summaryrefslogtreecommitdiffstats
path: root/lib/private/Security
Commit message (Collapse)AuthorAgeFilesLines
* fix: Make bypass function public APIJoas Schilling2023-08-232-7/+8
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* feat: Expose if the own IP is allowed to bypass bruteforce protectionJoas Schilling2023-08-232-22/+12
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* feat(security): Add a "testing mode" for bruteforce protection that doesn't ↵Joas Schilling2023-08-231-2/+6
| | | | | | sleep Signed-off-by: Joas Schilling <coding@schilljs.com>
* feat(security): Add a bruteforce protection backend base on memcacheJoas Schilling2023-08-234-126/+430
| | | | | | Similar to the ratelimit backend Signed-off-by: Joas Schilling <coding@schilljs.com>
* log failures to read certificates during listingRobin Appelman2023-07-101-1/+7
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* Merge pull request #35092 from Messj1/bugfix/type-error-cert-manager-cache-pathJohn Molakvoæ2023-05-041-5/+12
|\
| * [BUGFIX] throw exception instead of error if unable to create file handler ↵Jan Messer2023-04-061-0/+4
| | | | | | | | | | | | (only exceptions are catch) Signed-off-by: Jan Messer <jan@mtec-studios.ch>
| * [BUGFIX] check return value and improve error handlingJan Messer2023-04-061-5/+8
| | | | | | | | | | | | | | With S3 primary storage there was a problem with getting the CA bundle from the storage without having the CA bundle for the connection which causes that the CertificateManager was throwing an Error. This commit improves the handling in CertificateManager and log unexpected behaviors. Signed-off-by: Jan Messer <jan@mtec-studios.ch>
* | Use typed version of IConfig::getSystemValue as much as possibleCôme Chilliet2023-04-056-10/+10
|/ | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Merge pull request #36836 from nextcloud/fix/view-type-cleanupCôme Chilliet2023-04-051-20/+10
|\ | | | | Tidy up typing in OC\Files\View
| * Fix return type of methods returning false on errorCôme Chilliet2023-04-031-20/+10
| | | | | | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* | feat(security): Allow to opt-out of ratelimit protection, e.g. for testing on CIJoas Schilling2023-04-032-12/+29
|/ | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* composer run cs:fixCôme Chilliet2023-01-201-1/+0
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Add remote host validation APIChristoph Wurst2022-10-311-0/+76
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add rate limiting on lost password emailsCôme Chilliet2022-10-181-3/+3
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Merge pull request #31499 from nextcloud/bugfix/empty-secretCarl Schwan2022-10-173-4/+31
|\ | | | | Add fallback routines for empty secret cases
| * Mark method as deprecatedCarl Schwan2022-09-131-1/+0
| | | | | | | | Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com> Signed-off-by: Carl Schwan <carl@carlschwan.eu>
| * Fix decryption fallback after adding a secretJulius Härtl2022-03-101-5/+10
| | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
| * Add fallback routines for empty secret casesJulius Härtl2022-03-103-2/+25
| | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* | Port existing server code to new interfaceCarl Schwan2022-08-081-19/+12
| | | | | | | | Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* | Add a public interface for the bruteforce throttler and register for injectionJoas Schilling2022-07-281-5/+3
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | Fix typos in lib/private subdirectoryluz paz2022-07-271-1/+1
| | | | | | | | | | | | Found via `codespell -q 3 -S l10n -L jus ./lib/private` Signed-off-by: luz paz <luzpaz@github.com>
* | Only ignore attempts of the same actionJoas Schilling2022-07-071-4/+4
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | Fix detection of firefox in ContentSecurityPolicyNonceManagerCarl Schwan2022-06-291-4/+2
| | | | | | | | | | | | | | | | Reuse Request::USER_AGENT_FIREFOX, and also update the safari detection since safari < 12 is not supported anymore and we can remove a bit of code duplication Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* | Validate requested length is random string generatorVincent Petry2022-05-121-1/+6
| | | | | | | | Signed-off-by: Vincent Petry <vincent@nextcloud.com>
* | Merge pull request #32113 from nextcloud/bugfix/noid/fix-csp-merging-boolsVincent Petry2022-05-052-1/+13
|\ \ | | | | | | Add CSP policy merge priority for booleans
| * | Add CSP policy merge priority for booleansVincent Petry2022-04-012-1/+13
| | | | | | | | | | | | | | | | | | When two booleans conflict when merging CSP policies, true will win. Signed-off-by: Vincent Petry <vincent@nextcloud.com>
* | | Don't inject Bruteforce capability info in the webuiCarl Schwan2022-04-071-1/+2
|/ / | | | | | | | | | | | | This capability do DB access and as far I know is not used by the webui. This remove one DB query for each page load. Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* | Migrate from ILogger to LoggerInterface in lib/privateCôme Chilliet2022-03-243-27/+11
| | | | | | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* | cache the path of the certificate bundleRobin Appelman2022-03-171-7/+15
| | | | | | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* | return default bundle when there is an error getting the bundleRobin Appelman2022-03-141-7/+11
| | | | | | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* | Allow to set a strict-dynamic CSP through the APIJulius Härtl2022-03-091-0/+7
|/ | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Use the new option to signaling insensitivityJoas Schilling2022-02-071-0/+2
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Make the DB query simpler (as we just deleted all other entries)Joas Schilling2022-01-281-3/+0
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Log bruteforce throttle and blockingJoas Schilling2022-01-181-0/+11
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Check style updateCarl Schwan2022-01-131-1/+1
| | | | Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* Don't query the bruteforce attempts when we just deleted themJoas Schilling2021-12-011-2/+6
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Type hint in IpAddress Vincent Petry2021-11-221-3/+2
| | | | | Signed-off-by: Vincent Petry <vincent@nextcloud.com> Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
* Improve normalizer detecting IPv4 inside of IPv6Vincent Petry2021-11-221-2/+42
| | | | | | | The subnet for an IPv4 address inside of IPv6 is now returned in its IPv4 form. Signed-off-by: Vincent Petry <vincent@nextcloud.com>
* Fix getting subnet of ipv4 mapped ipv6 addressesVincent Petry2021-11-221-0/+2
| | | | Signed-off-by: Vincent Petry <vincent@nextcloud.com>
* Add an OCP for trusted domain helperJoas Schilling2021-10-281-13/+19
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Set associative = true for cleanup jobDaniel Kesselberg2021-10-071-1/+1
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Merge pull request #28728 from nextcloud/add-database-backend-limiterLukas Reschke2021-09-134-24/+138
|\ | | | | Add database ratelimiting backend
| * Implement review feedbackLukas Reschke2021-09-131-3/+3
| | | | | | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
| * Apply suggestions from code review Lukas Reschke2021-09-131-7/+5
| | | | | | | | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch> Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com>
| * Implement PR review feedbackLukas Reschke2021-09-072-6/+1
| | | | | | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
| * phpcsLukas Reschke2021-09-061-1/+0
| | | | | | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
| * Adjust logic to store period instead of current timestampLukas Reschke2021-09-064-44/+30
| | | | | | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
| * Add database ratelimiting backendLukas Reschke2021-09-061-0/+136
| | | | | | | | | | | | | | In case no distributed memory cache is specified this adds a database backend for ratelimit purposes. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* | Confirm mails only per POSTArthur Schiwon2021-09-091-0/+4
| | | | | | | | | | | | | | - this is to avoid automatic confirmation by certain softwares that open links Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-14 00:01:02 +0000