nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Joas Schilling	51f596e0c2	test: Fix double space Signed-off-by: Joas Schilling <coding@schilljs.com>	4 months ago
Joas Schilling	894fda1a4d	ci: Update testing certificates that expired after 10 years Signed-off-by: Joas Schilling <coding@schilljs.com>	4 months ago
Marcel Müller	520d8beaf5	feat: Cache user keys Signed-off-by: Marcel Müller <marcel-mueller@gmx.de>	5 months ago
Maxence Lange	484491e7cc	fix(bruteforce): limit appconfig lazy loading Signed-off-by: Maxence Lange <maxence@artificial-owl.com>	5 months ago
Robin Appelman	aa15f9d16d	chore: run rector Signed-off-by: Robin Appelman <robin@icewind.nl>	6 months ago
Ferdinand Thiessen	5981b7eb51	chore: apply new CSFixer rules Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de> # Conflicts: # apps/settings/lib/SetupChecks/PhpOpcacheSetup.php	6 months ago
Robin Appelman	29e39c0a2e	chore: run rector on tests Signed-off-by: Robin Appelman <robin@icewind.nl>	7 months ago
Joas Schilling	f474b5b3a9	test: Fix tests/lib/Security/ Signed-off-by: Joas Schilling <coding@schilljs.com>	8 months ago
Daniel Kesselberg	a53e15c971	fix: log requests exceeding the rate limiting Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	8 months ago
Joas Schilling	b77011a918	test: Prepare more tests for PHPUnit 10 Signed-off-by: Joas Schilling <coding@schilljs.com>	8 months ago
Benjamin Gaussorgues	9f666c2b73	feat(ip): add configurable IPv6 subnet for BFP and throttling Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	9 months ago
Benjamin Gaussorgues	c4021c8d38	feat(ip): use larger IPv6 range by default Some providers assign `/48` IPv6 blocks instead of `/64` so it sounds safer to use this mask by default. Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	9 months ago
Joas Schilling	c1655bcde7	fix(ratelimit): Allow to bypass rate-limit from bruteforce allowlist Signed-off-by: Joas Schilling <coding@schilljs.com>	11 months ago
Christoph Wurst	1323e5bcb1	fix(migration): Decrypt ownCloud secrets v2 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	1 year ago
Josh	97421fb143	fix(tests): Add RemoteAddress v6 zone ID test Signed-off-by: Josh <josh.t.richards@gmail.com>	1 year ago
Richard Steinmetz	19ad13571c	fix: gracefully parse non-standard trusted certificates Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>	1 year ago
Côme Chilliet	af0b8fbd17	fix(tests): Fix tests now that trashbin listens to events properly Hooks are cleared in test bootstrap so switching to events activates them in tests. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	1 year ago
provokateurin	9836e9b164	chore(deps): Update nextcloud/coding-standard to v1.3.1 Signed-off-by: provokateurin <kate@provokateurin.de>	1 year ago
Christoph Wurst	49dd79eabb	refactor: Add void return type to PHPUnit test methods Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	1 year ago
Daniel Kesselberg	af6de04e9e	style: update codestyle for coding-standard 1.2.3 Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	1 year ago
Ferdinand Thiessen	127cacdd19	feat(Security): Allow setting password context for validation and generation Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de> Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com> Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	1 year ago
Ferdinand Thiessen	009761be58	test: Adjust tests for CSP nonce Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	1 year ago
Ferdinand Thiessen	9716b0d735	refactor: Migrate some legacy and core functions to `IFilenameValidator` Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	1 year ago
Joas Schilling	047479ccf9	feat(security): Add public API to allow validating IP Ranges and checking for "in range" Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	1 year ago
Benjamin Gaussorgues	202e5b1e95	feat(security): restrict admin actions to IP ranges Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	1 year ago
