Commit Graph

308 Commits

Author SHA1 Message Date
Christoph Wurst 74936c49ea
Remove unused imports
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-25 22:08:08 +01:00
Christoph Wurst 5fc4c91a76
Fix mismatching doc block parameter types
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-06 16:28:42 +01:00
Joas Schilling 3894dcb756
Hardcode Talk namespace to fix install due to global route
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-02-14 12:34:13 +01:00
Daniel Kesselberg 96d1640a37
Use strpos to check that @ is the first char
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2020-01-23 10:25:52 +01:00
Joas Schilling d445f9b9fe
Fix loaded controller check
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-01-21 16:35:10 +01:00
Daniel Kesselberg 8331d8296b
Make getServerHost more robust to faulty user input
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2020-01-16 11:26:29 +01:00
Daniel Kesselberg d393b1612b
Modify regex to match some other chromium browsers
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-12-27 17:24:52 +01:00
Christoph Wurst 1b46621cd3
Update license headers for 18
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-12-20 09:23:25 +01:00
Roeland Jago Douma 0360ab408e
Merge pull request #18256 from nextcloud/files-aditional-scripts-new-events
Use non-depricated events for loading additional scripts in files app
2019-12-09 21:24:55 +01:00
Robin Appelman 1c585d2c50
use OCP\EventDispatcher\GenericEvent in more places
Signed-off-by: Robin Appelman <robin@icewind.nl>
2019-12-09 14:24:57 +01:00
Daniel Kesselberg 0016480370
Decouple resource provider registration
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-12-07 22:04:07 +01:00
Christoph Wurst 5bf3d1bb38
Update license headers
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-12-05 15:38:45 +01:00
Julius Härtl a055d8ddf9
Always return overwritehost if configured
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-11-28 15:02:33 +01:00
Roeland Jago Douma 68748d4f85
Some php-cs fixes
* Order the imports
* No leading slash on imports
* Empty line before namespace
* One line per import
* Empty after imports
* Emmpty line at bottom of file

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-22 20:52:10 +01:00
Joas Schilling 6ad54f3f27
Merge pull request #17850 from nextcloud/bugfix/noid/mark-spreed-as-active-on-call-urls
Mark "Talk" active on /call/token URLs
2019-11-20 10:33:45 +01:00
Daniel Kesselberg 9055f46351
Make phan happy ;)
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-11-19 16:16:26 +01:00
Arthur Schiwon 0a1937208f
Fixes a 500 without userid
plus cleanup of unused use statements

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-11-16 01:10:19 +01:00
Joas Schilling 15f00f0126
Mark "Talk" active on /call/token URLs
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-11-12 21:39:20 +01:00
Roeland Jago Douma 098ab7af4b
Do DI on registered middleware as well
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-10-16 22:52:48 +02:00
Daniel Kesselberg 0ecc70c497
Assume that getType is available
From PHP7 getType is always available. No need to check it nowdays.

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-10-14 09:50:12 +02:00
Daniel Kesselberg ace74ef866
Fix ReflectionType::__toString() is deprecated
As of PHP 7.1.0, ReflectionType::__toString() is deprecated, and ReflectionParameter::getType() may return an instance of ReflectionNamedType. To get the name of the parameter type, ReflectionNamedType() is available in this case.

https://www.php.net/manual/en/reflectionparameter.gettype.php
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-10-14 09:50:06 +02:00
Daniel Kesselberg fdf4e1ebb2
Remove duplicate code
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-10-08 00:46:50 +02:00
Christoph Wurst de6940352a Move settings to an app
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>
2019-09-28 09:39:28 +00:00
Julius Härtl 299759b836
Handle throwables in the http dispatcher
Co-authored-by: Arthur Schiwon <blizzz@arthur-schiwon.de>

Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-08-29 17:19:14 +02:00
Roeland Jago Douma 3f12ec95f0
SessionMiddleware: declare session property
* Remove request since we don't useit
* Update tests as well

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-28 13:02:29 +02:00
Roeland Jago Douma b8c5008acf
Add feature policy header
This adds the events and the classes to modify the feature policy.
It also adds a default restricted feature policy.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-10 14:26:22 +02:00
Roeland Jago Douma 5d94590cee
Have the OCSBaseResponse call the parent constructor
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-08 09:52:20 +02:00
Roeland Jago Douma 37a4282c7a
Split up security middleware
With upcoming work for the feature policy header. Splitting this in
smaller classes that just do 1 thing makes sense.

