nextcloud

Commit Graph

Author	SHA1	Message	Date
Morris Jobke	1d290e15e8	Use assertStringContainsString instead of assertContains on strings Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2020-07-23 20:26:44 +00:00
Joas Schilling	a471dba6e1	Fix IPv6 remote addresses from X_FORWARDED_FOR headers before validating Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-07-02 10:09:45 +00:00
Roeland Jago Douma	c21a976bc4	Allow to specify the cookie type for appframework responses In general it is good to set them to Lax. But also to give devs more control over them is not a bad thing. Helps with #21474 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2020-06-22 11:02:50 +00:00
Clement Wong	21f8cc584c	Fix http cache test Signed-off-by: Clement Wong <git@clement.hk>	2020-05-13 06:34:22 +00:00
Christoph Wurst	1584c9ae9c	Add visibility to all methods and position of static keyword Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-10 16:51:06 +02:00
Christoph Wurst	caff1023ea	Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-10 14:19:56 +02:00
Christoph Wurst	14c996d982	Use elseif instead of else if Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-10 10:35:09 +02:00
Christoph Wurst	44577e4345	Remove trailing and in between spaces Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-09 16:07:47 +02:00
Christoph Wurst	afbd9c4e6e	Unify function spacing to PSR2 recommendation Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-09 13:54:22 +02:00
Christoph Wurst	2a529e453a	Use a blank line after the opening tag Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-09 11:50:14 +02:00
Christoph Wurst	41b5e5923a	Use exactly one empty line after the namespace declaration For PSR2 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-09 11:48:10 +02:00
Christoph Wurst	2fbad1ed72	Fix (array) indent style to always use one tab Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-09 10:16:08 +02:00
Christoph Wurst	463b388589	Merge pull request #20170 from nextcloud/techdebt/remove-unused-imports Remove unused imports	2020-03-27 17:14:08 +01:00
Christoph Wurst	b80ebc9674	Use the short array syntax, everywhere Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-03-26 16:34:56 +01:00
Christoph Wurst	2ee65f177e	Use the shorter phpunit syntax for mocked return values Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-03-25 22:21:27 +01:00
Christoph Wurst	74936c49ea	Remove unused imports Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-03-25 22:08:08 +01:00
Daniel Kesselberg	8331d8296b	Make getServerHost more robust to faulty user input Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2020-01-16 11:26:29 +01:00
Daniel Kesselberg	d393b1612b	Modify regex to match some other chromium browsers Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2019-12-27 17:24:52 +01:00
Roeland Jago Douma	3a7cf40aaa	Mode to modern phpunit Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-11-27 15:27:18 +01:00
Roeland Jago Douma	c007ca624f	Make phpunit8 compatible Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-11-27 13:34:41 +01:00
Roeland Jago Douma	68748d4f85	Some php-cs fixes * Order the imports * No leading slash on imports * Empty line before namespace * One line per import * Empty after imports * Emmpty line at bottom of file Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-11-22 20:52:10 +01:00
Roeland Jago Douma	f81817b47d	Add tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-08-10 19:40:13 +02:00
Roeland Jago Douma	b8c5008acf	Add feature policy header This adds the events and the classes to modify the feature policy. It also adds a default restricted feature policy. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-08-10 14:26:22 +02:00
Roeland Jago Douma	cf647451e5	Update CSP test cases to handle the new form-action Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-07-31 15:16:10 +02:00
Roeland Jago Douma	7276735eb4	Set empty CSP by default For #14179 By default responses should have the strictest (and simplest) CSP possible. Only template responses should require an actual CSP. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-04-16 14:09:39 +02:00
Roeland Jago Douma	ad676c0102	Set default frame-ancestors to 'self' For #13042 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-01-08 15:36:40 +01:00
