aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/AppFramework/DependencyInjection
Commit message (Collapse)AuthorAgeFilesLines
* fix(login): Also check legacy annotation for ephemeral sessionsLouis Chemineau2025-02-271-6/+1
| | | | Signed-off-by: Louis Chemineau <louis@chmn.me>
* feat: Close sessions created for login flow v2artonge/fix/login_flow_v2_sessions_2Louis Chemineau2025-02-261-1/+7
| | | | | | | | Sessions created during the login flow v2 should be short lived to not leave an unexpected opened session in the browser. This commit add a property to the session object to track its origin, and will close it as soon as possible, i.e., on the first non public page request. Signed-off-by: Louis Chemineau <louis@chmn.me>
* fix(ratelimit): Allow to bypass rate-limit from bruteforce allowlistbugfix/noid/allow-ratelimit-bypassJoas Schilling2025-01-271-9/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* feat: Use inline password confirmation in external storage settingsLouis Chemineau2024-11-281-0/+3
| | | | Signed-off-by: Louis Chemineau <louis@chmn.me>
* chore: Add proper deprecation dates where missingFerdinand Thiessen2024-09-201-5/+5
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* chore!: Remove `OC\AppFramework\Logger`Ferdinand Thiessen2024-09-191-4/+0
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* chore: Remove unused `CsrfTokenManager` from `CSPMiddleware`Ferdinand Thiessen2024-08-311-1/+0
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* perf: delay getting (sub)admin status for user in the security middleware ↵Robin Appelman2024-08-231-2/+3
| | | | | | untill we need it Signed-off-by: Robin Appelman <robin@icewind.nl>
* fix(files_sharing): show proper share not found error messageskjnldsv2024-08-061-1/+1
| | | | Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
* feat(security): Add public API to allow validating IP Ranges and checking ↵Joas Schilling2024-07-191-2/+2
| | | | | | | for "in range" Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
* feat(security): restrict admin actions to IP rangesBenjamin Gaussorgues2024-07-191-1/+3
| | | | Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
* feat(Security): Warn about using annotations instead of attributesprovokateurin2024-07-181-1/+3
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* fix(Session): avoid password confirmation on SSOArthur Schiwon2024-06-051-1/+2
| | | | | | | | | | | SSO backends like SAML and OIDC tried a trick to suppress password confirmations as they are not possible by design. At least for SAML it was not reliable when existing user backends where used as user repositories. Now we are setting a special scope with the token, and also make sure that the scope is taken over when tokens are regenerated. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* chore: Add SPDX headerAndy Scherzinger2024-05-241-30/+3
| | | | Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
* fix: Apply new coding standard to all filesCôme Chilliet2024-04-021-1/+1
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix: add check for app_api_system session flag to bypass rate limitFlorian Klinger2024-03-181-1/+2
| | | | | Signed-off-by: Florian Klinger <florian.klinger@nextcloud.com> Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
* Merge branch 'master' into refactor/OC-Server-getThemingDefaultsJohn Molakvoæ2024-02-231-27/+1
|\ | | | | Signed-off-by: John Molakvoæ <skjnldsv@users.noreply.github.com>
| * adding testMaxence Lange2024-01-311-2/+2
| | | | | | | | Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
| * fix psalmMaxence Lange2024-01-311-1/+2
| | | | | | Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
| * Remove deprecated methods Util::writeLog and DIContainer::logCôme Chilliet2023-09-251-27/+0
| | | | | | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* | Refactor `OC\Server::getThemingDefaults`Andrew Summers2023-08-291-1/+1
|/ | | | Signed-off-by: Andrew Summers <18727110+summersab@users.noreply.github.com>
* techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25Joas Schilling2023-08-281-3/+4
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Add a debug message when throttling without definingJoas Schilling2023-03-081-1/+2
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* feat(app-framework): Add support for global middlewaresChristoph Wurst2023-01-261-1/+2
| | | | | | | This allows apps to register middlewares that always register, not just for the app's own requests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* perf(app-framework): Make the app middleware registration lazyChristoph Wurst2023-01-251-0/+11
| | | | | | | | | Before this patch, app middlewares were registered on the dispatcher for every app loaded in a Nextcloud process. With the patch, only middlewares belonging to the same app of a dispatcher instance are loaded. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* feat(app framework)!: Inject services into controller methodsChristoph Wurst2023-01-181-1/+2
