averello/nextcloud-server-mirror
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-03-04 18:28:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
67,807 Commits 712 Branches 1,186 Tags
7d02d98d9ebff664322dcf3f723db35fdebbed2d
Commit Graph

124 Commits

Author SHA1 Message Date
Joas Schilling
3a6bc7aba2 fix(middleware): Also abort the request when reaching max delay in afterController 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-05-15 16:20:19 +02:00
Joas Schilling
ecb8b55c5c feat(security): Add PHP \Attribute for remaining security annotations 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-04-25 14:50:32 +02:00
Joas Schilling
89c3c31402 feat(ratelimit): Add Attributes support to rate limit middleware 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-04-24 12:24:48 +02:00
Christoph Wurst
a06898a2d0 fix(security)!: Use consistent HTTP status for strict cookie checks 
Before: 503/412
Now: 412 + json body explaining the error

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-04-17 16:06:37 +00:00
Joas Schilling
2b49861679 Add a debug message when throttling without defining 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-03-08 12:09:22 +01:00
Joas Schilling
e839eb9b5c feat(middleware): Migrate BruteForceProtection annotation to PHP Attribute and allow multiple 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-03-08 12:09:22 +01:00
Ferdinand Thiessen
f655f83c84 fix(CORS): CORS should only be bypassed on PublicPage if not logged in to prevent CSRF attack vectors 
Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>
 2023-02-16 22:55:18 +01:00
Christoph Wurst
20e00cdf17 feat(app-framework): Add UseSession attribute to replace annotation 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-27 09:40:35 +01:00
Côme Chilliet
f5c361cf44 composer run cs:fix 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-20 11:45:08 +01:00
Julien Veyssier
4a3f3beb0b use bruteforce protection on all methods wrapped by PublicShareMiddleware 
if an invalid token is provided or when share password is wrong

Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2022-12-07 13:24:50 +01:00
Jonas Rittershofer
c8b7a233a5 Allow CSRF on CORS routes 
Co-authored-by: Julius Härtl <jus@bitgrid.net>
Co-authored-by: Andreas Brinner <andreas@everlanes.net>
Signed-off-by: Jonas Rittershofer <jotoeri@users.noreply.github.com>
 2022-09-21 10:42:00 +00:00
Julius Härtl
9b4b72826a Reopen sessions if we need to write to them instead of keeping them open 
Sessions are a locking operation until we write close them, so close
them early and reopen later in case we want to write to them

Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-08-17 12:10:26 +02:00
luz paz
368f83095d Fix typos in lib/private subdirectory 
Found via `codespell -q 3 -S l10n -L jus ./lib/private`

Signed-off-by: luz paz <luzpaz@github.com>
 2022-07-27 08:52:17 -04:00
Carl Schwan
b70c6a128f Update core to PHP 7.4 standard 
- Typed properties
- Port to LoggerInterface

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-05-20 22:18:06 +02:00
Vincent Petry
80388663af Add direct arg to login flow 
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
Co-Authored-by: Carl Schwan <carl@carlschwan.eu>
 2022-03-28 10:28:45 +02:00
Carl Schwan
6312c0df69 Check style update 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-01-13 00:19:07 +01:00
Julius Härtl
61dd1d3d97 Pass username prefill through unauthenticated request redirects 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2021-12-29 11:52:31 +01:00
Carl Schwan
6958d8005a Add admin privilege delegation for admin settings 
This makes it possible for selected groups to access some settings
pages.

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2021-09-29 21:43:31 +02:00
Christoph Wurst
6d5cfe0c66 Move DateTime::RFC2822 to DateTimeInterface::2822 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-06-23 15:30:43 +02:00
John Molakvoæ (skjnldsv)
215aef3cbd Update php licenses 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2021-06-04 22:02:41 +02:00
korelstar
b38e8678e4 fix error when using CORS with no auth credentials 2021-05-18 07:11:10 +02:00
Joas Schilling
b6c6527705 Fix unauthorized OCS status in provisioning 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-05-12 08:16:07 +02:00
Christoph Wurst
99f0b10421 Merge pull request #26591 from nextcloud/techdebt/noid/less-ilogger 
Less ILogger
 2021-04-27 15:38:12 +02:00
Joas Schilling
56ae87c281 Less ILogger 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-04-27 14:34:32 +02:00
Joas Schilling
174f4dd043 Fix ratelimit template 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-04-27 13:55:34 +02:00
Roeland Jago Douma
cc744740b7 Remove deprecated \OCP\API 
Time to remove this forgood now.
Remaining constant moved over
The world is a tiny bit better

