averello/nextcloud-server-mirror
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-29 12:24:50 +02:00
Code Issues Packages Projects Releases Wiki Activity
88,512 Commits 1,008 Branches 1,229 Tags
executeUpdateRemove
Commit Graph

172 Commits

Author SHA1 Message Date
Côme Chilliet 802bce0a77 fix: Use token expiration for ephemeral sessions 
This simplifies the code a lot.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2026-06-15 15:28:38 +02:00
Sebastian Hasler 8325e6981b revert: "Do not do redirect handling when loggin out" 
This reverts commit 60e5a5eca4.
That commit was only required due to "executionContext" which has
since been removed. See: https://github.com/nextcloud/server/pull/16310

Signed-off-by: Sebastian Hasler <sebastian.hasler@stuvus.uni-stuttgart.de>
 2026-06-09 17:49:00 +02:00
Côme Chilliet bdfe8ed77e fix: Add proper methods in IAppManager for namespace handling 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2026-05-11 14:53:29 +02:00
Ferdinand Thiessen e0ba4d71b6 chore: add missing Override attribute to OC 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2026-04-28 21:29:27 +02:00
nextcloud-command 663018455e refactor: Apply rector changes 
Signed-off-by: GitHub <noreply@github.com>
 2026-03-01 14:43:11 +00:00
provokateurin 9dc1d6372f fix(IContainer): Fix parameter and return types 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2026-02-16 10:45:13 +01:00
Carl Schwan 7b6078875b refactor: Run rector on lib/private 
Signed-off-by: Carl Schwan <carl.schwan@nextcloud.com>
 2026-02-06 13:50:18 +01:00
Carl Schwan f81475445d refactor: Move hasAnnotationOrAttribute to MiddlewareUtils 
Signed-off-by: Carl Schwan <carlschwan@kde.org>
 2026-01-28 21:48:16 +01:00
provokateurin 3dbf848ee9 feat(DI): Abort querying if infinite loop is detected 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2025-11-05 12:21:19 +01:00
Joas Schilling 57f09b642e fix(container): Reduce general deprecation spam on all requests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-08-09 11:53:30 +02:00
Joas Schilling 2f18996347 fix(container): Don't use deprecated things to set up controllers for apps 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-08-08 08:42:56 +02:00
Joas Schilling 17c40b9474 fix(container): Log the deprecation to the app when possible 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-08-08 08:42:55 +02:00
Côme Chilliet 2346a528ba fix: Tidy up middleware registration code and scope them to application container 
This make sure that all middlewares get a logger scoped to the
 application id, among other things.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-07-08 13:32:16 +02:00
Côme Chilliet 3dd4ba854f fix: Add back ContainerInterface service to DIContainer 
Otherwise it gets resolved to \OC::$server.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-07-08 13:32:15 +02:00
Côme Chilliet 2240acec7f fix: Put back ScopedPsrLogger service 
Cannot use an alias for this one, as it depends upon LoggerInterface so
 that creates an infinite loop.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-07-08 13:32:15 +02:00
Côme Chilliet ab310ce938 fix: Fix issues and tests in DIContainer and friends 
Some tests related to MiddlewareDispatcher are still failing.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-07-08 13:32:14 +02:00
Côme Chilliet 9913bdda90 chore: Cleanup DIContainer class 
Also removed deprecated tag from the class as this class will not be
 removed, only the interface IAppContainer and associated methods should
 be removed.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-07-08 13:32:12 +02:00
Ferdinand Thiessen 5981b7eb51 chore: apply new CSFixer rules 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>

# Conflicts:
#	apps/settings/lib/SetupChecks/PhpOpcacheSetup.php
 2025-07-01 16:26:50 +02:00
Louis Chemineau 47bd75a052 fix(login): Also check legacy annotation for ephemeral sessions 
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2025-02-27 13:12:55 +01:00
Louis Chemineau c6293204a2 feat: Close sessions created for login flow v2 
Sessions created during the login flow v2 should be short lived to not leave an unexpected opened session in the browser.

This commit add a property to the session object to track its origin, and will close it as soon as possible, i.e., on the first non public page request.

