nextcloud

Commit Graph

Author	SHA1	Message	Date
Joas Schilling	97c4c00e3f	Better debugging for "Your test case is not allowed to access the database." Signed-off-by: Joas Schilling <coding@schilljs.com>	2018-03-05 16:06:29 +01:00
Julien Veyssier	7da0812186	Do not throw AppNotEnabledException for app public pages - refs #6962 , refs #5309 It allows non-logged user to access public pages of applications restricted to a group Signed-off-by: Julien Veyssier <eneiluj@posteo.net>	2018-02-28 20:35:53 +01:00
Morris Jobke	a60d7a8563	Merge pull request #8541 from nextcloud/translate-permission-error-page Provide translated error message for permission error	2018-02-26 17:50:21 +01:00
Morris Jobke	cf35c4b03a	Provide translated error message for permission error Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2018-02-26 17:00:29 +01:00
Roeland Jago Douma	043a824e6a	Fix comments Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-02-22 15:51:19 +01:00
Roeland Jago Douma	0ee45d3d20	Fix proper types Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-02-22 15:51:19 +01:00
Roeland Jago Douma	a229095af1	Make Request strict Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-02-22 15:51:19 +01:00
Roeland Jago Douma	fb41a93a95	Merge pull request #8473 from nextcloud/strict_cmr Strict OCP\AppFramework\Utility\IControllerMethodReflector	2018-02-21 22:56:40 +01:00
Roeland Jago Douma	4859775893	Don't try to match on false Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-02-21 20:38:14 +01:00
Roeland Jago Douma	aa060f5332	Strict OCP\AppFramework\Utility\IControllerMethodReflector Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-02-21 19:55:49 +01:00
Roeland Jago Douma	ca9f364fd4	Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-02-21 10:55:52 +01:00
Roeland Jago Douma	a773b055fc	Make the middlewareDispatcher strict Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-02-21 10:55:24 +01:00
Roeland Jago Douma	bb0c7b2943	Make AppFramework/Http/Dispatcher strict Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-02-21 08:51:46 +01:00
Roeland Jago Douma	cf83eb5e77	Merge pull request #8336 from nextcloud/cleanup-unused-parameter Cleanup unused parameter	2018-02-20 10:16:59 +01:00
Morris Jobke	d3d045dd5c	Remove unused import statements Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2018-02-14 16:55:43 +01:00
Morris Jobke	d18d323f21	Remove fromMailAddress from MailSettingsController Was removed in https://github.com/nextcloud/server/pull/4379 (`0a54d5a`) and https://github.com/nextcloud/server/pull/4380 (`bae64e8`) Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2018-02-13 21:40:38 +01:00
Morris Jobke	01482b32a1	Merge pull request #8062 from nextcloud/use-class Use ::class statement instead of string	2018-01-29 15:25:08 +01:00
Roeland Jago Douma	c0adfa4375	Don't perform CSRF check on OCS routes with Bearer auth Fixes #5694 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-01-29 14:37:18 +01:00
Morris Jobke	eb51f06a3b	Use ::class statement instead of string Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2018-01-29 12:03:47 +01:00
Morris Jobke	870fe20acc	Use $var[] = $a instead of array_push - 2x faster Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2018-01-25 22:36:03 +01:00
Morris Jobke	2a38605545	Properly log the full exception instead of only the message Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2018-01-23 10:57:21 +01:00
Morris Jobke	4ef302c0be	Request->getHeader() should always return a string PHPDoc (of the public API) says that this method returns string but it also returns null, which is not allowed in some method calls. This fixes that behaviour and returns an empty string and fixes all code paths that explicitly checked for null to be still compliant. Found while enabling the strict_typing for lib/private for the PHP7+ migration. Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2018-01-17 09:51:31 +01:00
Joas Schilling	7bc9a69c3f	Remove deprecated core API Signed-off-by: Joas Schilling <coding@schilljs.com>	2018-01-15 17:54:50 +01:00
Roeland Jago Douma	d44de92c31	Merge pull request #7838 from nextcloud/timefactory_strict Make the ITimeFactory strict + return types	2018-01-15 09:27:37 +01:00
Roeland Jago Douma	7ffd62bf95	Make the ITimeFactory strict + return types Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-01-14 21:55:40 +01:00
