summaryrefslogtreecommitdiffstats
path: root/lib/private/AppFramework/Middleware
Commit message (Collapse)AuthorAgeFilesLines
* Fix loaded controller checkJoas Schilling2020-01-211-1/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Update license headers for 18Christoph Wurst2019-12-201-0/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Merge pull request #18256 from nextcloud/files-aditional-scripts-new-eventsRoeland Jago Douma2019-12-091-2/+3
|\ | | | | Use non-depricated events for loading additional scripts in files app
| * use OCP\EventDispatcher\GenericEvent in more placesRobin Appelman2019-12-091-2/+3
| | | | | | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* | Update license headersChristoph Wurst2019-12-0524-27/+90
|/ | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Some php-cs fixesRoeland Jago Douma2019-11-226-10/+11
| | | | | | | | | | | * Order the imports * No leading slash on imports * Empty line before namespace * One line per import * Empty after imports * Emmpty line at bottom of file Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Merge pull request #17850 from ↵Joas Schilling2019-11-201-0/+6
|\ | | | | | | | | nextcloud/bugfix/noid/mark-spreed-as-active-on-call-urls Mark "Talk" active on /call/token URLs
| * Make phan happy ;)Daniel Kesselberg2019-11-191-1/+2
| | | | | | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
| * Mark "Talk" active on /call/token URLsJoas Schilling2019-11-121-0/+5
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | Fixes a 500 without useridArthur Schiwon2019-11-161-5/+0
|/ | | | | | plus cleanup of unused use statements Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* SessionMiddleware: declare session propertyRoeland Jago Douma2019-08-281-17/+6
| | | | | | | * Remove request since we don't useit * Update tests as well Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add feature policy headerRoeland Jago Douma2019-08-101-0/+70
| | | | | | | This adds the events and the classes to modify the feature policy. It also adds a default restricted feature policy. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Split up security middlewareRoeland Jago Douma2019-07-272-40/+80
| | | | | | | | | | With upcoming work for the feature policy header. Splitting this in smaller classes that just do 1 thing makes sense. I rather have a few small classes that are tiny and do 1 thing right (and we all understand what is going on) than have big ones. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Make it possible to show admin settings for sub adminsChristoph Wurst2019-05-231-1/+12
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Merge pull request #13969 from ↵Morris Jobke2019-02-071-1/+11
|\ | | | | | | | | nextcloud/enh/additional_scripts_no_on_public_pages No need to emit additonalscript event on public pages
| * Add StandaloneTemplateResponseRoeland Jago Douma2019-02-061-1/+2
| | | | | | | | | | | | | | This can be used by pages that do not have the full Nextcloud UI. So notifications etc do not load there. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
| * No need to emit additonalscript event on public pagesRoeland Jago Douma2019-02-051-0/+9
| | | | | | | | | | | | | | There already is a separate event for this. This will make it possible to only inject code with the logged in one on default rendered pages. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Do not do redirect handling when loggin outRoeland Jago Douma2019-02-062-0/+97
|/ | | | | | | | | | | | | Fixes #12568 Since the clearing of the execution context causes another reload. We should not do the redirect_uri handling as this results in redirecting back to the logout page on login. This adds a simple middleware that will just check if the ClearExecutionContext session variable is set. If that is the case it will just redirect back to the login page. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Emit to load additionalscriptsRoeland Jago Douma2019-01-311-0/+56
| | | | | | | | | | | | | Fixes #13662 This will fire of an event after a Template Response has been returned. There is an event for the generic loading and one when logged in. So apps can chose to load only on loged in pages. This is a more generic approach than the files app event. As some things we might want to load on other pages as well besides the files app. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Update password confirmation middlewareRoeland Jago Douma2018-11-021-0/+8
| | | | | | | If the userbackend doesn't allow validating the password for a given uid then there is no need to perform this check. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* add global site selector as user back-end which doesn't support password ↵Bjoern Schiessle2018-10-271-1/+3
| | | | | | confirmation Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
* Do not use file as template parameterRoeland Jago Douma2018-08-091-1/+1
| | | | | | | | Using file will overwrite the $file parameter in the template base. Leading to trying to include a file that is the exception message. Which will of course fail. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add PublicShareMiddlewareTestRoeland Jago Douma2018-06-201-1/+1
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Don't allow public share pages if link sharing is disabledRoeland Jago Douma2018-06-201-1/+27
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Move public preview endpoint overRoeland Jago Douma2018-06-201-1/+2
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add the new PublicShareController and PublicShareMiddlewareRoeland Jago Douma2018-06-202-0/+92
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* move log constants to ILoggerArthur Schiwon2018-04-261-1/+1
| | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* Add testsRoeland Jago Douma2018-03-081-18/+8
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Make SecurityMiddleware strictRoeland Jago Douma2018-03-081-10/+9
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Do not throw AppNotEnabledException for app public pages - refs #6962, refs ↵Julien Veyssier2018-02-281-1/+2
| | | | | | | | #5309 It allows non-logged user to access public pages of applications restricted to a group Signed-off-by: Julien Veyssier <eneiluj@posteo.net>
* Provide translated error message for permission errorMorris Jobke2018-02-262-3/+10
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Fix testsRoeland Jago Douma2018-02-211-1/+1
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Make the middlewareDispatcher strictRoeland Jago Douma2018-02-211-9/+10
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Remove unused import statementsMorris Jobke2018-02-142-2/+0
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Don't perform CSRF check on OCS routes with Bearer authRoeland Jago Douma2018-01-291-2/+8
| | | | | | Fixes #5694 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Use $var[] = $a instead of array_push - 2x fasterMorris Jobke2018-01-251-1/+1
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Properly log the full exception instead of only the messageMorris Jobke2018-01-231-1/+4
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Move passwordconfirmation to its own midlewareRoeland Jago Douma2018-01-022-28/+82
| | | | | | Add tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* disable password confirmation with SSOBjoern Schiessle2018-01-021-2/+16
| | | | Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
* Update license headersMorris Jobke2017-11-068-3/+15
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Use proper DI for security middleware for app enabled checkMorris Jobke2017-10-241-2/+8
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Handle SameSiteCookie check for index.php in AppFramework MiddlewareRoeland Jago Douma2017-09-242-0/+144
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Remove explicit type hints for ControllerLukas Reschke2017-08-016-15/+15
| | | | | | This is public API and breaks the middlewares of existing apps. Since this also requires maintaining two different code paths for 12 and 13 I'm at the moment voting for reverting this change. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Merge pull request #5907 from nextcloud/add-metadata-to-throttle-callMorris Jobke2017-08-011-1/+1
|\ | | | | Add metadata to \OCP\AppFramework\Http\Response::throttle
| * Add metadata to \OCP\AppFramework\Http\Response::throttleLukas Reschke2017-07-271-1/+1
| | | | | | | | | | | | Fixes https://github.com/nextcloud/server/issues/5891 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* | Fix middleware implementations signaturesRoeland Jago Douma2017-07-316-23/+26
|/ | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Check whether the $_SERVER['REQUEST_*'] vars exist before using themJoas Schilling2017-05-151-6/+5
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Remove unused use statementsMorris Jobke2017-04-221-1/+0
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Make BruteForceProtection annotation more cleverLukas Reschke2017-04-132-14/+84
| | | | | | | | This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware. Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Move to dedicated MiddleWareLukas Reschke2017-04-132-35/+144
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-23 17:40:41 +0000