nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Joas Schilling	0f183ce8fe	fix(bfp): Trim meta data so it can still be stored Signed-off-by: Joas Schilling <coding@schilljs.com>	2025-10-22 15:45:21 +07:00
Joas Schilling	1d8556ecc3	fix(throttler): Don't query bruteforce attempts twice Signed-off-by: Joas Schilling <coding@schilljs.com>	2025-05-20 08:37:23 +07:00
Joas Schilling	7964f338dc	fix(throttler): Remove the sleep from the throttler that throws The sleep is not adding benefit when it's being aborted with 429 in other cases anyway. Signed-off-by: Joas Schilling <coding@schilljs.com>	2025-05-02 11:27:29 +07:00
Joas Schilling	c1655bcde7	fix(ratelimit): Allow to bypass rate-limit from bruteforce allowlist Signed-off-by: Joas Schilling <coding@schilljs.com>	2025-01-27 12:46:15 +07:00
Benjamin Gaussorgues	1fd19685f1	chore(bruteforce): allows to configure max attempts before request abort Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2024-12-03 10:48:10 +07:00
Git'Fellow	c254855222	chore(db): Correctly apply query types fix: psalm fix: error fix: add batch fix: fatal error fix: add batch chore: add batch chore: add batch fix: psalm fix: typo fix: psalm fix: return bool fix: revert Manager	2024-10-17 09:21:07 +07:00
provokateurin	54ec472d9a	fix(BackgroundJobs): Adjust intervals and time sensitivities Signed-off-by: provokateurin <kate@provokateurin.de>	2024-10-08 11:26:53 +07:00
provokateurin	9836e9b164	chore(deps): Update nextcloud/coding-standard to v1.3.1 Signed-off-by: provokateurin <kate@provokateurin.de>	2024-09-19 14:21:20 +07:00
Christoph Wurst	1ee833efab	refactor: Replace __CLASS__ with ::class references Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2024-09-15 21:40:55 +07:00
Daniel Kesselberg	af6de04e9e	style: update codestyle for coding-standard 1.2.3 Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2024-08-25 19:34:58 +07:00
Andy Scherzinger	dae7c159f7	chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>	2024-05-24 13:11:22 +07:00
Joas Schilling	aa5f037af7	chore: apply changes from Nextcloud coding standards 1.1.1 Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2023-11-23 10:36:13 +07:00
Faraz Samapoor	f313ca92e7	Refactors lib/private/Security. Mainly using PHP8's constructor property promotion. Signed-off-by: Faraz Samapoor <fsa@adlas.at>	2023-09-27 09:03:15 +07:00
Joas Schilling	124588d4a6	fix: Make bypass function public API Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-08-21 16:40:24 +07:00
Joas Schilling	fd9b2d488e	feat: Expose if the own IP is allowed to bypass bruteforce protection Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-08-21 16:36:04 +07:00
Joas Schilling	abc98d343c	feat(security): Add a "testing mode" for bruteforce protection that doesn't sleep Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-08-21 16:36:03 +07:00
Joas Schilling	a95800c647	feat(security): Add a bruteforce protection backend base on memcache Similar to the ratelimit backend Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-08-21 16:36:03 +07:00
Faraz Samapoor	e7cc7653b8	Refactors "strpos" calls in lib/private to improve code readability. Signed-off-by: Faraz Samapoor <fsamapoor@gmail.com>	2023-05-15 15:17:19 +07:00
Côme Chilliet	426c0341ff	Use typed version of IConfig::getSystemValue as much as possible Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-04-05 12:50:08 +07:00
Côme Chilliet	f5c361cf44	composer run cs:fix Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-01-20 11:45:08 +07:00
Joas Schilling	c0f47af2d0	Add a public interface for the bruteforce throttler and register for injection Signed-off-by: Joas Schilling <coding@schilljs.com>	2022-07-28 10:57:10 +07:00
Joas Schilling	8274c05e19	Only ignore attempts of the same action Signed-off-by: Joas Schilling <coding@schilljs.com>	2022-07-07 09:35:14 +07:00
Carl Schwan	69b36fc2c5	Don't inject Bruteforce capability info in the webui This capability do DB access and as far I know is not used by the webui. This remove one DB query for each page load. Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2022-04-07 17:33:29 +07:00
