Louis Chemineau
862265f1cc
fix(login): Properly target public page with attribute
...
Signed-off-by: Louis Chemineau <louis@chmn.me>
2025-03-05 16:58:41 +00:00
Louis Chemineau
c392c2ba04
fix(login): Also check legacy annotation for ephemeral sessions
...
Signed-off-by: Louis Chemineau <louis@chmn.me>
2025-03-03 11:42:41 +01:00
Louis Chemineau
716b08101d
feat: Close sessions created for login flow v2
...
Sessions created during the login flow v2 should be short lived to not leave an unexpected opened session in the browser.
This commit add a property to the session object to track its origin, and will close it as soon as possible, i.e., on the first non public page request.
Signed-off-by: Louis Chemineau <louis@chmn.me>
[skip ci]
Signed-off-by: Louis Chemineau <louis@chmn.me>
2025-03-03 11:38:06 +01:00
provokateurin
9dc6af6f23
fix(Http): Only allow valid HTTP status code values via template
...
Signed-off-by: provokateurin <kate@provokateurin.de>
2025-02-12 14:18:56 +01:00
provokateurin
f92a30301a
fix(BaseResponse): Cast XML element values to string
...
Signed-off-by: provokateurin <kate@provokateurin.de>
2024-09-15 17:16:41 +00:00
Arthur Schiwon
4ec174197f
fix(Token): make new scope future compatible
...
- "password-unconfirmable" is the effective name for 30, but a draft
name was backported.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2024-06-12 11:25:35 +02:00
Arthur Schiwon
86a496d589
fix(Session): avoid password confirmation on SSO
...
SSO backends like SAML and OIDC tried a trick to suppress password
confirmations as they are not possible by design. At least for SAML it was
not reliable when existing user backends where used as user repositories.
Now we are setting a special scope with the token, and also make sure that
the scope is taken over when tokens are regenerated.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2024-06-12 11:14:25 +02:00
Florian Klinger
ca655ba100
fix: add check for app_api_system session flag to bypass rate limit
...
Signed-off-by: Florian Klinger <florian.klinger@nextcloud.com>
Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
2024-04-17 11:22:05 +02:00
Klaus
354387b135
fix xml ocs response for serializable objects
...
Signed-off-by: sualko <klaus@jsxc.org>
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
2024-03-18 01:13:19 +00:00
Julius Härtl
b26fbc3c84
fix: Adjust user agent pattern for Edge
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2024-03-11 10:08:56 +01:00
Ferdinand Thiessen
933ad5e4d2
Merge pull request #43181 from nextcloud/backport/42930/stable28
...
[stable28] Fix: config param 'overwritecondaddr' not working
2024-02-03 12:16:56 +01:00
Ferdinand Thiessen
cfc12b8650
fix(Request): Catch exceptions in isTrustedProxy
...
The function fails if the configured trusted proxies contain invalid characters and the underlying IpUtils will throw.
But as it is used by `getRemoteAddress` which is used by logging / templating, thrown errors are not reported but silently fail with error 500.
Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de>
Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com>
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-01-29 15:23:50 +00:00
Pavel Kryl
8442ed014d
code style: ommited space, reverted [code review]
2024-01-29 09:58:56 +00:00
Pavel Kryl
21625f0d66
fixing bug #6914 : Config Param 'overwritecondaddr' not working
...
- just ignoring/removing extra parameter 'protocol' as suggested by
blizzz
Signed-off-by: Pavel Kryl <pavel@kryl.eu>
2024-01-29 09:58:56 +00:00
Joas Schilling
aa5f037af7
chore: apply changes from Nextcloud coding standards 1.1.1
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2023-11-23 10:36:13 +01:00
Joas Schilling
2fa78f6245
Reverse X-Forwarded-For list to read the correct proxy remote address
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-11-16 07:45:19 +01:00
Christoph Wurst
78842348b2
feat(dependencyinjection): Allow optional (nullable) services
...
Allows working with classes that might or might not be available.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-11-03 11:53:43 +01:00
Joas Schilling
2b7f78fc2e
Merge pull request #40326 from nextcloud/enh/text-to-image-api
...
Implement TextToImage OCP API
2023-10-26 15:53:30 +02:00
Carl Schwan
eb1d612d96
Add api to register setup checks
...
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2023-10-19 11:43:58 +02:00
Marcel Klehr
c8cab9d2fd
Implement TextToImage OCP API
...
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
2023-10-18 13:21:50 +02:00
Joas Schilling
356c2219bc
Merge pull request #40865 from nextcloud/bugfix/noid/fix-version-comment
...
