averello/nextcloud-server-mirror
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-02-27 18:37:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
77,085 Commits 689 Branches 1,186 Tags
2bdc97741cd42843f85750421cba032942d860ed
Commit Graph

122 Commits

Author SHA1 Message Date
Christoph Wurst
49dd79eabb refactor: Add void return type to PHPUnit test methods 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2024-09-15 22:32:31 +02:00
Daniel Kesselberg
af6de04e9e style: update codestyle for coding-standard 1.2.3 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2024-08-25 19:34:58 +02:00
Ferdinand Thiessen
127cacdd19 feat(Security): Allow setting password context for validation and generation 
Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de>
Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com>
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-22 19:16:50 +02:00
Ferdinand Thiessen
009761be58 test: Adjust tests for CSP nonce 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-13 10:06:32 +02:00
Stephan Orbaugh
9ed2d3e495 Merge pull request #46571 from nextcloud/chore/migrate-to-filenamevalidator 
refactor: Migrate some legacy and core functions to `IFilenameValidator`
 2024-07-22 10:40:50 +02:00
Ferdinand Thiessen
9716b0d735 refactor: Migrate some legacy and core functions to IFilenameValidator 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-07-19 19:41:46 +02:00
Joas Schilling
047479ccf9 feat(security): Add public API to allow validating IP Ranges and checking for "in range" 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-07-19 16:28:03 +02:00
Benjamin Gaussorgues
202e5b1e95 feat(security): restrict admin actions to IP ranges 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-07-19 16:28:03 +02:00
Christopher Ng
48b69c53dc test: Test hash validation 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2024-07-04 17:05:50 -07:00
Andy Scherzinger
1f7e2ba599 chore: Add SPDX header 
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
 2024-05-13 17:41:36 +02:00
Joas Schilling
33e1c8b236 fix(security): Handle idn_to_utf8 returning false 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-12-04 10:38:46 +01:00
Joas Schilling
aa5f037af7 chore: apply changes from Nextcloud coding standards 1.1.1 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2023-11-23 10:36:13 +01:00
Ferdinand Thiessen
ecf9f0a872 fix(CSP): Only add strict-dynamic when using nonces 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2023-11-17 22:01:02 +01:00
Ferdinand Thiessen
e231abd9bf fix!(ContentSecurityPolicy): Make strict-dynamic enabled by default on script-src-elem 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2023-11-17 14:42:36 +01:00
Joas Schilling
124588d4a6 fix: Make bypass function public API 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-08-21 16:40:24 +02:00
Joas Schilling
fd9b2d488e feat: Expose if the own IP is allowed to bypass bruteforce protection 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-08-21 16:36:04 +02:00
Joas Schilling
a95800c647 feat(security): Add a bruteforce protection backend base on memcache 
Similar to the ratelimit backend

Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-08-21 16:36:03 +02:00
Joas Schilling
030e8d8916 fix: Align doc type with creation 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-07-27 23:13:38 +02:00
Christoph Wurst
08a3f37695 chore(appframework)!: Drop \OCP\AppFramework\Http\EmptyContentSecurityPolicy::allowInlineScript 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-06-12 10:03:59 +02:00
Côme Chilliet
8d5165e8dc Adapt tests to config value typing 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-04-05 17:42:14 +02:00
Joas Schilling
c5339fa336 Merge pull request #37542 from nextcloud/bugfix/noid/allow-to-opt-out-of-ratelimit-for-testing 
feat(security): Allow to opt-out of ratelimit protection, e.g. for te…
 2023-04-03 14:19:41 +02:00
Joas Schilling
454281af03 feat(security): Allow to opt-out of ratelimit protection, e.g. for testing on CI 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-04-03 09:06:45 +02:00
Arthur Schiwon
997c2a2a79 fix DBAL exception handling in setValues 
This seems to be a left over after abstracting DBAL. Nowadays,
IQueryBuilder::executeStatement() only throws a \OCP\DB\Exception, where
previously original DBAL exceptions where thrown. These are now wrapped,
the orignal classes are now mapped to a reason.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2023-03-31 17:01:17 +02:00
Côme Chilliet
f5c361cf44 composer run cs:fix 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-20 11:45:08 +01:00
Côme Chilliet
0f7e56b3b3 Fix syntax in VerificationTokenTest.php 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-11-15 09:25:56 +01:00
Côme Chilliet
70e2217d1c Fix dynamic properties and other problems in tests for PHP 8.2 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-11-14 16:14:35 +01:00
Christoph Wurst
8aea25b5b9 Add remote host validation API 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2022-10-31 16:13:28 +01:00
Côme Chilliet
6f80fe6ada Remove deprecated at matcher from tests/lib 
Only 15 warnings left in there

