nextcloud-server

Commit Graph

Author	SHA1	Message	Date
John Molakvoæ	2b50d9b2c5	Revert "perf(base): Stop setting up the FS for every basic auth request"	6 months ago
provokateurin	689a853dc6	fix(dav): Initialize the FS for the user right after authenticating Signed-off-by: provokateurin <kate@provokateurin.de>	6 months ago
Ferdinand Thiessen	5981b7eb51	chore: apply new CSFixer rules Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de> # Conflicts: # apps/settings/lib/SetupChecks/PhpOpcacheSetup.php	6 months ago
Ferdinand Thiessen	fa63e646d4	fix(dav): do not require CSRF for safe and indempotent HTTP methods Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	10 months ago
Côme Chilliet	ed5b7ae161	chore: re-apply current rector configuration to apps folder Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	11 months ago
Git'Fellow	36d6b0f1e6	refactor: Use Http framework where possible Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>	1 year ago
provokateurin	381077028a	refactor(apps): Use constructor property promotion when possible Signed-off-by: provokateurin <kate@provokateurin.de>	1 year ago
Côme Chilliet	1580c8612b	chore(apps): Apply new rector configuration to autouse classes Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	1 year ago
Julius Härtl	4d6b4b71c7	fix: Authorization header can be an empty string Signed-off-by: Julius Härtl <jus@bitgrid.net>	2 years ago
Ferdinand Thiessen	67a0e01382	fix(dav): Try basic auth for ajax WebDAV requests Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2 years ago
Andy Scherzinger	9d4b944098	chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>	2 years ago
MichaIng	91127edcc8	fix(dav): fallback realm for HTTP authentication By default, the name of the Nextcloud instance is an empty string, until changed by the admin. This leads to an empty realm sent with the WWW-Authenticate header, while the realm is mandatory for Basic HTTP authentication. Some clients have issues with an empty realm, e.g. Thunderbird cannot store passwords in this case. This commit applies "Nextcloud" as fallback for the realm, in case the name of the Nextcloud instance is not set. Solves: https://help.nextcloud.com/t/thunderbird-dont-save-caldav-password-because-of-missing-httprealm-or-formsubmiturl/93233 Signed-off-by: MichaIng <micha@dietpi.com>	2 years ago
Joas Schilling	aa5f037af7	chore: apply changes from Nextcloud coding standards 1.1.1 Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2 years ago
Joas Schilling	25309bcb45	techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25 Signed-off-by: Joas Schilling <coding@schilljs.com>	2 years ago
Joas Schilling	dac31ad101	fix!: Remove legacy event dispatching Symfony's GenericEvent from 2FA Manager Signed-off-by: Joas Schilling <coding@schilljs.com>	2 years ago
Joas Schilling	b91957e3df	fix(dav): Abort requests with 429 instead of waiting Signed-off-by: Joas Schilling <coding@schilljs.com>	3 years ago
Julius Härtl	7b413a41eb	perf(dav): Do not call general setupFS on ever dav auth Signed-off-by: Julius Härtl <jus@bitgrid.net>	3 years ago
Carl Schwan	f7be76125f	Fix more psalm issues Signed-off-by: Carl Schwan <carl@carlschwan.eu>	4 years ago
Carl Schwan	829490ab7a	Cleanup dav - Remove unused class AppEnabledPlugin - Add more type hinting when possible Signed-off-by: Carl Schwan <carl@carlschwan.eu>	4 years ago
Côme Chilliet	e2531f8503	Migrate dav application from ILogger to LoggerInterface Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	4 years ago
Robin Appelman	c80ba69b7a	dont setup full fs after dav auth Signed-off-by: Robin Appelman <robin@icewind.nl>	4 years ago
Côme Chilliet	5cd5245ca8	Fix dav application tests and code for PHP 8.1 Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	4 years ago
John Molakvoæ (skjnldsv)	215aef3cbd	Update php licenses Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	5 years ago
Christoph Wurst	d89a75be0b	Update all license headers for Nextcloud 21 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	5 years ago
Christoph Wurst	28f8eb5dba	Add visibility to all constants Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	1584c9ae9c	Add visibility to all methods and position of static keyword Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	caff1023ea	Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	5bf3d1bb38	Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Roeland Jago Douma	68748d4f85	Some php-cs fixes * Order the imports * No leading slash on imports * Empty line before namespace * One line per import * Empty after imports * Emmpty line at bottom of file Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
Bjoern Schiessle	0efd29f41f	first check if the user is already logged in and then try to authenticate via apache, this way we suppress wrong audit log messages about failed login attempts Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	7 years ago
Morris Jobke	e2974f1133	Simplify return statement Signed-off-by: Morris Jobke <hey@morrisjobke.de>	8 years ago
Morris Jobke	0eebff152a	Update license headers Signed-off-by: Morris Jobke <hey@morrisjobke.de>	8 years ago
Lukas Reschke	df3909a7c3	Use Bearer backend for SabreDAV Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Lukas Reschke	5f71805c35	Add basic implementation for OAuth 2.0 Authorization Code Flow Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Morris Jobke	1729e4471f	Update comments to Nextcloud * based on PR by @Ardinis * see #4311 Signed-off-by: Morris Jobke <hey@morrisjobke.de>	9 years ago
Joas Schilling	33fb86f68b	Fix detection of the new iOS app Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Robin Appelman	b56f2c9ed0	basic lockdown logic Signed-off-by: Robin Appelman <icewind@owncloud.com>	9 years ago
Christoph Wurst	6af2efb679	prevent infinite redirect loops if the there is no 2fa provider to pass This fixes infinite loops that are caused whenever a user is about to solve a 2FA challenge, but the provider app is disabled at the same time. Since the session value usually indicates that the challenge needs to be solved before we grant access we have to remove that value instead in this special case.	10 years ago
Joas Schilling	813f0a0f40	Fix apps/	10 years ago
Lukas Reschke	ba4f12baa0	Implement brute force protection Class Throttler implements the bruteforce protection for security actions in Nextcloud. It is working by logging invalid login attempts to the database and slowing down all login attempts from the same subnet. The max delay is 30 seconds and the starting delay are 200 milliseconds. (after the first failed login)	10 years ago
Joas Schilling	2c988ecbf4	Use the themed Defaults everywhere	10 years ago
Christoph Wurst	5a8cfab68f	throw PasswordLoginForbidden on DAV	10 years ago
Christoph Wurst	82b50d126c	add PasswordLoginForbiddenException	10 years ago
Christoph Wurst	331d88bcab	create session token on all APIs	10 years ago
Thomas Müller	cf06b17df1	Use the correct realm for basic authentication - fixes #23427	10 years ago
Thomas Müller	f20c617154	Allow login by email address via webdav as well - fixes #24791	10 years ago
Christoph Wurst	da03a85c3c	block DAV if 2FA challenge needs to be solved first	10 years ago
Lukas Reschke	aba539703c	Update license headers	10 years ago
Christoph Wurst	28ce7dd262	do not allow client password logins if token auth is enforced or 2FA is enabled	10 years ago
Christoph Wurst	ad10485cec	when generating browser/device token, save the login name for later password checks	10 years ago

1 2

53 Commits (2bc77a3c5aff352cdc19aa683bbb36da2ff20b01)