0
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2025-02-28 02:26:32 +00:00
Commit graph

147 commits

Author SHA1 Message Date
Louis Chemineau
97732de328
feat: Use inline password confirmation in external storage settings
Signed-off-by: Louis Chemineau <louis@chmn.me>
2024-11-28 13:03:51 +01:00
skjnldsv
db28aa8cd1 fix(files_sharing): show proper share not found error message
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
2024-08-06 16:25:10 +02:00
Joas Schilling
047479ccf9
feat(security): Add public API to allow validating IP Ranges and checking for "in range"
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2024-07-19 16:28:03 +02:00
Benjamin Gaussorgues
202e5b1e95
feat(security): restrict admin actions to IP ranges
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2024-07-19 16:28:03 +02:00
provokateurin
e5dcdfb9e0
feat(Security): Warn about using annotations instead of attributes
Signed-off-by: provokateurin <kate@provokateurin.de>
2024-07-18 11:25:32 +02:00
Arthur Schiwon
340939e688
fix(Session): avoid password confirmation on SSO
SSO backends like SAML and OIDC tried a trick to suppress password
confirmations as they are not possible by design. At least for SAML it was
not reliable when existing user backends where used as user repositories.

Now we are setting a special scope with the token, and also make sure that
the scope is taken over when tokens are regenerated.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2024-06-05 19:01:13 +02:00
Andy Scherzinger
dae7c159f7
chore: Add SPDX header
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
2024-05-24 13:11:22 +02:00
Côme Chilliet
ec5133b739 fix: Apply new coding standard to all files
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2024-04-02 14:16:21 +02:00
Florian Klinger
f3a4abd98c
fix: add check for app_api_system session flag to bypass rate limit
Signed-off-by: Florian Klinger <florian.klinger@nextcloud.com>
Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
2024-03-18 20:09:15 +02:00
John Molakvoæ
b5357f7d12
Merge branch 'master' into refactor/OC-Server-getThemingDefaults
Signed-off-by: John Molakvoæ <skjnldsv@users.noreply.github.com>
2024-02-23 15:47:17 +01:00
Maxence Lange
e1d7328bb2 adding test
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2024-01-31 21:13:32 -01:00
Maxence Lange
51fa22dc26 fix psalm
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2024-01-31 21:13:32 -01:00
Côme Chilliet
f68d4f7300
Remove deprecated methods Util::writeLog and DIContainer::log
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-09-25 10:37:12 +02:00
Andrew Summers
ce74bdcda2
Refactor OC\Server::getThemingDefaults
Signed-off-by: Andrew Summers <18727110+summersab@users.noreply.github.com>
2023-08-29 21:33:17 -05:00
Joas Schilling
25309bcb45
techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-08-28 15:50:45 +02:00
Joas Schilling
2b49861679
Add a debug message when throttling without defining
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-03-08 12:09:22 +01:00
Christoph Wurst
8d9af3e262
feat(app-framework): Add support for global middlewares
This allows apps to register middlewares that always register, not just
for the app's own requests

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-01-26 11:54:28 +01:00
Christoph Wurst
907ff68bfc
perf(app-framework): Make the app middleware registration lazy
Before this patch, app middlewares were registered on the dispatcher for
every app loaded in a Nextcloud process. With the patch, only
middlewares belonging to the same app of a dispatcher instance are
loaded.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-01-25 09:27:24 +01:00
Christoph Wurst
20fcfb5739
feat(app framework)!: Inject services into controller methods
Usually Nextcloud DI goes through constructor injection. This has the
implication that each instance of a class builds the full DI tree. That
is the injected services, their services, etc. Occasionally there is a
service that is only needed for one controller method. Then the DI tree
is build regardless if used or not.

If services are injected into the method, we only build the DI tree if
that method gets executed.

This is also how Laravel allows injection.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-01-18 14:00:38 +01:00
Julius Härtl
f0a0bfaaee
Move to str_starts_with
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2022-12-07 22:32:06 +01:00
Julius Härtl
3899de12b7
Skip querying the app container for server namespace
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2022-12-07 22:32:05 +01:00
Julius Härtl
d7ecbe32d2
Avoid container dance for appName
Sicne the appName is always passed for the DIContainer we can avoid
using the container query logic and instead store and use a property

Signed-off-by: Julius Härtl <jus@bitgrid.net>
2022-12-07 22:32:04 +01:00
Julien Veyssier
4a3f3beb0b
use bruteforce protection on all methods wrapped by PublicShareMiddleware
if an invalid token is provided or when share password is wrong

Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
2022-12-07 13:24:50 +01:00
Christoph Wurst
41b2466d35
Clean up and deprecate app container aliases
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2022-11-02 19:42:09 +01:00
Julius Härtl
0f33453610
Diagnostics event logging to Nextcloud log
Signed-off-by: Julius Härtl <jus@bitgrid.net>

Add config samples

Signed-off-by: Julius Härtl <jus@bitgrid.net>
2022-02-28 11:24:40 +01:00
Carl Schwan
6958d8005a
Add admin privilege delegation for admin settings
This makes it possible for selected groups to access some settings
pages.

