summaryrefslogtreecommitdiffstats
path: root/tests/lib/security
Commit message (Collapse)AuthorAgeFilesLines
* Fix "Class 'Test\Security\DateTime' not found"Joas Schilling2016-05-191-5/+5
|
* Fix namespaces in security/Joas Schilling2016-05-1912-0/+25
|
* [master] Ignore certificate file if it starts with file://Lukas Reschke2016-04-211-0/+8
|
* Explicitly check for portLukas Reschke2016-03-101-1/+9
| | | | | | The setup uses `\OCP\IRequest::getInsecureServerHost` which in some cases can also include a port. This makes the trusted domain check fail thus. I've decided to add this here that way because adjusting the setup would require parsing the host properly. This is not something that can be done very good in PHP. Check the following example for why `parse_url` is not our friend: https://3v4l.org/k501Z
* Add public API to give developers the possibility to adjust the global CSP ↵Lukas Reschke2016-01-281-0/+66
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | defaults Allows to inject something into the default content policy. This is for example useful when you're injecting Javascript code into a view belonging to another controller and cannot modify its Content-Security-Policy itself. Note that the adjustment is only applied to applications that use AppFramework controllers. To use this from your `app.php` use `\OC::$server->getContentSecurityPolicyManager()->addDefaultPolicy($policy)`, $policy has to be of type `\OCP\AppFramework\Http\ContentSecurityPolicy`. To test this add something like the following into an `app.php` of any enabled app: ``` $manager = \OC::$server->getContentSecurityPolicyManager(); $policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(false); $policy->addAllowedFrameDomain('asdf'); $policy->addAllowedScriptDomain('yolo.com'); $policy->allowInlineScript(false); $manager->addDefaultPolicy($policy); $policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(false); $policy->addAllowedFontDomain('yolo.com'); $manager->addDefaultPolicy($policy); $policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(false); $policy->addAllowedFrameDomain('banana.com'); $manager->addDefaultPolicy($policy); ``` If you now open the files app the policy should be: ``` Content-Security-Policy:default-src 'none';script-src yolo.com 'self' 'unsafe-eval';style-src 'self' 'unsafe-inline';img-src 'self' data: blob:;font-src yolo.com 'self';connect-src 'self';media-src 'self';frame-src asdf banana.com 'self' ```
* Add new CSRF manager for unit testing purposesLukas Reschke2016-01-254-0/+328
| | | | This adds a new CSRF manager for unit testing purposes, it's interface is based upon https://github.com/symfony/security-csrf. Due to some of our required custom changes it is however not possible to use the Symfony component directly.
* fix testRobin Appelman2016-01-181-1/+13
|
* Introduce CredentialsManager for storage of credentials in DBRobin McCorkell2016-01-181-0/+90
| | | | | | | | | | | CredentialsManager performs a simple role, of storing and retrieving encrypted credentials from the database. Credentials are stored by user ID (which may be null) and credentials identifier. Credentials themselves may be of any type that can be JSON encoded. The rationale behind this is to avoid further (mis)use of oc_preferences, which was being used for all manner of data not related to user preferences.
* Allow admins to add system wide root certificatesRobin Appelman2016-01-121-8/+15
|
* getMediumStrengthGenerator is deprecated and does not do anything anymoreRoeland Jago Douma2016-01-111-2/+2
|
* getLowStrengthGenerator does not do anything anymoreRoeland Jago Douma2016-01-111-1/+1
|
* Removed deprecated function OC_User::deleteUserRoeland Jago Douma2015-12-171-1/+2
| | | | Replaced with proper OCP calls
* Removed deprecated private OC_User::createUserRoeland Jago Douma2015-12-171-1/+1
| | | | | All function calls are replaced with the recommended (which was already the body of the function).
