summaryrefslogtreecommitdiffstats
path: root/lib/private/Security
Commit message (Collapse)AuthorAgeFilesLines
* Use random_bytesRoeland Jago Douma2020-05-111-7/+13
| | | | | | | Since we don't care if it is human readbale. The code is backwards compatible with the old format. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Fix Argon2 options checksMichaIng2020-05-011-10/+5
| | | | | | | | | | | The minimum for memory cost is 8 KiB per thread. Threads must be checked and set first to allow checking against the correct memory cost mimimum. Options are now applied the following way: - If config.php contains the setting with an integer higher or equal to the minimum, it is applied. - If config.php contains the setting with an integer lower than the minimum, the minimum is applied. - If config.php does not contain the setting or with no integer value, the PHP default is applied. Signed-off-by: MichaIng <micha@dietpi.com> Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* fix credentialsManager documentation and ensure userId to be used as stringArthur Schiwon2020-04-161-6/+6
| | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* fix safari useragent for versions with 3 digitsPavel Krasikov2020-03-151-1/+1
| | | | Signed-off-by: Pavel Krasikov <klonishe@gmail.com>
* Allow selecting the hashing algorithmRoeland Jago Douma2020-02-041-11/+27
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* ignore values that undershoot the minimum, go with defaultArthur Schiwon2020-01-231-5/+13
| | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* use getSystemValueIntblizzz2020-01-231-3/+3
| | | | | | Co-Authored-By: kesselb <mail@danielkesselberg.de> Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* expose Argon2 options (as we did for bcrypt)Arthur Schiwon2020-01-231-0/+6
| | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* Update license headers for 18Christoph Wurst2019-12-202-0/+2
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* handle IPv6 addresses with an explict incoming interface at the end (e.g ↵Konrad Bucheli2019-12-101-0/+4
| | | | | | | fe80::ae2d:d1e7:fe1e:9a8d%enp2s0) Signed-off-by: Konrad Bucheli <konrad.bucheli@gmx.ch> Signed-off-by: Konrad Bucheli <kb@open.ch>
* Move overwritehost check to isTrustedDomainJulius Härtl2019-12-071-0/+5
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Update license headersChristoph Wurst2019-12-0526-26/+86
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Some php-cs fixesRoeland Jago Douma2019-11-224-5/+6
| | | | | | | | | | | * Order the imports * No leading slash on imports * Empty line before namespace * One line per import * Empty after imports * Emmpty line at bottom of file Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* make TrustedDomainHelper case insensitiveJohannes Koenig2019-10-061-1/+1
| | | | Signed-off-by: Johannes Koenig <mail@jokoenig.de>
* Harden identifyproof openssl codeRoeland Jago Douma2019-09-141-7/+28
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Fix report of phpstan in LimiterRoeland Jago Douma2019-08-191-10/+4
| | | | | | | | * unneeded arguments to constructor * added return types * let automatic DI do its work Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add feature policy headerRoeland Jago Douma2019-08-102-0/+152
| | | | | | | This adds the events and the classes to modify the feature policy. It also adds a default restricted feature policy. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add form-action CSP elementRoeland Jago Douma2019-07-311-0/+9
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* setting unsafe-eval is deprecatedRoeland Jago Douma2019-07-301-0/+2
| | | | | | This will be removed in a future version of Nextcloud. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add support for CSP_NONCE server variableSam Bull2019-07-181-1/+5
| | | | | | | Allow passing a nonce from the web server, allowing the possibility to enforce a strict CSP from the web server. Signed-off-by: Sam Bull <git@sambull.org> Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add an event to edit the CSPRoeland Jago Douma2019-07-081-0/+12
| | | | | | | | This introduces and event that can be listend to when we actually use the CSP. This means that apps no longer have to always inject their CSP but only do so when it is required. Yay for being lazy. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Merge pull request #13327 from ↵Morris Jobke2019-03-061-0/+3
|\ | | | | | | | | nextcloud/allow-bracket-notation-for-remove-ipv6-address Allow bracket IPv6 address format inside IPAdress Normalizer
| * Allow bracket IPv6 address format inside IPAdress NormalizerThomas Citharel2019-01-031-0/+3
