f5c361cf44
composer run cs:fix
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-01-20 11:45:08 +07:00
0f7e56b3b3
Fix syntax in VerificationTokenTest.php
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2022-11-15 09:25:56 +07:00
70e2217d1c
Fix dynamic properties and other problems in tests for PHP 8.2
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2022-11-14 16:14:35 +07:00
8aea25b5b9
Add remote host validation API
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2022-10-31 16:13:28 +07:00
6f80fe6ada
Remove deprecated at matcher from tests/lib
...
Only 15 warnings left in there
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2022-08-29 16:36:40 +07:00
01dbd22c9c
Validate requested length is random string generator
...
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
2022-05-12 13:58:18 +07:00
18c013d8fc
Add CSP policy merge priority for booleans
...
When two booleans conflict when merging CSP policies, true will win.
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
2022-04-01 13:56:34 +07:00
61f7f13bd8
Migrate from ILogger to LoggerInterface where needed in the tests
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2022-03-24 16:21:26 +07:00
bd03dd37be
Allow to set a strict-dynamic CSP through the API
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2022-03-09 15:10:27 +07:00
6312c0df69
Check style update
...
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2022-01-13 00:19:07 +07:00
f01ad7b8d8
Improve normalizer detecting IPv4 inside of IPv6
...
The subnet for an IPv4 address inside of IPv6 is now returned in its
IPv4 form.
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
2021-11-22 16:46:25 +07:00
7e08a4ab15
Fix getting subnet of ipv4 mapped ipv6 addresses
...
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
2021-11-22 14:10:11 +07:00
c42f5bc5f6
Add an OCP for trusted domain helper
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-10-28 10:24:16 +07:00
9161f6ca4a
Remove tests that just prove mocked calls and don't actually validate anything useful
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2021-09-27 14:24:48 +07:00
0dcc5c0e9f
Merge pull request #28728 from nextcloud/add-database-backend-limiter
...
Add database ratelimiting backend
2021-09-13 13:07:37 +07:00
a20de15b43
add a job to clean up expired verification tokens
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2021-09-09 14:03:35 +07:00
19cc757531
move verification token logic out of lost password controller
...
- to make it reusable
- needed for local email verification
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2021-09-09 14:03:29 +07:00
6337bb3f59
Adjust tests
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2021-09-06 17:46:02 +07:00
378cc922c4
Adjust logic to store period instead of current timestamp
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2021-09-06 17:31:36 +07:00
ee3dc57cbd
Merge pull request #26626 from J0WI/strict-security
...
Make Security module strict
2021-05-18 08:43:13 +07:00
2a11713337
Update CredentialsManagerTest.php
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2021-04-21 08:33:10 +07:00
c6978bac80
Fix security credentials manager test
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-04-20 17:04:24 +07:00
ca7b37ce5a
Make Security module strict
...
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
2021-04-19 17:31:12 +07:00
e5a4236e68
Increase subnet matcher
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2021-04-07 12:28:59 +07:00
eb502c02ff
Bump nextcloud/coding-standard from 0.3.0 to 0.5.0
...
Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard ) from 0.3.0 to 0.5.0.
- [Release notes](https://github.com/nextcloud/coding-standard/releases )
- [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md )
- [Commits](https://github.com/nextcloud/coding-standard/compare/v0.3.0...v0.5.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2021-02-18 13:31:24 +07:00
8b64e92b92
Bump doctrine/dbal from 2.12.0 to 3.0.0
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2021-01-08 11:45:19 +07:00
dc479aae2d
Improve CertificateManager to not be user context dependent
...
* removes the ability for users to import their own certificates (for external storage)
* reliably returns the same certificate bundles system wide (and not depending on the user context and available sessions)
The user specific certificates were broken in some cases anyways, as they are only loaded if the specific user is logged in and thus causing unexpected behavior for background jobs and other non-user triggered code paths.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-03 00:13:01 +07:00
a3bdb0c4cb
Implement unit tests for versions 1 and 2.
...
Signed-off-by: lynn-stephenson <lynn.stephenson@protonmail.com>
2020-10-15 21:23:24 +07:00
d9015a8c94
Format code to a single space around binary operators
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-10-05 20:25:24 +07:00
c25063dc07
Don't break when the IP is empty
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-09-10 14:20:27 +07:00
234b510652
Change PHPDoc type hint from PHPUnit_Framework_MockObject_MockObject to \PHPUnit\Framework\MockObject\MockObject
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-08-12 13:55:19 +07:00
35ff4aa1c6
Use random_bytes
...
Since we don't care if it is human readbale.
The code is backwards compatible with the old format.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-05-11 12:46:59 +07:00
ad60619655
Fix Argon2 options checks
...
The minimum for memory cost is 8 KiB per thread. Threads must be checked and set first to allow checking against the correct memory cost mimimum.
Options are now applied the following way:
- If config.php contains the setting with an integer higher or equal to the minimum, it is applied.
- If config.php contains the setting with an integer lower than the minimum, the minimum is applied.
- If config.php does not contain the setting or with no integer value, the PHP default is applied.
Signed-off-by: MichaIng <micha@dietpi.com>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-04-30 10:18:46 +07:00
5437844b7e
fix credentialsManager documentation and ensure userId to be used as string
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-04-15 19:34:23 +07:00
f6cb452037
add DB tests for credentials manager
...
these are actually expected to FAIL, because NULL as a userid is not
allowed in the schema, but documented to be used on the source
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2020-04-15 16:44:28 +07:00
1584c9ae9c
Add visibility to all methods and position of static keyword
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 16:51:06 +07:00
caff1023ea
Format control structures, classes, methods and function
...
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.
This also removes and empty lines from method/function bodies at the
beginning and end.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 14:19:56 +07:00
afbd9c4e6e
Unify function spacing to PSR2 recommendation
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 13:54:22 +07:00
2a529e453a
Use a blank line after the opening tag
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 11:50:14 +07:00
41b5e5923a
Use exactly one empty line after the namespace declaration
...
For PSR2
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 11:48:10 +07:00
463b388589
Merge pull request #20170 from nextcloud/techdebt/remove-unused-imports
...
Remove unused imports
2020-03-27 17:14:08 +07:00
b80ebc9674
Use the short array syntax, everywhere
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-26 16:34:56 +07:00
2ee65f177e
Use the shorter phpunit syntax for mocked return values
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-25 22:21:27 +07:00
74936c49ea
Remove unused imports
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-25 22:08:08 +07:00
12e1c469cf
Add Argon2id support
...
When available we should use argon2id for hashing.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-02-07 07:52:33 +07:00
0d651f106c
Allow selecting the hashing algorithm
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-02-03 21:41:17 +07:00
d05f131929
Move overwritehost check to isTrustedDomain
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2019-12-07 09:53:06 +07:00
3a7cf40aaa
Mode to modern phpunit
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-27 15:27:18 +07:00
c007ca624f
Make phpunit8 compatible
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-27 13:34:41 +07:00
68748d4f85
Some php-cs fixes
...
* Order the imports
* No leading slash on imports
* Empty line before namespace
* One line per import
* Empty after imports
* Emmpty line at bottom of file
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-22 20:52:10 +07:00
Côme Chilliet
Christoph Wurst
Vincent Petry
Julius Härtl
Carl Schwan
Joas Schilling
Lukas Reschke
Arthur Schiwon
Roeland Jago Douma
Joas Schilling
J0WI
dependabot-preview[bot]
Morris Jobke
lynn-stephenson
Roeland Jago Douma
MichaIng
Christoph Wurst