nextcloud

Commit Graph

Author	SHA1	Message	Date
Roeland Jago Douma	b88db3a389	Merge pull request #6921 from nextcloud/appmanager-securitymiddleware Use proper DI for security middleware for app enabled check	2017-10-24 19:58:24 +02:00
Morris Jobke	ce0c45a4ea	Use proper DI for security middleware for app enabled check Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2017-10-24 15:36:28 +02:00
Julius Härtl	4cfa1c66b8	Doc: Fix phpDoc issues Signed-off-by: Julius Härtl <jus@bitgrid.net>	2017-10-23 23:23:56 +02:00
Roeland Jago Douma	c257cd57d4	Handle SameSiteCookie check for index.php in AppFramework Middleware Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-09-24 21:07:16 +02:00
Joas Schilling	c4b3198ac2	Rethrow the correct exception when there was an error in an app container Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-09-12 11:54:13 +02:00
Bjoern Schiessle	9524badccc	extend the identity proof manager to allow system wide key pairs Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	2017-08-10 14:27:35 +02:00
Roeland Jago Douma	9717cdfb9e	If there is no content don't error Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-08-09 15:51:13 +02:00
Lukas Reschke	f93a82b8b0	Remove explicit type hints for Controller This is public API and breaks the middlewares of existing apps. Since this also requires maintaining two different code paths for 12 and 13 I'm at the moment voting for reverting this change. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-08-01 17:32:03 +02:00
Morris Jobke	84c22fdeef	Merge pull request #5907 from nextcloud/add-metadata-to-throttle-call Add metadata to \OCP\AppFramework\Http\Response::throttle	2017-08-01 14:43:47 +02:00
Morris Jobke	6010c4f267	Merge pull request #5877 from nextcloud/typehint_middleware Prop argument type for Middleware	2017-08-01 14:28:16 +02:00
Roeland Jago Douma	ede15f0988	Fix L10N::t Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-08-01 08:20:17 +02:00
Roeland Jago Douma	3548603a88	Fix middleware implementations signatures Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-07-31 16:54:19 +02:00
Lukas Reschke	f22ab3e665	Add metadata to \OCP\AppFramework\Http\Response::throttle Fixes https://github.com/nextcloud/server/issues/5891 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-07-27 14:17:45 +02:00
Roeland Jago Douma	5f227bd93b	More phpstorm inspection fixes Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-07-24 11:39:29 +02:00
Bjoern Schiessle	7c2d473d76	add new config switched for the global scale architecture Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	2017-05-29 18:19:28 +02:00
Joas Schilling	72c1b24844	Check whether the $_SERVER['REQUEST_*'] vars exist before using them Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-05-15 14:33:27 +02:00
coderkun	bdc7bb1f26	Add IPv6 to “localhost” regex (#440 ) Signed-off-by: Oliver Hanraths <olli@coderkun.de>	2017-05-14 21:29:03 +02:00
Joas Schilling	ca39940614	Automatic creation of Identity manager Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-05-10 09:45:11 +02:00
Morris Jobke	c54a59d51e	Remove unused use statements Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2017-04-22 19:23:31 -05:00
Roeland Jago Douma	d12ec7cff1	Revert "Match slashes in ../{id} resource routes" This reverts commit `31f9be7a75`. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-04-18 21:50:36 +02:00
Lukas Reschke	8149945a91	Make BruteForceProtection annotation more clever This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware. Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-04-13 23:05:33 +02:00
Morris Jobke	d0c0f6cfc1	Merge pull request #4326 from nextcloud/downstream-27562 Reorder the entries of the log for easier reading	2017-04-13 13:11:47 -05:00
Joas Schilling	695696a4a6	Use constants Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-04-13 12:04:32 -05:00
Lukas Reschke	a1ae5275f9	Move to dedicated MiddleWare Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-04-13 12:00:17 +02:00
Lukas Reschke	511524c668	Add isset() as it can be an empty result Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-04-13 12:00:17 +02:00
Lukas Reschke	d729bde98c	Register in ServerContainer Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-04-13 12:00:16 +02:00
Lukas Reschke	66835476b5	Add support for ratelimiting via annotations This allows adding rate limiting via annotations to controllers, as one example: ``` @UserRateThrottle(limit=5, period=100) @AnonRateThrottle(limit=1, period=100) ``` Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-04-13 12:00:16 +02:00
