averello/nextcloud-server-mirror
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-03-04 18:28:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,443 Commits 712 Branches 1,186 Tags
stable29
Commit Graph

101 Commits

Author SHA1 Message Date
Louis Chemineau
25ec8053eb test:(PasswordConfirmationMiddleware): Fix constructor call 
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2025-02-11 11:56:30 +01:00
Arthur Schiwon
fc584b7874 fix(Token): make new scope future compatible 
- "password-unconfirmable" is the effective name for 30, but a draft
  name was backported.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-06-12 11:05:43 +02:00
Arthur Schiwon
f0494ec17a fix(Session): avoid password confirmation on SSO 
SSO backends like SAML and OIDC tried a trick to suppress password
confirmations as they are not possible by design. At least for SAML it was
not reliable when existing user backends where used as user repositories.

Now we are setting a special scope with the token, and also make sure that
the scope is taken over when tokens are regenerated.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-06-11 20:19:18 +02:00
Florian Klinger
f3a4abd98c fix: add check for app_api_system session flag to bypass rate limit 
Signed-off-by: Florian Klinger <florian.klinger@nextcloud.com>
Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
 2024-03-18 20:09:15 +02:00
Joas Schilling
aa5f037af7 chore: apply changes from Nextcloud coding standards 1.1.1 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2023-11-23 10:36:13 +01:00
Joas Schilling
25309bcb45 techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-08-28 15:50:45 +02:00
Joas Schilling
1b387bb341 fix!: Remove legacy event dispatching Symfony's GenericEvent from AdditionalScripts 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-07-27 09:57:52 +02:00
Joas Schilling
3a6bc7aba2 fix(middleware): Also abort the request when reaching max delay in afterController 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-05-15 16:20:19 +02:00
Joas Schilling
ecb8b55c5c feat(security): Add PHP \Attribute for remaining security annotations 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-04-25 14:50:32 +02:00
Joas Schilling
89c3c31402 feat(ratelimit): Add Attributes support to rate limit middleware 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-04-24 12:24:48 +02:00
Christoph Wurst
2c0cfd3772 feat(app-framework): Add native argument types for middleware 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-04-18 17:15:05 +02:00
Joas Schilling
2b49861679 Add a debug message when throttling without defining 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-03-08 12:09:22 +01:00
Joas Schilling
e839eb9b5c feat(middleware): Migrate BruteForceProtection annotation to PHP Attribute and allow multiple 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-03-08 12:09:22 +01:00
Ferdinand Thiessen
f655f83c84 fix(CORS): CORS should only be bypassed on PublicPage if not logged in to prevent CSRF attack vectors 
Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>
 2023-02-16 22:55:18 +01:00
Christoph Wurst
20e00cdf17 feat(app-framework): Add UseSession attribute to replace annotation 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-27 09:40:35 +01:00
Côme Chilliet
f5c361cf44 composer run cs:fix 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-20 11:45:08 +01:00
Julien Veyssier
4a3f3beb0b use bruteforce protection on all methods wrapped by PublicShareMiddleware 
if an invalid token is provided or when share password is wrong

Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2022-12-07 13:24:50 +01:00
Julius Härtl
64a7489958 Fix SessionMiddlewareTest and cover new case with reopening 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-08-24 10:36:57 +02:00
Joas Schilling
279e06a80f Merge pull request #32587 from nextcloud/bugfix/noid/improve-jsconfighelper 
Improve JSConfigHelper code quality a bit
 2022-05-31 10:29:30 +02:00
Joas Schilling
f9efc410fa Restore old behaviour of sending flase for not found apps 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-05-30 12:41:35 +02:00
Carl Schwan
b70c6a128f Update core to PHP 7.4 standard 
- Typed properties
- Port to LoggerInterface

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-05-20 22:18:06 +02:00
Joas Schilling
d078d53683 Fix tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-02-23 11:01:58 +01:00
Carl Schwan
6312c0df69 Check style update 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-01-13 00:19:07 +01:00
Carl Schwan
6958d8005a Add admin privilege delegation for admin settings 
This makes it possible for selected groups to access some settings
pages.

