nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Jenkins for ownCloud	b585d87d9d	Update license headers	10 years ago
Lukas Reschke	e77d2ff2b4	Remove outdated comment	10 years ago
Lukas Reschke	bf9030e874	Drop example user backend We already provide an interface for application developers, this file is outdated and thus should get removed. Addresses No. 3 from https://github.com/owncloud/core/issues/14847	10 years ago
Lukas Reschke	38fec9b095	Can also be null If the user does not exist this returns null and can lead to nasty bugs since the IDE is not indicating this...	10 years ago
Lukas Reschke	93a303970f	Remove OC_User_HTTP Addresses No. 1 from https://github.com/owncloud/core/issues/14847	10 years ago
Lukas Reschke	bbd5f28415	Let users configure security headers in their Webserver Doing this in the PHP code is not the right approach for multiple reasons: 1. A bug in the PHP code prevents them from being added to the response. 2. They are only added when something is served via PHP and not in other cases (that makes for example the newest IE UXSS which is not yet patched by Microsoft exploitable on ownCloud) 3. Some headers such as the Strict-Transport-Security might require custom modifications by administrators. This was not possible before and lead to buggy situations. This pull request moves those headers out of the PHP code and adds a security check to the admin settings performed via JS.	10 years ago
Morris Jobke	06aef4e8b1	Revert "Updating license headers" This reverts commit `6a1a4880f0`.	10 years ago
Lukas Reschke	165afb004b	Use getRemoteAddress which supports reverse proxies Breaking change for 8.1 wiki (Security > Administrators): The log format for failed logins has changed and uses now the remote address and is considering reverse proxies for such scenarios when configured correctly.	10 years ago
Jenkins for ownCloud	6a1a4880f0	Updating license headers	10 years ago
Robin Appelman	8eda661761	Throw an exception when login is canceled by an app	10 years ago
Lukas Reschke	a2e355a7fe	Use "HTTPOnly" for cookies when logging out This has no other reason than preventing some insane automated scanners from reporting this as security bug (which it obviously isn't as the cookie contains nothing of value) Thus it generally results in an happier Lukas and hopefully less reports to our support and security mail addresses...	10 years ago
Robin Appelman	857695ec87	Return false if the login is canceled in a hook	10 years ago
Lukas Reschke	dbbf568192	Fix typo	10 years ago
Lukas Reschke	a022e65285	Clarify return values This function returns `null` when no user is logged-in.	10 years ago
Morris Jobke	6da33e1ea7	introduce names for user backends - IUserBackend * LDAP with multiple servers also proved backendName	10 years ago
Lukas Reschke	e3230b5bc2	Add ultra-slim hack for incognito mode As discussed at https://github.com/owncloud/core/pull/12912#issuecomment-67391155	10 years ago
Bernhard Posselt	236632702c	add a isLoggedIn method to the usersession and deprecate the isLoggedIn method on the api	10 years ago
Lukas Reschke	f6820406b6	Move the Null-Byte LDAP check to the user manager The existing method is deprecated and just a wrapper around the manager method. Since in the future other code paths might call this function instead we need to perform that check here. Related to http://owncloud.org/security/advisory/?id=oc-sa-2014-020	10 years ago
Bernhard Posselt	9ae48e184b	add a isLoggedIn method to the usersession and deprecate the isLoggedIn method on the api	10 years ago
Lukas Reschke	d0716d2c7d	Use public interface	10 years ago
Lukas Reschke	5dc6406b70	Add filter for 'backend' to user REST route This adds a "backend" type filter to the index REST route which is a pre-requisite for https://github.com/owncloud/core/issues/12620 For example when calling `index.php/settings/users/users?offset=0&limit=10&gid=&pattern=&backend=OC_User_Database` only users within the backend `OC_User_Database` would be shown. (requires sending a CSRF token as well) Depends upon https://github.com/owncloud/core/pull/12711	10 years ago
Lukas Reschke	4c13918bd8	Expose backend type via REST API This change will expose the user backend via the REST API which is a pre-requisite for https://github.com/owncloud/core/issues/12620. For example: ````json [{"name":"9707A09E-CA9A-4ABE-A66A-3F632F16C409","displayname":"Document Conversion User Account","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/9707A09E-CA9A-4ABE-A66A-3F632F16C409","lastLogin":0,"backend":"OCA\\user_ldap\\USER_LDAP"},{"name":"ED86733E-745C-4E4D-90CB-278A9737DB3C","displayname":"Hacker","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/ED86733E-745C-4E4D-90CB-278A9737DB3C","lastLogin":0,"backend":"OCA\\user_ldap\\USER_LDAP"},{"name":"71CDF45B-E125-450D-983C-D9192F36EC88","displayname":"admin","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/71CDF45B-E125-450D-983C-D9192F36EC88","lastLogin":0,"backend":"OCA\\user_ldap\\USER_LDAP"},{"name":"admin","displayname":"admin","groups":["admin"],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/admin","lastLogin":"1418057287","backend":"OC_User_Database"},{"name":"test","displayname":"test","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/test","lastLogin":0,"backend":"OC_User_Database"}] ```	10 years ago
