aboutsummaryrefslogtreecommitdiffstats
path: root/tests/lib/appframework/controller
Commit message (Collapse)AuthorAgeFilesLines
* Move tests/ to PSR-4 (#24731)Joas Schilling2016-05-203-432/+0
| | | | | | | | | | | | | | | | | | | | * Move a-b to PSR-4 * Move c-d to PSR-4 * Move e+g to PSR-4 * Move h-l to PSR-4 * Move m-r to PSR-4 * Move s-u to PSR-4 * Move files/ to PSR-4 * Move remaining tests to PSR-4 * Remove Test\ from old autoloader
* Fix namespaces in AppFramework testsJoas Schilling2016-05-183-3/+6
|
* Remove dependency on ICrypto + use XORLukas Reschke2015-10-213-6/+0
|
* Add blob: scheme to default CSP policyLukas Reschke2015-09-291-1/+1
| | | | Fixes https://github.com/owncloud/core/issues/19438
* Add mitigation against BREACHLukas Reschke2015-08-143-0/+6
| | | | | | | | | | | | While BREACH requires the following three factors to be effectively exploitable we should add another mitigation: 1. Application must support HTTP compression 2. Response most reflect user-controlled input 3. Response should contain sensitive data Especially part 2 is with ownCloud not really given since user-input is usually only echoed if a CSRF token has been passed. To reduce the risk even further it is however sensible to encrypt the CSRF token with a shared secret. Since this will change on every request an attack such as BREACH is not feasible anymore against the CSRF token at least.
* Merge pull request #18096 from sualko/patch-1Morris Jobke2015-08-101-1/+1
|\ | | | | add data: to allowed image domains
| * add more unit tests for data: as allowed image domainsualko2015-08-101-1/+1
| |
* | Fix unit test within OCSControllerThomas Müller2015-08-031-4/+8
|/
* Merge pull request #13989 from owncloud/enhancment/security/11857Clark Tomlinson2015-02-181-3/+4
|\ | | | | Allow AppFramework applications to specify a custom CSP header
| * Allow AppFramework applications to specify a custom CSP headerLukas Reschke2015-02-161-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This change allows AppFramework applications to specify a custom CSP header for example when the default policy is too strict. Furthermore this allows us to partially migrate away from CSS and allowed eval() in our JavaScript components. Legacy ownCloud components will still use the previous policy. Application developers can use this as following in their controllers: ```php $response = new TemplateResponse('activity', 'list', []); $cspHelper = new ContentSecurityPolicyHelper(); $cspHelper->addAllowedScriptDomain('www.owncloud.org'); $response->addHeader('Content-Security-Policy', $cspHelper->getPolicy()); return $response; ``` Fixes https://github.com/owncloud/core/issues/11857 which is a pre-requisite for https://github.com/owncloud/core/issues/13458 and https://github.com/owncloud/core/issues/11925
* | Refactor OC_Request into TrustedDomainHelper and IRequestLukas Reschke2015-02-163-7/+18
|/ | | | | | | | | | This changeset removes the static class `OC_Request` and moves the functions either into `IRequest` which is accessible via `\OC::$server::->getRequest()` or into a separated `TrustedDomainHelper` class for some helper methods which should not be publicly exposed. This changes only internal methods and nothing on the public API. Some public functions in `util.php` have been deprecated though in favour of the new non-static functions. Unfortunately some part of this code uses things like `__DIR__` and thus is not completely unit-testable. Where tests where possible they ahve been added though. Fixes https://github.com/owncloud/core/issues/13976 which was requested in https://github.com/owncloud/core/pull/13973#issuecomment-73492969
* Request requires a second parameterThomas Müller2015-02-091-6/+16
|
* Merge pull request #13921 from owncloud/ocs-afVincent Petry2015-02-092-1/+125
|\ | | | | Add a controller and reponse for ocs
| * fix license emailBernhard Posselt2015-02-051-1/+1
| |
| * fix license emailBernhard Posselt2015-02-052-2/+2
| |
| * add a controller and reponse for ocsBernhard Posselt2015-02-051-0/+124
| |
* | Respect `mod_unique_id` and refactor `OC_Request::getRequestId`Lukas Reschke2015-02-092-11/+13
|/ | | | | | | | | | | | | | When `mod_unique_id` is enabled the ID generated by it will be used for logging. This allows for correlation of the Apache logs and the ownCloud logs. Testplan: - [ ] When `mod_unique_id` is enabled the request ID equals the one generated by `mod_unique_id`. - [ ] When `mod_unique_id` is not available the request ID is a 20 character long random string - [ ] The generated Id is stable over the lifespan of one request Changeset looks a little bit larger since I had to adjust every unit test using the HTTP\Request class for proper DI. Fixes https://github.com/owncloud/core/issues/13366
* Fix unit testLukas Reschke2014-12-041-1/+2
|
* Make remaining files extend the test baseJoas Schilling2014-11-192-2/+4
|
* add dataresponseBernhard Posselt2014-10-291-0/+22
| | | | | | | | | | | | | | fix docstrings adjust copyright date another copyright date update another header update implement third headers argument, fix indention, fix docstrings fix docstrings
* also handle lowercase headersBernhard Posselt2014-06-111-0/+9
|
* handle http accept headers more gracefullyBernhard Posselt2014-06-111-0/+23
|
* remove controller serializersBernhard Posselt2014-06-051-21/+1
|
* adjust license headers to new mail addressBernhard Posselt2014-05-111-1/+1
|
* rename formatter to responder, formatResponse to buildResponseBernhard Posselt2014-05-111-5/+5
|
* implement most of the basic stuff that was suggested in #8290Bernhard Posselt2014-05-111-1/+54
|
* add cors middlewareBernhard Posselt2014-05-092-2/+57
| | | | | | | | | | | | | | | | | | | | | | | | | | remove methodannotationreader namespace fix namespace for server container fix tests fail if with cors credentials header is set to true, implement a reusable preflighted cors method in the controller baseclass, make corsmiddleware private and register it for every request remove uneeded local in cors middleware registratio dont uppercase cors to easily use it from routes fix indention comment fixes explicitely set allow credentials header to false dont depend on better controllers PR, fix that stuff later split cors methods to be in a seperate controller for exposing apis remove protected definitions from apicontroller since controller has it
* OCP\AppFramework\Controller\Controller => OCP\AppFramework\ControllerThomas Tanghus2013-10-111-1/+1
|
* fixing all appframework unit testsThomas Müller2013-10-071-28/+5
|
* Still some session leftovers.Thomas Tanghus2013-09-171-5/+0
|
* kill superfluent classloader from tests - this approach might be of interest ↵Thomas Müller2013-08-211-3/+2
| | | | within the apps
* initial import of appframeworkThomas Müller2013-08-171-0/+161
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-25 03:25:23 +0000