nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Michael Weimann	d855c38e07	Moves the logo files to logo Signed-off-by: Michael Weimann <mail@michael-weimann.eu>	7 years ago
Christoph Wurst	42300d19e9	Fix max length requirements for the throttler metadata If a failed login is logged, we save the username as metadata in the bruteforce throttler. To prevent database error due to very long strings, this truncates the username at 64 bytes in the assumption that no real username is longer than that.long strings, Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	8 years ago
Christoph Wurst	d8197f2b97	Rename providerset method to get primary providers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	8 years ago
Christoph Wurst	c6e47e8a51	Fix login redirection if only one 2FA provider is active Fixes https://github.com/nextcloud/server/issues/10500. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	8 years ago
Michael Weimann	c92d7429d7	Implements handling for deactivated users Signed-off-by: Michael Weimann <mail@michael-weimann.eu>	8 years ago
Christoph Wurst	13d93f5b25	Make 2FA providers stateful This adds persistence to the Nextcloud server 2FA logic so that the server knows which 2FA providers are enabled for a specific user at any time, even when the provider is not available. The `IStatefulProvider` interface was added as tagging interface for providers that are compatible with this new API. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	8 years ago
Roeland Jago Douma	a07f6d46e3	Use proper types Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Morris Jobke	fd3c97b93b	Avoid to leak a user ID that is not a string to reach a user backend Signed-off-by: Morris Jobke <hey@morrisjobke.de>	8 years ago
Roeland Jago Douma	33b93db953	Remove unused parameter Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	2b7d4d5069	Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	caee215120	Always remember me Fixes #8004 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Arthur Schiwon	ffc05e2fed	don't try login with the same name that just failed Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	8 years ago
Roeland Jago Douma	7cab7feb38	Display message when connection is throttled on logi page Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Julius Härtl	f5f6ed664d	Hide stay logged in checkbox when flow authentication is used Signed-off-by: Julius Härtl <jus@bitgrid.net>	8 years ago
Morris Jobke	0eebff152a	Update license headers Signed-off-by: Morris Jobke <hey@morrisjobke.de>	8 years ago
Lukas Reschke	0bccd5a0d9	Fix "Uninitialized string offset: 0 at \/media\/psf\/stable9\/lib\/private\/URLGenerator.php#224" The URLGenerator doesn't support `` as target for absolute URLs, we need to link to `/` thus. Regression introduced with `46229a00f3` Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	8 years ago
Morris Jobke	0326c2c54f	Fix broken tests Signed-off-by: Morris Jobke <hey@morrisjobke.de>	8 years ago
Julius Härtl	46229a00f3	Add rich link preview to the login page Signed-off-by: Julius Härtl <jus@bitgrid.net>	8 years ago
Lukas Reschke	f22ab3e665	Add metadata to \OCP\AppFramework\Http\Response::throttle Fixes https://github.com/nextcloud/server/issues/5891 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Lukas Reschke	2f87fb6b45	Add Clear-Site-Data header This adds a Clear-Site-Data header to the logout response which will delete all relevant data in the caches which may contain potentially sensitive content. See https://w3c.github.io/webappsec-clear-site-data/#header for the definition of the types. Ref https://twitter.com/mikewest/status/877149667909406723 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Ujjwal Bhardwaj	7c23414eef	Disable reset password link. Issue: #27440	9 years ago
Christoph Wurst	bb1d191f82	Fix remember redirect_url on failed login attempts Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	9 years ago
Lukas Reschke	8149945a91	Make BruteForceProtection annotation more clever This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware. Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Joas Schilling	7ad791efb4	Dont create a log entry on email login Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Arthur Schiwon	7b3fdfeeaa	do login routine only once when done via LoginController Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	9 years ago
Arthur Schiwon	2994cbc586	fix login controller tests Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	9 years ago
Sandro Lutz	9b6f99ab08	Update license header Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>	9 years ago
Sandro Lutz	ff3fa538e4	Add missing use statement for PublicEmitter Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>	9 years ago
Christoph Wurst	5e728d0eda	oc_token should be nc_token Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	9 years ago
Sandro Lutz	20f878b014	Fix typo for UserManager variable Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>	9 years ago
Sandro Lutz	6feff0ceba	Add check if UserManager is of type PublicEmitter before calling preLogin hook Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>	9 years ago
Sandro Lutz	e30d28f7eb	Change where preLogin hook gets called Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>	9 years ago
Sandro Lutz	6ab0a3215d	Remove preLoginValidation hook Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>	9 years ago
Sandro Lutz	e14d50eb1f	Fix indentation Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>	9 years ago
Sandro Lutz	4ebcd5ac0b	Add preLoginValidation hook Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>	9 years ago
John Molakvoæ (skjnldsv)	2c9d7eeb76	Fix public page css fallback loading Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	9 years ago
Bjoern Schiessle	cdf01feba7	add action to existing brute force protection Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	9 years ago
Christoph Wurst	140555b786	always allow remembered login Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	9 years ago
John Molakvoæ (skjnldsv)	e4b3ba6590	Create unified css file and merge all needed data into this file Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	9 years ago
Joas Schilling	2f21eaaf47	Use login name to fix password confirm with ldap users Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Joas Schilling	924358ef96	Save the timezone on login again Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
justin-sleep	25a5c655f7	Move integer casting to the top of the chain Signed-off-by: justin-sleep <justin@quarterfull.com>	9 years ago
Joas Schilling	d75e35b75e	Introduce the UI for password confirmation Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Christoph Wurst	d907666232	bring back remember-me * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	9 years ago
Joas Schilling	877cb06bfe	Use magic DI for core controllers Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Roeland Jago Douma	f6423f74e3	Minor cleanup in core Controllers	10 years ago
Christoph Wurst	291dd0bd31	redirect to 2fa provider if there's only one active for the user	10 years ago
Joas Schilling	736e884e9a	Move the reset token to core app	10 years ago
Joas Schilling	139fb8de94	Remove "password reset token" after successful login	10 years ago
Lukas Reschke	9ca25e857c	Redirect users when already logged-in on login form	10 years ago

1 2

88 Commits (d855c38e078f2cd0bec86d5a20fc2f448799433b)