mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
42,438 Commits 349 Branches 696 Tags 1.6 GiB
Commit Graph

160 Commits

Author SHA1 Message Date
Morris Jobke d3d045dd5c
Remove unused import statements 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-02-14 16:55:43 +01:00
Morris Jobke 01482b32a1
Merge pull request #8062 from nextcloud/use-class 
Use ::class statement instead of string
 2018-01-29 15:25:08 +01:00
Roeland Jago Douma c0adfa4375
Don't perform CSRF check on OCS routes with Bearer auth 
Fixes #5694

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-01-29 14:37:18 +01:00
Morris Jobke eb51f06a3b
Use ::class statement instead of string 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-01-29 12:03:47 +01:00
Morris Jobke 870fe20acc
Use $var[] = $a instead of array_push - 2x faster 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-01-25 22:36:03 +01:00
Morris Jobke 2a38605545
Properly log the full exception instead of only the message 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-01-23 10:57:21 +01:00
Morris Jobke 4ef302c0be
Request->getHeader() should always return a string 
PHPDoc (of the public API) says that this method returns string but it also returns null, which is not allowed in some method calls. This fixes that behaviour and returns an empty string and fixes all code paths that explicitly checked for null to be still compliant.

Found while enabling the strict_typing for lib/private for the PHP7+ migration.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-01-17 09:51:31 +01:00
Joas Schilling 7bc9a69c3f
Remove deprecated core API 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2018-01-15 17:54:50 +01:00
Roeland Jago Douma d44de92c31
Merge pull request #7838 from nextcloud/timefactory_strict 
Make the ITimeFactory strict + return types
 2018-01-15 09:27:37 +01:00
Roeland Jago Douma 7ffd62bf95
Make the ITimeFactory strict + return types 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-01-14 21:55:40 +01:00
Roeland Jago Douma 704133d732
Remove deprecated functions from DI Container 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-01-13 19:29:52 +01:00
Roeland Jago Douma 57050146f6
Move passwordconfirmation to its own midleware 
Add tests

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-01-02 21:58:14 +01:00
Bjoern Schiessle 1bcbeb24bc
disable password confirmation with SSO 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2018-01-02 20:30:37 +01:00
Roeland Jago Douma ca70694502
Also check for empty content lenth 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-12-14 21:48:59 +01:00
Morris Jobke 31c5c2a592
Change @georgehrke's email 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-11-06 20:38:59 +01:00
Morris Jobke 0eebff152a
Update license headers 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-11-06 16:56:19 +01:00
Roeland Jago Douma b88db3a389 Merge pull request #6921 from nextcloud/appmanager-securitymiddleware 
Use proper DI for security middleware for app enabled check
 2017-10-24 19:58:24 +02:00
Morris Jobke ce0c45a4ea
Use proper DI for security middleware for app enabled check 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-10-24 15:36:28 +02:00
Julius Härtl 4cfa1c66b8
Doc: Fix phpDoc issues 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2017-10-23 23:23:56 +02:00
Roeland Jago Douma c257cd57d4
Handle SameSiteCookie check for index.php in AppFramework Middleware 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-09-24 21:07:16 +02:00
Joas Schilling c4b3198ac2
Rethrow the correct exception when there was an error in an app container 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-09-12 11:54:13 +02:00
Bjoern Schiessle 9524badccc
extend the identity proof manager to allow system wide key pairs 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2017-08-10 14:27:35 +02:00
Roeland Jago Douma 9717cdfb9e
If there is no content don't error 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-08-09 15:51:13 +02:00
Lukas Reschke f93a82b8b0
Remove explicit type hints for Controller 
This is public API and breaks the middlewares of existing apps. Since this also requires maintaining two different code paths for 12 and 13 I'm at the moment voting for reverting this change.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-08-01 17:32:03 +02:00
Morris Jobke 84c22fdeef Merge pull request #5907 from nextcloud/add-metadata-to-throttle-call 
Add metadata to \OCP\AppFramework\Http\Response::throttle
 2017-08-01 14:43:47 +02:00
Morris Jobke 6010c4f267 Merge pull request #5877 from nextcloud/typehint_middleware 
Prop argument type for Middleware
 2017-08-01 14:28:16 +02:00
Roeland Jago Douma ede15f0988
Fix L10N::t 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-08-01 08:20:17 +02:00
Roeland Jago Douma 3548603a88
Fix middleware implementations signatures 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-07-31 16:54:19 +02:00
Lukas Reschke f22ab3e665
Add metadata to \OCP\AppFramework\Http\Response::throttle 
Fixes https://github.com/nextcloud/server/issues/5891

