nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Christoph Wurst	d89a75be0b	Update all license headers for Nextcloud 21 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	5 years ago
Christoph Wurst	28f8eb5dba	Add visibility to all constants Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	1584c9ae9c	Add visibility to all methods and position of static keyword Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	caff1023ea	Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	5bf3d1bb38	Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Roeland Jago Douma	68748d4f85	Some php-cs fixes * Order the imports * No leading slash on imports * Empty line before namespace * One line per import * Empty after imports * Emmpty line at bottom of file Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
Bjoern Schiessle	0efd29f41f	first check if the user is already logged in and then try to authenticate via apache, this way we suppress wrong audit log messages about failed login attempts Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	7 years ago
Morris Jobke	e2974f1133	Simplify return statement Signed-off-by: Morris Jobke <hey@morrisjobke.de>	8 years ago
Morris Jobke	0eebff152a	Update license headers Signed-off-by: Morris Jobke <hey@morrisjobke.de>	8 years ago
Lukas Reschke	df3909a7c3	Use Bearer backend for SabreDAV Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Lukas Reschke	5f71805c35	Add basic implementation for OAuth 2.0 Authorization Code Flow Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Morris Jobke	1729e4471f	Update comments to Nextcloud * based on PR by @Ardinis * see #4311 Signed-off-by: Morris Jobke <hey@morrisjobke.de>	9 years ago
Joas Schilling	33fb86f68b	Fix detection of the new iOS app Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Robin Appelman	b56f2c9ed0	basic lockdown logic Signed-off-by: Robin Appelman <icewind@owncloud.com>	9 years ago
Christoph Wurst	6af2efb679	prevent infinite redirect loops if the there is no 2fa provider to pass This fixes infinite loops that are caused whenever a user is about to solve a 2FA challenge, but the provider app is disabled at the same time. Since the session value usually indicates that the challenge needs to be solved before we grant access we have to remove that value instead in this special case.	9 years ago
Joas Schilling	813f0a0f40	Fix apps/	10 years ago
Lukas Reschke	ba4f12baa0	Implement brute force protection Class Throttler implements the bruteforce protection for security actions in Nextcloud. It is working by logging invalid login attempts to the database and slowing down all login attempts from the same subnet. The max delay is 30 seconds and the starting delay are 200 milliseconds. (after the first failed login)	10 years ago
Joas Schilling	2c988ecbf4	Use the themed Defaults everywhere	10 years ago
Christoph Wurst	5a8cfab68f	throw PasswordLoginForbidden on DAV	10 years ago
Christoph Wurst	82b50d126c	add PasswordLoginForbiddenException	10 years ago
Christoph Wurst	331d88bcab	create session token on all APIs	10 years ago
Thomas Müller	cf06b17df1	Use the correct realm for basic authentication - fixes #23427	10 years ago
Thomas Müller	f20c617154	Allow login by email address via webdav as well - fixes #24791	10 years ago
Christoph Wurst	da03a85c3c	block DAV if 2FA challenge needs to be solved first	10 years ago
Lukas Reschke	aba539703c	Update license headers	10 years ago
Christoph Wurst	28ce7dd262	do not allow client password logins if token auth is enforced or 2FA is enabled	10 years ago
Christoph Wurst	ad10485cec	when generating browser/device token, save the login name for later password checks	10 years ago
Christoph Wurst	dfb4d426c2	Add two factor auth to core	10 years ago
Joas Schilling	dd9ee10bc0	Move dav app to PSR-4 (#24527 ) * Move Application to correct namespace and PSR-4 it * Move dav app to PSR-4	10 years ago
Christoph Wurst	0486d750aa	use the UID for creating the session token, not the login name	10 years ago
Christoph Wurst	5e55dfb2d6	create session token for DAV clients (sync clients)	10 years ago
Lukas Reschke	cc8c0b6a90	Check if request is sent from official ownCloud client There are authentication backends such as Shibboleth that do send no Basic Auth credentials for DAV requests. This means that the ownCloud DAV backend would consider these requests coming from an untrusted source and require higher levels of security checks. (e.g. a CSRF check) While an elegant solution would rely on authenticating via token (so that one can properly ensure that the request came indeed from a trusted client) this is a okay'ish workaround for this problem until we have something more reliable in the authentication code.	10 years ago
Arthur Schiwon	117c1bffa7	adjust PrincipilUri as returned from Sabre to effective username	10 years ago
Lukas Reschke	9b3c4e8dc4	Require CSRF token for non WebDAV authenticated requests	10 years ago
Thomas Müller	cca2ade199	Adding pre oc 9.0 CardDAV endpoint for migration of old clients	10 years ago
Thomas Müller	682821c71e	Happy new year!	10 years ago
Roeland Jago Douma	4a38793d11	Allow only cookie auth to webdav	10 years ago
Vincent Petry	13ec2bda2d	Properly check X-Requested-With header in case of multiple values Saw this happening in IE8...	10 years ago
Vincent Petry	d02e0eaaf1	Only reject ajax auth if user is really logged out	10 years ago
Thomas Müller	c25a7cc4da	Users are available under it's own principal resource named 'principals/users' this will allow us to introduce e.g. groups as principals (one day) and system specific principals (needed for federation)	10 years ago
Thomas Müller	ae36c01b95	Adjust sabre changes in core	10 years ago
Vincent Petry	055d58bfc3	Do not authenticate over ajax This makes sure that whenever a Webdav call is done through Ajax, if the session has expired, it will not send back a challenge but a simple 401 response. Without this fix, the default code would send back a challenge and trigger the browser's basic auth dialog.	10 years ago
Scrutinizer Auto-Fixer	5573029485	Scrutinizer Auto-Fixes This commit consists of patches automatically generated for this project on https://scrutinizer-ci.com	10 years ago
Thomas Müller	0f434e0b9b	Implement CSRF protection	10 years ago
Lukas Reschke	cddc9abc06	Add tests for Sabre Auth plugin + make getCurrentUser compatible	10 years ago
Thomas Müller	f2889dc6e4	Consolidate webdav code - move all to one app	10 years ago
Morris Jobke	b945d71384	update licence headers via script	10 years ago
Thomas Müller	134dc136e6	Avoid namespace clash	11 years ago
Thomas Müller	3f3c603922	Adding exception handling for ServerNotAvailableException - refs #17192	11 years ago
Jenkins for ownCloud	b585d87d9d	Update license headers	11 years ago

30 Commits (5cd1880daa048a685da689c7f41a2e50486494de)