upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-02-26 03:11:28 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 33
83004 commits 688 branches 1186 tags 7 GiB
Commit graph

53 commits

Author SHA1 Message Date
John Molakvoæ
2b50d9b2c5
Revert "perf(base): Stop setting up the FS for every basic auth request" 2025-07-11 17:07:44 +02:00
provokateurin
689a853dc6
fix(dav): Initialize the FS for the user right after authenticating 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2025-07-08 11:38:58 +02:00
Ferdinand Thiessen
5981b7eb51
chore: apply new CSFixer rules 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>

# Conflicts:
#	apps/settings/lib/SetupChecks/PhpOpcacheSetup.php
 2025-07-01 16:26:50 +02:00
Ferdinand Thiessen
fa63e646d4
fix(dav): do not require CSRF for safe and indempotent HTTP methods 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2025-03-13 12:04:30 +01:00
Côme Chilliet
ed5b7ae161
chore: re-apply current rector configuration to apps folder 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-02-13 11:45:33 +01:00
Git'Fellow
36d6b0f1e6 refactor: Use Http framework where possible 
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
 2024-12-14 11:23:29 +01:00
provokateurin
381077028a
refactor(apps): Use constructor property promotion when possible 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-10-21 12:37:59 +02:00
Côme Chilliet
1580c8612b
chore(apps): Apply new rector configuration to autouse classes 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-10-15 10:40:25 +02:00
Julius Härtl
4d6b4b71c7 fix: Authorization header can be an empty string 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2024-06-28 14:42:36 +02:00
Ferdinand Thiessen
67a0e01382
fix(dav): Try basic auth for ajax WebDAV requests 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-06-18 10:47:11 +02:00
Andy Scherzinger
9d4b944098
chore: Add SPDX header 
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
 2024-05-27 20:11:22 +02:00
MichaIng
91127edcc8 fix(dav): fallback realm for HTTP authentication 
By default, the name of the Nextcloud instance is an empty string, until changed by the admin. This leads to an empty realm sent with the WWW-Authenticate header, while the realm is mandatory for Basic HTTP authentication. Some clients have issues with an empty realm, e.g. Thunderbird cannot store passwords in this case.

This commit applies "Nextcloud" as fallback for the realm, in case the name of the Nextcloud instance is not set.

Solves: https://help.nextcloud.com/t/thunderbird-dont-save-caldav-password-because-of-missing-httprealm-or-formsubmiturl/93233

Signed-off-by: MichaIng <micha@dietpi.com>
 2024-02-14 16:49:39 +01:00
Joas Schilling
aa5f037af7
chore: apply changes from Nextcloud coding standards 1.1.1 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2023-11-23 10:36:13 +01:00
Joas Schilling
25309bcb45
techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-08-28 15:50:45 +02:00
Joas Schilling
dac31ad101
fix!: Remove legacy event dispatching Symfony's GenericEvent from 2FA Manager 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-07-27 09:57:52 +02:00
Joas Schilling
b91957e3df
fix(dav): Abort requests with 429 instead of waiting 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-05-03 22:43:36 +02:00
Julius Härtl
7b413a41eb
perf(dav): Do not call general setupFS on ever dav auth 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2023-02-09 10:19:37 +01:00
Carl Schwan
f7be76125f Fix more psalm issues 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-05-16 11:05:54 +02:00
Carl Schwan
829490ab7a Cleanup dav 
- Remove unused class AppEnabledPlugin
- Add more type hinting when possible

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-05-05 22:03:59 +02:00
Côme Chilliet
e2531f8503
Migrate dav application from ILogger to LoggerInterface 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-05-02 10:52:43 +02:00
Robin Appelman
c80ba69b7a
dont setup full fs after dav auth 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2022-03-24 17:00:57 +01:00
Côme Chilliet
5cd5245ca8
Fix dav application tests and code for PHP 8.1 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2021-11-23 09:29:01 +01:00
John Molakvoæ (skjnldsv)
215aef3cbd
Update php licenses 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2021-06-04 22:02:41 +02:00
Christoph Wurst
d89a75be0b
Update all license headers for Nextcloud 21 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-12-16 18:48:22 +01:00
Christoph Wurst
28f8eb5dba
Add visibility to all constants 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-10 16:54:27 +02:00
Christoph Wurst
1584c9ae9c
Add visibility to all methods and position of static keyword 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-10 16:51:06 +02:00
Christoph Wurst
caff1023ea
Format control structures, classes, methods and function 
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.