Roeland Jago Douma	704133d732	Remove deprecated functions from DI Container Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-01-13 19:29:52 +01:00
Roeland Jago Douma	57050146f6	Move passwordconfirmation to its own midleware Add tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-01-02 21:58:14 +01:00
Bjoern Schiessle	1bcbeb24bc	disable password confirmation with SSO Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	2018-01-02 20:30:37 +01:00
Roeland Jago Douma	ca70694502	Also check for empty content lenth Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-12-14 21:48:59 +01:00
Morris Jobke	31c5c2a592	Change @georgehrke's email Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2017-11-06 20:38:59 +01:00
Morris Jobke	0eebff152a	Update license headers Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2017-11-06 16:56:19 +01:00
Roeland Jago Douma	b88db3a389	Merge pull request #6921 from nextcloud/appmanager-securitymiddleware Use proper DI for security middleware for app enabled check	2017-10-24 19:58:24 +02:00
Morris Jobke	ce0c45a4ea	Use proper DI for security middleware for app enabled check Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2017-10-24 15:36:28 +02:00
Julius Härtl	4cfa1c66b8	Doc: Fix phpDoc issues Signed-off-by: Julius Härtl <jus@bitgrid.net>	2017-10-23 23:23:56 +02:00
Roeland Jago Douma	c257cd57d4	Handle SameSiteCookie check for index.php in AppFramework Middleware Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-09-24 21:07:16 +02:00
Joas Schilling	c4b3198ac2	Rethrow the correct exception when there was an error in an app container Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-09-12 11:54:13 +02:00
Bjoern Schiessle	9524badccc	extend the identity proof manager to allow system wide key pairs Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	2017-08-10 14:27:35 +02:00
Roeland Jago Douma	9717cdfb9e	If there is no content don't error Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-08-09 15:51:13 +02:00
Lukas Reschke	f93a82b8b0	Remove explicit type hints for Controller This is public API and breaks the middlewares of existing apps. Since this also requires maintaining two different code paths for 12 and 13 I'm at the moment voting for reverting this change. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-08-01 17:32:03 +02:00
Morris Jobke	84c22fdeef	Merge pull request #5907 from nextcloud/add-metadata-to-throttle-call Add metadata to \OCP\AppFramework\Http\Response::throttle	2017-08-01 14:43:47 +02:00
Morris Jobke	6010c4f267	Merge pull request #5877 from nextcloud/typehint_middleware Prop argument type for Middleware	2017-08-01 14:28:16 +02:00
Roeland Jago Douma	ede15f0988	Fix L10N::t Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-08-01 08:20:17 +02:00
Roeland Jago Douma	3548603a88	Fix middleware implementations signatures Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-07-31 16:54:19 +02:00
Lukas Reschke	f22ab3e665	Add metadata to \OCP\AppFramework\Http\Response::throttle Fixes https://github.com/nextcloud/server/issues/5891 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-07-27 14:17:45 +02:00
Roeland Jago Douma	5f227bd93b	More phpstorm inspection fixes Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-07-24 11:39:29 +02:00
Bjoern Schiessle	7c2d473d76	add new config switched for the global scale architecture Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	2017-05-29 18:19:28 +02:00
Joas Schilling	72c1b24844	Check whether the $_SERVER['REQUEST_*'] vars exist before using them Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-05-15 14:33:27 +02:00
coderkun	bdc7bb1f26	Add IPv6 to “localhost” regex (#440 ) Signed-off-by: Oliver Hanraths <olli@coderkun.de>	2017-05-14 21:29:03 +02:00
Joas Schilling	ca39940614	Automatic creation of Identity manager Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-05-10 09:45:11 +02:00
Morris Jobke	c54a59d51e	Remove unused use statements Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2017-04-22 19:23:31 -05:00
Roeland Jago Douma	d12ec7cff1	Revert "Match slashes in ../{id} resource routes" This reverts commit `31f9be7a75`. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-04-18 21:50:36 +02:00
Lukas Reschke	8149945a91	Make BruteForceProtection annotation more clever This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware. Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-04-13 23:05:33 +02:00
