nextcloud

mirror of https://github.com/nextcloud/server.git synced 2026-02-10 06:15:08 -05:00

Author	SHA1	Message	Date
Joas Schilling	d306757ffb	Only ignore attempts of the same action Signed-off-by: Joas Schilling <coding@schilljs.com>	2022-07-07 09:03:55 +00:00
Carl Schwan	467780ff4e	Fix detection of firefox in ContentSecurityPolicyNonceManager Reuse Request::USER_AGENT_FIREFOX, and also update the safari detection since safari < 12 is not supported anymore and we can remove a bit of code duplication Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2022-06-30 00:46:47 +00:00
Carl Schwan	69b36fc2c5	Don't inject Bruteforce capability info in the webui This capability do DB access and as far I know is not used by the webui. This remove one DB query for each page load. Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2022-04-07 17:33:29 +02:00
Côme Chilliet	6be7aa112f	Migrate from ILogger to LoggerInterface in lib/private Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2022-03-24 16:21:25 +01:00
Robin Appelman	4f594dbf53	cache the path of the certificate bundle Signed-off-by: Robin Appelman <robin@icewind.nl>	2022-03-17 14:58:56 +01:00
Robin Appelman	a887553ddb	return default bundle when there is an error getting the bundle Signed-off-by: Robin Appelman <robin@icewind.nl>	2022-03-14 18:34:09 +01:00
Julius Härtl	bd03dd37be	Allow to set a strict-dynamic CSP through the API Signed-off-by: Julius Härtl <jus@bitgrid.net>	2022-03-09 15:10:27 +01:00
Joas Schilling	b8e0a3dbdd	Use the new option to signaling insensitivity Signed-off-by: Joas Schilling <coding@schilljs.com>	2022-02-07 13:54:54 +01:00
Joas Schilling	b59df35426	Make the DB query simpler (as we just deleted all other entries) Signed-off-by: Joas Schilling <coding@schilljs.com>	2022-01-28 16:55:17 +01:00
Joas Schilling	c6d000f87f	Log bruteforce throttle and blocking Signed-off-by: Joas Schilling <coding@schilljs.com>	2022-01-18 10:10:19 +01:00
Carl Schwan	6312c0df69	Check style update Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2022-01-13 00:19:07 +01:00
Joas Schilling	1d550ab95e	Don't query the bruteforce attempts when we just deleted them Signed-off-by: Joas Schilling <coding@schilljs.com>	2021-12-01 18:01:22 +01:00
Vincent Petry	19f41a60a0	Type hint in IpAddress Signed-off-by: Vincent Petry <vincent@nextcloud.com> Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>	2021-11-22 17:36:26 +01:00
Vincent Petry	f01ad7b8d8	Improve normalizer detecting IPv4 inside of IPv6 The subnet for an IPv4 address inside of IPv6 is now returned in its IPv4 form. Signed-off-by: Vincent Petry <vincent@nextcloud.com>	2021-11-22 16:46:25 +01:00
Vincent Petry	7e08a4ab15	Fix getting subnet of ipv4 mapped ipv6 addresses Signed-off-by: Vincent Petry <vincent@nextcloud.com>	2021-11-22 14:10:11 +01:00
Joas Schilling	c42f5bc5f6	Add an OCP for trusted domain helper Signed-off-by: Joas Schilling <coding@schilljs.com>	2021-10-28 10:24:16 +02:00
Daniel Kesselberg	240eb02585	Set associative = true for cleanup job Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2021-10-07 20:20:09 +02:00
Lukas Reschke	0dcc5c0e9f	Merge pull request #28728 from nextcloud/add-database-backend-limiter Add database ratelimiting backend	2021-09-13 13:07:37 +02:00
Lukas Reschke	474a5b55d3	Implement review feedback Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2021-09-13 11:01:35 +02:00
Lukas Reschke	358eaba7dd	Apply suggestions from code review Signed-off-by: Lukas Reschke <lukas@statuscode.ch> Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com>	2021-09-13 10:43:01 +02:00
Arthur Schiwon	0dee717c94	Confirm mails only per POST - this is to avoid automatic confirmation by certain softwares that open links Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2021-09-09 19:23:04 +02:00
Arthur Schiwon	a20de15b43	add a job to clean up expired verification tokens Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2021-09-09 14:03:35 +02:00
Arthur Schiwon	19cc757531	move verification token logic out of lost password controller - to make it reusable - needed for local email verification Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2021-09-09 14:03:29 +02:00
Lukas Reschke	471167019c	Implement PR review feedback Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2021-09-07 18:03:34 +02:00
Lukas Reschke	a915372c56	phpcs Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2021-09-06 17:50:23 +02:00
Lukas Reschke	378cc922c4	Adjust logic to store period instead of current timestamp Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2021-09-06 17:31:36 +02:00
