nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Joas Schilling	77fddb8f23	fix(ratelimit): Allow to bypass rate-limit from bruteforce allowlist Signed-off-by: Joas Schilling <coding@schilljs.com>	2025-01-27 13:21:36 +07:00
Benjamin Gaussorgues	9f0c113135	Merge pull request #49599 from nextcloud/feat/bruteforce-max-attempts	2024-12-06 11:20:58 +07:00
Maxence Lange	a6e8d41c25	fix(signed-request): trigger metadata insert with default value manually Signed-off-by: Maxence Lange <maxence@artificial-owl.com>	2024-12-05 13:18:34 +07:00
Maxence Lange	15b72281df	fix(signatory): details on interfaces Signed-off-by: Maxence Lange <maxence@artificial-owl.com>	2024-12-04 09:30:55 +07:00
Maxence Lange	4df3155523	fix(signed-request): removing unstable from public Signed-off-by: Maxence Lange <maxence@artificial-owl.com>	2024-12-04 09:30:55 +07:00
Maxence Lange	948547bd5d	fix(ocm): signatory mapper Signed-off-by: Maxence Lange <maxence@artificial-owl.com>	2024-12-04 09:30:55 +07:00
Maxence Lange	4b06620055	feat(signatory): switch to qbmapper Signed-off-by: Maxence Lange <maxence@artificial-owl.com>	2024-12-04 09:30:55 +07:00
Maxence Lange	862a411118	fix(ocm): simpler code Signed-off-by: Maxence Lange <maxence@artificial-owl.com>	2024-12-04 09:30:55 +07:00
Maxence Lange	f08d053290	fix(ocm): switching to IdentityProof Signed-off-by: Maxence Lange <maxence@artificial-owl.com>	2024-12-04 09:30:55 +07:00
Maxence Lange	4591430c9c	feat(ocm): signing ocm requests Signed-off-by: Maxence Lange <maxence@artificial-owl.com>	2024-12-04 09:30:55 +07:00
Benjamin Gaussorgues	1fd19685f1	chore(bruteforce): allows to configure max attempts before request abort Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2024-12-03 10:48:10 +07:00
Christoph Wurst	1323e5bcb1	fix(migration): Decrypt ownCloud secrets v2 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2024-11-28 09:00:33 +07:00
Josh	077eea18b5	fix(security): Handle IPv6 zone IDs used in link-local addresses Signed-off-by: Josh <josh.t.richards@gmail.com>	2024-10-31 17:01:34 +07:00
Josh	4873dcbf1e	fix(security): Handle IPv6 zone IDs used in link-local addresses Signed-off-by: Josh <josh.t.richards@gmail.com>	2024-10-31 16:59:27 +07:00
dependabot[bot]	bb598c8451	chore(deps): Bump nextcloud/coding-standard in /vendor-bin/cs-fixer Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 1.3.1 to 1.3.2. - [Release notes](https://github.com/nextcloud/coding-standard/releases) - [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md) - [Commits](https://github.com/nextcloud/coding-standard/compare/v1.3.1...v1.3.2) --- updated-dependencies: - dependency-name: nextcloud/coding-standard dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: provokateurin <kate@provokateurin.de>	2024-10-19 07:57:35 +07:00
Ferdinand Thiessen	2ef74b9860	Merge pull request #47329 from nextcloud/feat/add-datetime-qbmapper-support feat(AppFramework): Add full support for date / time / datetime columns	2024-10-18 19:05:08 +07:00
Git'Fellow	a1681b0756	chore(db): Apply query prepared statements Fix: psalm fix: bad file fix: bug chore: add batch chore: add batch chore: add batch fix: psalm	2024-10-17 20:30:47 +07:00
Ferdinand Thiessen	db94e10af0	fix: Prevent breaking change in IQueryBuilder Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-10-17 18:31:44 +07:00
Ferdinand Thiessen	e314d52118	fix: Adjust parameter type usage and add SQLite support Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-10-17 18:31:44 +07:00
Git'Fellow	c254855222	chore(db): Correctly apply query types fix: psalm fix: error fix: add batch fix: fatal error fix: add batch chore: add batch chore: add batch fix: psalm fix: typo fix: psalm fix: return bool fix: revert Manager	2024-10-17 09:21:07 +07:00
provokateurin	54ec472d9a	fix(BackgroundJobs): Adjust intervals and time sensitivities Signed-off-by: provokateurin <kate@provokateurin.de>	2024-10-08 11:26:53 +07:00
Richard Steinmetz	19ad13571c	fix: gracefully parse non-standard trusted certificates Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>	2024-09-24 12:36:09 +07:00
provokateurin	9836e9b164	chore(deps): Update nextcloud/coding-standard to v1.3.1 Signed-off-by: provokateurin <kate@provokateurin.de>	2024-09-19 14:21:20 +07:00
Christoph Wurst	1ee833efab	refactor: Replace __CLASS__ with ::class references Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2024-09-15 21:40:55 +07:00
Anna Larch	8af7ecb257	chore: adjust code to adhere to coding standard Signed-off-by: Anna Larch <anna@nextcloud.com>	2024-09-05 21:23:38 +07:00
Daniel Kesselberg	af6de04e9e	style: update codestyle for coding-standard 1.2.3 Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2024-08-25 19:34:58 +07:00
