4f583f073c
Merge pull request #52881 from nextcloud/backport/50234/stable30
...
[stable30] fix(ratelimit): Allow to bypass rate-limit from bruteforce allowlist
2025-05-16 13:17:22 +07:00
b6a8287ce1
fix(ratelimit): Allow to bypass rate-limit from bruteforce allowlist
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2025-05-15 17:52:02 +07:00
0edd50647e
fix: log requests exceeding the rate limiting
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2025-05-14 12:55:05 +07:00
832f79ac93
chore: apply code style
...
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2025-04-30 19:04:59 +07:00
588b191f3d
fix(32bit): use `PHP_INT_MAX` where needed
...
* Typo from https://github.com/nextcloud/server/pull/52392
`0xFFFF` is only 2 bytes, but we need either `0xFFFFFFFF` or maybe a bit
easier to read `PHP_INT_MAX`.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2025-04-28 19:23:37 +07:00
b27d92537e
fix(32bit): make `pack` compatible with 32bit PHP
...
The `P` formatter is 64bit only - we need to manually pack the 64bit.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2025-04-28 19:23:37 +07:00
db71a2b2c9
feat(ip): add configurable IPv6 subnet for BFP and throttling
...
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2025-04-24 09:41:32 +07:00
bad8f54232
feat(ip): use larger IPv6 range by default
...
Some providers assign `/48` IPv6 blocks instead of `/64` so it sounds safer
to use this mask by default.
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2025-04-08 11:30:15 +07:00
b385520f21
fix(migration): Decrypt ownCloud secrets v2
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2024-11-28 09:43:47 +07:00
a7f5b452d1
fix(BackgroundJobs): Adjust intervals and time sensitivities
...
Signed-off-by: provokateurin <kate@provokateurin.de>
2024-11-25 08:38:58 +07:00
fa17ed6fb4
fix(tests): Add IpAddressClassifier v6 zone ID test
...
Signed-off-by: Josh <josh.t.richards@gmail.com>
2024-11-07 09:30:06 +07:00
5fd9c03d18
fix(security): Handle IPv6 zone IDs used in link-local addresses
...
Signed-off-by: Josh <josh.t.richards@gmail.com>
2024-11-06 08:19:56 +07:00
b059bc970b
fix(security): Handle IPv6 zone IDs used in link-local addresses
...
Signed-off-by: Josh <josh.t.richards@gmail.com>
2024-11-06 08:19:56 +07:00
c4ffd84439
fix: gracefully parse non-standard trusted certificates
...
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
2024-09-30 09:11:42 +07:00
2916e5df7e
feat: Provide CSP nonce as `<meta>` element
...
This way we use the CSP nonce for dynamically loaded scripts.
Important to notice: The CSP nonce must NOT be injected in `content` as
this can lead to value exfiltration using e.g. side-channel attacts (CSS selectors).
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-08-13 10:32:44 +07:00
86f01a3358
fix: Make sure CSP nonce is not double base64 encoded
...
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-08-13 09:52:33 +07:00
9ed2d3e495
Merge pull request #46571 from nextcloud/chore/migrate-to-filenamevalidator
...
refactor: Migrate some legacy and core functions to `IFilenameValidator`
2024-07-22 10:40:50 +07:00
9716b0d735
refactor: Migrate some legacy and core functions to `IFilenameValidator`
...
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-07-19 19:41:46 +07:00
f1d97a3188
feat(Security): add Factory for IP addresses and ranges
...
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2024-07-19 16:28:03 +07:00
047479ccf9
feat(security): Add public API to allow validating IP Ranges and checking for "in range"
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2024-07-19 16:28:03 +07:00
202e5b1e95
feat(security): restrict admin actions to IP ranges
...
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2024-07-19 16:28:03 +07:00
415edcac9b
chore: More explicit splitHash typing
...
Signed-off-by: Christopher Ng <chrng8@gmail.com>
2024-07-04 17:05:45 +07:00
d9bf6c432e
feat: Add method to validate an IHasher hash
...
Signed-off-by: Christopher Ng <chrng8@gmail.com>
2024-07-04 17:05:45 +07:00
e140907123
fix: don't use custom certificate bundle if no customer certificates are configured
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2024-06-14 16:27:41 +07:00
258bb03cf5
Merge branch 'master' into refactor/OC-Server-getSecureRandom
...
Signed-off-by: John Molakvoæ <skjnldsv@users.noreply.github.com>
2024-05-30 14:24:22 +07:00
dae7c159f7
chore: Add SPDX header
...
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
2024-05-24 13:11:22 +07:00
b627e6efe4
fix: Correctly check result of function
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2024-05-15 12:24:25 +07:00
5a513c924f
fix(CSP): Add CSP nonce by default and convert `browserSupportsCspV3` to blocklist
...
