Commit Graph

189 Commits

Author SHA1 Message Date
Roeland Jago Douma 66013f906d
Merge pull request #24189 from nextcloud/enh/csp/frame-ancestors
Set frame-ancestors to none if none are filled
2020-11-18 11:29:28 +01:00
Roeland Jago Douma 9163790b7c
Set frame-ancestors to none if none are filled
frame-ancestors doesn't fall back to default-src. So when we apply a
very restricted CSP we should make sure to set it to 'none' and not
leave it empty.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-11-18 10:13:36 +01:00
Roeland Jago Douma 72a9c35be3
Remove some IRouter methods
This is not the end. IRouter needs to burn.
But it is a start.

🎵 we didn't start the fire 🎵

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-11-17 14:08:20 +01:00
Roeland Jago Douma fa6a790859
Remove deprecated OCSResponse
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-11-01 14:12:27 +01:00
Christoph Wurst e8e13c845c
Type the \OCP\AppFramework\Services\IInitialState::provideLazyInitialState closure with Psalm
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-10-28 09:04:15 +01:00
Christoph Wurst e646d7d5a9
Add psalm types for the event dispatcher
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-10-15 16:23:26 +02:00
Christoph Wurst ccfe6a9fa5
Add Psalm type for the bootstrap registration context
This can potentially catch a few bugs with wrong class strings.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-10-12 15:16:16 +02:00
Christoph Wurst a1b351036c
Add template typing to the QBMapper
The QBMapper is kind of a generic type, though this concept does not
exist in php. Hence you have a lot of type coercion in subtypes (mappers
in the individual apps) because you suddenly don't expect an Entity[]
but your specific type.

Luckily Psalm lets us type those. Then in the subclass you can
psalm-implement the mapper with a concrete type and psalm will do all
the magic to ensure types are used correctly.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-10-12 11:10:08 +02:00
Christoph Wurst d9015a8c94
Format code to a single space around binary operators
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-10-05 20:25:24 +02:00
Roeland Jago Douma f865a3a1c2
Move initial state provider to boostrap
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-10-04 09:35:33 +02:00
Julius Härtl 8ab2422b6c
Add acutal response to BeforeTemplateRenderedEvent
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-09-24 20:00:23 +02:00
Morris Jobke 99c9423766
Remove @suppress SqlInjectionChecker
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-09-16 15:53:56 +02:00
Christoph Wurst 3bc54bfd06
Fix writing BLOBs to postgres with recent contacts interaction
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-08-28 14:30:33 +02:00
Roeland Jago Douma b5e9f7e846
Merge pull request #22432 from nextcloud/enh/phpdoc
Add php docs build script
2020-08-26 21:18:11 +02:00
Julius Härtl 45a474071e
Remove @package annotations from public namespace
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-08-26 16:59:40 +02:00
Julius Härtl 94c0ca4b8c
Remove wrongly annotated package names
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-08-26 12:35:27 +02:00
Christoph Wurst 2a054e6c04
Update the license headers for Nextcloud 20
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-08-24 14:54:25 +02:00
Joas Schilling 35a8519591
Fix CS
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-08-19 11:20:36 +02:00
Joas Schilling e66bc4a8a7
Send "429 Too Many Requests" in case of brute force protection
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-08-19 11:20:35 +02:00
Julius Härtl 018be662f4
Refactor API to match the widget wording
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-08-05 17:03:38 +02:00
Morris Jobke 0581356169
Merge pull request #22097 from nextcloud/enh/noid/empty-template
Add empty renderAs template
2020-08-05 11:42:29 +02:00
Julius Härtl b51746212e
Add base renderAs template
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-08-04 09:48:43 +02:00
Julius Härtl e1b696929f
Move NotFoundResponse to a proper TemplateResponse
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-07-24 08:58:14 +02:00
Morris Jobke 7870ca0663
Use the proper IAppContainer and IServerContainer type hints to know which code runs with which container
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-07-21 20:44:05 +02:00
Christoph Wurst e029055e76
Make the bootstrap context return ContainerInterface instances
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-07-21 20:42:24 +02:00
Morris Jobke 9ae75a3ca9
Merge pull request #21850 from nextcloud/techdebt/noid/register-alternative-logins
Allow to register AlternativeLogin on RegistrationContext
2020-07-20 14:20:03 +02:00
Christoph Wurst 22ff03969e
Undeprecate IAppContainer and IServerContainer
With 4152216bd8 these two interfaces got
deprecated with the reasoning that we only need the base PSR interface.
However, there are cases where in Nextcloud you still want to have a
specific container (the one for the app vs the one for the server) when
you either have a container injected or query one from a container.

