Commit graph

69 commits

Author SHA1 Message Date
Roeland Jago Douma
372f3d2a60
Remove deprecated functions from SecureRandom
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-12-07 19:33:32 +01:00
Roeland Jago Douma
be5c050acc
Throw exception if decryption fails
For #11868

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-14 12:47:35 +01:00
Morris Jobke
39338aaa67
Merge pull request #11914 from nextcloud/csp/report-uri
Add report-uri to CSP
2018-10-23 16:42:24 +02:00
Roeland Jago Douma
0fdc65a15c
Add nonce for Safari 12+
As far as I can tell this should work now.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-21 20:48:12 +02:00
Roeland Jago Douma
579822b6a5
Add report-uri to CSP
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-21 13:38:32 +02:00
Roeland Jago Douma
8354c50911
Deprecate the childSrc functions
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-09-04 07:35:44 +02:00
Roeland Jago Douma
c8fe4b4fc8
Add workerSrc to CSP
Fixes #11035

Since the child-src directive is deprecated (we should kill it at some
point) we need to have the proper worker-src available

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-09-04 07:35:44 +02:00
Mark Berezovsky
ad66c6bf08 Fix #9864: Decrease $maxDelay in Throttler.php
Signed-off-by: Mark Berezovsky <xpnf@yandex.ru>
2018-06-15 04:58:08 +03:00
Roeland Jago Douma
84316aec66
Add ARGON2I support to the hasher
When on php7.2 we can use the new and improved ARGON2I hashing.
This adds support for that to the hasher. When verifying an old hash
we'll update rehash to move all hashes eventually to the new hash
function.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-04-04 15:43:50 +02:00
Roeland Jago Douma
d8332d43f8
Make \OC\Security\IdentityProof strict
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-03-05 19:33:16 +01:00
Roeland Jago Douma
5457373407
Merge pull request #8659 from nextcloud/csrf_token_strict
Make \OC\Security\CSRF strict
2018-03-05 19:28:10 +01:00
Roeland Jago Douma
4ed9b74a6b
Make OC\Security\CSP strict
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-03-05 15:27:05 +01:00
Roeland Jago Douma
2c8402aa17
Make \OC\Security\CSRF strict
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-03-05 15:01:02 +01:00
Morris Jobke
0a56d2185e
Return value immediately instead of assigning to a one-time variable
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-26 00:02:03 +01:00
Roeland Jago Douma
0e0db37658
Make OCP\Security stricter
* Add typehints
* Add return types
* Opcode opts from phpstorm
* Made strict
* Fixed tests: No need to test bogus values anymore strict typing fixes
this

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-16 22:01:19 +01:00
Morris Jobke
c0c4263546
Merge pull request #7850 from nextcloud/strict_ipaddress
Make IPAddress typed and strict
2018-01-14 21:16:06 +01:00
Roeland Jago Douma
bb2938a47d
Make IPAddress typed and strict
* Added scalar typehints
* Added return statements
* Added strict declaration

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-14 21:15:44 +01:00
Morris Jobke
2ed4bea18f
Merge pull request #7852 from nextcloud/strict_ratelimiting
Make OC\Security\RateLimiting strict
2018-01-14 21:08:45 +01:00
Roeland Jago Douma
cf0a339997
Make OC\Security\RateLimiting strict
* Add return types
* Add scalar argument types
* Made strict
* Cleaned up phpstorm inspections

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-14 21:08:23 +01:00
Roeland Jago Douma
6e1ee1e7a7
Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-14 21:04:52 +01:00
Roeland Jago Douma
de5d7aa331
Strict ISecure random
* Declare strict
* Scalar arguments
* Return type
* Use fully qualified name for strlen

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-13 21:39:34 +01:00
Morris Jobke
ca28df6fcc
Adds type hinting for scalar types in ICrypto->decrypt
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-13 00:06:03 +01:00
Morris Jobke
d2d73f1ce8
Also replace all other occurences
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-12-18 20:57:11 +01:00
Morris Jobke
5a270c2715
Reset bruteforce attempt table on successful login
* only clear the entries that come from the same subnet, same action and same metadata

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-24 14:58:57 +01:00
Morris Jobke
0eebff152a
Update license headers
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 16:56:19 +01:00
Thomas Citharel
ecf347bd1a Add CSP frame-ancestors support
Didn't set the @since annotation yet.

