nextcloud

mirror of https://github.com/nextcloud/server.git synced 2026-05-15 01:49:53 -04:00

Author	SHA1	Message	Date
Ferdinand Thiessen	e0ba4d71b6	chore: add missing `Override` attribute to `OC` Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2026-04-28 21:29:27 +02:00
Simon L.	d3faa4247d	fix(initializeSession): only log HMAC problem to critical logs if indeed critical Signed-off-by: Simon L. <szaimen@e.mail.de>	2026-03-17 11:46:41 +01:00
Carl Schwan	c96ece0bcb	refactor: Add more typing - repairs job - database - redis And remove Helpertest which was unused outside of some tests. Signed-off-by: Carl Schwan <carl.schwan@nextcloud.com>	2026-02-06 13:55:39 +01:00
Carl Schwan	7b6078875b	refactor: Run rector on lib/private Signed-off-by: Carl Schwan <carl.schwan@nextcloud.com>	2026-02-06 13:50:18 +01:00
Christoph Wurst	7e188433a1	fix(session): handle null logger Signed-off-by: Christoph Wurst <1374172+ChristophWurst@users.noreply.github.com>	2026-01-09 16:42:39 +01:00
Christoph Wurst	adf7ea5f0b	perf: log slow DNS operations Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2026-01-08 11:22:15 +01:00
Christoph Wurst	cc89a2a2b8	refactor: extract slow operation logging into trait Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2026-01-08 11:22:15 +01:00
Samuel Bizien Filippi	a14cade3ac	feat(core): add cookie_domain config option Signed-off-by: Samuel Bizien Filippi <samuel.bizien-filippi@finances.gouv.fr>	2025-06-16 15:33:48 +02:00
Côme Chilliet	e757b649b7	fix: Fix psalm taint false-positives by small refactorings Mostly make it clear that we trust admin input or that we correctly escape strings. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2025-02-17 18:08:23 +01:00
Maxence Lange	9100b8757e	fix(setup): ignore long session login during installation Signed-off-by: Maxence Lange <maxence@artificial-owl.com>	2024-08-27 12:29:42 -01:00
Christoph Wurst	2b38d6ae7e	fix(session): Log when session_* calls are slow Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2024-08-07 09:02:10 +02:00
Julius Härtl	38bee2c014	perf: Set session.cache_limiter at runtime to avoid clients caching static assets served by PHP By default there is a Pragma: no-cache header set due to the default value `no-cache` of session.cache-limiter, which will cause Chrome and iOS to not cache even with a different Cache-Control header set on the response. Signed-off-by: Julius Härtl <jus@bitgrid.net>	2024-07-08 22:30:27 +02:00
Andy Scherzinger	dae7c159f7	chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>	2024-05-24 13:11:22 +02:00
Joas Schilling	7c6934dea9	fix(typo): Fix typo in docs Signed-off-by: Joas Schilling <coding@schilljs.com>	2024-03-25 14:55:52 +01:00
Côme Chilliet	f73f966c98	chore: Add missing ArrayAccess template parameters Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2024-02-06 10:24:41 +01:00
Côme Chilliet	eee9f1eec4	Always catch OCP versions of authentication exceptions And always throw OC versions for BC Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2024-01-11 14:02:15 +01:00
Joas Schilling	aa5f037af7	chore: apply changes from Nextcloud coding standards 1.1.1 Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2023-11-23 10:36:13 +01:00
Christoph Wurst	63069b6492	fix(session): Do not log fresh/empty session as error Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-11-07 09:13:48 +01:00
Christoph Wurst	ca33d6b01c	fix(session): Log when crypto session data is lost Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-10-11 19:59:18 +02:00
Christoph Wurst	14719110b9	chore: Replace \OC::$server->query with \OCP\Server::get in /lib Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-07-06 15:21:22 +02:00
Christoph Wurst	872c181c74	chore: Drop dead private methods in /lib Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-06-06 11:01:58 +02:00
Claus-Justus Heine	45ec432492	Don't call session_start() when PHP session is still or already open. Signed-off-by: Claus-Justus Heine <himself@claus-justus-heine.de>	2023-04-17 16:23:02 +02:00
Côme Chilliet	f5c361cf44	composer run cs:fix Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-01-20 11:45:08 +01:00
Julius Härtl	a6761d76ea	fix: Make sure to reopen session before cleaning Otherwise restoring the requesttoken would reopen and read the existing session data and restore it instead of clearing Signed-off-by: Julius Härtl <jus@bitgrid.net>	2022-12-10 13:37:55 +01:00
Julius Härtl	c412821606	Do not remove complete encrypted session key when just a key should be removed Signed-off-by: Julius Härtl <jus@bitgrid.net>	2022-11-03 13:20:30 +01:00
