nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Christoph Wurst	b805908dca	update session token password on user password change	10 years ago
Christoph Wurst	56199eba37	fix unit test warning/errors	10 years ago
Christoph Wurst	9d74ff02a4	fix nitpick	10 years ago
Christoph Wurst	1889df5c7c	dont create a session token for clients, validate the app password instead	10 years ago
Christoph Wurst	0c0a216f42	store last check timestamp in token instead of session	10 years ago
Christoph Wurst	c4149c59c2	use token last_activity instead of session value	10 years ago
Christoph Wurst	82b50d126c	add PasswordLoginForbiddenException	10 years ago
Christoph Wurst	465807490d	create session token only for clients that support cookies	10 years ago
Christoph Wurst	331d88bcab	create session token on all APIs	10 years ago
Thomas Müller	f20c617154	Allow login by email address via webdav as well - fixes #24791	10 years ago
Christoph Wurst	46e26f6b49	catch sessionnotavailable exception if memory session is used	10 years ago
Christoph Wurst	ec929f07f2	When creating a session token, make sure it's the login password and not a device token	10 years ago
Christoph Wurst	c58d8159d7	Create session tokens for apache auth users	10 years ago
Lukas Reschke	aba539703c	Update license headers	10 years ago
Christoph Wurst	a922957f76	add default token auth config on install, upgrade and add it to sample config	10 years ago
Christoph Wurst	28ce7dd262	do not allow client password logins if token auth is enforced or 2FA is enabled	10 years ago
Christoph Wurst	ad10485cec	when generating browser/device token, save the login name for later password checks	10 years ago
Christoph Wurst	4128b853e5	login explicitly	10 years ago
Christoph Wurst	dfb4d426c2	Add two factor auth to core	10 years ago
Christoph Wurst	c20cdc2213	invalidate user session if the user is disabled	10 years ago
Christoph Wurst	11dc97da43	try token login first	10 years ago
Christoph Wurst	f824f3e5f3	don't allow token login for disabled users	10 years ago
Christoph Wurst	98b465a8b9	a single token provider suffices	10 years ago
Christoph Wurst	0486d750aa	use the UID for creating the session token, not the login name	10 years ago
Christoph Wurst	69dafd727d	delete the token in case an exception is thrown when decrypting the password	10 years ago
Christoph Wurst	46bdf6ea2b	fix PHPDoc and other minor issues	10 years ago
Christoph Wurst	a9b500c03b	catch possible SessionNotAvailableExceptions	10 years ago
Christoph Wurst	f0f8bdd495	PHPDoc and other minor fixes	10 years ago
Christoph Wurst	699289cd26	pass in $request on OCS api	10 years ago
Christoph Wurst	168ccf90a6	try apache auth too	10 years ago
Christoph Wurst	8cc5f6036f	Fix existing tests	10 years ago
Christoph Wurst	7aa16e1559	fix setup	10 years ago
Christoph Wurst	7e7d5a2ef2	Add fallback to allow user:token basic auth	10 years ago
Christoph Wurst	fdc2cd7554	Add token auth for OCS APIs	10 years ago
Christoph Wurst	8d48502187	Add index on 'last_activity' add token type column and delete only temporary tokens in the background job debounce token updates; fix wrong class import	10 years ago
Christoph Wurst	53636c73d6	Add controller to generate client tokens	10 years ago
Christoph Wurst	3ab922601a	Check if session token is valid and log user out if the check fails * Update last_activity timestamp of the session token * Check user backend credentials once in 5 minutes	10 years ago
Christoph Wurst	2fa5e0a24e	invalidate (delete) session token on logout add 'last_activity' column to session tokens and delete old ones via a background job	10 years ago
Christoph Wurst	d8cde414bd	token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token	10 years ago
Roeland Jago Douma	9504500e5f	Move \OC\User to PSR-4	10 years ago
Thomas Müller	9c9fec36dd	Add occ commands to enable and disable a user + a disabled user can no longer login - fixes #23838	10 years ago
Thomas Müller	682821c71e	Happy new year!	10 years ago
Roeland Jago Douma	876fb83ddc	getMediumStrengthGenerator is deprecated and does not do anything anymore	10 years ago
Lukas Reschke	fec41e7539	Move regeneration of session ID into session classes There were code paths that nowadays call ISession::login directly thus bypassing the desired regeneration of the session ID. This moves the session regeneration deeper into the session handling and thus ensures that it is always called. Furthermore, I also added the session regeneration to the remember me cookie plus added some test case expectations for this.	10 years ago
Morris Jobke	c60c793cf2	More cleanups of OC_Config usage	10 years ago
Lukas Reschke	3d2ee95f1e	Remove last occurence of `forcessl` This shoudl have been adjusted as well, now it's consistent with `setMagicInCookie`. While it does not have a security impact directly some automated scanners reported this all the time.	11 years ago
Robin Appelman	0497534a6e	more type hints	11 years ago
Jenkins for ownCloud	b585d87d9d	Update license headers	11 years ago
Lukas Reschke	bbd5f28415	Let users configure security headers in their Webserver Doing this in the PHP code is not the right approach for multiple reasons: 1. A bug in the PHP code prevents them from being added to the response. 2. They are only added when something is served via PHP and not in other cases (that makes for example the newest IE UXSS which is not yet patched by Microsoft exploitable on ownCloud) 3. Some headers such as the Strict-Transport-Security might require custom modifications by administrators. This was not possible before and lead to buggy situations. This pull request moves those headers out of the PHP code and adds a security check to the admin settings performed via JS.	11 years ago
Morris Jobke	06aef4e8b1	Revert "Updating license headers" This reverts commit `6a1a4880f0`.	11 years ago

44 Commits (27b699bdbcd080ec9d5400a2391cdb2b725f7ee1)