0
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2025-03-13 07:53:51 +00:00
Commit graph

509 commits

Author SHA1 Message Date
Louis Chemineau
862265f1cc fix(login): Properly target public page with attribute
Signed-off-by: Louis Chemineau <louis@chmn.me>
2025-03-05 16:58:41 +00:00
Louis Chemineau
c392c2ba04
fix(login): Also check legacy annotation for ephemeral sessions
Signed-off-by: Louis Chemineau <louis@chmn.me>
2025-03-03 11:42:41 +01:00
Louis Chemineau
716b08101d
feat: Close sessions created for login flow v2
Sessions created during the login flow v2 should be short lived to not leave an unexpected opened session in the browser.

This commit add a property to the session object to track its origin, and will close it as soon as possible, i.e., on the first non public page request.

Signed-off-by: Louis Chemineau <louis@chmn.me>

[skip ci]

Signed-off-by: Louis Chemineau <louis@chmn.me>
2025-03-03 11:38:06 +01:00
provokateurin
9dc6af6f23 fix(Http): Only allow valid HTTP status code values via template
Signed-off-by: provokateurin <kate@provokateurin.de>
2025-02-12 14:18:56 +01:00
provokateurin
f92a30301a fix(BaseResponse): Cast XML element values to string
Signed-off-by: provokateurin <kate@provokateurin.de>
2024-09-15 17:16:41 +00:00
Arthur Schiwon
4ec174197f
fix(Token): make new scope future compatible
- "password-unconfirmable" is the effective name for 30, but a draft
  name was backported.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2024-06-12 11:25:35 +02:00
Arthur Schiwon
86a496d589
fix(Session): avoid password confirmation on SSO
SSO backends like SAML and OIDC tried a trick to suppress password
confirmations as they are not possible by design. At least for SAML it was
not reliable when existing user backends where used as user repositories.

Now we are setting a special scope with the token, and also make sure that
the scope is taken over when tokens are regenerated.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2024-06-12 11:14:25 +02:00
Florian Klinger
ca655ba100 fix: add check for app_api_system session flag to bypass rate limit
Signed-off-by: Florian Klinger <florian.klinger@nextcloud.com>
Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
2024-04-17 11:22:05 +02:00
Klaus
354387b135 fix xml ocs response for serializable objects
Signed-off-by: sualko <klaus@jsxc.org>
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
2024-03-18 01:13:19 +00:00
Julius Härtl
b26fbc3c84 fix: Adjust user agent pattern for Edge
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2024-03-11 10:08:56 +01:00
Ferdinand Thiessen
933ad5e4d2
Merge pull request from nextcloud/backport/42930/stable28
[stable28] Fix: config param 'overwritecondaddr' not working
2024-02-03 12:16:56 +01:00
Ferdinand Thiessen
cfc12b8650 fix(Request): Catch exceptions in isTrustedProxy
The function fails if the configured trusted proxies contain invalid characters and the underlying IpUtils will throw.
But as it is used by `getRemoteAddress` which is used by logging / templating, thrown errors are not reported but silently fail with error 500.

Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de>
Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com>
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-01-29 15:23:50 +00:00
Pavel Kryl
8442ed014d code style: ommited space, reverted [code review] 2024-01-29 09:58:56 +00:00
Pavel Kryl
21625f0d66 fixing bug : Config Param 'overwritecondaddr' not working
- just ignoring/removing extra parameter 'protocol' as suggested by
  blizzz

Signed-off-by: Pavel Kryl <pavel@kryl.eu>
2024-01-29 09:58:56 +00:00
Joas Schilling
aa5f037af7
chore: apply changes from Nextcloud coding standards 1.1.1
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2023-11-23 10:36:13 +01:00
Joas Schilling
2fa78f6245
Reverse X-Forwarded-For list to read the correct proxy remote address
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-11-16 07:45:19 +01:00
Christoph Wurst
78842348b2
feat(dependencyinjection): Allow optional (nullable) services
Allows working with classes that might or might not be available.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-11-03 11:53:43 +01:00
Joas Schilling
2b7f78fc2e
Merge pull request from nextcloud/enh/text-to-image-api
Implement TextToImage OCP API
2023-10-26 15:53:30 +02:00
Carl Schwan
eb1d612d96
Add api to register setup checks
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2023-10-19 11:43:58 +02:00
Marcel Klehr
c8cab9d2fd Implement TextToImage OCP API
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
2023-10-18 13:21:50 +02:00
Joas Schilling
356c2219bc
Merge pull request from nextcloud/bugfix/noid/fix-version-comment
Fix version number in ITimeFactory after it was delayed
2023-10-16 08:01:09 +02:00
Joas Schilling
a8ae09c544
fix(docs): Fix parameter types in docs
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-10-13 11:02:42 +02:00
Joas Schilling
0a4fbaddc7
Fix version number in ITimeFactory after it was delayed
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-10-11 12:14:41 +02:00
Alexander Piskun
0b8a3b578d fixed Drone test
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
2023-10-06 13:46:37 +03:00
Alexander Piskun
f16c9f42c6 added CORS skip if session was created by AppAPI
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
2023-10-02 11:08:21 +03:00
Hamid Dehnavi
ea06cf2f39 Convert isset ternary to null coalescing operator
Signed-off-by: Hamid Dehnavi <hamid.dev.pro@gmail.com>
2023-09-28 17:44:19 +03:30
Côme Chilliet
f68d4f7300
Remove deprecated methods Util::writeLog and DIContainer::log
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-09-25 10:37:12 +02:00
Christoph Wurst
e477bb7eaf
feat(appframework): Expose programmatic rate limiter
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-09-20 20:25:27 +02:00
Joas Schilling
25309bcb45
techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-08-28 15:50:45 +02:00
Joas Schilling
381c35080d
fix(middleware): Fix header injection for bruteforce middleware
Calling setHeaders(getHeaders()) breaks the CSP nonce for unknown reasons
So shifting back to old standard practise for now

Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-08-22 16:00:39 +02:00
Joas Schilling
2f06f2355d
feat: Add a header which signals that the request was throttled
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-08-21 16:36:04 +02:00
Robin Appelman
ccf57e0715 add separate event for rendering login page template
Signed-off-by: Robin Appelman <robin@icewind.nl>
2023-08-17 10:57:56 +02:00
jld3103
12f8543815
Rewrite OCS CSRF check to be readable
Signed-off-by: jld3103 <jld3103yt@gmail.com>
2023-08-16 15:52:36 +02:00
Joas Schilling
1b387bb341
fix!: Remove legacy event dispatching Symfony's GenericEvent from AdditionalScripts
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-07-27 09:57:52 +02:00
Marcel Klehr
7c80d66ee5
Merge pull request from nextcloud/enh/llm-api 2023-07-21 11:20:31 +02:00
Marcel Klehr
ffe27ce14c Massive refactoring: Turn LanguageModel OCP API into TextProcessing API
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
2023-07-14 16:00:31 +02:00
Marcel Klehr
82d3b00ab1 LLM OCP API: Add to RegistrationContext
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
2023-07-07 13:39:10 +02:00
Anna Larch
558e386e46 fix(CardDAV): catch right exception when checking for federated app classes
Signed-off-by: Anna Larch <anna@nextcloud.com>
2023-07-06 13:07:14 +02:00
jld3103
b0001c6010
Add template types to responses
Signed-off-by: jld3103 <jld3103yt@gmail.com>
2023-06-30 09:33:29 +02:00
jld3103
7f4651637a
Allow stdClass in XML responses
Signed-off-by: jld3103 <jld3103yt@gmail.com>
2023-06-13 11:44:47 +02:00
Robin Appelman
9f1d497a0b
Merge pull request from fsamapoor/replace_strpos_calls_in_lib_private
Refactors "strpos" calls in  lib/private to improve code readability.
2023-06-01 23:10:00 +02:00
Christoph Wurst
e76d525a43
chore: Drop \OC_App::getAppInfo
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-06-01 11:31:27 +02:00
Joas Schilling
3a6bc7aba2
fix(middleware): Also abort the request when reaching max delay in afterController
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-05-15 16:20:19 +02:00
Faraz Samapoor
e7cc7653b8 Refactors "strpos" calls in lib/private to improve code readability.
Signed-off-by: Faraz Samapoor <fsamapoor@gmail.com>
2023-05-15 15:17:19 +03:30
Joas Schilling
ecb8b55c5c
feat(security): Add PHP \Attribute for remaining security annotations
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-04-25 14:50:32 +02:00
Joas Schilling
89c3c31402
feat(ratelimit): Add Attributes support to rate limit middleware
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-04-24 12:24:48 +02:00
Côme Chilliet
b294edad80
Merge branch 'master' into enh/type-iconfig-getter-calls
Signed-off-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
2023-04-20 16:52:38 +02:00
Joas Schilling
fd473f89e8
Merge pull request from nextcloud/feature/speech-to-text
feat(SpeechToText): Add SpeechToText OCP provider API
2023-04-19 16:29:44 +02:00
Christoph Wurst
a06898a2d0 fix(security)!: Use consistent HTTP status for strict cookie checks
Before: 503/412
Now: 412 + json body explaining the error

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-04-17 16:06:37 +00:00
Marcel Klehr
317521b607 feat(SpeechToText): Add SpeechToText provider API
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
2023-04-11 14:59:57 +02:00