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2017-09-15 15:23:10 +02:00
Bjoern Schiessle
bae5be3dc1
add prefix to user and system keys to avoid name collisions
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-08-10 14:27:35 +02:00
Bjoern Schiessle
9524badccc
extend the identity proof manager to allow system wide key pairs
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-08-10 14:27:35 +02:00
Lukas Reschke
6fb84ebb71
null is a valid parameter
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-01 08:20:16 +02:00
Lukas Reschke
dfd8125aeb
Replace wrong PHPDocs
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-01 08:20:16 +02:00
Roeland Jago Douma
5f227bd93b
More phpstorm inspection fixes
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-07-24 11:39:29 +02:00
Lukas Reschke
3d2600b039
Add Phan plugin to check for SQL injections
This adds a phan plugin which checks for SQL injections on code using our QueryBuilder, while it isn't perfect it should already catch most potential issues.

As always, static analysis will sometimes have false positives and this is also here the case. So in some cases the analyzer just doesn't know if something is potential user input or not, thus I had to add some `@suppress SqlInjectionChecker` in front of those potential injections.

The Phan plugin hasn't the most awesome code but it works and I also added a file with test cases.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-20 22:48:13 +02:00
Roeland Jago Douma
6a1f2ac076
Add bruteforce capabilities
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-07-13 11:23:08 +02:00
Roeland Jago Douma
04f2090698
Write cert bundle to tmp file first
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-07-12 19:24:20 +02:00
Joas Schilling
ca39940614
Automatic creation of Identity manager
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-05-10 09:45:11 +02:00
Roeland Jago Douma
5a61a794d4
Do not write and read rootcerts.crt at the same time
(Possibly) fixes #3470

When updating the main file /files_external/rootcerts.crt we should not
read from /files_external/rootcerts.crt at the same time.

For 2 reasons: writing to a file and reading from it at the same time
can have non deterministic results

And we don't want all the certificates to appear 2 times in there.

This isn't caught by our standard file locking (that does not allow this
actually) because it is in a non locked path....

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-05-09 13:00:07 +02:00
Lukas Reschke
a5ccb31e85
Mark IP as whitelisted if brute force protection is disabled
Currently, when disabling the brute force protection no new brute force attempts are logged. However, the ones logged within the last 24 hours will still be used for throttling.

This is quite an unexpected behaviour and caused some support issues. With this change when the brute force protection is disabled also the existing attempts within the last 24 hours will be disregarded.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-01 18:31:45 +02:00
Morris Jobke
c54a59d51e
Remove unused use statements
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-22 19:23:31 -05:00
Lukas Reschke
e39e6d0605
Remove expired attempts
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 12:00:18 +02:00
Lukas Reschke
66835476b5
Add support for ratelimiting via annotations
This allows adding rate limiting via annotations to controllers, as one example:

```
@UserRateThrottle(limit=5, period=100)
@AnonRateThrottle(limit=1, period=100)
```

Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 12:00:16 +02:00
Roeland Jago Douma
be674c19a5
Respect bruteforce settings in the Throttler
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-04-02 21:13:50 +02:00
Bjoern Schiessle
df296249d6
introduce brute force protection for api calls
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-01-18 15:25:15 +01:00
Robin Appelman
817e974c5f
dont write a certificate bundle if the shipped ca bundle is empty
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-01-09 16:51:27 +01:00
Lukas Reschke
7d221ff8f4
Safari CSPv3 support is sub-par
With 10.0.1 CSPv3 is broken in Safari if it doesn't run from a local IP. Awesome.

=> Let's remove this for Safari and keep chrome and Firefox in the whitelist.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-12-14 13:17:20 +01:00
Roeland Jago Douma
72f9920a58
Add Identityproof tests
* Add tests for Key
* Add tests for Manager
* Add tests for Signer
* Removed URLGenerator from Signer

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-24 21:50:19 +01:00
Lukas Reschke
fb91bf6a5b
Add a signer class for signing
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-21 11:30:00 +01:00
Lukas Reschke
6f4cb12be2
Add identity proof
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-21 11:30:00 +01:00
Lukas Reschke
53c8391e96
Add private
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-21 11:30:00 +01:00
Joas Schilling
2cd92d0abb
Fix missing update of session, when it was already used.
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-02 20:30:36 +01:00
Leon Klingele
e5d78a3523
Fix CSRF token generation / validation
Operate on raw bytes instead of base64-encoded strings.
Issue was introduced in a977465

Signed-off-by: Leon Klingele <git@leonklingele.de>
2016-11-02 10:38:05 +01:00