summaryrefslogtreecommitdiffstats
path: root/tests/lib/Security
Commit message (Collapse)AuthorAgeFilesLines
* Validate requested length is random string generatorVincent Petry2022-05-121-1/+16
| | | | Signed-off-by: Vincent Petry <vincent@nextcloud.com>
* Add CSP policy merge priority for booleansVincent Petry2022-04-011-1/+2
| | | | | | When two booleans conflict when merging CSP policies, true will win. Signed-off-by: Vincent Petry <vincent@nextcloud.com>
* Migrate from ILogger to LoggerInterface where needed in the testsCôme Chilliet2022-03-243-9/+9
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Allow to set a strict-dynamic CSP through the APIJulius Härtl2022-03-091-0/+2
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Check style updateCarl Schwan2022-01-131-1/+1
| | | | Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* Improve normalizer detecting IPv4 inside of IPv6Vincent Petry2021-11-221-1/+9
| | | | | | | The subnet for an IPv4 address inside of IPv6 is now returned in its IPv4 form. Signed-off-by: Vincent Petry <vincent@nextcloud.com>
* Fix getting subnet of ipv4 mapped ipv6 addressesVincent Petry2021-11-221-0/+4
| | | | Signed-off-by: Vincent Petry <vincent@nextcloud.com>
* Add an OCP for trusted domain helperJoas Schilling2021-10-281-10/+23
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Remove tests that just prove mocked calls and don't actually validate ↵Julius Härtl2021-09-271-81/+0
| | | | | | anything useful Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Merge pull request #28728 from nextcloud/add-database-backend-limiterLukas Reschke2021-09-132-36/+19
|\ | | | | Add database ratelimiting backend
| * Adjust testsLukas Reschke2021-09-062-16/+12
| | | | | | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
| * Adjust logic to store period instead of current timestampLukas Reschke2021-09-062-20/+7
| | | | | | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* | add a job to clean up expired verification tokensArthur Schiwon2021-09-091-2/+39
| | | | | | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | move verification token logic out of lost password controllerArthur Schiwon2021-09-091-0/+272
|/ | | | | | | - to make it reusable - needed for local email verification Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* Merge pull request #26626 from J0WI/strict-securityRoeland Jago Douma2021-05-1822-0/+64
|\ | | | | Make Security module strict
| * Make Security module strictJ0WI2021-04-1922-0/+64
| | | | | | | | Signed-off-by: J0WI <J0WI@users.noreply.github.com>
* | Update CredentialsManagerTest.phpJoas Schilling2021-04-211-3/+0
| | | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Fix security credentials manager testJoas Schilling2021-04-201-18/+11
|/ | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Increase subnet matcherLukas Reschke2021-04-071-2/+10
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Bump nextcloud/coding-standard from 0.3.0 to 0.5.0dependabot-preview[bot]2021-02-181-1/+1
| | | | | | | | | | Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 0.3.0 to 0.5.0. - [Release notes](https://github.com/nextcloud/coding-standard/releases) - [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md) - [Commits](https://github.com/nextcloud/coding-standard/compare/v0.3.0...v0.5.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Bump doctrine/dbal from 2.12.0 to 3.0.0Christoph Wurst2021-01-081-4/+11
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Improve CertificateManager to not be user context dependentMorris Jobke2020-11-031-42/+19
| | | | | | | | | * removes the ability for users to import their own certificates (for external storage) * reliably returns the same certificate bundles system wide (and not depending on the user context and available sessions) The user specific certificates were broken in some cases anyways, as they are only loaded if the specific user is logged in and thus causing unexpected behavior for background jobs and other non-user triggered code paths. Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Implement unit tests for versions 1 and 2.lynn-stephenson2020-10-151-0/+20
| | | | Signed-off-by: lynn-stephenson <lynn.stephenson@protonmail.com>
* Format code to a single space around binary operatorsChristoph Wurst2020-10-051-4/+4
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Don't break when the IP is emptyJoas Schilling2020-09-101-2/+22
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Change PHPDoc type hint from PHPUnit_Framework_MockObject_MockObject to ↵Morris Jobke2020-08-127-23/+23
| | | | | | \PHPUnit\Framework\MockObject\MockObject Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Use random_bytesRoeland Jago Douma2020-05-111-4/+11
| | | | | | | Since we don't care if it is human readbale. The code is backwards compatible with the old format. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Fix Argon2 options checksMichaIng2020-04-301-0/+5
| | | | | | | | | | | The minimum for memory cost is 8 KiB per thread. Threads must be checked and set first to allow checking against the correct memory cost mimimum. Options are now applied the following way: - If config.php contains the setting with an integer higher or equal to the minimum, it is applied. - If config.php contains the setting with an integer lower than the minimum, the minimum is applied. - If config.php does not contain the setting or with no integer value, the PHP default is applied. Signed-off-by: MichaIng <micha@dietpi.com> Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* fix credentialsManager documentation and ensure userId to be used as stringArthur Schiwon2020-04-151-3/+3
| | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* add DB tests for credentials managerArthur Schiwon2020-04-151-0/+33
| | | | | | | these are actually expected to FAIL, because NULL as a userid is not allowed in the schema, but documented to be used on the source Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* Add visibility to all methods and position of static keywordChristoph Wurst2020-04-104-17/+17
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Format control structures, classes, methods and functionChristoph Wurst2020-04-1012-23/+6
| | | | | | | | | | | | | | | To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Unify function spacing to PSR2 recommendationChristoph Wurst2020-04-094-8/+8
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Use a blank line after the opening tagChristoph Wurst2020-04-093-0/+3
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Use exactly one empty line after the namespace declarationChristoph Wurst2020-04-091-1/+0
| | | | | | For PSR2 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Merge pull request #20170 from nextcloud/techdebt/remove-unused-importsChristoph Wurst2020-03-275-11/+0
|\ | | | | Remove unused imports
| * Remove unused importsChristoph Wurst2020-03-255-11/+0
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Use the short array syntax, everywhereChristoph Wurst2020-03-263-21/+21
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Use the shorter phpunit syntax for mocked return valuesChristoph Wurst2020-03-253-6/+6
|/ | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add Argon2id supportRoeland Jago Douma2020-02-071-18/+56
| | | | | | When available we should use argon2id for hashing. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Allow selecting the hashing algorithmRoeland Jago Douma2020-02-031-2/+63
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Move overwritehost check to isTrustedDomainJulius Härtl2019-12-071-1/+16
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Mode to modern phpunitRoeland Jago Douma2019-11-2716-52/+54
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Make phpunit8 compatibleRoeland Jago Douma2019-11-2720-21/+21
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Some php-cs fixesRoeland Jago Douma2019-11-2211-9/+12
| | | | | | | | | | | * Order the imports * No leading slash on imports * Empty line before namespace * One line per import * Empty after imports * Emmpty line at bottom of file Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* make TrustedDomainHelper case insensitiveJohannes Koenig2019-10-061-0/+5
| | | | Signed-off-by: Johannes Koenig <mail@jokoenig.de>
* Harden identifyproof openssl codeRoeland Jago Douma2019-09-141-7/+14
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Fix report of phpstan in LimiterRoeland Jago Douma2019-08-191-8/+0
| | | | | | | | * unneeded arguments to constructor * added return types * let automatic DI do its work Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add testsRoeland Jago Douma2019-08-102-0/+137
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Update CSP test cases to handle the new form-actionRoeland Jago Douma2019-07-311-2/+6
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-12 14:01:21 +0000