upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-13 18:50:47 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 7
nextcloud/tests/lib/AppFramework/Middleware/Security
History
Arthur Schiwon eea5e1cca2
fix(Session): avoid password confirmation on SSO 
SSO backends like SAML and OIDC tried a trick to suppress password
confirmations as they are not possible by design. At least for SAML it was
not reliable when existing user backends where used as user repositories.

Now we are setting a special scope with the token, and also make sure that
the scope is taken over when tokens are regenerated.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2024-06-12 19:35:37 +02:00
..
BruteForceMiddlewareTest.php fix(middleware): Also abort the request when reaching max delay in afterController 2023-05-15 16:24:12 +02:00
CORSMiddlewareTest.php fix(CORS): CORS should only be bypassed on PublicPage if not logged in to prevent CSRF attack vectors 2023-02-16 22:55:18 +01:00
CSPMiddlewareTest.php composer run cs:fix 2023-01-20 11:45:08 +01:00
FeaturePolicyMiddlewareTest.php composer run cs:fix 2023-01-20 11:45:08 +01:00
PasswordConfirmationMiddlewareTest.php fix(Session): avoid password confirmation on SSO 2024-06-12 19:35:37 +02:00
RateLimitingMiddlewareTest.php Restore old behaviour of sending flase for not found apps 2022-05-30 12:41:35 +02:00
SameSiteCookieMiddlewareTest.php composer run cs:fix 2023-01-20 11:45:08 +01:00
SecurityMiddlewareTest.php composer run cs:fix 2023-01-20 11:45:08 +01:00