sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
79,796 Commits
616 Branches
1167 Tags
8.9 GiB
Commit Graph

129 Commits (92795b2091be4d87483605aecb00c2e9f78c660a)

Author SHA1 Message Date
Joas Schilling c1655bcde7
fix(ratelimit): Allow to bypass rate-limit from bruteforce allowlist 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-01-27 12:46:15 +07:00
Christoph Wurst 1323e5bcb1
fix(migration): Decrypt ownCloud secrets v2 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2024-11-28 09:00:33 +07:00
Josh 97421fb143
fix(tests): Add RemoteAddress v6 zone ID test 
Signed-off-by: Josh <josh.t.richards@gmail.com>
 2024-11-04 09:30:21 +07:00
Côme Chilliet 280f6df66c
Merge pull request #32018 from nextcloud/cleanup/event/trashbin 
Port files trashbin events to IEventDispatcher/IEventListener
 2024-09-24 17:15:39 +07:00
Richard Steinmetz 19ad13571c
fix: gracefully parse non-standard trusted certificates 
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
 2024-09-24 12:36:09 +07:00
Côme Chilliet af0b8fbd17
fix(tests): Fix tests now that trashbin listens to events properly 
Hooks are cleared in test bootstrap so switching to events activates
 them in tests.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-09-23 18:13:29 +07:00
provokateurin 9836e9b164
chore(deps): Update nextcloud/coding-standard to v1.3.1 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-09-19 14:21:20 +07:00
Christoph Wurst 49dd79eabb
refactor: Add void return type to PHPUnit test methods 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2024-09-15 22:32:31 +07:00
Daniel Kesselberg af6de04e9e
style: update codestyle for coding-standard 1.2.3 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2024-08-25 19:34:58 +07:00
Ferdinand Thiessen 127cacdd19
feat(Security): Allow setting password context for validation and generation 
Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de>
Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com>
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-22 19:16:50 +07:00
Ferdinand Thiessen 009761be58
test: Adjust tests for CSP nonce 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-13 10:06:32 +07:00
Stephan Orbaugh 9ed2d3e495
Merge pull request #46571 from nextcloud/chore/migrate-to-filenamevalidator 
refactor: Migrate some legacy and core functions to `IFilenameValidator`
 2024-07-22 10:40:50 +07:00
Ferdinand Thiessen 9716b0d735 refactor: Migrate some legacy and core functions to `IFilenameValidator` 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-07-19 19:41:46 +07:00
Joas Schilling 047479ccf9
feat(security): Add public API to allow validating IP Ranges and checking for "in range" 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-07-19 16:28:03 +07:00
Benjamin Gaussorgues 202e5b1e95
feat(security): restrict admin actions to IP ranges 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-07-19 16:28:03 +07:00
Christopher Ng 48b69c53dc test: Test hash validation 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2024-07-04 17:05:50 +07:00
Andy Scherzinger 1f7e2ba599
chore: Add SPDX header 
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
 2024-05-13 17:41:36 +07:00
Joas Schilling 33e1c8b236
fix(security): Handle idn_to_utf8 returning false 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-12-04 10:38:46 +07:00
Joas Schilling aa5f037af7
chore: apply changes from Nextcloud coding standards 1.1.1 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2023-11-23 10:36:13 +07:00
Ferdinand Thiessen ecf9f0a872
fix(CSP): Only add `strict-dynamic` when using nonces 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2023-11-17 22:01:02 +07:00
Ferdinand Thiessen e231abd9bf
fix!(ContentSecurityPolicy): Make `strict-dynamic` enabled by default on `script-src-elem` 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2023-11-17 14:42:36 +07:00
Joas Schilling 124588d4a6
fix: Make bypass function public API 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-08-21 16:40:24 +07:00
Joas Schilling fd9b2d488e
feat: Expose if the own IP is allowed to bypass bruteforce protection 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-08-21 16:36:04 +07:00
Joas Schilling a95800c647
feat(security): Add a bruteforce protection backend base on memcache 
Similar to the ratelimit backend

Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-08-21 16:36:03 +07:00
Joas Schilling 030e8d8916
fix: Align doc type with creation 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-07-27 23:13:38 +07:00
Christoph Wurst 08a3f37695
chore(appframework)!: Drop \OCP\AppFramework\Http\EmptyContentSecurityPolicy::allowInlineScript 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-06-12 10:03:59 +07:00
Côme Chilliet 8d5165e8dc
Adapt tests to config value typing 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-04-05 17:42:14 +07:00
Joas Schilling c5339fa336
Merge pull request #37542 from nextcloud/bugfix/noid/allow-to-opt-out-of-ratelimit-for-testing 
feat(security): Allow to opt-out of ratelimit protection, e.g. for te…
 2023-04-03 14:19:41 +07:00
Joas Schilling 454281af03
feat(security): Allow to opt-out of ratelimit protection, e.g. for testing on CI 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-04-03 09:06:45 +07:00
Arthur Schiwon 997c2a2a79
fix DBAL exception handling in setValues 
This seems to be a left over after abstracting DBAL. Nowadays,
IQueryBuilder::executeStatement() only throws a \OCP\DB\Exception, where
previously original DBAL exceptions where thrown. These are now wrapped,
the orignal classes are now mapped to a reason.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2023-03-31 17:01:17 +07:00
Côme Chilliet f5c361cf44
composer run cs:fix 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-20 11:45:08 +07:00
Côme Chilliet 0f7e56b3b3
Fix syntax in VerificationTokenTest.php 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-11-15 09:25:56 +07:00
Côme Chilliet 70e2217d1c
Fix dynamic properties and other problems in tests for PHP 8.2 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-11-14 16:14:35 +07:00
Christoph Wurst 8aea25b5b9
Add remote host validation API 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2022-10-31 16:13:28 +07:00
Côme Chilliet 6f80fe6ada
Remove deprecated at matcher from tests/lib 
Only 15 warnings left in there

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-08-29 16:36:40 +07:00
Vincent Petry 01dbd22c9c
Validate requested length is random string generator 
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
 2022-05-12 13:58:18 +07:00
Vincent Petry 18c013d8fc
Add CSP policy merge priority for booleans 
When two booleans conflict when merging CSP policies, true will win.

Signed-off-by: Vincent Petry <vincent@nextcloud.com>
 2022-04-01 13:56:34 +07:00
Côme Chilliet 61f7f13bd8
Migrate from ILogger to LoggerInterface where needed in the tests 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-03-24 16:21:26 +07:00
Julius Härtl bd03dd37be
Allow to set a strict-dynamic CSP through the API 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-03-09 15:10:27 +07:00
Carl Schwan 6312c0df69
Check style update 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-01-13 00:19:07 +07:00
Vincent Petry f01ad7b8d8
Improve normalizer detecting IPv4 inside of IPv6 
The subnet for an IPv4 address inside of IPv6 is now returned in its
IPv4 form.

Signed-off-by: Vincent Petry <vincent@nextcloud.com>
 2021-11-22 16:46:25 +07:00
Vincent Petry 7e08a4ab15
Fix getting subnet of ipv4 mapped ipv6 addresses 
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
 2021-11-22 14:10:11 +07:00
Joas Schilling c42f5bc5f6
Add an OCP for trusted domain helper 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-10-28 10:24:16 +07:00
Julius Härtl 9161f6ca4a Remove tests that just prove mocked calls and don't actually validate anything useful 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2021-09-27 14:24:48 +07:00
Lukas Reschke 0dcc5c0e9f
Merge pull request #28728 from nextcloud/add-database-backend-limiter 
Add database ratelimiting backend
 2021-09-13 13:07:37 +07:00
Arthur Schiwon a20de15b43
add a job to clean up expired verification tokens 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2021-09-09 14:03:35 +07:00
Arthur Schiwon 19cc757531
move verification token logic out of lost password controller 
- to make it reusable
- needed for local email verification

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2021-09-09 14:03:29 +07:00
Lukas Reschke 6337bb3f59 Adjust tests 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2021-09-06 17:46:02 +07:00
Lukas Reschke 378cc922c4 Adjust logic to store period instead of current timestamp 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2021-09-06 17:31:36 +07:00
Roeland Jago Douma ee3dc57cbd
Merge pull request #26626 from J0WI/strict-security 
Make Security module strict
 2021-05-18 08:43:13 +07:00