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-03-26 17:08:22 +07:00
f9ce6bfdff
Refactor `OC\Server::getHasher`
...
Signed-off-by: Andrew Summers <18727110+summersab@users.noreply.github.com>
2024-03-15 13:04:27 +07:00
02d6d3f5b1
fix: Add edge as supported user agent for CSPv3 nonces
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2024-03-08 12:11:46 +07:00
33e1c8b236
fix(security): Handle idn_to_utf8 returning false
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-12-04 10:38:46 +07:00
aa5f037af7
chore: apply changes from Nextcloud coding standards 1.1.1
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2023-11-23 10:36:13 +07:00
7df9eb3351
feat(ContentSecurityPolicy): Allow to set `strict-dynamic` on `script-src-elem` only
...
This adds the possibility to set `strict-dynamic` on `script-src-elem` only while keep the default rules for `script-src`.
The idea is to allow loading module js which imports other files and thus does not allow nonces on import but on the initial script tag.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2023-11-17 11:12:57 +07:00
f04035caa0
Simplify IP address normalizer with IP masks
...
Remove dead code
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2023-11-08 11:55:07 +07:00
f313ca92e7
Refactors lib/private/Security.
...
Mainly using PHP8's constructor property promotion.
Signed-off-by: Faraz Samapoor <fsa@adlas.at>
2023-09-27 09:03:15 +07:00
6b767e060a
Merge pull request #39013 from fsamapoor/refactor_lib_private_security_part3
...
[3/3] Refactors lib/private/Security
2023-09-22 11:13:44 +07:00
1c023e6666
Update lib/private/Security/Certificate.php
...
Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>
2023-09-21 11:20:12 +07:00
f9596edb00
Updates the typed properties.
...
Based on: https://github.com/nextcloud/server/pull/39013#discussion_r1242340826
Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
Signed-off-by: Faraz Samapoor <fsa@adlas.at>
2023-09-21 11:20:12 +07:00
4f46656d39
Refactors lib/private/Security.
...
Mainly using PHP8's constructor property promotion.
Signed-off-by: Faraz Samapoor <fsa@adlas.at>
2023-09-21 11:20:12 +07:00
e477bb7eaf
feat(appframework): Expose programmatic rate limiter
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-09-20 20:25:27 +07:00
1395a53602
Refactor `OC\Server::getSecureRandom`
...
Signed-off-by: Andrew Summers <18727110+summersab@users.noreply.github.com>
2023-08-29 21:32:40 +07:00
124588d4a6
fix: Make bypass function public API
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-08-21 16:40:24 +07:00
fd9b2d488e
feat: Expose if the own IP is allowed to bypass bruteforce protection
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-08-21 16:36:04 +07:00
abc98d343c
feat(security): Add a "testing mode" for bruteforce protection that doesn't sleep
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-08-21 16:36:03 +07:00
a95800c647
feat(security): Add a bruteforce protection backend base on memcache
...
Similar to the ratelimit backend
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-08-21 16:36:03 +07:00
41f2d912d2
Allow "wasm-unsafe-eval" in CSP
...
If a page has a Content Security Policy header and the `script-src` (or
`default-src`) directive does not contain neither `wasm-unsafe-eval` nor
`unsafe-eval` loading and executing WebAssembly is blocked in the page
(although it is still possible to load and execute WebAssembly in a
worker thread).
Although the Nextcloud classes to manage the CSP already supported
allowing `unsafe-eval` this affects not only WebAssembly, but also the
`eval` operation in JavaScript.
To make possible to allow WebAssembly execution without allowing
JavaScript `eval` this commit adds support for allowing
`wasm-unsafe-eval`.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2023-08-10 02:38:41 +07:00
e73757b4a5
Refactors lib/private/Security.
...
Mainly using PHP8's constructor property promotion.
Signed-off-by: Faraz Samapoor <fsa@adlas.at>
2023-06-26 15:03:13 +07:00
9f1d497a0b
Merge pull request #38261 from fsamapoor/replace_strpos_calls_in_lib_private
...
Refactors "strpos" calls in lib/private to improve code readability.
2023-06-01 23:10:00 +07:00
223612b15a
log failures to read certificates during listing
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2023-05-31 14:40:45 +07:00
e7cc7653b8
Refactors "strpos" calls in lib/private to improve code readability.
...
Signed-off-by: Faraz Samapoor <fsamapoor@gmail.com>
2023-05-15 15:17:19 +07:00
Daniel
Joas Schilling
Ferdinand Thiessen
Benjamin Gaussorgues
Christoph Wurst
provokateurin
Josh
Richard Steinmetz
Stephan Orbaugh
Christopher Ng
Robin Appelman
John Molakvoæ
Andy Scherzinger
Andrew Summers
Julius Härtl
Faraz Samapoor
Daniel Calviño Sánchez
Faraz Samapoor
Faraz Samapoor