I rather have a few small classes that are tiny and do 1 thing right
(and we all understand what is going on) than have big ones.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-27 16:11:45 +02:00
Roeland Jago Douma 357263a70b
Do not try to autoload built in types
This avoids calls to the autoloader (or chain of autoloaders) to see if
for example 'principalPrefix' class can be found. While we already know
it is a string.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-06-04 15:13:32 +02:00
Roeland Jago Douma b0c2042a28
Merge pull request #15714 from nextcloud/fix/204_304_rfc
Check the actual status code for 204 and 304
2019-05-24 19:51:01 +02:00
Roeland Jago Douma b0c030cbb5
Check the actual status code for 204 and 304
The header is the full http header like: HTTP/1.1 304 Not Modified
So comparing this to an int always yields false
This also makes the 304 RFC compliant as the resulting content length
should otherwise be the length of the message and not 0.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-05-24 15:18:32 +02:00
Christoph Wurst 22ae682823
Make it possible to show admin settings for sub admins
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-05-23 20:31:40 +02:00
Joas Schilling 471827cb31
Make sure all middlewares are only registered once
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-05-06 11:28:18 +02:00
Joas Schilling a3c9e5b11b
Add a message about disabled global routes
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-03-11 12:43:39 +01:00
Joas Schilling 4e8b033281
Make sure urlParams are correctly injected in global routes
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-03-11 12:30:44 +01:00
Joas Schilling 702dcfb728
Make names mandatory
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-03-01 20:56:16 +01:00
Morris Jobke 0e9903c420
Merge pull request #13969 from nextcloud/enh/additional_scripts_no_on_public_pages
No need to emit additonalscript event on public pages
2019-02-07 15:57:14 +01:00
Roeland Jago Douma 60e5a5eca4
Do not do redirect handling when loggin out
Fixes #12568
Since the clearing of the execution context causes another reload. We
should not do the redirect_uri handling as this results in redirecting
back to the logout page on login.

This adds a simple middleware that will just check if the
ClearExecutionContext session variable is set. If that is the case it
will just redirect back to the login page.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-02-06 11:29:32 +01:00
Roeland Jago Douma b68567e9ba
Add StandaloneTemplateResponse
This can be used by pages that do not have the full Nextcloud UI.
So notifications etc do not load there.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-02-06 11:26:18 +01:00
Roeland Jago Douma d88604015a
No need to emit additonalscript event on public pages
There already is a separate event for this. This will make it possible
to only inject code with the logged in one on default rendered pages.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-02-05 20:59:36 +01:00
Roeland Jago Douma 23245904d3
Merge pull request #13694 from b108/duplicate-functionality-in-request-class
Remove duplicate functionality
2019-02-01 11:28:25 +01:00
Roeland Jago Douma d182037bce
Emit to load additionalscripts
Fixes #13662

This will fire of an event after a Template Response has been returned.
There is an event for the generic loading and one when logged in. So
apps can chose to load only on loged in pages.

This is a more generic approach than the files app event. As some things
we might want to load on other pages as well besides the files app.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-01-31 12:11:40 +01:00
Joas Schilling 92edd40e51
Make RouteConfig strict
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-01-22 14:18:58 +01:00
Joas Schilling f8b74cf0a5
Allow resources via OCS as well
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-01-22 14:18:58 +01:00
b108@volgograd bf167ad3ac Remove duplicate functionality
This functionality implemented in the next line:

$requestUri = preg_replace('%/{2,}%', '/', $requestUri);
2019-01-20 13:29:58 +04:00
Roeland Jago Douma 54ff913de6
Cleanup middleware registering
Fixes #12224

