nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Christoph Wurst	2ee65f177e	Use the shorter phpunit syntax for mocked return values Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Roeland Jago Douma	c007ca624f	Make phpunit8 compatible Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
Daniel Kesselberg	9c4c5ee818	Add test case for existing user with token null Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	6 years ago
Daniel Kesselberg	7f7c6e49b6	Return the disabled user mock instead of the existing Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	6 years ago
Julius Härtl	3b0d13944a	Move actual password reset to vue Signed-off-by: Julius Härtl <jus@bitgrid.net>	7 years ago
Roeland Jago Douma	b6dd2ebd39	Use proper exception in lostController There is no need to log the expcetion of most of the stuff here. We should properly log them but an exception is excessive. This moves it to a proper exception which we can catch and then log. The other exceptions will still be fully logged. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	7 years ago
Daniel Kesselberg	d57540ac84	Return first value from $users Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	7 years ago
Roeland Jago Douma	ac8a6e2244	Clean pending 2FA authentication on password reset When a password is reste we should make sure that all users are properly logged in. Pending states should be cleared. For example a session where the 2FA code is not entered yet should be cleared. The token is now removed so the session will be killed the next time this is checked (within 5 minutes). Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	7 years ago
Roeland Jago Douma	f42115d6bb	Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	7 years ago
Morris Jobke	cf3f4888cc	Change password expiration time from 12h to 7d We use the same logic for creating accounts without a password and there the 12h is a bit short. Users don't expect that the signup link needs to be clicked within 12h - 7d should be a more expected behavior. Signed-off-by: Morris Jobke <hey@morrisjobke.de>	7 years ago
Daniel Kesselberg	031fdfb1fc	Enable password reset for user with same email address when only one is active When two or more user share the same email address its not possible to reset password by email. Even when only one account is active. This pr reduce list of users returned by getByEmail by disabled users. Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	7 years ago
Bjoern Schiessle	3c5fb2b52b	update unit tests Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	7 years ago
Robin Appelman	8ed50d4b63	prefill userid for login after password reset Signed-off-by: Robin Appelman <robin@icewind.nl>	8 years ago
Roeland Jago Douma	8d1dd1945f	Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Morris Jobke	43e498844e	Use ::class in test mocks Signed-off-by: Morris Jobke <hey@morrisjobke.de>	8 years ago
Joas Schilling	3119fd41ce	Set the data from the template Signed-off-by: Joas Schilling <coding@schilljs.com>	8 years ago
Joas Schilling	d5c6d56170	No password reset for disabled users Signed-off-by: Joas Schilling <coding@schilljs.com>	8 years ago
Roeland Jago Douma	ba7cf03daf	Fix LostControllerTest Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	9 years ago
Joas Schilling	0828df5ed4	Disable the API endpoints as well Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Morris Jobke	16c4755e03	Rename renderHTML to renderHtml * fixes #4383 * improves consistency Signed-off-by: Morris Jobke <hey@morrisjobke.de>	9 years ago
Lukas Reschke	727688ebd9	Adjust existing bruteforce protection code - Moves code to annotation - Adds the `throttle()` call on the responses on existing annotations Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Morris Jobke	1f962f9115	Update email template for lost password email Signed-off-by: Morris Jobke <hey@morrisjobke.de>	9 years ago
Morris Jobke	5b4adf66e5	Move OC_Defaults to OCP\Defaults * currently there are two ways to access default values: OCP\Defaults or OC_Defaults (which is extended by OCA\Theming\ThemingDefaults) * our code used a mixture of both of them, which made it hard to work on theme values * this extended the public interface with the missing methods and uses them everywhere to only rely on the public interface Signed-off-by: Morris Jobke <hey@morrisjobke.de>	9 years ago
Joas Schilling	4bae7ef96d	Allow to reset the password with the email as an input Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Bjoern Schiessle	fcda3a20f4	create new encryption keys on password reset and backup the old one Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	9 years ago
Bjoern Schiessle	16bbd3fd7c	fix password reset if encryption is enabled Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	9 years ago
Roeland Jago Douma	dca9184a12	Fix tests * Tests fixed and controller coverage to 100% Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	9 years ago
Lukas Reschke	6d686c213b	[WIP] Use mail for encrypting the password reset token as well	9 years ago
Joas Schilling	ed30b1f645	Use our base class everywhere Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Joas Schilling	877cb06bfe	Use magic DI for core controllers Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Joas Schilling	736e884e9a	Move the reset token to core app	9 years ago
Julius Haertl	d065980814	Add more tests for OC\Core\Controller\LostController - remove testResetFormUnsuccessful as it is now splitted up in different test cases - add testResetFormInvalidToken to check if timestamp and token are present - add testResetFormInvalidTokenMatch to check if the saved token matches the provided - add testResetFormExpiredToken to check if expiration detection works - add testResetFormValidToken to check if detection of valid tokens works	10 years ago
Joas Schilling	392bc0c6b9	Move tests/core/ to PSR-4	10 years ago
Morris Jobke	d6a63016ae	move lost controller to core/controller * lostpassword.css is unneeded since #11696 is merged - `1b50d4f7ce` * js is already in core/js * css is moved to core/css/lostpassword * template is moved to core/templates/lostpassword	10 years ago
Roeland Jago Douma	07fd3889b1	Fix unit tests	10 years ago
Thomas Müller	eebe2b9c23	User IUser::getEMailAddress() all over the place	10 years ago
Lukas Reschke	db4cb1dd4d	Expire token after 12h and if user logged-in again As an hardening measure we should expire password reset tokens after 12h and if the user has logged-in again successfully after the token was requested.	11 years ago
Lukas Reschke	283476a2f7	Use new IMailer and add unit-tests for lostcontroller	11 years ago
Lukas Reschke	944dc127b8	Mock l10n in the setup	11 years ago
Lukas Reschke	ba29ea178f	Add unit tests for empty token	11 years ago
Lukas Reschke	e1e8031798	Disable when no sendmail is available	11 years ago
Joas Schilling	9cfae2ed44	Skip lostcontroller sending email test on windows	11 years ago
Lukas Reschke	767b08c669	Use correct route instead THX @schiesbn (I should setup a mail server on my local system...)	11 years ago
Lukas Reschke	60ae2894aa	Fix scrutinizer issues	11 years ago
Lukas Reschke	1b50d4f7ce	Warn for password reset when files_encryption is enabled This patch wil warn the user of the consequences when resetting the password and requires checking a checkbox (as we had in the past) to reset a password. Furthermore I updated the code to use our new classes and added some unit tests for it 👯 Fixes https://github.com/owncloud/core/issues/11438	11 years ago

35 Commits (62403d0932be7d620c7bdadc6b4e13eb496fcd6f)