averello/nextcloud-server-mirror
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-29 12:24:50 +02:00
Code Issues Packages Projects Releases Wiki Activity
88,512 Commits 1,008 Branches 1,229 Tags
executeUpdateRemove
Commit Graph

100 Commits

Author SHA1 Message Date
provokateurin 405d250aef test: Add missing calls to the parent setUp method 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2026-06-10 18:07:52 +02:00
Côme Chilliet 1ab09ec753 chore: Apply new coding standard to all files 
The diff can be checked using: git diff --ignore-all-space --ignore-blank-lines
To see only the changes not related to blank lines.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2026-06-01 13:46:39 +02:00
Anna Larch d30f3c491d test: replace checkbox assertions with DoesNotPerformAssertions (middleware) 
Signed-off-by: Anna Larch <anna@nextcloud.com>
AI-Assisted-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-05-26 23:18:55 +02:00
Ferdinand Thiessen e5b1799079 chore: add missing Override attribute to test files 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2026-04-28 21:29:28 +02:00
nextcloud-command 1ed0769d4c refactor: Apply rector changes 
Signed-off-by: GitHub <noreply@github.com>
 2026-03-22 14:45:16 +00:00
Côme Chilliet 91334643dc fix(tests): Adapt Middleware tests to API change 
Removed a few tests rendered obsolete by the refactoring.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2026-03-11 14:27:45 +01:00
Carl Schwan f81475445d refactor: Move hasAnnotationOrAttribute to MiddlewareUtils 
Signed-off-by: Carl Schwan <carlschwan@kde.org>
 2026-01-28 21:48:16 +01:00
Carl Schwan 6408ed0b51 feat(AppFramework): Add missing NoSameSiteCookieRequired attribute 
Allow to replace the old annotation.

Signed-off-by: Carl Schwan <carl.schwan@nextcloud.com>
 2026-01-28 21:48:16 +01:00
Joas Schilling 2b9083ab29 feat(rate-limit): Allow overwriting the rate limit 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-11-12 08:59:40 +01:00
Ferdinand Thiessen d6d6747a73 refactor: apply rector rules for PHPUnit 10 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2025-10-27 21:56:04 +01:00
provokateurin 504eae65bd refactor: Apply rector Nextcloud 27 set 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2025-09-28 11:45:52 +02:00
Robin Appelman aa15f9d16d chore: run rector 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2025-07-01 22:45:52 +02:00
Ferdinand Thiessen 5981b7eb51 chore: apply new CSFixer rules 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>

# Conflicts:
#	apps/settings/lib/SetupChecks/PhpOpcacheSetup.php
 2025-07-01 16:26:50 +02:00
Robin Appelman 3561937816 chore: run rector on tests with new rule 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2025-06-12 18:38:29 +02:00
Robin Appelman 29e39c0a2e chore: run rector on tests 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2025-06-12 18:31:58 +02:00
Joas Schilling 5f9117b939 test: Fix coding standards 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-05-15 08:48:13 +02:00
Joas Schilling 720ab52e07 test: Fix tests/lib/App* 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-05-15 08:21:24 +02:00
Joas Schilling 53b116b8a5 test: Remove more withConsecutive 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-05-15 08:18:26 +02:00
Joas Schilling c1655bcde7 fix(ratelimit): Allow to bypass rate-limit from bruteforce allowlist 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-01-27 12:46:15 +01:00
Louis Chemineau 512f3caf57 test:(PasswordConfirmationMiddleware): Fix constructor call 
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2024-11-28 11:05:10 +01:00
Christoph Wurst 49dd79eabb refactor: Add void return type to PHPUnit test methods 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2024-09-15 22:32:31 +02:00
Ferdinand Thiessen 92f3f7e2d2 chore: Remove unused CsrfTokenManager from CSPMiddleware 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-31 00:34:41 +02:00
Robin Appelman 8b60df1600 perf: delay getting (sub)admin status for user in the security middleware untill we need it 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2024-08-23 15:26:40 +02:00
Ferdinand Thiessen 2916e5df7e feat: Provide CSP nonce as <meta> element 
This way we use the CSP nonce for dynamically loaded scripts.
Important to notice: The CSP nonce must NOT be injected in `content` as
this can lead to value exfiltration using e.g. side-channel attacts (CSS selectors).