Côme Chilliet	6be7aa112f	Migrate from ILogger to LoggerInterface in lib/private Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2022-03-24 16:21:25 +07:00
Joas Schilling	b8e0a3dbdd	Use the new option to signaling insensitivity Signed-off-by: Joas Schilling <coding@schilljs.com>	2022-02-07 13:54:54 +07:00
Joas Schilling	c6d000f87f	Log bruteforce throttle and blocking Signed-off-by: Joas Schilling <coding@schilljs.com>	2022-01-18 10:10:19 +07:00
Joas Schilling	1d550ab95e	Don't query the bruteforce attempts when we just deleted them Signed-off-by: Joas Schilling <coding@schilljs.com>	2021-12-01 18:01:22 +07:00
John Molakvoæ (skjnldsv)	215aef3cbd	Update php licenses Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	2021-06-04 22:02:41 +07:00
J0WI	ca7b37ce5a	Make Security module strict Signed-off-by: J0WI <J0WI@users.noreply.github.com>	2021-04-19 17:31:12 +07:00
Christoph Wurst	d89a75be0b	Update all license headers for Nextcloud 21 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-12-16 18:48:22 +07:00
Julius Härtl	f5501ca276	Avoid checking for brute force protection capabilities when upgrading This might happen a releases that doesn't have this table yet Signed-off-by: Julius Härtl <jus@bitgrid.net>	2020-12-09 12:13:33 +07:00
Roeland Jago Douma	8fae2beece	Limit throttler to 48 hours Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2020-10-08 19:51:13 +07:00
Roeland Jago Douma	6c1b542def	Add cleanup job for old brutefoce attempts Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2020-10-08 19:51:13 +07:00
Christoph Wurst	d9015a8c94	Format code to a single space around binary operators Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-10-05 20:25:24 +07:00
Morris Jobke	99c9423766	Remove @suppress SqlInjectionChecker Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2020-09-16 15:53:56 +07:00
Joas Schilling	c25063dc07	Don't break when the IP is empty Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-09-10 14:20:27 +07:00
Christoph Wurst	2a054e6c04	Update the license headers for Nextcloud 20 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-08-24 14:54:25 +07:00
Joas Schilling	35a8519591	Fix CS Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-08-19 11:20:36 +07:00
Joas Schilling	770381c0c6	Correctly return ms delay when at max Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-08-19 11:20:36 +07:00
Joas Schilling	931aca2fee	Add missing default Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-08-19 11:20:36 +07:00
Joas Schilling	d9c4c9eb99	Simplify array filter Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-08-19 11:20:36 +07:00
Joas Schilling	dfeee3b850	Fix wrong doc + type hint Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-08-19 11:20:36 +07:00
Joas Schilling	8376c4891f	Only throw when also the last 30 mins were attacking Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-08-19 11:20:36 +07:00
Joas Schilling	6f751d01db	Make the throttling O(2^n) instead of O(n^n) Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-08-19 11:20:36 +07:00
Joas Schilling	64539a6ee1	Make Throttler strict Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-08-19 11:20:36 +07:00
Joas Schilling	c8fea66d65	Split delay calculation from getting the attempts Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-08-19 11:20:35 +07:00
Joas Schilling	cdb36c8ead	Let the database count the entries Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-08-19 11:20:35 +07:00
Joas Schilling	e66bc4a8a7	Send "429 Too Many Requests" in case of brute force protection Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-08-19 11:20:35 +07:00
Morris Jobke	e57bca31ad	Merge pull request #20005 from joeried/occ-remove-bruteforce-attempts-by-ip Implement occ command to reset bruteforce attemps from a given IP address	2020-05-25 14:04:18 +07:00
Morris Jobke	bd997a105c	Fix code style Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2020-05-25 14:03:21 +07:00

1 2

72 Commits (40c504ec2d4cd66cce8a7d74e8c65873dcbfa921)