aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/AppFramework
Commit message (Collapse)AuthorAgeFilesLines
* fix(BaseResponse): Cast XML element values to stringbackport/48013/stable28provokateurin2024-09-151-1/+3
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* fix(Token): make new scope future compatibleArthur Schiwon2024-06-121-1/+1
| | | | | | | - "password-unconfirmable" is the effective name for 30, but a draft name was backported. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* fix(Session): avoid password confirmation on SSOArthur Schiwon2024-06-122-3/+26
| | | | | | | | | | | SSO backends like SAML and OIDC tried a trick to suppress password confirmations as they are not possible by design. At least for SAML it was not reliable when existing user backends where used as user repositories. Now we are setting a special scope with the token, and also make sure that the scope is taken over when tokens are regenerated. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* fix: add check for app_api_system session flag to bypass rate limitFlorian Klinger2024-04-172-1/+9
| | | | | Signed-off-by: Florian Klinger <florian.klinger@nextcloud.com> Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
* fix xml ocs response for serializable objectsKlaus2024-03-181-0/+4
| | | | | Signed-off-by: sualko <klaus@jsxc.org> Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
* fix: Adjust user agent pattern for EdgeJulius Härtl2024-03-111-1/+1
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Merge pull request #43181 from nextcloud/backport/42930/stable28Ferdinand Thiessen2024-02-031-5/+3
|\ | | | | [stable28] Fix: config param 'overwritecondaddr' not working
| * code style: ommited space, reverted [code review]Pavel Kryl2024-01-291-1/+1
| |
| * fixing bug #6914: Config Param 'overwritecondaddr' not workingPavel Kryl2024-01-291-6/+4
| | | | | | | | | | | | | | - just ignoring/removing extra parameter 'protocol' as suggested by blizzz Signed-off-by: Pavel Kryl <pavel@kryl.eu>
* | fix(Request): Catch exceptions in `isTrustedProxy`Ferdinand Thiessen2024-01-291-1/+8
|/ | | | | | | | | The function fails if the configured trusted proxies contain invalid characters and the underlying IpUtils will throw. But as it is used by `getRemoteAddress` which is used by logging / templating, thrown errors are not reported but silently fail with error 500. Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de> Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com> Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* chore: apply changes from Nextcloud coding standards 1.1.1Joas Schilling2023-11-2320-71/+71
| | | | | Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
* Reverse X-Forwarded-For list to read the correct proxy remote addressJoas Schilling2023-11-161-2/+8
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* feat(dependencyinjection): Allow optional (nullable) servicesChristoph Wurst2023-11-031-0/+5
| | | | | | Allows working with classes that might or might not be available. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Merge pull request #40326 from nextcloud/enh/text-to-image-apiJoas Schilling2023-10-261-0/+24
|\ | | | | Implement TextToImage OCP API
| * Implement TextToImage OCP APIMarcel Klehr2023-10-181-0/+24
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
* | Add api to register setup checksCarl Schwan2023-10-191-3/+27
|/ | | | Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* Merge pull request #40865 from nextcloud/bugfix/noid/fix-version-commentJoas Schilling2023-10-161-1/+1
|\ | | | | Fix version number in ITimeFactory after it was delayed
| * Fix version number in ITimeFactory after it was delayedJoas Schilling2023-10-111-1/+1
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | fix(docs): Fix parameter types in docsJoas Schilling2023-10-131-8/+2
|/ | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* fixed Drone testAlexander Piskun2023-10-061-1/+2
| | | | Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
* added CORS skip if session was created by AppAPIAlexander Piskun2023-10-021-0/+4
| | | | Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
* Convert isset ternary to null coalescing operatorHamid Dehnavi2023-09-281-6/+2
| | | | Signed-off-by: Hamid Dehnavi <hamid.dev.pro@gmail.com>
