averello/nextcloud-server-mirror
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-03-04 18:28:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
85,947 Commits 712 Branches 1,186 Tags
jtr/refactor-setup-pgsql
Commit Graph

167 Commits

Author SHA1 Message Date
provokateurin
9dc1d6372f fix(IContainer): Fix parameter and return types 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2026-02-16 10:45:13 +01:00
Carl Schwan
7b6078875b refactor: Run rector on lib/private 
Signed-off-by: Carl Schwan <carl.schwan@nextcloud.com>
 2026-02-06 13:50:18 +01:00
Carl Schwan
f81475445d refactor: Move hasAnnotationOrAttribute to MiddlewareUtils 
Signed-off-by: Carl Schwan <carlschwan@kde.org>
 2026-01-28 21:48:16 +01:00
provokateurin
3dbf848ee9 feat(DI): Abort querying if infinite loop is detected 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2025-11-05 12:21:19 +01:00
Joas Schilling
57f09b642e fix(container): Reduce general deprecation spam on all requests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-08-09 11:53:30 +02:00
Joas Schilling
2f18996347 fix(container): Don't use deprecated things to set up controllers for apps 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-08-08 08:42:56 +02:00
Joas Schilling
17c40b9474 fix(container): Log the deprecation to the app when possible 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-08-08 08:42:55 +02:00
Côme Chilliet
2346a528ba fix: Tidy up middleware registration code and scope them to application container 
This make sure that all middlewares get a logger scoped to the
 application id, among other things.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-07-08 13:32:16 +02:00
Côme Chilliet
3dd4ba854f fix: Add back ContainerInterface service to DIContainer 
Otherwise it gets resolved to \OC::$server.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-07-08 13:32:15 +02:00
Côme Chilliet
2240acec7f fix: Put back ScopedPsrLogger service 
Cannot use an alias for this one, as it depends upon LoggerInterface so
 that creates an infinite loop.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-07-08 13:32:15 +02:00
Côme Chilliet
ab310ce938 fix: Fix issues and tests in DIContainer and friends 
Some tests related to MiddlewareDispatcher are still failing.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-07-08 13:32:14 +02:00
Côme Chilliet
9913bdda90 chore: Cleanup DIContainer class 
Also removed deprecated tag from the class as this class will not be
 removed, only the interface IAppContainer and associated methods should
 be removed.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-07-08 13:32:12 +02:00
Ferdinand Thiessen
5981b7eb51 chore: apply new CSFixer rules 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>

# Conflicts:
#	apps/settings/lib/SetupChecks/PhpOpcacheSetup.php
 2025-07-01 16:26:50 +02:00
Louis Chemineau
47bd75a052 fix(login): Also check legacy annotation for ephemeral sessions 
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2025-02-27 13:12:55 +01:00
Louis Chemineau
c6293204a2 feat: Close sessions created for login flow v2 
Sessions created during the login flow v2 should be short lived to not leave an unexpected opened session in the browser.

This commit add a property to the session object to track its origin, and will close it as soon as possible, i.e., on the first non public page request.

Signed-off-by: Louis Chemineau <louis@chmn.me>
 2025-02-26 13:42:18 +01:00
Joas Schilling
c1655bcde7 fix(ratelimit): Allow to bypass rate-limit from bruteforce allowlist 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-01-27 12:46:15 +01:00
Louis Chemineau
a2f2f7ce93 feat: Use inline password confirmation in external storage settings 
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2024-11-28 11:01:54 +01:00
Ferdinand Thiessen
a8f46af20f chore: Add proper deprecation dates where missing 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-09-20 00:46:03 +02:00
Ferdinand Thiessen
fe05882628 chore!: Remove OC\AppFramework\Logger 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-09-19 00:32:25 +02:00
Ferdinand Thiessen
92f3f7e2d2 chore: Remove unused CsrfTokenManager from CSPMiddleware 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-31 00:34:41 +02:00
Robin Appelman
8b60df1600 perf: delay getting (sub)admin status for user in the security middleware untill we need it 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2024-08-23 15:26:40 +02:00
skjnldsv
db28aa8cd1 fix(files_sharing): show proper share not found error message 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2024-08-06 16:25:10 +02:00
Joas Schilling
047479ccf9 feat(security): Add public API to allow validating IP Ranges and checking for "in range" 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-07-19 16:28:03 +02:00
Benjamin Gaussorgues
202e5b1e95 feat(security): restrict admin actions to IP ranges 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-07-19 16:28:03 +02:00
provokateurin
e5dcdfb9e0 feat(Security): Warn about using annotations instead of attributes 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-07-18 11:25:32 +02:00
Arthur Schiwon
340939e688 fix(Session): avoid password confirmation on SSO 
SSO backends like SAML and OIDC tried a trick to suppress password
confirmations as they are not possible by design. At least for SAML it was
not reliable when existing user backends where used as user repositories.

