nextcloud

Commit Graph

Author	SHA1	Message	Date
Morris Jobke	c54a59d51e	Remove unused use statements Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2017-04-22 19:23:31 -05:00
Roeland Jago Douma	d12ec7cff1	Revert "Match slashes in ../{id} resource routes" This reverts commit `31f9be7a75`. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-04-18 21:50:36 +02:00
Lukas Reschke	8149945a91	Make BruteForceProtection annotation more clever This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware. Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-04-13 23:05:33 +02:00
Morris Jobke	d0c0f6cfc1	Merge pull request #4326 from nextcloud/downstream-27562 Reorder the entries of the log for easier reading	2017-04-13 13:11:47 -05:00
Joas Schilling	695696a4a6	Use constants Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-04-13 12:04:32 -05:00
Lukas Reschke	a1ae5275f9	Move to dedicated MiddleWare Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-04-13 12:00:17 +02:00
Lukas Reschke	511524c668	Add isset() as it can be an empty result Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-04-13 12:00:17 +02:00
Lukas Reschke	d729bde98c	Register in ServerContainer Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-04-13 12:00:16 +02:00
Lukas Reschke	66835476b5	Add support for ratelimiting via annotations This allows adding rate limiting via annotations to controllers, as one example: ``` @UserRateThrottle(limit=5, period=100) @AnonRateThrottle(limit=1, period=100) ``` Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-04-13 12:00:16 +02:00
Juan Pablo Villafáñez	38e5135cb9	Reorder the entries of the log for easier reading	2017-04-12 13:03:19 +02:00
Morris Jobke	fa4107893d	Merge pull request #4138 from nextcloud/resources_match_fullid Match slashes in ../{id} resource routes	2017-04-04 15:52:53 -05:00
Roeland Jago Douma	31f9be7a75	Match slashes in ../{id} resource routes Fixes #2954 Before we could match on <prefix>/{id} however if the id contains a / this would not match properly. But since we define the resource routes internally we now make sure that we match all chars (up until the ?). Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-04-04 08:37:11 +02:00
Roeland Jago Douma	2a9192334e	Don't try to parse empty body if there is no body Fixes #3890 If we do a put request without a body the current code still tries to read the body. This patch makes sure that we do not try to read the body if the content length is 0. See RFC 2616 Section 4.3 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-04-04 08:22:33 +02:00
Joas Schilling	3f86f1276f	Also cache the namespace from appinfo Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-03-22 11:50:31 +01:00
Joas Schilling	5695a4ec92	Don't do a recursive search Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-03-22 10:44:13 +01:00
Joas Schilling	9208f6379c	buildAppNamespace already has the fallback Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-03-22 10:13:14 +01:00
Roeland Jago Douma	67909cf87b	Make DI work for all apps As stated in https://github.com/nextcloud/server/pull/3901#issuecomment-288135309 appid's don't have to match the namespace. Work around this Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-03-21 20:53:37 +01:00
Roeland Jago Douma	92f50c7d87	Core is also a special app Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-03-21 10:42:33 +01:00
Roeland Jago Douma	48c34522ed	Move a lot of stuff over to the ServerContainer Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-03-21 10:29:59 +01:00
Roeland Jago Douma	c92b9ce2c4	Fix settings tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-03-21 08:52:20 +01:00
Roeland Jago Douma	21641302a9	Add DI intergration tests * Moved some interface definitions to Server.php (more to come) * Build/Query only for existing classes in the AppContainer * Build/Query only for classes of the App in the AppContainer * Offload other stuff to the servercontainer Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-03-21 08:52:20 +01:00
Roeland Jago Douma	7cece61ff6	Extend DI tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-03-21 08:52:20 +01:00
Roeland Jago Douma	246e9ce547	More elegant handling of recursion Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-03-21 08:52:20 +01:00
Roeland Jago Douma	df14684817	PoC of moving the interface classes to the servercontainer Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-03-21 08:52:20 +01:00