Morris Jobke	0d4f0ab871	reduce OC_Preferences, OC_Config and \OCP\Config usage * files_encryption * files_versions * files_trashbin * tests * status.php * core * server container	10 years ago
Morris Jobke	a9e411e076	migrate \OC\AllConfig to \OCP\IConfig	10 years ago
Lukas Reschke	fe7d9a7ca0	Add REST route for user & group management First step of a somewhat testable user management. - I know, the JSON returns are in an ugly format but the JS expects it that way. So let's keep it that way until we have time to fix the JS in the future.	10 years ago
Joas Schilling	0ed86c0993	Move OC_USER_BACKEND_* constants to OC_User_Backend class	10 years ago
Thomas Müller	5097d4dc05	remove deprecated \OC:$session	10 years ago
michag86	7e70c4ee95	removal of wrong/double implemented check Check already implemented in core/settings/ajax/changedisplayname.php	10 years ago
Robin Appelman	c21d1da01a	Support displaynames for dummy user backend	11 years ago
Lukas Reschke	c4d7483a0a	Use new hashing API for OC_User_Database This will use the new Hashing API for OC_User_Database and migrate old passwords upon initial login of the user.	11 years ago
Robin Appelman	1eefc21329	Remove confusingly names \OC\User\Manager::delete and fix the automatic cache cleanup instead	11 years ago
Lukas Reschke	770c62c5d8	Clear session after logout Fixes https://github.com/owncloud/core/issues/8420	11 years ago
Bjoern Schiessle	239bff5766	strip whitespace from the beginning and end of the display name to avoid empty display names	11 years ago
Robin Appelman	912fbfab01	Unset the cached active user when using a different session object	11 years ago
Tigran Mkrtchyan	276f50a1ba	user/backed: use pow of two for backed action constants the current implementation limits number of possible backed actions to 8 as it uses pow of 16 for constants. This change introduces pow of two and allows up-to 32 actions to be defined. The old values are preserved for backward compatibility.	11 years ago
Lukas Reschke	6eeb905871	Do only follow HTTP and HTTPS redirects We do not want to follow redirects to other protocols since they might allow an adversary to bypass network restrictions. (i.e. a redirect to ftp:// might be used to access files of a FTP server which might be in a secure zone and not be reachable from the net but from the ownCloud server) Get final redirect manually using get_headers() Migrate to HTTPHelper class and add unit tests	11 years ago
Lukas Reschke	63a90a129b	Use proper RNG generator OC_Util::generateRandomBytes() only returns lowercase alphanumeric values. We should use the new RNG which has a broader characterset.	11 years ago
Robin Appelman	d0266c0bf8	Use public api for getting l10n	11 years ago
Arthur Schiwon	0bb460c9b5	retrieve local users, groups and group members in a sorted way	11 years ago
Jörn Friedrich Dreyer	f551917a3c	kill OC::$session maintain deprecated \OC::$session when getting or setting the session via the server container or UserSession restore order os OC::$session and OC::$CLI remove unneded initialization of dummy session write back session when $useCustomSession is true log warning when deprecated app is used	11 years ago
Lukas Reschke	a82cd1ff67	Fix unit test	11 years ago
Lukas Reschke	5bb4772858	Move authentication failed logging to checkPassword Fixes https://github.com/owncloud/core/issues/10366	11 years ago
Joas Schilling	4865c52aa6	Fix isLoggedIn() check for user '0' Fix #9972	11 years ago
Thomas Müller	a8b6cc6a07	- adding default value for $recoveryPassword - set password correctly in lost password	11 years ago
Robin Appelman	20c1ce7f47	Add public interfaces for User, UserManager and UserSession	11 years ago
Arthur Schiwon	16275eca84	loop over usernames, not passwords	11 years ago
Arthur Schiwon	f3ecf819ec	extend Dummy user and group implementation to pass tests	11 years ago
Arthur Schiwon	01a012980a	search term for users and groups may occur anywhere in the name or displayname, not just in the beginning	11 years ago
Arthur Schiwon	e235de98e6	this line was lost on rebase	11 years ago
Arthur Schiwon	b15a5a7ca0	undo lastLogin changes in base and user/user as this has now been properly done in #8681	11 years ago

1 2 3

111 Commits (f4dc9e6bf3bf1db1712fde818b5df64516763ce6)