Commit Graph

60 Commits

Author SHA1 Message Date
Roeland Jago Douma 3260f69590
Add for proper DI
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-05 11:00:16 +02:00
Lukas Reschke 598b243838 Merge pull request #1426 from nextcloud/sanitze_opt
Optimize sanitizeName
2016-09-26 14:10:50 +02:00
Joas Schilling d9063b6141
Use default value instead of throwing when the service could not be found 2016-09-20 13:26:06 +02:00
Roeland Jago Douma e200eda18d
Optimize sanitizeName 2016-09-16 09:52:52 +02:00
Roeland Jago Douma 7c078a81b4
Add trict CSP to OCS responses
If a repsonse now explicitly has the Empty CSP set then the middleware
won't touch it.
2016-09-15 13:11:36 +02:00
Roeland Jago Douma 959bf0d1a7
Cache the build ControllerName
Often a route.php file will have many N routes but only M controllers.
Where N >= M. Which means that in most cases the ControllerName will be
converted multiple times. This is of course far from ideal.

Note that this is per app so the cache will contain at most N entries.
Which is not to bad.
2016-09-11 13:25:32 +02:00
Roeland Jago Douma 240798329d
Set proper content type on OCS responses 2016-09-07 10:55:56 +02:00
Roeland Jago Douma 3c55fe6bab
Split OCS version handling
This cleans up a bit the OCSController/Middleware. Since the 2 versions
of OCS differ a bit. Moved a lot of stuff internal since it is of no
concern to the outside.
2016-09-06 11:57:39 +02:00
Roeland Jago Douma 7f84f05e4d
Cache parsing of info.xml 2016-09-02 09:03:09 +02:00
Roeland Jago Douma 21a87d3c2e
No body or content-length for 204 and 304 responses
See: https://tools.ietf.org/html/rfc7230#section-3.3
2016-08-31 23:07:48 +02:00
Joas Schilling f9cea0b582 Merge pull request #797 from nextcloud/only-match-for-auth-cookie
Match only for actual session cookie
2016-08-31 15:59:16 +02:00
Lukas Reschke d50e7ee36c
Remove reading PATH_INFO from server variable
Having two code paths for this is unreliable and can lead to bugs. Also, in some cases Apache isn't setting the PATH_INFO variable when mod_rewrite is used.

Fixes https://github.com/nextcloud/server/issues/983
2016-08-19 14:48:13 +02:00
Joas Schilling 027069cbae Merge pull request #846 from nextcloud/provisioning_api_ocs
Move Provisioning API to the AppFramework
2016-08-17 10:23:13 +02:00
Marius Blüm c1632c3abd Merge pull request #893 from nextcloud/ie8_be_gone
IE8 be gone!
2016-08-17 09:02:58 +02:00
Roeland Jago Douma 8f3dc0ba43
Remove IE_8 user agent string 2016-08-16 21:01:32 +02:00
Arthur Schiwon 75a73a5a73
satisfy dependencies for files_external 2016-08-15 13:38:02 +02:00
Roeland Jago Douma e3b0e50dda
Extend OCSMiddleware
* Always set 401 (v1.php and v2.php)
* Set proper error codes for v2.php
* Proper OCS output on unhandled exceptions
2016-08-14 18:34:01 +02:00
Roeland Jago Douma deba0f9922
Move OCS Middleware before security middleware
This is required to be able to catch the NotLoggedIn exceptions etc in
the OCSMiddleware and convert them to proper OCS Responses.
2016-08-14 18:34:01 +02:00
Arthur Schiwon 8188bb4509
simplify encryption manager fetching in DIContainer 2016-08-13 01:26:11 +02:00
Lukas Reschke 8261ccce1b
Merge branch 'master' into implement_712 2016-08-11 19:37:17 +02:00
Arthur Schiwon a2f752bcf3
adjust files_external 2016-08-11 15:50:31 +02:00
Arthur Schiwon 1eb8b951c2
more admin page splitup improvements
* bump version to ensure tables are created
* make updatenotification app use settings api
* change IAdmin::render() to getForm() and change return type from Template to TemplateResponse
* adjust User_LDAP accordingly, as well as built-in forms
* add IDateTimeFormatter to AppFramework/DependencyInjection/DIContainer.php. This is important so that \OC::$server->query() is able to resolve the
constructor parameters. We should ensure that all OCP/* stuff that is available from \OC::$server is available here. Kudos to @LukasReschke
* make sure apps that have settings info in their info.xml are loaded before triggering adding the settings setup method
2016-08-10 15:21:25 +02:00
Lukas Reschke 5214b62d55 Merge pull request #691 from nextcloud/ocs_allow_all_old_routes
Allow ocs/v2.php/cloud/... routes
2016-08-09 20:52:49 +02:00
Lukas Reschke b53ea18ea5
Match only for actual session cookie
OVH has implemented load balancing in a very questionable way where the reverse proxy actually internally adds some cookies which would trigger a security exception. To work around this, this change only checks for the session cookie.
2016-08-09 19:23:08 +02:00
Roeland Jago Douma 0032a5c2d1
Hanlde Core and Settings app in AppFramework
'core' and 'settings' are just apps but we treat them slightly
different. Make sure that we construct the correct namespace so we can
actually do automatic AppFramework stuff.
2016-08-08 20:48:16 +02:00
Roeland Jago Douma 63f6d2d558
Allow ocs/v2.php/cloud/... routes
One of the possibilities of the old OCS API is that you can define the
url yourself.

