averello/nextcloud-server-mirror
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-29 12:24:50 +02:00
Code Issues Packages Projects Releases Wiki Activity
88,512 Commits 1,008 Branches 1,229 Tags
executeUpdateRemove
Commit Graph

58 Commits

Author SHA1 Message Date
Louis 8f93d51354 Merge pull request #60029 from icarta-l/fix/missing-early-fail-for-basic-auth-without-credentials 
Fix: missing early fail for basic auth without credentials
 2026-06-11 10:22:07 +02:00
Côme Chilliet 1ab09ec753 chore: Apply new coding standard to all files 
The diff can be checked using: git diff --ignore-all-space --ignore-blank-lines
To see only the changes not related to blank lines.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2026-06-01 13:46:39 +02:00
Idan 4b2c371ee7 Fix: missing early fail for basic auth without credentials 
Make "validateUserPass" method of OCA\DAV\Connector\Sabre\Auth
class return false after checking if user is logged in if
empty username or password have been passed to it

Fixes #59849

Signed-off-by: Idan <cartaidan@gmail.com>
 2026-05-21 13:51:04 +07:00
Ferdinand Thiessen d8e8703796 chore: add missing Override attribute to app code 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2026-04-28 21:29:28 +02:00
skjnldsv 9c98b722f4 fix(dav): allow multiple link shares token in session 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2025-10-23 13:10:39 +02:00
John Molakvoæ 2b50d9b2c5 Revert "perf(base): Stop setting up the FS for every basic auth request" 2025-07-11 17:07:44 +02:00
provokateurin 689a853dc6 fix(dav): Initialize the FS for the user right after authenticating 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2025-07-08 11:38:58 +02:00
Ferdinand Thiessen 5981b7eb51 chore: apply new CSFixer rules 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>

# Conflicts:
#	apps/settings/lib/SetupChecks/PhpOpcacheSetup.php
 2025-07-01 16:26:50 +02:00
Ferdinand Thiessen fa63e646d4 fix(dav): do not require CSRF for safe and indempotent HTTP methods 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2025-03-13 12:04:30 +01:00
Côme Chilliet ed5b7ae161 chore: re-apply current rector configuration to apps folder 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-02-13 11:45:33 +01:00
Git'Fellow 36d6b0f1e6 refactor: Use Http framework where possible 
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
 2024-12-14 11:23:29 +01:00
provokateurin 381077028a refactor(apps): Use constructor property promotion when possible 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-10-21 12:37:59 +02:00
Côme Chilliet 1580c8612b chore(apps): Apply new rector configuration to autouse classes 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-10-15 10:40:25 +02:00
Julius Härtl 4d6b4b71c7 fix: Authorization header can be an empty string 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2024-06-28 14:42:36 +02:00
Ferdinand Thiessen 67a0e01382 fix(dav): Try basic auth for ajax WebDAV requests 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-06-18 10:47:11 +02:00
Andy Scherzinger 9d4b944098 chore: Add SPDX header 
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
 2024-05-27 20:11:22 +02:00
MichaIng 91127edcc8 fix(dav): fallback realm for HTTP authentication 
By default, the name of the Nextcloud instance is an empty string, until changed by the admin. This leads to an empty realm sent with the WWW-Authenticate header, while the realm is mandatory for Basic HTTP authentication. Some clients have issues with an empty realm, e.g. Thunderbird cannot store passwords in this case.

This commit applies "Nextcloud" as fallback for the realm, in case the name of the Nextcloud instance is not set.

Solves: https://help.nextcloud.com/t/thunderbird-dont-save-caldav-password-because-of-missing-httprealm-or-formsubmiturl/93233

Signed-off-by: MichaIng <micha@dietpi.com>
 2024-02-14 16:49:39 +01:00
Joas Schilling aa5f037af7 chore: apply changes from Nextcloud coding standards 1.1.1 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2023-11-23 10:36:13 +01:00
Joas Schilling 25309bcb45 techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-08-28 15:50:45 +02:00
Joas Schilling dac31ad101 fix!: Remove legacy event dispatching Symfony's GenericEvent from 2FA Manager 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-07-27 09:57:52 +02:00
Joas Schilling b91957e3df fix(dav): Abort requests with 429 instead of waiting 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-05-03 22:43:36 +02:00
Julius Härtl 7b413a41eb perf(dav): Do not call general setupFS on ever dav auth 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2023-02-09 10:19:37 +01:00
Carl Schwan f7be76125f Fix more psalm issues 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-05-16 11:05:54 +02:00
Carl Schwan 829490ab7a Cleanup dav 
- Remove unused class AppEnabledPlugin
- Add more type hinting when possible

