nextcloud-server

Commit Graph

Author	SHA1	Message	Date
justin-sleep	25a5c655f7	Move integer casting to the top of the chain Signed-off-by: justin-sleep <justin@quarterfull.com>	9 years ago
Joas Schilling	d75e35b75e	Introduce the UI for password confirmation Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Christoph Wurst	d907666232	bring back remember-me * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	9 years ago
Joas Schilling	877cb06bfe	Use magic DI for core controllers Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Roeland Jago Douma	f6423f74e3	Minor cleanup in core Controllers	9 years ago
Christoph Wurst	291dd0bd31	redirect to 2fa provider if there's only one active for the user	9 years ago
Joas Schilling	736e884e9a	Move the reset token to core app	9 years ago
Joas Schilling	139fb8de94	Remove "password reset token" after successful login	9 years ago
Lukas Reschke	9ca25e857c	Redirect users when already logged-in on login form	9 years ago
Thomas Müller	4cf2f97a16	Add missing array element - fixes #25714	9 years ago
Bjoern Schiessle	4ecd16c555	Redirect to default page after login	9 years ago
Joas Schilling	ba87db3fcc	Fix others	9 years ago
Lukas Reschke	c1589f163c	Mitigate race condition	9 years ago
Lukas Reschke	ba4f12baa0	Implement brute force protection Class Throttler implements the bruteforce protection for security actions in Nextcloud. It is working by logging invalid login attempts to the database and slowing down all login attempts from the same subnet. The max delay is 30 seconds and the starting delay are 200 milliseconds. (after the first failed login)	9 years ago
Thomas Müller	232d735893	Do not leak the login name - fixes #25047	9 years ago
Christoph Wurst	5e71d23ded	remember redirect_url when solving the 2FA challenge	9 years ago
Lukas Reschke	aba539703c	Update license headers	9 years ago
Christoph Wurst	ad10485cec	when generating browser/device token, save the login name for later password checks	9 years ago
Christoph Wurst	4128b853e5	login explicitly	9 years ago
Joas Schilling	5c063cf7c9	Allow opening the password reset link in a new window when its a URL	9 years ago
Christoph Wurst	dfb4d426c2	Add two factor auth to core	9 years ago
Christoph Wurst	e077d78ec9	Show login error message correctly (#24599 )	9 years ago
Lukas Reschke	ee0ebd192a	Use proper URL generation function (#24576 ) Fixes the redirection after login, otherwise `core/files/index` is opened which fails.	9 years ago
Christoph Wurst	0486d750aa	use the UID for creating the session token, not the login name	9 years ago
Christoph Wurst	214aa6639c	fix login with email	9 years ago
Christoph Wurst	46bdf6ea2b	fix PHPDoc and other minor issues	9 years ago
Christoph Wurst	3ffa7d986a	show login error	9 years ago
Christoph Wurst	aa85edd224	increase token column width add some range to time() assertions	9 years ago
Christoph Wurst	aafd660b97	fix LoginController unit tests	9 years ago
Christoph Wurst	7aa16e1559	fix setup	9 years ago
Christoph Wurst	fdc2cd7554	Add token auth for OCS APIs	9 years ago
Christoph Wurst	3ab922601a	Check if session token is valid and log user out if the check fails * Update last_activity timestamp of the session token * Check user backend credentials once in 5 minutes	9 years ago
Christoph Wurst	d8cde414bd	token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token	9 years ago
Lukas Reschke	8222ad5157	Move logout to controller Testable code. Yay.	9 years ago
Lukas Reschke	d4a93893bb	Also check for an empty string PHP. Yay.	9 years ago
Lukas Reschke	fee95084ae	Rename `username` to `loginName` UID and login name are two different things.	9 years ago
Lukas Reschke	8a650a51be	Use !== instead of empty Users can be named null	9 years ago
Lukas Reschke	331e4efacb	Move login form into controller First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is.	9 years ago

40 Commits (74d1b0bada1b291038c88cf1e289d6696c65bfb7)