nextcloud

Commit Graph

Author	SHA1	Message	Date
Roeland Jago Douma	bb0c7b2943	Make AppFramework/Http/Dispatcher strict Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-02-21 08:51:46 +01:00
Roeland Jago Douma	cf83eb5e77	Merge pull request #8336 from nextcloud/cleanup-unused-parameter Cleanup unused parameter	2018-02-20 10:16:59 +01:00
Morris Jobke	d3d045dd5c	Remove unused import statements Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2018-02-14 16:55:43 +01:00
Morris Jobke	d18d323f21	Remove fromMailAddress from MailSettingsController Was removed in https://github.com/nextcloud/server/pull/4379 (`0a54d5a`) and https://github.com/nextcloud/server/pull/4380 (`bae64e8`) Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2018-02-13 21:40:38 +01:00
Morris Jobke	01482b32a1	Merge pull request #8062 from nextcloud/use-class Use ::class statement instead of string	2018-01-29 15:25:08 +01:00
Roeland Jago Douma	c0adfa4375	Don't perform CSRF check on OCS routes with Bearer auth Fixes #5694 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-01-29 14:37:18 +01:00
Morris Jobke	eb51f06a3b	Use ::class statement instead of string Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2018-01-29 12:03:47 +01:00
Morris Jobke	870fe20acc	Use $var[] = $a instead of array_push - 2x faster Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2018-01-25 22:36:03 +01:00
Morris Jobke	2a38605545	Properly log the full exception instead of only the message Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2018-01-23 10:57:21 +01:00
Morris Jobke	4ef302c0be	Request->getHeader() should always return a string PHPDoc (of the public API) says that this method returns string but it also returns null, which is not allowed in some method calls. This fixes that behaviour and returns an empty string and fixes all code paths that explicitly checked for null to be still compliant. Found while enabling the strict_typing for lib/private for the PHP7+ migration. Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2018-01-17 09:51:31 +01:00
Joas Schilling	7bc9a69c3f	Remove deprecated core API Signed-off-by: Joas Schilling <coding@schilljs.com>	2018-01-15 17:54:50 +01:00
Roeland Jago Douma	d44de92c31	Merge pull request #7838 from nextcloud/timefactory_strict Make the ITimeFactory strict + return types	2018-01-15 09:27:37 +01:00
Roeland Jago Douma	7ffd62bf95	Make the ITimeFactory strict + return types Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-01-14 21:55:40 +01:00
Roeland Jago Douma	704133d732	Remove deprecated functions from DI Container Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-01-13 19:29:52 +01:00
Roeland Jago Douma	57050146f6	Move passwordconfirmation to its own midleware Add tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-01-02 21:58:14 +01:00
Bjoern Schiessle	1bcbeb24bc	disable password confirmation with SSO Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	2018-01-02 20:30:37 +01:00
Roeland Jago Douma	ca70694502	Also check for empty content lenth Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-12-14 21:48:59 +01:00
Morris Jobke	31c5c2a592	Change @georgehrke's email Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2017-11-06 20:38:59 +01:00
Morris Jobke	0eebff152a	Update license headers Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2017-11-06 16:56:19 +01:00
Roeland Jago Douma	b88db3a389	Merge pull request #6921 from nextcloud/appmanager-securitymiddleware Use proper DI for security middleware for app enabled check	2017-10-24 19:58:24 +02:00
Morris Jobke	ce0c45a4ea	Use proper DI for security middleware for app enabled check Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2017-10-24 15:36:28 +02:00
Julius Härtl	4cfa1c66b8	Doc: Fix phpDoc issues Signed-off-by: Julius Härtl <jus@bitgrid.net>	2017-10-23 23:23:56 +02:00
Roeland Jago Douma	c257cd57d4	Handle SameSiteCookie check for index.php in AppFramework Middleware Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-09-24 21:07:16 +02:00
Joas Schilling	c4b3198ac2	Rethrow the correct exception when there was an error in an app container Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-09-12 11:54:13 +02:00
Bjoern Schiessle	9524badccc	extend the identity proof manager to allow system wide key pairs Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	2017-08-10 14:27:35 +02:00
Roeland Jago Douma	9717cdfb9e	If there is no content don't error Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-08-09 15:51:13 +02:00
