mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
53,764 Commits 349 Branches 696 Tags 1.6 GiB
Commit Graph

277 Commits

Author SHA1 Message Date
Christoph Wurst 22ae682823
Make it possible to show admin settings for sub admins 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2019-05-23 20:31:40 +02:00
Joas Schilling 471827cb31
Make sure all middlewares are only registered once 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2019-05-06 11:28:18 +02:00
Joas Schilling a3c9e5b11b
Add a message about disabled global routes 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2019-03-11 12:43:39 +01:00
Joas Schilling 4e8b033281
Make sure urlParams are correctly injected in global routes 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2019-03-11 12:30:44 +01:00
Joas Schilling 702dcfb728
Make names mandatory 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2019-03-01 20:56:16 +01:00
Morris Jobke 0e9903c420
Merge pull request #13969 from nextcloud/enh/additional_scripts_no_on_public_pages 
No need to emit additonalscript event on public pages
 2019-02-07 15:57:14 +01:00
Roeland Jago Douma 60e5a5eca4
Do not do redirect handling when loggin out 
Fixes #12568
Since the clearing of the execution context causes another reload. We
should not do the redirect_uri handling as this results in redirecting
back to the logout page on login.

This adds a simple middleware that will just check if the
ClearExecutionContext session variable is set. If that is the case it
will just redirect back to the login page.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-02-06 11:29:32 +01:00
Roeland Jago Douma b68567e9ba
Add StandaloneTemplateResponse 
This can be used by pages that do not have the full Nextcloud UI.
So notifications etc do not load there.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-02-06 11:26:18 +01:00
Roeland Jago Douma d88604015a
No need to emit additonalscript event on public pages 
There already is a separate event for this. This will make it possible
to only inject code with the logged in one on default rendered pages.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-02-05 20:59:36 +01:00
Roeland Jago Douma 23245904d3
Merge pull request #13694 from b108/duplicate-functionality-in-request-class 
Remove duplicate functionality
 2019-02-01 11:28:25 +01:00
Roeland Jago Douma d182037bce
Emit to load additionalscripts 
Fixes #13662

This will fire of an event after a Template Response has been returned.
There is an event for the generic loading and one when logged in. So
apps can chose to load only on loged in pages.

This is a more generic approach than the files app event. As some things
we might want to load on other pages as well besides the files app.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-01-31 12:11:40 +01:00
Joas Schilling 92edd40e51
Make RouteConfig strict 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2019-01-22 14:18:58 +01:00
Joas Schilling f8b74cf0a5
Allow resources via OCS as well 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2019-01-22 14:18:58 +01:00
b108@volgograd bf167ad3ac Remove duplicate functionality 
This functionality implemented in the next line:

$requestUri = preg_replace('%/{2,}%', '/', $requestUri);
 2019-01-20 13:29:58 +04:00
Roeland Jago Douma 54ff913de6
Cleanup middleware registering 
Fixes #12224

Since we only use the middleware at 1 location it makes no sense to
register them in each and every container.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-01-03 11:50:01 +01:00
Roeland Jago Douma 514426e27d
Only trust the X-FORWARDED-HOST header for trusted proxies 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-12-17 15:54:45 +01:00
Morris Jobke 411d2dece5
Merge pull request #11786 from nextcloud/feature/password_confirmation_backend 
Expose password confirmation capabilities in the user backend
 2018-11-06 00:44:18 +01:00
Roeland Jago Douma 2452a3ec73
Properly query the methodreflector 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-11-02 19:20:37 +01:00
Roeland Jago Douma 0e5147f001
Fix tests 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-11-02 19:20:37 +01:00
Roeland Jago Douma bfb5ef4b29
The identityproof manager should be in Server 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-11-02 19:20:37 +01:00
Roeland Jago Douma 8f833a309a
No need to register it also in the DI Container 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-11-02 19:20:37 +01:00
Roeland Jago Douma fbd0d0bdcf
The Encryption manager belongs in Server.php 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-11-02 19:20:37 +01:00
Roeland Jago Douma 9c28d2d7c4
SearchResult should be difined in Server as it is a core component 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-11-02 19:20:37 +01:00
Roeland Jago Douma 964ebed86c
The UserSession is constructed in the server 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-11-02 19:20:37 +01:00
Roeland Jago Douma b2501dbf9a
TimeFactory is already regsitsered in the Server Container 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-11-02 19:20:37 +01:00
Roeland Jago Douma 61adb513fe
Request is already regsitered in the Server container 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-11-02 19:20:36 +01:00
Roeland Jago Douma 421a40e7db
Was already registered in Server 
The DIContainaer will query server anyways if it can't find it

