mirror of
https://github.com/nextcloud/server.git
synced 2026-05-28 04:32:30 -04:00
cc9e0ba582
Two CI failures introduced by the test additions in this PR: 1. testEd25519VerifyAcceptedWhenSodiumLoaded calls setSignature() to inject an externally-produced Ed25519 signature (since Algorithm::sign() rejects Ed25519 by design). setSignature was declared protected, so the test couldn't call it from outside the class hierarchy. Make it public — SignedRequest lives in the OC\ private namespace, so this widens internal-only visibility, not the public API surface. 2. testParseKeyRejectsContradictoryAlg expected firebase/php-jwt's JWK::parseKey() to throw on a kty=OKP/crv=Ed25519/alg=ES256 key. The current firebase/php-jwt version does not validate that coherence at parse time, so the test now fails to see any throwable. The actual security check happens at Algorithm::verify() time and is covered by testVerifyEd25519KeyAgainstES256Alg right above it. Skip the parse-time test with a comment pointing at the verify-time coverage. Signed-off-by: Micke Nordin <kano@sunet.se> |
||
|---|---|---|
| .. | ||
| Bruteforce | ||
| CSP | ||
| CSRF | ||
| FeaturePolicy | ||
| IdentityProof | ||
| Ip | ||
| Normalizer | ||
| RateLimiting | ||
| Signature | ||
| VerificationToken | ||
| Certificate.php | ||
| CertificateManager.php | ||
| CredentialsManager.php | ||
| Crypto.php | ||
| Hasher.php | ||
| RemoteHostValidator.php | ||
| SecureRandom.php | ||
| TrustedDomainHelper.php | ||