aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/Security
Commit message (Collapse)AuthorAgeFilesLines
...
* | Fix typos in lib/private subdirectoryluz paz2022-07-271-1/+1
| | | | | | | | | | | | Found via `codespell -q 3 -S l10n -L jus ./lib/private` Signed-off-by: luz paz <luzpaz@github.com>
* | Only ignore attempts of the same actionJoas Schilling2022-07-071-4/+4
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | Fix detection of firefox in ContentSecurityPolicyNonceManagerCarl Schwan2022-06-291-4/+2
| | | | | | | | | | | | | | | | Reuse Request::USER_AGENT_FIREFOX, and also update the safari detection since safari < 12 is not supported anymore and we can remove a bit of code duplication Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* | Validate requested length is random string generatorVincent Petry2022-05-121-1/+6
| | | | | | | | Signed-off-by: Vincent Petry <vincent@nextcloud.com>
* | Merge pull request #32113 from nextcloud/bugfix/noid/fix-csp-merging-boolsVincent Petry2022-05-052-1/+13
|\ \ | | | | | | Add CSP policy merge priority for booleans
| * | Add CSP policy merge priority for booleansVincent Petry2022-04-012-1/+13
| | | | | | | | | | | | | | | | | | When two booleans conflict when merging CSP policies, true will win. Signed-off-by: Vincent Petry <vincent@nextcloud.com>
* | | Don't inject Bruteforce capability info in the webuiCarl Schwan2022-04-071-1/+2
|/ / | | | | | | | | | | | | This capability do DB access and as far I know is not used by the webui. This remove one DB query for each page load. Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* | Migrate from ILogger to LoggerInterface in lib/privateCôme Chilliet2022-03-243-27/+11
| | | | | | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* | cache the path of the certificate bundleRobin Appelman2022-03-171-7/+15
| | | | | | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* | return default bundle when there is an error getting the bundleRobin Appelman2022-03-141-7/+11
| | | | | | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* | Allow to set a strict-dynamic CSP through the APIJulius Härtl2022-03-091-0/+7
|/ | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Use the new option to signaling insensitivityJoas Schilling2022-02-071-0/+2
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Make the DB query simpler (as we just deleted all other entries)Joas Schilling2022-01-281-3/+0
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Log bruteforce throttle and blockingJoas Schilling2022-01-181-0/+11
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Check style updateCarl Schwan2022-01-131-1/+1
| | | | Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* Don't query the bruteforce attempts when we just deleted themJoas Schilling2021-12-011-2/+6
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Type hint in IpAddress Vincent Petry2021-11-221-3/+2
| | | | | Signed-off-by: Vincent Petry <vincent@nextcloud.com> Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
* Improve normalizer detecting IPv4 inside of IPv6Vincent Petry2021-11-221-2/+42
| | | | | | | The subnet for an IPv4 address inside of IPv6 is now returned in its IPv4 form. Signed-off-by: Vincent Petry <vincent@nextcloud.com>
* Fix getting subnet of ipv4 mapped ipv6 addressesVincent Petry2021-11-221-0/+2
| | | | Signed-off-by: Vincent Petry <vincent@nextcloud.com>
* Add an OCP for trusted domain helperJoas Schilling2021-10-281-13/+19
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Set associative = true for cleanup jobDaniel Kesselberg2021-10-071-1/+1
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Merge pull request #28728 from nextcloud/add-database-backend-limiterLukas Reschke2021-09-134-24/+138
|\ | | | | Add database ratelimiting backend
| * Implement review feedbackLukas Reschke2021-09-131-3/+3
| | | | | | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
| * Apply suggestions from code review Lukas Reschke2021-09-131-7/+5
| | | | | | | | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch> Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com>
| * Implement PR review feedbackLukas Reschke2021-09-072-6/+1
| | | | | | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
| * phpcsLukas Reschke2021-09-061-1/+0
| | | | | | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
| * Adjust logic to store period instead of current timestampLukas Reschke2021-09-064-44/+30
| | | | | | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
| * Add database ratelimiting backendLukas Reschke2021-09-061-0/+136
