nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Joas Schilling	0828df5ed4	Disable the API endpoints as well Signed-off-by: Joas Schilling <coding@schilljs.com>	8 years ago
Morris Jobke	c54a59d51e	Remove unused use statements Signed-off-by: Morris Jobke <hey@morrisjobke.de>	8 years ago
Lukas Reschke	d0d34d308a	Add at most 10 password reset requests per 5 minutes and IP range Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	8 years ago
Morris Jobke	16c4755e03	Rename renderHTML to renderHtml * fixes #4383 * improves consistency Signed-off-by: Morris Jobke <hey@morrisjobke.de>	8 years ago
Lukas Reschke	727688ebd9	Adjust existing bruteforce protection code - Moves code to annotation - Adds the `throttle()` call on the responses on existing annotations Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	8 years ago
Lukas Reschke	66835476b5	Add support for ratelimiting via annotations This allows adding rate limiting via annotations to controllers, as one example: ``` @UserRateThrottle(limit=5, period=100) @AnonRateThrottle(limit=1, period=100) ``` Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	8 years ago
Morris Jobke	1f962f9115	Update email template for lost password email Signed-off-by: Morris Jobke <hey@morrisjobke.de>	8 years ago
Morris Jobke	5b4adf66e5	Move OC_Defaults to OCP\Defaults * currently there are two ways to access default values: OCP\Defaults or OC_Defaults (which is extended by OCA\Theming\ThemingDefaults) * our code used a mixture of both of them, which made it hard to work on theme values * this extended the public interface with the missing methods and uses them everywhere to only rely on the public interface Signed-off-by: Morris Jobke <hey@morrisjobke.de>	8 years ago
Joas Schilling	4bae7ef96d	Allow to reset the password with the email as an input Signed-off-by: Joas Schilling <coding@schilljs.com>	8 years ago
Bjoern Schiessle	927d3865a0	add brute force protection to password reset to make it harder to guess user logins Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	8 years ago
Bjoern Schiessle	fcda3a20f4	create new encryption keys on password reset and backup the old one Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	8 years ago
Bjoern Schiessle	16bbd3fd7c	fix password reset if encryption is enabled Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	8 years ago
Lukas Reschke	6d686c213b	[WIP] Use mail for encrypting the password reset token as well	9 years ago
Joas Schilling	877cb06bfe	Use magic DI for core controllers Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Roeland Jago Douma	f6423f74e3	Minor cleanup in core Controllers	9 years ago
Joas Schilling	736e884e9a	Move the reset token to core app	9 years ago
Joas Schilling	ba87db3fcc	Fix others	9 years ago
Joas Schilling	2c988ecbf4	Use the themed Defaults everywhere	9 years ago
Lukas Reschke	aba539703c	Update license headers	9 years ago
Julius Haertl	8ee2cb47d0	Show error messages if a password reset link is invalid or expired - Moved token validation to method checkPasswordResetToken - Render error with message from exceptions	9 years ago
Lukas Reschke	a4b19a5b1e	Rename files to be PSR-4 compliant	9 years ago
Morris Jobke	d6a63016ae	move lost controller to core/controller * lostpassword.css is unneeded since #11696 is merged - `1b50d4f7ce` * js is already in core/js * css is moved to core/css/lostpassword * template is moved to core/templates/lostpassword	9 years ago
Thomas Müller	682821c71e	Happy new year!	9 years ago
Roeland Jago Douma	876fb83ddc	getMediumStrengthGenerator is deprecated and does not do anything anymore	9 years ago
Thomas Müller	eebe2b9c23	User IUser::getEMailAddress() all over the place	10 years ago
Lukas Reschke	db4cb1dd4d	Expire token after 12h and if user logged-in again As an hardening measure we should expire password reset tokens after 12h and if the user has logged-in again successfully after the token was requested.	10 years ago
Jenkins for ownCloud	b585d87d9d	Update license headers	10 years ago
Lukas Reschke	283476a2f7	Use new IMailer and add unit-tests for lostcontroller	10 years ago
Lukas Reschke	13486a5ada	Migrate to SwiftMail Replaces the OC_Mail and phpmailer with SwiftMail allowing us to mock it properly. Fixes the unit test execution on master on local machines and https://github.com/owncloud/core/issues/12014 Conflicts: 3rdparty lib/private/server.php lib/public/iservercontainer.php tests/lib/mail.php tests/settings/controller/mailsettingscontrollertest.php Conflicts: 3rdparty lib/private/mail.php lib/private/server.php lib/public/iservercontainer.php settings/ajax/lostpassword.php settings/application.php	10 years ago
Morris Jobke	06aef4e8b1	Revert "Updating license headers" This reverts commit `6a1a4880f0`.	10 years ago
Jenkins for ownCloud	6a1a4880f0	Updating license headers	10 years ago
Lukas Reschke	ba29ea178f	Add unit tests for empty token	10 years ago
Lukas Reschke	35afb0d22e	Default to `null` for lostpassword We oC 8 we use the `StringUtils::equals` method which will also verify the type, since we don't anylonger hash the token twice this is required in case somebody is able to invoke this route with an empty `$token`.	10 years ago
Bjoern Schiessle	11ab457b72	add password as parameter to the signal so that the encryption can create a new key-pair	11 years ago
Lukas Reschke	357465eac9	Add "postPasswordReset" hook	11 years ago
Lukas Reschke	767b08c669	Use correct route instead THX @schiesbn (I should setup a mail server on my local system...)	11 years ago
Lukas Reschke	57b5c82eb7	Remove uneeded import	11 years ago
Lukas Reschke	1b50d4f7ce	Warn for password reset when files_encryption is enabled This patch wil warn the user of the consequences when resetting the password and requires checking a checkbox (as we had in the past) to reset a password. Furthermore I updated the code to use our new classes and added some unit tests for it 👯 Fixes https://github.com/owncloud/core/issues/11438	11 years ago
Thomas Müller	a8b6cc6a07	- adding default value for $recoveryPassword - set password correctly in lost password	11 years ago
Morris Jobke	dda5e6c85b	add proper Exception message for invalid token	11 years ago
Morris Jobke	1cb7239cb7	use array_merge for merging arrays in PHP	11 years ago
Morris Jobke	ed8b7fc101	complete renaming uid to userId	11 years ago
Morris Jobke	a53cfcb9d1	Migrate ´ to '	11 years ago
Morris Jobke	d0b71dffca	reformat method call and fix paranthesis mismatch	11 years ago
Bernhard Posselt	2b2b1b487c	more style fixes	11 years ago
Bernhard Posselt	a6e45a8d0e	use more stuff from core :)	11 years ago
Victor Dubiniuk	e026b1dc19	Add missing use	11 years ago
Victor Dubiniuk	59ff71f781	Fix check for user existence	11 years ago
Victor Dubiniuk	47c6fd0c85	Remove debug output	11 years ago
Victor Dubiniuk	4b359ad20c	Change routes. Update templates	11 years ago

23 Commits (0828df5ed4d8488570821b07baaaa7449be3ba64)