nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Faraz Samapoor	e73757b4a5	Refactors lib/private/Security. Mainly using PHP8's constructor property promotion. Signed-off-by: Faraz Samapoor <fsa@adlas.at>	2023-06-26 15:03:13 +07:00
Robin Appelman	9f1d497a0b	Merge pull request #38261 from fsamapoor/replace_strpos_calls_in_lib_private Refactors "strpos" calls in lib/private to improve code readability.	2023-06-01 23:10:00 +07:00
Robin Appelman	223612b15a	log failures to read certificates during listing Signed-off-by: Robin Appelman <robin@icewind.nl>	2023-05-31 14:40:45 +07:00
Faraz Samapoor	e7cc7653b8	Refactors "strpos" calls in lib/private to improve code readability. Signed-off-by: Faraz Samapoor <fsamapoor@gmail.com>	2023-05-15 15:17:19 +07:00
John Molakvoæ	46459ae93f	Merge pull request #35092 from Messj1/bugfix/type-error-cert-manager-cache-path	2023-05-04 21:53:49 +07:00
Jan Messer	647c65a640	[BUGFIX] throw exception instead of error if unable to create file handler (only exceptions are catch) Signed-off-by: Jan Messer <jan@mtec-studios.ch>	2023-04-06 23:03:49 +07:00
Jan Messer	7a443863fe	[BUGFIX] check return value and improve error handling With S3 primary storage there was a problem with getting the CA bundle from the storage without having the CA bundle for the connection which causes that the CertificateManager was throwing an Error. This commit improves the handling in CertificateManager and log unexpected behaviors. Signed-off-by: Jan Messer <jan@mtec-studios.ch>	2023-04-06 23:03:33 +07:00
Côme Chilliet	426c0341ff	Use typed version of IConfig::getSystemValue as much as possible Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-04-05 12:50:08 +07:00
Côme Chilliet	8f550398c4	Merge pull request #36836 from nextcloud/fix/view-type-cleanup Tidy up typing in OC\Files\View	2023-04-05 10:14:55 +07:00
Côme Chilliet	ea05544213	Fix return type of methods returning false on error Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-04-03 10:52:34 +07:00
Joas Schilling	454281af03	feat(security): Allow to opt-out of ratelimit protection, e.g. for testing on CI Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-04-03 09:06:45 +07:00
Côme Chilliet	f5c361cf44	composer run cs:fix Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-01-20 11:45:08 +07:00
Christoph Wurst	8aea25b5b9	Add remote host validation API Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2022-10-31 16:13:28 +07:00
Côme Chilliet	71ee292650	Add rate limiting on lost password emails Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2022-10-18 14:49:02 +07:00
Carl Schwan	9919116716	Merge pull request #31499 from nextcloud/bugfix/empty-secret Add fallback routines for empty secret cases	2022-10-17 16:02:58 +07:00
Carl Schwan	ef31396727	Mark method as deprecated Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com> Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2022-09-13 13:06:54 +07:00
Carl Schwan	48d9c4d2b0	Port existing server code to new interface Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2022-08-08 17:03:19 +07:00
Joas Schilling	c0f47af2d0	Add a public interface for the bruteforce throttler and register for injection Signed-off-by: Joas Schilling <coding@schilljs.com>	2022-07-28 10:57:10 +07:00
luz paz	368f83095d	Fix typos in lib/private subdirectory Found via `codespell -q 3 -S l10n -L jus ./lib/private` Signed-off-by: luz paz <luzpaz@github.com>	2022-07-27 08:52:17 +07:00
Joas Schilling	8274c05e19	Only ignore attempts of the same action Signed-off-by: Joas Schilling <coding@schilljs.com>	2022-07-07 09:35:14 +07:00
Carl Schwan	ca3cd5a625	Fix detection of firefox in ContentSecurityPolicyNonceManager Reuse Request::USER_AGENT_FIREFOX, and also update the safari detection since safari < 12 is not supported anymore and we can remove a bit of code duplication Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2022-06-29 17:05:48 +07:00
Vincent Petry	01dbd22c9c	Validate requested length is random string generator Signed-off-by: Vincent Petry <vincent@nextcloud.com>	2022-05-12 13:58:18 +07:00
Vincent Petry	7718c9776c	Merge pull request #32113 from nextcloud/bugfix/noid/fix-csp-merging-bools Add CSP policy merge priority for booleans	2022-05-05 17:26:48 +07:00
Carl Schwan	69b36fc2c5	Don't inject Bruteforce capability info in the webui This capability do DB access and as far I know is not used by the webui. This remove one DB query for each page load. Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2022-04-07 17:33:29 +07:00