Morris Jobke	d0c0f6cfc1	Merge pull request #4326 from nextcloud/downstream-27562 Reorder the entries of the log for easier reading	2017-04-13 13:11:47 -05:00
Joas Schilling	695696a4a6	Use constants Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-04-13 12:04:32 -05:00
Lukas Reschke	a1ae5275f9	Move to dedicated MiddleWare Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-04-13 12:00:17 +02:00
Lukas Reschke	511524c668	Add isset() as it can be an empty result Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-04-13 12:00:17 +02:00
Lukas Reschke	d729bde98c	Register in ServerContainer Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-04-13 12:00:16 +02:00
Lukas Reschke	66835476b5	Add support for ratelimiting via annotations This allows adding rate limiting via annotations to controllers, as one example: ``` @UserRateThrottle(limit=5, period=100) @AnonRateThrottle(limit=1, period=100) ``` Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-04-13 12:00:16 +02:00
Juan Pablo Villafáñez	38e5135cb9	Reorder the entries of the log for easier reading	2017-04-12 13:03:19 +02:00
Morris Jobke	fa4107893d	Merge pull request #4138 from nextcloud/resources_match_fullid Match slashes in ../{id} resource routes	2017-04-04 15:52:53 -05:00
Roeland Jago Douma	31f9be7a75	Match slashes in ../{id} resource routes Fixes #2954 Before we could match on <prefix>/{id} however if the id contains a / this would not match properly. But since we define the resource routes internally we now make sure that we match all chars (up until the ?). Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-04-04 08:37:11 +02:00
Roeland Jago Douma	2a9192334e	Don't try to parse empty body if there is no body Fixes #3890 If we do a put request without a body the current code still tries to read the body. This patch makes sure that we do not try to read the body if the content length is 0. See RFC 2616 Section 4.3 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-04-04 08:22:33 +02:00
Joas Schilling	3f86f1276f	Also cache the namespace from appinfo Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-03-22 11:50:31 +01:00
Joas Schilling	5695a4ec92	Don't do a recursive search Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-03-22 10:44:13 +01:00
Joas Schilling	9208f6379c	buildAppNamespace already has the fallback Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-03-22 10:13:14 +01:00
Roeland Jago Douma	67909cf87b	Make DI work for all apps As stated in https://github.com/nextcloud/server/pull/3901#issuecomment-288135309 appid's don't have to match the namespace. Work around this Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-03-21 20:53:37 +01:00
Roeland Jago Douma	92f50c7d87	Core is also a special app Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-03-21 10:42:33 +01:00
Roeland Jago Douma	48c34522ed	Move a lot of stuff over to the ServerContainer Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-03-21 10:29:59 +01:00
Roeland Jago Douma	c92b9ce2c4	Fix settings tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-03-21 08:52:20 +01:00
Roeland Jago Douma	21641302a9	Add DI intergration tests * Moved some interface definitions to Server.php (more to come) * Build/Query only for existing classes in the AppContainer * Build/Query only for classes of the App in the AppContainer * Offload other stuff to the servercontainer Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-03-21 08:52:20 +01:00
Roeland Jago Douma	7cece61ff6	Extend DI tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-03-21 08:52:20 +01:00
Roeland Jago Douma	246e9ce547	More elegant handling of recursion Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-03-21 08:52:20 +01:00
Roeland Jago Douma	df14684817	PoC of moving the interface classes to the servercontainer Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-03-21 08:52:20 +01:00
Roeland Jago Douma	886202123c	Update query method for DIContainer To align with https://github.com/nextcloud/server/issues/2043#issuecomment-287348294 This would mean that AppContainers only hold the AppSpecific services Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-03-21 08:52:17 +01:00
Roeland Jago Douma	8626ccab1c	dont require strict same site cookies for ocs requests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-03-09 16:48:48 +01:00