Fix version number in ITimeFactory after it was delayed
2023-10-16 08:01:09 +02:00
Joas Schilling
a8ae09c544
fix(docs): Fix parameter types in docs
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-10-13 11:02:42 +02:00
Joas Schilling
0a4fbaddc7
Fix version number in ITimeFactory after it was delayed
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-10-11 12:14:41 +02:00
Alexander Piskun
0b8a3b578d
fixed Drone test
...
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
2023-10-06 13:46:37 +03:00
Alexander Piskun
f16c9f42c6
added CORS skip if session was created by AppAPI
...
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
2023-10-02 11:08:21 +03:00
Hamid Dehnavi
ea06cf2f39
Convert isset ternary to null coalescing operator
...
Signed-off-by: Hamid Dehnavi <hamid.dev.pro@gmail.com>
2023-09-28 17:44:19 +03:30
Côme Chilliet
f68d4f7300
Remove deprecated methods Util::writeLog and DIContainer::log
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-09-25 10:37:12 +02:00
Christoph Wurst
e477bb7eaf
feat(appframework): Expose programmatic rate limiter
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-09-20 20:25:27 +02:00
Joas Schilling
25309bcb45
techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-08-28 15:50:45 +02:00
Joas Schilling
381c35080d
fix(middleware): Fix header injection for bruteforce middleware
...
Calling setHeaders(getHeaders()) breaks the CSP nonce for unknown reasons
So shifting back to old standard practise for now
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-08-22 16:00:39 +02:00
Joas Schilling
2f06f2355d
feat: Add a header which signals that the request was throttled
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-08-21 16:36:04 +02:00
Robin Appelman
ccf57e0715
add separate event for rendering login page template
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2023-08-17 10:57:56 +02:00
jld3103
12f8543815
Rewrite OCS CSRF check to be readable
...
Signed-off-by: jld3103 <jld3103yt@gmail.com>
2023-08-16 15:52:36 +02:00
Joas Schilling
1b387bb341
fix!: Remove legacy event dispatching Symfony's GenericEvent from AdditionalScripts
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-07-27 09:57:52 +02:00
Marcel Klehr
7c80d66ee5
Merge pull request #38854 from nextcloud/enh/llm-api
2023-07-21 11:20:31 +02:00
Marcel Klehr
ffe27ce14c
Massive refactoring: Turn LanguageModel OCP API into TextProcessing API
...
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
2023-07-14 16:00:31 +02:00
Marcel Klehr
82d3b00ab1
LLM OCP API: Add to RegistrationContext
...
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
2023-07-07 13:39:10 +02:00
Anna Larch
558e386e46
fix(CardDAV): catch right exception when checking for federated app classes
...
Signed-off-by: Anna Larch <anna@nextcloud.com>
2023-07-06 13:07:14 +02:00
jld3103
b0001c6010
Add template types to responses
...
Signed-off-by: jld3103 <jld3103yt@gmail.com>
2023-06-30 09:33:29 +02:00
jld3103
7f4651637a
Allow stdClass in XML responses
...
Signed-off-by: jld3103 <jld3103yt@gmail.com>
2023-06-13 11:44:47 +02:00
Robin Appelman
9f1d497a0b
Merge pull request #38261 from fsamapoor/replace_strpos_calls_in_lib_private
...
Refactors "strpos" calls in lib/private to improve code readability.
2023-06-01 23:10:00 +02:00
Christoph Wurst
e76d525a43
chore: Drop \OC_App::getAppInfo
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-06-01 11:31:27 +02:00
Joas Schilling
3a6bc7aba2
fix(middleware): Also abort the request when reaching max delay in afterController
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-05-15 16:20:19 +02:00
Faraz Samapoor
e7cc7653b8
Refactors "strpos" calls in lib/private to improve code readability.
...
Signed-off-by: Faraz Samapoor <fsamapoor@gmail.com>
2023-05-15 15:17:19 +03:30
Joas Schilling
ecb8b55c5c
feat(security): Add PHP \Attribute for remaining security annotations
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-04-25 14:50:32 +02:00
Joas Schilling
89c3c31402
feat(ratelimit): Add Attributes support to rate limit middleware
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-04-24 12:24:48 +02:00
Côme Chilliet
b294edad80
Merge branch 'master' into enh/type-iconfig-getter-calls
...
Signed-off-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
2023-04-20 16:52:38 +02:00
Joas Schilling
fd473f89e8
Merge pull request #37674 from nextcloud/feature/speech-to-text
...
feat(SpeechToText): Add SpeechToText OCP provider API
2023-04-19 16:29:44 +02:00
Christoph Wurst
a06898a2d0
fix(security)!: Use consistent HTTP status for strict cookie checks
...
Before: 503/412
Now: 412 + json body explaining the error
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-04-17 16:06:37 +00:00
Marcel Klehr
317521b607
feat(SpeechToText): Add SpeechToText provider API
...
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
2023-04-11 14:59:57 +02:00