aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/Security
Commit message (Collapse)AuthorAgeFilesLines
* fix(ratelimit): Allow to bypass rate-limit from bruteforce allowlistbackport/50234/stable31Joas Schilling2025-01-272-66/+63
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Merge pull request #49599 from nextcloud/feat/bruteforce-max-attemptsBenjamin Gaussorgues2024-12-061-2/+2
|\
| * chore(bruteforce): allows to configure max attempts before request abortBenjamin Gaussorgues2024-12-031-2/+2
| | | | | | | | Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
* | fix(signed-request): trigger metadata insert with default value manuallyMaxence Lange2024-12-051-1/+2
| | | | | | Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
* | fix(signatory): details on interfacesMaxence Lange2024-12-042-10/+18
| | | | | | Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
* | fix(signed-request): removing unstable from publicMaxence Lange2024-12-042-38/+20
| | | | | | Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
* | fix(ocm): signatory mapperMaxence Lange2024-12-044-66/+84
| | | | | | Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
* | feat(signatory): switch to qbmapperMaxence Lange2024-12-047-413/+304
| | | | | | | | Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
* | fix(ocm): simpler codeMaxence Lange2024-12-044-455/+394
| | | | | | Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
* | fix(ocm): switching to IdentityProofMaxence Lange2024-12-044-309/+45
| | | | | | | | Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
* | feat(ocm): signing ocm requestsMaxence Lange2024-12-047-0/+1715
|/ | | | | Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
* fix(migration): Decrypt ownCloud secrets v2Christoph Wurst2024-11-281-3/+29
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* fix(security): Handle IPv6 zone IDs used in link-local addressesJosh2024-10-311-1/+2
| | | Signed-off-by: Josh <josh.t.richards@gmail.com>
* fix(security): Handle IPv6 zone IDs used in link-local addressesJosh2024-10-311-2/+3
| | | Signed-off-by: Josh <josh.t.richards@gmail.com>
* chore(deps): Bump nextcloud/coding-standard in /vendor-bin/cs-fixerdependabot/composer/vendor-bin/cs-fixer/nextcloud/coding-standard-1.3.2dependabot[bot]2024-10-192-2/+2
| | | | | | | | | | | | | | | | | Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 1.3.1 to 1.3.2. - [Release notes](https://github.com/nextcloud/coding-standard/releases) - [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md) - [Commits](https://github.com/nextcloud/coding-standard/compare/v1.3.1...v1.3.2) --- updated-dependencies: - dependency-name: nextcloud/coding-standard dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: provokateurin <kate@provokateurin.de>
* Merge pull request #47329 from nextcloud/feat/add-datetime-qbmapper-supportFerdinand Thiessen2024-10-181-2/+2
|\ | | | | feat(AppFramework): Add full support for date / time / datetime columns
| * fix: Prevent breaking change in IQueryBuilderFerdinand Thiessen2024-10-171-2/+2
| | | | | | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
| * fix: Adjust parameter type usage and add SQLite supportFerdinand Thiessen2024-10-171-2/+2
| | | | | | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* | chore(db): Apply query prepared statementsdbQueriesExecStmt2Git'Fellow2024-10-171-3/+3
|/ | | | | | | | | | | | | | | | Fix: psalm fix: bad file fix: bug chore: add batch chore: add batch chore: add batch fix: psalm
* chore(db): Correctly apply query typesGit'Fellow2024-10-171-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | fix: psalm fix: error fix: add batch fix: fatal error fix: add batch chore: add batch chore: add batch fix: psalm fix: typo fix: psalm fix: return bool fix: revert Manager
* fix(BackgroundJobs): Adjust intervals and time sensitivitiesprovokateurin2024-10-081-3/+2
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* fix: gracefully parse non-standard trusted certificatesfix/gracefully-parse-trusted-certificatesRichard Steinmetz2024-09-241-0/+10
| | | | Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
* chore(deps): Update nextcloud/coding-standard to v1.3.1provokateurin2024-09-197-17/+17
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* refactor: Replace __CLASS__ with ::class referencesrefactor/self-class-referenceChristoph Wurst2024-09-152-2/+2
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* chore: adjust code to adhere to coding standardAnna Larch2024-09-051-1/+1
| | | | Signed-off-by: Anna Larch <anna@nextcloud.com>
* style: update codestyle for coding-standard 1.2.3Daniel Kesselberg2024-08-255-6/+6
