nextcloud-server.git - Nextcloud server, a safe home for all your data: https://github.com/nextcloud/server

	Commit message (Collapse)	Author	Age	Files	Lines
*	fix(ratelimit): Allow to bypass rate-limit from bruteforce allowlistbugfix/noid/allow-ratelimit-bypass	Joas Schilling	2025-01-27	1	-1/+9
\| \| \| \|	Signed-off-by: Joas Schilling <coding@schilljs.com>
*	test:(PasswordConfirmationMiddleware): Fix constructor call	Louis Chemineau	2024-11-28	1	-5/+14
\| \| \| \|	Signed-off-by: Louis Chemineau <louis@chmn.me>
*	refactor: Add void return type to PHPUnit test methods	Christoph Wurst	2024-09-15	12	-63/+63
\| \| \| \|	Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
*	chore: Remove unused `CsrfTokenManager` from `CSPMiddleware`	Ferdinand Thiessen	2024-08-31	1	-5/+0
\| \| \| \|	Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
*	style: update codestyle for coding-standard 1.2.3	Daniel Kesselberg	2024-08-25	2	-8/+8
\| \| \| \|	Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
*	perf: delay getting (sub)admin status for user in the security middleware ↵	Robin Appelman	2024-08-23	1	-2/+15
\| \| \| \| \| \|	untill we need it Signed-off-by: Robin Appelman <robin@icewind.nl>
*	feat: Provide CSP nonce as `<meta>` element	Ferdinand Thiessen	2024-08-13	1	-1/+0
\| \| \| \| \| \| \| \|	This way we use the CSP nonce for dynamically loaded scripts. Important to notice: The CSP nonce must NOT be injected in `content` as this can lead to value exfiltration using e.g. side-channel attacts (CSS selectors). Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
*	test: Adjust tests for CSP nonce	Ferdinand Thiessen	2024-08-13	1	-12/+8
\| \| \| \|	Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
*	fix(files_sharing): show proper share not found error message	skjnldsv	2024-08-06	1	-2/+4
\| \| \| \|	Signed-off-by: skjnldsv <skjnldsv@protonmail.com>
*	feat(security): Add public API to allow validating IP Ranges and checking ↵	Joas Schilling	2024-07-19	1	-2/+2
\| \| \| \| \| \| \|	for "in range" Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
*	feat(security): restrict admin actions to IP ranges	Benjamin Gaussorgues	2024-07-19	1	-1/+5
\| \| \| \|	Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
*	feat(Security): Warn about using annotations instead of attributes	provokateurin	2024-07-18	2	-12/+19
\| \| \| \|	Signed-off-by: provokateurin <kate@provokateurin.de>
*	feat(AppFramework): Add ExAppRequired attribute	provokateurin	2024-07-01	2	-1/+58
\| \| \| \|	Signed-off-by: provokateurin <kate@provokateurin.de>
*	refactor(Token): introduce scope constants	Arthur Schiwon	2024-06-05	1	-1/+1
\| \| \| \|	Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
*	fix(Session): avoid password confirmation on SSO	Arthur Schiwon	2024-06-05	2	-1/+63
\| \| \| \| \| \| \| \| \| \| \|	SSO backends like SAML and OIDC tried a trick to suppress password confirmations as they are not possible by design. At least for SAML it was not reliable when existing user backends where used as user repositories. Now we are setting a special scope with the token, and also make sure that the scope is taken over when tokens are regenerated. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
*	chore: Add SPDX header	Andy Scherzinger	2024-05-13	21	-369/+47
\| \| \| \|	Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
*	fix: add check for app_api_system session flag to bypass rate limit	Florian Klinger	2024-03-18	1	-1/+5
\| \| \| \| \|	Signed-off-by: Florian Klinger <florian.klinger@nextcloud.com> Signed-off-by: Andrey Borysenko <andrey18106x@gmail.com>
*	chore: apply changes from Nextcloud coding standards 1.1.1	Joas Schilling	2023-11-23	1	-1/+1
\| \| \| \| \|	Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
*	techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25	Joas Schilling	2023-08-28	3	-10/+11
\| \| \| \|	Signed-off-by: Joas Schilling <coding@schilljs.com>
*	fix!: Remove legacy event dispatching Symfony's GenericEvent from ↵	Joas Schilling	2023-07-27	1	-41/+0
\| \| \| \| \| \|	AdditionalScripts Signed-off-by: Joas Schilling <coding@schilljs.com>
*	fix(middleware): Also abort the request when reaching max delay in ↵	Joas Schilling	2023-05-15	1	-7/+7
\| \| \| \| \| \|	afterController Signed-off-by: Joas Schilling <coding@schilljs.com>
*	feat(security): Add PHP \Attribute for remaining security annotations	Joas Schilling	2023-04-25	8	-250/+801
\| \| \| \|	Signed-off-by: Joas Schilling <coding@schilljs.com>
*	feat(ratelimit): Add Attributes support to rate limit middleware	Joas Schilling	2023-04-24	1	-103/+170
