Commit Graph

25 Commits

Author SHA1 Message Date
Roeland Jago Douma 777c3ee325
Add FileDisplayResponse
A lazy implementation of the DisplayResponse that only hits the
filesystem if the etag and mtime do not match.
2016-09-05 15:09:54 +02:00
Roeland Jago Douma 21a87d3c2e
No body or content-length for 204 and 304 responses
See: https://tools.ietf.org/html/rfc7230#section-3.3
2016-08-31 23:07:48 +02:00
Joas Schilling f9cea0b582 Merge pull request #797 from nextcloud/only-match-for-auth-cookie
Match only for actual session cookie
2016-08-31 15:59:16 +02:00
Lukas Reschke d50e7ee36c
Remove reading PATH_INFO from server variable
Having two code paths for this is unreliable and can lead to bugs. Also, in some cases Apache isn't setting the PATH_INFO variable when mod_rewrite is used.

Fixes https://github.com/nextcloud/server/issues/983
2016-08-19 14:48:13 +02:00
Roeland Jago Douma a0b22227fc
Add tests 2016-08-14 18:34:01 +02:00
Roeland Jago Douma 1f370c97ed
OCSController requires DataResponse
The OCS Controller requires a DataResponse object to be returned.
This means that all error handling will have to be done via exceptions
thrown and handling in the middleware.
2016-08-10 12:40:26 +02:00
Lukas Reschke 5214b62d55 Merge pull request #691 from nextcloud/ocs_allow_all_old_routes
Allow ocs/v2.php/cloud/... routes
2016-08-09 20:52:49 +02:00
Lukas Reschke b53ea18ea5
Match only for actual session cookie
OVH has implemented load balancing in a very questionable way where the reverse proxy actually internally adds some cookies which would trigger a security exception. To work around this, this change only checks for the session cookie.
2016-08-09 19:23:08 +02:00
Roeland Jago Douma 0032a5c2d1
Hanlde Core and Settings app in AppFramework
'core' and 'settings' are just apps but we treat them slightly
different. Make sure that we construct the correct namespace so we can
actually do automatic AppFramework stuff.
2016-08-08 20:48:16 +02:00
Roeland Jago Douma 63f6d2d558
Allow ocs/v2.php/cloud/... routes
One of the possibilities of the old OCS API is that you can define the
url yourself.

This PR makes this possible again by adding an optional root elemenet to
the route. Routes are thus:

.../ocs/v2.php/<root>/<url>

By default <root> = apps/<app>

This will allow for example the provisioning API etc to be in
../ovs/v2/php/cloud/users
2016-08-08 15:01:26 +02:00
Roeland Jago Douma 5c718b13b8
We should properly check for 'true' instaed of the bool 2016-08-01 08:52:50 +02:00
Roeland Jago Douma f7f5216aa3
Dark hackery to not always disable CSRF for OCS controllers 2016-07-29 15:49:27 +02:00
Roeland Jago Douma 8bdd0adcee
Support subdir in the OCS v2 endpoint
We should check against the ending substring since people could
run their nextcloud in a subfolder.

* Added test
2016-07-27 15:28:35 +02:00
Roeland Jago Douma 72b06d250d
Add tests 2016-07-22 12:53:47 +02:00
Lukas Reschke c385423d10 Merge pull request #479 from nextcloud/add-bruteforce-throttler
Implement brute force protection
2016-07-21 00:31:02 +02:00
Lukas Reschke ba4f12baa0
Implement brute force protection
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.

It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
2016-07-20 22:08:56 +02:00
Lukas Reschke 020a2a6958 Merge pull request #476 from nextcloud/port-same-site-cookies
[master] Port Same-Site Cookies to master
2016-07-20 21:35:02 +02:00
Roeland Jago Douma 5f32b57332
Add unit tests 2016-07-20 20:03:49 +02:00
Lukas Reschke a299fa38a9
[master] Port Same-Site Cookies to master
Fixes https://github.com/nextcloud/server/issues/50
2016-07-20 18:37:57 +02:00
Roeland Jago Douma 0bda09236e
Add route tests 2016-07-18 11:09:49 +02:00
Roeland Jago Douma 937c9519d6
Mock logger 2016-07-11 08:50:30 +02:00
Roeland Jago Douma 2fa9e67294
Fix phpunit-5.4 wargning
* getMock is deprecated.
* \PDOStatement mocking fails hard on phpunit 4.8
2016-07-11 08:50:07 +02:00
Christoph Wurst 82b50d126c
add PasswordLoginForbiddenException 2016-06-17 11:02:07 +02:00
Christoph Wurst 9997c431c3
use client login method on CORS routes 2016-06-08 15:18:53 +02:00
Joas Schilling 94ad54ec9b Move tests/ to PSR-4 (#24731)
* Move a-b to PSR-4

* Move c-d to PSR-4

* Move e+g to PSR-4

* Move h-l to PSR-4

* Move m-r to PSR-4

* Move s-u to PSR-4

* Move files/ to PSR-4

* Move remaining tests to PSR-4

* Remove Test\ from old autoloader
2016-05-20 15:38:20 +02:00