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-11-02 19:20:35 +01:00
Roeland Jago Douma 603b672a11
Update password confirmation middleware 
If the userbackend doesn't allow validating the password for a given uid
then there is no need to perform this check.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-11-02 13:44:45 +01:00
Morris Jobke dccfe4bf84
Merge pull request #12036 from olivermg/master 
Add capability of specifying "trusted_proxies" entries in CIDR notation (IPv4)
 2018-10-30 10:49:08 +01:00
Morris Jobke c9e6a99637
Merge pull request #12085 from nextcloud/add-gss-to-excluded-backends 
add global site selector as user back-end which doesn't support password confirmation
 2018-10-30 10:16:07 +01:00
Oliver Wegner 401ca28f07 Adding handling of CIDR notation to trusted_proxies for IPv4 
Signed-off-by: Oliver Wegner <void1976@gmail.com>
 2018-10-30 09:15:42 +01:00
Bjoern Schiessle 85d9f06cb8
add global site selector as user back-end which doesn't support password confirmation 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2018-10-27 15:43:51 +02:00
Daniel Kesselberg 986f4df2a5
Add REMOTE_ADDR to getHeader 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2018-10-25 22:26:49 +02:00
Joas Schilling 840dd4b39c
Allow to inject/mock `new \DateTime()` similar to time() 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2018-10-09 15:38:31 +02:00
Robin Appelman dccbdc8c01
only catch QueryException when trying to build class 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2018-09-21 18:32:15 +02:00
Roeland Jago Douma 9319d557a4
Add wrapper Logger in DIContainer 
This makes sure that for example app for the context is always set.
We can in the future extend this to include more info.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-09-04 10:05:25 +02:00
Robin Appelman c0a283fefb
ensure we always return an array from `Request::getParams` 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2018-08-28 18:11:42 +02:00
Roeland Jago Douma 8c1e75e052
Do not use file as template parameter 
Using file will overwrite the $file parameter in the template base.
Leading to trying to include a file that is the exception message. Which
will of course fail.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-08-09 16:45:25 +02:00
Roeland Jago Douma e7338173e8
Add PublicShareMiddlewareTest 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-06-20 08:53:37 +02:00
Roeland Jago Douma 20e514690c
Don't allow public share pages if link sharing is disabled 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-06-20 08:53:37 +02:00
Roeland Jago Douma 366981fba6
Move public preview endpoint over 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-06-20 08:53:37 +02:00
Roeland Jago Douma f36ef8ca80
Add the new PublicShareController and PublicShareMiddleware 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-06-20 08:53:35 +02:00
Joas Schilling b4bacf46f3
Do not send a body for "No content", "Not modified" and others 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2018-05-04 13:46:13 +02:00
Joas Schilling f5b143e318
Allow to inject ISearchResult 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2018-04-26 12:19:15 +02:00
Arthur Schiwon 38a90130ce
move log constants to ILogger 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2018-04-26 10:45:52 +02:00
Roeland Jago Douma 129a608ebe
OCP\AppFramework\App strict 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-03-09 08:42:03 +01:00
Morris Jobke a2db959f5c
Merge pull request #8593 from eneiluj/master 
Allow public page access to apps with group restrictions
 2018-03-08 11:27:52 +01:00
Roeland Jago Douma 3ad7daeda5
Add tests 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-03-08 11:05:18 +01:00
Roeland Jago Douma 340e8ef16c
Make SecurityMiddleware strict 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-03-08 10:11:47 +01:00
Joas Schilling 1dd40b1f45
Single quotes 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2018-03-07 16:50:18 +01:00
Joas Schilling 559978c50e
Suppress phan error 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2018-03-07 16:43:16 +01:00
Joas Schilling 09d8387b00
Try without autoloading 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2018-03-06 13:56:44 +01:00
Joas Schilling 97c4c00e3f
Better debugging for "Your test case is not allowed to access the database." 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2018-03-05 16:06:29 +01:00
Julien Veyssier 7da0812186 Do not throw AppNotEnabledException for app public pages - refs #6962, refs #5309 
It allows non-logged user to access public pages of applications restricted to a group

