nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Christoph Wurst	d907666232	bring back remember-me * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	9 years ago
Joas Schilling	0215b004da	Update with robin	10 years ago
Joas Schilling	ba87db3fcc	Fix others	10 years ago
Christoph Wurst	c58d8159d7	Create session tokens for apache auth users	10 years ago
Lukas Reschke	aba539703c	Update license headers	10 years ago
Christoph Wurst	7aa16e1559	fix setup	10 years ago
Christoph Wurst	3ab922601a	Check if session token is valid and log user out if the check fails * Update last_activity timestamp of the session token * Check user backend credentials once in 5 minutes	10 years ago
Christoph Wurst	d8cde414bd	token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token	10 years ago
Roeland Jago Douma	9e1d9871a8	Move OC_User_Database to \OC\User\Database	10 years ago
Björn Schießle	8c0984d605	first call the post_login hooks, before we call getUserFolder. The login process needs to be completed before we can safely create the users home folder. For example we need to give encryption a chance to initialize the users encryption keys in order to copy the skeleton files correctly	10 years ago
Thomas Müller	7aca13f14c	Allow login by email address	10 years ago
Thomas Müller	9c9fec36dd	Add occ commands to enable and disable a user + a disabled user can no longer login - fixes #23838	10 years ago
Roeland Jago Douma	368be8894c	Move non PSR-4 files from lib/private root to legacy As discussed we move all old style classes (OC_FOO_BAR) to legacy. Then from there we can evaluate the need to convert them back or if they can be fully deprecated/deleted.	10 years ago
Lukas Reschke	8222ad5157	Move logout to controller Testable code. Yay.	10 years ago
Thomas Müller	bab55141a6	Fixes #23899	10 years ago
Lukas Reschke	14f932f3c7	Add DAV authenticated also to other scopes Fixes https://github.com/owncloud/core/issues/22893	10 years ago
Lukas Reschke	c353d51810	Remove Scrutinizer Auto Fixer	10 years ago
Lukas Reschke	933f60e314	Update author information Probably nice for the people that contributed to 9.0 to see themselves in the AUTHORS file :)	10 years ago
Scrutinizer Auto-Fixer	08f0dc9067	Scrutinizer Auto-Fixes This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com	10 years ago
Lukas Reschke	12b22c2759	Regenerate CSRF token upon login Otherwise somebody else might be able to note down the CSRF token before login on a shared computer.	10 years ago
Lukas Reschke	a977465af5	Add new CSRF manager for unit testing purposes This adds a new CSRF manager for unit testing purposes, it's interface is based upon https://github.com/symfony/security-csrf. Due to some of our required custom changes it is however not possible to use the Symfony component directly.	10 years ago
Jörn Friedrich Dreyer	64043e9bcc	move methods to correct interface, deprecate private interface	10 years ago
Thomas Müller	682821c71e	Happy new year!	10 years ago
Roeland Jago Douma	876fb83ddc	getMediumStrengthGenerator is deprecated and does not do anything anymore	10 years ago
Lukas Reschke	fec41e7539	Move regeneration of session ID into session classes There were code paths that nowadays call ISession::login directly thus bypassing the desired regeneration of the session ID. This moves the session regeneration deeper into the session handling and thus ensures that it is always called. Furthermore, I also added the session regeneration to the remember me cookie plus added some test case expectations for this.	10 years ago
Roeland Jago Douma	6fb60815c5	Use SystemConfig internally	10 years ago
Roeland Jago Douma	82bf99c0cf	Get rid of legacy OC_Config We were still using the lecagy class OC_Config all over the place. Which was a wrapper around the new class OC\Config	10 years ago
Roeland Jago Douma	1f715289bf	Removed deprecated function OC_User::deleteUser Replaced with proper OCP calls	10 years ago
Roeland Jago Douma	9201b9713e	Removed unused deprecated methods	10 years ago
Roeland Jago Douma	835911bce5	Removed deprecated private OC_User::createUser All function calls are replaced with the recommended (which was already the body of the function).	10 years ago
Roeland Jago Douma	7e44ea5da0	Remove deprecated function OC_User::getManager Private deprecated function => removed Replaced all instances with suggested replacement	10 years ago
Lukas Reschke	8f09d5b67c	Update license headers	10 years ago
Lukas Reschke	f6e055b2fd	Add remark that $run is not supported anymore Fixes https://github.com/owncloud/core/issues/16908	11 years ago
Lukas Reschke	36ce254ffd	Move dummy backend to Tests namespace	11 years ago
Thomas Müller	0f2865abb2	Repeated calls to loginWithApache() should not not try to set user information in the session again	11 years ago
Morris Jobke	5a5c59639b	Escape ampersand in logout URL * fixes #17757	11 years ago
Thomas Müller	d3ac73c0c9	Remove OC_Log	11 years ago
Morris Jobke	f63915d0c8	update license headers and authors	11 years ago
Lukas Reschke	694d639f94	Fix PHPDoc 🙈 sigh	11 years ago
Robin Appelman	077d41a9ce	wait with copying the skeleton untill login and setupfs are done	11 years ago
Joas Schilling	71de1d58cd	Fix namespace duplication and other issues in repairlegacystorages	11 years ago
Jenkins for ownCloud	b585d87d9d	Update license headers	11 years ago
Morris Jobke	06aef4e8b1	Revert "Updating license headers" This reverts commit `6a1a4880f0`.	11 years ago
Thomas Müller	1fd1b355e4	Fix namespace of OC_Setup -> \OC\Setup	11 years ago
Jenkins for ownCloud	6a1a4880f0	Updating license headers	11 years ago
Robin Appelman	434835b326	also set user in UserSession when doing OC_User::setUserId	11 years ago
Lukas Reschke	025110821f	URLEncode logout attribute Otherwise logout can fail if the requesttoken contains a +	11 years ago
Lukas Reschke	476579b9c6	Fix WebDAV auth for session authentication only \Sabre\DAV\Auth\Backend\AbstractBasic::authenticate was only calling \OC_Connector_Sabre_Auth::validateUserPass when the response of \Sabre\HTTP\BasicAuth::getUserPass was not null. However, there is a case where the value can be null and the user could be authenticated anyways: The authentication via ownCloud web-interface and then accessing WebDAV resources. This was not possible anymore with this patch because it never reached the code path in this scenario. This patchs allows authenticating with a session without isDavAuthenticated value stored (this is for ugly WebDAV clients that send the cookie in any case) and thus the functionality should work again. To test this go to the admin settings and test if the WebDAV check works fine. Furthermore all the usual stuff (WebDAV / Shibboleth / etc...) needs testing as well.	11 years ago
Lukas Reschke	e3230b5bc2	Add ultra-slim hack for incognito mode As discussed at https://github.com/owncloud/core/pull/12912#issuecomment-67391155	11 years ago
Lukas Reschke	b91a435ed4	Move basic auth login out of `isLoggedIn` Potentially fixes https://github.com/owncloud/core/issues/12915 and opens the door for potential other bugs... Please test very carefully, this includes: - Testing from OCS via cURL (as in #12915) - Testing from OCS via browser (Open the "Von Dir geteilt" shares overview) - WebDAV - CalDAV - CardDAV	11 years ago

15 Commits (311531ecce497663960877fc536ba94deff27bc0)