Ferdinand Thiessen	2916e5df7e	feat: Provide CSP nonce as `<meta>` element This way we use the CSP nonce for dynamically loaded scripts. Important to notice: The CSP nonce must NOT be injected in `content` as this can lead to value exfiltration using e.g. side-channel attacts (CSS selectors). Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-08-13 10:32:44 +07:00
Ferdinand Thiessen	86f01a3358	fix: Make sure CSP nonce is not double base64 encoded Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-08-13 09:52:33 +07:00
Stephan Orbaugh	9ed2d3e495	Merge pull request #46571 from nextcloud/chore/migrate-to-filenamevalidator refactor: Migrate some legacy and core functions to `IFilenameValidator`	2024-07-22 10:40:50 +07:00
Ferdinand Thiessen	9716b0d735	refactor: Migrate some legacy and core functions to `IFilenameValidator` Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-07-19 19:41:46 +07:00
Benjamin Gaussorgues	f1d97a3188	feat(Security): add Factory for IP addresses and ranges Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2024-07-19 16:28:03 +07:00
Joas Schilling	047479ccf9	feat(security): Add public API to allow validating IP Ranges and checking for "in range" Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2024-07-19 16:28:03 +07:00
Benjamin Gaussorgues	202e5b1e95	feat(security): restrict admin actions to IP ranges Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2024-07-19 16:28:03 +07:00
Christopher Ng	415edcac9b	chore: More explicit splitHash typing Signed-off-by: Christopher Ng <chrng8@gmail.com>	2024-07-04 17:05:45 +07:00
Christopher Ng	d9bf6c432e	feat: Add method to validate an IHasher hash Signed-off-by: Christopher Ng <chrng8@gmail.com>	2024-07-04 17:05:45 +07:00
Robin Appelman	e140907123	fix: don't use custom certificate bundle if no customer certificates are configured Signed-off-by: Robin Appelman <robin@icewind.nl>	2024-06-14 16:27:41 +07:00
John Molakvoæ	258bb03cf5	Merge branch 'master' into refactor/OC-Server-getSecureRandom Signed-off-by: John Molakvoæ <skjnldsv@users.noreply.github.com>	2024-05-30 14:24:22 +07:00
Andy Scherzinger	dae7c159f7	chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>	2024-05-24 13:11:22 +07:00
Joas Schilling	b627e6efe4	fix: Correctly check result of function Signed-off-by: Joas Schilling <coding@schilljs.com>	2024-05-15 12:24:25 +07:00
Ferdinand Thiessen	5a513c924f	fix(CSP): Add CSP nonce by default and convert `browserSupportsCspV3` to blocklist Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-03-26 17:08:22 +07:00
Andrew Summers	f9ce6bfdff	Refactor `OC\Server::getHasher` Signed-off-by: Andrew Summers <18727110+summersab@users.noreply.github.com>	2024-03-15 13:04:27 +07:00
Julius Härtl	02d6d3f5b1	fix: Add edge as supported user agent for CSPv3 nonces Signed-off-by: Julius Härtl <jus@bitgrid.net>	2024-03-08 12:11:46 +07:00
Joas Schilling	33e1c8b236	fix(security): Handle idn_to_utf8 returning false Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-12-04 10:38:46 +07:00
Joas Schilling	aa5f037af7	chore: apply changes from Nextcloud coding standards 1.1.1 Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2023-11-23 10:36:13 +07:00
Ferdinand Thiessen	7df9eb3351	feat(ContentSecurityPolicy): Allow to set `strict-dynamic` on `script-src-elem` only This adds the possibility to set `strict-dynamic` on `script-src-elem` only while keep the default rules for `script-src`. The idea is to allow loading module js which imports other files and thus does not allow nonces on import but on the initial script tag. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2023-11-17 11:12:57 +07:00
Benjamin Gaussorgues	f04035caa0	Simplify IP address normalizer with IP masks Remove dead code Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2023-11-08 11:55:07 +07:00
Faraz Samapoor	f313ca92e7	Refactors lib/private/Security. Mainly using PHP8's constructor property promotion. Signed-off-by: Faraz Samapoor <fsa@adlas.at>	2023-09-27 09:03:15 +07:00
Robin Appelman	6b767e060a	Merge pull request #39013 from fsamapoor/refactor_lib_private_security_part3 [3/3] Refactors lib/private/Security	2023-09-22 11:13:44 +07:00
Faraz Samapoor	1c023e6666	Update lib/private/Security/Certificate.php Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com> Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>	2023-09-21 11:20:12 +07:00
Faraz Samapoor	f9596edb00	Updates the typed properties. Based on: https://github.com/nextcloud/server/pull/39013#discussion_r1242340826 Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com> Signed-off-by: Faraz Samapoor <fsa@adlas.at>	2023-09-21 11:20:12 +07:00

1 2 3 4 5 ...

251 Commits (b42d26b42f5ef5a4fe05af719f1183c20cb43414)