upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-04-15 22:11:17 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 25
77659 commits 882 branches 1195 tags 7.2 GiB
Commit graph

555 commits

Author SHA1 Message Date
Maxence Lange
51fa22dc26 fix psalm 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2024-01-31 21:13:32 -01:00
Maxence Lange
86835ee899 sync with new OCP\IAppConfig 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2024-01-31 21:13:32 -01:00
Ferdinand Thiessen
85978593fe
Merge pull request #42794 from nextcloud/fix/invalid-trusted-proxies 
fix(Request): Catch exceptions in `isTrustedProxy`
 2024-01-29 16:19:51 +01:00
Pavel Kryl
30ad530814 code style: ommited space, reverted [code review] 2024-01-27 15:11:26 +01:00
Pavel Kryl
446ecbc454 fixing bug #6914: Config Param 'overwritecondaddr' not working 
- just ignoring/removing extra parameter 'protocol' as suggested by
  blizzz

Signed-off-by: Pavel Kryl <pavel@kryl.eu>
 2024-01-27 15:11:26 +01:00
Ferdinand Thiessen
7620d230df
fix(Request): Catch exceptions in isTrustedProxy 
The function fails if the configured trusted proxies contain invalid characters and the underlying IpUtils will throw.
But as it is used by `getRemoteAddress` which is used by logging / templating, thrown errors are not reported but silently fail with error 500.

Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de>
Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com>
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-01-27 14:59:51 +01:00
Joas Schilling
ce583cb67b
techdebt(Middleware): Add more specific array types so its clickable in IDEs 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-11-30 12:27:08 +01:00
Joas Schilling
f6b6776c93
fix(API): Use a distinct exception so apps can react to it and customize the return 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-11-28 06:11:57 +01:00
Arthur Schiwon
3fa43a529b
enh(dispatcher): enforce psalm ranges in the http dispatcher 
- allows devs to provide int ranges for API arguments

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2023-11-24 12:46:38 +01:00
Joas Schilling
aa5f037af7
chore: apply changes from Nextcloud coding standards 1.1.1 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2023-11-23 10:36:13 +01:00
Joas Schilling
2fa78f6245
Reverse X-Forwarded-For list to read the correct proxy remote address 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-11-16 07:45:19 +01:00
Christoph Wurst
78842348b2
feat(dependencyinjection): Allow optional (nullable) services 
Allows working with classes that might or might not be available.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-11-03 11:53:43 +01:00
Joas Schilling
2b7f78fc2e
Merge pull request #40326 from nextcloud/enh/text-to-image-api 
Implement TextToImage OCP API
 2023-10-26 15:53:30 +02:00
Carl Schwan
eb1d612d96
Add api to register setup checks 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2023-10-19 11:43:58 +02:00
Marcel Klehr
c8cab9d2fd Implement TextToImage OCP API 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-10-18 13:21:50 +02:00
Joas Schilling
356c2219bc
Merge pull request #40865 from nextcloud/bugfix/noid/fix-version-comment 
Fix version number in ITimeFactory after it was delayed
 2023-10-16 08:01:09 +02:00
Joas Schilling
a8ae09c544
fix(docs): Fix parameter types in docs 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-10-13 11:02:42 +02:00
Joas Schilling
0a4fbaddc7
Fix version number in ITimeFactory after it was delayed 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-10-11 12:14:41 +02:00
Alexander Piskun
0b8a3b578d fixed Drone test 
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
 2023-10-06 13:46:37 +03:00
Alexander Piskun
f16c9f42c6 added CORS skip if session was created by AppAPI 
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
 2023-10-02 11:08:21 +03:00
Hamid Dehnavi
ea06cf2f39 Convert isset ternary to null coalescing operator 
Signed-off-by: Hamid Dehnavi <hamid.dev.pro@gmail.com>
 2023-09-28 17:44:19 +03:30
Côme Chilliet
f68d4f7300
Remove deprecated methods Util::writeLog and DIContainer::log 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-09-25 10:37:12 +02:00
Christoph Wurst
e477bb7eaf
feat(appframework): Expose programmatic rate limiter 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-09-20 20:25:27 +02:00
Andrew Summers
ce74bdcda2
Refactor OC\Server::getThemingDefaults 
Signed-off-by: Andrew Summers <18727110+summersab@users.noreply.github.com>
 2023-08-29 21:33:17 -05:00
Joas Schilling
25309bcb45
techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-08-28 15:50:45 +02:00
Joas Schilling
381c35080d
fix(middleware): Fix header injection for bruteforce middleware 
Calling setHeaders(getHeaders()) breaks the CSP nonce for unknown reasons
So shifting back to old standard practise for now

Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-08-22 16:00:39 +02:00
Joas Schilling
2f06f2355d
feat: Add a header which signals that the request was throttled 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-08-21 16:36:04 +02:00
Robin Appelman
ccf57e0715 add separate event for rendering login page template 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2023-08-17 10:57:56 +02:00
jld3103
12f8543815
Rewrite OCS CSRF check to be readable 
Signed-off-by: jld3103 <jld3103yt@gmail.com>
 2023-08-16 15:52:36 +02:00
Joas Schilling
1b387bb341
fix!: Remove legacy event dispatching Symfony's GenericEvent from AdditionalScripts 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-07-27 09:57:52 +02:00
Marcel Klehr
7c80d66ee5
Merge pull request #38854 from nextcloud/enh/llm-api 2023-07-21 11:20:31 +02:00
Marcel Klehr
ffe27ce14c Massive refactoring: Turn LanguageModel OCP API into TextProcessing API 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-07-14 16:00:31 +02:00
Marcel Klehr
82d3b00ab1 LLM OCP API: Add to RegistrationContext 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-07-07 13:39:10 +02:00
Anna Larch
558e386e46 fix(CardDAV): catch right exception when checking for federated app classes 
Signed-off-by: Anna Larch <anna@nextcloud.com>
 2023-07-06 13:07:14 +02:00
jld3103
b0001c6010
Add template types to responses 
Signed-off-by: jld3103 <jld3103yt@gmail.com>
 2023-06-30 09:33:29 +02:00
jld3103
7f4651637a
Allow stdClass in XML responses 
Signed-off-by: jld3103 <jld3103yt@gmail.com>
 2023-06-13 11:44:47 +02:00
Robin Appelman
9f1d497a0b
Merge pull request #38261 from fsamapoor/replace_strpos_calls_in_lib_private 
Refactors "strpos" calls in  lib/private to improve code readability.
 2023-06-01 23:10:00 +02:00
Christoph Wurst
e76d525a43
chore: Drop \OC_App::getAppInfo 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-06-01 11:31:27 +02:00
Joas Schilling
3a6bc7aba2
fix(middleware): Also abort the request when reaching max delay in afterController 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-05-15 16:20:19 +02:00
Faraz Samapoor
e7cc7653b8 Refactors "strpos" calls in lib/private to improve code readability. 
Signed-off-by: Faraz Samapoor <fsamapoor@gmail.com>
 2023-05-15 15:17:19 +03:30
Joas Schilling
ecb8b55c5c
feat(security): Add PHP \Attribute for remaining security annotations 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-04-25 14:50:32 +02:00
Joas Schilling
89c3c31402
feat(ratelimit): Add Attributes support to rate limit middleware 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-04-24 12:24:48 +02:00
Côme Chilliet
b294edad80
Merge branch 'master' into enh/type-iconfig-getter-calls 
Signed-off-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
 2023-04-20 16:52:38 +02:00
Joas Schilling
fd473f89e8
Merge pull request #37674 from nextcloud/feature/speech-to-text 
feat(SpeechToText): Add SpeechToText OCP provider API
 2023-04-19 16:29:44 +02:00
Christoph Wurst
a06898a2d0 fix(security)!: Use consistent HTTP status for strict cookie checks 
Before: 503/412
Now: 412 + json body explaining the error

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-04-17 16:06:37 +00:00
Marcel Klehr
317521b607 feat(SpeechToText): Add SpeechToText provider API 
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
 2023-04-11 14:59:57 +02:00
Côme Chilliet
426c0341ff
Use typed version of IConfig::getSystemValue as much as possible 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-04-05 12:50:08 +02:00
Joas Schilling
2b49861679
Add a debug message when throttling without defining 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-03-08 12:09:22 +01:00
Joas Schilling
e839eb9b5c
feat(middleware): Migrate BruteForceProtection annotation to PHP Attribute and allow multiple 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-03-08 12:09:22 +01:00
Joas Schilling
c297f8ee96
feat(appframework): Make ITimeFactory extend \PSR\Clock\ClockInterface 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-03-03 15:37:13 +01:00
Julius Härtl
3e63298381
feat(translations): Add translation provider API 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2023-02-27 16:52:03 +01:00
Julius Härtl
90d2cb09b1
Merge pull request #36396 from nextcloud/fix/cors 2023-02-17 09:42:08 +01:00
Ferdinand Thiessen
f655f83c84 fix(CORS): CORS should only be bypassed on PublicPage if not logged in to prevent CSRF attack vectors 
Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>
 2023-02-16 22:55:18 +01:00
Julius Härtl
a705132c8d
Merge pull request #36656 from nextcloud/route-instrumentation 2023-02-14 10:12:19 +01:00
Julius Härtl
610a203d31
Merge pull request #36525 from nextcloud/fix/noid/params-put 
fix: Only get params from PUT content if possible
 2023-02-13 10:25:52 +01:00
Robin Appelman
b68be79464 more routing performance instrumentation 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2023-02-10 11:12:26 +01:00
Robin Appelman
fe78ef7a38 instrumentation for app booting 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2023-02-09 17:41:43 +01:00
Robin Appelman
08e7b20c43 add more performance instrumentation for app registering 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2023-02-09 17:41:43 +01:00
Ferdinand Thiessen
ba8a50c059 fix: Throw NotFoundExceptionInterface to fulfill PSR container interface if class not found 
Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>
 2023-02-06 14:16:35 +01:00
Julius Härtl
dc3916e27c
fix: Only get params from PUT content if possible 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2023-02-03 22:30:04 +01:00
Louis Chemineau
4ab3c16403 Pluggable share provider 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
Signed-off-by: Louis Chemineau <louis@chmn.me>
 2023-02-02 15:41:26 +01:00
Christoph Wurst
20e00cdf17
feat(app-framework): Add UseSession attribute to replace annotation 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-27 09:40:35 +01:00
Christoph Wurst
8d9af3e262
feat(app-framework): Add support for global middlewares 
This allows apps to register middlewares that always register, not just
for the app's own requests