Christopher Ng	48b69c53dc	test: Test hash validation Signed-off-by: Christopher Ng <chrng8@gmail.com>	2 years ago
Andy Scherzinger	1f7e2ba599	chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>	2 years ago
Joas Schilling	33e1c8b236	fix(security): Handle idn_to_utf8 returning false Signed-off-by: Joas Schilling <coding@schilljs.com>	2 years ago
Joas Schilling	aa5f037af7	chore: apply changes from Nextcloud coding standards 1.1.1 Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2 years ago
Ferdinand Thiessen	ecf9f0a872	fix(CSP): Only add `strict-dynamic` when using nonces Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2 years ago
Ferdinand Thiessen	e231abd9bf	fix!(ContentSecurityPolicy): Make `strict-dynamic` enabled by default on `script-src-elem` Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2 years ago
Joas Schilling	124588d4a6	fix: Make bypass function public API Signed-off-by: Joas Schilling <coding@schilljs.com>	2 years ago
Joas Schilling	fd9b2d488e	feat: Expose if the own IP is allowed to bypass bruteforce protection Signed-off-by: Joas Schilling <coding@schilljs.com>	2 years ago
Joas Schilling	a95800c647	feat(security): Add a bruteforce protection backend base on memcache Similar to the ratelimit backend Signed-off-by: Joas Schilling <coding@schilljs.com>	2 years ago
Joas Schilling	030e8d8916	fix: Align doc type with creation Signed-off-by: Joas Schilling <coding@schilljs.com>	2 years ago
Christoph Wurst	08a3f37695	chore(appframework)!: Drop \OCP\AppFramework\Http\EmptyContentSecurityPolicy::allowInlineScript Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	3 years ago
Côme Chilliet	8d5165e8dc	Adapt tests to config value typing Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	3 years ago
Joas Schilling	454281af03	feat(security): Allow to opt-out of ratelimit protection, e.g. for testing on CI Signed-off-by: Joas Schilling <coding@schilljs.com>	3 years ago
Arthur Schiwon	997c2a2a79	fix DBAL exception handling in setValues This seems to be a left over after abstracting DBAL. Nowadays, IQueryBuilder::executeStatement() only throws a \OCP\DB\Exception, where previously original DBAL exceptions where thrown. These are now wrapped, the orignal classes are now mapped to a reason. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	3 years ago
Côme Chilliet	f5c361cf44	composer run cs:fix Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	3 years ago
Côme Chilliet	0f7e56b3b3	Fix syntax in VerificationTokenTest.php Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	3 years ago
Côme Chilliet	70e2217d1c	Fix dynamic properties and other problems in tests for PHP 8.2 Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	3 years ago
Christoph Wurst	8aea25b5b9	Add remote host validation API Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	3 years ago
Côme Chilliet	6f80fe6ada	Remove deprecated at matcher from tests/lib Only 15 warnings left in there Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	3 years ago
Vincent Petry	01dbd22c9c	Validate requested length is random string generator Signed-off-by: Vincent Petry <vincent@nextcloud.com>	4 years ago
Vincent Petry	18c013d8fc	Add CSP policy merge priority for booleans When two booleans conflict when merging CSP policies, true will win. Signed-off-by: Vincent Petry <vincent@nextcloud.com>	4 years ago
Côme Chilliet	61f7f13bd8	Migrate from ILogger to LoggerInterface where needed in the tests Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	4 years ago
Julius Härtl	bd03dd37be	Allow to set a strict-dynamic CSP through the API Signed-off-by: Julius Härtl <jus@bitgrid.net>	4 years ago
Carl Schwan	6312c0df69	Check style update Signed-off-by: Carl Schwan <carl@carlschwan.eu>	4 years ago
Vincent Petry	f01ad7b8d8	Improve normalizer detecting IPv4 inside of IPv6 The subnet for an IPv4 address inside of IPv6 is now returned in its IPv4 form. Signed-off-by: Vincent Petry <vincent@nextcloud.com>	4 years ago

1 2 3

141 Commits (2bc77a3c5aff352cdc19aa683bbb36da2ff20b01)