* Remove deprecated methods Util::writeLog and DIContainer::logCôme Chilliet2023-09-251-27/+0
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* feat(appframework): Expose programmatic rate limiterChristoph Wurst2023-09-201-0/+3
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25Joas Schilling2023-08-284-17/+12
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* fix(middleware): Fix header injection for bruteforce middlewareJoas Schilling2023-08-221-5/+1
| | | | | | | Calling setHeaders(getHeaders()) breaks the CSP nonce for unknown reasons So shifting back to old standard practise for now Signed-off-by: Joas Schilling <coding@schilljs.com>
* feat: Add a header which signals that the request was throttledJoas Schilling2023-08-211-4/+14
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* add separate event for rendering login page templateRobin Appelman2023-08-171-2/+8
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* Rewrite OCS CSRF check to be readablejld31032023-08-161-7/+15
| | | | Signed-off-by: jld3103 <jld3103yt@gmail.com>
* fix!: Remove legacy event dispatching Symfony's GenericEvent from ↵Joas Schilling2023-07-271-30/+5
| | | | | | AdditionalScripts Signed-off-by: Joas Schilling <coding@schilljs.com>
* Merge pull request #38854 from nextcloud/enh/llm-apiMarcel Klehr2023-07-211-0/+21
|\
| * Massive refactoring: Turn LanguageModel OCP API into TextProcessing APIMarcel Klehr2023-07-141-10/+10
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * LLM OCP API: Add to RegistrationContextMarcel Klehr2023-07-071-0/+21
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
* | fix(CardDAV): catch right exception when checking for federated app classesAnna Larch2023-07-061-1/+0
|/ | | | Signed-off-by: Anna Larch <anna@nextcloud.com>
* Add template types to responsesjld31032023-06-303-1/+27
| | | | Signed-off-by: jld3103 <jld3103yt@gmail.com>
* Allow stdClass in XML responsesjld31032023-06-131-0/+4
| | | | Signed-off-by: jld3103 <jld3103yt@gmail.com>
* Merge pull request #38261 from fsamapoor/replace_strpos_calls_in_lib_privateRobin Appelman2023-06-016-17/+17
|\ | | | | Refactors "strpos" calls in lib/private to improve code readability.
| * Refactors "strpos" calls in lib/private to improve code readability.Faraz Samapoor2023-05-156-17/+17
| | | | | | | | Signed-off-by: Faraz Samapoor <fsamapoor@gmail.com>
* | chore: Drop \OC_App::getAppInfoChristoph Wurst2023-06-011-1/+2
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | fix(middleware): Also abort the request when reaching max delay in ↵Joas Schilling2023-05-151-22/+30
|/ | | | | | afterController Signed-off-by: Joas Schilling <coding@schilljs.com>
* feat(security): Add PHP \Attribute for remaining security annotationsJoas Schilling2023-04-254-27/+132
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* feat(ratelimit): Add Attributes support to rate limit middlewareJoas Schilling2023-04-241-41/+77
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Merge branch 'master' into enh/type-iconfig-getter-callsCôme Chilliet2023-04-202-0/+25
|\ | | | | Signed-off-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
| * Merge pull request #37674 from nextcloud/feature/speech-to-textJoas Schilling2023-04-191-0/+22
| |\ | | | | | | feat(SpeechToText): Add SpeechToText OCP provider API
| | * feat(SpeechToText): Add SpeechToText provider APIMarcel Klehr2023-04-111-0/+22
| | | | | | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
| * | fix(security)!: Use consistent HTTP status for strict cookie checksChristoph Wurst2023-04-171-0/+3
| |/ | | | | | | | | | | | | Before: 503/412 Now: 412 + json body explaining the error Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* / Use typed version of IConfig::getSystemValue as much as possibleCôme Chilliet2023-04-051-7/+7
|/ | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Add a debug message when throttling without definingJoas Schilling2023-03-082-11/+11
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* feat(middleware): Migrate BruteForceProtection annotation to PHP Attribute ↵Joas Schilling2023-03-081-5/+43
| | | | | | and allow multiple Signed-off-by: Joas Schilling <coding@schilljs.com>
* feat(appframework): ⌚ Make ITimeFactory extend \PSR\Clock\ClockInterfaceJoas Schilling2023-03-031-1/+25
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-31 10:23:11 +0000