nextcloud

Commit Graph

Author	SHA1	Message	Date
Arthur Schiwon	5437844b7e	fix credentialsManager documentation and ensure userId to be used as string Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2020-04-15 19:34:23 +02:00
Christoph Wurst	28f8eb5dba	Add visibility to all constants Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-10 16:54:27 +02:00
Christoph Wurst	caff1023ea	Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-10 14:19:56 +02:00
Christoph Wurst	14c996d982	Use elseif instead of else if Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-10 10:35:09 +02:00
Christoph Wurst	afbd9c4e6e	Unify function spacing to PSR2 recommendation Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-09 13:54:22 +02:00
Christoph Wurst	41b5e5923a	Use exactly one empty line after the namespace declaration For PSR2 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-09 11:48:10 +02:00
Christoph Wurst	2fbad1ed72	Fix (array) indent style to always use one tab Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-09 10:16:08 +02:00
Christoph Wurst	1a9330cd69	Update the license headers for Nextcloud 19 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-03-31 14:52:54 +02:00
Christoph Wurst	b80ebc9674	Use the short array syntax, everywhere Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-03-26 16:34:56 +01:00
Pavel Krasikov	f11dee9bc4	fix safari useragent for versions with 3 digits Signed-off-by: Pavel Krasikov <klonishe@gmail.com>	2020-03-14 16:47:28 +03:00
Roeland Jago Douma	12e1c469cf	Add Argon2id support When available we should use argon2id for hashing. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2020-02-07 07:52:33 +01:00
Roeland Jago Douma	0d651f106c	Allow selecting the hashing algorithm Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2020-02-03 21:41:17 +01:00
Arthur Schiwon	f92ba2cebe	ignore values that undershoot the minimum, go with default Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2020-01-22 16:04:57 +01:00
blizzz	56c3ba6ac7	use getSystemValueInt Co-Authored-By: kesselb <mail@danielkesselberg.de> Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2020-01-21 09:04:53 +01:00
Arthur Schiwon	171bb98229	expose Argon2 options (as we did for bcrypt) Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2020-01-20 18:21:50 +01:00
Christoph Wurst	1b46621cd3	Update license headers for 18 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2019-12-20 09:23:25 +01:00
Konrad Bucheli	f2d3e34c96	handle IPv6 addresses with an explict incoming interface at the end (e.g fe80::ae2d:d1e7:fe1e:9a8d%enp2s0) Signed-off-by: Konrad Bucheli <konrad.bucheli@gmx.ch> Signed-off-by: Konrad Bucheli <kb@open.ch>	2019-12-10 22:47:20 +01:00
Julius Härtl	d05f131929	Move overwritehost check to isTrustedDomain Signed-off-by: Julius Härtl <jus@bitgrid.net>	2019-12-07 09:53:06 +01:00
Christoph Wurst	5bf3d1bb38	Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2019-12-05 15:38:45 +01:00
Roeland Jago Douma	68748d4f85	Some php-cs fixes * Order the imports * No leading slash on imports * Empty line before namespace * One line per import * Empty after imports * Emmpty line at bottom of file Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-11-22 20:52:10 +01:00
Johannes Koenig	2df8d646c1	make TrustedDomainHelper case insensitive Signed-off-by: Johannes Koenig <mail@jokoenig.de>	2019-10-06 20:43:55 +02:00
Roeland Jago Douma	2b98eea129	Harden identifyproof openssl code Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-09-14 13:52:10 +02:00
Roeland Jago Douma	7927aebdeb	Fix report of phpstan in Limiter * unneeded arguments to constructor * added return types * let automatic DI do its work Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-08-19 19:38:43 +02:00
Roeland Jago Douma	b8c5008acf	Add feature policy header This adds the events and the classes to modify the feature policy. It also adds a default restricted feature policy. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-08-10 14:26:22 +02:00
Roeland Jago Douma	f94ee72507	Add form-action CSP element Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-07-31 15:16:10 +02:00
Roeland Jago Douma	417fbb5d60	setting unsafe-eval is deprecated This will be removed in a future version of Nextcloud. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-07-30 16:27:38 +02:00
Sam Bull	ea935f65fd	Add support for CSP_NONCE server variable Allow passing a nonce from the web server, allowing the possibility to enforce a strict CSP from the web server. Signed-off-by: Sam Bull <git@sambull.org> Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-07-18 12:16:29 +02:00