Lukas Reschke	f93a82b8b0	Remove explicit type hints for Controller This is public API and breaks the middlewares of existing apps. Since this also requires maintaining two different code paths for 12 and 13 I'm at the moment voting for reverting this change. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-08-01 17:32:03 +02:00
Morris Jobke	84c22fdeef	Merge pull request #5907 from nextcloud/add-metadata-to-throttle-call Add metadata to \OCP\AppFramework\Http\Response::throttle	2017-08-01 14:43:47 +02:00
Morris Jobke	6010c4f267	Merge pull request #5877 from nextcloud/typehint_middleware Prop argument type for Middleware	2017-08-01 14:28:16 +02:00
Roeland Jago Douma	ede15f0988	Fix L10N::t Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-08-01 08:20:17 +02:00
Roeland Jago Douma	3548603a88	Fix middleware implementations signatures Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-07-31 16:54:19 +02:00
Lukas Reschke	f22ab3e665	Add metadata to \OCP\AppFramework\Http\Response::throttle Fixes https://github.com/nextcloud/server/issues/5891 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-07-27 14:17:45 +02:00
Roeland Jago Douma	5f227bd93b	More phpstorm inspection fixes Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-07-24 11:39:29 +02:00
Bjoern Schiessle	7c2d473d76	add new config switched for the global scale architecture Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	2017-05-29 18:19:28 +02:00
Joas Schilling	72c1b24844	Check whether the $_SERVER['REQUEST_*'] vars exist before using them Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-05-15 14:33:27 +02:00
coderkun	bdc7bb1f26	Add IPv6 to “localhost” regex (#440 ) Signed-off-by: Oliver Hanraths <olli@coderkun.de>	2017-05-14 21:29:03 +02:00
Joas Schilling	ca39940614	Automatic creation of Identity manager Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-05-10 09:45:11 +02:00
Morris Jobke	c54a59d51e	Remove unused use statements Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2017-04-22 19:23:31 -05:00
Roeland Jago Douma	d12ec7cff1	Revert "Match slashes in ../{id} resource routes" This reverts commit `31f9be7a75`. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-04-18 21:50:36 +02:00
Lukas Reschke	8149945a91	Make BruteForceProtection annotation more clever This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware. Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-04-13 23:05:33 +02:00
Morris Jobke	d0c0f6cfc1	Merge pull request #4326 from nextcloud/downstream-27562 Reorder the entries of the log for easier reading	2017-04-13 13:11:47 -05:00
Joas Schilling	695696a4a6	Use constants Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-04-13 12:04:32 -05:00
Lukas Reschke	a1ae5275f9	Move to dedicated MiddleWare Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-04-13 12:00:17 +02:00
Lukas Reschke	511524c668	Add isset() as it can be an empty result Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-04-13 12:00:17 +02:00
Lukas Reschke	d729bde98c	Register in ServerContainer Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-04-13 12:00:16 +02:00
Lukas Reschke	66835476b5	Add support for ratelimiting via annotations This allows adding rate limiting via annotations to controllers, as one example: ``` @UserRateThrottle(limit=5, period=100) @AnonRateThrottle(limit=1, period=100) ``` Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-04-13 12:00:16 +02:00
Juan Pablo Villafáñez	38e5135cb9	Reorder the entries of the log for easier reading	2017-04-12 13:03:19 +02:00
Morris Jobke	fa4107893d	Merge pull request #4138 from nextcloud/resources_match_fullid Match slashes in ../{id} resource routes	2017-04-04 15:52:53 -05:00
Roeland Jago Douma	31f9be7a75	Match slashes in ../{id} resource routes Fixes #2954 Before we could match on <prefix>/{id} however if the id contains a / this would not match properly. But since we define the resource routes internally we now make sure that we match all chars (up until the ?). Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-04-04 08:37:11 +02:00
Roeland Jago Douma	2a9192334e	Don't try to parse empty body if there is no body Fixes #3890 If we do a put request without a body the current code still tries to read the body. This patch makes sure that we do not try to read the body if the content length is 0. See RFC 2616 Section 4.3 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-04-04 08:22:33 +02:00

1 2 3 4

163 Commits