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-13 10:32:44 +02:00
Ferdinand Thiessen 009761be58 test: Adjust tests for CSP nonce 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-13 10:06:32 +02:00
Joas Schilling 047479ccf9 feat(security): Add public API to allow validating IP Ranges and checking for "in range" 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-07-19 16:28:03 +02:00
Benjamin Gaussorgues 202e5b1e95 feat(security): restrict admin actions to IP ranges 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-07-19 16:28:03 +02:00
provokateurin e5dcdfb9e0 feat(Security): Warn about using annotations instead of attributes 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-07-18 11:25:32 +02:00
provokateurin 5aefdc399e feat(AppFramework): Add ExAppRequired attribute 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-07-01 14:41:20 +02:00
Arthur Schiwon f6d6efef3a refactor(Token): introduce scope constants 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-06-05 19:01:14 +02:00
Arthur Schiwon 340939e688 fix(Session): avoid password confirmation on SSO 
SSO backends like SAML and OIDC tried a trick to suppress password
confirmations as they are not possible by design. At least for SAML it was
not reliable when existing user backends where used as user repositories.

Now we are setting a special scope with the token, and also make sure that
the scope is taken over when tokens are regenerated.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-06-05 19:01:13 +02:00
Andy Scherzinger 1f7e2ba599 chore: Add SPDX header 
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
 2024-05-13 17:41:36 +02:00
Florian Klinger f3a4abd98c fix: add check for app_api_system session flag to bypass rate limit 
Signed-off-by: Florian Klinger <florian.klinger@nextcloud.com>
Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
 2024-03-18 20:09:15 +02:00
Joas Schilling 25309bcb45 techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-08-28 15:50:45 +02:00
Joas Schilling 3a6bc7aba2 fix(middleware): Also abort the request when reaching max delay in afterController 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-05-15 16:20:19 +02:00
Joas Schilling ecb8b55c5c feat(security): Add PHP \Attribute for remaining security annotations 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-04-25 14:50:32 +02:00
Joas Schilling 89c3c31402 feat(ratelimit): Add Attributes support to rate limit middleware 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-04-24 12:24:48 +02:00
Joas Schilling 2b49861679 Add a debug message when throttling without defining 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-03-08 12:09:22 +01:00
Joas Schilling e839eb9b5c feat(middleware): Migrate BruteForceProtection annotation to PHP Attribute and allow multiple 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-03-08 12:09:22 +01:00
Ferdinand Thiessen f655f83c84 fix(CORS): CORS should only be bypassed on PublicPage if not logged in to prevent CSRF attack vectors 
Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>
 2023-02-16 22:55:18 +01:00
Côme Chilliet f5c361cf44 composer run cs:fix 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-20 11:45:08 +01:00
Joas Schilling 279e06a80f Merge pull request #32587 from nextcloud/bugfix/noid/improve-jsconfighelper 
Improve JSConfigHelper code quality a bit
 2022-05-31 10:29:30 +02:00
Joas Schilling f9efc410fa Restore old behaviour of sending flase for not found apps 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-05-30 12:41:35 +02:00
Carl Schwan b70c6a128f Update core to PHP 7.4 standard 
- Typed properties
- Port to LoggerInterface

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-05-20 22:18:06 +02:00
Joas Schilling d078d53683 Fix tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-02-23 11:01:58 +01:00
Carl Schwan 6312c0df69 Check style update 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-01-13 00:19:07 +01:00
Carl Schwan 6958d8005a Add admin privilege delegation for admin settings 
This makes it possible for selected groups to access some settings
pages.

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2021-09-29 21:43:31 +02:00
Joas Schilling 181aab416a Fix warnings about logException 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-06-04 10:57:09 +02:00
Christoph Wurst 99f0b10421 Merge pull request #26591 from nextcloud/techdebt/noid/less-ilogger 
Less ILogger
 2021-04-27 15:38:12 +02:00
Joas Schilling df47445c01 Fix unit tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-04-27 14:34:32 +02:00