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2021-09-29 21:43:31 +02:00
John Molakvoæ (skjnldsv)
215aef3cbd
Update php licenses
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2021-06-04 22:02:41 +02:00
Joas Schilling
df47445c01
Fix unit tests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-04-27 14:34:32 +02:00
Roeland Jago Douma
68ec18323d Fix types in the Group Manager
Psalm found an issue. However the issue found was because of lying
docblocks. Fixed those and did some typing to make it all better.

For 

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2021-03-03 14:52:47 +01:00
Joas Schilling
3212c074b9
Log the number of queries built and executed
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-09-25 14:55:53 +02:00
Christoph Wurst
2a054e6c04
Update the license headers for Nextcloud 20
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-08-24 14:54:25 +02:00
Christoph Wurst
c889021334
Add a scoped PSR logger for apps
Just like for ILogger we should have a version that has the app ID
pre-set for the context (unless overwritten) so that each log entry can
be traced back to the app that produced it.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-07-16 19:11:56 +02:00
Christoph Wurst
4152216bd8
Use PSR container interface and deprecate our own abstraction
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-07-16 13:35:45 +02:00
Roeland Jago Douma
fa9dfd83c9
Fix AppFramework services
* We can't just register an alias as the services need the appId to be
  injected. if we just register an alias this blows up since the main
  container doesn't have the appId.
* Moved the Authtokens over to show the PoC works

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-07-14 16:01:14 +02:00
Roeland Jago Douma
12fa748c49
Move the notmodified check to middleware where it belongs
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-05-13 08:11:24 +02:00
Roeland Jago Douma
203d7eb1d3
Add AppFramework GZip middleware to gzip responses
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-05-12 09:09:48 +02:00
Roeland Jago Douma
0659656c72
Merge pull request from nextcloud/enh/dicontainer_cleanup
DI Cleanup
2020-05-09 11:02:02 +02:00
Roeland Jago Douma
32c93ee08e
Move over the IConfig for globalscale
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-05-08 08:50:01 +02:00
Roeland Jago Douma
163463dea5
Add InitialState Appframework service
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-05-07 10:13:06 +02:00
Roeland Jago Douma
4e59c6f9b5
Remove double registrations
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-05-07 08:47:43 +02:00
Roeland Jago Douma
8a8623c569
Simple AppConfig wrapper for the AppFramework
9 out of 10 cases apps want to access their own appconfig. Hence it
would be nice not to have to enter the app id all the time. This simple
wrapper just passes on the appid in all calls.

Basically this allows for simpler code in the apps.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-05-02 15:34:28 +02:00
Christoph Wurst
caff1023ea
Format control structures, classes, methods and function
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.

This also removes and empty lines from method/function bodies at the
beginning and end.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 14:19:56 +02:00
Christoph Wurst
14c996d982
Use elseif instead of else if
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 10:35:09 +02:00
Christoph Wurst
afbd9c4e6e
Unify function spacing to PSR2 recommendation
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 13:54:22 +02:00
Christoph Wurst
b80ebc9674
Use the short array syntax, everywhere
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-26 16:34:56 +01:00
Christoph Wurst
1b46621cd3
Update license headers for 18
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-12-20 09:23:25 +01:00
Daniel Kesselberg
0016480370
Decouple resource provider registration
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2019-12-07 22:04:07 +01:00
Christoph Wurst
5bf3d1bb38
Update license headers
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-12-05 15:38:45 +01:00
Roeland Jago Douma
68748d4f85
Some php-cs fixes
* Order the imports
* No leading slash on imports
* Empty line before namespace
* One line per import
* Empty after imports
* Emmpty line at bottom of file

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-22 20:52:10 +01:00
Roeland Jago Douma
098ab7af4b
Do DI on registered middleware as well
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-10-16 22:52:48 +02:00