Since we only use the middleware at 1 location it makes no sense to
register them in each and every container.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-01-03 11:50:01 +01:00
Roeland Jago Douma 514426e27d
Only trust the X-FORWARDED-HOST header for trusted proxies
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-12-17 15:54:45 +01:00
Morris Jobke 411d2dece5
Merge pull request #11786 from nextcloud/feature/password_confirmation_backend
Expose password confirmation capabilities in the user backend
2018-11-06 00:44:18 +01:00
Roeland Jago Douma 2452a3ec73
Properly query the methodreflector
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-02 19:20:37 +01:00
Roeland Jago Douma 0e5147f001
Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-02 19:20:37 +01:00
Roeland Jago Douma bfb5ef4b29
The identityproof manager should be in Server
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-02 19:20:37 +01:00
Roeland Jago Douma 8f833a309a
No need to register it also in the DI Container
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-02 19:20:37 +01:00
Roeland Jago Douma fbd0d0bdcf
The Encryption manager belongs in Server.php
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-02 19:20:37 +01:00
Roeland Jago Douma 9c28d2d7c4
SearchResult should be difined in Server as it is a core component
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-02 19:20:37 +01:00
Roeland Jago Douma 964ebed86c
The UserSession is constructed in the server
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-02 19:20:37 +01:00
Roeland Jago Douma b2501dbf9a
TimeFactory is already regsitsered in the Server Container
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-02 19:20:37 +01:00
Roeland Jago Douma 61adb513fe
Request is already regsitered in the Server container
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-02 19:20:36 +01:00
Roeland Jago Douma 421a40e7db
Was already registered in Server
The DIContainaer will query server anyways if it can't find it

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-02 19:20:35 +01:00
Roeland Jago Douma 603b672a11
Update password confirmation middleware
If the userbackend doesn't allow validating the password for a given uid
then there is no need to perform this check.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-02 13:44:45 +01:00
Morris Jobke dccfe4bf84
Merge pull request #12036 from olivermg/master
Add capability of specifying "trusted_proxies" entries in CIDR notation (IPv4)
2018-10-30 10:49:08 +01:00
Morris Jobke c9e6a99637
Merge pull request #12085 from nextcloud/add-gss-to-excluded-backends
add global site selector as user back-end which doesn't support password confirmation
2018-10-30 10:16:07 +01:00
Oliver Wegner 401ca28f07 Adding handling of CIDR notation to trusted_proxies for IPv4
Signed-off-by: Oliver Wegner <void1976@gmail.com>
2018-10-30 09:15:42 +01:00
Bjoern Schiessle 85d9f06cb8
add global site selector as user back-end which doesn't support password confirmation
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-10-27 15:43:51 +02:00
Daniel Kesselberg 986f4df2a5
Add REMOTE_ADDR to getHeader
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-10-25 22:26:49 +02:00
Joas Schilling 840dd4b39c
Allow to inject/mock `new \DateTime()` similar to time()
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-10-09 15:38:31 +02:00
Robin Appelman dccbdc8c01
only catch QueryException when trying to build class
Signed-off-by: Robin Appelman <robin@icewind.nl>
2018-09-21 18:32:15 +02:00
Roeland Jago Douma 9319d557a4
Add wrapper Logger in DIContainer
This makes sure that for example app for the context is always set.
We can in the future extend this to include more info.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-09-04 10:05:25 +02:00
Robin Appelman c0a283fefb
ensure we always return an array from `Request::getParams`
Signed-off-by: Robin Appelman <robin@icewind.nl>
2018-08-28 18:11:42 +02:00
Roeland Jago Douma 8c1e75e052
Do not use file as template parameter
Using file will overwrite the $file parameter in the template base.
Leading to trying to include a file that is the exception message. Which
will of course fail.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-08-09 16:45:25 +02:00
Roeland Jago Douma e7338173e8
Add PublicShareMiddlewareTest
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-20 08:53:37 +02:00
Roeland Jago Douma 20e514690c
Don't allow public share pages if link sharing is disabled
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-20 08:53:37 +02:00
Roeland Jago Douma 366981fba6
Move public preview endpoint over
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-20 08:53:37 +02:00
Roeland Jago Douma f36ef8ca80
Add the new PublicShareController and PublicShareMiddleware
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-20 08:53:35 +02:00
Joas Schilling b4bacf46f3
Do not send a body for "No content", "Not modified" and others
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-05-04 13:46:13 +02:00
Joas Schilling f5b143e318
Allow to inject ISearchResult
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-04-26 12:19:15 +02:00
Arthur Schiwon 38a90130ce
move log constants to ILogger
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-04-26 10:45:52 +02:00
Roeland Jago Douma 129a608ebe
OCP\AppFramework\App strict
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-03-09 08:42:03 +01:00
Morris Jobke a2db959f5c
Merge pull request #8593 from eneiluj/master
Allow public page access to apps with group restrictions
2018-03-08 11:27:52 +01:00
Roeland Jago Douma 3ad7daeda5
Add tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-03-08 11:05:18 +01:00
Roeland Jago Douma 340e8ef16c
Make SecurityMiddleware strict
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-03-08 10:11:47 +01:00
Joas Schilling 1dd40b1f45
Single quotes
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-03-07 16:50:18 +01:00
Joas Schilling 559978c50e
Suppress phan error
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-03-07 16:43:16 +01:00
Joas Schilling 09d8387b00
Try without autoloading
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-03-06 13:56:44 +01:00
Joas Schilling 97c4c00e3f
Better debugging for "Your test case is not allowed to access the database."
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-03-05 16:06:29 +01:00
Julien Veyssier 7da0812186 Do not throw AppNotEnabledException for app public pages - refs #6962, refs #5309
It allows non-logged user to access public pages of applications restricted to a group