Signed-off-by: Julien Veyssier <eneiluj@posteo.net>
 2018-02-28 20:35:53 +01:00
Morris Jobke a60d7a8563
Merge pull request #8541 from nextcloud/translate-permission-error-page 
Provide translated error message for permission error
 2018-02-26 17:50:21 +01:00
Morris Jobke cf35c4b03a
Provide translated error message for permission error 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-02-26 17:00:29 +01:00
Roeland Jago Douma 043a824e6a
Fix comments 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-02-22 15:51:19 +01:00
Roeland Jago Douma 0ee45d3d20
Fix proper types 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-02-22 15:51:19 +01:00
Roeland Jago Douma a229095af1
Make Request strict 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-02-22 15:51:19 +01:00
Roeland Jago Douma fb41a93a95
Merge pull request #8473 from nextcloud/strict_cmr 
Strict OCP\AppFramework\Utility\IControllerMethodReflector
 2018-02-21 22:56:40 +01:00
Roeland Jago Douma 4859775893
Don't try to match on false 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-02-21 20:38:14 +01:00
Roeland Jago Douma aa060f5332
Strict OCP\AppFramework\Utility\IControllerMethodReflector 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-02-21 19:55:49 +01:00
Roeland Jago Douma ca9f364fd4
Fix tests 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-02-21 10:55:52 +01:00
Roeland Jago Douma a773b055fc
Make the middlewareDispatcher strict 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-02-21 10:55:24 +01:00
Roeland Jago Douma bb0c7b2943
Make AppFramework/Http/Dispatcher strict 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-02-21 08:51:46 +01:00
Roeland Jago Douma cf83eb5e77
Merge pull request #8336 from nextcloud/cleanup-unused-parameter 
Cleanup unused parameter
 2018-02-20 10:16:59 +01:00
Morris Jobke d3d045dd5c
Remove unused import statements 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-02-14 16:55:43 +01:00
Morris Jobke d18d323f21
Remove fromMailAddress from MailSettingsController 
Was removed in https://github.com/nextcloud/server/pull/4379 (0a54d5a) and https://github.com/nextcloud/server/pull/4380 (bae64e8)

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-02-13 21:40:38 +01:00
Morris Jobke 01482b32a1
Merge pull request #8062 from nextcloud/use-class 
Use ::class statement instead of string
 2018-01-29 15:25:08 +01:00
Roeland Jago Douma c0adfa4375
Don't perform CSRF check on OCS routes with Bearer auth 
Fixes #5694

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-01-29 14:37:18 +01:00
Morris Jobke eb51f06a3b
Use ::class statement instead of string 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-01-29 12:03:47 +01:00
Morris Jobke 870fe20acc
Use $var[] = $a instead of array_push - 2x faster 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-01-25 22:36:03 +01:00
Morris Jobke 2a38605545
Properly log the full exception instead of only the message 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-01-23 10:57:21 +01:00
Morris Jobke 4ef302c0be
Request->getHeader() should always return a string 
PHPDoc (of the public API) says that this method returns string but it also returns null, which is not allowed in some method calls. This fixes that behaviour and returns an empty string and fixes all code paths that explicitly checked for null to be still compliant.

