nextcloud

mirror of https://github.com/nextcloud/server.git synced 2026-02-24 02:11:51 -05:00

Author	SHA1	Message	Date
provokateurin	9dc1d6372f	fix(IContainer): Fix parameter and return types Signed-off-by: provokateurin <kate@provokateurin.de>	2026-02-16 10:45:13 +01:00
Carl Schwan	7b6078875b	refactor: Run rector on lib/private Signed-off-by: Carl Schwan <carl.schwan@nextcloud.com>	2026-02-06 13:50:18 +01:00
Carl Schwan	f81475445d	refactor: Move hasAnnotationOrAttribute to MiddlewareUtils Signed-off-by: Carl Schwan <carlschwan@kde.org>	2026-01-28 21:48:16 +01:00
provokateurin	3dbf848ee9	feat(DI): Abort querying if infinite loop is detected Signed-off-by: provokateurin <kate@provokateurin.de>	2025-11-05 12:21:19 +01:00
Joas Schilling	57f09b642e	fix(container): Reduce general deprecation spam on all requests Signed-off-by: Joas Schilling <coding@schilljs.com>	2025-08-09 11:53:30 +02:00
Joas Schilling	2f18996347	fix(container): Don't use deprecated things to set up controllers for apps Signed-off-by: Joas Schilling <coding@schilljs.com>	2025-08-08 08:42:56 +02:00
Joas Schilling	17c40b9474	fix(container): Log the deprecation to the app when possible Signed-off-by: Joas Schilling <coding@schilljs.com>	2025-08-08 08:42:55 +02:00
Côme Chilliet	2346a528ba	fix: Tidy up middleware registration code and scope them to application container This make sure that all middlewares get a logger scoped to the application id, among other things. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2025-07-08 13:32:16 +02:00
Côme Chilliet	3dd4ba854f	fix: Add back ContainerInterface service to DIContainer Otherwise it gets resolved to \OC::$server. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2025-07-08 13:32:15 +02:00
Côme Chilliet	2240acec7f	fix: Put back ScopedPsrLogger service Cannot use an alias for this one, as it depends upon LoggerInterface so that creates an infinite loop. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2025-07-08 13:32:15 +02:00
Côme Chilliet	ab310ce938	fix: Fix issues and tests in DIContainer and friends Some tests related to MiddlewareDispatcher are still failing. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2025-07-08 13:32:14 +02:00
Côme Chilliet	9913bdda90	chore: Cleanup DIContainer class Also removed deprecated tag from the class as this class will not be removed, only the interface IAppContainer and associated methods should be removed. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2025-07-08 13:32:12 +02:00
Ferdinand Thiessen	5981b7eb51	chore: apply new CSFixer rules Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de> # Conflicts: # apps/settings/lib/SetupChecks/PhpOpcacheSetup.php	2025-07-01 16:26:50 +02:00
Louis Chemineau	47bd75a052	fix(login): Also check legacy annotation for ephemeral sessions Signed-off-by: Louis Chemineau <louis@chmn.me>	2025-02-27 13:12:55 +01:00
Louis Chemineau	c6293204a2	feat: Close sessions created for login flow v2 Sessions created during the login flow v2 should be short lived to not leave an unexpected opened session in the browser. This commit add a property to the session object to track its origin, and will close it as soon as possible, i.e., on the first non public page request. Signed-off-by: Louis Chemineau <louis@chmn.me>	2025-02-26 13:42:18 +01:00
Joas Schilling	c1655bcde7	fix(ratelimit): Allow to bypass rate-limit from bruteforce allowlist Signed-off-by: Joas Schilling <coding@schilljs.com>	2025-01-27 12:46:15 +01:00
Louis Chemineau	a2f2f7ce93	feat: Use inline password confirmation in external storage settings Signed-off-by: Louis Chemineau <louis@chmn.me>	2024-11-28 11:01:54 +01:00
Ferdinand Thiessen	a8f46af20f	chore: Add proper deprecation dates where missing Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-09-20 00:46:03 +02:00
Ferdinand Thiessen	fe05882628	chore!: Remove `OC\AppFramework\Logger` Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-09-19 00:32:25 +02:00
Ferdinand Thiessen	92f3f7e2d2	chore: Remove unused `CsrfTokenManager` from `CSPMiddleware` Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-08-31 00:34:41 +02:00
Robin Appelman	8b60df1600	perf: delay getting (sub)admin status for user in the security middleware untill we need it Signed-off-by: Robin Appelman <robin@icewind.nl>	2024-08-23 15:26:40 +02:00
skjnldsv	db28aa8cd1	fix(files_sharing): show proper share not found error message Signed-off-by: skjnldsv <skjnldsv@protonmail.com>	2024-08-06 16:25:10 +02:00
Joas Schilling	047479ccf9	feat(security): Add public API to allow validating IP Ranges and checking for "in range" Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2024-07-19 16:28:03 +02:00
Benjamin Gaussorgues	202e5b1e95	feat(security): restrict admin actions to IP ranges Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2024-07-19 16:28:03 +02:00
provokateurin	e5dcdfb9e0	feat(Security): Warn about using annotations instead of attributes Signed-off-by: provokateurin <kate@provokateurin.de>	2024-07-18 11:25:32 +02:00
