nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Louis Chemineau	81e70c99cb	fix: Use login name to check the password Signed-off-by: Louis Chemineau <louis@chmn.me>	11 months ago
Joas Schilling	90fff7d6cc	fix(auth): Allow 2FA challenges for Ephemeral sessions Signed-off-by: Joas Schilling <coding@schilljs.com>	12 months ago
Louis Chemineau	fb41438db1	fix(login): Properly target public page with attribute Signed-off-by: Louis Chemineau <louis@chmn.me>	1 year ago
Louis Chemineau	ab01b76a19	fix(login): Also check legacy annotation for ephemeral sessions Signed-off-by: Louis Chemineau <louis@chmn.me>	1 year ago
Louis Chemineau	e840ee72b2	feat: Close sessions created for login flow v2 Sessions created during the login flow v2 should be short lived to not leave an unexpected opened session in the browser. This commit add a property to the session object to track its origin, and will close it as soon as possible, i.e., on the first non public page request. Signed-off-by: Louis Chemineau <louis@chmn.me>	1 year ago
Joas Schilling	1a60bca362	fix(l10n): Improve english source strings - No leading/trailing whitespace - Use asci single quote Signed-off-by: Joas Schilling <coding@schilljs.com>	1 year ago
Joas Schilling	77fddb8f23	fix(ratelimit): Allow to bypass rate-limit from bruteforce allowlist Signed-off-by: Joas Schilling <coding@schilljs.com>	1 year ago
Elizabeth Danzberger	fdfeb7f265	feat(api): File conversion API Signed-off-by: Elizabeth Danzberger <lizzy7128@tutanota.de>	1 year ago
Maxence Lange	bd4a154d64	feat(lexicon): configurable default value Signed-off-by: Maxence Lange <maxence@artificial-owl.com>	1 year ago
provokateurin	7db694f534	fix(Http): Only allow valid HTTP status code values via template Signed-off-by: provokateurin <kate@provokateurin.de>	1 year ago
Maxence Lange	96586ba709	feat(config): implementation of lexicon Signed-off-by: Maxence Lange <maxence@artificial-owl.com>	1 year ago
Joas Schilling	1909b981a4	fix(controller): Fix false booleans in multipart/form-data Signed-off-by: Joas Schilling <coding@schilljs.com>	1 year ago
Louis Chemineau	a2f2f7ce93	feat: Use inline password confirmation in external storage settings Signed-off-by: Louis Chemineau <louis@chmn.me>	1 year ago
provokateurin	dd0ed02b91	feat(Dispatcher): Add debug log for controller methods returning raw data not wrapped in Response Signed-off-by: provokateurin <kate@provokateurin.de>	1 year ago
skjnldsv	b15fdfd40e	chore(profile): move profile app from core to apps Signed-off-by: skjnldsv <skjnldsv@protonmail.com>	1 year ago
Arthur Schiwon	fdd24090ff	fix(Middleware): log deprecation when annotation was actually used Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	1 year ago
Ferdinand Thiessen	a8f46af20f	chore: Add proper deprecation dates where missing Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	1 year ago
provokateurin	9836e9b164	chore(deps): Update nextcloud/coding-standard to v1.3.1 Signed-off-by: provokateurin <kate@provokateurin.de>	1 year ago
Ferdinand Thiessen	fe05882628	chore!: Remove `OC\AppFramework\Logger` Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	1 year ago
provokateurin	3d9b49815b	fix(BaseResponse): Cast XML element values to string Signed-off-by: provokateurin <kate@provokateurin.de>	1 year ago
Côme Chilliet	4c9104ef08	fix: Move ApiHelper to \OC\OCS next to related classes Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2 years ago
Côme Chilliet	37569466de	fix: A bit of code cleanup in OC\AppFramework\OCS\ApiHelper Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2 years ago
Côme Chilliet	ea32d17d88	fix: Move OC_API into \OC\ApiHelper in standard namespace It’s only used by ocs/v1.php Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2 years ago
Ferdinand Thiessen	deeccd12a3	chore: fix typo in `SameSiteCookieMiddleware` Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2 years ago
Ferdinand Thiessen	92f3f7e2d2	chore: Remove unused `CsrfTokenManager` from `CSPMiddleware` Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2 years ago
Daniel Kesselberg	af6de04e9e	style: update codestyle for coding-standard 1.2.3 Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2 years ago
Robin Appelman	8b60df1600	perf: delay getting (sub)admin status for user in the security middleware untill we need it Signed-off-by: Robin Appelman <robin@icewind.nl>	2 years ago
