summaryrefslogtreecommitdiffstats
path: root/lib/private/AppFramework
Commit message (Collapse)AuthorAgeFilesLines
* Remove unused import statementsMorris Jobke2018-02-142-2/+0
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Merge pull request #8062 from nextcloud/use-classMorris Jobke2018-01-292-6/+10
|\ | | | | Use ::class statement instead of string
| * Use ::class statement instead of stringMorris Jobke2018-01-292-6/+10
| | | | | | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* | Don't perform CSRF check on OCS routes with Bearer authRoeland Jago Douma2018-01-291-2/+8
|/ | | | | | Fixes #5694 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Use $var[] = $a instead of array_push - 2x fasterMorris Jobke2018-01-252-2/+2
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Properly log the full exception instead of only the messageMorris Jobke2018-01-231-1/+4
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Request->getHeader() should always return a stringMorris Jobke2018-01-171-3/+2
| | | | | | | | PHPDoc (of the public API) says that this method returns string but it also returns null, which is not allowed in some method calls. This fixes that behaviour and returns an empty string and fixes all code paths that explicitly checked for null to be still compliant. Found while enabling the strict_typing for lib/private for the PHP7+ migration. Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Remove deprecated core APIJoas Schilling2018-01-152-211/+0
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Merge pull request #7838 from nextcloud/timefactory_strictRoeland Jago Douma2018-01-151-2/+2
|\ | | | | Make the ITimeFactory strict + return types
| * Make the ITimeFactory strict + return typesRoeland Jago Douma2018-01-141-2/+2
| | | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Remove deprecated functions from DI ContainerRoeland Jago Douma2018-01-131-2/+2
|/ | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Move passwordconfirmation to its own midlewareRoeland Jago Douma2018-01-023-31/+96
| | | | | | Add tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* disable password confirmation with SSOBjoern Schiessle2018-01-022-3/+18
| | | | Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
* Also check for empty content lenthRoeland Jago Douma2017-12-141-0/+1
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Change @georgehrke's emailMorris Jobke2017-11-061-1/+1
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Update license headersMorris Jobke2017-11-0616-4/+29
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Merge pull request #6921 from nextcloud/appmanager-securitymiddlewareRoeland Jago Douma2017-10-242-3/+10
|\ | | | | Use proper DI for security middleware for app enabled check
| * Use proper DI for security middleware for app enabled checkMorris Jobke2017-10-242-3/+10
| | | | | | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* | Doc: Fix phpDoc issuesJulius Härtl2017-10-231-1/+1
|/ | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Handle SameSiteCookie check for index.php in AppFramework MiddlewareRoeland Jago Douma2017-09-244-1/+153
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Rethrow the correct exception when there was an error in an app containerJoas Schilling2017-09-121-3/+10
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* extend the identity proof manager to allow system wide key pairsBjoern Schiessle2017-08-101-1/+2
| | | | Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
* If there is no content don't errorRoeland Jago Douma2017-08-091-1/+1
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Remove explicit type hints for ControllerLukas Reschke2017-08-016-15/+15
| | | | | | This is public API and breaks the middlewares of existing apps. Since this also requires maintaining two different code paths for 12 and 13 I'm at the moment voting for reverting this change. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Merge pull request #5907 from nextcloud/add-metadata-to-throttle-callMorris Jobke2017-08-011-1/+1
|\ | | | | Add metadata to \OCP\AppFramework\Http\Response::throttle
| * Add metadata to \OCP\AppFramework\Http\Response::throttleLukas Reschke2017-07-271-1/+1
| | | | | | | | | | | | Fixes https://github.com/nextcloud/server/issues/5891 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* | Merge pull request #5877 from nextcloud/typehint_middlewareMorris Jobke2017-08-016-23/+26
|\ \ | | | | | | Prop argument type for Middleware
| * | Fix middleware implementations signaturesRoeland Jago Douma2017-07-316-23/+26
| |/ | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* / Fix L10N::tRoeland Jago Douma2017-08-012-2/+2
|/ | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* More phpstorm inspection fixesRoeland Jago Douma2017-07-241-7/+7
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* add new config switched for the global scale architectureBjoern Schiessle2017-05-291-0/+5
| | | | Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
* Check whether the $_SERVER['REQUEST_*'] vars exist before using themJoas Schilling2017-05-151-6/+5
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Add IPv6 to “localhost” regex (#440)coderkun2017-05-141-1/+1
| | | | Signed-off-by: Oliver Hanraths <olli@coderkun.de>
* Automatic creation of Identity managerJoas Schilling2017-05-101-1/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Remove unused use statementsMorris Jobke2017-04-222-2/+0
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Revert "Match slashes in ../{id} resource routes"Roeland Jago Douma2017-04-181-7/+1
| | | | | | This reverts commit 31f9be7a75712e9f8b7831ed29397527f9fa8baf. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Make BruteForceProtection annotation more cleverLukas Reschke2017-04-133-17/+98
| | | | | | | | This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware. Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Merge pull request #4326 from nextcloud/downstream-27562Morris Jobke2017-04-131-1/+2
|\ | | | | Reorder the entries of the log for easier reading
| * Use constantsJoas Schilling2017-04-131-1/+1
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
| * Reorder the entries of the log for easier readingJuan Pablo Villafáñez2017-04-121-1/+2
| |
* | Move to dedicated MiddleWareLukas Reschke2017-04-133-38/+160
| | | | | | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* | Add isset() as it can be an empty resultLukas Reschke2017-04-131-1/+1
| | | | | | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* | Register in ServerContainerLukas Reschke2017-04-131-18/+0
| | | | | | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* | Add support for ratelimiting via annotationsLukas Reschke2017-04-133-43/+83
|/ | | | | | | | | | | | | This allows adding rate limiting via annotations to controllers, as one example: ``` @UserRateThrottle(limit=5, period=100) @AnonRateThrottle(limit=1, period=100) ``` Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Merge pull request #4138 from nextcloud/resources_match_fullidMorris Jobke2017-04-041-1/+7
|\ | | | | Match slashes in ../{id} resource routes
| * Match slashes in ../{id} resource routesRoeland Jago Douma2017-04-041-1/+7
| | | | | | | | | | | | | | | | | | | | Fixes #2954 Before we could match on <prefix>/{id} however if the id contains a / this would not match properly. But since we define the resource routes internally we now make sure that we match all chars (up until the ?). Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Don't try to parse empty body if there is no bodyRoeland Jago Douma2017-04-041-0/+2
|/ | | | | | | | | | | | Fixes #3890 If we do a put request without a body the current code still tries to read the body. This patch makes sure that we do not try to read the body if the content length is 0. See RFC 2616 Section 4.3 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Also cache the namespace from appinfoJoas Schilling2017-03-221-3/+4
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Don't do a recursive searchJoas Schilling2017-03-221-1/+21
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* buildAppNamespace already has the fallbackJoas Schilling2017-03-221-11/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-01 13:26:31 +0000