Roeland Jago Douma	f8c459f1a4	Merge pull request #3607 from nextcloud/api-to-resend-welcome-message OCS API endpoint to resend welcome message	2017-03-03 13:50:30 +01:00
Sebastian Wessalowski	e399097e3a	Remove deprecated OC_User::isLoggedIn Signed-off-by: Sebastian Wessalowski <sebastian@wessalowski.org>	2017-03-02 22:59:39 +01:00
Morris Jobke	552921d429	Fix injection of defaults Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2017-02-28 16:30:34 -06:00
Morris Jobke	50f3efad6f	OCS API endpoint to resend welcome message * send a POST request to ocs/v1.php/cloud/users/USERNAME/resendWelcomeMessage to trigger the welcome message to be send * fixes #3367 example curl statement: curl -i https://example.org/ocs/v1.php/cloud/users/USERNAME/welcome -H "OCS-APIRequest: true" -u admin:password -X POST Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2017-02-28 16:30:33 -06:00
Joas Schilling	0be2921966	Fix DI of the cloud id manager into apps Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-02-14 12:47:46 +01:00
Morris Jobke	dfaaebd765	Merge pull request #3417 from nextcloud/push-notification Push notification	2017-02-10 16:00:47 -06:00
Joas Schilling	33fb86f68b	Fix detection of the new iOS app Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-02-10 10:10:21 +01:00
Joas Schilling	efdc51c155	Make sure to use the right appdata directory Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-02-09 15:03:00 +01:00
Christoph Wurst	5e728d0eda	oc_token should be nc_token Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2017-02-02 21:56:44 +01:00
Morris Jobke	5bad417e57	Merge pull request #2044 from nextcloud/login-credential-store Login credential store	2017-01-30 19:30:04 -06:00
Bjoern Schiessle	32e0ec3e58	handle optional annotation parameters Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	2017-01-18 15:25:16 +01:00
Joas Schilling	29a0a23918	Fix the regex for annotations with values Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-01-18 15:25:16 +01:00
Bjoern Schiessle	df296249d6	introduce brute force protection for api calls Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	2017-01-18 15:25:15 +01:00
Christoph Wurst	a6dca9e7a0	add login credential store Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2017-01-11 19:20:09 +01:00
Joas Schilling	bc3da3a8f5	Remove IDb interface which was deprecated for 3 years already Signed-off-by: Joas Schilling <coding@schilljs.com>	2016-12-14 11:42:16 +01:00
Joas Schilling	61e15988a0	Allow to overwrite the message which we already do in SubadminMiddleware Signed-off-by: Joas Schilling <coding@schilljs.com>	2016-12-08 16:23:49 +01:00
Morris Jobke	d86b29b42b	Merge pull request #2066 from nextcloud/fix-redirect-double-encoding do not double encode the redirect url	2016-11-29 17:21:43 +01:00
Joas Schilling	da9468522b	Add an event merger and use it for the files activities Signed-off-by: Joas Schilling <coding@schilljs.com>	2016-11-25 15:36:11 +01:00
Lukas Reschke	a05b8b7953	Harden cookies more appropriate This adds the __Host- prefix to the same-site cookies. This is a small but yet nice security hardening. See https://googlechrome.github.io/samples/cookie-prefixes/ for the implications. Fixes https://github.com/nextcloud/server/issues/1412 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2016-11-23 12:53:44 +01:00
Morris Jobke	332eaec4c0	Merge pull request #1447 from nextcloud/password-confirmation-for-some-actions Password confirmation for some actions	2016-11-18 15:42:30 +01:00
Joas Schilling	bb7787a157	Add the 15 seconds to the window, instead of removing Signed-off-by: Joas Schilling <coding@schilljs.com>	2016-11-18 12:10:51 +01:00
Joas Schilling	827b6a610e	Introduce PasswordConfirmRequired annotation Signed-off-by: Joas Schilling <coding@schilljs.com>	2016-11-18 11:57:16 +01:00
Robin Appelman	4235b18a88	allow passing a stream to StreamResponse Signed-off-by: Robin Appelman <robin@icewind.nl>	2016-11-16 15:30:36 +01:00
Roeland Jago Douma	f07d75a4dd	@since 9.2.0 to @since 11.0.0 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2016-11-15 18:51:52 +01:00
Christoph Wurst	0ebffa4a5f	do not double encode the redirect url Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2016-11-09 16:14:46 +01:00

1 2 3 4 5

225 Commits