Roeland Jago Douma	64244e1a4f	CSP: Allow fonts to be provided in data Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-01-07 15:07:06 +01:00
Roeland Jago Douma	514426e27d	Only trust the X-FORWARDED-HOST header for trusted proxies Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-12-17 15:54:45 +01:00
Oliver Wegner	401ca28f07	Adding handling of CIDR notation to trusted_proxies for IPv4 Signed-off-by: Oliver Wegner <void1976@gmail.com>	2018-10-30 09:15:42 +01:00
Roeland Jago Douma	579822b6a5	Add report-uri to CSP Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-10-21 13:38:32 +02:00
Roeland Jago Douma	5b61ef9213	Disallow unsafe-eval by default Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-10-14 20:45:34 +02:00
Roeland Jago Douma	a34495933e	Move caching logic to response This avoids having to do it at all the places we want cached responses. We can't inject the ITimeFactor without breaking public API. However we can perfectly overwrite the service (resulting in the same testable effect). Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-06-04 08:48:54 +02:00
Roeland Jago Douma	d179186430	Remove testcase Since a token now always requires a string we don't need to test for null Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-03-05 16:14:46 +01:00
Julius Härtl	5a4aa2b7dd	Add test for PublicTemplateResponse Signed-off-by: Julius Härtl <jus@bitgrid.net>	2018-02-27 12:25:53 +01:00
Roeland Jago Douma	0ee45d3d20	Fix proper types Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-02-22 15:51:19 +01:00
Roeland Jago Douma	ca9f364fd4	Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-02-21 10:55:52 +01:00
Joas Schilling	870023365c	Fix "Undefined method setExpectedException()" Signed-off-by: Joas Schilling <coding@schilljs.com>	2018-01-24 18:10:16 +01:00
Morris Jobke	c70927eaa0	Remove not needed 3rdparty app disabling during upgrade for PHP 5.x Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2018-01-19 14:00:27 +01:00
Joas Schilling	7bc9a69c3f	Remove deprecated core API Signed-off-by: Joas Schilling <coding@schilljs.com>	2018-01-15 17:54:50 +01:00
Bjoern Schiessle	f0202245ee	allow 'Nextcloud' in the user agent string of Android Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	2017-12-12 12:16:01 +01:00
Morris Jobke	43e498844e	Use ::class in test mocks Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2017-10-24 17:45:32 +02:00
Roeland Jago Douma	c257cd57d4	Handle SameSiteCookie check for index.php in AppFramework Middleware Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-09-24 21:07:16 +02:00
Thomas Citharel	ecf347bd1a	Add CSP frame-ancestors support Didn't set the @since annotation yet. Signed-off-by: Thomas Citharel <tcit@tcit.fr>	2017-09-15 15:23:10 +02:00
Lukas Reschke	f22ab3e665	Add metadata to \OCP\AppFramework\Http\Response::throttle Fixes https://github.com/nextcloud/server/issues/5891 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-07-27 14:17:45 +02:00
Lukas Reschke	8149945a91	Make BruteForceProtection annotation more clever This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware. Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-04-13 23:05:33 +02:00
Roeland Jago Douma	2a9192334e	Don't try to parse empty body if there is no body Fixes #3890 If we do a put request without a body the current code still tries to read the body. This patch makes sure that we do not try to read the body if the content length is 0. See RFC 2616 Section 4.3 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-04-04 08:22:33 +02:00
Morris Jobke	f9bc53146d	Fix unit tests Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2017-03-28 21:00:12 -06:00
Lukas Reschke	5f8f29508f	Adjust tests to include base-uri Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-03-16 18:12:10 +01:00
Lukas Reschke	adfd1e63f6	Add base-uri to CSP policy As per https://twitter.com/we1x/status/842032709543333890 a nice security hardening Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-03-16 15:16:20 +01:00
Robin Appelman	9a8cef965f	add test for skipping cookie checks for ocs Signed-off-by: Robin Appelman <robin@icewind.nl>	2017-03-10 14:11:00 +01:00

1 2

64 Commits