nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Daniel Kesselberg	af6de04e9e	style: update codestyle for coding-standard 1.2.3 Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2024-08-25 19:34:58 +07:00
Ferdinand Thiessen	127cacdd19	feat(Security): Allow setting password context for validation and generation Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de> Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com> Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-08-22 19:16:50 +07:00
Ferdinand Thiessen	009761be58	test: Adjust tests for CSP nonce Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-08-13 10:06:32 +07:00
Stephan Orbaugh	9ed2d3e495	Merge pull request #46571 from nextcloud/chore/migrate-to-filenamevalidator refactor: Migrate some legacy and core functions to `IFilenameValidator`	2024-07-22 10:40:50 +07:00
Ferdinand Thiessen	9716b0d735	refactor: Migrate some legacy and core functions to `IFilenameValidator` Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-07-19 19:41:46 +07:00
Joas Schilling	047479ccf9	feat(security): Add public API to allow validating IP Ranges and checking for "in range" Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2024-07-19 16:28:03 +07:00
Benjamin Gaussorgues	202e5b1e95	feat(security): restrict admin actions to IP ranges Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2024-07-19 16:28:03 +07:00
Christopher Ng	48b69c53dc	test: Test hash validation Signed-off-by: Christopher Ng <chrng8@gmail.com>	2024-07-04 17:05:50 +07:00
Andy Scherzinger	1f7e2ba599	chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>	2024-05-13 17:41:36 +07:00
Joas Schilling	33e1c8b236	fix(security): Handle idn_to_utf8 returning false Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-12-04 10:38:46 +07:00
Joas Schilling	aa5f037af7	chore: apply changes from Nextcloud coding standards 1.1.1 Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2023-11-23 10:36:13 +07:00
Ferdinand Thiessen	ecf9f0a872	fix(CSP): Only add `strict-dynamic` when using nonces Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2023-11-17 22:01:02 +07:00
Ferdinand Thiessen	e231abd9bf	fix!(ContentSecurityPolicy): Make `strict-dynamic` enabled by default on `script-src-elem` Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2023-11-17 14:42:36 +07:00
Joas Schilling	124588d4a6	fix: Make bypass function public API Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-08-21 16:40:24 +07:00
Joas Schilling	fd9b2d488e	feat: Expose if the own IP is allowed to bypass bruteforce protection Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-08-21 16:36:04 +07:00
Joas Schilling	a95800c647	feat(security): Add a bruteforce protection backend base on memcache Similar to the ratelimit backend Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-08-21 16:36:03 +07:00
Joas Schilling	030e8d8916	fix: Align doc type with creation Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-07-27 23:13:38 +07:00
Christoph Wurst	08a3f37695	chore(appframework)!: Drop \OCP\AppFramework\Http\EmptyContentSecurityPolicy::allowInlineScript Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-06-12 10:03:59 +07:00
Côme Chilliet	8d5165e8dc	Adapt tests to config value typing Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-04-05 17:42:14 +07:00
Joas Schilling	c5339fa336	Merge pull request #37542 from nextcloud/bugfix/noid/allow-to-opt-out-of-ratelimit-for-testing feat(security): Allow to opt-out of ratelimit protection, e.g. for te…	2023-04-03 14:19:41 +07:00
Joas Schilling	454281af03	feat(security): Allow to opt-out of ratelimit protection, e.g. for testing on CI Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-04-03 09:06:45 +07:00
Arthur Schiwon	997c2a2a79	fix DBAL exception handling in setValues This seems to be a left over after abstracting DBAL. Nowadays, IQueryBuilder::executeStatement() only throws a \OCP\DB\Exception, where previously original DBAL exceptions where thrown. These are now wrapped, the orignal classes are now mapped to a reason. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2023-03-31 17:01:17 +07:00
Côme Chilliet	f5c361cf44	composer run cs:fix Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-01-20 11:45:08 +07:00
Côme Chilliet	0f7e56b3b3	Fix syntax in VerificationTokenTest.php Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2022-11-15 09:25:56 +07:00
Côme Chilliet	70e2217d1c	Fix dynamic properties and other problems in tests for PHP 8.2 Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2022-11-14 16:14:35 +07:00
Christoph Wurst	8aea25b5b9	Add remote host validation API Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2022-10-31 16:13:28 +07:00