Signed-off-by: Louis Chemineau <louis@chmn.me>
 2025-02-26 13:42:18 +01:00
Joas Schilling c1655bcde7 fix(ratelimit): Allow to bypass rate-limit from bruteforce allowlist 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-01-27 12:46:15 +01:00
Louis Chemineau a2f2f7ce93 feat: Use inline password confirmation in external storage settings 
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2024-11-28 11:01:54 +01:00
Ferdinand Thiessen a8f46af20f chore: Add proper deprecation dates where missing 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-09-20 00:46:03 +02:00
Ferdinand Thiessen fe05882628 chore!: Remove OC\AppFramework\Logger 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-09-19 00:32:25 +02:00
Ferdinand Thiessen 92f3f7e2d2 chore: Remove unused CsrfTokenManager from CSPMiddleware 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-31 00:34:41 +02:00
Robin Appelman 8b60df1600 perf: delay getting (sub)admin status for user in the security middleware untill we need it 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2024-08-23 15:26:40 +02:00
skjnldsv db28aa8cd1 fix(files_sharing): show proper share not found error message 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2024-08-06 16:25:10 +02:00
Joas Schilling 047479ccf9 feat(security): Add public API to allow validating IP Ranges and checking for "in range" 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-07-19 16:28:03 +02:00
Benjamin Gaussorgues 202e5b1e95 feat(security): restrict admin actions to IP ranges 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-07-19 16:28:03 +02:00
provokateurin e5dcdfb9e0 feat(Security): Warn about using annotations instead of attributes 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-07-18 11:25:32 +02:00
Arthur Schiwon 340939e688 fix(Session): avoid password confirmation on SSO 
SSO backends like SAML and OIDC tried a trick to suppress password
confirmations as they are not possible by design. At least for SAML it was
not reliable when existing user backends where used as user repositories.

Now we are setting a special scope with the token, and also make sure that
the scope is taken over when tokens are regenerated.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-06-05 19:01:13 +02:00
Andy Scherzinger dae7c159f7 chore: Add SPDX header 
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
 2024-05-24 13:11:22 +02:00
Côme Chilliet ec5133b739 fix: Apply new coding standard to all files 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-04-02 14:16:21 +02:00
Florian Klinger f3a4abd98c fix: add check for app_api_system session flag to bypass rate limit 
Signed-off-by: Florian Klinger <florian.klinger@nextcloud.com>
Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
 2024-03-18 20:09:15 +02:00
John Molakvoæ b5357f7d12 Merge branch 'master' into refactor/OC-Server-getThemingDefaults 
Signed-off-by: John Molakvoæ <skjnldsv@users.noreply.github.com>
 2024-02-23 15:47:17 +01:00
Maxence Lange e1d7328bb2 adding test 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2024-01-31 21:13:32 -01:00
Maxence Lange 51fa22dc26 fix psalm 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2024-01-31 21:13:32 -01:00
Côme Chilliet f68d4f7300 Remove deprecated methods Util::writeLog and DIContainer::log 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-09-25 10:37:12 +02:00
Andrew Summers ce74bdcda2 Refactor OC\Server::getThemingDefaults 
Signed-off-by: Andrew Summers <18727110+summersab@users.noreply.github.com>
 2023-08-29 21:33:17 -05:00
Joas Schilling 25309bcb45 techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-08-28 15:50:45 +02:00
Joas Schilling 2b49861679 Add a debug message when throttling without defining 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-03-08 12:09:22 +01:00
Christoph Wurst 8d9af3e262 feat(app-framework): Add support for global middlewares 
This allows apps to register middlewares that always register, not just
for the app's own requests

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-26 11:54:28 +01:00
Christoph Wurst 907ff68bfc perf(app-framework): Make the app middleware registration lazy 
Before this patch, app middlewares were registered on the dispatcher for
every app loaded in a Nextcloud process. With the patch, only
middlewares belonging to the same app of a dispatcher instance are
loaded.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-25 09:27:24 +01:00
Christoph Wurst 20fcfb5739 feat(app framework)!: Inject services into controller methods 
Usually Nextcloud DI goes through constructor injection. This has the
implication that each instance of a class builds the full DI tree. That
is the injected services, their services, etc. Occasionally there is a
service that is only needed for one controller method. Then the DI tree
is build regardless if used or not.

If services are injected into the method, we only build the DI tree if
that method gets executed.

This is also how Laravel allows injection.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-18 14:00:38 +01:00
Julius Härtl f0a0bfaaee Move to str_starts_with 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-12-07 22:32:06 +01:00
Julius Härtl 3899de12b7 Skip querying the app container for server namespace 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-12-07 22:32:05 +01:00
Julius Härtl d7ecbe32d2 Avoid container dance for appName 
Sicne the appName is always passed for the DIContainer we can avoid
using the container query logic and instead store and use a property

Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-12-07 22:32:04 +01:00
Julien Veyssier 4a3f3beb0b use bruteforce protection on all methods wrapped by PublicShareMiddleware 
if an invalid token is provided or when share password is wrong

Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2022-12-07 13:24:50 +01:00
Christoph Wurst 41b2466d35 Clean up and deprecate app container aliases 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2022-11-02 19:42:09 +01:00
Julius Härtl 0f33453610 Diagnostics event logging to Nextcloud log 
Signed-off-by: Julius Härtl <jus@bitgrid.net>

Add config samples

Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-02-28 11:24:40 +01:00