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-26 11:54:28 +01:00
Christoph Wurst
907ff68bfc
perf(app-framework): Make the app middleware registration lazy 
Before this patch, app middlewares were registered on the dispatcher for
every app loaded in a Nextcloud process. With the patch, only
middlewares belonging to the same app of a dispatcher instance are
loaded.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-25 09:27:24 +01:00
Côme Chilliet
f5c361cf44
composer run cs:fix 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-20 11:45:08 +01:00
Côme Chilliet
2a5e18b67a
Fix types in OCS json answer (status code is an int) 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-20 11:22:09 +01:00
Côme Chilliet
f2cdc4f47d
Fix crash in OCS when getting info about an application 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-20 11:22:09 +01:00
Côme Chilliet
0c466b7ff5
Attempt at reducing psalm errors 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-20 11:22:09 +01:00
Christoph Wurst
20fcfb5739
feat(app framework)!: Inject services into controller methods 
Usually Nextcloud DI goes through constructor injection. This has the
implication that each instance of a class builds the full DI tree. That
is the injected services, their services, etc. Occasionally there is a
service that is only needed for one controller method. Then the DI tree
is build regardless if used or not.

If services are injected into the method, we only build the DI tree if
that method gets executed.

This is also how Laravel allows injection.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-01-18 14:00:38 +01:00
Joas Schilling
0af4e9d4fe
Merge pull request #34172 from audriga/add-scim-json-support 
Add support for application/scim+json
 2022-12-20 08:58:33 +01:00
Côme Chilliet
cf508c1e47 Use strict typing in base.php 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-12-19 09:10:40 +00:00
Stanimir Bozhilov
7dcd6eb561
Merge branch 'master' into add-scim-json-support 
Signed-off-by: Stanimir Bozhilov <stanimir.bozhilov.1998@gmail.com>
 2022-12-19 09:07:38 +01:00
Vincent Petry
7adfdf5248
Merge pull request #35537 from nextcloud/fix/dependency-injection-error 
Improve dependency injection error message
 2022-12-16 16:49:23 +01:00
Vincent Petry
ae6fe874ed
Merge pull request #35780 from nextcloud/fix/http-dispatcher-double-parameter-cast 
Fix missing cast of double controller parameters
 2022-12-16 16:18:35 +01:00
Christoph Wurst
b6dd1a1d7b
fix(app framework): Fix missing cast of double controller parameters 
``settype`` allows 'double' as alias of 'float'.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2022-12-15 09:33:52 +01:00
Artur Neumann
81f2857f34
check if params given to API are really an array 
Signed-off-by: Artur Neumann <artur@jankaritech.com>
 2022-12-15 13:45:22 +05:45
Stanimir Bozhilov
b44befa881 Move JSON content type regex to IRequest and make it a const 2022-12-08 15:11:23 +01:00
Julius Härtl
f0a0bfaaee
Move to str_starts_with 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-12-07 22:32:06 +01:00
Julius Härtl
3899de12b7
Skip querying the app container for server namespace 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-12-07 22:32:05 +01:00
Julius Härtl
d7ecbe32d2
Avoid container dance for appName 
Sicne the appName is always passed for the DIContainer we can avoid
using the container query logic and instead store and use a property

Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-12-07 22:32:04 +01:00
Julien Veyssier
4a3f3beb0b
use bruteforce protection on all methods wrapped by PublicShareMiddleware 
if an invalid token is provided or when share password is wrong

Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2022-12-07 13:24:50 +01:00
Carl Schwan
2a864ec13c Improve dependency injection error message 
Change from display the name of the parameter to the type of the
parameter. This is that in most cases is usefull.