* Use PHP polyfillsLukas Reschke2015-12-112-42/+3
|
* Do not trust castingLukas Reschke2015-12-081-0/+2
|
* Apply DB group annotation ...Thomas Müller2015-11-301-0/+5
|
* don't read certificates if ownCloud is not installedBjoern Schiessle2015-08-301-1/+5
|
* Use certificates that expire in 10 yearsLukas Reschke2015-08-271-9/+6
| | | | :speak_no_evil: :speak_no_evil: :speak_no_evil:
* Move the helpful method to the TestCase classJoas Schilling2015-06-031-4/+5
|
* Adjust tests and statuscodeLukas Reschke2015-04-201-5/+15
|
* Fix filesLukas Reschke2015-04-201-2/+6
|
* Verify if returned object is an arrayLukas Reschke2015-04-201-14/+28
| | | | The error has to be thrown at this point as otherwise errors and notices are thrown since the time cannot be parsed in L60 and L61
* Refactor OC_Request into TrustedDomainHelper and IRequestLukas Reschke2015-02-161-0/+70
| | | | | | | | | | This changeset removes the static class `OC_Request` and moves the functions either into `IRequest` which is accessible via `\OC::$server::->getRequest()` or into a separated `TrustedDomainHelper` class for some helper methods which should not be publicly exposed. This changes only internal methods and nothing on the public API. Some public functions in `util.php` have been deprecated though in favour of the new non-static functions. Unfortunately some part of this code uses things like `__DIR__` and thus is not completely unit-testable. Where tests where possible they ahve been added though. Fixes https://github.com/owncloud/core/issues/13976 which was requested in https://github.com/owncloud/core/pull/13973#issuecomment-73492969
* certificate manager should always use a \OC\Files\View otherwise we will get ↵Bjoern Schiessle2015-01-261-2/+2
| | | | problems for different primary storages
* certificate manager only needs the user-id, no need to pass on the complete ↵Bjoern Schiessle2015-01-261-4/+2
| | | | user object
* Make remaining files extend the test baseJoas Schilling2014-11-195-7/+14
|
* Merge pull request #12218 from owncloud/issue/10991-fixesMorris Jobke2014-11-171-3/+3
|\ | | | | Issue/10991 Make unit tests pass on windows
| * Correctly close handle of directory when listing certificatesJoas Schilling2014-11-171-3/+3
| |
* | Add OCP\Security\IHasherLukas Reschke2014-11-061-0/+115
|/ | | | | | | Public interface for hashing which also works with legacy ownCloud hashes and supports updating the legacy hash via a passed reference. Follow-up of https://github.com/owncloud/core/pull/10219#issuecomment-61624662 Requires https://github.com/owncloud/3rdparty/pull/136
* Remove unused and overflowing functionLukas Reschke2014-09-181-5/+0
| | | | Resolves https://github.com/owncloud/core/issues/10991 failure 4
* Merge pull request #10642 from owncloud/securityutilsLukas Reschke2014-09-033-0/+184
|\ | | | | Add some security utilities
| * Add test for the second argumentLukas Reschke2014-09-031-0/+19
| |
| * Refactor tests a little bitLukas Reschke2014-09-033-31/+61
| |
| * Add char consts, hash the specified password for the HMACLukas Reschke2014-09-031-1/+1
| |
| * Use DILukas Reschke2014-08-271-6/+6
| |
| * Add some security utilitiesLukas Reschke2014-08-273-0/+135
| | | | | | | | | | | | | | | | | | | | | | | This adds some security utilities to core including: - A library for basic crypto operations (e.g. to encrypt passwords) - A better library for cryptographic actions which allows you to specify the charset - A library for secure string comparisions Remove .htaccess Remove .htaccess Fix typo Add public API Use timing constant comparision Remove CBC constant Adjust code Remove confusing $this
* 5.3 syntax...Robin Appelman2014-08-311-9/+14
|
* Explicitly set the timezonesRobin Appelman2014-08-311-6/+6
|
* Add test for expired certificateLukas Reschke2014-08-311-3/+1
| | | | Will only work after tomorrow
* Add unit tests and fix rootcerts creation bugLukas Reschke2014-08-312-0/+177
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-03 14:14:55 +0000