forms icon indicating copy to clipboard operation
forms copied to clipboard

Published 20 hours ago verified publisher icon nextcloud

fix: Add brute force protection to form endpoints

Open susnux opened this issue 1 year ago • 2 comments

Endpoints that query for forms are now protected against brute force attacks to find valid forms, invalid hashes or IDs.

susnux avatar Aug 07 '24 09:08 susnux

Codecov Report

Attention: Patch coverage is 46.00000% with 27 lines in your changes missing coverage. Please review.

Project coverage is 43.40%. Comparing base (6ee4774) to head (4203396). Report is 16 commits behind head on main.

Additional details and impacted files 
@@             Coverage Diff              @@
##               main    #2269      +/-   ##
============================================
- Coverage     43.40%   43.40%   -0.01%     
- Complexity      881      882       +1     
============================================
  Files            75       77       +2     
  Lines          3361     3359       -2     
============================================
- Hits           1459     1458       -1     
+ Misses         1902     1901       -1

codecov[bot] avatar Aug 07 '24 09:08 codecov[bot]

Could you perhaps base this on my api PR?

Chartman123 avatar Aug 07 '24 09:08 Chartman123

@susnux thanks to @provokateurin we could finally merge the OpenAPI PR, so I think that you can now go on with this PR and base it on the current main

Chartman123 avatar Jan 13 '25 13:01 Chartman123

@Chartman123 rebased and adjusted to the new controller

susnux avatar Jan 17 '25 16:01 susnux

Should we add the brute force protection to the page controller for public share hashes too?

Chartman123 avatar Jan 17 '25 22:01 Chartman123