upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-02-28 12:30:40 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 7
81241 commits 699 branches 1186 tags 7 GiB
Commit graph

588 commits

Author SHA1 Message Date
Côme Chilliet
e8370bf73a
fix: Use only enabled applications versions in the cache prefix 
This makes sure the cached routes are updated after enabling a
 previously disabled application

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-06-05 17:58:54 +02:00
Ferdinand Thiessen
c21e189850
fix: make core application bootstrapable by coordinator 
Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de>
Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2025-06-02 15:58:54 +02:00
Joas Schilling
89a7778f87
test: Mock ITaskManager to remove test interactions 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-05-29 12:20:20 +02:00
Ferdinand Thiessen
e4ed062d68
fix(RouteParser): bail out if method name contains hashtag 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2025-05-15 13:57:14 +02:00
provokateurin
63ba61487b
chore(AppFramework): Remove unused RouteConfig class and migrate tests to RouteParser 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2025-05-15 13:57:14 +02:00
Côme Chilliet
0c56605497
fix: Fix psalm issue and update baseline 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-05-14 19:18:31 +02:00
Côme Chilliet
20c6d1a7e9
feat: Improve init a bit, and add more profiling steps 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-05-13 16:08:49 +02:00
Joas Schilling
7964f338dc
fix(throttler): Remove the sleep from the throttler that throws 
The sleep is not adding benefit when it's being aborted with 429
in other cases anyway.

Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-05-02 11:27:29 +02:00
Josh
6951053c90
docs(dispatcher): Correct described return values 
Signed-off-by: Josh <josh.t.richards@gmail.com>
 2025-04-23 22:43:03 +02:00
Côme Chilliet
92038229fa
fix: Remove support for app.php loading 
It has been deprecated for a long time, and the last known active
 application to use it (user_saml) is now migrated the modern API.
Presence of the file is still checked in order to log an error.
This behavior may be removed as well in a few versions.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-04-14 14:30:00 +02:00
Louis Chemineau
3bff9ee3e1
fix: Use login name to check the password 
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2025-04-02 15:50:05 +02:00
Côme Chilliet
c7037d7b38
fix: Move getAppInstalledVersions to AppConfig so that it can be used earlier 
Call it from OC_App to make sure there is only one request to DB.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-03-25 16:20:21 +01:00
Joas Schilling
c9aea8ffdf
fix(auth): Allow 2FA challenges for Ephemeral sessions 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-03-18 09:52:51 +01:00
Louis Chemineau
a163fa08d0 fix(login): Properly target public page with attribute 
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2025-03-05 16:36:26 +01:00
Arthur Schiwon
42d752f767
Merge pull request #51116 from nextcloud/enh/noid/nullable-range 
feat(AppFramework): extend range check to optional parameters
 2025-03-04 14:23:21 +01:00
Arthur Schiwon
6594d7d96d
feat(AppFramework): extend range check to optional parameters 
Now it also applies when a paramater is documtend with a pending |null,
but no further unionation is considered.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2025-02-27 19:49:04 +01:00
Louis Chemineau
47bd75a052
fix(login): Also check legacy annotation for ephemeral sessions 
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2025-02-27 13:12:55 +01:00
Louis
c7900de4f2
Merge pull request #51051 from nextcloud/artonge/fix/login_flow_v2_sessions_2 
feat: Close sessions created for login flow v2
 2025-02-27 08:52:00 +01:00
Louis Chemineau
c6293204a2
feat: Close sessions created for login flow v2 
Sessions created during the login flow v2 should be short lived to not leave an unexpected opened session in the browser.

This commit add a property to the session object to track its origin, and will close it as soon as possible, i.e., on the first non public page request.

Signed-off-by: Louis Chemineau <louis@chmn.me>
 2025-02-26 13:42:18 +01:00
Joas Schilling
095ab4419e
fix(l10n): Improve english source strings 
- No leading/trailing whitespace
- Use asci single quote

Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-02-26 09:54:32 +01:00
Côme Chilliet
c1c59f9a6c
chore: Add missing star in phpdoc comment 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-02-17 15:26:23 +01:00
Côme Chilliet
fa108d5b54
fix: Correctly tag json encoding in BaseResponse to fix false-positive 
…in psalm taint analysis

