upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-03-19 09:05:01 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 15
78826 commits 768 branches 1186 tags 7.8 GiB
Commit graph

559 commits

Author SHA1 Message Date
Joas Schilling
b6a8287ce1 fix(ratelimit): Allow to bypass rate-limit from bruteforce allowlist 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-05-15 17:52:02 +02:00
Ferdinand Thiessen
832f79ac93
chore: apply code style 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2025-04-30 19:04:59 +02:00
Louis Chemineau
84b59c48b6 fix: Use login name to check the password 
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2025-04-02 17:21:06 +00:00
Joas Schilling
4c2877da2f fix(auth): Allow 2FA challenges for Ephemeral sessions 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-03-18 09:16:46 +00:00
Louis Chemineau
cc1a5e7c91 fix(login): Properly target public page with attribute 
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2025-03-05 17:01:11 +00:00
Louis Chemineau
a25a8f4f53
fix(login): Also check legacy annotation for ephemeral sessions 
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2025-03-03 11:42:43 +01:00
Louis Chemineau
9141eb473f
feat: Close sessions created for login flow v2 
Sessions created during the login flow v2 should be short lived to not leave an unexpected opened session in the browser.

This commit add a property to the session object to track its origin, and will close it as soon as possible, i.e., on the first non public page request.

Signed-off-by: Louis Chemineau <louis@chmn.me>

[skip ci]

Signed-off-by: Louis Chemineau <louis@chmn.me>
 2025-03-03 11:38:03 +01:00
Joas Schilling
a5e6f46eb0
fix(l10n): Improve english source strings 
- No leading/trailing whitespace
- Use asci single quote

Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-02-26 15:06:47 +01:00
provokateurin
cb81f6c11c fix(Http): Only allow valid HTTP status code values via template 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2025-01-08 10:14:12 +00:00
Louis Chemineau
97732de328
feat: Use inline password confirmation in external storage settings 
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2024-11-28 13:03:51 +01:00
Arthur Schiwon
b45dc98ba1 fix(Middleware): log deprecation when annotation was actually used 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-11-13 06:29:31 +00:00
provokateurin
ad895bd592 fix(BaseResponse): Cast XML element values to string 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-09-15 17:18:33 +00:00
Ferdinand Thiessen
655b318b23 fix: Support Safari mobile 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-21 12:33:53 +00:00
Holger Hees
73397cd759
fix: Use CSP_NONCE env variable in ContentSecurity Header 
We should use 'cspNonceManager' for requesting the NONCE value, because it is doing the same as before, except that it honors a CPS_NONCE environment variable if available.

Signed-off-by: Holger Hees <holger.hees@gmail.com>
 2024-08-13 09:52:08 +02:00
skjnldsv
db28aa8cd1 fix(files_sharing): show proper share not found error message 
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2024-08-06 16:25:10 +02:00
provokateurin
9d1705259c
fix(AppFramework): Allow requests with OCS-APIRequest header to pass CSRF checks 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-07-25 17:31:49 +02:00
SebastianKrupinski
fc0b694d37 feat: mail provider backend 
Signed-off-by: SebastianKrupinski <krupinskis05@gmail.com>
 2024-07-23 16:20:36 -04:00
Joas Schilling
047479ccf9
feat(security): Add public API to allow validating IP Ranges and checking for "in range" 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-07-19 16:28:03 +02:00
Benjamin Gaussorgues
202e5b1e95
feat(security): restrict admin actions to IP ranges 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-07-19 16:28:03 +02:00
Andrey Borysenko
40f820470a
chore: use "app_api" session key, "app_api_system" is deprecated 
Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
 2024-07-18 17:16:57 +03:00
Alexander Piskun
b7af6ec200
feat: allow for ExApps to call Admin endpoints marked with specific attr 
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
 2024-07-18 15:11:39 +03:00
provokateurin
e5dcdfb9e0
feat(Security): Warn about using annotations instead of attributes 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-07-18 11:25:32 +02:00
Ferdinand Thiessen
a229723b8c
feat: Add new forbidden filename options to Capabilities 
Allow clients to access the new filename validation options
and make frontend name validation possible.

Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de>
Co-authored-by: Kate <26026535+provokateurin@users.noreply.github.com>
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-07-11 13:31:54 +02:00
provokateurin
5aefdc399e
feat(AppFramework): Add ExAppRequired attribute 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-07-01 14:41:20 +02:00
Joas Schilling
0d383f1f66
fix(logger): Fix scoped PSR logger when running psalm:ci 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-06-11 11:52:18 +02:00
Arthur Schiwon
f6d6efef3a
refactor(Token): introduce scope constants 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-06-05 19:01:14 +02:00
Arthur Schiwon
340939e688
fix(Session): avoid password confirmation on SSO 
SSO backends like SAML and OIDC tried a trick to suppress password
confirmations as they are not possible by design. At least for SAML it was
not reliable when existing user backends where used as user repositories.

Now we are setting a special scope with the token, and also make sure that
the scope is taken over when tokens are regenerated.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-06-05 19:01:13 +02:00
Andy Scherzinger
dae7c159f7
chore: Add SPDX header 
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
 2024-05-24 13:11:22 +02:00
Marcel Klehr
ec27c538b5 fix: address review comments 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-05-14 11:38:41 +02:00
Marcel Klehr
00894e2420 feat: first pass at TaskProcessing API 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2024-05-14 11:38:39 +02:00
Côme Chilliet
672923f0a6
fix: Fix newly spotted psalm issues, add exhaustive typed magic properties for LDAP classes 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-04-30 09:23:58 +02:00
Côme Chilliet
644036ab4e
fix: Migrate away from OC_App toward the IAppManager 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-04-22 12:14:58 +02:00
Ferdinand Thiessen
3aa9c53a87
Merge pull request #44644 from nextcloud/enh/noid/returns-formated-app-values 
fix(appconfig): format app values
 2024-04-17 17:11:36 +02:00
Côme Chilliet
ab6afe0111 fix: Fix new psalm errors from update 
Not sure about the SimpleContainer modification, let’s see what CI says
 about that.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-04-08 11:29:09 +02:00
Maxence Lange
97e59b12a1 fix(appconfig): only convert single entry on searchValues() 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2024-04-05 17:49:34 -01:00
Côme Chilliet
ec5133b739 fix: Apply new coding standard to all files 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-04-02 14:16:21 +02:00
Florian Klinger
f3a4abd98c
fix: add check for app_api_system session flag to bypass rate limit 
Signed-off-by: Florian Klinger <florian.klinger@nextcloud.com>
Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
 2024-03-18 20:09:15 +02:00
John Molakvoæ
bbb7955cad
Merge branch 'master' into refactor/OC-Server-getThemingDefaults 2024-03-15 13:12:32 +01:00
Andrey Borysenko
865fd3ba08
fix: add missing copyrights and strict types 
Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
 2024-03-12 18:14:40 +02:00
jld3103
4ac2375ca2
feat: Add declarative settings 
Signed-off-by: jld3103 <jld3103yt@gmail.com>
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
 2024-03-12 13:56:54 +02:00
Julius Härtl
b8c5bff673
fix: Adjust user agent pattern for Edge 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2024-03-08 12:11:46 +01:00
Julius Härtl
c7813bfdaf
feat: Implement team provider api 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2024-03-05 08:13:58 +01:00
John Molakvoæ
b5357f7d12
Merge branch 'master' into refactor/OC-Server-getThemingDefaults 
Signed-off-by: John Molakvoæ <skjnldsv@users.noreply.github.com>
 2024-02-23 15:47:17 +01:00
Klaus
747aeded9d fix xml ocs response for serializable objects 
Signed-off-by: sualko <klaus@jsxc.org>
Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
 2024-02-23 14:49:22 +01:00
provokateurin
66e7056c5e
fix(Routing): Only use lowercase names for registering and matching routes 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-02-21 12:07:50 +01:00
Joas Schilling
9f38aabc06
Merge pull request #43552 from nextcloud/bugfix/noid/rfc7239-compatible-proxy-handling 
fix(request): Handle reverse proxy setting a port in Forwarded-For
 2024-02-15 15:29:47 +01:00
Joas Schilling
696ed4a125
fix(CS): Fix coding style 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-02-14 15:38:15 +01:00
Vincent Petry
839ddaa354
feat: rename users to account or person 
Replace translated text in most locations

Signed-off-by: Vincent Petry <vincent@nextcloud.com>
 2024-02-13 21:06:30 +01:00
Joas Schilling
c4684089a8
fix(request): Fix regex handling and coding-style 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-02-13 16:51:13 +01:00
Mikael Peigney
ffcadf25d4
fix(request): Handle reverse proxy setting a port in Forwarded-For 
Signed-off-by: Mikael Peigney <Mika56@users.noreply.github.com>
 2024-02-13 16:51:13 +01:00