aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/AppFramework/Middleware
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #38261 from fsamapoor/replace_strpos_calls_in_lib_privateRobin Appelman2023-06-012-2/+2
|\ | | | | Refactors "strpos" calls in lib/private to improve code readability.
| * Refactors "strpos" calls in lib/private to improve code readability.Faraz Samapoor2023-05-152-2/+2
| | | | | | | | Signed-off-by: Faraz Samapoor <fsamapoor@gmail.com>
* | fix(middleware): Also abort the request when reaching max delay in ↵Joas Schilling2023-05-151-22/+30
|/ | | | | | afterController Signed-off-by: Joas Schilling <coding@schilljs.com>
* feat(security): Add PHP \Attribute for remaining security annotationsJoas Schilling2023-04-254-27/+132
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* feat(ratelimit): Add Attributes support to rate limit middlewareJoas Schilling2023-04-241-41/+77
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* fix(security)!: Use consistent HTTP status for strict cookie checksChristoph Wurst2023-04-171-0/+3
| | | | | | | Before: 503/412 Now: 412 + json body explaining the error Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add a debug message when throttling without definingJoas Schilling2023-03-081-10/+9
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* feat(middleware): Migrate BruteForceProtection annotation to PHP Attribute ↵Joas Schilling2023-03-081-5/+43
| | | | | | and allow multiple Signed-off-by: Joas Schilling <coding@schilljs.com>
* fix(CORS): CORS should only be bypassed on `PublicPage` if not logged in to ↵Ferdinand Thiessen2023-02-161-1/+1
| | | | | | prevent CSRF attack vectors Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>
* feat(app-framework): Add UseSession attribute to replace annotationChristoph Wurst2023-01-271-4/+30
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* composer run cs:fixCôme Chilliet2023-01-2010-15/+5
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* use bruteforce protection on all methods wrapped by PublicShareMiddlewareJulien Veyssier2022-12-071-1/+21
| | | | | | if an invalid token is provided or when share password is wrong Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
* Allow CSRF on CORS routesJonas Rittershofer2022-09-211-0/+4
| | | | | | Co-authored-by: Julius Härtl <jus@bitgrid.net> Co-authored-by: Andreas Brinner <andreas@everlanes.net> Signed-off-by: Jonas Rittershofer <jotoeri@users.noreply.github.com>
* Reopen sessions if we need to write to them instead of keeping them openJulius Härtl2022-08-171-2/+2
| | | | | | | Sessions are a locking operation until we write close them, so close them early and reopen later in case we want to write to them Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Fix typos in lib/private subdirectoryluz paz2022-07-271-1/+1
| | | | | | Found via `codespell -q 3 -S l10n -L jus ./lib/private` Signed-off-by: luz paz <luzpaz@github.com>
* Update core to PHP 7.4 standardCarl Schwan2022-05-201-11/+3
| | | | | | | - Typed properties - Port to LoggerInterface Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* Add direct arg to login flowVincent Petry2022-03-281-0/+3
| | | | | Signed-off-by: Vincent Petry <vincent@nextcloud.com> Co-Authored-by: Carl Schwan <carl@carlschwan.eu>
* Check style updateCarl Schwan2022-01-131-1/+1
| | | | Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* Pass username prefill through unauthenticated request redirectsJulius Härtl2021-12-291-0/+4
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Add admin privilege delegation for admin settingsCarl Schwan2021-09-291-5/+42
| | | | | | | This makes it possible for selected groups to access some settings pages. Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* Move DateTime::RFC2822 to DateTimeInterface::2822Christoph Wurst2021-06-231-1/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Update php licensesJohn Molakvoæ (skjnldsv)2021-06-0426-46/+24
| | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* fix error when using CORS with no auth credentialskorelstar2021-05-181-5/+4
|
* Fix unauthorized OCS status in provisioningJoas Schilling2021-05-121-2/+10
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Merge pull request #26591 from nextcloud/techdebt/noid/less-iloggerChristoph Wurst2021-04-271-6/+5
|\ | | | | Less ILogger
| * Less ILoggerJoas Schilling2021-04-271-6/+5
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | Fix ratelimit templateJoas Schilling2021-04-271-14/+7
|/ | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Remove deprecated \OCP\APIRoeland Jago Douma2021-03-031-3/+2
| | | | | | | | Time to remove this forgood now. Remaining constant moved over The world is a tiny bit better Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Format code to a single space around binary operatorsChristoph Wurst2020-10-053-5/+5
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add acutal response to BeforeTemplateRenderedEventJulius Härtl2020-09-241-1/+1
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Update the license headers for Nextcloud 20Christoph Wurst2020-08-245-2/+9
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix CSJoas Schilling2020-08-191-0/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Send "429 Too Many Requests" in case of brute force protectionJoas Schilling2020-08-191-1/+27
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Move NotFoundResponse to a proper TemplateResponseJulius Härtl2020-07-241-9/+8
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Add real events to load additionalscriptsRoeland Jago Douma2020-07-151-5/+15
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Update SecurityMiddleware.phpHolger Hees2020-07-061-1/+1
| | | | | | OC::$WEBROOT can be empty in case if your nextcloud installation has no url prefix. This will result in an empty Location Header. in other areas OC::$WEBROOT is always used together with an /
* Allow TemplateResponse to be compressedMorris Jobke2020-05-151-0/+4
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Move the notmodified check to middleware where it belongsRoeland Jago Douma2020-05-131-0/+56
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add AppFramework GZip middleware to gzip responsesRoeland Jago Douma2020-05-121-0/+86
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Update license headers for 19Christoph Wurst2020-04-298-0/+8
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Format control structures, classes, methods and functionChristoph Wurst2020-04-1015-45/+35
| | | | | | | | | | | | | | | To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Unify function spacing to PSR2 recommendationChristoph Wurst2020-04-093-7/+7
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix (array) indent style to always use one tabChristoph Wurst2020-04-092-2/+2
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Remove unused importsChristoph Wurst2020-03-253-7/+0
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix loaded controller checkJoas Schilling2020-01-211-1/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Update license headers for 18Christoph Wurst2019-12-201-0/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Merge pull request #18256 from nextcloud/files-aditional-scripts-new-eventsRoeland Jago Douma2019-12-091-2/+3
|\ | | | | Use non-depricated events for loading additional scripts in files app
| * use OCP\EventDispatcher\GenericEvent in more placesRobin Appelman2019-12-091-2/+3
| | | | | | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* | Update license headersChristoph Wurst2019-12-0524-27/+90
|/ | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Some php-cs fixesRoeland Jago Douma2019-11-226-10/+11
| | | | | | | | | | | * Order the imports * No leading slash on imports * Empty line before namespace * One line per import * Empty after imports * Emmpty line at bottom of file Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-23 09:54:41 +0000