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2021-03-03 20:54:32 +01:00
Christoph Wurst
d9015a8c94 Format code to a single space around binary operators 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-10-05 20:25:24 +02:00
Julius Härtl
8ab2422b6c Add acutal response to BeforeTemplateRenderedEvent 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2020-09-24 20:00:23 +02:00
Christoph Wurst
2a054e6c04 Update the license headers for Nextcloud 20 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-08-24 14:54:25 +02:00
Joas Schilling
35a8519591 Fix CS 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-08-19 11:20:36 +02:00
Joas Schilling
e66bc4a8a7 Send "429 Too Many Requests" in case of brute force protection 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-08-19 11:20:35 +02:00
Julius Härtl
e1b696929f Move NotFoundResponse to a proper TemplateResponse 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2020-07-24 08:58:14 +02:00
Roeland Jago Douma
7d7ba61625 Add real events to load additionalscripts 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-07-15 14:07:18 +02:00
Holger Hees
e70249e089 Update SecurityMiddleware.php 
OC::$WEBROOT can be empty in case if your nextcloud installation has no url prefix. This will result in an empty Location Header.

in other areas OC::$WEBROOT is always used together with an /
 2020-07-06 21:34:46 +02:00
Morris Jobke
4e49e1da16 Allow TemplateResponse to be compressed 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-05-15 08:38:39 +02:00
Roeland Jago Douma
12fa748c49 Move the notmodified check to middleware where it belongs 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-05-13 08:11:24 +02:00
Roeland Jago Douma
203d7eb1d3 Add AppFramework GZip middleware to gzip responses 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-05-12 09:09:48 +02:00
Christoph Wurst
cb057829f7 Update license headers for 19 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-29 11:57:22 +02:00
Christoph Wurst
caff1023ea Format control structures, classes, methods and function 
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.

This also removes and empty lines from method/function bodies at the
beginning and end.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-10 14:19:56 +02:00
Christoph Wurst
afbd9c4e6e Unify function spacing to PSR2 recommendation 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-09 13:54:22 +02:00
Christoph Wurst
2fbad1ed72 Fix (array) indent style to always use one tab 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-09 10:16:08 +02:00
Christoph Wurst
74936c49ea Remove unused imports 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-03-25 22:08:08 +01:00
Joas Schilling
d445f9b9fe Fix loaded controller check 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-01-21 16:35:10 +01:00
Christoph Wurst
1b46621cd3 Update license headers for 18 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2019-12-20 09:23:25 +01:00
Roeland Jago Douma
0360ab408e Merge pull request #18256 from nextcloud/files-aditional-scripts-new-events 
Use non-depricated events for loading additional scripts in files app
 2019-12-09 21:24:55 +01:00
Robin Appelman
1c585d2c50 use OCP\EventDispatcher\GenericEvent in more places 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2019-12-09 14:24:57 +01:00
Christoph Wurst
5bf3d1bb38 Update license headers 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2019-12-05 15:38:45 +01:00
Roeland Jago Douma
68748d4f85 Some php-cs fixes 
* Order the imports
* No leading slash on imports
* Empty line before namespace
* One line per import
* Empty after imports
* Emmpty line at bottom of file

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-11-22 20:52:10 +01:00
Joas Schilling
6ad54f3f27 Merge pull request #17850 from nextcloud/bugfix/noid/mark-spreed-as-active-on-call-urls 
Mark "Talk" active on /call/token URLs
 2019-11-20 10:33:45 +01:00
Daniel Kesselberg
9055f46351 Make phan happy ;) 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2019-11-19 16:16:26 +01:00