nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Joas Schilling	33e1c8b236	fix(security): Handle idn_to_utf8 returning false Signed-off-by: Joas Schilling <coding@schilljs.com>	2 years ago
Joas Schilling	aa5f037af7	chore: apply changes from Nextcloud coding standards 1.1.1 Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2 years ago
Ferdinand Thiessen	ecf9f0a872	fix(CSP): Only add `strict-dynamic` when using nonces Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2 years ago
Ferdinand Thiessen	e231abd9bf	fix!(ContentSecurityPolicy): Make `strict-dynamic` enabled by default on `script-src-elem` Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2 years ago
Joas Schilling	124588d4a6	fix: Make bypass function public API Signed-off-by: Joas Schilling <coding@schilljs.com>	2 years ago
Joas Schilling	fd9b2d488e	feat: Expose if the own IP is allowed to bypass bruteforce protection Signed-off-by: Joas Schilling <coding@schilljs.com>	2 years ago
Joas Schilling	a95800c647	feat(security): Add a bruteforce protection backend base on memcache Similar to the ratelimit backend Signed-off-by: Joas Schilling <coding@schilljs.com>	2 years ago
Joas Schilling	030e8d8916	fix: Align doc type with creation Signed-off-by: Joas Schilling <coding@schilljs.com>	2 years ago
Christoph Wurst	08a3f37695	chore(appframework)!: Drop \OCP\AppFramework\Http\EmptyContentSecurityPolicy::allowInlineScript Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	3 years ago
Côme Chilliet	8d5165e8dc	Adapt tests to config value typing Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	3 years ago
Joas Schilling	454281af03	feat(security): Allow to opt-out of ratelimit protection, e.g. for testing on CI Signed-off-by: Joas Schilling <coding@schilljs.com>	3 years ago
Arthur Schiwon	997c2a2a79	fix DBAL exception handling in setValues This seems to be a left over after abstracting DBAL. Nowadays, IQueryBuilder::executeStatement() only throws a \OCP\DB\Exception, where previously original DBAL exceptions where thrown. These are now wrapped, the orignal classes are now mapped to a reason. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	3 years ago
Côme Chilliet	f5c361cf44	composer run cs:fix Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	3 years ago
Côme Chilliet	0f7e56b3b3	Fix syntax in VerificationTokenTest.php Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	3 years ago
Côme Chilliet	70e2217d1c	Fix dynamic properties and other problems in tests for PHP 8.2 Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	3 years ago
Christoph Wurst	8aea25b5b9	Add remote host validation API Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	3 years ago
Côme Chilliet	6f80fe6ada	Remove deprecated at matcher from tests/lib Only 15 warnings left in there Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	3 years ago
Vincent Petry	01dbd22c9c	Validate requested length is random string generator Signed-off-by: Vincent Petry <vincent@nextcloud.com>	4 years ago
Vincent Petry	18c013d8fc	Add CSP policy merge priority for booleans When two booleans conflict when merging CSP policies, true will win. Signed-off-by: Vincent Petry <vincent@nextcloud.com>	4 years ago
Côme Chilliet	61f7f13bd8	Migrate from ILogger to LoggerInterface where needed in the tests Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	4 years ago
Julius Härtl	bd03dd37be	Allow to set a strict-dynamic CSP through the API Signed-off-by: Julius Härtl <jus@bitgrid.net>	4 years ago
Carl Schwan	6312c0df69	Check style update Signed-off-by: Carl Schwan <carl@carlschwan.eu>	4 years ago
Vincent Petry	f01ad7b8d8	Improve normalizer detecting IPv4 inside of IPv6 The subnet for an IPv4 address inside of IPv6 is now returned in its IPv4 form. Signed-off-by: Vincent Petry <vincent@nextcloud.com>	4 years ago
Vincent Petry	7e08a4ab15	Fix getting subnet of ipv4 mapped ipv6 addresses Signed-off-by: Vincent Petry <vincent@nextcloud.com>	4 years ago
Joas Schilling	c42f5bc5f6	Add an OCP for trusted domain helper Signed-off-by: Joas Schilling <coding@schilljs.com>	4 years ago
Julius Härtl	9161f6ca4a	Remove tests that just prove mocked calls and don't actually validate anything useful Signed-off-by: Julius Härtl <jus@bitgrid.net>	4 years ago
Arthur Schiwon	a20de15b43	add a job to clean up expired verification tokens Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	4 years ago
