upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-02-12 07:14:44 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 11
nextcloud/tests/lib/AppFramework/Middleware/Security
History
Arthur Schiwon f0494ec17a fix(Session): avoid password confirmation on SSO 
SSO backends like SAML and OIDC tried a trick to suppress password
confirmations as they are not possible by design. At least for SAML it was
not reliable when existing user backends where used as user repositories.

Now we are setting a special scope with the token, and also make sure that
the scope is taken over when tokens are regenerated.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2024-06-11 20:19:18 +02:00
..
Mock fix(Session): avoid password confirmation on SSO 2024-06-11 20:19:18 +02:00
BruteForceMiddlewareTest.php techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25 2023-08-28 15:50:45 +02:00
CORSMiddlewareTest.php techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25 2023-08-28 15:50:45 +02:00
CSPMiddlewareTest.php composer run cs:fix 2023-01-20 11:45:08 +01:00
FeaturePolicyMiddlewareTest.php composer run cs:fix 2023-01-20 11:45:08 +01:00
PasswordConfirmationMiddlewareTest.php fix(Session): avoid password confirmation on SSO 2024-06-11 20:19:18 +02:00
RateLimitingMiddlewareTest.php fix: add check for app_api_system session flag to bypass rate limit 2024-03-18 20:09:15 +02:00
SameSiteCookieMiddlewareTest.php composer run cs:fix 2023-01-20 11:45:08 +01:00
SecurityMiddlewareTest.php feat(security): Add PHP \Attribute for remaining security annotations 2023-04-25 14:50:32 +02:00