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-02-17 15:26:22 +01:00
Joas Schilling
c1655bcde7
fix(ratelimit): Allow to bypass rate-limit from bruteforce allowlist 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-01-27 12:46:15 +01:00
Elizabeth Danzberger
fdfeb7f265
feat(api): File conversion API 
Signed-off-by: Elizabeth Danzberger <lizzy7128@tutanota.de>
 2025-01-15 16:38:18 -05:00
Maxence Lange
bd4a154d64 feat(lexicon): configurable default value 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2025-01-14 10:36:07 -01:00
provokateurin
7db694f534
fix(Http): Only allow valid HTTP status code values via template 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2025-01-07 15:45:30 +01:00
Maxence Lange
96586ba709 feat(config): implementation of lexicon 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2024-12-13 11:08:20 -01:00
Joas Schilling
dd101dd0f7
Merge pull request #49515 from nextcloud/bugfix/noid/boolean-false-in-multipart-form-data 
fix(controller): Fix false booleans in multipart/form-data
 2024-11-28 14:46:16 +01:00
Joas Schilling
1909b981a4
fix(controller): Fix false booleans in multipart/form-data 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-11-28 12:18:30 +01:00
Louis Chemineau
a2f2f7ce93
feat: Use inline password confirmation in external storage settings 
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2024-11-28 11:01:54 +01:00
provokateurin
dd0ed02b91
feat(Dispatcher): Add debug log for controller methods returning raw data not wrapped in Response 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-11-15 10:09:59 +01:00
skjnldsv
b15fdfd40e chore(profile): move profile app from core to apps 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2024-11-14 10:25:02 +01:00
Arthur Schiwon
fdd24090ff
fix(Middleware): log deprecation when annotation was actually used 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-11-12 22:15:08 +01:00
Ferdinand Thiessen
a8f46af20f
chore: Add proper deprecation dates where missing 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-09-20 00:46:03 +02:00
provokateurin
9836e9b164
chore(deps): Update nextcloud/coding-standard to v1.3.1 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-09-19 14:21:20 +02:00
Ferdinand Thiessen
fe05882628
chore!: Remove OC\AppFramework\Logger 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-09-19 00:32:25 +02:00
provokateurin
3d9b49815b
fix(BaseResponse): Cast XML element values to string 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-09-15 15:37:27 +02:00
Ferdinand Thiessen
deeccd12a3
chore: fix typo in SameSiteCookieMiddleware 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-31 00:34:45 +02:00
Ferdinand Thiessen
92f3f7e2d2
chore: Remove unused CsrfTokenManager from CSPMiddleware 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-31 00:34:41 +02:00
Daniel Kesselberg
af6de04e9e
style: update codestyle for coding-standard 1.2.3 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2024-08-25 19:34:58 +02:00
Robin Appelman
8b60df1600
perf: delay getting (sub)admin status for user in the security middleware untill we need it 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2024-08-23 15:26:40 +02:00
Ferdinand Thiessen
c82b17d0a3
fix: Support Safari mobile 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-21 13:01:23 +02:00
Holger Hees
73397cd759
fix: Use CSP_NONCE env variable in ContentSecurity Header 
We should use 'cspNonceManager' for requesting the NONCE value, because it is doing the same as before, except that it honors a CPS_NONCE environment variable if available.

Signed-off-by: Holger Hees <holger.hees@gmail.com>
 2024-08-13 09:52:08 +02:00
skjnldsv
db28aa8cd1 fix(files_sharing): show proper share not found error message 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2024-08-06 16:25:10 +02:00
provokateurin
9d1705259c
fix(AppFramework): Allow requests with OCS-APIRequest header to pass CSRF checks 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-07-25 17:31:49 +02:00
SebastianKrupinski
fc0b694d37 feat: mail provider backend 
Signed-off-by: SebastianKrupinski <krupinskis05@gmail.com>
 2024-07-23 16:20:36 -04:00
Joas Schilling
047479ccf9
feat(security): Add public API to allow validating IP Ranges and checking for "in range" 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-07-19 16:28:03 +02:00
Benjamin Gaussorgues
202e5b1e95
feat(security): restrict admin actions to IP ranges 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-07-19 16:28:03 +02:00
Andrey Borysenko
40f820470a
chore: use "app_api" session key, "app_api_system" is deprecated 
Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
 2024-07-18 17:16:57 +03:00
Alexander Piskun
b7af6ec200
feat: allow for ExApps to call Admin endpoints marked with specific attr 
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
 2024-07-18 15:11:39 +03:00