\| \| \| \|	Signed-off-by: Joas Schilling <coding@schilljs.com>
*	feat(app-framework): Add native argument types for middleware	Christoph Wurst	2023-04-18	1	-8/+8
\| \| \| \|	Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
*	Add a debug message when throttling without defining	Joas Schilling	2023-03-08	1	-6/+33
\| \| \| \|	Signed-off-by: Joas Schilling <coding@schilljs.com>
*	feat(middleware): Migrate BruteForceProtection annotation to PHP Attribute ↵	Joas Schilling	2023-03-08	1	-61/+168
\| \| \| \| \| \|	and allow multiple Signed-off-by: Joas Schilling <coding@schilljs.com>
*	fix(CORS): CORS should only be bypassed on `PublicPage` if not logged in to ↵	Ferdinand Thiessen	2023-02-16	1	-1/+35
\| \| \| \| \| \|	prevent CSRF attack vectors Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>
*	feat(app-framework): Add UseSession attribute to replace annotation	Christoph Wurst	2023-01-27	1	-53/+100
\| \| \| \|	Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
*	composer run cs:fix	Côme Chilliet	2023-01-20	12	-12/+0
\| \| \| \|	Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
*	use bruteforce protection on all methods wrapped by PublicShareMiddleware	Julien Veyssier	2022-12-07	1	-1/+6
\| \| \| \| \| \|	if an invalid token is provided or when share password is wrong Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
*	Fix SessionMiddlewareTest and cover new case with reopening	Julius Härtl	2022-08-24	1	-3/+17
\| \| \| \|	Signed-off-by: Julius Härtl <jus@bitgrid.net>
*	Merge pull request #32587 from nextcloud/bugfix/noid/improve-jsconfighelper	Joas Schilling	2022-05-31	1	-72/+52
\|\ \| \| \| \|	Improve JSConfigHelper code quality a bit
\| *	Restore old behaviour of sending flase for not found apps	Joas Schilling	2022-05-30	1	-72/+52
\| \| \| \| \| \| \| \|	Signed-off-by: Joas Schilling <coding@schilljs.com>
* \|	Update core to PHP 7.4 standard	Carl Schwan	2022-05-20	1	-2/+1
\|/ \| \| \| \| \| \|	- Typed properties - Port to LoggerInterface Signed-off-by: Carl Schwan <carl@carlschwan.eu>
*	Fix tests	Joas Schilling	2022-02-23	4	-24/+28
\| \| \| \|	Signed-off-by: Joas Schilling <coding@schilljs.com>
*	Check style update	Carl Schwan	2022-01-13	3	-17/+17
\| \| \| \|	Signed-off-by: Carl Schwan <carl@carlschwan.eu>
*	Add admin privilege delegation for admin settings	Carl Schwan	2021-09-29	1	-1/+11
\| \| \| \| \| \| \|	This makes it possible for selected groups to access some settings pages. Signed-off-by: Carl Schwan <carl@carlschwan.eu>
*	Move DateTime::RFC2822 to DateTimeInterface::2822	Christoph Wurst	2021-06-23	1	-3/+3
\| \| \| \|	Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
*	Move DateTime::ATOM to DateTimeInterface::ATOM	Christoph Wurst	2021-06-23	1	-2/+2
\| \| \| \|	Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
*	Fix warnings about logException	Joas Schilling	2021-06-04	1	-2/+2
\| \| \| \|	Signed-off-by: Joas Schilling <coding@schilljs.com>
*	Fix unauthorized OCS status in provisioning	Joas Schilling	2021-05-12	1	-50/+49
\| \| \| \|	Signed-off-by: Joas Schilling <coding@schilljs.com>
*	Merge pull request #26591 from nextcloud/techdebt/noid/less-ilogger	Christoph Wurst	2021-04-27	1	-3/+3
\|\ \| \| \| \|	Less ILogger
\| *	Fix unit tests	Joas Schilling	2021-04-27	1	-3/+3
\| \| \| \| \| \| \| \|	Signed-off-by: Joas Schilling <coding@schilljs.com>
* \|	Fix ratelimit template	Joas Schilling	2021-04-27	1	-11/+9
\|/ \| \| \|	Signed-off-by: Joas Schilling <coding@schilljs.com>
*	Remove deprecated \OCP\API	Roeland Jago Douma	2021-03-03	1	-4/+4
\| \| \| \| \| \| \| \|	Time to remove this forgood now. Remaining constant moved over The world is a tiny bit better Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
*	Remove OCSResponse type hint - see #23827	Morris Jobke	2020-11-03	1	-1/+0
\| \| \| \|	Signed-off-by: Morris Jobke <hey@morrisjobke.de>
*	Format code to a single space around binary operators	Christoph Wurst	2020-10-05	3	-3/+3
\| \| \| \|	Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
*	More test fixing	Joas Schilling	2020-08-19	1	-2/+2
\| \| \| \|	Signed-off-by: Joas Schilling <coding@schilljs.com>
*	Change PHPDoc type hint from PHPUnit_Framework_MockObject_MockObject to ↵	Morris Jobke	2020-08-12	7	-43/+43
\| \| \| \| \| \|	\PHPUnit\Framework\MockObject\MockObject Signed-off-by: Morris Jobke <hey@morrisjobke.de>
*	Add real events to load additionalscripts	Roeland Jago Douma	2020-07-15	1	-9/+46
\| \| \| \|	Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>