60e5a5eca4
Do not do redirect handling when loggin out
Fixes #12568
Since the clearing of the execution context causes another reload. We
should not do the redirect_uri handling as this results in redirecting
back to the logout page on login.
This adds a simple middleware that will just check if the
ClearExecutionContext session variable is set. If that is the case it
will just redirect back to the login page.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
7 years ago
b68567e9ba
Add StandaloneTemplateResponse
This can be used by pages that do not have the full Nextcloud UI.
So notifications etc do not load there.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
7 years ago
d88604015a
No need to emit additonalscript event on public pages
There already is a separate event for this. This will make it possible
to only inject code with the logged in one on default rendered pages.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
7 years ago
d182037bce
Emit to load additionalscripts
Fixes #13662
This will fire of an event after a Template Response has been returned.
There is an event for the generic loading and one when logged in. So
apps can chose to load only on loged in pages.
This is a more generic approach than the files app event. As some things
we might want to load on other pages as well besides the files app.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
7 years ago
92edd40e51
Make RouteConfig strict
Signed-off-by: Joas Schilling <coding@schilljs.com>
7 years ago
f8b74cf0a5
Allow resources via OCS as well
Signed-off-by: Joas Schilling <coding@schilljs.com>
7 years ago
bf167ad3ac
Remove duplicate functionality
This functionality implemented in the next line:
$requestUri = preg_replace('%/{2,}%', '/', $requestUri);
7 years ago
54ff913de6
Cleanup middleware registering
Fixes #12224
Since we only use the middleware at 1 location it makes no sense to
register them in each and every container.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
7 years ago
514426e27d
Only trust the X-FORWARDED-HOST header for trusted proxies
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
7 years ago
2452a3ec73
Properly query the methodreflector
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
7 years ago
0e5147f001
Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
7 years ago
bfb5ef4b29
The identityproof manager should be in Server
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
7 years ago
8f833a309a
No need to register it also in the DI Container
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
7 years ago
fbd0d0bdcf
The Encryption manager belongs in Server.php
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
7 years ago
9c28d2d7c4
SearchResult should be difined in Server as it is a core component
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
7 years ago
964ebed86c
The UserSession is constructed in the server
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
7 years ago
b2501dbf9a
TimeFactory is already regsitsered in the Server Container
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
7 years ago
61adb513fe
Request is already regsitered in the Server container
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
7 years ago
421a40e7db
Was already registered in Server
The DIContainaer will query server anyways if it can't find it
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
7 years ago
603b672a11
Update password confirmation middleware
If the userbackend doesn't allow validating the password for a given uid
then there is no need to perform this check.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
7 years ago
401ca28f07
Adding handling of CIDR notation to trusted_proxies for IPv4
Signed-off-by: Oliver Wegner <void1976@gmail.com>
7 years ago
85d9f06cb8
add global site selector as user back-end which doesn't support password confirmation
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
7 years ago
986f4df2a5
Add REMOTE_ADDR to getHeader
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
7 years ago
840dd4b39c
Allow to inject/mock `new \DateTime()` similar to time()
Signed-off-by: Joas Schilling <coding@schilljs.com>
7 years ago
dccbdc8c01
only catch QueryException when trying to build class
Signed-off-by: Robin Appelman <robin@icewind.nl>
7 years ago
9319d557a4
Add wrapper Logger in DIContainer
This makes sure that for example app for the context is always set.
We can in the future extend this to include more info.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
7 years ago
c0a283fefb
ensure we always return an array from `Request::getParams`
Signed-off-by: Robin Appelman <robin@icewind.nl>
7 years ago
8c1e75e052
Do not use file as template parameter
Using file will overwrite the $file parameter in the template base.
Leading to trying to include a file that is the exception message. Which
will of course fail.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
7 years ago
e7338173e8
Add PublicShareMiddlewareTest
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
20e514690c
Don't allow public share pages if link sharing is disabled
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
366981fba6
Move public preview endpoint over
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
f36ef8ca80
Add the new PublicShareController and PublicShareMiddleware
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
b4bacf46f3
Do not send a body for "No content", "Not modified" and others
Signed-off-by: Joas Schilling <coding@schilljs.com>
8 years ago
f5b143e318
Allow to inject ISearchResult
Signed-off-by: Joas Schilling <coding@schilljs.com>
8 years ago
38a90130ce
move log constants to ILogger
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
8 years ago
129a608ebe
OCP\AppFramework\App strict
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
3ad7daeda5
Add tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
340e8ef16c
Make SecurityMiddleware strict
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
1dd40b1f45
Single quotes
Signed-off-by: Joas Schilling <coding@schilljs.com>
8 years ago
559978c50e
Suppress phan error
Signed-off-by: Joas Schilling <coding@schilljs.com>
8 years ago
09d8387b00
Try without autoloading
Signed-off-by: Joas Schilling <coding@schilljs.com>
8 years ago
97c4c00e3f
Better debugging for "Your test case is not allowed to access the database."
Signed-off-by: Joas Schilling <coding@schilljs.com>
8 years ago
7da0812186
Do not throw AppNotEnabledException for app public pages - refs #6962 , refs #5309
It allows non-logged user to access public pages of applications restricted to a group
Signed-off-by: Julien Veyssier <eneiluj@posteo.net>
8 years ago
cf35c4b03a
Provide translated error message for permission error
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
8 years ago
043a824e6a
Fix comments
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
0ee45d3d20
Fix proper types
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
a229095af1
Make Request strict
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
4859775893
Don't try to match on false
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
aa060f5332
Strict OCP\AppFramework\Utility\IControllerMethodReflector
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
ca9f364fd4
Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
8 years ago
Roeland Jago Douma
Joas Schilling
b108@volgograd
Oliver Wegner
Bjoern Schiessle
Daniel Kesselberg
Robin Appelman
Arthur Schiwon
Julien Veyssier
Morris Jobke