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* feat: Provide CSP nonce as `<meta>` elementFerdinand Thiessen2024-08-131-1/+2
| | | | | | | | This way we use the CSP nonce for dynamically loaded scripts. Important to notice: The CSP nonce must NOT be injected in `content` as this can lead to value exfiltration using e.g. side-channel attacts (CSS selectors). Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* fix: Make sure CSP nonce is not double base64 encodedFerdinand Thiessen2024-08-131-1/+4
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* Merge pull request #46571 from nextcloud/chore/migrate-to-filenamevalidatorStephan Orbaugh2024-07-221-14/+15
|\ | | | | refactor: Migrate some legacy and core functions to `IFilenameValidator`
| * refactor: Migrate some legacy and core functions to `IFilenameValidator`Ferdinand Thiessen2024-07-191-14/+15
| | | | | | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* | feat(Security): add Factory for IP addresses and rangesBenjamin Gaussorgues2024-07-191-0/+23
| | | | | | | | Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
* | feat(security): Add public API to allow validating IP Ranges and checking ↵Joas Schilling2024-07-194-64/+158
| | | | | | | | | | | | | | for "in range" Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
* | feat(security): restrict admin actions to IP rangesBenjamin Gaussorgues2024-07-191-0/+64
|/ | | | Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
* chore: More explicit splitHash typingChristopher Ng2024-07-041-1/+1
| | | | Signed-off-by: Christopher Ng <chrng8@gmail.com>
* feat: Add method to validate an IHasher hashChristopher Ng2024-07-041-0/+14
| | | | Signed-off-by: Christopher Ng <chrng8@gmail.com>
* fix: don't use custom certificate bundle if no customer certificates are ↵Robin Appelman2024-06-141-9/+9
| | | | | | configured Signed-off-by: Robin Appelman <robin@icewind.nl>
* Merge branch 'master' into refactor/OC-Server-getSecureRandomJohn Molakvoæ2024-05-3034-1159/+245
|\ | | | | Signed-off-by: John Molakvoæ <skjnldsv@users.noreply.github.com>
| * chore: Add SPDX headerAndy Scherzinger2024-05-2434-734/+82
| | | | | | | | Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
| * fix: Correctly check result of functionJoas Schilling2024-05-151-2/+2
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
| * fix(CSP): Add CSP nonce by default and convert `browserSupportsCspV3` to ↵Ferdinand Thiessen2024-03-261-8/+5
| | | | | | | | | | | | blocklist Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
| * Refactor `OC\Server::getHasher`Andrew Summers2024-03-151-2/+2
| | | | | | | | Signed-off-by: Andrew Summers <18727110+summersab@users.noreply.github.com>
| * fix: Add edge as supported user agent for CSPv3 noncesJulius Härtl2024-03-081-0/+1
| | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
| * fix(security): Handle idn_to_utf8 returning falseJoas Schilling2023-12-041-0/+4
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
| * chore: apply changes from Nextcloud coding standards 1.1.1Joas Schilling2023-11-233-5/+5
| | | | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
| * feat(ContentSecurityPolicy): Allow to set `strict-dynamic` on ↵Ferdinand Thiessen2023-11-171-0/+8
| | | | | | | | | | | | | | | | | | `script-src-elem` only This adds the possibility to set `strict-dynamic` on `script-src-elem` only while keep the default rules for `script-src`. The idea is to allow loading module js which imports other files and thus does not allow nonces on import but on the initial script tag. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
| * Simplify IP address normalizer with IP masksBenjamin Gaussorgues2023-11-081-54/+15
| | | | | | | | | | | | Remove dead code Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
| * Refactors lib/private/Security.Faraz Samapoor2023-09-2710-201/+65
| | | | | | | | | | | | Mainly using PHP8's constructor property promotion. Signed-off-by: Faraz Samapoor <fsa@adlas.at>
| * Merge pull request #39013 from fsamapoor/refactor_lib_private_security_part3Robin Appelman2023-09-229-152/+53
| |\ | | | | | | [3/3] Refactors lib/private/Security
| | * Update lib/private/Security/Certificate.phpFaraz Samapoor2023-09-211-1/+0
| | | | | | | | | | | | Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com> Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>
| | * Updates the typed properties.Faraz Samapoor2023-09-211-4/+4
| | | | | | | | | | | | | | | | | | | | | Based on: https://github.com/nextcloud/server/pull/39013#discussion_r1242340826 Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com> Signed-off-by: Faraz Samapoor <fsa@adlas.at>
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-25 15:16:07 +0000