upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-04-22 14:50:17 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 53
86621 commits 888 branches 1195 tags 8.3 GiB
Commit graph

660 commits

Author SHA1 Message Date
Benjamin Gaussorgues
1b504bf4ec
Merge pull request #58863 from nextcloud/fix/annotation-attributes-fix 2026-03-18 08:46:31 +01:00
Joas Schilling
5f80f26799
chore: Fix SPDX header 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2026-03-16 08:38:16 +01:00
David Dreschner
2bb9524c84
fix: Remove deprecated RFC7231 constant to avoid warnings on PHP 8.5 
Signed-off-by: David Dreschner <david.dreschner@nextcloud.com>
 2026-03-13 10:43:38 +01:00
Kate
c8380b1b62
Merge pull request #58869 from nextcloud/fix/pwd-confirmation 2026-03-12 09:54:15 +01:00
Ferdinand Thiessen
9b54b06de5
fix(SecurityMiddleware): return header to distinguish error type 
Currently we return a 403 (Forbidden) when the password confirmation
failed - which itself seems to be inappropriate as its basically a login
failing so a 401 (not authorized) is more appropriate.

This is especially a problem because APIs might return 403 internally
for good reason (e.g. user missing permission) but 401 would not be a
problem.

But as this is a breaking change so my solution to be able to
distinguish API error from password confirmation error is:

Add a header inside the response that marks failed password confirmation
`X-NC-Auth-NotConfirmed`.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2026-03-11 15:11:29 +01:00
Côme Chilliet
91334643dc
fix(tests): Adapt Middleware tests to API change 
Removed a few tests rendered obsolete by the refactoring.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2026-03-11 14:27:45 +01:00
Côme Chilliet
447ee17759
fix: Remove code duplication by using the new method 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2026-03-11 11:36:01 +01:00
Côme Chilliet
520878338f
fix: Move hasAnnotationOrAttribute to the reflector 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2026-03-11 11:16:26 +01:00
Raphael Gradenwitz
3e78bf662d
Merge pull request #58648 from nextcloud/feat/add-files-sharing-raw-to-rootUrlApps 
feat(routing): add files_sharing_raw to rootUrlApps
 2026-03-10 15:31:02 +01:00
Anna Larch
cbe8e4d90f fix: add fallback to raw path info 
Follow up to https://github.com/nextcloud/server/pull/56843

The raw path info method has no fallback for an empty array parameter

Signed-off-by: Anna Larch <anna@nextcloud.com>
 2026-03-09 22:22:08 +01:00
nextcloud-command
663018455e refactor: Apply rector changes 
Signed-off-by: GitHub <noreply@github.com>
 2026-03-01 14:43:11 +00:00
ernolf
b24663db93
feat(routing): add files_sharing_raw to rootUrlApps 
- Registers the files_sharing_raw app as a root-URL app so that its routes are served under /raw/{token} and /rss instead of the default /apps/files_sharing_raw/... prefix.
  This is required for the files_sharing_raw app to generate correct canonical raw URLs via PublicUrlBuilder.

Signed-off-by: ernolf <raphael.gradenwitz@googlemail.com>
 2026-02-28 20:30:19 +01:00
provokateurin
9dc1d6372f
fix(IContainer): Fix parameter and return types 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2026-02-16 10:45:13 +01:00
Kate
b80816dfb7
Merge pull request #58098 from nextcloud/fix/appframework/types-phpstan 
fix(AppFramework): Adjust types so PHPStan understands them
 2026-02-12 14:00:47 +01:00
provokateurin
5c47ce9b40
fix(SimpleContainer): Adjust return type for PHPStan 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2026-02-11 11:42:37 +01:00
provokateurin
e8d4d435ed
fix(IRegistrationContext): Use SimpleContainer in registerService factory 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2026-02-11 11:42:37 +01:00
provokateurin
97c09753c3
fix(AppFramework): Adjust types so PHPStan understands them 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2026-02-09 14:08:42 +01:00
provokateurin
f12cecb684
feat(rector): Enable SafeDeclareStrictTypesRector 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2026-02-09 10:59:31 +01:00
Carl Schwan
65e769a861
refactor: Apply comments 
Signed-off-by: Carl Schwan <carl.schwan@nextcloud.com>
 2026-02-06 13:50:46 +01:00
Carl Schwan
7b6078875b
refactor: Run rector on lib/private 
Signed-off-by: Carl Schwan <carl.schwan@nextcloud.com>
 2026-02-06 13:50:18 +01:00
Carl Schwan
f81475445d
refactor: Move hasAnnotationOrAttribute to MiddlewareUtils 
Signed-off-by: Carl Schwan <carlschwan@kde.org>
 2026-01-28 21:48:16 +01:00
Carl Schwan
6408ed0b51
feat(AppFramework): Add missing NoSameSiteCookieRequired attribute 
Allow to replace the old annotation.

Signed-off-by: Carl Schwan <carl.schwan@nextcloud.com>
 2026-01-28 21:48:16 +01:00
Carl Schwan
b040fb1c73
feat(AppFramework): Add missing NoTwoFactorRequired attribute 
It's in our documentation but was never implemented.