Juan Pablo Villafáñez	38e5135cb9	Reorder the entries of the log for easier reading	2017-04-12 13:03:19 +02:00
Morris Jobke	fa4107893d	Merge pull request #4138 from nextcloud/resources_match_fullid Match slashes in ../{id} resource routes	2017-04-04 15:52:53 -05:00
Roeland Jago Douma	31f9be7a75	Match slashes in ../{id} resource routes Fixes #2954 Before we could match on <prefix>/{id} however if the id contains a / this would not match properly. But since we define the resource routes internally we now make sure that we match all chars (up until the ?). Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-04-04 08:37:11 +02:00
Roeland Jago Douma	2a9192334e	Don't try to parse empty body if there is no body Fixes #3890 If we do a put request without a body the current code still tries to read the body. This patch makes sure that we do not try to read the body if the content length is 0. See RFC 2616 Section 4.3 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-04-04 08:22:33 +02:00
Joas Schilling	3f86f1276f	Also cache the namespace from appinfo Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-03-22 11:50:31 +01:00
Joas Schilling	5695a4ec92	Don't do a recursive search Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-03-22 10:44:13 +01:00
Joas Schilling	9208f6379c	buildAppNamespace already has the fallback Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-03-22 10:13:14 +01:00
Roeland Jago Douma	67909cf87b	Make DI work for all apps As stated in https://github.com/nextcloud/server/pull/3901#issuecomment-288135309 appid's don't have to match the namespace. Work around this Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-03-21 20:53:37 +01:00
Roeland Jago Douma	92f50c7d87	Core is also a special app Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-03-21 10:42:33 +01:00
Roeland Jago Douma	48c34522ed	Move a lot of stuff over to the ServerContainer Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-03-21 10:29:59 +01:00
Roeland Jago Douma	c92b9ce2c4	Fix settings tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-03-21 08:52:20 +01:00
Roeland Jago Douma	21641302a9	Add DI intergration tests * Moved some interface definitions to Server.php (more to come) * Build/Query only for existing classes in the AppContainer * Build/Query only for classes of the App in the AppContainer * Offload other stuff to the servercontainer Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-03-21 08:52:20 +01:00
Roeland Jago Douma	7cece61ff6	Extend DI tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-03-21 08:52:20 +01:00
Roeland Jago Douma	246e9ce547	More elegant handling of recursion Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-03-21 08:52:20 +01:00
Roeland Jago Douma	df14684817	PoC of moving the interface classes to the servercontainer Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-03-21 08:52:20 +01:00
Roeland Jago Douma	886202123c	Update query method for DIContainer To align with https://github.com/nextcloud/server/issues/2043#issuecomment-287348294 This would mean that AppContainers only hold the AppSpecific services Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-03-21 08:52:17 +01:00
Roeland Jago Douma	8626ccab1c	dont require strict same site cookies for ocs requests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-03-09 16:48:48 +01:00
Roeland Jago Douma	f8c459f1a4	Merge pull request #3607 from nextcloud/api-to-resend-welcome-message OCS API endpoint to resend welcome message	2017-03-03 13:50:30 +01:00
Sebastian Wessalowski	e399097e3a	Remove deprecated OC_User::isLoggedIn Signed-off-by: Sebastian Wessalowski <sebastian@wessalowski.org>	2017-03-02 22:59:39 +01:00
Morris Jobke	552921d429	Fix injection of defaults Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2017-02-28 16:30:34 -06:00
Morris Jobke	50f3efad6f	OCS API endpoint to resend welcome message * send a POST request to ocs/v1.php/cloud/users/USERNAME/resendWelcomeMessage to trigger the welcome message to be send * fixes #3367 example curl statement: curl -i https://example.org/ocs/v1.php/cloud/users/USERNAME/welcome -H "OCS-APIRequest: true" -u admin:password -X POST Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2017-02-28 16:30:33 -06:00
Joas Schilling	0be2921966	Fix DI of the cloud id manager into apps Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-02-14 12:47:46 +01:00
Morris Jobke	dfaaebd765	Merge pull request #3417 from nextcloud/push-notification Push notification	2017-02-10 16:00:47 -06:00

1 2 3

144 Commits