nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Lukas Reschke	0bccd5a0d9	Fix "Uninitialized string offset: 0 at \/media\/psf\/stable9\/lib\/private\/URLGenerator.php#224" The URLGenerator doesn't support `` as target for absolute URLs, we need to link to `/` thus. Regression introduced with `46229a00f3` Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	8 years ago
Morris Jobke	504c1abee0	Fix undefined index oauthState Signed-off-by: Morris Jobke <hey@morrisjobke.de>	8 years ago
Joas Schilling	6dbb64c4a2	Merge setMetaData into constructor This ensures that the meta data is set in the beginning Signed-off-by: Joas Schilling <coding@schilljs.com>	8 years ago
Morris Jobke	0326c2c54f	Fix broken tests Signed-off-by: Morris Jobke <hey@morrisjobke.de>	8 years ago
Julius Härtl	46229a00f3	Add rich link preview to the login page Signed-off-by: Julius Härtl <jus@bitgrid.net>	8 years ago
Joas Schilling	0aff1c9268	Return the user id in case of an error Signed-off-by: Joas Schilling <coding@schilljs.com>	8 years ago
Christoph Wurst	6676232a56	Allow 2FA providers to specify their custom CSP Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	8 years ago
Joas Schilling	6a130d01e7	Also for reset password Signed-off-by: Joas Schilling <coding@schilljs.com>	8 years ago
Lukas Reschke	2e4cd44556	Inject \OCP\IURLGenerator to make tests work Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	8 years ago
Joas Schilling	d5c6d56170	No password reset for disabled users Signed-off-by: Joas Schilling <coding@schilljs.com>	8 years ago
Lukas Reschke	a04feff9a7	Properly allow \OCP\Authentication\IApacheBackend to specify logout URL Any `\OCP\Authentication\IApacheBackend` previously had to implement `getLogoutAttribute` which returns a string. This string is directly injected into the logout `<a>` tag, so returning something like `href="foo"` would result in `<a href="foo">`. This is rather error prone and also in Nextcloud 12 broken as the logout entry has been moved with `054e161eb5` inside the navigation manager where one cannot simply inject attributes. Thus this feature is broken in Nextcloud 12 which effectively leads to the bug described at nextcloud/user_saml#112, people cannot logout anymore when using SAML using SLO. Basically in case of SAML you have a SLO url which redirects you to the IdP and properly logs you out there as well. Instead of monkey patching the Navigation manager I decided to instead change `\OCP\Authentication\IApacheBackend` to use `\OCP\Authentication\IApacheBackend::getLogoutUrl` instead where it can return a string with the appropriate logout URL. Since this functionality is only prominently used in the SAML plugin. Any custom app would need a small change but I'm not aware of any and there's simply no way to fix this properly otherwise. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	8 years ago
Roeland Jago Douma	75771a108b	Fix OCSController Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	9 years ago
Roeland Jago Douma	e945f2bc3a	Fix ContactsMenuController Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	9 years ago
Roeland Jago Douma	aa6d8fcdbf	Fix AvatarController Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	9 years ago
Lukas Reschke	f22ab3e665	Add metadata to \OCP\AppFramework\Http\Response::throttle Fixes https://github.com/nextcloud/server/issues/5891 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Morris Jobke	188b87e03b	Cleanup legacy user class from unused methods Signed-off-by: Morris Jobke <hey@morrisjobke.de>	9 years ago
Julius Härtl	51a0741005	Add public capabilities API Signed-off-by: Julius Härtl <jus@bitgrid.net>	9 years ago
Lukas Reschke	2f87fb6b45	Add Clear-Site-Data header This adds a Clear-Site-Data header to the logout response which will delete all relevant data in the caches which may contain potentially sensitive content. See https://w3c.github.io/webappsec-clear-site-data/#header for the definition of the types. Ref https://twitter.com/mikewest/status/877149667909406723 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Lukas Reschke	26ee889fec	Add tests for ClientFlowLoginController Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Lukas Reschke	b07a0f51ba	Add OAuth state to session Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Bjoern Schiessle	23b296b66e	use name of oauth app to identify auth token Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	9 years ago
Bjoern Schiessle	a74d67b69c	show error page if no valid client identifier is given and if it is not a API request Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	9 years ago
Lukas Reschke	e86749121c	Remove special characters Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Lukas Reschke	5f71805c35	Add basic implementation for OAuth 2.0 Authorization Code Flow Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Joas Schilling	0828df5ed4	Disable the API endpoints as well Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Ujjwal Bhardwaj	7c23414eef	Disable reset password link. Issue: #27440	9 years ago
