eb502c02ff
Bump nextcloud/coding-standard from 0.3.0 to 0.5.0
Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard ) from 0.3.0 to 0.5.0.
- [Release notes](https://github.com/nextcloud/coding-standard/releases )
- [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md )
- [Commits](https://github.com/nextcloud/coding-standard/compare/v0.3.0...v0.5.0 )
Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
5 years ago
24d436cb60
Remove unneeded casts that were found by Psalm
In preparation of the update of Psalm from 4.2.1 to 4.3.1+ (see https://github.com/nextcloud/server/pull/24521 )
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
5 years ago
d89a75be0b
Update all license headers for Nextcloud 21
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
5 years ago
f5501ca276
Avoid checking for brute force protection capabilities when upgrading
This might happen a releases that doesn't have this table yet
Signed-off-by: Julius Härtl <jus@bitgrid.net>
5 years ago
5b5aebbf66
Replace the credentials table with one that can have empty user
Primary key columns on Oracle can not have empty strings
Signed-off-by: Joas Schilling <coding@schilljs.com>
5 years ago
1aa9c9164d
Fix comparing the empty string for global credentials
Signed-off-by: Joas Schilling <coding@schilljs.com>
5 years ago
8027dcbc6f
Don't leave cursors open when tests fail
Signed-off-by: Joas Schilling <coding@schilljs.com>
5 years ago
54b9f639a6
Always return the default path if we can
Just check in the certifcate manager. So every part of the system that
request the certificatebundle gets the defaullt one (the 99% case) if we
can.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
5 years ago
dc479aae2d
Improve CertificateManager to not be user context dependent
* removes the ability for users to import their own certificates (for external storage)
* reliably returns the same certificate bundles system wide (and not depending on the user context and available sessions)
The user specific certificates were broken in some cases anyways, as they are only loaded if the specific user is logged in and thus causing unexpected behavior for background jobs and other non-user triggered code paths.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
5 years ago
648b60fa0e
Derive encryption key & MAC key from a single key.
Signed-off-by: lynn-stephenson <lynn.stephenson@protonmail.com>
5 years ago
8fae2beece
Limit throttler to 48 hours
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
5 years ago
6c1b542def
Add cleanup job for old brutefoce attempts
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
5 years ago
d9015a8c94
Format code to a single space around binary operators
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
5 years ago
99c9423766
Remove @suppress SqlInjectionChecker
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
5 years ago
c25063dc07
Don't break when the IP is empty
Signed-off-by: Joas Schilling <coding@schilljs.com>
5 years ago
2a054e6c04
Update the license headers for Nextcloud 20
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
5 years ago
35a8519591
Fix CS
Signed-off-by: Joas Schilling <coding@schilljs.com>
5 years ago
770381c0c6
Correctly return ms delay when at max
Signed-off-by: Joas Schilling <coding@schilljs.com>
5 years ago
931aca2fee
Add missing default
Signed-off-by: Joas Schilling <coding@schilljs.com>
6 years ago
d9c4c9eb99
Simplify array filter
Signed-off-by: Joas Schilling <coding@schilljs.com>
6 years ago
dfeee3b850
Fix wrong doc + type hint
Signed-off-by: Joas Schilling <coding@schilljs.com>
6 years ago
8376c4891f
Only throw when also the last 30 mins were attacking
Signed-off-by: Joas Schilling <coding@schilljs.com>
6 years ago
6f751d01db
Make the throttling O(2^n) instead of O(n^n)
Signed-off-by: Joas Schilling <coding@schilljs.com>
6 years ago
64539a6ee1
Make Throttler strict
Signed-off-by: Joas Schilling <coding@schilljs.com>
6 years ago
c8fea66d65
Split delay calculation from getting the attempts
Signed-off-by: Joas Schilling <coding@schilljs.com>
6 years ago
cdb36c8ead
Let the database count the entries
Signed-off-by: Joas Schilling <coding@schilljs.com>
6 years ago
e66bc4a8a7
Send "429 Too Many Requests" in case of brute force protection
Signed-off-by: Joas Schilling <coding@schilljs.com>
6 years ago
c0be7e329f
Prefer typed event over string based ones
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
5 years ago
bd997a105c
Fix code style
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
6 years ago
35ff4aa1c6
Use random_bytes
Since we don't care if it is human readbale.
The code is backwards compatible with the old format.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
6 years ago
229570badf
Apply Argon2 options for Argon2id hashing as well
Signed-off-by: MichaIng <micha@dietpi.com>
6 years ago
ad60619655
Fix Argon2 options checks
The minimum for memory cost is 8 KiB per thread. Threads must be checked and set first to allow checking against the correct memory cost mimimum.
Options are now applied the following way:
- If config.php contains the setting with an integer higher or equal to the minimum, it is applied.
- If config.php contains the setting with an integer lower than the minimum, the minimum is applied.
- If config.php does not contain the setting or with no integer value, the PHP default is applied.
Signed-off-by: MichaIng <micha@dietpi.com>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
6 years ago
cb057829f7
Update license headers for 19
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
5437844b7e
fix credentialsManager documentation and ensure userId to be used as string
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
6 years ago
28f8eb5dba
Add visibility to all constants
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
caff1023ea
Format control structures, classes, methods and function
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.
This also removes and empty lines from method/function bodies at the
beginning and end.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
14c996d982
Use elseif instead of else if
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
afbd9c4e6e
Unify function spacing to PSR2 recommendation
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
41b5e5923a
Use exactly one empty line after the namespace declaration
For PSR2
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
2fbad1ed72
Fix (array) indent style to always use one tab
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
1a9330cd69
Update the license headers for Nextcloud 19
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
b80ebc9674
Use the short array syntax, everywhere
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
0c38569c83
Implement occ command security:bruteforceattemps:reset-for-ip
Signed-off-by: Johannes Riedel <joeried@users.noreply.github.com>
6 years ago
f11dee9bc4
fix safari useragent for versions with 3 digits
Signed-off-by: Pavel Krasikov <klonishe@gmail.com>
6 years ago
12e1c469cf
Add Argon2id support
When available we should use argon2id for hashing.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
6 years ago
0d651f106c
Allow selecting the hashing algorithm
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
6 years ago
f92ba2cebe
ignore values that undershoot the minimum, go with default
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
6 years ago
56c3ba6ac7
use getSystemValueInt
Co-Authored-By: kesselb <mail@danielkesselberg.de>
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
6 years ago
171bb98229
expose Argon2 options (as we did for bcrypt)
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
6 years ago
1b46621cd3
Update license headers for 18
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
6 years ago
dependabot-preview[bot]
Morris Jobke
Christoph Wurst
Julius Härtl
Joas Schilling
Roeland Jago Douma
lynn-stephenson
MichaIng
Arthur Schiwon
Johannes Riedel
Pavel Krasikov