aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/AppFramework
Commit message (Collapse)AuthorAgeFilesLines
* fix: Fix several side effects of lazy ghostsCôme Chilliet2025-04-291-0/+3
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix: Only use Lazy objects if PHP is 8.4 or higherCôme Chilliet2025-04-291-34/+42
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* chore: Suppress psalm errorCôme Chilliet2025-04-291-2/+3
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* feat: Use Lazy ghosts for Dependency injectionCôme Chilliet2025-04-291-36/+37
| | | | | | This will only work with PHP 8.4, so we’ll need to put it behind a version check later. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* docs(dispatcher): Correct described return valuesjtr-docs-dispatcher-returnJosh2025-04-231-3/+5
| | | | Signed-off-by: Josh <josh.t.richards@gmail.com>
* fix: Remove support for app.php loadingCôme Chilliet2025-04-141-2/+2
| | | | | | | | | It has been deprecated for a long time, and the last known active application to use it (user_saml) is now migrated the modern API. Presence of the file is still checked in order to log an error. This behavior may be removed as well in a few versions. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix: Use login name to check the passwordartonge/fix/use_loginname_to_check_passwordLouis Chemineau2025-04-021-1/+2
| | | | Signed-off-by: Louis Chemineau <louis@chmn.me>
* fix: Move getAppInstalledVersions to AppConfig so that it can be used earlierfix/add-getappversions-replacementCôme Chilliet2025-03-251-0/+9
| | | | | | Call it from OC_App to make sure there is only one request to DB. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix(auth): Allow 2FA challenges for Ephemeral sessionsbugfix/ios-3365/allow-2fa-for-ephemeral-sessionsJoas Schilling2025-03-181-0/+5
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* fix(login): Properly target public page with attributeartonge/fix/publicpage_attributeLouis Chemineau2025-03-051-1/+2
| | | | Signed-off-by: Louis Chemineau <louis@chmn.me>
* Merge pull request #51116 from nextcloud/enh/noid/nullable-rangeArthur Schiwon2025-03-041-1/+1
|\ | | | | feat(AppFramework): extend range check to optional parameters
| * feat(AppFramework): extend range check to optional parametersenh/noid/nullable-rangeArthur Schiwon2025-02-271-1/+1
| | | | | | | | | | | | | | Now it also applies when a paramater is documtend with a pending |null, but no further unionation is considered. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | fix(login): Also check legacy annotation for ephemeral sessionsLouis Chemineau2025-02-272-6/+7
|/ | | | Signed-off-by: Louis Chemineau <louis@chmn.me>
* Merge pull request #51051 from nextcloud/artonge/fix/login_flow_v2_sessions_2Louis2025-02-272-1/+53
|\ | | | | feat: Close sessions created for login flow v2
| * feat: Close sessions created for login flow v2artonge/fix/login_flow_v2_sessions_2Louis Chemineau2025-02-262-1/+53
| | | | | | | | | | | | | | | | Sessions created during the login flow v2 should be short lived to not leave an unexpected opened session in the browser. This commit add a property to the session object to track its origin, and will close it as soon as possible, i.e., on the first non public page request. Signed-off-by: Louis Chemineau <louis@chmn.me>
* | fix(l10n): Improve english source stringsJoas Schilling2025-02-261-3/+3
|/ | | | | | | - No leading/trailing whitespace - Use asci single quote Signed-off-by: Joas Schilling <coding@schilljs.com>
* chore: Add missing star in phpdoc commentfix/fix-psalm-taint-errorsCôme Chilliet2025-02-171-1/+1
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix: Correctly tag json encoding in BaseResponse to fix false-positiveCôme Chilliet2025-02-171-1/+9
| | | | | | …in psalm taint analysis Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix(ratelimit): Allow to bypass rate-limit from bruteforce allowlistbugfix/noid/allow-ratelimit-bypassJoas Schilling2025-01-272-9/+10
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* feat(api): File conversion APIElizabeth Danzberger2025-01-151-0/+25
| | | | Signed-off-by: Elizabeth Danzberger <lizzy7128@tutanota.de>
* feat(lexicon): configurable default valueMaxence Lange2025-01-141-1/+2
| | | | Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
* fix(Http): Only allow valid HTTP status code values via templatefix/http/template-valid-status-codesprovokateurin2025-01-073-8/+8
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* feat(config): implementation of lexiconMaxence Lange2024-12-131-0/+34
| | | | Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
