aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/AppFramework
Commit message (Collapse)AuthorAgeFilesLines
* fix: throw a better error if we don't get an authorization header for ↵security-missing-auth-errorRobin Appelman6 days2-2/+5
| | | | | | secutity confirmation Signed-off-by: Robin Appelman <robin@icewind.nl>
* fix: use correct format for expires, last-modified, and if-modified-since ↵Daniel Kesselberg2025-06-101-1/+1
| | | | | | | | | | | headers Before: Sat, 10 May 2025 18:17:41 +0000 After: Sat, 10 May 2025 18:17:41 GMT RFC: https://httpwg.org/specs/rfc9110.html#http.date Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* feat: Add a configuration toggle for lazy objects in DICôme Chilliet2025-06-051-1/+3
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix: Fix several side effects of lazy ghostsCôme Chilliet2025-06-051-0/+3
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix: Only use Lazy objects if PHP is 8.4 or higherCôme Chilliet2025-06-051-34/+42
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* chore: Suppress psalm errorCôme Chilliet2025-06-051-2/+3
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* feat: Use Lazy ghosts for Dependency injectionCôme Chilliet2025-06-051-36/+37
| | | | | | This will only work with PHP 8.4, so we’ll need to put it behind a version check later. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix: Use only enabled applications versions in the cache prefixCôme Chilliet2025-06-051-2/+2
| | | | | | | This makes sure the cached routes are updated after enabling a previously disabled application Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix: make core application bootstrapable by coordinatorchore/refactor-coreFerdinand Thiessen2025-06-021-3/+9
| | | | | | Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de> Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com> Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* test: Mock ITaskManager to remove test interactionsJoas Schilling2025-05-291-1/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* fix(RouteParser): bail out if method name contains hashtagrefactor/app/remove-register-routesFerdinand Thiessen2025-05-151-1/+1
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* chore(AppFramework): Remove unused RouteConfig class and migrate tests to ↵provokateurin2025-05-152-280/+1
| | | | | | RouteParser Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* fix: Fix psalm issue and update baselinefix/improve-init-profilingCôme Chilliet2025-05-141-1/+2
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* feat: Improve init a bit, and add more profiling stepsCôme Chilliet2025-05-132-6/+6
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix(throttler): Remove the sleep from the throttler that throwsbugfix/noid/remove-sleep-from-throttlerJoas Schilling2025-05-021-1/+1
| | | | | | | The sleep is not adding benefit when it's being aborted with 429 in other cases anyway. Signed-off-by: Joas Schilling <coding@schilljs.com>
* docs(dispatcher): Correct described return valuesjtr-docs-dispatcher-returnJosh2025-04-231-3/+5
| | | | Signed-off-by: Josh <josh.t.richards@gmail.com>
* fix: Remove support for app.php loadingCôme Chilliet2025-04-141-2/+2
| | | | | | | | | It has been deprecated for a long time, and the last known active application to use it (user_saml) is now migrated the modern API. Presence of the file is still checked in order to log an error. This behavior may be removed as well in a few versions. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix: Use login name to check the passwordartonge/fix/use_loginname_to_check_passwordLouis Chemineau2025-04-021-1/+2
| | | | Signed-off-by: Louis Chemineau <louis@chmn.me>
* fix: Move getAppInstalledVersions to AppConfig so that it can be used earlierfix/add-getappversions-replacementCôme Chilliet2025-03-251-0/+9
| | | | | | Call it from OC_App to make sure there is only one request to DB. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix(auth): Allow 2FA challenges for Ephemeral sessionsbugfix/ios-3365/allow-2fa-for-ephemeral-sessionsJoas Schilling2025-03-181-0/+5
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* fix(login): Properly target public page with attributeartonge/fix/publicpage_attributeLouis Chemineau2025-03-051-1/+2
| | | | Signed-off-by: Louis Chemineau <louis@chmn.me>
* Merge pull request #51116 from nextcloud/enh/noid/nullable-rangeArthur Schiwon2025-03-041-1/+1
|\ | | | | feat(AppFramework): extend range check to optional parameters
| * feat(AppFramework): extend range check to optional parametersenh/noid/nullable-rangeArthur Schiwon2025-02-271-1/+1
| | | | | | | | | | | | | | Now it also applies when a paramater is documtend with a pending |null, but no further unionation is considered. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | fix(login): Also check legacy annotation for ephemeral sessionsLouis Chemineau2025-02-272-6/+7
