upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-02-17 18:00:44 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 11
79918 commits 691 branches 1186 tags 6.6 GiB
Commit graph

252 commits

Author SHA1 Message Date
Benjamin Gaussorgues
fffde28b51 feat(ip): use larger IPv6 range by default 
Some providers assign `/48` IPv6 blocks instead of `/64` so it sounds safer
to use this mask by default.

Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2025-04-08 09:16:13 +00:00
Joas Schilling
77fddb8f23 fix(ratelimit): Allow to bypass rate-limit from bruteforce allowlist 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2025-01-27 13:21:36 +00:00
Benjamin Gaussorgues
9f0c113135
Merge pull request #49599 from nextcloud/feat/bruteforce-max-attempts 2024-12-06 11:20:58 +01:00
Maxence Lange
a6e8d41c25 fix(signed-request): trigger metadata insert with default value manually 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2024-12-05 13:18:34 -01:00
Maxence Lange
15b72281df fix(signatory): details on interfaces 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2024-12-04 09:30:55 -01:00
Maxence Lange
4df3155523 fix(signed-request): removing unstable from public 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2024-12-04 09:30:55 -01:00
Maxence Lange
948547bd5d fix(ocm): signatory mapper 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2024-12-04 09:30:55 -01:00
Maxence Lange
4b06620055 feat(signatory): switch to qbmapper 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2024-12-04 09:30:55 -01:00
Maxence Lange
862a411118 fix(ocm): simpler code 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2024-12-04 09:30:55 -01:00
Maxence Lange
f08d053290 fix(ocm): switching to IdentityProof 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2024-12-04 09:30:55 -01:00
Maxence Lange
4591430c9c feat(ocm): signing ocm requests 
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
 2024-12-04 09:30:55 -01:00
Benjamin Gaussorgues
1fd19685f1
chore(bruteforce): allows to configure max attempts before request abort 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-12-03 10:48:10 +01:00
Christoph Wurst
1323e5bcb1
fix(migration): Decrypt ownCloud secrets v2 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2024-11-28 09:00:33 +01:00
Josh
077eea18b5
fix(security): Handle IPv6 zone IDs used in link-local addresses 
Signed-off-by: Josh <josh.t.richards@gmail.com>
 2024-10-31 17:01:34 -04:00
Josh
4873dcbf1e
fix(security): Handle IPv6 zone IDs used in link-local addresses 
Signed-off-by: Josh <josh.t.richards@gmail.com>
 2024-10-31 16:59:27 -04:00
dependabot[bot]
bb598c8451
chore(deps): Bump nextcloud/coding-standard in /vendor-bin/cs-fixer 
Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 1.3.1 to 1.3.2.
- [Release notes](https://github.com/nextcloud/coding-standard/releases)
- [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nextcloud/coding-standard/compare/v1.3.1...v1.3.2)

---
updated-dependencies:
- dependency-name: nextcloud/coding-standard
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-10-19 07:57:35 +02:00
Ferdinand Thiessen
2ef74b9860
Merge pull request #47329 from nextcloud/feat/add-datetime-qbmapper-support 
feat(AppFramework): Add full support for date / time / datetime columns
 2024-10-18 19:05:08 +02:00
Git'Fellow
a1681b0756 chore(db): Apply query prepared statements 
Fix: psalm

fix: bad file

fix: bug

chore: add batch

chore: add batch

chore: add batch

fix: psalm
 2024-10-17 20:30:47 +02:00
Ferdinand Thiessen
db94e10af0
fix: Prevent breaking change in IQueryBuilder 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-10-17 18:31:44 +02:00
Ferdinand Thiessen
e314d52118
fix: Adjust parameter type usage and add SQLite support 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-10-17 18:31:44 +02:00
Git'Fellow
c254855222 chore(db): Correctly apply query types 
fix: psalm

fix: error

fix: add batch

fix: fatal error

fix: add batch

chore: add batch

chore: add batch

fix: psalm

fix: typo

fix: psalm

fix: return bool

fix: revert Manager
 2024-10-17 09:21:07 +02:00
provokateurin
54ec472d9a
fix(BackgroundJobs): Adjust intervals and time sensitivities 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-10-08 11:26:53 +02:00
Richard Steinmetz
19ad13571c
fix: gracefully parse non-standard trusted certificates 
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
 2024-09-24 12:36:09 +02:00
provokateurin
9836e9b164
chore(deps): Update nextcloud/coding-standard to v1.3.1 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-09-19 14:21:20 +02:00
Christoph Wurst
1ee833efab
refactor: Replace __CLASS__ with ::class references 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2024-09-15 21:40:55 +02:00
Anna Larch
8af7ecb257 chore: adjust code to adhere to coding standard 
Signed-off-by: Anna Larch <anna@nextcloud.com>
 2024-09-05 21:23:38 +02:00
Daniel Kesselberg
af6de04e9e
style: update codestyle for coding-standard 1.2.3 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2024-08-25 19:34:58 +02:00
Ferdinand Thiessen
2916e5df7e
feat: Provide CSP nonce as <meta> element 
This way we use the CSP nonce for dynamically loaded scripts.
Important to notice: The CSP nonce must NOT be injected in `content` as
this can lead to value exfiltration using e.g. side-channel attacts (CSS selectors).