Arthur Schiwon	340939e688	fix(Session): avoid password confirmation on SSO SSO backends like SAML and OIDC tried a trick to suppress password confirmations as they are not possible by design. At least for SAML it was not reliable when existing user backends where used as user repositories. Now we are setting a special scope with the token, and also make sure that the scope is taken over when tokens are regenerated. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2024-06-05 19:01:13 +02:00
Andy Scherzinger	dae7c159f7	chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>	2024-05-24 13:11:22 +02:00
Côme Chilliet	ec5133b739	fix: Apply new coding standard to all files Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2024-04-02 14:16:21 +02:00
Florian Klinger	f3a4abd98c	fix: add check for app_api_system session flag to bypass rate limit Signed-off-by: Florian Klinger <florian.klinger@nextcloud.com> Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>	2024-03-18 20:09:15 +02:00
John Molakvoæ	b5357f7d12	Merge branch 'master' into refactor/OC-Server-getThemingDefaults Signed-off-by: John Molakvoæ <skjnldsv@users.noreply.github.com>	2024-02-23 15:47:17 +01:00
Maxence Lange	e1d7328bb2	adding test Signed-off-by: Maxence Lange <maxence@artificial-owl.com>	2024-01-31 21:13:32 -01:00
Maxence Lange	51fa22dc26	fix psalm Signed-off-by: Maxence Lange <maxence@artificial-owl.com>	2024-01-31 21:13:32 -01:00
Côme Chilliet	f68d4f7300	Remove deprecated methods Util::writeLog and DIContainer::log Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-09-25 10:37:12 +02:00
Andrew Summers	ce74bdcda2	Refactor `OC\Server::getThemingDefaults` Signed-off-by: Andrew Summers <18727110+summersab@users.noreply.github.com>	2023-08-29 21:33:17 -05:00
Joas Schilling	25309bcb45	techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25 Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-08-28 15:50:45 +02:00
Joas Schilling	2b49861679	Add a debug message when throttling without defining Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-03-08 12:09:22 +01:00
Christoph Wurst	8d9af3e262	feat(app-framework): Add support for global middlewares This allows apps to register middlewares that always register, not just for the app's own requests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-01-26 11:54:28 +01:00
Christoph Wurst	907ff68bfc	perf(app-framework): Make the app middleware registration lazy Before this patch, app middlewares were registered on the dispatcher for every app loaded in a Nextcloud process. With the patch, only middlewares belonging to the same app of a dispatcher instance are loaded. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-01-25 09:27:24 +01:00
Christoph Wurst	20fcfb5739	feat(app framework)!: Inject services into controller methods Usually Nextcloud DI goes through constructor injection. This has the implication that each instance of a class builds the full DI tree. That is the injected services, their services, etc. Occasionally there is a service that is only needed for one controller method. Then the DI tree is build regardless if used or not. If services are injected into the method, we only build the DI tree if that method gets executed. This is also how Laravel allows injection. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-01-18 14:00:38 +01:00
Julius Härtl	f0a0bfaaee	Move to str_starts_with Signed-off-by: Julius Härtl <jus@bitgrid.net>	2022-12-07 22:32:06 +01:00
Julius Härtl	3899de12b7	Skip querying the app container for server namespace Signed-off-by: Julius Härtl <jus@bitgrid.net>	2022-12-07 22:32:05 +01:00
Julius Härtl	d7ecbe32d2	Avoid container dance for appName Sicne the appName is always passed for the DIContainer we can avoid using the container query logic and instead store and use a property Signed-off-by: Julius Härtl <jus@bitgrid.net>	2022-12-07 22:32:04 +01:00
Julien Veyssier	4a3f3beb0b	use bruteforce protection on all methods wrapped by PublicShareMiddleware if an invalid token is provided or when share password is wrong Signed-off-by: Julien Veyssier <julien-nc@posteo.net>	2022-12-07 13:24:50 +01:00
Christoph Wurst	41b2466d35	Clean up and deprecate app container aliases Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2022-11-02 19:42:09 +01:00
Julius Härtl	0f33453610	Diagnostics event logging to Nextcloud log Signed-off-by: Julius Härtl <jus@bitgrid.net> Add config samples Signed-off-by: Julius Härtl <jus@bitgrid.net>	2022-02-28 11:24:40 +01:00
Carl Schwan	6958d8005a	Add admin privilege delegation for admin settings This makes it possible for selected groups to access some settings pages. Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2021-09-29 21:43:31 +02:00
John Molakvoæ (skjnldsv)	215aef3cbd	Update php licenses Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	2021-06-04 22:02:41 +02:00
Joas Schilling	df47445c01	Fix unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>	2021-04-27 14:34:32 +02:00
Roeland Jago Douma	68ec18323d	Fix types in the Group Manager Psalm found an issue. However the issue found was because of lying docblocks. Fixed those and did some typing to make it all better. For #25839 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2021-03-03 14:52:47 +01:00
Joas Schilling	3212c074b9	Log the number of queries built and executed Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-09-25 14:55:53 +02:00

1 2 3 4

167 commits