nextcloud_server

mirror of https://github.com/nextcloud/server.git synced 2025-03-13 07:53:51 +00:00

Author	SHA1	Message	Date
Louis Chemineau	862265f1cc	fix(login): Properly target public page with attribute Signed-off-by: Louis Chemineau <louis@chmn.me>	2025-03-05 16:58:41 +00:00
Louis Chemineau	c392c2ba04	fix(login): Also check legacy annotation for ephemeral sessions Signed-off-by: Louis Chemineau <louis@chmn.me>	2025-03-03 11:42:41 +01:00
Louis Chemineau	716b08101d	feat: Close sessions created for login flow v2 Sessions created during the login flow v2 should be short lived to not leave an unexpected opened session in the browser. This commit add a property to the session object to track its origin, and will close it as soon as possible, i.e., on the first non public page request. Signed-off-by: Louis Chemineau <louis@chmn.me> [skip ci] Signed-off-by: Louis Chemineau <louis@chmn.me>	2025-03-03 11:38:06 +01:00
provokateurin	9dc6af6f23	fix(Http): Only allow valid HTTP status code values via template Signed-off-by: provokateurin <kate@provokateurin.de>	2025-02-12 14:18:56 +01:00
provokateurin	f92a30301a	fix(BaseResponse): Cast XML element values to string Signed-off-by: provokateurin <kate@provokateurin.de>	2024-09-15 17:16:41 +00:00
Arthur Schiwon	4ec174197f	fix(Token): make new scope future compatible - "password-unconfirmable" is the effective name for 30, but a draft name was backported. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2024-06-12 11:25:35 +02:00
Arthur Schiwon	86a496d589	fix(Session): avoid password confirmation on SSO SSO backends like SAML and OIDC tried a trick to suppress password confirmations as they are not possible by design. At least for SAML it was not reliable when existing user backends where used as user repositories. Now we are setting a special scope with the token, and also make sure that the scope is taken over when tokens are regenerated. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2024-06-12 11:14:25 +02:00
Florian Klinger	ca655ba100	fix: add check for app_api_system session flag to bypass rate limit Signed-off-by: Florian Klinger <florian.klinger@nextcloud.com> Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>	2024-04-17 11:22:05 +02:00
Klaus	354387b135	fix xml ocs response for serializable objects Signed-off-by: sualko <klaus@jsxc.org> Signed-off-by: skjnldsv <skjnldsv@protonmail.com>	2024-03-18 01:13:19 +00:00
Julius Härtl	b26fbc3c84	fix: Adjust user agent pattern for Edge Signed-off-by: Julius Härtl <jus@bitgrid.net>	2024-03-11 10:08:56 +01:00
Ferdinand Thiessen	933ad5e4d2	Merge pull request #43181 from nextcloud/backport/42930/stable28 [stable28] Fix: config param 'overwritecondaddr' not working	2024-02-03 12:16:56 +01:00
Ferdinand Thiessen	cfc12b8650	fix(Request): Catch exceptions in `isTrustedProxy` The function fails if the configured trusted proxies contain invalid characters and the underlying IpUtils will throw. But as it is used by `getRemoteAddress` which is used by logging / templating, thrown errors are not reported but silently fail with error 500. Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de> Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com> Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-01-29 15:23:50 +00:00
Pavel Kryl	8442ed014d	code style: ommited space, reverted [code review]	2024-01-29 09:58:56 +00:00
Pavel Kryl	21625f0d66	fixing bug #6914 : Config Param 'overwritecondaddr' not working - just ignoring/removing extra parameter 'protocol' as suggested by blizzz Signed-off-by: Pavel Kryl <pavel@kryl.eu>	2024-01-29 09:58:56 +00:00
Joas Schilling	aa5f037af7	chore: apply changes from Nextcloud coding standards 1.1.1 Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2023-11-23 10:36:13 +01:00
Joas Schilling	2fa78f6245	Reverse X-Forwarded-For list to read the correct proxy remote address Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-11-16 07:45:19 +01:00
Christoph Wurst	78842348b2	feat(dependencyinjection): Allow optional (nullable) services Allows working with classes that might or might not be available. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-11-03 11:53:43 +01:00
Joas Schilling	2b7f78fc2e	Merge pull request #40326 from nextcloud/enh/text-to-image-api Implement TextToImage OCP API	2023-10-26 15:53:30 +02:00
Carl Schwan	eb1d612d96	Add api to register setup checks Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2023-10-19 11:43:58 +02:00
Marcel Klehr	c8cab9d2fd	Implement TextToImage OCP API Signed-off-by: Marcel Klehr <mklehr@gmx.net>	2023-10-18 13:21:50 +02:00
Joas Schilling	356c2219bc	Merge pull request #40865 from nextcloud/bugfix/noid/fix-version-comment Fix version number in ITimeFactory after it was delayed	2023-10-16 08:01:09 +02:00