Côme Chilliet	6f80fe6ada	Remove deprecated at matcher from tests/lib Only 15 warnings left in there Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2022-08-29 16:36:40 +07:00
Vincent Petry	01dbd22c9c	Validate requested length is random string generator Signed-off-by: Vincent Petry <vincent@nextcloud.com>	2022-05-12 13:58:18 +07:00
Vincent Petry	18c013d8fc	Add CSP policy merge priority for booleans When two booleans conflict when merging CSP policies, true will win. Signed-off-by: Vincent Petry <vincent@nextcloud.com>	2022-04-01 13:56:34 +07:00
Côme Chilliet	61f7f13bd8	Migrate from ILogger to LoggerInterface where needed in the tests Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2022-03-24 16:21:26 +07:00
Julius Härtl	bd03dd37be	Allow to set a strict-dynamic CSP through the API Signed-off-by: Julius Härtl <jus@bitgrid.net>	2022-03-09 15:10:27 +07:00
Carl Schwan	6312c0df69	Check style update Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2022-01-13 00:19:07 +07:00
Vincent Petry	f01ad7b8d8	Improve normalizer detecting IPv4 inside of IPv6 The subnet for an IPv4 address inside of IPv6 is now returned in its IPv4 form. Signed-off-by: Vincent Petry <vincent@nextcloud.com>	2021-11-22 16:46:25 +07:00
Vincent Petry	7e08a4ab15	Fix getting subnet of ipv4 mapped ipv6 addresses Signed-off-by: Vincent Petry <vincent@nextcloud.com>	2021-11-22 14:10:11 +07:00
Joas Schilling	c42f5bc5f6	Add an OCP for trusted domain helper Signed-off-by: Joas Schilling <coding@schilljs.com>	2021-10-28 10:24:16 +07:00
Julius Härtl	9161f6ca4a	Remove tests that just prove mocked calls and don't actually validate anything useful Signed-off-by: Julius Härtl <jus@bitgrid.net>	2021-09-27 14:24:48 +07:00
Lukas Reschke	0dcc5c0e9f	Merge pull request #28728 from nextcloud/add-database-backend-limiter Add database ratelimiting backend	2021-09-13 13:07:37 +07:00
Arthur Schiwon	a20de15b43	add a job to clean up expired verification tokens Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2021-09-09 14:03:35 +07:00
Arthur Schiwon	19cc757531	move verification token logic out of lost password controller - to make it reusable - needed for local email verification Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2021-09-09 14:03:29 +07:00
Lukas Reschke	6337bb3f59	Adjust tests Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2021-09-06 17:46:02 +07:00
Lukas Reschke	378cc922c4	Adjust logic to store period instead of current timestamp Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2021-09-06 17:31:36 +07:00
Roeland Jago Douma	ee3dc57cbd	Merge pull request #26626 from J0WI/strict-security Make Security module strict	2021-05-18 08:43:13 +07:00
Joas Schilling	2a11713337	Update CredentialsManagerTest.php Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2021-04-21 08:33:10 +07:00
Joas Schilling	c6978bac80	Fix security credentials manager test Signed-off-by: Joas Schilling <coding@schilljs.com>	2021-04-20 17:04:24 +07:00
J0WI	ca7b37ce5a	Make Security module strict Signed-off-by: J0WI <J0WI@users.noreply.github.com>	2021-04-19 17:31:12 +07:00
Lukas Reschke	e5a4236e68	Increase subnet matcher Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2021-04-07 12:28:59 +07:00
dependabot-preview[bot]	eb502c02ff	Bump nextcloud/coding-standard from 0.3.0 to 0.5.0 Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 0.3.0 to 0.5.0. - [Release notes](https://github.com/nextcloud/coding-standard/releases) - [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md) - [Commits](https://github.com/nextcloud/coding-standard/compare/v0.3.0...v0.5.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2021-02-18 13:31:24 +07:00
Christoph Wurst	8b64e92b92	Bump doctrine/dbal from 2.12.0 to 3.0.0 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2021-01-08 11:45:19 +07:00
Morris Jobke	dc479aae2d	Improve CertificateManager to not be user context dependent * removes the ability for users to import their own certificates (for external storage) * reliably returns the same certificate bundles system wide (and not depending on the user context and available sessions) The user specific certificates were broken in some cases anyways, as they are only loaded if the specific user is logged in and thus causing unexpected behavior for background jobs and other non-user triggered code paths. Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2020-11-03 00:13:01 +07:00
lynn-stephenson	a3bdb0c4cb	Implement unit tests for versions 1 and 2. Signed-off-by: lynn-stephenson <lynn.stephenson@protonmail.com>	2020-10-15 21:23:24 +07:00

1 2 3

121 Commits (d92bf388b1c553ecd6bfb2a7400b990dcafe9c54)