Signed-off-by: Carl Schwan <carl.schwan@nextcloud.com>
 2026-01-28 21:48:16 +01:00
Maxence Lange
6af64a5495 feat(ocm): event on ocm discovery and ocm request 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2026-01-07 17:54:26 -01:00
Joas Schilling
f2e2e4ea21
fix(controller): Support native int ranges 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2026-01-07 17:36:57 +01:00
Christoph Wurst
8a581c230b refactor: improve reflection attribute typing 
This allows tools to see the correct usage of
PasswordConfirmationRequired::getStrict

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2025-12-04 17:37:47 +01:00
Côme Chilliet
cb80ec7ebb
feat(log): Add script name and occ command to log details 
This will help when troubleshooting issues. For web request we have
 method and url, but for cron and occ currently we have no way to know if
 it’s one or the other and which command.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-12-04 15:04:59 +01:00
Stephan Orbaugh
2d0c5cf627
Merge pull request #56218 from nextcloud/feat/di/abort-infinite-loop 
feat(DI): Abort querying if infinite loop is detected
 2025-11-13 16:15:49 +01:00
Kate
e5f50dafcb
Merge pull request #55620 from nextcloud/fix/appframework/check-reponder-existence 2025-11-12 11:46:08 +01:00
provokateurin
f720925b06
fix(AppFramework): Check for responder existence 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2025-11-12 09:39:53 +01:00
Joas Schilling
2b9083ab29
feat(rate-limit): Allow overwriting the rate limit 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-11-12 08:59:40 +01:00
Louis Chmn
ed4a1708f2 feat(EphemeralSessions): Introduce lax period 
Signed-off-by: Louis Chmn <louis@chmn.me>
 2025-11-05 16:08:13 +01:00
provokateurin
3dbf848ee9
feat(DI): Abort querying if infinite loop is detected 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2025-11-05 12:21:19 +01:00
Carl Schwan
336cc3fa35 feat(Db): Use SnowflakeId for previews 
Allow to get an id for the storing the preview on disk before inserting
the preview on the DB.

Signed-off-by: Carl Schwan <carl.schwan@nextcloud.com>
 2025-10-28 17:50:03 +01:00
Maxence Lange
9209540db5 feat(route): globalsiteselector as root url generator 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2025-10-13 09:19:20 -01:00
Côme Chilliet
d51efd9735
fix: Do not try to create lazy ghosts for PHP internal classes 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-09-28 14:35:49 +02:00
Thomas Citharel
7bf8e9699c
fix(http): handle getHttpProtocol being unset in $_SERVER['SERVER_PROTOCOL'] if called from occ 
Due to the profiler app loading HttpDataCollector when running occ.

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2025-09-21 18:06:33 +02:00
provokateurin
9473f47c0d fix(Dispatcher): Catch TypeErrors and turn them into bad request responses 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2025-09-05 00:49:23 +02:00
Kate
a1709f576e
Merge pull request #54627 from nextcloud/fix/ocs/accept-header 2025-08-28 14:03:23 +02:00
provokateurin
aab11d35d3
fix(OCS): Add IRequest::getFormat to determine the response Content-Type the same way everywhere 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2025-08-26 09:50:03 +02:00
Joas Schilling
11aa997da3
fix(2fa): Fix 2FA session setup when ephemeral session is used 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-08-25 10:39:17 +02:00
Joas Schilling
57f09b642e
fix(container): Reduce general deprecation spam on all requests 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-08-09 11:53:30 +02:00
Benjamin Gaussorgues
8783679a49
Merge pull request #54303 from nextcloud/jtr-oc-appframework-app-cleanup 2025-08-08 10:41:51 +02:00
Joas Schilling
2f18996347
fix(container): Don't use deprecated things to set up controllers for apps 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-08-08 08:42:56 +02:00
Joas Schilling
17c40b9474
fix(container): Log the deprecation to the app when possible 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-08-08 08:42:55 +02:00
Josh
67c14b0f11
refactor(App): \OC\AppFramework\App clean-up 
Signed-off-by: Josh <josh.t.richards@gmail.com>
 2025-08-06 17:10:45 -04:00
Josh
9195987d14
refactor(AppFramework): drop unused spreed/Talk fallback 
No longer needed from what I can tell since #20114 & nextcloud/spreed#3134

Signed-off-by: Josh <josh.t.richards@gmail.com>
 2025-08-04 08:59:49 -04:00
John Molakvoæ
4829ac57c1 fix: use OCP\Server 
Signed-off-by: John Molakvoæ <skjnldsv@users.noreply.github.com>
 2025-08-01 17:00:09 +02:00
Josh
14b4d0327e fix(AppFramework): Log malformed protocol values and unify fallback behavior 
Signed-off-by: Josh <josh.t.richards@gmail.com>
 2025-08-01 17:00:09 +02:00
Maxence Lange
132513dbf3 fix(userconfig): duplicate core lexicon 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2025-07-29 10:36:44 -01:00