ArnabChatterjee20k
59ee0901c9
Enhance presence API methods by adding detailed parameter specifications for update and upsert actions. Separate client-side and server-side SDK method definitions to clarify authentication requirements and improve usability. This update includes new parameters for presence management, ensuring better handling of user presence logs.
2026-04-29 14:20:38 +05:30
ArnabChatterjee20k
e624040e57
Refactor presence API methods for clarity and consistency. Updated method names to include 'Presence' suffix for better identification. Enhanced presence state logic to support unique index-based upserts and improved test coverage for presence functionalities, including custom permissions and expiry handling.
2026-04-29 13:49:57 +05:30
ArnabChatterjee20k
496b91480b
updated
2026-04-29 11:33:48 +05:30
ArnabChatterjee20k
b08f3bdc52
Merge remote-tracking branch 'origin/1.9.x' into presence-api
2026-04-29 11:29:59 +05:30
ArnabChatterjee20k
dae9cbcf45
Merge pull request #12070 from appwrite/realtime-action-channels
...
Realtime action channels
2026-04-29 10:49:13 +05:30
Harsh Mahajan
547709a1d8
Merge pull request #12167 from appwrite/feat/impersonation-query-params
...
feat: add query param fallback for impersonation headers
2026-04-28 19:51:23 +05:30
harsh mahajan
2a357511ea
fix: use unique emails and phone in query param impersonation test
2026-04-28 19:17:25 +05:30
Harsh Mahajan
67d24d3ef1
Merge branch '1.9.x' into feat/impersonation-query-params
2026-04-28 19:11:14 +05:30
harsh mahajan
87ed7c3817
feat: add query param fallback for all impersonation params and simplify tests
2026-04-28 19:10:55 +05:30
ArnabChatterjee20k
41b2962e64
updated usage name
2026-04-28 18:03:26 +05:30
ArnabChatterjee20k
25ae2e7314
Implement triggerStats function, add GraphQL source header, and enhance presence upsert logic with source detection. Also, introduce PresenceTest for GraphQL presence upsert validation.
2026-04-28 17:48:23 +05:30
ArnabChatterjee20k
8d378720b0
add presence API metrics and usage tracking
2026-04-28 17:19:24 +05:30
ArnabChatterjee20k
34f782d986
updated roles for the admin and members users
2026-04-28 17:16:24 +05:30
Matej Bačo
3d3f5934c6
Merge pull request #11993 from appwrite/feat-public-oauth2-endpoints
...
Feat: Public project OAuth2 configuration API
2026-04-28 12:41:50 +02:00
harsh mahajan
f0cbfbbbe4
fix: use assertEmpty for impersonatorUserId to match response model
2026-04-28 14:31:49 +05:30
Matej Bačo
cb4cff120b
Add Keycloak oauth support
2026-04-28 10:54:13 +02:00
Matej Bačo
49e6a38e7f
Add fusionauth oauth
2026-04-28 10:43:16 +02:00
ArnabChatterjee20k
587a039493
fixed syntax
2026-04-28 13:57:31 +05:30
ArnabChatterjee20k
93ee8f45ea
updated scopes
2026-04-28 13:50:11 +05:30
Matej Bačo
dfa3ae5274
Fix tests
2026-04-28 10:19:36 +02:00
Matej Bačo
543765a22a
Improve copy
2026-04-28 10:15:45 +02:00
Matej Bačo
e2bb9a9161
Simplify oauth endpoints
2026-04-28 10:08:39 +02:00
harsh mahajan
bda823ac0e
chore: format
2026-04-28 13:38:00 +05:30
harsh mahajan
3dd5a51ba4
style: fix method argument spacing (Pint PSR-12)
2026-04-28 13:34:01 +05:30
harsh mahajan
5afc8f462d
fix: allow same-site in CSRF guard to support Console on subdomains
2026-04-28 13:26:13 +05:30
harsh mahajan
ed0c7b4e12
test: add CSRF attack prevention test for impersonateUserId query param
2026-04-28 13:24:15 +05:30