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-07-27 14:17:45 +02:00
Roeland Jago Douma 5f227bd93b
More phpstorm inspection fixes 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-07-24 11:39:29 +02:00
Bjoern Schiessle 7c2d473d76
add new config switched for the global scale architecture 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2017-05-29 18:19:28 +02:00
Joas Schilling 72c1b24844
Check whether the $_SERVER['REQUEST_*'] vars exist before using them 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-05-15 14:33:27 +02:00
coderkun bdc7bb1f26 Add IPv6 to “localhost” regex (#440) 
Signed-off-by: Oliver Hanraths <olli@coderkun.de>
 2017-05-14 21:29:03 +02:00
Joas Schilling ca39940614
Automatic creation of Identity manager 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-05-10 09:45:11 +02:00
Morris Jobke c54a59d51e
Remove unused use statements 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-04-22 19:23:31 -05:00
Roeland Jago Douma d12ec7cff1
Revert "Match slashes in ../{id} resource routes" 
This reverts commit 31f9be7a75.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-04-18 21:50:36 +02:00
Lukas Reschke 8149945a91
Make BruteForceProtection annotation more clever 
This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware.

Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-04-13 23:05:33 +02:00
Morris Jobke d0c0f6cfc1 Merge pull request #4326 from nextcloud/downstream-27562 
Reorder the entries of the log for easier reading
 2017-04-13 13:11:47 -05:00
Joas Schilling 695696a4a6
Use constants 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-04-13 12:04:32 -05:00
Lukas Reschke a1ae5275f9
Move to dedicated MiddleWare 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-04-13 12:00:17 +02:00
Lukas Reschke 511524c668
Add isset() as it can be an empty result 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-04-13 12:00:17 +02:00
Lukas Reschke d729bde98c
Register in ServerContainer 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-04-13 12:00:16 +02:00
Lukas Reschke 66835476b5
Add support for ratelimiting via annotations 
This allows adding rate limiting via annotations to controllers, as one example:

```
@UserRateThrottle(limit=5, period=100)
@AnonRateThrottle(limit=1, period=100)
```

Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-04-13 12:00:16 +02:00
Juan Pablo Villafáñez 38e5135cb9
Reorder the entries of the log for easier reading 2017-04-12 13:03:19 +02:00
Morris Jobke fa4107893d Merge pull request #4138 from nextcloud/resources_match_fullid 
Match slashes in ../{id} resource routes
 2017-04-04 15:52:53 -05:00
Roeland Jago Douma 31f9be7a75
Match slashes in ../{id} resource routes 
Fixes #2954

Before we could match on <prefix>/{id} however if the id contains a /
this would not match properly. But since we define the resource routes
internally we now make sure that we match all chars (up until the ?).

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-04-04 08:37:11 +02:00
Roeland Jago Douma 2a9192334e
Don't try to parse empty body if there is no body 
Fixes #3890

If we do a put request without a body the current code still tries to
read the body. This patch makes sure that we do not try to read the body
if the content length is 0.

See RFC 2616 Section 4.3

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-04-04 08:22:33 +02:00
Joas Schilling 3f86f1276f
Also cache the namespace from appinfo 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-03-22 11:50:31 +01:00
Joas Schilling 5695a4ec92
Don't do a recursive search 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-03-22 10:44:13 +01:00
Joas Schilling 9208f6379c
buildAppNamespace already has the fallback 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-03-22 10:13:14 +01:00