Roeland Jago Douma	886202123c	Update query method for DIContainer To align with https://github.com/nextcloud/server/issues/2043#issuecomment-287348294 This would mean that AppContainers only hold the AppSpecific services Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-03-21 08:52:17 +01:00
Roeland Jago Douma	8626ccab1c	dont require strict same site cookies for ocs requests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-03-09 16:48:48 +01:00
Roeland Jago Douma	f8c459f1a4	Merge pull request #3607 from nextcloud/api-to-resend-welcome-message OCS API endpoint to resend welcome message	2017-03-03 13:50:30 +01:00
Sebastian Wessalowski	e399097e3a	Remove deprecated OC_User::isLoggedIn Signed-off-by: Sebastian Wessalowski <sebastian@wessalowski.org>	2017-03-02 22:59:39 +01:00
Morris Jobke	552921d429	Fix injection of defaults Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2017-02-28 16:30:34 -06:00
Morris Jobke	50f3efad6f	OCS API endpoint to resend welcome message * send a POST request to ocs/v1.php/cloud/users/USERNAME/resendWelcomeMessage to trigger the welcome message to be send * fixes #3367 example curl statement: curl -i https://example.org/ocs/v1.php/cloud/users/USERNAME/welcome -H "OCS-APIRequest: true" -u admin:password -X POST Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2017-02-28 16:30:33 -06:00
Joas Schilling	0be2921966	Fix DI of the cloud id manager into apps Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-02-14 12:47:46 +01:00
Morris Jobke	dfaaebd765	Merge pull request #3417 from nextcloud/push-notification Push notification	2017-02-10 16:00:47 -06:00
Joas Schilling	33fb86f68b	Fix detection of the new iOS app Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-02-10 10:10:21 +01:00
Joas Schilling	efdc51c155	Make sure to use the right appdata directory Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-02-09 15:03:00 +01:00
Christoph Wurst	5e728d0eda	oc_token should be nc_token Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2017-02-02 21:56:44 +01:00
Morris Jobke	5bad417e57	Merge pull request #2044 from nextcloud/login-credential-store Login credential store	2017-01-30 19:30:04 -06:00
Bjoern Schiessle	32e0ec3e58	handle optional annotation parameters Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	2017-01-18 15:25:16 +01:00
Joas Schilling	29a0a23918	Fix the regex for annotations with values Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-01-18 15:25:16 +01:00
Bjoern Schiessle	df296249d6	introduce brute force protection for api calls Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	2017-01-18 15:25:15 +01:00
Christoph Wurst	a6dca9e7a0	add login credential store Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2017-01-11 19:20:09 +01:00
Joas Schilling	bc3da3a8f5	Remove IDb interface which was deprecated for 3 years already Signed-off-by: Joas Schilling <coding@schilljs.com>	2016-12-14 11:42:16 +01:00
Joas Schilling	61e15988a0	Allow to overwrite the message which we already do in SubadminMiddleware Signed-off-by: Joas Schilling <coding@schilljs.com>	2016-12-08 16:23:49 +01:00
Morris Jobke	d86b29b42b	Merge pull request #2066 from nextcloud/fix-redirect-double-encoding do not double encode the redirect url	2016-11-29 17:21:43 +01:00
Joas Schilling	da9468522b	Add an event merger and use it for the files activities Signed-off-by: Joas Schilling <coding@schilljs.com>	2016-11-25 15:36:11 +01:00
Lukas Reschke	a05b8b7953	Harden cookies more appropriate This adds the __Host- prefix to the same-site cookies. This is a small but yet nice security hardening. See https://googlechrome.github.io/samples/cookie-prefixes/ for the implications. Fixes https://github.com/nextcloud/server/issues/1412 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2016-11-23 12:53:44 +01:00
Morris Jobke	332eaec4c0	Merge pull request #1447 from nextcloud/password-confirmation-for-some-actions Password confirmation for some actions	2016-11-18 15:42:30 +01:00
Joas Schilling	bb7787a157	Add the 15 seconds to the window, instead of removing Signed-off-by: Joas Schilling <coding@schilljs.com>	2016-11-18 12:10:51 +01:00
Joas Schilling	827b6a610e	Introduce PasswordConfirmRequired annotation Signed-off-by: Joas Schilling <coding@schilljs.com>	2016-11-18 11:57:16 +01:00
Robin Appelman	4235b18a88	allow passing a stream to StreamResponse Signed-off-by: Robin Appelman <robin@icewind.nl>	2016-11-16 15:30:36 +01:00
Roeland Jago Douma	f07d75a4dd	@since 9.2.0 to @since 11.0.0 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2016-11-15 18:51:52 +01:00

1 2 3

126 Commits