Joas Schilling	d418ea550b	Automatic injection for CssController Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Joas Schilling	9c8fe82000	Automatic injection for JsController Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Mario Danic	e4aac15a92	Update login flow redirection Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Morris Jobke	23cc309606	Handle more error cases Signed-off-by: Morris Jobke <hey@morrisjobke.de>	9 years ago
Georg Ehrke	60f9ed6241	add contactsmenu popover Signed-off-by: Georg Ehrke <developer@georgehrke.com>	9 years ago
Christoph Wurst	36cee1f386	Let apps register contact menu provider via info.xml Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	9 years ago
Christoph Wurst	d091793ceb	Contacts menu * load list of contacts from the server * show last message of each contact Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	9 years ago
Roeland Jago Douma	aae079aa29	AppToken to 72 chars Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	9 years ago
Roeland Jago Douma	bb5e5efa6d	Do not remove the state token to early we should check the stateToken before we remove it. Else the check will always fail. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	9 years ago
Lukas Reschke	6a16df7288	Add new auth flow This implements the basics for the new app-password based authentication flow for our clients. The current implementation tries to keep it as simple as possible and works the following way: 1. Unauthenticated client opens `/index.php/login/flow` 2. User will be asked whether they want to grant access to the client 3. If accepted the user has the chance to do so using existing App Token or automatically generate an app password. If the user chooses to use an existing app token then that one will simply be redirected to the `nc://` protocol handler. While we can improve on that in the future, I think keeping this smaller at the moment has its advantages. Also, in the near future we have to think about an automatic migration endpoint so there's that anyways :-) If the user chooses to use the regular login the following happens: 1. A session state token is written to the session 2. User is redirected to the login page 3. If successfully authenticated they will be redirected to a page redirecting to the POST controller 4. The POST controller will check if the CSRF token as well as the state token is correct, if yes the user will be redirected to the `nc://` protocol handler. This approach is quite simple but also allows to be extended in the future. One could for example allow external websites to consume this authentication endpoint as well. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Christoph Wurst	bb1d191f82	Fix remember redirect_url on failed login attempts Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	9 years ago
Morris Jobke	c54a59d51e	Remove unused use statements Signed-off-by: Morris Jobke <hey@morrisjobke.de>	9 years ago
Lukas Reschke	d0d34d308a	Add at most 10 password reset requests per 5 minutes and IP range Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Lukas Reschke	c1b8f152d8	Add rate limit to TOTP solve challenge controller Fixes https://github.com/nextcloud/server/issues/2626 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Morris Jobke	16c4755e03	Rename renderHTML to renderHtml * fixes #4383 * improves consistency Signed-off-by: Morris Jobke <hey@morrisjobke.de>	9 years ago
Lukas Reschke	727688ebd9	Adjust existing bruteforce protection code - Moves code to annotation - Adds the `throttle()` call on the responses on existing annotations Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Lukas Reschke	8149945a91	Make BruteForceProtection annotation more clever This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware. Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Lukas Reschke	66835476b5	Add support for ratelimiting via annotations This allows adding rate limiting via annotations to controllers, as one example: ``` @UserRateThrottle(limit=5, period=100) @AnonRateThrottle(limit=1, period=100) ``` Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Morris Jobke	1f962f9115	Update email template for lost password email Signed-off-by: Morris Jobke <hey@morrisjobke.de>	9 years ago
Morris Jobke	5b4adf66e5	Move OC_Defaults to OCP\Defaults * currently there are two ways to access default values: OCP\Defaults or OC_Defaults (which is extended by OCA\Theming\ThemingDefaults) * our code used a mixture of both of them, which made it hard to work on theme values * this extended the public interface with the missing methods and uses them everywhere to only rely on the public interface Signed-off-by: Morris Jobke <hey@morrisjobke.de>	9 years ago
Joas Schilling	7ad791efb4	Dont create a log entry on email login Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Arthur Schiwon	7b3fdfeeaa	do login routine only once when done via LoginController Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	9 years ago
Arthur Schiwon	2994cbc586	fix login controller tests Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	9 years ago
Morris Jobke	9813023aab	Fix gzip files for Safari * Safari support gzip only if the filename does not end on .gz - so this renames them to .gzip Signed-off-by: Morris Jobke <hey@morrisjobke.de>	9 years ago

1 2 3 4

197 Commits (ea3ac4e656408cd564a91ae6916bd7d65c19e922)