Julius Härtl	2ff840b5c1	Read encrypted session data again on reopen Signed-off-by: Julius Härtl <jus@bitgrid.net>	2022-11-03 13:20:30 +01:00
Julius Härtl	9e1d431255	Add config option to disable strict session timeout to be able to use read_and_close Fixed https://github.com/nextcloud/server/issues/29356 Signed-off-by: Julius Härtl <jus@bitgrid.net>	2022-08-17 12:10:27 +02:00
Julius Härtl	9b4b72826a	Reopen sessions if we need to write to them instead of keeping them open Sessions are a locking operation until we write close them, so close them early and reopen later in case we want to write to them Signed-off-by: Julius Härtl <jus@bitgrid.net>	2022-08-17 12:10:26 +02:00
luz paz	368f83095d	Fix typos in lib/private subdirectory Found via `codespell -q 3 -S l10n -L jus ./lib/private` Signed-off-by: luz paz <luzpaz@github.com>	2022-07-27 08:52:17 -04:00
Côme Chilliet	113756db30	Fix ArrayAccess and JsonSerializable return types First round of modifications for PHP 8.1 Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2021-11-23 09:28:56 +01:00
Julius Härtl	c1ea6a899c	Only trap E_ERROR in session handling Signed-off-by: Julius Härtl <jus@bitgrid.net>	2021-08-17 10:47:25 +02:00
John Molakvoæ (skjnldsv)	215aef3cbd	Update php licenses Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	2021-06-04 22:02:41 +02:00
Roeland Jago Douma	858f623081	Generate a new session id if the decrypting the session data fails Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2020-12-04 11:42:40 +01:00
Christoph Wurst	7e2c3a820e	Remove the cookie paths for php<7.3 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-11-06 15:57:17 +01:00
Roeland Jago Douma	8daaf33e3d	Silence duplicate session warnings Fixes #20490 Basically restroring the old behavior. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2020-08-14 05:23:11 +02:00
Christoph Wurst	cb057829f7	Update license headers for 19 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-29 11:57:22 +02:00
Christoph Wurst	28f8eb5dba	Add visibility to all constants Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-10 16:54:27 +02:00
Christoph Wurst	caff1023ea	Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-10 14:19:56 +02:00
Christoph Wurst	36b3bc8148	Use php keywords in lowercase Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-09 14:04:56 +02:00
Christoph Wurst	74936c49ea	Remove unused imports Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-03-25 22:08:08 +01:00
Roeland Jago Douma	2016e57eab	Only send samesite cookies This makes the last remaining two cookies lax. The session cookie itself. And the session password as well (on php 7.3 that is). Samesite cookies are the best cookies! Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2020-02-06 15:24:35 +01:00
Christoph Wurst	5bf3d1bb38	Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2019-12-05 15:38:45 +01:00
MartB	fe21b10de5	replace setcookie value with '' instead of null. The php documentation states that an empty string should be used for a cookie when it has no real value. null leads to the following error: expects parameter 2 to be string, null given Signed-off-by: Martin Böh <mart.b@outlook.de>	2018-09-06 20:34:16 +02:00
Roeland Jago Douma	8c47a632e0	Allow updating the token on session regeneration Sometimes when we force a session regeneration we want to update the current token for this session. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-06-14 08:09:36 +02:00
Roeland Jago Douma	8cb6bb3987	Make ISession strict * Make all implementations strict * Add scalar types Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-02-26 22:20:21 +01:00
Morris Jobke	fe0dbe7fb7	Fix type in CryptoSessionData Found while adding strict typing for PHP7+. Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2018-01-12 22:41:03 +01:00
Morris Jobke	0eebff152a	Update license headers Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2017-11-06 16:56:19 +01:00
Lukas Reschke	4166d61ce6	Fix MigrationSchemaChecker and CryptoWrapper Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-08-01 08:20:16 +02:00
Arthur Schiwon	d1a8269de3	Forward port of #5190 to master Treat PHP Errors on User session regenerate Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> remove unnecessary lines… Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de> change PHP errors to ErrorException in the session (PHP >=7) Otherwise it might be that authentication apps are being disabled on during operation while in fact the session handler has hiccup. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2017-06-15 11:20:49 +02:00
Victor Dubiniuk	131df248ef	Catch session already closed exception in destructor	2017-04-25 16:28:52 +02:00

1 2

57 commits