Found while enabling the strict_typing for lib/private for the PHP7+ migration.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-01-17 09:51:31 +01:00
Joas Schilling 7bc9a69c3f
Remove deprecated core API 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2018-01-15 17:54:50 +01:00
Roeland Jago Douma d44de92c31
Merge pull request #7838 from nextcloud/timefactory_strict 
Make the ITimeFactory strict + return types
 2018-01-15 09:27:37 +01:00
Roeland Jago Douma 7ffd62bf95
Make the ITimeFactory strict + return types 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-01-14 21:55:40 +01:00
Roeland Jago Douma 704133d732
Remove deprecated functions from DI Container 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-01-13 19:29:52 +01:00
Roeland Jago Douma 57050146f6
Move passwordconfirmation to its own midleware 
Add tests

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-01-02 21:58:14 +01:00
Bjoern Schiessle 1bcbeb24bc
disable password confirmation with SSO 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2018-01-02 20:30:37 +01:00
Roeland Jago Douma ca70694502
Also check for empty content lenth 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-12-14 21:48:59 +01:00
Morris Jobke 31c5c2a592
Change @georgehrke's email 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-11-06 20:38:59 +01:00
Morris Jobke 0eebff152a
Update license headers 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-11-06 16:56:19 +01:00
Roeland Jago Douma b88db3a389 Merge pull request #6921 from nextcloud/appmanager-securitymiddleware 
Use proper DI for security middleware for app enabled check
 2017-10-24 19:58:24 +02:00
Morris Jobke ce0c45a4ea
Use proper DI for security middleware for app enabled check 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-10-24 15:36:28 +02:00
Julius Härtl 4cfa1c66b8
Doc: Fix phpDoc issues 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2017-10-23 23:23:56 +02:00
Roeland Jago Douma c257cd57d4
Handle SameSiteCookie check for index.php in AppFramework Middleware 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-09-24 21:07:16 +02:00
Joas Schilling c4b3198ac2
Rethrow the correct exception when there was an error in an app container 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-09-12 11:54:13 +02:00
Bjoern Schiessle 9524badccc
extend the identity proof manager to allow system wide key pairs 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2017-08-10 14:27:35 +02:00
Roeland Jago Douma 9717cdfb9e
If there is no content don't error 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-08-09 15:51:13 +02:00
Lukas Reschke f93a82b8b0
Remove explicit type hints for Controller 
This is public API and breaks the middlewares of existing apps. Since this also requires maintaining two different code paths for 12 and 13 I'm at the moment voting for reverting this change.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-08-01 17:32:03 +02:00
Morris Jobke 84c22fdeef Merge pull request #5907 from nextcloud/add-metadata-to-throttle-call 
Add metadata to \OCP\AppFramework\Http\Response::throttle
 2017-08-01 14:43:47 +02:00
Morris Jobke 6010c4f267 Merge pull request #5877 from nextcloud/typehint_middleware 
Prop argument type for Middleware
 2017-08-01 14:28:16 +02:00
Roeland Jago Douma ede15f0988
Fix L10N::t 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-08-01 08:20:17 +02:00
Roeland Jago Douma 3548603a88
Fix middleware implementations signatures 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-07-31 16:54:19 +02:00
Lukas Reschke f22ab3e665
Add metadata to \OCP\AppFramework\Http\Response::throttle 
Fixes https://github.com/nextcloud/server/issues/5891

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-07-27 14:17:45 +02:00
Roeland Jago Douma 5f227bd93b
More phpstorm inspection fixes 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-07-24 11:39:29 +02:00
Bjoern Schiessle 7c2d473d76
add new config switched for the global scale architecture 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2017-05-29 18:19:28 +02:00
Joas Schilling 72c1b24844
Check whether the $_SERVER['REQUEST_*'] vars exist before using them 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-05-15 14:33:27 +02:00
coderkun bdc7bb1f26 Add IPv6 to “localhost” regex (#440) 
Signed-off-by: Oliver Hanraths <olli@coderkun.de>
 2017-05-14 21:29:03 +02:00