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-12-01 12:46:01 +01:00
Christoph Wurst
41b2466d35
Clean up and deprecate app container aliases 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2022-11-02 19:42:09 +01:00
Julius Härtl
cea2f79bbd
Improve container return type annotations 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-10-14 10:45:16 +02:00
Stanimir Bozhilov
46c10c77e1 Fix the JSON content type regex to match all MIME types 
Signed-off-by: Stanimir Bozhilov <stanimir@audriga.com>
 2022-09-26 11:51:44 +02:00
Stanimir Bozhilov
d80f8f6c82 Type hint JSON content type regex and use preg_match less 
Signed-off-by: Stanimir Bozhilov <stanimir@audriga.com>
 2022-09-22 11:25:39 +02:00
Stanimir Bozhilov
f286a9d6ac Use regex for all JSON-related content types 
Signed-off-by: Stanimir Bozhilov <stanimir@audriga.com>
 2022-09-21 16:36:01 +02:00
Stanimir Bozhilov
0ace70488a Treat application/json and application/scim+json in same if-block 
Signed-off-by: Stanimir Bozhilov <stanimir@audriga.com>
 2022-09-21 15:31:50 +02:00
Jonas Rittershofer
c8b7a233a5 Allow CSRF on CORS routes 
Co-authored-by: Julius Härtl <jus@bitgrid.net>
Co-authored-by: Andreas Brinner <andreas@everlanes.net>
Signed-off-by: Jonas Rittershofer <jotoeri@users.noreply.github.com>
 2022-09-21 10:42:00 +00:00
Stanimir Bozhilov
f0dbe1148a Add support for application/scim+json content type 
Signed-off-by: Stanimir Bozhilov <stanimir@audriga.com>
 2022-09-20 16:18:52 +02:00
Julius Härtl
68d0038eb0
Move registration to IBootstrap 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-08-31 16:20:06 +02:00
Julius Härtl
9b4b72826a
Reopen sessions if we need to write to them instead of keeping them open 
Sessions are a locking operation until we write close them, so close
them early and reopen later in case we want to write to them

Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-08-17 12:10:26 +02:00
Carl Schwan
f8b13ecd60
Merge pull request #32363 from nextcloud/cleanup/remove-long-deprecated-classes 
Remove OCP\App and OCP\BackgroundJob
 2022-08-08 17:05:11 +02:00
Vincent Petry
cbd5cef2cc
Merge pull request #33398 from nextcloud/enh/noid/sensitive-methods-apps 
allow apps to specify methods carrying sensitive parameters
 2022-08-05 14:09:55 +02:00
Simon Leiner
09362eaeaa
Support specifying IPv6 proxies in CIDR notation 
Previously, it was not possible to use CIDR notation for IPv6 proxies
in the trusted_proxies parameter of config.php [1]. This patch adds
support for that.

[1]: https://docs.nextcloud.com/server/24/admin_manual/configuration_server/reverse_proxy_configuration.html#defining-trusted-proxies

Signed-off-by: Simon Leiner <simon@leiner.me>
 2022-08-02 17:36:47 +02:00
Carl Schwan
458c2fa297
Remove OCP\App and OCP\BackgroundJob 
Both deprecated since NC 23

IAppManager is the replacement for OCP\App unfortunately it can't be
dependency injected in classes used by the installed otherwise the
database connection is initialised too early

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-08-01 09:46:40 +02:00
Arthur Schiwon
2a6f46e689
allow apps to specify methods carrying sensitive parameters 
… in order to remove them from logging.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2022-07-28 23:30:17 +02:00
luz paz
368f83095d Fix typos in lib/private subdirectory 
Found via `codespell -q 3 -S l10n -L jus ./lib/private`

Signed-off-by: luz paz <luzpaz@github.com>
 2022-07-27 08:52:17 -04:00
Arthur Schiwon
523572fcea
load widgets only of enabled apps 
- per design, all enabled apps have their registration run
- limitations, e.g. enabled by group, are not considered in that state,
  because we do not have a session (and might need apps?)
- before instantiation of widget it has to be checked whether the providing
  app is actually enabled for the logged in user.
- a public interface is being changed, but it is not meant to be
  implemented or used outside of the core handling. Therefore save to
  backport.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2022-06-22 21:58:13 +02:00
Carl Schwan
b70c6a128f Update core to PHP 7.4 standard 
- Typed properties
- Port to LoggerInterface

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-05-20 22:18:06 +02:00