Vincent Petry	18c013d8fc	Add CSP policy merge priority for booleans When two booleans conflict when merging CSP policies, true will win. Signed-off-by: Vincent Petry <vincent@nextcloud.com>	2022-04-01 13:56:34 +07:00
Côme Chilliet	6be7aa112f	Migrate from ILogger to LoggerInterface in lib/private Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2022-03-24 16:21:25 +07:00
Robin Appelman	4f594dbf53	cache the path of the certificate bundle Signed-off-by: Robin Appelman <robin@icewind.nl>	2022-03-17 14:58:56 +07:00
Robin Appelman	a887553ddb	return default bundle when there is an error getting the bundle Signed-off-by: Robin Appelman <robin@icewind.nl>	2022-03-14 18:34:09 +07:00
Julius Härtl	a6796b4247	Fix decryption fallback after adding a secret Signed-off-by: Julius Härtl <jus@bitgrid.net>	2022-03-10 14:01:21 +07:00
Julius Härtl	81f8719cc0	Add fallback routines for empty secret cases Signed-off-by: Julius Härtl <jus@bitgrid.net>	2022-03-10 14:01:21 +07:00
Julius Härtl	bd03dd37be	Allow to set a strict-dynamic CSP through the API Signed-off-by: Julius Härtl <jus@bitgrid.net>	2022-03-09 15:10:27 +07:00
Joas Schilling	b8e0a3dbdd	Use the new option to signaling insensitivity Signed-off-by: Joas Schilling <coding@schilljs.com>	2022-02-07 13:54:54 +07:00
Joas Schilling	b59df35426	Make the DB query simpler (as we just deleted all other entries) Signed-off-by: Joas Schilling <coding@schilljs.com>	2022-01-28 16:55:17 +07:00
Joas Schilling	c6d000f87f	Log bruteforce throttle and blocking Signed-off-by: Joas Schilling <coding@schilljs.com>	2022-01-18 10:10:19 +07:00
Carl Schwan	6312c0df69	Check style update Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2022-01-13 00:19:07 +07:00
Joas Schilling	1d550ab95e	Don't query the bruteforce attempts when we just deleted them Signed-off-by: Joas Schilling <coding@schilljs.com>	2021-12-01 18:01:22 +07:00
Vincent Petry	19f41a60a0	Type hint in IpAddress Signed-off-by: Vincent Petry <vincent@nextcloud.com> Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>	2021-11-22 17:36:26 +07:00
Vincent Petry	f01ad7b8d8	Improve normalizer detecting IPv4 inside of IPv6 The subnet for an IPv4 address inside of IPv6 is now returned in its IPv4 form. Signed-off-by: Vincent Petry <vincent@nextcloud.com>	2021-11-22 16:46:25 +07:00
Vincent Petry	7e08a4ab15	Fix getting subnet of ipv4 mapped ipv6 addresses Signed-off-by: Vincent Petry <vincent@nextcloud.com>	2021-11-22 14:10:11 +07:00
Joas Schilling	c42f5bc5f6	Add an OCP for trusted domain helper Signed-off-by: Joas Schilling <coding@schilljs.com>	2021-10-28 10:24:16 +07:00
Daniel Kesselberg	240eb02585	Set associative = true for cleanup job Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2021-10-07 20:20:09 +07:00
Lukas Reschke	0dcc5c0e9f	Merge pull request #28728 from nextcloud/add-database-backend-limiter Add database ratelimiting backend	2021-09-13 13:07:37 +07:00
Lukas Reschke	474a5b55d3	Implement review feedback Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2021-09-13 11:01:35 +07:00
Lukas Reschke	358eaba7dd	Apply suggestions from code review Signed-off-by: Lukas Reschke <lukas@statuscode.ch> Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com>	2021-09-13 10:43:01 +07:00
Arthur Schiwon	0dee717c94	Confirm mails only per POST - this is to avoid automatic confirmation by certain softwares that open links Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2021-09-09 19:23:04 +07:00
Arthur Schiwon	a20de15b43	add a job to clean up expired verification tokens Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2021-09-09 14:03:35 +07:00
Arthur Schiwon	19cc757531	move verification token logic out of lost password controller - to make it reusable - needed for local email verification Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2021-09-09 14:03:29 +07:00
Lukas Reschke	471167019c	Implement PR review feedback Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2021-09-07 18:03:34 +07:00
Lukas Reschke	a915372c56	phpcs Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2021-09-06 17:50:23 +07:00
Lukas Reschke	378cc922c4	Adjust logic to store period instead of current timestamp Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2021-09-06 17:31:36 +07:00

1 2 3 4

193 Commits (0984970cd8759ae2dcd7dfdfe41d5816bf3c2948)