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-08-29 16:36:40 +02:00
Vincent Petry
01dbd22c9c Validate requested length is random string generator 
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
 2022-05-12 13:58:18 +02:00
Vincent Petry
18c013d8fc Add CSP policy merge priority for booleans 
When two booleans conflict when merging CSP policies, true will win.

Signed-off-by: Vincent Petry <vincent@nextcloud.com>
 2022-04-01 13:56:34 +02:00
Côme Chilliet
61f7f13bd8 Migrate from ILogger to LoggerInterface where needed in the tests 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-03-24 16:21:26 +01:00
Julius Härtl
bd03dd37be Allow to set a strict-dynamic CSP through the API 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-03-09 15:10:27 +01:00
Carl Schwan
6312c0df69 Check style update 
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-01-13 00:19:07 +01:00
Vincent Petry
f01ad7b8d8 Improve normalizer detecting IPv4 inside of IPv6 
The subnet for an IPv4 address inside of IPv6 is now returned in its
IPv4 form.

Signed-off-by: Vincent Petry <vincent@nextcloud.com>
 2021-11-22 16:46:25 +01:00
Vincent Petry
7e08a4ab15 Fix getting subnet of ipv4 mapped ipv6 addresses 
Signed-off-by: Vincent Petry <vincent@nextcloud.com>
 2021-11-22 14:10:11 +01:00
Joas Schilling
c42f5bc5f6 Add an OCP for trusted domain helper 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-10-28 10:24:16 +02:00
Julius Härtl
9161f6ca4a Remove tests that just prove mocked calls and don't actually validate anything useful 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2021-09-27 14:24:48 +02:00
Lukas Reschke
0dcc5c0e9f Merge pull request #28728 from nextcloud/add-database-backend-limiter 
Add database ratelimiting backend
 2021-09-13 13:07:37 +02:00
Arthur Schiwon
a20de15b43 add a job to clean up expired verification tokens 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2021-09-09 14:03:35 +02:00
Arthur Schiwon
19cc757531 move verification token logic out of lost password controller 
- to make it reusable
- needed for local email verification

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2021-09-09 14:03:29 +02:00
Lukas Reschke
6337bb3f59 Adjust tests 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2021-09-06 17:46:02 +02:00
Lukas Reschke
378cc922c4 Adjust logic to store period instead of current timestamp 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2021-09-06 17:31:36 +02:00
Roeland Jago Douma
ee3dc57cbd Merge pull request #26626 from J0WI/strict-security 
Make Security module strict
 2021-05-18 08:43:13 +02:00
Joas Schilling
2a11713337 Update CredentialsManagerTest.php 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2021-04-21 08:33:10 +02:00
Joas Schilling
c6978bac80 Fix security credentials manager test 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-04-20 17:04:24 +02:00
J0WI
ca7b37ce5a Make Security module strict 
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
 2021-04-19 17:31:12 +02:00
Lukas Reschke
e5a4236e68 Increase subnet matcher 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2021-04-07 12:28:59 +00:00
dependabot-preview[bot]
eb502c02ff Bump nextcloud/coding-standard from 0.3.0 to 0.5.0 
Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 0.3.0 to 0.5.0.
- [Release notes](https://github.com/nextcloud/coding-standard/releases)
- [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nextcloud/coding-standard/compare/v0.3.0...v0.5.0)

Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-02-18 13:31:24 +01:00
Christoph Wurst
8b64e92b92 Bump doctrine/dbal from 2.12.0 to 3.0.0 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-01-08 11:45:19 +01:00
Morris Jobke
dc479aae2d Improve CertificateManager to not be user context dependent 
* removes the ability for users to import their own certificates (for external storage)
* reliably returns the same certificate bundles system wide (and not depending on the user context and available sessions)

The user specific certificates were broken in some cases anyways, as they are only loaded if the specific user is logged in and thus causing unexpected behavior for background jobs and other non-user triggered code paths.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-11-03 00:13:01 +01:00