averello/nextcloud-server-mirror
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-29 12:24:50 +02:00
Code Issues Packages Projects Releases Wiki Activity
88,512 Commits 1,008 Branches 1,229 Tags
executeUpdateRemove
Commit Graph

138 Commits

Author SHA1 Message Date
provokateurin 405d250aef test: Add missing calls to the parent setUp method 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2026-06-10 18:07:52 +02:00
Côme Chilliet 1ab09ec753 chore: Apply new coding standard to all files 
The diff can be checked using: git diff --ignore-all-space --ignore-blank-lines
To see only the changes not related to blank lines.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2026-06-01 13:46:39 +02:00
Anna Larch 18c5c0711e test: remove no-op checkbox assertions 
Replace assertTrue(true), addToAssertionCount(1) and delete-without-assert
patterns with meaningful assertions or proper test removal.

Signed-off-by: Anna Larch <anna@nextcloud.com>
AI-Assisted-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-27 12:12:44 +02:00
Anna Larch d30f3c491d test: replace checkbox assertions with DoesNotPerformAssertions (middleware) 
Signed-off-by: Anna Larch <anna@nextcloud.com>
AI-Assisted-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-26 23:18:55 +02:00
Ferdinand Thiessen e5b1799079 chore: add missing Override attribute to test files 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2026-04-28 21:29:28 +02:00
nextcloud-command 1ed0769d4c refactor: Apply rector changes 
Signed-off-by: GitHub <noreply@github.com>
 2026-03-22 14:45:16 +00:00
Benjamin Gaussorgues 1b504bf4ec Merge pull request #58863 from nextcloud/fix/annotation-attributes-fix 2026-03-18 08:46:31 +01:00
David Dreschner 2bb9524c84 fix: Remove deprecated RFC7231 constant to avoid warnings on PHP 8.5 
Signed-off-by: David Dreschner <david.dreschner@nextcloud.com>
 2026-03-13 10:43:38 +01:00
Côme Chilliet 91334643dc fix(tests): Adapt Middleware tests to API change 
Removed a few tests rendered obsolete by the refactoring.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2026-03-11 14:27:45 +01:00
Carl Schwan f81475445d refactor: Move hasAnnotationOrAttribute to MiddlewareUtils 
Signed-off-by: Carl Schwan <carlschwan@kde.org>
 2026-01-28 21:48:16 +01:00
Carl Schwan 6408ed0b51 feat(AppFramework): Add missing NoSameSiteCookieRequired attribute 
Allow to replace the old annotation.

Signed-off-by: Carl Schwan <carl.schwan@nextcloud.com>
 2026-01-28 21:48:16 +01:00
Joas Schilling 2b9083ab29 feat(rate-limit): Allow overwriting the rate limit 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-11-12 08:59:40 +01:00
Ferdinand Thiessen be6b39f280 refactor(tests): special name method is deprecated in PHPUnit 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2025-11-05 15:42:34 +01:00
Ferdinand Thiessen d6d6747a73 refactor: apply rector rules for PHPUnit 10 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2025-10-27 21:56:04 +01:00
provokateurin 504eae65bd refactor: Apply rector Nextcloud 27 set 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2025-09-28 11:45:52 +02:00
provokateurin d59338b377 refactor: Apply rector Nextcloud 26 set 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2025-09-28 11:45:52 +02:00
Robin Appelman aa15f9d16d chore: run rector 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2025-07-01 22:45:52 +02:00
Ferdinand Thiessen 5981b7eb51 chore: apply new CSFixer rules 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>

# Conflicts:
#	apps/settings/lib/SetupChecks/PhpOpcacheSetup.php
 2025-07-01 16:26:50 +02:00
Robin Appelman 3561937816 chore: run rector on tests with new rule 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2025-06-12 18:38:29 +02:00
Robin Appelman 29e39c0a2e chore: run rector on tests 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2025-06-12 18:31:58 +02:00
Daniel Kesselberg be587def0e fix: use correct format for expires, last-modified, and if-modified-since headers 
Before: Sat, 10 May 2025 18:17:41 +0000
After: Sat, 10 May 2025 18:17:41 GMT