This PR makes this possible again by adding an optional root elemenet to
the route. Routes are thus:

.../ocs/v2.php/<root>/<url>

By default <root> = apps/<app>

This will allow for example the provisioning API etc to be in
../ovs/v2/php/cloud/users
2016-08-08 15:01:26 +02:00
Roeland Jago Douma 5c718b13b8
We should properly check for 'true' instaed of the bool 2016-08-01 08:52:50 +02:00
Roeland Jago Douma f7f5216aa3
Dark hackery to not always disable CSRF for OCS controllers 2016-07-29 15:49:27 +02:00
Roeland Jago Douma 8bdd0adcee
Support subdir in the OCS v2 endpoint
We should check against the ending substring since people could
run their nextcloud in a subfolder.

* Added test
2016-07-27 15:28:35 +02:00
Joas Schilling da97a69148
Allow DI of the workflow manager by the OCP interface 2016-07-27 11:46:09 +02:00
Morris Jobke e51afa1684 Merge pull request #509 from nextcloud/appframework_magic_allow_default_vars
AppFramework add default values (ApiController) as parameters
2016-07-25 13:18:53 +02:00
Roeland Jago Douma b543fd8d30
Set proper status code in OCS AppFramework Middleware 2016-07-22 12:53:47 +02:00
Roeland Jago Douma 1b73a63041
Inject parameters 2016-07-22 10:12:26 +02:00
Morris Jobke 8c7d7d7746 Merge pull request #507 from nextcloud/run-le-script
Update emails and license headers with latest changes
2016-07-21 23:27:15 +02:00
Lukas Reschke 562e63cf69 Merge pull request #480 from nextcloud/fix_ocs_response_format
AppFramework default response for OCS is xml
2016-07-21 19:52:17 +02:00
Joas Schilling 0215b004da
Update with robin 2016-07-21 18:13:58 +02:00
Joas Schilling ba87db3fcc
Fix others 2016-07-21 18:13:57 +02:00
Lukas Reschke c385423d10 Merge pull request #479 from nextcloud/add-bruteforce-throttler
Implement brute force protection
2016-07-21 00:31:02 +02:00
Lukas Reschke ba4f12baa0
Implement brute force protection
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.

It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
2016-07-20 22:08:56 +02:00
Roeland Jago Douma e42f2f2650
AppFramework do not get default response
The OCSResponse differs from other responses in that it defaults to
XML. However we fell back to json by default.

This makes sure that if nothing is set we don't pass anything.
Which defaults then to the controllers default (which is often 'json')
but in the case of the OCSResponse 'xml'.
2016-07-20 22:05:43 +02:00
Lukas Reschke 020a2a6958 Merge pull request #476 from nextcloud/port-same-site-cookies
[master] Port Same-Site Cookies to master
2016-07-20 21:35:02 +02:00
Roeland Jago Douma ea47974a08
Add OCSMiddleware to catch OCS exceptions
* OCSException
* OCSBadRequestException
* OCSForbiddenException
* OCSNotFoundException
2016-07-20 20:03:49 +02:00
Lukas Reschke a299fa38a9
[master] Port Same-Site Cookies to master
Fixes https://github.com/nextcloud/server/issues/50
2016-07-20 18:37:57 +02:00
Roeland Douma 13a25535d2 Merge pull request #400 from nextcloud/ocs_appframework
OCS routes use AppFramework
2016-07-19 12:21:14 +02:00
Joas Schilling b1d652e8b0
Copy the regexes to the public interface 2016-07-18 15:11:44 +02:00
Roeland Jago Douma 0bda09236e
Add route tests 2016-07-18 11:09:49 +02:00
Roeland Jago Douma 1ff4b7f63d
Allow registering of OCS routes with the appframework 2016-07-18 11:09:04 +02:00
Christoph Wurst 82b50d126c
add PasswordLoginForbiddenException 2016-06-17 11:02:07 +02:00
Christoph Wurst 331d88bcab
create session token on all APIs 2016-06-13 15:38:34 +02:00
Christoph Wurst 9997c431c3
use client login method on CORS routes 2016-06-08 15:18:53 +02:00