Ferdinand Thiessen	c82b17d0a3	fix: Support Safari mobile Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2 years ago
Holger Hees	73397cd759	fix: Use `CSP_NONCE` env variable in ContentSecurity Header We should use 'cspNonceManager' for requesting the NONCE value, because it is doing the same as before, except that it honors a CPS_NONCE environment variable if available. Signed-off-by: Holger Hees <holger.hees@gmail.com>	2 years ago
skjnldsv	db28aa8cd1	fix(files_sharing): show proper share not found error message Signed-off-by: skjnldsv <skjnldsv@protonmail.com>	2 years ago
provokateurin	9d1705259c	fix(AppFramework): Allow requests with OCS-APIRequest header to pass CSRF checks Signed-off-by: provokateurin <kate@provokateurin.de>	2 years ago
SebastianKrupinski	fc0b694d37	feat: mail provider backend Signed-off-by: SebastianKrupinski <krupinskis05@gmail.com>	2 years ago
Joas Schilling	047479ccf9	feat(security): Add public API to allow validating IP Ranges and checking for "in range" Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2 years ago
Benjamin Gaussorgues	202e5b1e95	feat(security): restrict admin actions to IP ranges Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2 years ago
Andrey Borysenko	40f820470a	chore: use "app_api" session key, "app_api_system" is deprecated Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>	2 years ago
Alexander Piskun	b7af6ec200	feat: allow for ExApps to call Admin endpoints marked with specific attr Signed-off-by: Alexander Piskun <bigcat88@icloud.com>	2 years ago
provokateurin	e5dcdfb9e0	feat(Security): Warn about using annotations instead of attributes Signed-off-by: provokateurin <kate@provokateurin.de>	2 years ago
Ferdinand Thiessen	a229723b8c	feat: Add new forbidden filename options to Capabilities Allow clients to access the new filename validation options and make frontend name validation possible. Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de> Co-authored-by: Kate <26026535+provokateurin@users.noreply.github.com> Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2 years ago
provokateurin	5aefdc399e	feat(AppFramework): Add ExAppRequired attribute Signed-off-by: provokateurin <kate@provokateurin.de>	2 years ago
Côme Chilliet	c3d4d2aad1	Revert "feat: Add support for webhook listeners" This reverts commit 3b790df0127b2bf95e8fe3a8460aa3813e58bef8. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2 years ago
Côme Chilliet	8d18607f80	feat: Add support for webhook listeners Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2 years ago
Joas Schilling	0d383f1f66	fix(logger): Fix scoped PSR logger when running psalm:ci Signed-off-by: Joas Schilling <coding@schilljs.com>	2 years ago
Arthur Schiwon	f6d6efef3a	refactor(Token): introduce scope constants Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2 years ago
Arthur Schiwon	340939e688	fix(Session): avoid password confirmation on SSO SSO backends like SAML and OIDC tried a trick to suppress password confirmations as they are not possible by design. At least for SAML it was not reliable when existing user backends where used as user repositories. Now we are setting a special scope with the token, and also make sure that the scope is taken over when tokens are regenerated. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2 years ago
Andy Scherzinger	dae7c159f7	chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>	2 years ago
Marcel Klehr	ec27c538b5	fix: address review comments Signed-off-by: Marcel Klehr <mklehr@gmx.net>	2 years ago
Marcel Klehr	00894e2420	feat: first pass at TaskProcessing API Signed-off-by: Marcel Klehr <mklehr@gmx.net>	2 years ago
Côme Chilliet	672923f0a6	fix: Fix newly spotted psalm issues, add exhaustive typed magic properties for LDAP classes Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2 years ago
Côme Chilliet	644036ab4e	fix: Migrate away from OC_App toward the IAppManager Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2 years ago
Côme Chilliet	ab6afe0111	fix: Fix new psalm errors from update Not sure about the SimpleContainer modification, let’s see what CI says about that. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2 years ago

1 2 3 4 5 ...

573 Commits (dec37b94de4a683dbb06693406f6e22cdf403ab6)