nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Lukas Reschke	7927aed991	Adjust token name Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Robin Appelman	baec42e80a	Save the scope of an auth token in the session Signed-off-by: Robin Appelman <robin@icewind.nl>	9 years ago
Joas Schilling	6acfea61d0	Fix tests Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Roeland Jago Douma	e368a745aa	Set last-login-check on basic auth Else the last-login-check fails hard because the session value is not set and thus defaults to 0. * Started with tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	9 years ago
Christoph Wurst	6543182d13	fix parameter order Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	9 years ago
Christoph Wurst	9b808c4014	do not remember session tokens by default We have to respect the value of the remember-me checkbox. Due to an error in the source code the default value for the session token was to remember it. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	9 years ago
Lukas Reschke	9d6e01ef40	Add missing tests and fix PHPDoc Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Christoph Wurst	6f86e468d4	inject ISecureRandom into user session and use injected config too Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	9 years ago
Christoph Wurst	d907666232	bring back remember-me * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	9 years ago
Roeland Jago Douma	f722640a32	Proper DI of config * Fixed comments Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	9 years ago
Roeland Jago Douma	593d52fe91	Fix and cleanup SessionTest Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	9 years ago
Vincent Petry	6d1e858aa4	Fix logClientIn for non-existing users (#26292 ) The check for two factor enforcement would return true for non-existing users. This fix makes it return false in order to be able to perform the regular login which will then fail and return false. This prevents throwing PasswordLoginForbidden for non-existing users.	9 years ago
Robin Appelman	90db361827	Add test to ensure token times are updated Signed-off-by: Robin Appelman <robin@icewind.nl>	9 years ago
Robin Appelman	25ed6714c7	dont update the auth token twice Signed-off-by: Robin Appelman <robin@icewind.nl>	9 years ago
Roeland Jago Douma	d616984879	Fix getMock User	9 years ago
Robin Appelman	6c93fe08f5	dont get bruteforce delay twice	9 years ago
Lukas Reschke	c1589f163c	Mitigate race condition	10 years ago
Lukas Reschke	ba4f12baa0	Implement brute force protection Class Throttler implements the bruteforce protection for security actions in Nextcloud. It is working by logging invalid login attempts to the database and slowing down all login attempts from the same subnet. The max delay is 30 seconds and the starting delay are 200 milliseconds. (after the first failed login)	10 years ago
Christoph Wurst	1710de8afb	Login hooks (#25260 ) * fix login hooks * adjust user session tests * fix login return value of successful token logins * trigger preLogin hook earlier; extract method 'loginWithPassword' * call postLogin hook earlier; add PHPDoc	10 years ago
Christoph Wurst	89198e62e8	check login name when authenticating with client token	10 years ago
Christoph Wurst	b805908dca	update session token password on user password change	10 years ago
Christoph Wurst	56199eba37	fix unit test warning/errors	10 years ago
Christoph Wurst	8ef5431e7a	fix user session tests	10 years ago
Christoph Wurst	82b50d126c	add PasswordLoginForbiddenException	10 years ago
Christoph Wurst	465807490d	create session token only for clients that support cookies	10 years ago
Christoph Wurst	ec929f07f2	When creating a session token, make sure it's the login password and not a device token	10 years ago
Christoph Wurst	c58d8159d7	Create session tokens for apache auth users	10 years ago
Christoph Wurst	28ce7dd262	do not allow client password logins if token auth is enforced or 2FA is enabled	10 years ago
Christoph Wurst	ad10485cec	when generating browser/device token, save the login name for later password checks	10 years ago
Christoph Wurst	c20cdc2213	invalidate user session if the user is disabled	10 years ago
Joas Schilling	94ad54ec9b	Move tests/ to PSR-4 (#24731 ) * Move a-b to PSR-4 * Move c-d to PSR-4 * Move e+g to PSR-4 * Move h-l to PSR-4 * Move m-r to PSR-4 * Move s-u to PSR-4 * Move files/ to PSR-4 * Move remaining tests to PSR-4 * Remove Test\ from old autoloader	10 years ago
Christoph Wurst	f824f3e5f3	don't allow token login for disabled users	10 years ago
Christoph Wurst	98b465a8b9	a single token provider suffices	10 years ago
Christoph Wurst	46bdf6ea2b	fix PHPDoc and other minor issues	10 years ago
Christoph Wurst	f0f8bdd495	PHPDoc and other minor fixes	10 years ago
Christoph Wurst	aa85edd224	increase token column width add some range to time() assertions	10 years ago
Christoph Wurst	8cc5f6036f	Fix existing tests	10 years ago
Thomas Müller	9c9fec36dd	Add occ commands to enable and disable a user + a disabled user can no longer login - fixes #23838	10 years ago
Lukas Reschke	836e96a95e	Assign DB group for unit tests	10 years ago
Lukas Reschke	fec41e7539	Move regeneration of session ID into session classes There were code paths that nowadays call ISession::login directly thus bypassing the desired regeneration of the session ID. This moves the session regeneration deeper into the session handling and thus ensures that it is always called. Furthermore, I also added the session regeneration to the remember me cookie plus added some test case expectations for this.	10 years ago
Lukas Reschke	36ce254ffd	Move dummy backend to Tests namespace	10 years ago
Bernhard Posselt	0f535e3866	fix tests	11 years ago
Bernhard Posselt	0939c3147e	use two tests instead of one	11 years ago
Bernhard Posselt	236632702c	add a isLoggedIn method to the usersession and deprecate the isLoggedIn method on the api	11 years ago
Bernhard Posselt	8a58ff0fdf	fix tests	11 years ago
Bernhard Posselt	8689fe1a2e	use two tests instead of one	11 years ago
Bernhard Posselt	9ae48e184b	add a isLoggedIn method to the usersession and deprecate the isLoggedIn method on the api	11 years ago
Morris Jobke	0d4f0ab871	reduce OC_Preferences, OC_Config and \OCP\Config usage * files_encryption * files_versions * files_trashbin * tests * status.php * core * server container	11 years ago
Joas Schilling	6202ca33ba	Make remaining files extend the test base	11 years ago
Robin Appelman	7dd4314fea	Add unit test	11 years ago

32 Commits (dfd8125aeb4a95df20041890dcffd50ba2592fee)