aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/security
Commit message (Collapse)AuthorAgeFilesLines
* Move \OC\Security to PSR-4Roeland Jago Douma2016-04-1413-1537/+0
|
* Explicitly check for portLukas Reschke2016-03-101-0/+6
| | | | | | The setup uses `\OCP\IRequest::getInsecureServerHost` which in some cases can also include a port. This makes the trusted domain check fail thus. I've decided to add this here that way because adjusting the setup would require parsing the host properly. This is not something that can be done very good in PHP. Check the following example for why `parse_url` is not our friend: https://3v4l.org/k501Z
* Update author informationLukas Reschke2016-03-011-2/+2
| | | | Probably nice for the people that contributed to 9.0 to see themselves in the AUTHORS file :)
* Add public API to give developers the possibility to adjust the global CSP ↵Lukas Reschke2016-01-282-0/+272
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | defaults Allows to inject something into the default content policy. This is for example useful when you're injecting Javascript code into a view belonging to another controller and cannot modify its Content-Security-Policy itself. Note that the adjustment is only applied to applications that use AppFramework controllers. To use this from your `app.php` use `\OC::$server->getContentSecurityPolicyManager()->addDefaultPolicy($policy)`, $policy has to be of type `\OCP\AppFramework\Http\ContentSecurityPolicy`. To test this add something like the following into an `app.php` of any enabled app: ``` $manager = \OC::$server->getContentSecurityPolicyManager(); $policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(false); $policy->addAllowedFrameDomain('asdf'); $policy->addAllowedScriptDomain('yolo.com'); $policy->allowInlineScript(false); $manager->addDefaultPolicy($policy); $policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(false); $policy->addAllowedFontDomain('yolo.com'); $manager->addDefaultPolicy($policy); $policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(false); $policy->addAllowedFrameDomain('banana.com'); $manager->addDefaultPolicy($policy); ``` If you now open the files app the policy should be: ``` Content-Security-Policy:default-src 'none';script-src yolo.com 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src yolo.com 'self';connect-src 'self';media-src 'self';frame-src asdf banana.com 'self' ```
* Add new CSRF manager for unit testing purposesLukas Reschke2016-01-254-0/+298
| | | | This adds a new CSRF manager for unit testing purposes, it's interface is based upon https://github.com/symfony/security-csrf. Due to some of our required custom changes it is however not possible to use the Symfony component directly.
* Introduce CredentialsManager for storage of credentials in DBRobin McCorkell2016-01-181-0/+125
| | | | | | | | | | | CredentialsManager performs a simple role, of storing and retrieving encrypted credentials from the database. Credentials are stored by user ID (which may be null) and credentials identifier. Credentials themselves may be of any type that can be JSON encoded. The rationale behind this is to avoid further (mis)use of oc_preferences, which was being used for all manner of data not related to user preferences.
* Fix usage of PHP method within namespaceMorris Jobke2016-01-141-1/+1
| | | | * introduced wiht 045ea4eb
* Merge pull request #21653 from owncloud/update-license-headers-2016Thomas Müller2016-01-136-6/+7
|\ | | | | Update license headers 2016
| * Happy new year!Thomas Müller2016-01-126-6/+7
| |
* | Allow admins to add system wide root certificatesRobin Appelman2016-01-121-11/+78
|/
* getLowStrengthGenerator does not do anything anymoreRoeland Jago Douma2016-01-111-1/+1
|
* Use PHP polyfillsLukas Reschke2015-12-114-94/+15
|
* Do not trust castingLukas Reschke2015-12-081-1/+1
|
* Remove legacy checkLukas Reschke2015-12-081-5/+0
| | | | This one is not required anymore as we have the RepairConfig repair step since November 2014.
* Use native CSPRNG if availableLukas Reschke2015-11-091-3/+16
| | | | Unfortunately only PHP 7…
* update licence headers via scriptMorris Jobke2015-10-051-0/+1
|
* Move certificate bundle into resources/config/Lukas Reschke2015-09-221-1/+1
|
* don't read certificates if ownCloud is not installedBjoern Schiessle2015-08-301-1/+14
|
* Remove "use" statementLukas Reschke2015-08-051-2/+5
| | | | Ref https://bugs.php.net/bug.php?id=66773
* Update phpseclib to 2.0Andreas Fischer2015-08-031-5/+5
|
* Fix type annotationLukas Reschke2015-04-271-1/+1
| | | | Obviously should be an int
* Proper return typesLukas Reschke2015-04-201-2/+2
|
* Verify if returned object is an arrayLukas Reschke2015-04-201-10/+10
| | | | The error has to be thrown at this point as otherwise errors and notices are thrown since the time cannot be parsed in L60 and L61
* Update license headersJenkins for ownCloud2015-03-267-28/+130
|
* Add wrapper for GuzzleLukas Reschke2015-03-251-1/+9
|
* Revert "Updating license headers"Morris Jobke2015-02-267-123/+36
| | | | This reverts commit 6a1a4880f0d556fb090f19a5019fec31916f5c36.