Joas Schilling	a8ae09c544	fix(docs): Fix parameter types in docs Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-10-13 11:02:42 +02:00
Joas Schilling	0a4fbaddc7	Fix version number in ITimeFactory after it was delayed Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-10-11 12:14:41 +02:00
Alexander Piskun	0b8a3b578d	fixed Drone test Signed-off-by: Alexander Piskun <bigcat88@icloud.com>	2023-10-06 13:46:37 +03:00
Alexander Piskun	f16c9f42c6	added CORS skip if session was created by AppAPI Signed-off-by: Alexander Piskun <bigcat88@icloud.com>	2023-10-02 11:08:21 +03:00
Hamid Dehnavi	ea06cf2f39	Convert isset ternary to null coalescing operator Signed-off-by: Hamid Dehnavi <hamid.dev.pro@gmail.com>	2023-09-28 17:44:19 +03:30
Côme Chilliet	f68d4f7300	Remove deprecated methods Util::writeLog and DIContainer::log Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-09-25 10:37:12 +02:00
Christoph Wurst	e477bb7eaf	feat(appframework): Expose programmatic rate limiter Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-09-20 20:25:27 +02:00
Joas Schilling	25309bcb45	techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25 Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-08-28 15:50:45 +02:00
Joas Schilling	381c35080d	fix(middleware): Fix header injection for bruteforce middleware Calling setHeaders(getHeaders()) breaks the CSP nonce for unknown reasons So shifting back to old standard practise for now Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-08-22 16:00:39 +02:00
Joas Schilling	2f06f2355d	feat: Add a header which signals that the request was throttled Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-08-21 16:36:04 +02:00
Robin Appelman	ccf57e0715	add separate event for rendering login page template Signed-off-by: Robin Appelman <robin@icewind.nl>	2023-08-17 10:57:56 +02:00
jld3103	12f8543815	Rewrite OCS CSRF check to be readable Signed-off-by: jld3103 <jld3103yt@gmail.com>	2023-08-16 15:52:36 +02:00
Joas Schilling	1b387bb341	fix!: Remove legacy event dispatching Symfony's GenericEvent from AdditionalScripts Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-07-27 09:57:52 +02:00
Marcel Klehr	7c80d66ee5	Merge pull request #38854 from nextcloud/enh/llm-api	2023-07-21 11:20:31 +02:00
Marcel Klehr	ffe27ce14c	Massive refactoring: Turn LanguageModel OCP API into TextProcessing API Signed-off-by: Marcel Klehr <mklehr@gmx.net>	2023-07-14 16:00:31 +02:00
Marcel Klehr	82d3b00ab1	LLM OCP API: Add to RegistrationContext Signed-off-by: Marcel Klehr <mklehr@gmx.net>	2023-07-07 13:39:10 +02:00
Anna Larch	558e386e46	fix(CardDAV): catch right exception when checking for federated app classes Signed-off-by: Anna Larch <anna@nextcloud.com>	2023-07-06 13:07:14 +02:00
jld3103	b0001c6010	Add template types to responses Signed-off-by: jld3103 <jld3103yt@gmail.com>	2023-06-30 09:33:29 +02:00
jld3103	7f4651637a	Allow stdClass in XML responses Signed-off-by: jld3103 <jld3103yt@gmail.com>	2023-06-13 11:44:47 +02:00
Robin Appelman	9f1d497a0b	Merge pull request #38261 from fsamapoor/replace_strpos_calls_in_lib_private Refactors "strpos" calls in lib/private to improve code readability.	2023-06-01 23:10:00 +02:00
Christoph Wurst	e76d525a43	chore: Drop \OC_App::getAppInfo Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-06-01 11:31:27 +02:00
Joas Schilling	3a6bc7aba2	fix(middleware): Also abort the request when reaching max delay in afterController Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-05-15 16:20:19 +02:00
Faraz Samapoor	e7cc7653b8	Refactors "strpos" calls in lib/private to improve code readability. Signed-off-by: Faraz Samapoor <fsamapoor@gmail.com>	2023-05-15 15:17:19 +03:30
Joas Schilling	ecb8b55c5c	feat(security): Add PHP \Attribute for remaining security annotations Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-04-25 14:50:32 +02:00
Joas Schilling	89c3c31402	feat(ratelimit): Add Attributes support to rate limit middleware Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-04-24 12:24:48 +02:00
Côme Chilliet	b294edad80	Merge branch 'master' into enh/type-iconfig-getter-calls Signed-off-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>	2023-04-20 16:52:38 +02:00
Joas Schilling	fd473f89e8	Merge pull request #37674 from nextcloud/feature/speech-to-text feat(SpeechToText): Add SpeechToText OCP provider API	2023-04-19 16:29:44 +02:00
Christoph Wurst	a06898a2d0	fix(security)!: Use consistent HTTP status for strict cookie checks Before: 503/412 Now: 412 + json body explaining the error Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-04-17 16:06:37 +00:00
Marcel Klehr	317521b607	feat(SpeechToText): Add SpeechToText provider API Signed-off-by: Marcel Klehr <mklehr@gmx.net>	2023-04-11 14:59:57 +02:00

1 2 3 4 5 ...

509 commits