Signed-off-by: Julien Veyssier <eneiluj@posteo.net>
2018-02-28 20:35:53 +01:00
Morris Jobke a60d7a8563
Merge pull request #8541 from nextcloud/translate-permission-error-page
Provide translated error message for permission error
2018-02-26 17:50:21 +01:00
Morris Jobke cf35c4b03a
Provide translated error message for permission error
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-02-26 17:00:29 +01:00
Roeland Jago Douma 043a824e6a
Fix comments
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-22 15:51:19 +01:00
Roeland Jago Douma 0ee45d3d20
Fix proper types
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-22 15:51:19 +01:00
Roeland Jago Douma a229095af1
Make Request strict
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-22 15:51:19 +01:00
Roeland Jago Douma fb41a93a95
Merge pull request #8473 from nextcloud/strict_cmr
Strict OCP\AppFramework\Utility\IControllerMethodReflector
2018-02-21 22:56:40 +01:00
Roeland Jago Douma 4859775893
Don't try to match on false
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-21 20:38:14 +01:00
Roeland Jago Douma aa060f5332
Strict OCP\AppFramework\Utility\IControllerMethodReflector
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-21 19:55:49 +01:00
Roeland Jago Douma ca9f364fd4
Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-21 10:55:52 +01:00
Roeland Jago Douma a773b055fc
Make the middlewareDispatcher strict
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-21 10:55:24 +01:00
Roeland Jago Douma bb0c7b2943
Make AppFramework/Http/Dispatcher strict
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-02-21 08:51:46 +01:00
Roeland Jago Douma cf83eb5e77
Merge pull request #8336 from nextcloud/cleanup-unused-parameter
Cleanup unused parameter
2018-02-20 10:16:59 +01:00
Morris Jobke d3d045dd5c
Remove unused import statements
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-02-14 16:55:43 +01:00
Morris Jobke d18d323f21
Remove fromMailAddress from MailSettingsController
Was removed in https://github.com/nextcloud/server/pull/4379 (0a54d5a) and https://github.com/nextcloud/server/pull/4380 (bae64e8)

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-02-13 21:40:38 +01:00
Morris Jobke 01482b32a1
Merge pull request #8062 from nextcloud/use-class
Use ::class statement instead of string
2018-01-29 15:25:08 +01:00