nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Christoph Wurst	138deec333	chore: Make the LoginController strict Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	3 years ago
Joas Schilling	67ecd72972	Fix unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>	3 years ago
Arthur Schiwon	b3b6f2d581	fix Controller tests - added pageTitle in code was missing in expectations - fixed warnings of superflouos parameter - fixed wrong type of mock Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	4 years ago
Carl Schwan	b70c6a128f	Update core to PHP 7.4 standard - Typed properties - Port to LoggerInterface Signed-off-by: Carl Schwan <carl@carlschwan.eu>	4 years ago
Vitor Mattos	d613b32045	add check isFairUseOfFreePushService on login Signed-off-by: Vitor Mattos <vitor@php.rio>	4 years ago
Daniel Rudolf	e478db9161	Deprecate RedirectToDefaultAppResponse Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>	5 years ago
Daniel Rudolf	12059eb65b	Add IUrlGenerator::linkToDefaultPageUrl() Replaces the deprecated \OC_Util::getDefaultPageUrl() and makes this API public. Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>	5 years ago
Vincent Petry	95e03fba2d	Fix more controller tests in Core subdir Signed-off-by: Vincent Petry <vincent@nextcloud.com>	5 years ago
John Molakvoæ (skjnldsv)	6c49dc2d1f	Fix absolute redirect Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	6 years ago
Christoph Wurst	afbd9c4e6e	Unify function spacing to PSR2 recommendation Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	2fbad1ed72	Fix (array) indent style to always use one tab Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Roeland Jago Douma	53db05a1f6	Start with webauthn Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>	6 years ago
Christoph Wurst	2ee65f177e	Use the shorter phpunit syntax for mocked return values Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Daniel Kesselberg	9378a6b411	Send Clear-Site-Data expect for Chrome Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	6 years ago
Roeland Jago Douma	3a7cf40aaa	Mode to modern phpunit Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
Roeland Jago Douma	c007ca624f	Make phpunit8 compatible Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
Daniel Kesselberg	6235a66aac	Don't send executionContexts for Clear-Site-Data There are plans to remove executionContexts from the spec: https://github.com/w3c/webappsec-clear-site-data/issues/59 Firefox already removed it https://bugzilla.mozilla.org/show_bug.cgi?id=1548034 Chromium implementation is not finish: https://bugs.chromium.org/p/chromium/issues/detail?id=898503&q=clear-site-data&sort=-modified&colspec=ID%20Pri%20M%20Stars%20ReleaseBlock%20Component%20Status%20Owner%20Summary%20OS%20Modified Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	7 years ago
Christoph Wurst	64c4bb5bce	Vueify the login page Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	7 years ago
Christoph Wurst	170582d4f5	Add a login chain to reduce the complexity of LoginController::tryLogin Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	7 years ago
Roeland Jago Douma	e6333c8fe3	Honor remember_login_cookie_lifetime If the remember_login_cookie_lifetime is set to 0 this means we do not want to use remember me at all. In that case we should also not creatae a remember me cookie and should create a proper temp token. Further this specifies that is not 0 the remember me time should always be larger than the session timeout. Because else the behavior is not really defined. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	7 years ago
Rayn0r	82c2c10b25	adapted automated test for autocomplete changes Signed-off-by: Rayn0r <Andre.Weidemann@web.de>	7 years ago
Patrick Conrad	1806baaeaf	Remove cookies from Clear-Site-Data Header In `2f87fb6b45` this header was introduced. The referenced documentation says: > When delivered with a response from https://example.com/clear, the following header will cause cookies associated with the origin https://example.com to be cleared, as well as cookies on any origin in the same registered domain (e.g. https://www.example.com/ and https://more.subdomains.example.com/). This also applies if `https://nextcloud.example.com/` sends the `Clear-Site-Data: "cookies"` header. This is not the behavior we want at this point! So I removed the deletion of cookies from the header. This has no effect on the logout process as this header is supported only recently and the logout works in old browsers as well. Signed-off-by: Patrick Conrad <conrad@iza.org>	7 years ago
Christoph Wurst	c6e47e8a51	Fix login redirection if only one 2FA provider is active Fixes https://github.com/nextcloud/server/issues/10500. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	8 years ago
Michael Weimann	de7606dc68	Adds disabled user unit tests Signed-off-by: Michael Weimann <mail@michael-weimann.eu>	8 years ago
Christoph Wurst	13d93f5b25	Make 2FA providers stateful This adds persistence to the Nextcloud server 2FA logic so that the server knows which 2FA providers are enabled for a specific user at any time, even when the provider is not available. The `IStatefulProvider` interface was added as tagging interface for providers that are compatible with this new API. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	8 years ago
Roeland Jago Douma	2b7d4d5069	Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	b1d8084700	Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Julius Härtl	f5f6ed664d	Hide stay logged in checkbox when flow authentication is used Signed-off-by: Julius Härtl <jus@bitgrid.net>	8 years ago
Morris Jobke	0326c2c54f	Fix broken tests Signed-off-by: Morris Jobke <hey@morrisjobke.de>	8 years ago
Roeland Jago Douma	3bd104ef7c	Fix LoginController Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	9 years ago
Lukas Reschke	f22ab3e665	Add metadata to \OCP\AppFramework\Http\Response::throttle Fixes https://github.com/nextcloud/server/issues/5891 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Lukas Reschke	2f87fb6b45	Add Clear-Site-Data header This adds a Clear-Site-Data header to the logout response which will delete all relevant data in the caches which may contain potentially sensitive content. See https://w3c.github.io/webappsec-clear-site-data/#header for the definition of the types. Ref https://twitter.com/mikewest/status/877149667909406723 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Christoph Wurst	bb1d191f82	Fix remember redirect_url on failed login attempts Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	9 years ago
Lukas Reschke	8149945a91	Make BruteForceProtection annotation more clever This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware. Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Joas Schilling	7ad791efb4	Dont create a log entry on email login Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Arthur Schiwon	7b3fdfeeaa	do login routine only once when done via LoginController Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	9 years ago
Arthur Schiwon	2994cbc586	fix login controller tests Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	9 years ago
Christoph Wurst	5e728d0eda	oc_token should be nc_token Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	9 years ago
Christoph Wurst	140555b786	always allow remembered login Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	9 years ago
Joas Schilling	924358ef96	Save the timezone on login again Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Christoph Wurst	d907666232	bring back remember-me * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	9 years ago
Christoph Wurst	291dd0bd31	redirect to 2fa provider if there's only one active for the user	10 years ago
Joas Schilling	736e884e9a	Move the reset token to core app	10 years ago
Joas Schilling	139fb8de94	Remove "password reset token" after successful login	10 years ago
Lukas Reschke	cf3cfca356	Use generated URL	10 years ago
Lukas Reschke	75d135d8d4	Fix tests for LoginController	10 years ago
Lukas Reschke	65d1472005	Don't use create mock Not compatible with this PHPunit version	10 years ago
Lukas Reschke	72b5f9bfac	Use createMock instead of deprecated getMock	10 years ago
Lukas Reschke	9ca25e857c	Redirect users when already logged-in on login form	10 years ago
Lukas Reschke	c1589f163c	Mitigate race condition	10 years ago

1 2

56 Commits (138deec333b0dbfbc44968f2192e1bf2c27e4ee8)