aboutsummaryrefslogtreecommitdiffstats
path: root/tests/lib/Security
Commit message (Collapse)AuthorAgeFilesLines
* fix(ratelimit): Allow to bypass rate-limit from bruteforce allowlistbackport/50234/stable31Joas Schilling2025-01-272-212/+162
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* fix(migration): Decrypt ownCloud secrets v2Christoph Wurst2024-11-281-0/+13
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* fix(tests): Add RemoteAddress v6 zone ID testJosh2024-11-041-0/+2
| | | Signed-off-by: Josh <josh.t.richards@gmail.com>
* Merge pull request #32018 from nextcloud/cleanup/event/trashbinCôme Chilliet2024-09-241-1/+1
|\ | | | | Port files trashbin events to IEventDispatcher/IEventListener
| * fix(tests): Fix tests now that trashbin listens to events properlyCôme Chilliet2024-09-231-1/+1
| | | | | | | | | | | | | | Hooks are cleared in test bootstrap so switching to events activates them in tests. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* | fix: gracefully parse non-standard trusted certificatesfix/gracefully-parse-trusted-certificatesRichard Steinmetz2024-09-241-1/+6
|/ | | | Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
* chore(deps): Update nextcloud/coding-standard to v1.3.1provokateurin2024-09-193-3/+3
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* refactor: Add void return type to PHPUnit test methodsChristoph Wurst2024-09-1526-113/+113
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* style: update codestyle for coding-standard 1.2.3Daniel Kesselberg2024-08-252-9/+9
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* feat(Security): Allow setting password context for validation and generationFerdinand Thiessen2024-08-222-0/+61
| | | | | | Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de> Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com> Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* test: Adjust tests for CSP nonceFerdinand Thiessen2024-08-131-9/+14
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* Merge pull request #46571 from nextcloud/chore/migrate-to-filenamevalidatorStephan Orbaugh2024-07-221-9/+6
|\ | | | | refactor: Migrate some legacy and core functions to `IFilenameValidator`
| * refactor: Migrate some legacy and core functions to `IFilenameValidator`Ferdinand Thiessen2024-07-191-9/+6
| | | | | | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* | feat(security): Add public API to allow validating IP Ranges and checking ↵Joas Schilling2024-07-191-13/+16
| | | | | | | | | | | | | | for "in range" Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
* | feat(security): restrict admin actions to IP rangesBenjamin Gaussorgues2024-07-191-0/+74
|/ | | | Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
* test: Test hash validationChristopher Ng2024-07-041-0/+25
| | | | Signed-off-by: Christopher Ng <chrng8@gmail.com>
* chore: Add SPDX headerAndy Scherzinger2024-05-1328-429/+70
| | | | Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
* fix(security): Handle idn_to_utf8 returning falseJoas Schilling2023-12-041-3/+12
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* chore: apply changes from Nextcloud coding standards 1.1.1Joas Schilling2023-11-233-11/+11
| | | | | Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
* fix(CSP): Only add `strict-dynamic` when using noncesFerdinand Thiessen2023-11-171-2/+2
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* fix!(ContentSecurityPolicy): Make `strict-dynamic` enabled by default on ↵Ferdinand Thiessen2023-11-171-2/+2
| | | | | | `script-src-elem` Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* fix: Make bypass function public APIJoas Schilling2023-08-212-5/+5
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* feat: Expose if the own IP is allowed to bypass bruteforce protectionJoas Schilling2023-08-211-4/+11
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* feat(security): Add a bruteforce protection backend base on memcacheJoas Schilling2023-08-212-23/+164
| | | | | | Similar to the ratelimit backend Signed-off-by: Joas Schilling <coding@schilljs.com>
* fix: Align doc type with creationJoas Schilling2023-07-272-4/+2
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* chore(appframework)!: Drop ↵Christoph Wurst2023-06-121-6/+2
| | | | | | \OCP\AppFramework\Http\EmptyContentSecurityPolicy::allowInlineScript Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Adapt tests to config value typingCôme Chilliet2023-04-054-11/+11
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Merge pull request #37542 from ↵Joas Schilling2023-04-031-0/+9
|\ | | | | | | | | nextcloud/bugfix/noid/allow-to-opt-out-of-ratelimit-for-testing feat(security): Allow to opt-out of ratelimit protection, e.g. for te…
| * feat(security): Allow to opt-out of ratelimit protection, e.g. for testing on CIJoas Schilling2023-04-031-0/+9
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | fix DBAL exception handling in setValuesArthur Schiwon2023-03-311-2/+21
|/ | | | | | | | | This seems to be a left over after abstracting DBAL. Nowadays, IQueryBuilder::executeStatement() only throws a \OCP\DB\Exception, where previously original DBAL exceptions where thrown. These are now wrapped, the orignal classes are now mapped to a reason. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* composer run cs:fixCôme Chilliet2023-01-206-6/+0
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Fix syntax in VerificationTokenTest.phpCôme Chilliet2022-11-151-1/+1
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Fix dynamic properties and other problems in tests for PHP 8.2Côme Chilliet2022-11-141-4/+7
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Add remote host validation APIChristoph Wurst2022-10-312-0/+255
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Remove deprecated at matcher from tests/libCôme Chilliet2022-08-292-25/+25
| | | | | | Only 15 warnings left in there Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Validate requested length is random string generatorVincent Petry2022-05-121-1/+16
| | | | Signed-off-by: Vincent Petry <vincent@nextcloud.com>
* Add CSP policy merge priority for booleansVincent Petry2022-04-011-1/+2
| | | | | | When two booleans conflict when merging CSP policies, true will win. Signed-off-by: Vincent Petry <vincent@nextcloud.com>
* Migrate from ILogger to LoggerInterface where needed in the testsCôme Chilliet2022-03-243-9/+9
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Allow to set a strict-dynamic CSP through the APIJulius Härtl2022-03-091-0/+2
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Check style updateCarl Schwan2022-01-131-1/+1
| | | | Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* Improve normalizer detecting IPv4 inside of IPv6Vincent Petry2021-11-221-1/+9
| | | | | | | The subnet for an IPv4 address inside of IPv6 is now returned in its IPv4 form. Signed-off-by: Vincent Petry <vincent@nextcloud.com>
* Fix getting subnet of ipv4 mapped ipv6 addressesVincent Petry2021-11-221-0/+4
| | | | Signed-off-by: Vincent Petry <vincent@nextcloud.com>
* Add an OCP for trusted domain helperJoas Schilling2021-10-281-10/+23
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Remove tests that just prove mocked calls and don't actually validate ↵Julius Härtl2021-09-271-81/+0
| | | | | | anything useful Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Merge pull request #28728 from nextcloud/add-database-backend-limiterLukas Reschke2021-09-132-36/+19
|\ | | | | Add database ratelimiting backend
| * Adjust testsLukas Reschke2021-09-062-16/+12
| | | | | | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
| * Adjust logic to store period instead of current timestampLukas Reschke2021-09-062-20/+7
| | | | | | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* | add a job to clean up expired verification tokensArthur Schiwon2021-09-091-2/+39
| | | | | | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | move verification token logic out of lost password controllerArthur Schiwon2021-09-091-0/+272
|/ | | | | | | - to make it reusable - needed for local email verification Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* Merge pull request #26626 from J0WI/strict-securityRoeland Jago Douma2021-05-1822-0/+64
|\ | | | | Make Security module strict
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-30 03:20:55 +0000