aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/AppFramework/Middleware
Commit message (Expand)AuthorAgeFilesLines
* fix(auth): Allow 2FA challenges for Ephemeral sessionsbugfix/ios-3365/allow-2fa-for-ephemeral-sessionsJoas Schilling2 days1-0/+5
* fix(login): Properly target public page with attributeartonge/fix/publicpage_attributeLouis Chemineau2025-03-051-1/+2
* fix(login): Also check legacy annotation for ephemeral sessionsLouis Chemineau2025-02-271-0/+6
* Merge pull request #51051 from nextcloud/artonge/fix/login_flow_v2_sessions_2Louis2025-02-271-0/+46
|\
| * feat: Close sessions created for login flow v2artonge/fix/login_flow_v2_sessions_2Louis Chemineau2025-02-261-0/+46
* | fix(l10n): Improve english source stringsJoas Schilling2025-02-261-3/+3
|/
* fix(ratelimit): Allow to bypass rate-limit from bruteforce allowlistbugfix/noid/allow-ratelimit-bypassJoas Schilling2025-01-271-0/+9
* feat: Use inline password confirmation in external storage settingsLouis Chemineau2024-11-281-66/+57
* fix(Middleware): log deprecation when annotation was actually usedfix/noid/deprecation-correct-caseArthur Schiwon2024-11-121-1/+1
* chore(deps): Update nextcloud/coding-standard to v1.3.1provokateurin2024-09-193-4/+6
* chore: fix typo in `SameSiteCookieMiddleware`Ferdinand Thiessen2024-08-311-4/+4
* chore: Remove unused `CsrfTokenManager` from `CSPMiddleware`Ferdinand Thiessen2024-08-311-16/+7
* style: update codestyle for coding-standard 1.2.3Daniel Kesselberg2024-08-254-8/+8
* perf: delay getting (sub)admin status for user in the security middleware unt...Robin Appelman2024-08-231-7/+28
* fix: Use `CSP_NONCE` env variable in ContentSecurity HeaderHolger Hees2024-08-131-1/+1
* fix(files_sharing): show proper share not found error messageskjnldsv2024-08-061-18/+12
* feat(security): Add public API to allow validating IP Ranges and checking for...Joas Schilling2024-07-191-5/+5
* feat(security): restrict admin actions to IP rangesBenjamin Gaussorgues2024-07-192-53/+53
* chore: use "app_api" session key, "app_api_system" is deprecatedAndrey Borysenko2024-07-181-2/+3
* feat: allow for ExApps to call Admin endpoints marked with specific attrAlexander Piskun2024-07-181-6/+15
* feat(Security): Warn about using annotations instead of attributesprovokateurin2024-07-183-1/+9
* feat(AppFramework): Add ExAppRequired attributeprovokateurin2024-07-012-1/+27
* refactor(Token): introduce scope constantsArthur Schiwon2024-06-051-1/+2
* fix(Session): avoid password confirmation on SSOArthur Schiwon2024-06-051-2/+24
* chore: Add SPDX headerAndy Scherzinger2024-05-2426-552/+64
* fix: add check for app_api_system session flag to bypass rate limitFlorian Klinger2024-03-181-0/+7
* feat: rename users to account or personVincent Petry2024-02-131-3/+3
* techdebt(Middleware): Add more specific array types so its clickable in IDEsJoas Schilling2023-11-301-6/+6
* chore: apply changes from Nextcloud coding standards 1.1.1Joas Schilling2023-11-236-22/+22
* fixed Drone testAlexander Piskun2023-10-061-1/+2
* added CORS skip if session was created by AppAPIAlexander Piskun2023-10-021-0/+4
* feat(appframework): Expose programmatic rate limiterChristoph Wurst2023-09-201-0/+3
* techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25Joas Schilling2023-08-283-14/+8
* fix(middleware): Fix header injection for bruteforce middlewareJoas Schilling2023-08-221-5/+1
* feat: Add a header which signals that the request was throttledJoas Schilling2023-08-211-4/+14
* add separate event for rendering login page templateRobin Appelman2023-08-171-2/+8
* Rewrite OCS CSRF check to be readablejld31032023-08-161-7/+15
* fix!: Remove legacy event dispatching Symfony's GenericEvent from AdditionalS...Joas Schilling2023-07-271-30/+5
* Merge pull request #38261 from fsamapoor/replace_strpos_calls_in_lib_privateRobin Appelman2023-06-012-2/+2
|\
| * Refactors "strpos" calls in lib/private to improve code readability.Faraz Samapoor2023-05-152-2/+2
* | fix(middleware): Also abort the request when reaching max delay in afterContr...Joas Schilling2023-05-151-22/+30
|/
* feat(security): Add PHP \Attribute for remaining security annotationsJoas Schilling2023-04-254-27/+132
* feat(ratelimit): Add Attributes support to rate limit middlewareJoas Schilling2023-04-241-41/+77
* fix(security)!: Use consistent HTTP status for strict cookie checksChristoph Wurst2023-04-171-0/+3
* Add a debug message when throttling without definingJoas Schilling2023-03-081-10/+9
* feat(middleware): Migrate BruteForceProtection annotation to PHP Attribute an...Joas Schilling2023-03-081-5/+43
* fix(CORS): CORS should only be bypassed on `PublicPage` if not logged in to p...Ferdinand Thiessen2023-02-161-1/+1
* feat(app-framework): Add UseSession attribute to replace annotationChristoph Wurst2023-01-271-4/+30
* composer run cs:fixCôme Chilliet2023-01-2010-15/+5
* use bruteforce protection on all methods wrapped by PublicShareMiddlewareJulien Veyssier2022-12-071-1/+21
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-20 20:40:10 +0000