* Merge pull request #49515 from ↵Joas Schilling2024-11-281-10/+2
|\ | | | | | | | | nextcloud/bugfix/noid/boolean-false-in-multipart-form-data fix(controller): Fix false booleans in multipart/form-data
| * fix(controller): Fix false booleans in multipart/form-dataJoas Schilling2024-11-281-10/+2
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | feat: Use inline password confirmation in external storage settingsLouis Chemineau2024-11-282-66/+60
|/ | | | Signed-off-by: Louis Chemineau <louis@chmn.me>
* feat(Dispatcher): Add debug log for controller methods returning raw data ↵feat/dispatcher/log-raw-response-dataprovokateurin2024-11-151-0/+4
| | | | | | not wrapped in Response Signed-off-by: provokateurin <kate@provokateurin.de>
* chore(profile): move profile app from core to appsskjnldsv2024-11-142-0/+2
| | | | Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
* fix(Middleware): log deprecation when annotation was actually usedfix/noid/deprecation-correct-caseArthur Schiwon2024-11-121-1/+1
| | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* chore: Add proper deprecation dates where missingFerdinand Thiessen2024-09-201-5/+5
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* chore(deps): Update nextcloud/coding-standard to v1.3.1provokateurin2024-09-195-11/+13
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* chore!: Remove `OC\AppFramework\Logger`Ferdinand Thiessen2024-09-192-112/+0
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* fix(BaseResponse): Cast XML element values to stringfix/baseresponse/xml-element-value-string-castprovokateurin2024-09-151-1/+3
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* chore: fix typo in `SameSiteCookieMiddleware`Ferdinand Thiessen2024-08-311-4/+4
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* chore: Remove unused `CsrfTokenManager` from `CSPMiddleware`Ferdinand Thiessen2024-08-312-17/+7
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* style: update codestyle for coding-standard 1.2.3Daniel Kesselberg2024-08-2510-34/+34
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* perf: delay getting (sub)admin status for user in the security middleware ↵Robin Appelman2024-08-232-9/+31
| | | | | | untill we need it Signed-off-by: Robin Appelman <robin@icewind.nl>
* fix: Support Safari mobileFerdinand Thiessen2024-08-211-0/+1
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* fix: Use `CSP_NONCE` env variable in ContentSecurity HeaderHolger Hees2024-08-131-1/+1
| | | | | | We should use 'cspNonceManager' for requesting the NONCE value, because it is doing the same as before, except that it honors a CPS_NONCE environment variable if available. Signed-off-by: Holger Hees <holger.hees@gmail.com>
* fix(files_sharing): show proper share not found error messageskjnldsv2024-08-062-19/+13
| | | | Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
* fix(AppFramework): Allow requests with OCS-APIRequest header to pass CSRF checksprovokateurin2024-07-251-0/+4
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* feat: mail provider backendSebastianKrupinski2024-07-231-0/+24
| | | | Signed-off-by: SebastianKrupinski <krupinskis05@gmail.com>
* feat(security): Add public API to allow validating IP Ranges and checking ↵Joas Schilling2024-07-192-7/+7
| | | | | | | for "in range" Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
* feat(security): restrict admin actions to IP rangesBenjamin Gaussorgues2024-07-193-54/+56
| | | | Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
* chore: use "app_api" session key, "app_api_system" is deprecatedAndrey Borysenko2024-07-181-2/+3
| | | | Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
* feat: allow for ExApps to call Admin endpoints marked with specific attrAlexander Piskun2024-07-181-6/+15
| | | | Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
* feat(Security): Warn about using annotations instead of attributesprovokateurin2024-07-184-2/+12
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* feat: Add new forbidden filename options to CapabilitiesFerdinand Thiessen2024-07-111-1/+3
| | | | | | | | | Allow clients to access the new filename validation options and make frontend name validation possible. Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de> Co-authored-by: Kate <26026535+provokateurin@users.noreply.github.com> Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* feat(AppFramework): Add ExAppRequired attributeprovokateurin2024-07-012-1/+27
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* fix(logger): Fix scoped PSR logger when running psalm:ciJoas Schilling2024-06-111-9/+9
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-14 16:44:11 +0000