averello/nextcloud-server-mirror
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-03-04 18:28:08 +01:00
Code Issues Packages Projects Releases Wiki Activity
73,377 Commits 712 Branches 1,186 Tags
ba94de2510b3858f10d60f0230a58b1252346372
Commit Graph

67 Commits

Author SHA1 Message Date
Joas Schilling
25309bcb45 techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-08-28 15:50:45 +02:00
Joas Schilling
3a6bc7aba2 fix(middleware): Also abort the request when reaching max delay in afterController 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-05-15 16:20:19 +02:00
Joas Schilling
ecb8b55c5c feat(security): Add PHP \Attribute for remaining security annotations 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-04-25 14:50:32 +02:00
Joas Schilling
89c3c31402 feat(ratelimit): Add Attributes support to rate limit middleware 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-04-24 12:24:48 +02:00
Joas Schilling
2b49861679 Add a debug message when throttling without defining 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-03-08 12:09:22 +01:00
Joas Schilling
e839eb9b5c feat(middleware): Migrate BruteForceProtection annotation to PHP Attribute and allow multiple 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-03-08 12:09:22 +01:00
Ferdinand Thiessen
f655f83c84 fix(CORS): CORS should only be bypassed on PublicPage if not logged in to prevent CSRF attack vectors 
Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>
 2023-02-16 22:55:18 +01:00
Côme Chilliet
f5c361cf44 composer run cs:fix 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-20 11:45:08 +01:00
Joas Schilling
279e06a80f Merge pull request #32587 from nextcloud/bugfix/noid/improve-jsconfighelper 
Improve JSConfigHelper code quality a bit
 2022-05-31 10:29:30 +02:00
Joas Schilling
f9efc410fa Restore old behaviour of sending flase for not found apps 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-05-30 12:41:35 +02:00
Carl Schwan
b70c6a128f Update core to PHP 7.4 standard 
- Typed properties
- Port to LoggerInterface

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-05-20 22:18:06 +02:00
Joas Schilling
d078d53683 Fix tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-02-23 11:01:58 +01:00
Carl Schwan
6312c0df69 Check style update 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-01-13 00:19:07 +01:00
Carl Schwan
6958d8005a Add admin privilege delegation for admin settings 
This makes it possible for selected groups to access some settings
pages.

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2021-09-29 21:43:31 +02:00
Joas Schilling
181aab416a Fix warnings about logException 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-06-04 10:57:09 +02:00
Christoph Wurst
99f0b10421 Merge pull request #26591 from nextcloud/techdebt/noid/less-ilogger 
Less ILogger
 2021-04-27 15:38:12 +02:00
Joas Schilling
df47445c01 Fix unit tests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-04-27 14:34:32 +02:00
Joas Schilling
174f4dd043 Fix ratelimit template 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-04-27 13:55:34 +02:00
Christoph Wurst
d9015a8c94 Format code to a single space around binary operators 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-10-05 20:25:24 +02:00
Joas Schilling
a9f22ac7b1 More test fixing 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-08-19 12:40:25 +02:00
Morris Jobke
234b510652 Change PHPDoc type hint from PHPUnit_Framework_MockObject_MockObject to \PHPUnit\Framework\MockObject\MockObject 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-08-12 13:55:19 +02:00
Holger Hees
e70249e089 Update SecurityMiddleware.php 
OC::$WEBROOT can be empty in case if your nextcloud installation has no url prefix. This will result in an empty Location Header.

in other areas OC::$WEBROOT is always used together with an /
 2020-07-06 21:34:46 +02:00
Christoph Wurst
caff1023ea Format control structures, classes, methods and function 
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.

This also removes and empty lines from method/function bodies at the
beginning and end.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-10 14:19:56 +02:00
Christoph Wurst
afbd9c4e6e Unify function spacing to PSR2 recommendation 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-09 13:54:22 +02:00
Christoph Wurst
2a529e453a Use a blank line after the opening tag 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-09 11:50:14 +02:00
Christoph Wurst
463b388589 Merge pull request #20170 from nextcloud/techdebt/remove-unused-imports 
Remove unused imports
 2020-03-27 17:14:08 +01:00
Christoph Wurst
2ee65f177e Use the shorter phpunit syntax for mocked return values 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-03-25 22:21:27 +01:00
Christoph Wurst
74936c49ea Remove unused imports 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-03-25 22:08:08 +01:00
Roeland Jago Douma
3a7cf40aaa Mode to modern phpunit 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-11-27 15:27:18 +01:00
Roeland Jago Douma
c007ca624f Make phpunit8 compatible 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-11-27 13:34:41 +01:00
Roeland Jago Douma
68748d4f85 Some php-cs fixes 
* Order the imports
* No leading slash on imports
* Empty line before namespace
* One line per import
* Empty after imports
* Emmpty line at bottom of file

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-11-22 20:52:10 +01:00
Roeland Jago Douma
f81817b47d Add tests 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-08-10 19:40:13 +02:00
Roeland Jago Douma
37a4282c7a Split up security middleware 
With upcoming work for the feature policy header. Splitting this in
smaller classes that just do 1 thing makes sense.

I rather have a few small classes that are tiny and do 1 thing right
(and we all understand what is going on) than have big ones.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-07-27 16:11:45 +02:00
Christoph Wurst
22ae682823 Make it possible to show admin settings for sub admins 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2019-05-23 20:31:40 +02:00
Roeland Jago Douma
8c1e75e052 Do not use file as template parameter 
Using file will overwrite the $file parameter in the template base.
Leading to trying to include a file that is the exception message. Which
will of course fail.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-08-09 16:45:25 +02:00
Roeland Jago Douma
3ad7daeda5 Add tests 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-03-08 11:05:18 +01:00
Morris Jobke
cf35c4b03a Provide translated error message for permission error 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-02-26 17:00:29 +01:00
Roeland Jago Douma
7405dfb544 Update tests 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-01-29 14:37:18 +01:00
Joas Schilling
bf2be08c9f Fix risky tests without assertions 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2018-01-25 11:33:25 +01:00
Joas Schilling
870023365c Fix "Undefined method setExpectedException()" 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2018-01-24 18:10:16 +01:00
Morris Jobke
2a38605545 Properly log the full exception instead of only the message 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-01-23 10:57:21 +01:00
Roeland Jago Douma
57050146f6 Move passwordconfirmation to its own midleware 
Add tests

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-01-02 21:58:14 +01:00
Bjoern Schiessle
1bcbeb24bc disable password confirmation with SSO 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2018-01-02 20:30:37 +01:00
Morris Jobke
ce0c45a4ea Use proper DI for security middleware for app enabled check 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-10-24 15:36:28 +02:00
Roeland Jago Douma
c257cd57d4 Handle SameSiteCookie check for index.php in AppFramework Middleware 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-09-24 21:07:16 +02:00
Morris Jobke
84c22fdeef Merge pull request #5907 from nextcloud/add-metadata-to-throttle-call 
Add metadata to \OCP\AppFramework\Http\Response::throttle
 2017-08-01 14:43:47 +02:00
Roeland Jago Douma
f71dc7523f Fix tests 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-07-31 16:54:19 +02:00
Lukas Reschke
f22ab3e665 Add metadata to \OCP\AppFramework\Http\Response::throttle 
Fixes https://github.com/nextcloud/server/issues/5891

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-07-27 14:17:45 +02:00
Lukas Reschke
8149945a91 Make BruteForceProtection annotation more clever 
This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware.

Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-04-13 23:05:33 +02:00
Lukas Reschke
a1ae5275f9 Move to dedicated MiddleWare 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-04-13 12:00:17 +02:00