nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Joas Schilling	0215b004da	Update with robin	10 years ago
Joas Schilling	ba87db3fcc	Fix others	10 years ago
Lukas Reschke	c1589f163c	Mitigate race condition	10 years ago
Lukas Reschke	ba4f12baa0	Implement brute force protection Class Throttler implements the bruteforce protection for security actions in Nextcloud. It is working by logging invalid login attempts to the database and slowing down all login attempts from the same subnet. The max delay is 30 seconds and the starting delay are 200 milliseconds. (after the first failed login)	10 years ago
Joas Schilling	2c988ecbf4	Use the themed Defaults everywhere	10 years ago
Morris Jobke	2791b8f00d	Revert "occ web executor (#24957 )" This reverts commit `854352d9a0`.	10 years ago
VicDeo	854352d9a0	occ web executor (#24957 ) * Initial web executor * Fix PHPDoc Fix broken integration test OccControllerTests do not require database access - moch them all! Kill unused sprintf	10 years ago
Lukas Reschke	5fdde426eb	Add fancy layout	10 years ago
blizzz	51fd2602a7	Revert "Downstream 2016-06-08"	10 years ago
Thomas Müller	232d735893	Do not leak the login name - fixes #25047	10 years ago
Joas Schilling	7f88645eab	Allow to cancel 2FA after login	10 years ago
Christoph Wurst	60e15e934c	do not generate device token if 2FA is enable for user	10 years ago
Joas Schilling	3e3b326c85	Allow to cancel 2FA after login	10 years ago
Christoph Wurst	8f7a4aaa4d	do not generate device token if 2FA is enable for user	10 years ago
Christoph Wurst	5e71d23ded	remember redirect_url when solving the 2FA challenge	10 years ago
Lukas Reschke	aba539703c	Update license headers	10 years ago
Christoph Wurst	ad10485cec	when generating browser/device token, save the login name for later password checks	10 years ago
Christoph Wurst	a0ccebfdcb	generate device token for UID, not login name fixes #24785	10 years ago
Christoph Wurst	4128b853e5	login explicitly	10 years ago
Joas Schilling	5c063cf7c9	Allow opening the password reset link in a new window when its a URL	10 years ago
Julius Haertl	8ee2cb47d0	Show error messages if a password reset link is invalid or expired - Moved token validation to method checkPasswordResetToken - Render error with message from exceptions	10 years ago
Christoph Wurst	dfb4d426c2	Add two factor auth to core	10 years ago
Christoph Wurst	e077d78ec9	Show login error message correctly (#24599 )	10 years ago
Lukas Reschke	ee0ebd192a	Use proper URL generation function (#24576 ) Fixes the redirection after login, otherwise `core/files/index` is opened which fails.	10 years ago
Christoph Wurst	0486d750aa	use the UID for creating the session token, not the login name	10 years ago
Christoph Wurst	214aa6639c	fix login with email	10 years ago
Christoph Wurst	46bdf6ea2b	fix PHPDoc and other minor issues	10 years ago
Christoph Wurst	3ffa7d986a	show login error	10 years ago
Christoph Wurst	f0f8bdd495	PHPDoc and other minor fixes	10 years ago
Christoph Wurst	fbb5768587	add unit tests for all new classes	10 years ago
Christoph Wurst	aa85edd224	increase token column width add some range to time() assertions	10 years ago
Christoph Wurst	aafd660b97	fix LoginController unit tests	10 years ago
Christoph Wurst	7aa16e1559	fix setup	10 years ago
Christoph Wurst	fdc2cd7554	Add token auth for OCS APIs	10 years ago
Christoph Wurst	8d48502187	Add index on 'last_activity' add token type column and delete only temporary tokens in the background job debounce token updates; fix wrong class import	10 years ago
Christoph Wurst	53636c73d6	Add controller to generate client tokens	10 years ago
Christoph Wurst	3ab922601a	Check if session token is valid and log user out if the check fails * Update last_activity timestamp of the session token * Check user backend credentials once in 5 minutes	10 years ago
Christoph Wurst	d8cde414bd	token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token	10 years ago
Lukas Reschke	8222ad5157	Move logout to controller Testable code. Yay.	10 years ago
Lukas Reschke	d4a93893bb	Also check for an empty string PHP. Yay.	10 years ago
Lukas Reschke	fee95084ae	Rename `username` to `loginName` UID and login name are two different things.	10 years ago
Lukas Reschke	8a650a51be	Use !== instead of empty Users can be named null	10 years ago
Lukas Reschke	331e4efacb	Move login form into controller First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is.	10 years ago
Lukas Reschke	a4b19a5b1e	Rename files to be PSR-4 compliant	10 years ago

48 Commits (681eebcfe613157e05919a3223fcd0bbbe324638)