Now we are setting a special scope with the token, and also make sure that
the scope is taken over when tokens are regenerated.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-06-05 19:01:13 +02:00
Andy Scherzinger
dae7c159f7 chore: Add SPDX header 
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
 2024-05-24 13:11:22 +02:00
Côme Chilliet
ec5133b739 fix: Apply new coding standard to all files 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-04-02 14:16:21 +02:00
Florian Klinger
f3a4abd98c fix: add check for app_api_system session flag to bypass rate limit 
Signed-off-by: Florian Klinger <florian.klinger@nextcloud.com>
Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
 2024-03-18 20:09:15 +02:00
John Molakvoæ
b5357f7d12 Merge branch 'master' into refactor/OC-Server-getThemingDefaults 
Signed-off-by: John Molakvoæ <skjnldsv@users.noreply.github.com>
 2024-02-23 15:47:17 +01:00
Maxence Lange
e1d7328bb2 adding test 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2024-01-31 21:13:32 -01:00
Maxence Lange
51fa22dc26 fix psalm 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2024-01-31 21:13:32 -01:00
Côme Chilliet
f68d4f7300 Remove deprecated methods Util::writeLog and DIContainer::log 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-09-25 10:37:12 +02:00
Andrew Summers
ce74bdcda2 Refactor OC\Server::getThemingDefaults 
Signed-off-by: Andrew Summers <18727110+summersab@users.noreply.github.com>
 2023-08-29 21:33:17 -05:00
Joas Schilling
25309bcb45 techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-08-28 15:50:45 +02:00
Joas Schilling
2b49861679 Add a debug message when throttling without defining 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-03-08 12:09:22 +01:00
Christoph Wurst
8d9af3e262 feat(app-framework): Add support for global middlewares 
This allows apps to register middlewares that always register, not just
for the app's own requests

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-26 11:54:28 +01:00
Christoph Wurst
907ff68bfc perf(app-framework): Make the app middleware registration lazy 
Before this patch, app middlewares were registered on the dispatcher for
every app loaded in a Nextcloud process. With the patch, only
middlewares belonging to the same app of a dispatcher instance are
loaded.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-25 09:27:24 +01:00
Christoph Wurst
20fcfb5739 feat(app framework)!: Inject services into controller methods 
Usually Nextcloud DI goes through constructor injection. This has the
implication that each instance of a class builds the full DI tree. That
is the injected services, their services, etc. Occasionally there is a
service that is only needed for one controller method. Then the DI tree
is build regardless if used or not.

If services are injected into the method, we only build the DI tree if
that method gets executed.

This is also how Laravel allows injection.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-18 14:00:38 +01:00
Julius Härtl
f0a0bfaaee Move to str_starts_with 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-12-07 22:32:06 +01:00
Julius Härtl
3899de12b7 Skip querying the app container for server namespace 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-12-07 22:32:05 +01:00
Julius Härtl
d7ecbe32d2 Avoid container dance for appName 
Sicne the appName is always passed for the DIContainer we can avoid
using the container query logic and instead store and use a property

Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-12-07 22:32:04 +01:00
Julien Veyssier
4a3f3beb0b use bruteforce protection on all methods wrapped by PublicShareMiddleware 
if an invalid token is provided or when share password is wrong

Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2022-12-07 13:24:50 +01:00
Christoph Wurst
41b2466d35 Clean up and deprecate app container aliases 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2022-11-02 19:42:09 +01:00
Julius Härtl
0f33453610 Diagnostics event logging to Nextcloud log 
Signed-off-by: Julius Härtl <jus@bitgrid.net>

Add config samples

Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-02-28 11:24:40 +01:00
Carl Schwan
6958d8005a Add admin privilege delegation for admin settings 
This makes it possible for selected groups to access some settings
pages.

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2021-09-29 21:43:31 +02:00
John Molakvoæ (skjnldsv)
215aef3cbd Update php licenses 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2021-06-04 22:02:41 +02:00
Joas Schilling
df47445c01 Fix unit tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-04-27 14:34:32 +02:00
Roeland Jago Douma
68ec18323d Fix types in the Group Manager 
Psalm found an issue. However the issue found was because of lying
docblocks. Fixed those and did some typing to make it all better.

For #25839

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2021-03-03 14:52:47 +01:00
Joas Schilling
3212c074b9 Log the number of queries built and executed 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-09-25 14:55:53 +02:00