c88027db add requirements to routing 2014-04-09 21:57:32 +02:00
Thomas Müller 73ac3d0fcd Merge pull request #7643 from owncloud/chainable_response
Chainable Response in AppFramework
2014-04-08 22:42:43 +02:00
Bart Visscher 6b061c236d Merge branch 'master' into type-hinting
Conflicts:
	lib/private/image.php
	lib/private/l10n.php
	lib/private/request.php
	lib/private/share/mailnotifications.php
	lib/private/template/base.php
2014-03-31 21:38:54 +02:00
Robin Appelman 8ab7d18a6a Move the router classes to a namespace and expose it with a public interface 2014-03-10 14:04:58 +01:00
Thomas Tanghus 8f6ea900f2 Chainable Response in AppFramework 2014-03-09 23:01:16 +01:00
Bart Visscher 35a8dfb2fa More PHPDoc fixes, using scrutinizer patches as hints 2014-02-28 13:53:41 +01:00
Jörn Friedrich Dreyer 39f2f564a9 use assertSame and assertNotSame for etag checks 2014-02-27 09:39:34 +01:00
Scrutinizer Auto-Fixer adaee6a5a1 Scrutinizer Auto-Fixes
This patch was automatically generated as part of the following inspection:
https://scrutinizer-ci.com/g/owncloud/core/inspections/cdfecc4e-a37e-4233-8025-f0d7252a8720

Enabled analysis tools:
 - PHP Analyzer
 - JSHint
 - PHP Copy/Paste Detector
 - PHP PDepend
2014-02-19 09:31:54 +01:00
Thomas Tanghus ad017285e1 Fix namespace for OCP\Appframework\Http
To avoid having to use OCP\Appframework\Http\Http in the public - and stable
- API OCP\Appframework\Http is now both a class and a namespace.
2013-10-23 05:57:34 +02:00
Thomas Müller cdaa1db0d1 re-enable test in SecurityMiddlewareTest 2013-10-16 16:33:56 +02:00
Thomas Müller fdeef5e874 Merge branch 'master' into fixing-appframework-master
Conflicts:
	lib/private/appframework/middleware/security/securitymiddleware.php
	tests/lib/appframework/middleware/security/SecurityMiddlewareTest.php
2013-10-16 15:45:55 +02:00
Thomas Müller c3f7d22adc Merge pull request #5067 from owncloud/urlParams_fix
Get urlParams registered before Request is instantiated
2013-10-16 06:42:09 -07:00
Thomas Tanghus d75d80ba13 OCP\AppFramework\Controller\Controller => OCP\AppFramework\Controller 2013-10-11 10:07:57 +02:00
Thomas Müller 3ea2dfa5f9 remove getTrans() from API class 2013-10-07 11:36:38 +02:00
Thomas Müller 1e5012fc1d fixing all appframework unit tests 2013-10-07 11:25:50 +02:00
Thomas Tanghus c85621a897 Make abstract Middleware class public
It doesn't make sense for subclasses to have to implement
all methods.
2013-10-05 16:59:06 +02:00
Thomas Tanghus aedc427ffd Fix fix of POST :P 2013-10-03 03:56:37 +02:00
Thomas Tanghus 965ce5719f Modified PUT behaviour
Now only non-parable PUT requests return a stream resource.
2013-10-02 22:13:40 +02:00
Thomas Tanghus 7cd8088845 Add assertions for ->params and array access with json 2013-10-01 20:15:03 +02:00
Thomas Tanghus 973bcccd7c Implement PUT an PATCH support 2013-10-01 20:13:13 +02:00
Thomas Tanghus bdad7697ac Check if accessor matched request method.
It's easier to find errors in the code if an exception is thrown.
2013-10-01 20:13:13 +02:00
Thomas Tanghus 8603f956ab Get urlParams registered before Request is instantiated 2013-10-01 19:03:34 +02:00
Thomas Tanghus 8b4f4a79e2 Still some session leftovers. 2013-09-17 19:46:08 +02:00
Thomas Müller aa979f5dff cleanup of tests 2013-08-21 00:44:39 +02:00