aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/Security
Commit message (Collapse)AuthorAgeFilesLines
...
| * Mark method as deprecatedCarl Schwan2022-09-131-1/+0
| | | | | | | | Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com> Signed-off-by: Carl Schwan <carl@carlschwan.eu>
| * Fix decryption fallback after adding a secretJulius Härtl2022-03-101-5/+10
| | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
| * Add fallback routines for empty secret casesJulius Härtl2022-03-103-2/+25
| | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* | Port existing server code to new interfaceCarl Schwan2022-08-081-19/+12
| | | | | | | | Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* | Add a public interface for the bruteforce throttler and register for injectionJoas Schilling2022-07-281-5/+3
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | Fix typos in lib/private subdirectoryluz paz2022-07-271-1/+1
| | | | | | | | | | | | Found via `codespell -q 3 -S l10n -L jus ./lib/private` Signed-off-by: luz paz <luzpaz@github.com>
* | Only ignore attempts of the same actionJoas Schilling2022-07-071-4/+4
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | Fix detection of firefox in ContentSecurityPolicyNonceManagerCarl Schwan2022-06-291-4/+2
| | | | | | | | | | | | | | | | Reuse Request::USER_AGENT_FIREFOX, and also update the safari detection since safari < 12 is not supported anymore and we can remove a bit of code duplication Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* | Validate requested length is random string generatorVincent Petry2022-05-121-1/+6
| | | | | | | | Signed-off-by: Vincent Petry <vincent@nextcloud.com>
* | Merge pull request #32113 from nextcloud/bugfix/noid/fix-csp-merging-boolsVincent Petry2022-05-052-1/+13
|\ \ | | | | | | Add CSP policy merge priority for booleans
| * | Add CSP policy merge priority for booleansVincent Petry2022-04-012-1/+13
| | | | | | | | | | | | | | | | | | When two booleans conflict when merging CSP policies, true will win. Signed-off-by: Vincent Petry <vincent@nextcloud.com>
* | | Don't inject Bruteforce capability info in the webuiCarl Schwan2022-04-071-1/+2
|/ / | | | | | | | | | | | | This capability do DB access and as far I know is not used by the webui. This remove one DB query for each page load. Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* | Migrate from ILogger to LoggerInterface in lib/privateCôme Chilliet2022-03-243-27/+11
| | | | | | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* | cache the path of the certificate bundleRobin Appelman2022-03-171-7/+15
| | | | | | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* | return default bundle when there is an error getting the bundleRobin Appelman2022-03-141-7/+11
| | | | | | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* | Allow to set a strict-dynamic CSP through the APIJulius Härtl2022-03-091-0/+7
|/ | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Use the new option to signaling insensitivityJoas Schilling2022-02-071-0/+2
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Make the DB query simpler (as we just deleted all other entries)Joas Schilling2022-01-281-3/+0
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Log bruteforce throttle and blockingJoas Schilling2022-01-181-0/+11
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Check style updateCarl Schwan2022-01-131-1/+1
| | | | Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* Don't query the bruteforce attempts when we just deleted themJoas Schilling2021-12-011-2/+6
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Type hint in IpAddress Vincent Petry2021-11-221-3/+2
| | | | | Signed-off-by: Vincent Petry <vincent@nextcloud.com> Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
* Improve normalizer detecting IPv4 inside of IPv6Vincent Petry2021-11-221-2/+42
| | | | | | | The subnet for an IPv4 address inside of IPv6 is now returned in its IPv4 form. Signed-off-by: Vincent Petry <vincent@nextcloud.com>
* Fix getting subnet of ipv4 mapped ipv6 addressesVincent Petry2021-11-221-0/+2
| | | | Signed-off-by: Vincent Petry <vincent@nextcloud.com>
* Add an OCP for trusted domain helperJoas Schilling2021-10-281-13/+19
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Set associative = true for cleanup jobDaniel Kesselberg2021-10-071-1/+1
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Merge pull request #28728 from nextcloud/add-database-backend-limiterLukas Reschke2021-09-134-24/+138
|\ | | | | Add database ratelimiting backend
| * Implement review feedbackLukas Reschke2021-09-131-3/+3
| | | | | | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
| * Apply suggestions from code review Lukas Reschke2021-09-131-7/+5
| | | | | | | | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch> Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com>
| * Implement PR review feedbackLukas Reschke2021-09-072-6/+1
| | | | | | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
| * phpcsLukas Reschke2021-09-061-1/+0
| | | | | | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
| * Adjust logic to store period instead of current timestampLukas Reschke2021-09-064-44/+30
| | | | | | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
| * Add database ratelimiting backendLukas Reschke2021-09-061-0/+136
| | | | | | | | | | | | | | In case no distributed memory cache is specified this adds a database backend for ratelimit purposes. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* | Confirm mails only per POSTArthur Schiwon2021-09-091-0/+4
| | | | | | | | | | | | | | - this is to avoid automatic confirmation by certain softwares that open links Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | add a job to clean up expired verification tokensArthur Schiwon2021-09-092-4/+108
| | | | | | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | move verification token logic out of lost password controllerArthur Schiwon2021-09-091-0/+111
|/ | | | | | | - to make it reusable - needed for local email verification Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* Throw exception if encrypting the data failed.Daniel Kesselberg2021-07-051-6/+16
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Update php licensesJohn Molakvoæ (skjnldsv)2021-06-0427-44/+20
| | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* Merge pull request #26626 from J0WI/strict-securityRoeland Jago Douma2021-05-185-29/+45
|\ | | | | Make Security module strict
| * Make Security module strictJ0WI2021-04-195-29/+45
| | | | | | | | Signed-off-by: J0WI <J0WI@users.noreply.github.com>
* | Merge pull request #25714 from ↵Morris Jobke2021-04-221-3/+19
|\ \ | |/ |/| | | | | nextcloud/fix/23197/explicitly_check_hex2bin_input Explicitly check hex2bin input
| * Explicitly check hex2bin inputRoeland Jago Douma2021-02-181-3/+19
| | | | | | | | | | | | For #23197 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Increase subnet matcherLukas Reschke2021-04-071-2/+2
|/ | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Bump nextcloud/coding-standard from 0.3.0 to 0.5.0dependabot-preview[bot]2021-02-181-1/+1
| | | | | | | | | | Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 0.3.0 to 0.5.0. - [Release notes](https://github.com/nextcloud/coding-standard/releases) - [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md) - [Commits](https://github.com/nextcloud/coding-standard/compare/v0.3.0...v0.5.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Remove unneeded casts that were found by PsalmMorris Jobke2021-01-111-2/+2
| | | | | | In preparation of the update of Psalm from 4.2.1 to 4.3.1+ (see https://github.com/nextcloud/server/pull/24521) Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Update all license headers for Nextcloud 21Christoph Wurst2020-12-165-3/+6
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Avoid checking for brute force protection capabilities when upgradingJulius Härtl2020-12-091-0/+4
| | | | | | This might happen a releases that doesn't have this table yet Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Replace the credentials table with one that can have empty userJoas Schilling2020-11-101-1/+1
| | | | | | Primary key columns on Oracle can not have empty strings Signed-off-by: Joas Schilling <coding@schilljs.com>
* Fix comparing the empty string for global credentialsJoas Schilling2020-11-101-6/+15
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Don't leave cursors open when tests failJoas Schilling2020-11-091-1/+4
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-12 04:32:08 +0000