| | | | | | | | | | | | When run with php's build-in server (for instance on localhost:8080), IP provided through $this->server['REMOTE_ADDR'] is [::1], which is not an acceptable format for \inet_pton. This removes the brackets if there's any. Signed-off-by: Thomas Citharel <tcit@tcit.fr>
* | Fix the thorrtler whitelist bitmaskRoeland Jago Douma2019-02-111-2/+4
|/ | | | | | Before we actually didn't check each bit of the bitmask. Now we do. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Remove deprecated functions from SecureRandomRoeland Jago Douma2018-12-071-28/+0
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Throw exception if decryption failsRoeland Jago Douma2018-11-141-4/+10
| | | | | | For #11868 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Merge pull request #11914 from nextcloud/csp/report-uriMorris Jobke2018-10-231-0/+8
|\ | | | | Add report-uri to CSP
| * Add report-uri to CSPRoeland Jago Douma2018-10-211-0/+8
| | | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Add nonce for Safari 12+Roeland Jago Douma2018-10-211-0/+2
|/ | | | | | As far as I can tell this should work now. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Deprecate the childSrc functionsRoeland Jago Douma2018-09-041-0/+2
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add workerSrc to CSPRoeland Jago Douma2018-09-041-0/+8
| | | | | | | | | Fixes #11035 Since the child-src directive is deprecated (we should kill it at some point) we need to have the proper worker-src available Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Fix #9864: Decrease $maxDelay in Throttler.phpMark Berezovsky2018-06-151-1/+1
| | | | Signed-off-by: Mark Berezovsky <xpnf@yandex.ru>
* Add ARGON2I support to the hasherRoeland Jago Douma2018-04-041-9/+36
| | | | | | | | | When on php7.2 we can use the new and improved ARGON2I hashing. This adds support for that to the hasher. When verifying an old hash we'll update rehash to move all hashes eventually to the new hash function. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Make \OC\Security\IdentityProof strictRoeland Jago Douma2018-03-053-10/+13
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Merge pull request #8659 from nextcloud/csrf_token_strictRoeland Jago Douma2018-03-054-13/+17
|\ | | | | Make \OC\Security\CSRF strict
| * Make \OC\Security\CSRF strictRoeland Jago Douma2018-03-054-13/+17
| | | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Make OC\Security\CSP strictRoeland Jago Douma2018-03-053-30/+33
|/ | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Return value immediately instead of assigning to a one-time variableMorris Jobke2018-01-261-3/+1
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Make OCP\Security stricterRoeland Jago Douma2018-01-162-11/+13
| | | | | | | | | | | * Add typehints * Add return types * Opcode opts from phpstorm * Made strict * Fixed tests: No need to test bogus values anymore strict typing fixes this Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Merge pull request #7850 from nextcloud/strict_ipaddressMorris Jobke2018-01-141-8/+8
|\ | | | | Make IPAddress typed and strict
| * Make IPAddress typed and strictRoeland Jago Douma2018-01-141-8/+8
| | | | | | | | | | | | | | | | * Added scalar typehints * Added return statements * Added strict declaration Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Merge pull request #7852 from nextcloud/strict_ratelimitingMorris Jobke2018-01-144-30/+39
|\ \ | | | | | | Make OC\Security\RateLimiting strict
| * | Make OC\Security\RateLimiting strictRoeland Jago Douma2018-01-144-30/+39
| |/ | | | | | | | | | | | | | | | | * Add return types * Add scalar argument types * Made strict * Cleaned up phpstorm inspections Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Fix testsRoeland Jago Douma2018-01-141-2/+1
| | | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Strict ISecure randomRoeland Jago Douma2018-01-131-3/+5
|/ | | | | | | | | * Declare strict * Scalar arguments * Return type * Use fully qualified name for strlen Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Adds type hinting for scalar types in ICrypto->decryptMorris Jobke2018-01-131-1/+1
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Also replace all other occurencesMorris Jobke2017-12-181-1/+1
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Reset bruteforce attempt table on successful loginMorris Jobke2017-11-241-0/+27
| | | | | | * only clear the entries that come from the same subnet, same action and same metadata Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Update license headersMorris Jobke2017-11-0617-0/+34
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Add CSP frame-ancestors supportThomas Citharel2017-09-151-0/+14
| | | | | | Didn't set the @since annotation yet. Signed-off-by: Thomas Citharel <tcit@tcit.fr>
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-08 08:50:42 +0000