aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/Security
Commit message (Collapse)AuthorAgeFilesLines
...
* Prefer typed event over string based onesMorris Jobke2020-08-102-2/+2
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Merge pull request #20005 from joeried/occ-remove-bruteforce-attempts-by-ipMorris Jobke2020-05-251-6/+29
|\ | | | | Implement occ command to reset bruteforce attemps from a given IP address
| * Fix code styleMorris Jobke2020-05-251-1/+1
| | | | | | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
| * Implement occ command security:bruteforceattemps:reset-for-ipJohannes Riedel2020-03-191-6/+29
| | | | | | | | Signed-off-by: Johannes Riedel <joeried@users.noreply.github.com>
* | Use random_bytesRoeland Jago Douma2020-05-111-7/+13
| | | | | | | | | | | | | | Since we don't care if it is human readbale. The code is backwards compatible with the old format. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Apply Argon2 options for Argon2id hashing as wellMichaIng2020-05-011-1/+1
| | | | | | Signed-off-by: MichaIng <micha@dietpi.com>
* | Fix Argon2 options checksMichaIng2020-04-301-10/+5
| | | | | | | | | | | | | | | | | | | | | | The minimum for memory cost is 8 KiB per thread. Threads must be checked and set first to allow checking against the correct memory cost mimimum. Options are now applied the following way: - If config.php contains the setting with an integer higher or equal to the minimum, it is applied. - If config.php contains the setting with an integer lower than the minimum, the minimum is applied. - If config.php does not contain the setting or with no integer value, the PHP default is applied. Signed-off-by: MichaIng <micha@dietpi.com> Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Update license headers for 19Christoph Wurst2020-04-2915-1/+16
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | fix credentialsManager documentation and ensure userId to be used as stringArthur Schiwon2020-04-151-6/+6
| | | | | | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | Add visibility to all constantsChristoph Wurst2020-04-102-2/+2
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Format control structures, classes, methods and functionChristoph Wurst2020-04-1018-46/+37
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Use elseif instead of else ifChristoph Wurst2020-04-101-1/+1
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Unify function spacing to PSR2 recommendationChristoph Wurst2020-04-092-2/+2
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Use exactly one empty line after the namespace declarationChristoph Wurst2020-04-091-0/+1
| | | | | | | | | | | | For PSR2 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Fix (array) indent style to always use one tabChristoph Wurst2020-04-091-4/+4
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Update the license headers for Nextcloud 19Christoph Wurst2020-03-315-2/+5
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Use the short array syntax, everywhereChristoph Wurst2020-03-261-4/+4
|/ | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* fix safari useragent for versions with 3 digitsPavel Krasikov2020-03-141-1/+1
| | | | Signed-off-by: Pavel Krasikov <klonishe@gmail.com>
* Add Argon2id supportRoeland Jago Douma2020-02-071-21/+13
| | | | | | When available we should use argon2id for hashing. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Allow selecting the hashing algorithmRoeland Jago Douma2020-02-031-11/+27
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* ignore values that undershoot the minimum, go with defaultArthur Schiwon2020-01-221-5/+13
| | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* use getSystemValueIntblizzz2020-01-211-3/+3
| | | | | | Co-Authored-By: kesselb <mail@danielkesselberg.de> Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* expose Argon2 options (as we did for bcrypt)Arthur Schiwon2020-01-201-0/+6
| | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* Update license headers for 18Christoph Wurst2019-12-202-0/+2
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* handle IPv6 addresses with an explict incoming interface at the end (e.g ↵Konrad Bucheli2019-12-101-0/+4
| | | | | | | fe80::ae2d:d1e7:fe1e:9a8d%enp2s0) Signed-off-by: Konrad Bucheli <konrad.bucheli@gmx.ch> Signed-off-by: Konrad Bucheli <kb@open.ch>
* Move overwritehost check to isTrustedDomainJulius Härtl2019-12-071-0/+5
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Update license headersChristoph Wurst2019-12-0526-26/+86
