mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
56,538 Commits 349 Branches 696 Tags 1.6 GiB
Commit Graph

128 Commits

Author SHA1 Message Date
Roeland Jago Douma 86de5d9265 Explicitly check hex2bin input 
For #23197

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2021-04-22 14:01:25 +02:00
Lukas Reschke 61545e7a89 Increase subnet matcher 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2021-04-12 10:36:26 +00:00
Julius Härtl 934f8a17f9
Avoid checking for brute force protection capabilities when upgrading 
This might happen a releases that doesn't have this table yet

Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2020-12-14 11:12:50 +01:00
Joas Schilling f3c183b6c3
Replace the credentials table with one that can have empty user 
Primary key columns on Oracle can not have empty strings

Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-11-12 12:57:52 +01:00
Joas Schilling a66591ee79
Fix comparing the empty string for global credentials 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-11-12 12:57:51 +01:00
Joas Schilling 19816fe85f Don't leave cursors open when tests fail 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-11-10 14:18:02 +00:00
Morris Jobke 99c9423766
Remove @suppress SqlInjectionChecker 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-09-16 15:53:56 +02:00
Joas Schilling c25063dc07
Don't break when the IP is empty 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-09-10 14:20:27 +02:00
Christoph Wurst 2a054e6c04
Update the license headers for Nextcloud 20 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-08-24 14:54:25 +02:00
Joas Schilling 35a8519591
Fix CS 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-08-19 11:20:36 +02:00
Joas Schilling 770381c0c6
Correctly return ms delay when at max 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-08-19 11:20:36 +02:00
Joas Schilling 931aca2fee
Add missing default 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-08-19 11:20:36 +02:00
Joas Schilling d9c4c9eb99
Simplify array filter 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-08-19 11:20:36 +02:00
Joas Schilling dfeee3b850
Fix wrong doc + type hint 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-08-19 11:20:36 +02:00
Joas Schilling 8376c4891f
Only throw when also the last 30 mins were attacking 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-08-19 11:20:36 +02:00
Joas Schilling 6f751d01db
Make the throttling O(2^n) instead of O(n^n) 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-08-19 11:20:36 +02:00
Joas Schilling 64539a6ee1
Make Throttler strict 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-08-19 11:20:36 +02:00
Joas Schilling c8fea66d65
Split delay calculation from getting the attempts 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-08-19 11:20:35 +02:00
Joas Schilling cdb36c8ead
Let the database count the entries 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-08-19 11:20:35 +02:00
Joas Schilling e66bc4a8a7
Send "429 Too Many Requests" in case of brute force protection 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2020-08-19 11:20:35 +02:00
Morris Jobke c0be7e329f
Prefer typed event over string based ones 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-08-10 15:22:55 +02:00
Morris Jobke e57bca31ad
Merge pull request #20005 from joeried/occ-remove-bruteforce-attempts-by-ip 
Implement occ command to reset bruteforce attemps from a given IP address
 2020-05-25 14:04:18 +02:00
Morris Jobke bd997a105c
Fix code style 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-05-25 14:03:21 +02:00
Roeland Jago Douma 35ff4aa1c6
Use random_bytes 
Since we don't care if it is human readbale.
The code is backwards compatible with the old format.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-05-11 12:46:59 +02:00
MichaIng 229570badf
Apply Argon2 options for Argon2id hashing as well 
Signed-off-by: MichaIng <micha@dietpi.com>
 2020-05-01 11:42:13 +02:00
MichaIng ad60619655
Fix Argon2 options checks 
The minimum for memory cost is 8 KiB per thread. Threads must be checked and set first to allow checking against the correct memory cost mimimum.
Options are now applied the following way:
- If config.php contains the setting with an integer higher or equal to the minimum, it is applied.
- If config.php contains the setting with an integer lower than the minimum, the minimum is applied.
- If config.php does not contain the setting or with no integer value, the PHP default is applied.