Lukas Reschke	d4f97affc1	Add database ratelimiting backend In case no distributed memory cache is specified this adds a database backend for ratelimit purposes. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2021-09-06 16:31:01 +02:00
Daniel Kesselberg	0a15043f69	Throw exception if encrypting the data failed. Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2021-07-05 10:23:16 +02:00
John Molakvoæ (skjnldsv)	215aef3cbd	Update php licenses Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	2021-06-04 22:02:41 +02:00
Roeland Jago Douma	ee3dc57cbd	Merge pull request #26626 from J0WI/strict-security Make Security module strict	2021-05-18 08:43:13 +02:00
Morris Jobke	393309b98f	Merge pull request #25714 from nextcloud/fix/23197/explicitly_check_hex2bin_input Explicitly check hex2bin input	2021-04-22 13:23:39 +02:00
J0WI	ca7b37ce5a	Make Security module strict Signed-off-by: J0WI <J0WI@users.noreply.github.com>	2021-04-19 17:31:12 +02:00
Lukas Reschke	e5a4236e68	Increase subnet matcher Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2021-04-07 12:28:59 +00:00
Roeland Jago Douma	16652ac6c6	Explicitly check hex2bin input For #23197 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2021-02-18 20:12:20 +01:00
dependabot-preview[bot]	eb502c02ff	Bump nextcloud/coding-standard from 0.3.0 to 0.5.0 Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 0.3.0 to 0.5.0. - [Release notes](https://github.com/nextcloud/coding-standard/releases) - [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md) - [Commits](https://github.com/nextcloud/coding-standard/compare/v0.3.0...v0.5.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2021-02-18 13:31:24 +01:00
Morris Jobke	24d436cb60	Remove unneeded casts that were found by Psalm In preparation of the update of Psalm from 4.2.1 to 4.3.1+ (see https://github.com/nextcloud/server/pull/24521) Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2021-01-11 13:14:41 +01:00
Christoph Wurst	d89a75be0b	Update all license headers for Nextcloud 21 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-12-16 18:48:22 +01:00
Julius Härtl	f5501ca276	Avoid checking for brute force protection capabilities when upgrading This might happen a releases that doesn't have this table yet Signed-off-by: Julius Härtl <jus@bitgrid.net>	2020-12-09 12:13:33 +01:00
Joas Schilling	5b5aebbf66	Replace the credentials table with one that can have empty user Primary key columns on Oracle can not have empty strings Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-11-10 15:36:27 +01:00
Joas Schilling	1aa9c9164d	Fix comparing the empty string for global credentials Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-11-10 15:36:26 +01:00
Joas Schilling	8027dcbc6f	Don't leave cursors open when tests fail Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-11-09 12:28:17 +01:00
Roeland Jago Douma	54b9f639a6	Always return the default path if we can Just check in the certifcate manager. So every part of the system that request the certificatebundle gets the defaullt one (the 99% case) if we can. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2020-11-03 00:13:01 +01:00
Morris Jobke	dc479aae2d	Improve CertificateManager to not be user context dependent * removes the ability for users to import their own certificates (for external storage) * reliably returns the same certificate bundles system wide (and not depending on the user context and available sessions) The user specific certificates were broken in some cases anyways, as they are only loaded if the specific user is logged in and thus causing unexpected behavior for background jobs and other non-user triggered code paths. Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2020-11-03 00:13:01 +01:00
lynn-stephenson	648b60fa0e	Derive encryption key & MAC key from a single key. Signed-off-by: lynn-stephenson <lynn.stephenson@protonmail.com>	2020-10-15 21:23:24 -08:00
Roeland Jago Douma	8fae2beece	Limit throttler to 48 hours Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2020-10-08 19:51:13 +02:00
Roeland Jago Douma	6c1b542def	Add cleanup job for old brutefoce attempts Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2020-10-08 19:51:13 +02:00
Christoph Wurst	d9015a8c94	Format code to a single space around binary operators Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-10-05 20:25:24 +02:00
Morris Jobke	99c9423766	Remove @suppress SqlInjectionChecker Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2020-09-16 15:53:56 +02:00
Joas Schilling	c25063dc07	Don't break when the IP is empty Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-09-10 14:20:27 +02:00
Christoph Wurst	2a054e6c04	Update the license headers for Nextcloud 20 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-08-24 14:54:25 +02:00

1 2 3 4

169 commits