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2021-09-29 21:43:31 +02:00
Christoph Wurst
6d5cfe0c66 Move DateTime::RFC2822 to DateTimeInterface::2822 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-06-23 15:30:43 +02:00
Christoph Wurst
770881d5d6 Move DateTime::ATOM to DateTimeInterface::ATOM 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-06-23 15:28:07 +02:00
Joas Schilling
181aab416a Fix warnings about logException 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-06-04 10:57:09 +02:00
Joas Schilling
b6c6527705 Fix unauthorized OCS status in provisioning 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-05-12 08:16:07 +02:00
Christoph Wurst
99f0b10421 Merge pull request #26591 from nextcloud/techdebt/noid/less-ilogger 
Less ILogger
 2021-04-27 15:38:12 +02:00
Joas Schilling
df47445c01 Fix unit tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-04-27 14:34:32 +02:00
Joas Schilling
174f4dd043 Fix ratelimit template 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-04-27 13:55:34 +02:00
Roeland Jago Douma
cc744740b7 Remove deprecated \OCP\API 
Time to remove this forgood now.
Remaining constant moved over
The world is a tiny bit better

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2021-03-03 20:54:32 +01:00
Morris Jobke
f03bb4716b Remove OCSResponse type hint - see #23827 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-11-03 10:43:32 +01:00
Christoph Wurst
d9015a8c94 Format code to a single space around binary operators 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-10-05 20:25:24 +02:00
Joas Schilling
a9f22ac7b1 More test fixing 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-08-19 12:40:25 +02:00
Morris Jobke
234b510652 Change PHPDoc type hint from PHPUnit_Framework_MockObject_MockObject to \PHPUnit\Framework\MockObject\MockObject 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-08-12 13:55:19 +02:00
Roeland Jago Douma
7d7ba61625 Add real events to load additionalscripts 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-07-15 14:07:18 +02:00
Holger Hees
e70249e089 Update SecurityMiddleware.php 
OC::$WEBROOT can be empty in case if your nextcloud installation has no url prefix. This will result in an empty Location Header.

in other areas OC::$WEBROOT is always used together with an /
 2020-07-06 21:34:46 +02:00
Roeland Jago Douma
12fa748c49 Move the notmodified check to middleware where it belongs 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-05-13 08:11:24 +02:00
Roeland Jago Douma
203d7eb1d3 Add AppFramework GZip middleware to gzip responses 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-05-12 09:09:48 +02:00
Christoph Wurst
caff1023ea Format control structures, classes, methods and function 
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.

This also removes and empty lines from method/function bodies at the
beginning and end.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-10 14:19:56 +02:00
Christoph Wurst
afbd9c4e6e Unify function spacing to PSR2 recommendation 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-09 13:54:22 +02:00
Christoph Wurst
2a529e453a Use a blank line after the opening tag 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-09 11:50:14 +02:00
Christoph Wurst
463b388589 Merge pull request #20170 from nextcloud/techdebt/remove-unused-imports 
Remove unused imports
 2020-03-27 17:14:08 +01:00
Christoph Wurst
2ee65f177e Use the shorter phpunit syntax for mocked return values 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-03-25 22:21:27 +01:00
Christoph Wurst
74936c49ea Remove unused imports 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-03-25 22:08:08 +01:00
Roeland Jago Douma
3a7cf40aaa Mode to modern phpunit 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-11-27 15:27:18 +01:00
Roeland Jago Douma
c007ca624f Make phpunit8 compatible 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-11-27 13:34:41 +01:00
Roeland Jago Douma
68748d4f85 Some php-cs fixes 
* Order the imports
* No leading slash on imports
* Empty line before namespace
* One line per import
* Empty after imports
* Emmpty line at bottom of file

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-11-22 20:52:10 +01:00
Roeland Jago Douma
3f12ec95f0 SessionMiddleware: declare session property 
* Remove request since we don't useit
* Update tests as well

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-08-28 13:02:29 +02:00