| | | | | | | | | | | | | | In case no distributed memory cache is specified this adds a database backend for ratelimit purposes. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* | Confirm mails only per POSTArthur Schiwon2021-09-091-0/+4
| | | | | | | | | | | | | | - this is to avoid automatic confirmation by certain softwares that open links Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | add a job to clean up expired verification tokensArthur Schiwon2021-09-092-4/+108
| | | | | | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | move verification token logic out of lost password controllerArthur Schiwon2021-09-091-0/+111
|/ | | | | | | - to make it reusable - needed for local email verification Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* Throw exception if encrypting the data failed.Daniel Kesselberg2021-07-051-6/+16
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Update php licensesJohn Molakvoæ (skjnldsv)2021-06-0427-44/+20
| | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* Merge pull request #26626 from J0WI/strict-securityRoeland Jago Douma2021-05-185-29/+45
|\ | | | | Make Security module strict
| * Make Security module strictJ0WI2021-04-195-29/+45
| | | | | | | | Signed-off-by: J0WI <J0WI@users.noreply.github.com>
* | Merge pull request #25714 from ↵Morris Jobke2021-04-221-3/+19
|\ \ | |/ |/| | | | | nextcloud/fix/23197/explicitly_check_hex2bin_input Explicitly check hex2bin input
| * Explicitly check hex2bin inputRoeland Jago Douma2021-02-181-3/+19
| | | | | | | | | | | | For #23197 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Increase subnet matcherLukas Reschke2021-04-071-2/+2
|/ | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Bump nextcloud/coding-standard from 0.3.0 to 0.5.0dependabot-preview[bot]2021-02-181-1/+1
| | | | | | | | | | Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 0.3.0 to 0.5.0. - [Release notes](https://github.com/nextcloud/coding-standard/releases) - [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md) - [Commits](https://github.com/nextcloud/coding-standard/compare/v0.3.0...v0.5.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Remove unneeded casts that were found by PsalmMorris Jobke2021-01-111-2/+2
| | | | | | In preparation of the update of Psalm from 4.2.1 to 4.3.1+ (see https://github.com/nextcloud/server/pull/24521) Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Update all license headers for Nextcloud 21Christoph Wurst2020-12-165-3/+6
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Avoid checking for brute force protection capabilities when upgradingJulius Härtl2020-12-091-0/+4
| | | | | | This might happen a releases that doesn't have this table yet Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Replace the credentials table with one that can have empty userJoas Schilling2020-11-101-1/+1
| | | | | | Primary key columns on Oracle can not have empty strings Signed-off-by: Joas Schilling <coding@schilljs.com>
* Fix comparing the empty string for global credentialsJoas Schilling2020-11-101-6/+15
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Don't leave cursors open when tests failJoas Schilling2020-11-091-1/+4
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Always return the default path if we canRoeland Jago Douma2020-11-031-0/+28
| | | | | | | | Just check in the certifcate manager. So every part of the system that request the certificatebundle gets the defaullt one (the 99% case) if we can. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Improve CertificateManager to not be user context dependentMorris Jobke2020-11-031-51/+15
| | | | | | | | | * removes the ability for users to import their own certificates (for external storage) * reliably returns the same certificate bundles system wide (and not depending on the user context and available sessions) The user specific certificates were broken in some cases anyways, as they are only loaded if the specific user is logged in and thus causing unexpected behavior for background jobs and other non-user triggered code paths. Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Derive encryption key & MAC key from a single key.lynn-stephenson2020-10-151-7/+15
| | | | Signed-off-by: lynn-stephenson <lynn.stephenson@protonmail.com>
* Limit throttler to 48 hoursRoeland Jago Douma2020-10-081-0/+5
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add cleanup job for old brutefoce attemptsRoeland Jago Douma2020-10-081-0/+55
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-05 10:33:24 +0000