aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/AppFramework
Commit message (Collapse)AuthorAgeFilesLines
* fix(ratelimit): Allow to bypass rate-limit from bruteforce allowlistbugfix/noid/allow-ratelimit-bypassJoas Schilling2025-01-272-9/+10
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* feat(api): File conversion APIElizabeth Danzberger2025-01-151-0/+25
| | | | Signed-off-by: Elizabeth Danzberger <lizzy7128@tutanota.de>
* feat(lexicon): configurable default valueMaxence Lange2025-01-141-1/+2
| | | | Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
* fix(Http): Only allow valid HTTP status code values via templatefix/http/template-valid-status-codesprovokateurin2025-01-073-8/+8
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* feat(config): implementation of lexiconMaxence Lange2024-12-131-0/+34
| | | | Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
* Merge pull request #49515 from ↵Joas Schilling2024-11-281-10/+2
|\ | | | | | | | | nextcloud/bugfix/noid/boolean-false-in-multipart-form-data fix(controller): Fix false booleans in multipart/form-data
| * fix(controller): Fix false booleans in multipart/form-dataJoas Schilling2024-11-281-10/+2
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | feat: Use inline password confirmation in external storage settingsLouis Chemineau2024-11-282-66/+60
|/ | | | Signed-off-by: Louis Chemineau <louis@chmn.me>
* feat(Dispatcher): Add debug log for controller methods returning raw data ↵feat/dispatcher/log-raw-response-dataprovokateurin2024-11-151-0/+4
| | | | | | not wrapped in Response Signed-off-by: provokateurin <kate@provokateurin.de>
* chore(profile): move profile app from core to appsskjnldsv2024-11-142-0/+2
| | | | Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
* fix(Middleware): log deprecation when annotation was actually usedfix/noid/deprecation-correct-caseArthur Schiwon2024-11-121-1/+1
| | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* chore: Add proper deprecation dates where missingFerdinand Thiessen2024-09-201-5/+5
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* chore(deps): Update nextcloud/coding-standard to v1.3.1provokateurin2024-09-195-11/+13
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* chore!: Remove `OC\AppFramework\Logger`Ferdinand Thiessen2024-09-192-112/+0
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* fix(BaseResponse): Cast XML element values to stringfix/baseresponse/xml-element-value-string-castprovokateurin2024-09-151-1/+3
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* chore: fix typo in `SameSiteCookieMiddleware`Ferdinand Thiessen2024-08-311-4/+4
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* chore: Remove unused `CsrfTokenManager` from `CSPMiddleware`Ferdinand Thiessen2024-08-312-17/+7
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* style: update codestyle for coding-standard 1.2.3Daniel Kesselberg2024-08-2510-34/+34
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* perf: delay getting (sub)admin status for user in the security middleware ↵Robin Appelman2024-08-232-9/+31
| | | | | | untill we need it Signed-off-by: Robin Appelman <robin@icewind.nl>
* fix: Support Safari mobileFerdinand Thiessen2024-08-211-0/+1
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* fix: Use `CSP_NONCE` env variable in ContentSecurity HeaderHolger Hees2024-08-131-1/+1
| | | | | | We should use 'cspNonceManager' for requesting the NONCE value, because it is doing the same as before, except that it honors a CPS_NONCE environment variable if available. Signed-off-by: Holger Hees <holger.hees@gmail.com>
* fix(files_sharing): show proper share not found error messageskjnldsv2024-08-062-19/+13
| | | | Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
* fix(AppFramework): Allow requests with OCS-APIRequest header to pass CSRF checksprovokateurin2024-07-251-0/+4
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* feat: mail provider backendSebastianKrupinski2024-07-231-0/+24
| | | | Signed-off-by: SebastianKrupinski <krupinskis05@gmail.com>
* feat(security): Add public API to allow validating IP Ranges and checking ↵Joas Schilling2024-07-192-7/+7
| | | | | | | for "in range" Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
* feat(security): restrict admin actions to IP rangesBenjamin Gaussorgues2024-07-193-54/+56
| | | | Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