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-13 10:32:44 +02:00
Ferdinand Thiessen
86f01a3358
fix: Make sure CSP nonce is not double base64 encoded 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-08-13 09:52:33 +02:00
Stephan Orbaugh
9ed2d3e495
Merge pull request #46571 from nextcloud/chore/migrate-to-filenamevalidator 
refactor: Migrate some legacy and core functions to `IFilenameValidator`
 2024-07-22 10:40:50 +02:00
Ferdinand Thiessen
9716b0d735 refactor: Migrate some legacy and core functions to IFilenameValidator 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-07-19 19:41:46 +02:00
Benjamin Gaussorgues
f1d97a3188
feat(Security): add Factory for IP addresses and ranges 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-07-19 16:28:03 +02:00
Joas Schilling
047479ccf9
feat(security): Add public API to allow validating IP Ranges and checking for "in range" 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-07-19 16:28:03 +02:00
Benjamin Gaussorgues
202e5b1e95
feat(security): restrict admin actions to IP ranges 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-07-19 16:28:03 +02:00
Christopher Ng
415edcac9b chore: More explicit splitHash typing 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2024-07-04 17:05:45 -07:00
Christopher Ng
d9bf6c432e feat: Add method to validate an IHasher hash 
Signed-off-by: Christopher Ng <chrng8@gmail.com>
 2024-07-04 17:05:45 -07:00
Robin Appelman
e140907123 fix: don't use custom certificate bundle if no customer certificates are configured 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2024-06-14 16:27:41 +02:00
John Molakvoæ
258bb03cf5
Merge branch 'master' into refactor/OC-Server-getSecureRandom 
Signed-off-by: John Molakvoæ <skjnldsv@users.noreply.github.com>
 2024-05-30 14:24:22 +02:00
Andy Scherzinger
dae7c159f7
chore: Add SPDX header 
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
 2024-05-24 13:11:22 +02:00
Joas Schilling
b627e6efe4 fix: Correctly check result of function 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-05-15 12:24:25 +02:00
Ferdinand Thiessen
5a513c924f
fix(CSP): Add CSP nonce by default and convert browserSupportsCspV3 to blocklist 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-03-26 17:08:22 +01:00
Andrew Summers
f9ce6bfdff Refactor OC\Server::getHasher 
Signed-off-by: Andrew Summers <18727110+summersab@users.noreply.github.com>
 2024-03-15 13:04:27 +01:00
Julius Härtl
02d6d3f5b1
fix: Add edge as supported user agent for CSPv3 nonces 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2024-03-08 12:11:46 +01:00
Joas Schilling
33e1c8b236
fix(security): Handle idn_to_utf8 returning false 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-12-04 10:38:46 +01:00
Joas Schilling
aa5f037af7
chore: apply changes from Nextcloud coding standards 1.1.1 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2023-11-23 10:36:13 +01:00
Ferdinand Thiessen
7df9eb3351 feat(ContentSecurityPolicy): Allow to set strict-dynamic on script-src-elem only 
This adds the possibility to set `strict-dynamic` on `script-src-elem` only while keep the default rules for `script-src`.
The idea is to allow loading module js which imports other files and thus does not allow nonces on import but on the initial script tag.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2023-11-17 11:12:57 +01:00
Benjamin Gaussorgues
f04035caa0
Simplify IP address normalizer with IP masks 
Remove dead code

Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2023-11-08 11:55:07 +01:00
Faraz Samapoor
f313ca92e7 Refactors lib/private/Security. 
Mainly using PHP8's constructor property promotion.

Signed-off-by: Faraz Samapoor <fsa@adlas.at>
 2023-09-27 09:03:15 +03:30
Robin Appelman
6b767e060a
Merge pull request #39013 from fsamapoor/refactor_lib_private_security_part3 
[3/3] Refactors lib/private/Security
 2023-09-22 11:13:44 +02:00
Faraz Samapoor
1c023e6666 Update lib/private/Security/Certificate.php 
Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>
 2023-09-21 11:20:12 +03:30