RFC: https://httpwg.org/specs/rfc9110.html#http.date

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2025-06-10 13:15:31 +02:00
Joas Schilling 5f9117b939 test: Fix coding standards 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-05-15 08:48:13 +02:00
Joas Schilling 720ab52e07 test: Fix tests/lib/App* 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-05-15 08:21:24 +02:00
Joas Schilling 53b116b8a5 test: Remove more withConsecutive 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-05-15 08:18:26 +02:00
Joas Schilling c1655bcde7 fix(ratelimit): Allow to bypass rate-limit from bruteforce allowlist 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-01-27 12:46:15 +01:00
Louis Chemineau 512f3caf57 test:(PasswordConfirmationMiddleware): Fix constructor call 
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2024-11-28 11:05:10 +01:00
Christoph Wurst 49dd79eabb refactor: Add void return type to PHPUnit test methods 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2024-09-15 22:32:31 +02:00
Ferdinand Thiessen 92f3f7e2d2 chore: Remove unused CsrfTokenManager from CSPMiddleware 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-31 00:34:41 +02:00
Daniel Kesselberg af6de04e9e style: update codestyle for coding-standard 1.2.3 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2024-08-25 19:34:58 +02:00
Robin Appelman 8b60df1600 perf: delay getting (sub)admin status for user in the security middleware untill we need it 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2024-08-23 15:26:40 +02:00
Ferdinand Thiessen 2916e5df7e feat: Provide CSP nonce as <meta> element 
This way we use the CSP nonce for dynamically loaded scripts.
Important to notice: The CSP nonce must NOT be injected in `content` as
this can lead to value exfiltration using e.g. side-channel attacts (CSS selectors).

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-13 10:32:44 +02:00
Ferdinand Thiessen 009761be58 test: Adjust tests for CSP nonce 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-13 10:06:32 +02:00
skjnldsv db28aa8cd1 fix(files_sharing): show proper share not found error message 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2024-08-06 16:25:10 +02:00
Joas Schilling 047479ccf9 feat(security): Add public API to allow validating IP Ranges and checking for "in range" 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-07-19 16:28:03 +02:00
Benjamin Gaussorgues 202e5b1e95 feat(security): restrict admin actions to IP ranges 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-07-19 16:28:03 +02:00
provokateurin e5dcdfb9e0 feat(Security): Warn about using annotations instead of attributes 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-07-18 11:25:32 +02:00
provokateurin 5aefdc399e feat(AppFramework): Add ExAppRequired attribute 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-07-01 14:41:20 +02:00
Arthur Schiwon f6d6efef3a refactor(Token): introduce scope constants 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-06-05 19:01:14 +02:00
Arthur Schiwon 340939e688 fix(Session): avoid password confirmation on SSO 
SSO backends like SAML and OIDC tried a trick to suppress password
confirmations as they are not possible by design. At least for SAML it was
not reliable when existing user backends where used as user repositories.

Now we are setting a special scope with the token, and also make sure that
the scope is taken over when tokens are regenerated.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-06-05 19:01:13 +02:00
Andy Scherzinger 1f7e2ba599 chore: Add SPDX header 
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
 2024-05-13 17:41:36 +02:00
Florian Klinger f3a4abd98c fix: add check for app_api_system session flag to bypass rate limit 
Signed-off-by: Florian Klinger <florian.klinger@nextcloud.com>
Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
 2024-03-18 20:09:15 +02:00
Joas Schilling aa5f037af7 chore: apply changes from Nextcloud coding standards 1.1.1 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2023-11-23 10:36:13 +01:00
Joas Schilling 25309bcb45 techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-08-28 15:50:45 +02:00
Joas Schilling 1b387bb341 fix!: Remove legacy event dispatching Symfony's GenericEvent from AdditionalScripts 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-07-27 09:57:52 +02:00
Joas Schilling 3a6bc7aba2 fix(middleware): Also abort the request when reaching max delay in afterController 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-05-15 16:20:19 +02:00
Joas Schilling ecb8b55c5c feat(security): Add PHP \Attribute for remaining security annotations 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-04-25 14:50:32 +02:00
Joas Schilling 89c3c31402 feat(ratelimit): Add Attributes support to rate limit middleware 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-04-24 12:24:48 +02:00
Christoph Wurst 2c0cfd3772 feat(app-framework): Add native argument types for middleware 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-04-18 17:15:05 +02:00
Joas Schilling 2b49861679 Add a debug message when throttling without defining 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-03-08 12:09:22 +01:00
Joas Schilling e839eb9b5c feat(middleware): Migrate BruteForceProtection annotation to PHP Attribute and allow multiple 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-03-08 12:09:22 +01:00