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Some php-cs fixesRoeland Jago Douma2019-11-224-5/+6
| | | | | | | | | | | * Order the imports * No leading slash on imports * Empty line before namespace * One line per import * Empty after imports * Emmpty line at bottom of file Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* make TrustedDomainHelper case insensitiveJohannes Koenig2019-10-061-1/+1
| | | | Signed-off-by: Johannes Koenig <mail@jokoenig.de>
* Harden identifyproof openssl codeRoeland Jago Douma2019-09-141-7/+28
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Fix report of phpstan in LimiterRoeland Jago Douma2019-08-191-10/+4
| | | | | | | | * unneeded arguments to constructor * added return types * let automatic DI do its work Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add feature policy headerRoeland Jago Douma2019-08-102-0/+152
| | | | | | | This adds the events and the classes to modify the feature policy. It also adds a default restricted feature policy. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add form-action CSP elementRoeland Jago Douma2019-07-311-0/+9
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* setting unsafe-eval is deprecatedRoeland Jago Douma2019-07-301-0/+2
| | | | | | This will be removed in a future version of Nextcloud. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add support for CSP_NONCE server variableSam Bull2019-07-181-1/+5
| | | | | | | Allow passing a nonce from the web server, allowing the possibility to enforce a strict CSP from the web server. Signed-off-by: Sam Bull <git@sambull.org> Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add an event to edit the CSPRoeland Jago Douma2019-07-081-0/+12
| | | | | | | | This introduces and event that can be listend to when we actually use the CSP. This means that apps no longer have to always inject their CSP but only do so when it is required. Yay for being lazy. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Merge pull request #13327 from ↵Morris Jobke2019-03-061-0/+3
|\ | | | | | | | | nextcloud/allow-bracket-notation-for-remove-ipv6-address Allow bracket IPv6 address format inside IPAdress Normalizer
| * Allow bracket IPv6 address format inside IPAdress NormalizerThomas Citharel2019-01-031-0/+3
| | | | | | | | | | | | When run with php's build-in server (for instance on localhost:8080), IP provided through $this->server['REMOTE_ADDR'] is [::1], which is not an acceptable format for \inet_pton. This removes the brackets if there's any. Signed-off-by: Thomas Citharel <tcit@tcit.fr>
* | Fix the thorrtler whitelist bitmaskRoeland Jago Douma2019-02-111-2/+4
|/ | | | | | Before we actually didn't check each bit of the bitmask. Now we do. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Remove deprecated functions from SecureRandomRoeland Jago Douma2018-12-071-28/+0
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Throw exception if decryption failsRoeland Jago Douma2018-11-141-4/+10
| | | | | | For #11868 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Merge pull request #11914 from nextcloud/csp/report-uriMorris Jobke2018-10-231-0/+8
|\ | | | | Add report-uri to CSP
| * Add report-uri to CSPRoeland Jago Douma2018-10-211-0/+8
| | | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Add nonce for Safari 12+Roeland Jago Douma2018-10-211-0/+2
|/ | | | | | As far as I can tell this should work now. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Deprecate the childSrc functionsRoeland Jago Douma2018-09-041-0/+2
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add workerSrc to CSPRoeland Jago Douma2018-09-041-0/+8
| | | | | | | | | Fixes #11035 Since the child-src directive is deprecated (we should kill it at some point) we need to have the proper worker-src available Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Fix #9864: Decrease $maxDelay in Throttler.phpMark Berezovsky2018-06-151-1/+1
| | | | Signed-off-by: Mark Berezovsky <xpnf@yandex.ru>
* Add ARGON2I support to the hasherRoeland Jago Douma2018-04-041-9/+36
| | | | | | | | | When on php7.2 we can use the new and improved ARGON2I hashing. This adds support for that to the hasher. When verifying an old hash we'll update rehash to move all hashes eventually to the new hash function. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Make \OC\Security\IdentityProof strictRoeland Jago Douma2018-03-053-10/+13
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Merge pull request #8659 from nextcloud/csrf_token_strictRoeland Jago Douma2018-03-054-13/+17
|\ | | | | Make \OC\Security\CSRF strict
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-01 00:43:35 +0000