This also removes and empty lines from method/function bodies at the
beginning and end.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-10 14:19:56 +02:00
Christoph Wurst
5bf3d1bb38
Update license headers 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2019-12-05 15:38:45 +01:00
Roeland Jago Douma
68748d4f85
Some php-cs fixes 
* Order the imports
* No leading slash on imports
* Empty line before namespace
* One line per import
* Empty after imports
* Emmpty line at bottom of file

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-11-22 20:52:10 +01:00
Bjoern Schiessle
0efd29f41f
first check if the user is already logged in and then try to authenticate via apache, this way we suppress wrong audit log messages about failed login attempts 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2018-10-30 22:14:52 +01:00
Morris Jobke
e2974f1133
Simplify return statement 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-02-13 21:55:24 +01:00
Morris Jobke
0eebff152a
Update license headers 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-11-06 16:56:19 +01:00
Lukas Reschke
df3909a7c3
Use Bearer backend for SabreDAV 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-05-18 20:49:10 +02:00
Lukas Reschke
5f71805c35
Add basic implementation for OAuth 2.0 Authorization Code Flow 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-05-18 20:49:03 +02:00
Morris Jobke
1729e4471f
Update comments to Nextcloud 
* based on PR by @Ardinis
* see #4311

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-04-11 23:16:27 -05:00
Joas Schilling
33fb86f68b
Fix detection of the new iOS app 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-02-10 10:10:21 +01:00
Robin Appelman
b56f2c9ed0
basic lockdown logic 
Signed-off-by: Robin Appelman <icewind@owncloud.com>
 2016-11-16 15:24:23 +01:00
Christoph Wurst
6af2efb679
prevent infinite redirect loops if the there is no 2fa provider to pass 
This fixes infinite loops that are caused whenever a user is about to solve a 2FA
challenge, but the provider app is disabled at the same time. Since the session
value usually indicates that the challenge needs to be solved before we grant access
we have to remove that value instead in this special case.
 2016-08-24 10:49:23 +02:00
Joas Schilling
813f0a0f40
Fix apps/ 2016-07-21 18:13:57 +02:00
Lukas Reschke
ba4f12baa0
Implement brute force protection 
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.

It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
 2016-07-20 22:08:56 +02:00
Joas Schilling
2c988ecbf4
Use the themed Defaults everywhere 2016-07-15 09:17:30 +02:00
Christoph Wurst
5a8cfab68f
throw PasswordLoginForbidden on DAV 2016-06-17 11:30:24 +02:00
Christoph Wurst
82b50d126c
add PasswordLoginForbiddenException 2016-06-17 11:02:07 +02:00
Christoph Wurst
331d88bcab
create session token on all APIs 2016-06-13 15:38:34 +02:00
Vincent Petry
67c3a97401 Merge pull request #25046 from owncloud/fix-the-realm 
Use the correct realm for basic authentication
 2016-06-10 10:41:46 +02:00
Thomas Müller
cf06b17df1
Use the correct realm for basic authentication - fixes #23427 2016-06-09 13:53:32 +02:00
Thomas Müller
f20c617154
Allow login by email address via webdav as well - fixes #24791 2016-06-09 12:08:49 +02:00
Christoph Wurst
da03a85c3c
block DAV if 2FA challenge needs to be solved first 2016-06-01 10:42:38 +02:00
Lukas Reschke
aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Christoph Wurst
28ce7dd262
do not allow client password logins if token auth is enforced or 2FA is enabled 2016-05-24 17:54:02 +02:00