| | | | | | | | | | | | | | | Usually Nextcloud DI goes through constructor injection. This has the implication that each instance of a class builds the full DI tree. That is the injected services, their services, etc. Occasionally there is a service that is only needed for one controller method. Then the DI tree is build regardless if used or not. If services are injected into the method, we only build the DI tree if that method gets executed. This is also how Laravel allows injection. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Move to str_starts_withJulius Härtl2022-12-071-3/+3
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Skip querying the app container for server namespaceJulius Härtl2022-12-071-0/+6
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Avoid container dance for appNameJulius Härtl2022-12-071-4/+9
| | | | | | | Sicne the appName is always passed for the DIContainer we can avoid using the container query logic and instead store and use a property Signed-off-by: Julius Härtl <jus@bitgrid.net>
* use bruteforce protection on all methods wrapped by PublicShareMiddlewareJulien Veyssier2022-12-071-1/+2
| | | | | | if an invalid token is provided or when share password is wrong Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
* Clean up and deprecate app container aliasesChristoph Wurst2022-11-021-6/+9
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Diagnostics event logging to Nextcloud logJulius Härtl2022-02-281-1/+3
| | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net> Add config samples Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Add admin privilege delegation for admin settingsCarl Schwan2021-09-291-1/+4
| | | | | | | This makes it possible for selected groups to access some settings pages. Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* Update php licensesJohn Molakvoæ (skjnldsv)2021-06-041-1/+0
| | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* Fix unit testsJoas Schilling2021-04-271-1/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Fix types in the Group ManagerRoeland Jago Douma2021-03-031-1/+3
| | | | | | | | | Psalm found an issue. However the issue found was because of lying docblocks. Fixed those and did some typing to make it all better. For #25839 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Log the number of queries built and executedJoas Schilling2020-09-251-1/+5
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Update the license headers for Nextcloud 20Christoph Wurst2020-08-241-1/+0
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add a scoped PSR logger for appsChristoph Wurst2020-07-161-1/+10
| | | | | | | | Just like for ILogger we should have a version that has the app ID pre-set for the context (unless overwritten) so that each log entry can be traced back to the app that produced it. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Use PSR container interface and deprecate our own abstractionChristoph Wurst2020-07-161-78/+94
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix AppFramework servicesRoeland Jago Douma2020-07-141-2/+14
| | | | | | | | | * We can't just register an alias as the services need the appId to be injected. if we just register an alias this blows up since the main container doesn't have the appId. * Moved the Authtokens over to show the PoC works Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Move the notmodified check to middleware where it belongsRoeland Jago Douma2020-05-131-0/+2
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add AppFramework GZip middleware to gzip responsesRoeland Jago Douma2020-05-121-0/+5
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Merge pull request #20786 from nextcloud/enh/dicontainer_cleanupRoeland Jago Douma2020-05-091-8/+0
|\ | | | | DI Cleanup
| * Move over the IConfig for globalscaleRoeland Jago Douma2020-05-081-5/+0
| | | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
| * Remove double registrationsRoeland Jago Douma2020-05-071-3/+0
| | | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Add InitialState Appframework serviceRoeland Jago Douma2020-05-071-0/+2
|/ | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Simple AppConfig wrapper for the AppFrameworkRoeland Jago Douma2020-05-021-0/+3
| | | | | | | | | | 9 out of 10 cases apps want to access their own appconfig. Hence it would be nice not to have to enter the app id all the time. This simple wrapper just passes on the appid in all calls. Basically this allows for simpler code in the apps. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Format control structures, classes, methods and functionChristoph Wurst2020-04-101-4/+3
| | | | | | | | | | | | | | | To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Use elseif instead of else ifChristoph Wurst2020-04-101-2/+2
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-14 05:47:10 +0000