nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Robin Appelman	2389e0f250	read lockdown scope from token Signed-off-by: Robin Appelman <icewind@owncloud.com>	9 years ago
Robin Appelman	b56f2c9ed0	basic lockdown logic Signed-off-by: Robin Appelman <icewind@owncloud.com>	9 years ago
Roeland Jago Douma	f07d75a4dd	@since 9.2.0 to @since 11.0.0 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	9 years ago
Thomas Müller	506ccdbd8d	Introduce an event for first time login based on the last login time stamp Use firstLogin event to trigger creation of default calendar and default address book Delay login of admin user after setup so that firstLogin event can properly be processed for the admin Fixing tests ... Skeleton files are not copied over -> only 3 cache entries are remaining Use updateLastLoginTimestamp to properly setup lastLogin value for a test user	9 years ago
Christoph Wurst	6f86e468d4	inject ISecureRandom into user session and use injected config too Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	9 years ago
Christoph Wurst	d907666232	bring back remember-me * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	9 years ago
Roeland Jago Douma	f722640a32	Proper DI of config * Fixed comments Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	9 years ago
Jörn Friedrich Dreyer	f8352fcb8d	introduce callForSeenUsers and countSeenUsers (#26361 ) * introduce callForSeenUsers and countSeenUsers * add tests * oracle should support not null on clob * since 9.2.0	9 years ago
Vincent Petry	6d1e858aa4	Fix logClientIn for non-existing users (#26292 ) The check for two factor enforcement would return true for non-existing users. This fix makes it return false in order to be able to perform the regular login which will then fail and return false. This prevents throwing PasswordLoginForbidden for non-existing users.	9 years ago
Robin Appelman	25ed6714c7	dont update the auth token twice Signed-off-by: Robin Appelman <robin@icewind.nl>	9 years ago
Roeland Jago Douma	1273d82e8b	Cache non existing DB user We always query the database backend. Even if we use a different one (ldap for example). Now we do this everytime we try to get a user object so caching that a user is not in the DB safes some queries on each request then (at least 2 what I found). Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	9 years ago
Joas Schilling	4d1acfd4ef	Only trigger postDelete hooks when the user was deleted... Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Joas Schilling	5b7b8f8dac	Remove notifications upon user deletion Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Thomas Müller	82e8762c84	Fix issues where some user settings cannot be loaded when the user id differs in case sensitivity - fixes #25684 (#25686 )	9 years ago
Robin Appelman	6c93fe08f5	dont get bruteforce delay twice	9 years ago
Roeland Jago Douma	6c360ad79f	Add PHPdoc	10 years ago
Jörn Friedrich Dreyer	291b3fd8b4	missing PHPDoc	10 years ago
Jörn Friedrich Dreyer	da5633c31a	Type compatability	10 years ago
Jörn Friedrich Dreyer	3593668413	Method is deprecated	10 years ago
Jörn Friedrich Dreyer	5aef60d2ca	Unreachable statement	10 years ago
Jörn Friedrich Dreyer	d2a16c4dc8	Unnecessary fully qualified names	10 years ago
michag86	5fb39bd0cb	Apply password policy on user creation	10 years ago
Joas Schilling	0215b004da	Update with robin	10 years ago
Joas Schilling	ba87db3fcc	Fix others	10 years ago
Lukas Reschke	c1589f163c	Mitigate race condition	10 years ago
Lukas Reschke	ba4f12baa0	Implement brute force protection Class Throttler implements the bruteforce protection for security actions in Nextcloud. It is working by logging invalid login attempts to the database and slowing down all login attempts from the same subnet. The max delay is 30 seconds and the starting delay are 200 milliseconds. (after the first failed login)	10 years ago
Christoph Wurst	1710de8afb	Login hooks (#25260 ) * fix login hooks * adjust user session tests * fix login return value of successful token logins * trigger preLogin hook earlier; extract method 'loginWithPassword' * call postLogin hook earlier; add PHPDoc	10 years ago
Bjoern Schiessle	2a990a0db5	verify user password on change	10 years ago
Christoph Wurst	89198e62e8	check login name when authenticating with client token	10 years ago
Christoph Wurst	b805908dca	update session token password on user password change	10 years ago
Christoph Wurst	56199eba37	fix unit test warning/errors	10 years ago
Christoph Wurst	9d74ff02a4	fix nitpick	10 years ago
Christoph Wurst	1889df5c7c	dont create a session token for clients, validate the app password instead	10 years ago
Christoph Wurst	0c0a216f42	store last check timestamp in token instead of session	10 years ago
Christoph Wurst	c4149c59c2	use token last_activity instead of session value	10 years ago
Christoph Wurst	82b50d126c	add PasswordLoginForbiddenException	10 years ago
Christoph Wurst	465807490d	create session token only for clients that support cookies	10 years ago
Christoph Wurst	331d88bcab	create session token on all APIs	10 years ago
Thomas Müller	f20c617154	Allow login by email address via webdav as well - fixes #24791	10 years ago
Christoph Wurst	46e26f6b49	catch sessionnotavailable exception if memory session is used	10 years ago
Christoph Wurst	ec929f07f2	When creating a session token, make sure it's the login password and not a device token	10 years ago
Christoph Wurst	c58d8159d7	Create session tokens for apache auth users	10 years ago
Lukas Reschke	aba539703c	Update license headers	10 years ago
Christoph Wurst	a922957f76	add default token auth config on install, upgrade and add it to sample config	10 years ago
Christoph Wurst	28ce7dd262	do not allow client password logins if token auth is enforced or 2FA is enabled	10 years ago
Christoph Wurst	ad10485cec	when generating browser/device token, save the login name for later password checks	10 years ago
Christoph Wurst	4128b853e5	login explicitly	10 years ago
Christoph Wurst	dfb4d426c2	Add two factor auth to core	10 years ago
Christoph Wurst	c20cdc2213	invalidate user session if the user is disabled	10 years ago
Christoph Wurst	11dc97da43	try token login first	10 years ago

1 2

78 Commits (311531ecce497663960877fc536ba94deff27bc0)