42be7a5d74
fix(OCP): Add since tag for all constants
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2024-02-14 20:50:08 +07:00
aa5f037af7
chore: apply changes from Nextcloud coding standards 1.1.1
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2023-11-23 10:36:13 +07:00
e477bb7eaf
feat(appframework): Expose programmatic rate limiter
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-09-20 20:25:27 +07:00
124588d4a6
fix: Make bypass function public API
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-08-21 16:40:24 +07:00
a95800c647
feat(security): Add a bruteforce protection backend base on memcache
...
Similar to the ratelimit backend
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-08-21 16:36:03 +07:00
f5c361cf44
composer run cs:fix
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-01-20 11:45:08 +07:00
8aea25b5b9
Add remote host validation API
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2022-10-31 16:13:28 +07:00
c0f47af2d0
Add a public interface for the bruteforce throttler and register for injection
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2022-07-28 10:57:10 +07:00
c42f5bc5f6
Add an OCP for trusted domain helper
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-10-28 10:24:16 +07:00
0dee717c94
Confirm mails only per POST
...
- this is to avoid automatic confirmation by certain softwares that open
links
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2021-09-09 19:23:04 +07:00
a20de15b43
add a job to clean up expired verification tokens
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2021-09-09 14:03:35 +07:00
19cc757531
move verification token logic out of lost password controller
...
- to make it reusable
- needed for local email verification
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2021-09-09 14:03:29 +07:00
3b656446af
Introduce ISecureRandom::CHAR_ALPHANUMERIC
...
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
2021-07-08 15:11:31 +07:00
215aef3cbd
Update php licenses
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2021-06-04 22:02:41 +07:00
ca7b37ce5a
Make Security module strict
...
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
2021-04-19 17:31:12 +07:00
b5e9f7e846
Merge pull request #22432 from nextcloud/enh/phpdoc
...
Add php docs build script
2020-08-26 21:18:11 +07:00
45a474071e
Remove @package annotations from public namespace
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-08-26 16:59:40 +07:00
2a054e6c04
Update the license headers for Nextcloud 20
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-08-24 14:54:25 +07:00
35a8519591
Fix CS
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-08-19 11:20:36 +07:00
e66bc4a8a7
Send "429 Too Many Requests" in case of brute force protection
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-08-19 11:20:35 +07:00
782a2df392
Add PHP doc for events
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-08-10 14:24:24 +07:00
cb057829f7
Update license headers for 19
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-29 11:57:22 +07:00
5437844b7e
fix credentialsManager documentation and ensure userId to be used as string
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-04-15 19:34:23 +07:00
28f8eb5dba
Add visibility to all constants
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 16:54:27 +07:00
caff1023ea
Format control structures, classes, methods and function
...
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.
This also removes and empty lines from method/function bodies at the
beginning and end.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 14:19:56 +07:00
a8a06a82d2
Remove trailing whitespaces from comments
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 16:09:23 +07:00
41b5e5923a
Use exactly one empty line after the namespace declaration
...
For PSR2
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 11:48:10 +07:00
5bf3d1bb38
Update license headers
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-12-05 15:38:45 +07:00
1a886b1472
Add typed events for password_policy
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-11-27 09:56:12 +07:00
a1ef939c06
Use Symfony's new contract Event class instead of the deprecated one
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-09-12 14:44:55 +07:00
b8c5008acf
Add feature policy header
...
This adds the events and the classes to modify the feature policy.
It also adds a default restricted feature policy.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-10 14:26:22 +07:00
5ac857bcdc
Add an event to edit the CSP
...
This introduces and event that can be listend to when we actually use
the CSP. This means that apps no longer have to always inject their CSP
but only do so when it is required. Yay for being lazy.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-08 20:35:15 +07:00
767679ccf4
Remove deprecatred StringUtils class
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-05-28 22:20:23 +07:00
798b267d49
Do not use spaces in generated passwords
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-04-15 16:29:52 +07:00
372f3d2a60
Remove deprecated functions from SecureRandom
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-12-07 19:33:32 +07:00
be5c050acc
Throw exception if decryption fails
...
For #11868
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-14 12:47:35 +07:00
0e0db37658
Make OCP\Security stricter
...
* Add typehints
* Add return types
* Opcode opts from phpstorm
* Made strict
* Fixed tests: No need to test bogus values anymore strict typing fixes
this
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-16 22:01:19 +07:00
6e1ee1e7a7
Fix tests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-14 21:04:52 +07:00
de5d7aa331
Strict ISecure random
...
* Declare strict
* Scalar arguments
* Return type
* Use fully qualified name for strlen
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-13 21:39:34 +07:00
ca28df6fcc
Adds type hinting for scalar types in ICrypto->decrypt
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-13 00:06:03 +07:00
0eebff152a
Update license headers
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 16:56:19 +07:00
361d2badd8
Some phpstorm inspection fixes
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-07-22 21:10:16 +07:00
f2a2b34e46
Increase device password entropy. Use lower- and upper-case characters and digits, but exclude ambiguous characters. The number of digits has also been increased to 25.
...
Signed-off-by: Fabrizio Steiner <fabrizio.steiner@gmail.com>
2017-05-08 14:04:40 +07:00
ba87db3fcc
Fix others
2016-07-21 18:13:57 +07:00
aba539703c
Update license headers
2016-05-26 19:57:24 +07:00
f67f888d50
Move \OCP\Security to PSR-4
2016-05-18 18:28:31 +07:00
Joas Schilling
Christoph Wurst
Côme Chilliet
Arthur Schiwon
J0WI
John Molakvoæ (skjnldsv)
Roeland Jago Douma
Julius Härtl
Morris Jobke
Roeland Jago Douma
Fabrizio Steiner
Lukas Reschke
Roeland Jago Douma