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-05-05 22:03:59 +02:00
Côme Chilliet e2531f8503 Migrate dav application from ILogger to LoggerInterface 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-05-02 10:52:43 +02:00
Robin Appelman c80ba69b7a dont setup full fs after dav auth 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2022-03-24 17:00:57 +01:00
Côme Chilliet 5cd5245ca8 Fix dav application tests and code for PHP 8.1 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2021-11-23 09:29:01 +01:00
John Molakvoæ (skjnldsv) 215aef3cbd Update php licenses 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2021-06-04 22:02:41 +02:00
Christoph Wurst d89a75be0b Update all license headers for Nextcloud 21 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-12-16 18:48:22 +01:00
Christoph Wurst 28f8eb5dba Add visibility to all constants 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-10 16:54:27 +02:00
Christoph Wurst 1584c9ae9c Add visibility to all methods and position of static keyword 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-10 16:51:06 +02:00
Christoph Wurst caff1023ea Format control structures, classes, methods and function 
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.

This also removes and empty lines from method/function bodies at the
beginning and end.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-10 14:19:56 +02:00
Christoph Wurst 5bf3d1bb38 Update license headers 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2019-12-05 15:38:45 +01:00
Roeland Jago Douma 68748d4f85 Some php-cs fixes 
* Order the imports
* No leading slash on imports
* Empty line before namespace
* One line per import
* Empty after imports
* Emmpty line at bottom of file

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-11-22 20:52:10 +01:00
Bjoern Schiessle 0efd29f41f first check if the user is already logged in and then try to authenticate via apache, this way we suppress wrong audit log messages about failed login attempts 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2018-10-30 22:14:52 +01:00
Morris Jobke e2974f1133 Simplify return statement 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-02-13 21:55:24 +01:00
Morris Jobke 0eebff152a Update license headers 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-11-06 16:56:19 +01:00
Lukas Reschke df3909a7c3 Use Bearer backend for SabreDAV 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-05-18 20:49:10 +02:00
Lukas Reschke 5f71805c35 Add basic implementation for OAuth 2.0 Authorization Code Flow 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-05-18 20:49:03 +02:00
Morris Jobke 1729e4471f Update comments to Nextcloud 
* based on PR by @Ardinis
* see #4311

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-04-11 23:16:27 -05:00
Joas Schilling 33fb86f68b Fix detection of the new iOS app 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-02-10 10:10:21 +01:00
Robin Appelman b56f2c9ed0 basic lockdown logic 
Signed-off-by: Robin Appelman <icewind@owncloud.com>
 2016-11-16 15:24:23 +01:00
Christoph Wurst 6af2efb679 prevent infinite redirect loops if the there is no 2fa provider to pass 
This fixes infinite loops that are caused whenever a user is about to solve a 2FA
challenge, but the provider app is disabled at the same time. Since the session
value usually indicates that the challenge needs to be solved before we grant access
we have to remove that value instead in this special case.
 2016-08-24 10:49:23 +02:00
Joas Schilling 813f0a0f40 Fix apps/ 2016-07-21 18:13:57 +02:00
Lukas Reschke ba4f12baa0 Implement brute force protection 
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.

It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
 2016-07-20 22:08:56 +02:00
Joas Schilling 2c988ecbf4 Use the themed Defaults everywhere 2016-07-15 09:17:30 +02:00
Christoph Wurst 5a8cfab68f throw PasswordLoginForbidden on DAV 2016-06-17 11:30:24 +02:00
Christoph Wurst 82b50d126c add PasswordLoginForbiddenException 2016-06-17 11:02:07 +02:00
Christoph Wurst 331d88bcab create session token on all APIs 2016-06-13 15:38:34 +02:00
Vincent Petry 67c3a97401 Merge pull request #25046 from owncloud/fix-the-realm 
Use the correct realm for basic authentication
 2016-06-10 10:41:46 +02:00