Arthur Schiwon	19cc757531	move verification token logic out of lost password controller - to make it reusable - needed for local email verification Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	4 years ago
Lukas Reschke	6337bb3f59	Adjust tests Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	4 years ago
Lukas Reschke	378cc922c4	Adjust logic to store period instead of current timestamp Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	4 years ago
Joas Schilling	2a11713337	Update CredentialsManagerTest.php Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	5 years ago
Joas Schilling	c6978bac80	Fix security credentials manager test Signed-off-by: Joas Schilling <coding@schilljs.com>	5 years ago
J0WI	ca7b37ce5a	Make Security module strict Signed-off-by: J0WI <J0WI@users.noreply.github.com>	5 years ago
Lukas Reschke	e5a4236e68	Increase subnet matcher Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	5 years ago
dependabot-preview[bot]	eb502c02ff	Bump nextcloud/coding-standard from 0.3.0 to 0.5.0 Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 0.3.0 to 0.5.0. - [Release notes](https://github.com/nextcloud/coding-standard/releases) - [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md) - [Commits](https://github.com/nextcloud/coding-standard/compare/v0.3.0...v0.5.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	5 years ago
Christoph Wurst	8b64e92b92	Bump doctrine/dbal from 2.12.0 to 3.0.0 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	5 years ago
Morris Jobke	dc479aae2d	Improve CertificateManager to not be user context dependent * removes the ability for users to import their own certificates (for external storage) * reliably returns the same certificate bundles system wide (and not depending on the user context and available sessions) The user specific certificates were broken in some cases anyways, as they are only loaded if the specific user is logged in and thus causing unexpected behavior for background jobs and other non-user triggered code paths. Signed-off-by: Morris Jobke <hey@morrisjobke.de>	5 years ago
lynn-stephenson	a3bdb0c4cb	Implement unit tests for versions 1 and 2. Signed-off-by: lynn-stephenson <lynn.stephenson@protonmail.com>	5 years ago
Christoph Wurst	d9015a8c94	Format code to a single space around binary operators Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	5 years ago
Joas Schilling	c25063dc07	Don't break when the IP is empty Signed-off-by: Joas Schilling <coding@schilljs.com>	5 years ago
Morris Jobke	234b510652	Change PHPDoc type hint from PHPUnit_Framework_MockObject_MockObject to \PHPUnit\Framework\MockObject\MockObject Signed-off-by: Morris Jobke <hey@morrisjobke.de>	5 years ago
Roeland Jago Douma	35ff4aa1c6	Use random_bytes Since we don't care if it is human readbale. The code is backwards compatible with the old format. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
MichaIng	ad60619655	Fix Argon2 options checks The minimum for memory cost is 8 KiB per thread. Threads must be checked and set first to allow checking against the correct memory cost mimimum. Options are now applied the following way: - If config.php contains the setting with an integer higher or equal to the minimum, it is applied. - If config.php contains the setting with an integer lower than the minimum, the minimum is applied. - If config.php does not contain the setting or with no integer value, the PHP default is applied. Signed-off-by: MichaIng <micha@dietpi.com> Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
Arthur Schiwon	5437844b7e	fix credentialsManager documentation and ensure userId to be used as string Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	6 years ago
Arthur Schiwon	f6cb452037	add DB tests for credentials manager these are actually expected to FAIL, because NULL as a userid is not allowed in the schema, but documented to be used on the source Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	6 years ago
Christoph Wurst	1584c9ae9c	Add visibility to all methods and position of static keyword Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	caff1023ea	Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	afbd9c4e6e	Unify function spacing to PSR2 recommendation Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	2a529e453a	Use a blank line after the opening tag Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	41b5e5923a	Use exactly one empty line after the namespace declaration For PSR2 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago

1 2 3

112 Commits (ba94de2510b3858f10d60f0230a58b1252346372)