upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-28 04:32:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 25
nextcloud/lib/private/Security/Signature/Model
History
Micke Nordin cc9e0ba582 fix(http-sig): make setSignature public and skip third-party-dependent test 
Two CI failures introduced by the test additions in this PR:

1. testEd25519VerifyAcceptedWhenSodiumLoaded calls setSignature() to inject
   an externally-produced Ed25519 signature (since Algorithm::sign() rejects
   Ed25519 by design). setSignature was declared protected, so the test
   couldn't call it from outside the class hierarchy. Make it public —
   SignedRequest lives in the OC\ private namespace, so this widens
   internal-only visibility, not the public API surface.

2. testParseKeyRejectsContradictoryAlg expected firebase/php-jwt's
   JWK::parseKey() to throw on a kty=OKP/crv=Ed25519/alg=ES256 key. The
   current firebase/php-jwt version does not validate that coherence at
   parse time, so the test now fails to see any throwable. The actual
   security check happens at Algorithm::verify() time and is covered by
   testVerifyEd25519KeyAgainstES256Alg right above it. Skip the parse-time
   test with a comment pointing at the verify-time coverage.

Signed-off-by: Micke Nordin <kano@sunet.se>
2026-05-27 11:03:55 +02:00
..
IncomingSignedRequest.php chore: add missing Override attribute to OC 2026-04-28 21:29:27 +02:00
OutgoingSignedRequest.php chore: add missing Override attribute to OC 2026-04-28 21:29:27 +02:00
Rfc9421IncomingSignedRequest.php chore: Add review feedback 2026-05-27 11:03:55 +02:00
Rfc9421OutgoingSignedRequest.php fix: Make sodium optional 2026-05-27 11:03:55 +02:00
SignedRequest.php fix(http-sig): make setSignature public and skip third-party-dependent test 2026-05-27 11:03:55 +02:00