|/ | | | Signed-off-by: Louis Chemineau <louis@chmn.me>
* Merge pull request #51051 from nextcloud/artonge/fix/login_flow_v2_sessions_2Louis2025-02-272-1/+53
|\ | | | | feat: Close sessions created for login flow v2
| * feat: Close sessions created for login flow v2artonge/fix/login_flow_v2_sessions_2Louis Chemineau2025-02-262-1/+53
| | | | | | | | | | | | | | | | Sessions created during the login flow v2 should be short lived to not leave an unexpected opened session in the browser. This commit add a property to the session object to track its origin, and will close it as soon as possible, i.e., on the first non public page request. Signed-off-by: Louis Chemineau <louis@chmn.me>
* | fix(l10n): Improve english source stringsJoas Schilling2025-02-261-3/+3
|/ | | | | | | - No leading/trailing whitespace - Use asci single quote Signed-off-by: Joas Schilling <coding@schilljs.com>
* chore: Add missing star in phpdoc commentfix/fix-psalm-taint-errorsCôme Chilliet2025-02-171-1/+1
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix: Correctly tag json encoding in BaseResponse to fix false-positiveCôme Chilliet2025-02-171-1/+9
| | | | | | …in psalm taint analysis Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix(ratelimit): Allow to bypass rate-limit from bruteforce allowlistbugfix/noid/allow-ratelimit-bypassJoas Schilling2025-01-272-9/+10
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* feat(api): File conversion APIElizabeth Danzberger2025-01-151-0/+25
| | | | Signed-off-by: Elizabeth Danzberger <lizzy7128@tutanota.de>
* feat(lexicon): configurable default valueMaxence Lange2025-01-141-1/+2
| | | | Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
* fix(Http): Only allow valid HTTP status code values via templatefix/http/template-valid-status-codesprovokateurin2025-01-073-8/+8
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* feat(config): implementation of lexiconMaxence Lange2024-12-131-0/+34
| | | | Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
* Merge pull request #49515 from ↵Joas Schilling2024-11-281-10/+2
|\ | | | | | | | | nextcloud/bugfix/noid/boolean-false-in-multipart-form-data fix(controller): Fix false booleans in multipart/form-data
| * fix(controller): Fix false booleans in multipart/form-dataJoas Schilling2024-11-281-10/+2
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | feat: Use inline password confirmation in external storage settingsLouis Chemineau2024-11-282-66/+60
|/ | | | Signed-off-by: Louis Chemineau <louis@chmn.me>
* feat(Dispatcher): Add debug log for controller methods returning raw data ↵feat/dispatcher/log-raw-response-dataprovokateurin2024-11-151-0/+4
| | | | | | not wrapped in Response Signed-off-by: provokateurin <kate@provokateurin.de>
* chore(profile): move profile app from core to appsskjnldsv2024-11-142-0/+2
| | | | Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
* fix(Middleware): log deprecation when annotation was actually usedfix/noid/deprecation-correct-caseArthur Schiwon2024-11-121-1/+1
| | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* chore: Add proper deprecation dates where missingFerdinand Thiessen2024-09-201-5/+5
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* chore(deps): Update nextcloud/coding-standard to v1.3.1provokateurin2024-09-195-11/+13
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* chore!: Remove `OC\AppFramework\Logger`Ferdinand Thiessen2024-09-192-112/+0
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* fix(BaseResponse): Cast XML element values to stringfix/baseresponse/xml-element-value-string-castprovokateurin2024-09-151-1/+3
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* chore: fix typo in `SameSiteCookieMiddleware`Ferdinand Thiessen2024-08-311-4/+4
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* chore: Remove unused `CsrfTokenManager` from `CSPMiddleware`Ferdinand Thiessen2024-08-312-17/+7
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* style: update codestyle for coding-standard 1.2.3Daniel Kesselberg2024-08-2510-34/+34
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* perf: delay getting (sub)admin status for user in the security middleware ↵Robin Appelman2024-08-232-9/+31
| | | | | | untill we need it Signed-off-by: Robin Appelman <robin@icewind.nl>
* fix: Support Safari mobileFerdinand Thiessen2024-08-211-0/+1
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* fix: Use `CSP_NONCE` env variable in ContentSecurity HeaderHolger Hees2024-08-131-1/+1
| | | | | | We should use 'cspNonceManager' for requesting the NONCE value, because it is doing the same as before, except that it honors a CPS_NONCE environment variable if available. Signed-off-by: Holger Hees <holger.hees@gmail.com>
generated by cgit v1.2.3 (git 2.39.1) at 2025-06-30 13:18:29 +0000