nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Morris Jobke	16c4755e03	Rename renderHTML to renderHtml * fixes #4383 * improves consistency Signed-off-by: Morris Jobke <hey@morrisjobke.de>	9 years ago
Lukas Reschke	805419bb95	Add bruteforce protection to changePersonalPassword While the risk is actually quite low because one would already have the user session and could potentially do other havoc it makes sense to throttle here in case of invalid previous password attempts. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Lukas Reschke	727688ebd9	Adjust existing bruteforce protection code - Moves code to annotation - Adds the `throttle()` call on the responses on existing annotations Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Lukas Reschke	8149945a91	Make BruteForceProtection annotation more clever This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware. Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Morris Jobke	1f962f9115	Update email template for lost password email Signed-off-by: Morris Jobke <hey@morrisjobke.de>	9 years ago
Morris Jobke	5b4adf66e5	Move OC_Defaults to OCP\Defaults * currently there are two ways to access default values: OCP\Defaults or OC_Defaults (which is extended by OCA\Theming\ThemingDefaults) * our code used a mixture of both of them, which made it hard to work on theme values * this extended the public interface with the missing methods and uses them everywhere to only rely on the public interface Signed-off-by: Morris Jobke <hey@morrisjobke.de>	9 years ago
Joas Schilling	7ad791efb4	Dont create a log entry on email login Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Arthur Schiwon	7b3fdfeeaa	do login routine only once when done via LoginController Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	9 years ago
Arthur Schiwon	2994cbc586	fix login controller tests Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	9 years ago
Morris Jobke	9813023aab	Fix gzip files for Safari * Safari support gzip only if the filename does not end on .gz - so this renames them to .gzip Signed-off-by: Morris Jobke <hey@morrisjobke.de>	9 years ago
Roeland Jago Douma	3a0ef65f33	Fix controller tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	9 years ago
Joas Schilling	4bae7ef96d	Allow to reset the password with the email as an input Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Roeland Jago Douma	677e11b1a4	Tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	9 years ago
Christoph Wurst	5e728d0eda	oc_token should be nc_token Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	9 years ago
Bjoern Schiessle	5086335643	unify endpoints form core and the the provisioning api Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	9 years ago
Christoph Wurst	140555b786	always allow remembered login Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	9 years ago
Christoph Wurst	243c9c0941	fix coding style and increase code coverage Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	9 years ago
Cornelius Kölbel	b8d41752ca	Fix tests Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Bjoern Schiessle	fcda3a20f4	create new encryption keys on password reset and backup the old one Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	9 years ago
Roeland Jago Douma	350b7ebc86	Adds CssControllerTests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	9 years ago
Roeland Jago Douma	31a3e9847f	Adds user controller tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	9 years ago
Christoph Wurst	eff904473d	Set redirect_url on 2FA challenge page Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	9 years ago
Bjoern Schiessle	16bbd3fd7c	fix password reset if encryption is enabled Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	9 years ago
Joas Schilling	924358ef96	Save the timezone on login again Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Lukas Reschke	8bf4111368	Fix changing display names for subadmins Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Roeland Jago Douma	74c68d8761	Add OCSControllerTests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	9 years ago
Roeland Jago Douma	dca9184a12	Fix tests * Tests fixed and controller coverage to 100% Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	9 years ago
Lukas Reschke	6d686c213b	[WIP] Use mail for encrypting the password reset token as well	9 years ago
Roeland Jago Douma	9e6b26dcd0	Add cache 1 day cache to preview endpoint Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	9 years ago
Roeland Jago Douma	55af6b45f7	More tests * PreviewController test * PublicPreview test * Versions Preview test * Trash Preview test Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	9 years ago
Christoph Wurst	d907666232	bring back remember-me * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	9 years ago
Joas Schilling	656e3f7a24	Check the mimetype before reading the content and catch exception Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Joas Schilling	ed30b1f645	Use our base class everywhere Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Morris Jobke	c84dc6aa1c	Properly catch password policy hint for personal page password changes Signed-off-by: Morris Jobke <hey@morrisjobke.de>	9 years ago
Joas Schilling	a1e4b17ff4	Remove unused endpoint Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Joas Schilling	877cb06bfe	Use magic DI for core controllers Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Christoph Wurst	8acb734854	add 2fa backup codes app * add backup codes app unit tests * add integration tests for the backup codes app	9 years ago
Christoph Wurst	8e5c4c91fa	check same URL in unit tests	9 years ago
Christoph Wurst	0a0c7a9b92	redirect to default app after solving the 2FA challenge	9 years ago
Roeland Jago Douma	6a85882f61	Fix tests	9 years ago
Roeland Jago Douma	b1a090f357	AvatarController use proper JSONResponse * Do not rely on DataResponse magic. We want JSON so use JSON * Fix tests	9 years ago
Roeland Jago Douma	f6423f74e3	Minor cleanup in core Controllers	9 years ago
Christoph Wurst	291dd0bd31	redirect to 2fa provider if there's only one active for the user	9 years ago
Roeland Jago Douma	2f03853fb9	AvatarController cleanup * Use all DI components * Let the AppFramework resolve the AvatarController * Update unit tests * Unit tests no longer require DB	9 years ago
Joas Schilling	736e884e9a	Move the reset token to core app	10 years ago
Joas Schilling	139fb8de94	Remove "password reset token" after successful login	10 years ago
Roeland Jago Douma	789082e014	Add tests for ChangePasswordController	10 years ago
Roeland Jago Douma	87ac72d004	We have to mock the is_uploaded_file in the OC\Core\Controller namespace	10 years ago
Roeland Jago Douma	09f4ce4389	Fix mock call in AvatarControllerTest	10 years ago
Lukas Reschke	cf3cfca356	Use generated URL	10 years ago

1 2

82 Commits (1c2cdc9d3aeae0cb1f2f5d4fe3c19f4666affddf)