nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Roeland Jago Douma	3bd104ef7c	Fix LoginController Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	9 years ago
Lukas Reschke	f22ab3e665	Add metadata to \OCP\AppFramework\Http\Response::throttle Fixes https://github.com/nextcloud/server/issues/5891 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Lukas Reschke	2f87fb6b45	Add Clear-Site-Data header This adds a Clear-Site-Data header to the logout response which will delete all relevant data in the caches which may contain potentially sensitive content. See https://w3c.github.io/webappsec-clear-site-data/#header for the definition of the types. Ref https://twitter.com/mikewest/status/877149667909406723 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Christoph Wurst	bb1d191f82	Fix remember redirect_url on failed login attempts Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	9 years ago
Lukas Reschke	8149945a91	Make BruteForceProtection annotation more clever This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware. Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Joas Schilling	7ad791efb4	Dont create a log entry on email login Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Arthur Schiwon	7b3fdfeeaa	do login routine only once when done via LoginController Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	9 years ago
Arthur Schiwon	2994cbc586	fix login controller tests Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	9 years ago
Christoph Wurst	5e728d0eda	oc_token should be nc_token Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	9 years ago
Christoph Wurst	140555b786	always allow remembered login Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	10 years ago
Joas Schilling	924358ef96	Save the timezone on login again Signed-off-by: Joas Schilling <coding@schilljs.com>	10 years ago
Christoph Wurst	d907666232	bring back remember-me * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	10 years ago
Christoph Wurst	291dd0bd31	redirect to 2fa provider if there's only one active for the user	10 years ago
Joas Schilling	736e884e9a	Move the reset token to core app	10 years ago
Joas Schilling	139fb8de94	Remove "password reset token" after successful login	10 years ago
Lukas Reschke	cf3cfca356	Use generated URL	10 years ago
Lukas Reschke	75d135d8d4	Fix tests for LoginController	10 years ago
Lukas Reschke	65d1472005	Don't use create mock Not compatible with this PHPunit version	10 years ago
Lukas Reschke	72b5f9bfac	Use createMock instead of deprecated getMock	10 years ago
Lukas Reschke	9ca25e857c	Redirect users when already logged-in on login form	10 years ago
Lukas Reschke	c1589f163c	Mitigate race condition	10 years ago
Lukas Reschke	ba4f12baa0	Implement brute force protection Class Throttler implements the bruteforce protection for security actions in Nextcloud. It is working by logging invalid login attempts to the database and slowing down all login attempts from the same subnet. The max delay is 30 seconds and the starting delay are 200 milliseconds. (after the first failed login)	10 years ago
Thomas Müller	232d735893	Do not leak the login name - fixes #25047	10 years ago
Christoph Wurst	ad10485cec	when generating browser/device token, save the login name for later password checks	10 years ago
Christoph Wurst	dfb4d426c2	Add two factor auth to core	10 years ago
Joas Schilling	392bc0c6b9	Move tests/core/ to PSR-4	10 years ago
Lukas Reschke	ee0ebd192a	Use proper URL generation function (#24576 ) Fixes the redirection after login, otherwise `core/files/index` is opened which fails.	10 years ago
Christoph Wurst	0486d750aa	use the UID for creating the session token, not the login name	10 years ago
Christoph Wurst	aa85edd224	increase token column width add some range to time() assertions	10 years ago
Christoph Wurst	aafd660b97	fix LoginController unit tests	10 years ago
Lukas Reschke	8222ad5157	Move logout to controller Testable code. Yay.	10 years ago
Lukas Reschke	fee95084ae	Rename `username` to `loginName` UID and login name are two different things.	10 years ago
Lukas Reschke	8a650a51be	Use !== instead of empty Users can be named null	10 years ago
Lukas Reschke	331e4efacb	Move login form into controller First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is.	10 years ago

27 Commits (3bd104ef7c32ca4e1616c9caade1fb59dd1aab29)