Roeland Jago Douma	5ac857bcdc	Add an event to edit the CSP This introduces and event that can be listend to when we actually use the CSP. This means that apps no longer have to always inject their CSP but only do so when it is required. Yay for being lazy. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-07-08 20:35:15 +02:00
Morris Jobke	d004164fcc	Merge pull request #13327 from nextcloud/allow-bracket-notation-for-remove-ipv6-address Allow bracket IPv6 address format inside IPAdress Normalizer	2019-03-06 10:34:02 +01:00
Roeland Jago Douma	f1ea56b502	Fix the thorrtler whitelist bitmask Before we actually didn't check each bit of the bitmask. Now we do. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-02-11 23:22:20 +01:00
Thomas Citharel	c9b588774b	Allow bracket IPv6 address format inside IPAdress Normalizer When run with php's build-in server (for instance on localhost:8080), IP provided through $this->server['REMOTE_ADDR'] is [::1], which is not an acceptable format for \inet_pton. This removes the brackets if there's any. Signed-off-by: Thomas Citharel <tcit@tcit.fr>	2019-01-03 10:03:46 +01:00
Roeland Jago Douma	372f3d2a60	Remove deprecated functions from SecureRandom Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-12-07 19:33:32 +01:00
Roeland Jago Douma	be5c050acc	Throw exception if decryption fails For #11868 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-11-14 12:47:35 +01:00
Morris Jobke	39338aaa67	Merge pull request #11914 from nextcloud/csp/report-uri Add report-uri to CSP	2018-10-23 16:42:24 +02:00
Roeland Jago Douma	0fdc65a15c	Add nonce for Safari 12+ As far as I can tell this should work now. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-10-21 20:48:12 +02:00
Roeland Jago Douma	579822b6a5	Add report-uri to CSP Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-10-21 13:38:32 +02:00
Roeland Jago Douma	8354c50911	Deprecate the childSrc functions Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-09-04 07:35:44 +02:00
Roeland Jago Douma	c8fe4b4fc8	Add workerSrc to CSP Fixes #11035 Since the child-src directive is deprecated (we should kill it at some point) we need to have the proper worker-src available Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-09-04 07:35:44 +02:00
Mark Berezovsky	ad66c6bf08	Fix #9864 : Decrease $maxDelay in Throttler.php Signed-off-by: Mark Berezovsky <xpnf@yandex.ru>	2018-06-15 04:58:08 +03:00
Roeland Jago Douma	84316aec66	Add ARGON2I support to the hasher When on php7.2 we can use the new and improved ARGON2I hashing. This adds support for that to the hasher. When verifying an old hash we'll update rehash to move all hashes eventually to the new hash function. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-04-04 15:43:50 +02:00
Roeland Jago Douma	d8332d43f8	Make \OC\Security\IdentityProof strict Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-03-05 19:33:16 +01:00
Roeland Jago Douma	5457373407	Merge pull request #8659 from nextcloud/csrf_token_strict Make \OC\Security\CSRF strict	2018-03-05 19:28:10 +01:00
Roeland Jago Douma	4ed9b74a6b	Make OC\Security\CSP strict Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-03-05 15:27:05 +01:00
Roeland Jago Douma	2c8402aa17	Make \OC\Security\CSRF strict Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-03-05 15:01:02 +01:00
Morris Jobke	0a56d2185e	Return value immediately instead of assigning to a one-time variable Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2018-01-26 00:02:03 +01:00
Roeland Jago Douma	0e0db37658	Make OCP\Security stricter * Add typehints * Add return types * Opcode opts from phpstorm * Made strict * Fixed tests: No need to test bogus values anymore strict typing fixes this Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-01-16 22:01:19 +01:00
Morris Jobke	c0c4263546	Merge pull request #7850 from nextcloud/strict_ipaddress Make IPAddress typed and strict	2018-01-14 21:16:06 +01:00
Roeland Jago Douma	bb2938a47d	Make IPAddress typed and strict * Added scalar typehints * Added return statements * Added strict declaration Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-01-14 21:15:44 +01:00
Morris Jobke	2ed4bea18f	Merge pull request #7852 from nextcloud/strict_ratelimiting Make OC\Security\RateLimiting strict	2018-01-14 21:08:45 +01:00
Roeland Jago Douma	cf0a339997	Make OC\Security\RateLimiting strict * Add return types * Add scalar argument types * Made strict * Cleaned up phpstorm inspections Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-01-14 21:08:23 +01:00

1 2

100 Commits