mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
51,158 Commits 349 Branches 696 Tags 1.6 GiB
Commit Graph

72 Commits

Author SHA1 Message Date
Roeland Jago Douma 7c078a81b4
Add trict CSP to OCS responses 
If a repsonse now explicitly has the Empty CSP set then the middleware
won't touch it.
 2016-09-15 13:11:36 +02:00
Roeland Jago Douma 3c55fe6bab
Split OCS version handling 
This cleans up a bit the OCSController/Middleware. Since the 2 versions
of OCS differ a bit. Moved a lot of stuff internal since it is of no
concern to the outside.
 2016-09-06 11:57:39 +02:00
Roeland Jago Douma e3b0e50dda
Extend OCSMiddleware 
* Always set 401 (v1.php and v2.php)
* Set proper error codes for v2.php
* Proper OCS output on unhandled exceptions
 2016-08-14 18:34:01 +02:00
Roeland Jago Douma 5c718b13b8
We should properly check for 'true' instaed of the bool 2016-08-01 08:52:50 +02:00
Roeland Jago Douma f7f5216aa3
Dark hackery to not always disable CSRF for OCS controllers 2016-07-29 15:49:27 +02:00
Roeland Jago Douma 8bdd0adcee
Support subdir in the OCS v2 endpoint 
We should check against the ending substring since people could
run their nextcloud in a subfolder.

* Added test
 2016-07-27 15:28:35 +02:00
Roeland Jago Douma b543fd8d30
Set proper status code in OCS AppFramework Middleware 2016-07-22 12:53:47 +02:00
Morris Jobke 8c7d7d7746 Merge pull request #507 from nextcloud/run-le-script 
Update emails and license headers with latest changes
 2016-07-21 23:27:15 +02:00
Lukas Reschke 562e63cf69 Merge pull request #480 from nextcloud/fix_ocs_response_format 
AppFramework default response for OCS is xml
 2016-07-21 19:52:17 +02:00
Joas Schilling ba87db3fcc
Fix others 2016-07-21 18:13:57 +02:00
Lukas Reschke c385423d10 Merge pull request #479 from nextcloud/add-bruteforce-throttler 
Implement brute force protection
 2016-07-21 00:31:02 +02:00
Lukas Reschke ba4f12baa0
Implement brute force protection 
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.

It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
 2016-07-20 22:08:56 +02:00
Roeland Jago Douma e42f2f2650
AppFramework do not get default response 
The OCSResponse differs from other responses in that it defaults to
XML. However we fell back to json by default.

This makes sure that if nothing is set we don't pass anything.
Which defaults then to the controllers default (which is often 'json')
but in the case of the OCSResponse 'xml'.
 2016-07-20 22:05:43 +02:00
Lukas Reschke 020a2a6958 Merge pull request #476 from nextcloud/port-same-site-cookies 
[master] Port Same-Site Cookies to master
 2016-07-20 21:35:02 +02:00
Roeland Jago Douma ea47974a08
Add OCSMiddleware to catch OCS exceptions 
* OCSException
* OCSBadRequestException
* OCSForbiddenException
* OCSNotFoundException
 2016-07-20 20:03:49 +02:00
Lukas Reschke a299fa38a9
[master] Port Same-Site Cookies to master 
Fixes https://github.com/nextcloud/server/issues/50
 2016-07-20 18:37:57 +02:00
Christoph Wurst 82b50d126c
add PasswordLoginForbiddenException 2016-06-17 11:02:07 +02:00
Christoph Wurst 331d88bcab
create session token on all APIs 2016-06-13 15:38:34 +02:00
Christoph Wurst 9997c431c3
use client login method on CORS routes 2016-06-08 15:18:53 +02:00
Lukas Reschke aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Roeland Jago Douma 4eebccd81f
Fix inconsistent nameing of AppFramework 2016-04-22 16:00:00 +02:00
Roeland Jago Douma 1d33a5ef13
Move \OC\AppFramework to PSR-4 
* Also moved the autoloader setup a bit up since we need it in initpaths
 2016-04-22 15:28:09 +02:00