* Updating license headersJenkins for ownCloud2015-02-237-36/+123
|
* Make scrutinizer happyLukas Reschke2015-02-161-1/+1
|
* Refactor OC_Request into TrustedDomainHelper and IRequestLukas Reschke2015-02-161-0/+75
| | | | | | | | | | This changeset removes the static class `OC_Request` and moves the functions either into `IRequest` which is accessible via `\OC::$server::->getRequest()` or into a separated `TrustedDomainHelper` class for some helper methods which should not be publicly exposed. This changes only internal methods and nothing on the public API. Some public functions in `util.php` have been deprecated though in favour of the new non-static functions. Unfortunately some part of this code uses things like `__DIR__` and thus is not completely unit-testable. Where tests where possible they ahve been added though. Fixes https://github.com/owncloud/core/issues/13976 which was requested in https://github.com/owncloud/core/pull/13973#issuecomment-73492969
* URLEncode logout attributeLukas Reschke2015-02-131-2/+1
| | | | Otherwise logout can fail if the requesttoken contains a +
* certificate manager should always use a \OC\Files\View otherwise we will get ↵Bjoern Schiessle2015-01-261-14/+18
| | | | problems for different primary storages
* certificate manager only needs the user-id, no need to pass on the complete ↵Bjoern Schiessle2015-01-261-6/+6
| | | | user object
* Next step in server-to-server sharing next generation, see #12285Bjoern Schiessle2014-12-191-5/+11
| | | | | | | | | | | | | | Beside some small improvements and bug fixes this will probably the final state for OC8. To test this you need to set up two ownCloud instances. Let's say: URL: myPC/firstOwnCloud user: user1 URL: myPC/secondOwnCloud user: user2 Now user1 can share a file with user2 by entering the username and the URL to the second ownCloud to the share-drop-down, in this case "user2@myPC/secondOwnCloud". The next time user2 login he will get a notification that he received a server-to-server share with the option to accept/decline it. If he accept it the share will be mounted. In both cases a event will be send back to user1 and add a notification to the activity stream that the share was accepted/declined. If user1 decides to unshare the file again from user2 the share will automatically be removed from the second ownCloud server and user2 will see a notification in his activity stream that user1@myPC/firstOwnCloud has unshared the file/folder from him.
* Remove workaround for 5.3Lukas Reschke2014-12-041-18/+2
| | | | Function is natively available with 5.4
* Merge pull request #12218 from owncloud/issue/10991-fixesMorris Jobke2014-11-171-0/+1
|\ | | | | Issue/10991 Make unit tests pass on windows
| * Correctly close handle of directory when listing certificatesJoas Schilling2014-11-171-0/+1
| |
* | Add OCP\Security\IHasherLukas Reschke2014-11-061-0/+146
|/ | | | | | | Public interface for hashing which also works with legacy ownCloud hashes and supports updating the legacy hash via a passed reference. Follow-up of https://github.com/owncloud/core/pull/10219#issuecomment-61624662 Requires https://github.com/owncloud/3rdparty/pull/136
* Remove unused and overflowing functionLukas Reschke2014-09-181-19/+0
| | | | Resolves https://github.com/owncloud/core/issues/10991 failure 4
* Return false in case one of the values is nullLukas Reschke2014-09-121-0/+4
|
* Add custom hex2bin implementation for 5.3Lukas Reschke2014-09-111-2/+18
| | | | Fixes https://github.com/owncloud/core/issues/11004
* Merge pull request #10642 from owncloud/securityutilsLukas Reschke2014-09-033-0/+236
|\ | | | | Add some security utilities
| * Add char consts, hash the specified password for the HMACLukas Reschke2014-09-032-1/+8
| |
| * Use DILukas Reschke2014-08-271-5/+13
| |
| * Add some security utilitiesLukas Reschke2014-08-273-0/+221
| | | | | | | | | | | | | | | | | | | | | | | This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this
* Explicitly set the timezonesRobin Appelman2014-08-311-2/+3
|
* Add unit tests and fix rootcerts creation bugLukas Reschke2014-08-312-30/+34
|
* check for blacklisted file certificate filenamesRobin Appelman2014-08-311-1/+1
|
* Rename namespaceRobin Appelman2014-08-312-0/+255
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-16 02:57:44 +0000