Signed-off-by: MichaIng <micha@dietpi.com>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-04-30 10:18:46 +02:00
Christoph Wurst cb057829f7
Update license headers for 19 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-29 11:57:22 +02:00
Arthur Schiwon 5437844b7e
fix credentialsManager documentation and ensure userId to be used as string 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2020-04-15 19:34:23 +02:00
Christoph Wurst 28f8eb5dba
Add visibility to all constants 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-10 16:54:27 +02:00
Christoph Wurst caff1023ea
Format control structures, classes, methods and function 
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.

This also removes and empty lines from method/function bodies at the
beginning and end.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-10 14:19:56 +02:00
Christoph Wurst 14c996d982
Use elseif instead of else if 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-10 10:35:09 +02:00
Christoph Wurst afbd9c4e6e
Unify function spacing to PSR2 recommendation 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-09 13:54:22 +02:00
Christoph Wurst 41b5e5923a
Use exactly one empty line after the namespace declaration 
For PSR2

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-09 11:48:10 +02:00
Christoph Wurst 2fbad1ed72
Fix (array) indent style to always use one tab 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-09 10:16:08 +02:00
Christoph Wurst 1a9330cd69
Update the license headers for Nextcloud 19 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-03-31 14:52:54 +02:00
Christoph Wurst b80ebc9674
Use the short array syntax, everywhere 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-03-26 16:34:56 +01:00
Johannes Riedel 0c38569c83 Implement occ command security:bruteforceattemps:reset-for-ip 
Signed-off-by: Johannes Riedel <joeried@users.noreply.github.com>
 2020-03-19 16:20:22 +01:00
Pavel Krasikov f11dee9bc4 fix safari useragent for versions with 3 digits 
Signed-off-by: Pavel Krasikov <klonishe@gmail.com>
 2020-03-14 16:47:28 +03:00
Roeland Jago Douma 12e1c469cf
Add Argon2id support 
When available we should use argon2id for hashing.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-02-07 07:52:33 +01:00
Roeland Jago Douma 0d651f106c
Allow selecting the hashing algorithm 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-02-03 21:41:17 +01:00
Arthur Schiwon f92ba2cebe
ignore values that undershoot the minimum, go with default 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2020-01-22 16:04:57 +01:00
blizzz 56c3ba6ac7
use getSystemValueInt 
Co-Authored-By: kesselb <mail@danielkesselberg.de>

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2020-01-21 09:04:53 +01:00
Arthur Schiwon 171bb98229
expose Argon2 options (as we did for bcrypt) 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2020-01-20 18:21:50 +01:00
Christoph Wurst 1b46621cd3
Update license headers for 18 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2019-12-20 09:23:25 +01:00
Konrad Bucheli f2d3e34c96 handle IPv6 addresses with an explict incoming interface at the end (e.g fe80::ae2d:d1e7:fe1e:9a8d%enp2s0) 
Signed-off-by: Konrad Bucheli <konrad.bucheli@gmx.ch>
Signed-off-by: Konrad Bucheli <kb@open.ch>
 2019-12-10 22:47:20 +01:00
Julius Härtl d05f131929
Move overwritehost check to isTrustedDomain 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2019-12-07 09:53:06 +01:00
Christoph Wurst 5bf3d1bb38
Update license headers 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2019-12-05 15:38:45 +01:00
Roeland Jago Douma 68748d4f85
Some php-cs fixes 
* Order the imports
* No leading slash on imports
* Empty line before namespace
* One line per import
* Empty after imports
* Emmpty line at bottom of file

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-11-22 20:52:10 +01:00
Johannes Koenig 2df8d646c1 make TrustedDomainHelper case insensitive 
Signed-off-by: Johannes Koenig <mail@jokoenig.de>
 2019-10-06 20:43:55 +02:00
Roeland Jago Douma 2b98eea129
Harden identifyproof openssl code 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-09-14 13:52:10 +02:00