With a single interface that would not be possible. So it's probably
better if we leave the two interfaces, but only have them extend the PSR
interface. IContainer – with the custom methods – shall still be phased
out, but the two other sub interfaces can stay for tagging purposes.
Tagging means that no methods shall be added.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-07-17 10:17:18 +02:00
Joas Schilling 49970639fa
Add constants for the magic strings of template rendering
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-07-16 15:47:28 +02:00
Joas Schilling 0dfcc132ca
Allow to register AlternativeLogin on RegistrationContext
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-07-16 14:20:24 +02:00
Christoph Wurst 4152216bd8
Use PSR container interface and deprecate our own abstraction
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-07-16 13:35:45 +02:00
Morris Jobke c4b53538af
Better event description for BeforeTemplateRenderedEvent in files and files_sharing
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-07-15 20:15:51 +02:00
Roeland Jago Douma 7d7ba61625
Add real events to load additionalscripts
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-07-15 14:07:18 +02:00
Julius Härtl 81e5593133
Move to lazy panel registration during registration context
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-07-15 09:27:57 +02:00
Roeland Jago Douma 37b2121ccf
Deprecate registerRoutes
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-07-06 15:15:20 +02:00
Christoph Wurst 4a3ea04baa
Callable parameter injection
This is like what we have to DI and classes, but for callables.

The motivating factor is to get rid of *service locators* in the `boot`
method of apps as a new pattern is about to emerge where we have lots of
`query` calls on the app or server container in order to fetch some
services.

With this little helper it's possible to call another (public) method
and magically have everything injected.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-07-03 14:37:46 +02:00
Joas Schilling b7060be18d
Fix robots "noindex, nofollow" signals
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-06-25 08:29:43 +02:00
Christoph Wurst 4488e846a5
Add unified search API
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-06-24 14:20:25 +02:00
Roeland Jago Douma fbf9772a3e
Allow to specify the cookie type for appframework responses
In general it is good to set them to Lax. But also to give devs more
control over them is not a bad thing.

Helps with #21474

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-06-22 08:38:44 +02:00
Christoph Wurst 2b7b7144d4
Allow crash reporters registration during app bootstrap
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-06-19 10:38:26 +02:00
Christoph Wurst 5bc8510b3b
Load the app.php before running apps' boot method
Some apps require the composer autoloader from app.php. If we run boot
before including that file, classes and functions from dependencies
won't be found.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-06-17 14:44:02 +02:00
Christoph Wurst 69571fb536
Add dedicated API for apps' bootstrapping process
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-06-17 09:22:21 +02:00
Roeland Jago Douma c92c378a9c
Copy over the ETag and LastModified when formatting a Dataresponse
This way the ETag checks etc are all working.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-05-19 09:39:51 +02:00
Roeland Jago Douma 4fbea316a7
Merge pull request #20897 from nextcloud/bugfix/httpcache
Proxy server could cache http response when it is not private
2020-05-13 08:27:05 +02:00
Clement Wong e9be3a9090 Add public argument to Http cacheFor()
Signed-off-by: Clement Wong <git@clement.hk>
2020-05-10 20:24:14 +02:00
Clement Wong 401210d259 Proxy server could cache http response when it is not private
Signed-off-by: Clement Wong <git@clement.hk>
2020-05-10 11:24:08 +02:00
Morris Jobke 08e78ff3b2
Fix OCPSinceChecker and php-cs
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-05-08 11:20:46 +02:00
Roeland Jago Douma 163463dea5
Add InitialState Appframework service
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-05-07 10:13:06 +02:00
Roeland Jago Douma e923d7b42f
Merge pull request #20782 from nextcloud/enh/appframework/appconfig_wrapper
Simple AppConfig wrapper for the AppFramework
2020-05-07 08:43:55 +02:00
Roeland Jago Douma 8a8623c569
Simple AppConfig wrapper for the AppFramework
9 out of 10 cases apps want to access their own appconfig. Hence it
would be nice not to have to enter the app id all the time. This simple
wrapper just passes on the appid in all calls.

Basically this allows for simpler code in the apps.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-05-02 15:34:28 +02:00
Daniel Kesselberg cba7219b25
PHP 7.4 excludes the arguments from stack traces by default.
That leads to a false positive is not setup via query() but directly warning for every app because
the check does not work anymore.

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2020-04-30 17:00:56 +02:00