* chore: use "app_api" session key, "app_api_system" is deprecatedAndrey Borysenko2024-07-181-2/+3
| | | | Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
* feat: allow for ExApps to call Admin endpoints marked with specific attrAlexander Piskun2024-07-181-6/+15
| | | | Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
* feat(Security): Warn about using annotations instead of attributesprovokateurin2024-07-184-2/+12
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* feat: Add new forbidden filename options to CapabilitiesFerdinand Thiessen2024-07-111-1/+3
| | | | | | | | | Allow clients to access the new filename validation options and make frontend name validation possible. Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de> Co-authored-by: Kate <26026535+provokateurin@users.noreply.github.com> Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* feat(AppFramework): Add ExAppRequired attributeprovokateurin2024-07-012-1/+27
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* fix(logger): Fix scoped PSR logger when running psalm:ciJoas Schilling2024-06-111-9/+9
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* refactor(Token): introduce scope constantsArthur Schiwon2024-06-051-1/+2
| | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* fix(Session): avoid password confirmation on SSOArthur Schiwon2024-06-052-3/+26
| | | | | | | | | | | SSO backends like SAML and OIDC tried a trick to suppress password confirmations as they are not possible by design. At least for SAML it was not reliable when existing user backends where used as user repositories. Now we are setting a special scope with the token, and also make sure that the scope is taken over when tokens are regenerated. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* chore: Add SPDX headerAndy Scherzinger2024-05-2459-1285/+148
| | | | Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
* fix: address review commentsMarcel Klehr2024-05-141-2/+2
| | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
* feat: first pass at TaskProcessing APIMarcel Klehr2024-05-141-0/+48
| | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
* fix: Fix newly spotted psalm issues, add exhaustive typed magic properties ↵Côme Chilliet2024-04-302-8/+8
| | | | | | for LDAP classes Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix: Migrate away from OC_App toward the IAppManagerCôme Chilliet2024-04-221-34/+12
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Merge pull request #44644 from nextcloud/enh/noid/returns-formated-app-valuesFerdinand Thiessen2024-04-171-1/+1
|\ | | | | fix(appconfig): format app values
| * fix(appconfig): only convert single entry on searchValues()Maxence Lange2024-04-051-1/+1
| | | | | | | | Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
* | fix: Fix new psalm errors from updateCôme Chilliet2024-04-081-1/+1
|/ | | | | | | Not sure about the SimpleContainer modification, let’s see what CI says about that. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix: Apply new coding standard to all filesCôme Chilliet2024-04-024-6/+6
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix: add check for app_api_system session flag to bypass rate limitFlorian Klinger2024-03-182-1/+9
| | | | | Signed-off-by: Florian Klinger <florian.klinger@nextcloud.com> Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
* Merge branch 'master' into refactor/OC-Server-getThemingDefaultsJohn Molakvoæ2024-03-153-4/+58
|\
| * fix: add missing copyrights and strict typesAndrey Borysenko2024-03-121-0/+7
| | | | | | | | Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
| * feat: Add declarative settingsjld31032024-03-121-8/+21
| | | | | | | | | | | | Signed-off-by: jld3103 <jld3103yt@gmail.com> Signed-off-by: Julien Veyssier <julien-nc@posteo.net> Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
| * fix: Adjust user agent pattern for EdgeJulius Härtl2024-03-081-1/+1
| | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
| * feat: Implement team provider apiJulius Härtl2024-03-051-0/+30
| | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
| * fix xml ocs response for serializable objectsKlaus2024-02-231-0/+4
| | | | | | | | | | Signed-off-by: sualko <klaus@jsxc.org> Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
generated by cgit v1.2.3 (git 2.39.1) at 2025-06-13 05:43:46 +0000