Commit Graph

34 Commits

Author SHA1 Message Date
Lukas Reschke 2ae08d6fc2
Match only for actual session cookie
OVH has implemented load balancing in a very questionable way where the reverse proxy actually internally adds some cookies which would trigger a security exception. To work around this, this change only checks for the session cookie.
2016-09-08 21:07:05 +02:00
Lukas Reschke 4fb2810add
Remove reading PATH_INFO from server variable
Having two code paths for this is unreliable and can lead to bugs. Also, in some cases Apache isn't setting the PATH_INFO variable when mod_rewrite is used.

Fixes https://github.com/nextcloud/server/issues/983
2016-08-27 22:16:30 +02:00
Arthur Schiwon 1ebbcdcc96
satisfy dependencies for files_external 2016-08-16 21:10:37 +02:00
Arthur Schiwon 57295ee35f
simplify encryption manager fetching in DIContainer 2016-08-16 21:10:27 +02:00
Arthur Schiwon 09573dbbba
adjust files_external 2016-08-16 21:06:38 +02:00
Arthur Schiwon 2e9794f53e
more admin page splitup improvements
* bump version to ensure tables are created
* make updatenotification app use settings api
* change IAdmin::render() to getForm() and change return type from Template to TemplateResponse
* adjust User_LDAP accordingly, as well as built-in forms
* add IDateTimeFormatter to AppFramework/DependencyInjection/DIContainer.php. This is important so that \OC::$server->query() is able to resolve the
constructor parameters. We should ensure that all OCP/* stuff that is available from \OC::$server is available here. Kudos to @LukasReschke
* make sure apps that have settings info in their info.xml are loaded before triggering adding the settings setup method
2016-08-16 21:05:11 +02:00
Joas Schilling 713e201074 Merge pull request #602 from nextcloud/backport-workflow-engine
🚧 [WIP] Backport workflow engine 🚧
2016-08-04 14:20:14 +02:00
Roeland Jago Douma 6990a4e550
Support subdir in the OCS v2 endpoint
We should check against the ending substring since people could
run their nextcloud in a subfolder.

* Added test
2016-07-28 13:12:01 +02:00
Joas Schilling 2a4a1278fa
Allow DI of the workflow manager by the OCP interface 2016-07-27 14:13:08 +02:00
Morris Jobke d181301699 Merge pull request #508 from nextcloud/stable10_ocs_appframework_xml
[Stable10] AppFramework do not get default response
2016-07-25 12:52:13 +02:00
Joas Schilling 23b205ed48
Run the license script 2016-07-22 11:40:41 +02:00
Roeland Jago Douma 2abd83212e
AppFramework do not get default response
The OCSResponse differs from other responses in that it defaults to
XML. However we fell back to json by default.

This makes sure that if nothing is set we don't pass anything.
Which defaults then to the controllers default (which is often 'json')
but in the case of the OCSResponse 'xml'.
2016-07-21 20:32:48 +02:00
Lukas Reschke c385423d10 Merge pull request #479 from nextcloud/add-bruteforce-throttler
Implement brute force protection
2016-07-21 00:31:02 +02:00
Lukas Reschke ba4f12baa0
Implement brute force protection
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.

It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
2016-07-20 22:08:56 +02:00
Lukas Reschke 020a2a6958 Merge pull request #476 from nextcloud/port-same-site-cookies
[master] Port Same-Site Cookies to master
2016-07-20 21:35:02 +02:00
Roeland Jago Douma ea47974a08
Add OCSMiddleware to catch OCS exceptions
* OCSException
* OCSBadRequestException
* OCSForbiddenException
* OCSNotFoundException
2016-07-20 20:03:49 +02:00
Lukas Reschke a299fa38a9
[master] Port Same-Site Cookies to master
Fixes https://github.com/nextcloud/server/issues/50
2016-07-20 18:37:57 +02:00
Roeland Douma 13a25535d2 Merge pull request #400 from nextcloud/ocs_appframework
OCS routes use AppFramework
2016-07-19 12:21:14 +02:00
Joas Schilling b1d652e8b0
Copy the regexes to the public interface 2016-07-18 15:11:44 +02:00
Roeland Jago Douma 0bda09236e
Add route tests 2016-07-18 11:09:49 +02:00
Roeland Jago Douma 1ff4b7f63d
Allow registering of OCS routes with the appframework 2016-07-18 11:09:04 +02:00
Christoph Wurst 82b50d126c
add PasswordLoginForbiddenException 2016-06-17 11:02:07 +02:00
Christoph Wurst 331d88bcab
create session token on all APIs 2016-06-13 15:38:34 +02:00
Christoph Wurst 9997c431c3
use client login method on CORS routes 2016-06-08 15:18:53 +02:00
Christoph Wurst 5e71d23ded
remember redirect_url when solving the 2FA challenge 2016-06-01 14:43:47 +02:00
Lukas Reschke aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Joas Schilling aac990eddf
Add a background job that generates notifications when an update is available 2016-05-24 11:26:51 +02:00
Christoph Wurst dfb4d426c2
Add two factor auth to core 2016-05-23 11:21:10 +02:00
Joas Schilling 7e3ce83526
Add a method to lock a table 2016-05-21 01:59:03 +02:00
Christoph Wurst 13883d2d57
add IClientService to DI container 2016-05-01 15:08:56 +02:00
Roeland Jago Douma eb11ed1851
Make ownCloud work again in php 7.0.6
See https://bugs.php.net/bug.php?id=72117
2016-04-28 12:23:17 +02:00
Joas Schilling 6d668807fb
Allow automatic dependency injection for OCP\Mail\Mailer 2016-04-25 16:02:57 +02:00
Roeland Jago Douma 4eebccd81f
Fix inconsistent nameing of AppFramework 2016-04-22 16:00:00 +02:00
Roeland Jago Douma 1d33a5ef13
Move \OC\AppFramework to PSR-4
* Also moved the autoloader setup a bit up since we need it in initpaths
2016-04-22 15:28:09 +02:00