Matej Bačo
d25707346f
Add console oauth endpoint
2026-04-28 09:47:27 +02:00
harsh mahajan
a3f6cf4645
fix: restrict CSRF guard to same-origin only, drop same-site
2026-04-28 13:00:18 +05:30
harsh mahajan
9a175c5098
test: add E2E tests for impersonateUserId query param and CSRF guards
2026-04-28 12:56:17 +05:30
harsh mahajan
5465be6301
fix: make CSRF guard fail-closed by requiring explicit same-origin Sec-Fetch-Site
2026-04-28 12:27:57 +05:30
ArnabChatterjee20k
5157da870f
add presence specific read and write scope instead of depending on the users read and write scope
2026-04-28 12:19:03 +05:30
harsh mahajan
46a457bfa3
fix: block impersonateUserId query param on cross-site requests to prevent CSRF
2026-04-28 12:10:51 +05:30
harsh mahajan
4c989f99c3
fix: cast impersonateUserId query param to string to prevent array injection
2026-04-28 12:05:02 +05:30
harsh mahajan
8f1d73a6cb
chore: clarify intentional header-only restriction for email/phone impersonation
2026-04-28 12:02:00 +05:30
harsh mahajan
01b5fa8ecb
fix: restrict impersonation query param fallback to userId only
...
Remove query param fallback for impersonateEmail and impersonatePhone
to avoid PII exposure in server logs, browser history, and Referer
headers. Only impersonateUserId (an opaque internal ID) is safe to
pass via URL query param.
2026-04-28 11:58:25 +05:30
harsh mahajan
d73b7a70d8
feat: add query param fallback for impersonation headers
...
Allow impersonation to be specified via URL query params
(?impersonateUserId, ?impersonateEmail, ?impersonatePhone) as a
fallback to the existing headers, enabling Console to embed
impersonation in direct file/image URLs where headers cannot be set.
2026-04-28 11:44:39 +05:30
ArnabChatterjee20k
6fabfe08ce
Merge remote-tracking branch 'origin/1.9.x' into presence-api
2026-04-28 11:40:58 +05:30
Damodar Lohani
cefd063c55
Merge pull request #12165 from appwrite/fix/CLO-4280-getheader-string-coerce
...
fix: coerce non-string header values in Request::getHeader
2026-04-28 10:43:40 +05:45
Damodar Lohani
c924cbcc59
Merge pull request #12166 from appwrite/fix/CLO-4279-favicon-empty-body
...
fix: guard DOMDocument::loadHTML against empty body in favicon endpoint
2026-04-28 10:32:32 +05:45
Damodar Lohani
81321e82d1
Update src/Appwrite/Platform/Modules/Avatars/Http/Favicon/Get.php
...
Co-authored-by: greptile-apps[bot] <165735046+greptile-apps[bot]@users.noreply.github.com>
2026-04-28 10:05:01 +05:45
Damodar Lohani
30a511692b
test: add unit coverage for Request::getHeader non-string coercion
...
Refs CLO-4280
2026-04-28 04:15:00 +00:00
Damodar Lohani
9637409831
fix: coerce non-string header values in Request::getHeader
...
Closes CLO-4280
2026-04-28 03:54:35 +00:00
Damodar Lohani
c4f6b11706
fix: guard DOMDocument::loadHTML against empty body in favicon endpoint
...
Closes CLO-4279
2026-04-28 03:54:34 +00:00
Matej Bačo
ad4178aa42
Fix missing lib params for domain
2026-04-27 18:33:30 +02:00
Matej Bačo
1f16b0d9e7
Fix failing startup
2026-04-27 18:21:21 +02:00
Matej Bačo
015aee087a
Fix write only security
2026-04-27 18:04:22 +02:00
Matej Bačo
50d86c5b5d
Update ci.yml
2026-04-27 17:45:52 +02:00
Matej Bačo
3d43530225
Fix failing test
2026-04-27 17:41:13 +02:00
Matej Bačo
d0d536a2dd
Improve test coverage
2026-04-27 17:40:49 +02:00
Matej Bačo
4b620bb31a
Improve test coverage
2026-04-27 17:27:23 +02:00