aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/Security
Commit message (Collapse)AuthorAgeFilesLines
...
* Format code to a single space around binary operatorsChristoph Wurst2020-10-052-4/+4
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Remove @suppress SqlInjectionCheckerMorris Jobke2020-09-161-1/+0
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Don't break when the IP is emptyJoas Schilling2020-09-101-0/+4
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Update the license headers for Nextcloud 20Christoph Wurst2020-08-244-1/+6
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix CSJoas Schilling2020-08-191-0/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Correctly return ms delay when at maxJoas Schilling2020-08-191-3/+4
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Add missing defaultJoas Schilling2020-08-191-1/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Simplify array filterJoas Schilling2020-08-191-2/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Fix wrong doc + type hintJoas Schilling2020-08-191-2/+2
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Only throw when also the last 30 mins were attackingJoas Schilling2020-08-191-8/+9
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Make the throttling O(2^n) instead of O(n^n)Joas Schilling2020-08-191-9/+9
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Make Throttler strictJoas Schilling2020-08-191-9/+10
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Split delay calculation from getting the attemptsJoas Schilling2020-08-191-5/+17
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Let the database count the entriesJoas Schilling2020-08-191-2/+6
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Send "429 Too Many Requests" in case of brute force protectionJoas Schilling2020-08-191-1/+21
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Prefer typed event over string based onesMorris Jobke2020-08-102-2/+2
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Merge pull request #20005 from joeried/occ-remove-bruteforce-attempts-by-ipMorris Jobke2020-05-251-6/+29
|\ | | | | Implement occ command to reset bruteforce attemps from a given IP address
| * Fix code styleMorris Jobke2020-05-251-1/+1
| | | | | | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
| * Implement occ command security:bruteforceattemps:reset-for-ipJohannes Riedel2020-03-191-6/+29
| | | | | | | | Signed-off-by: Johannes Riedel <joeried@users.noreply.github.com>
* | Use random_bytesRoeland Jago Douma2020-05-111-7/+13
| | | | | | | | | | | | | | Since we don't care if it is human readbale. The code is backwards compatible with the old format. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Apply Argon2 options for Argon2id hashing as wellMichaIng2020-05-011-1/+1
| | | | | | Signed-off-by: MichaIng <micha@dietpi.com>
* | Fix Argon2 options checksMichaIng2020-04-301-10/+5
| | | | | | | | | | | | | | | | | | | | | | The minimum for memory cost is 8 KiB per thread. Threads must be checked and set first to allow checking against the correct memory cost mimimum. Options are now applied the following way: - If config.php contains the setting with an integer higher or equal to the minimum, it is applied. - If config.php contains the setting with an integer lower than the minimum, the minimum is applied. - If config.php does not contain the setting or with no integer value, the PHP default is applied. Signed-off-by: MichaIng <micha@dietpi.com> Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Update license headers for 19Christoph Wurst2020-04-2915-1/+16
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | fix credentialsManager documentation and ensure userId to be used as stringArthur Schiwon2020-04-151-6/+6
| | | | | | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | Add visibility to all constantsChristoph Wurst2020-04-102-2/+2
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Format control structures, classes, methods and functionChristoph Wurst2020-04-1018-46/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Use elseif instead of else ifChristoph Wurst2020-04-101-1/+1
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Unify function spacing to PSR2 recommendationChristoph Wurst2020-04-092-2/+2
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Use exactly one empty line after the namespace declarationChristoph Wurst2020-04-091-0/+1
| | | | | | | | | | | | For PSR2 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Fix (array) indent style to always use one tabChristoph Wurst2020-04-091-4/+4
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Update the license headers for Nextcloud 19Christoph Wurst2020-03-315-2/+5
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Use the short array syntax, everywhereChristoph Wurst2020-03-261-4/+4
|/ | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* fix safari useragent for versions with 3 digitsPavel Krasikov2020-03-141-1/+1
| | | | Signed-off-by: Pavel Krasikov <klonishe@gmail.com>
* Add Argon2id supportRoeland Jago Douma2020-02-071-21/+13
| | | | | | When available we should use argon2id for hashing. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Allow selecting the hashing algorithmRoeland Jago Douma2020-02-031-11/+27
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* ignore values that undershoot the minimum, go with defaultArthur Schiwon2020-01-221-5/+13
| | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* use getSystemValueIntblizzz2020-01-211-3/+3
| | | | | | Co-Authored-By: kesselb <mail@danielkesselberg.de> Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* expose Argon2 options (as we did for bcrypt)Arthur Schiwon2020-01-201-0/+6
| | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* Update license headers for 18Christoph Wurst2019-12-202-0/+2
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* handle IPv6 addresses with an explict incoming interface at the end (e.g ↵Konrad Bucheli2019-12-101-0/+4
| | | | | | | fe80::ae2d:d1e7:fe1e:9a8d%enp2s0) Signed-off-by: Konrad Bucheli <konrad.bucheli@gmx.ch> Signed-off-by: Konrad Bucheli <kb@open.ch>
* Move overwritehost check to isTrustedDomainJulius Härtl2019-12-071-0/+5
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Update license headersChristoph Wurst2019-12-0526-26/+86
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Some php-cs fixesRoeland Jago Douma2019-11-224-5/+6
| | | | | | | | | | | * Order the imports * No leading slash on imports * Empty line before namespace * One line per import * Empty after imports * Emmpty line at bottom of file Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* make TrustedDomainHelper case insensitiveJohannes Koenig2019-10-061-1/+1
| | | | Signed-off-by: Johannes Koenig <mail@jokoenig.de>
* Harden identifyproof openssl codeRoeland Jago Douma2019-09-141-7/+28
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Fix report of phpstan in LimiterRoeland Jago Douma2019-08-191-10/+4
| | | | | | | | * unneeded arguments to constructor * added return types * let automatic DI do its work Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add feature policy headerRoeland Jago Douma2019-08-102-0/+152
| | | | | | | This adds the events and the classes to modify the feature policy. It also adds a default restricted feature policy. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add form-action CSP elementRoeland Jago Douma2019-07-311-0/+9
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* setting unsafe-eval is deprecatedRoeland Jago Douma2019-07-301-0/+2
| | | | | | This will be removed in a future version of Nextcloud. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add support for CSP_NONCE server variableSam Bull2019-07-181-1/+5
| | | | | | | Allow passing a nonce from the web server, allowing the possibility to enforce a strict CSP from the web server. Signed-off-by: Sam Bull <git@sambull.org> Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-06 18:31:39 +0000