nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Jenkins for ownCloud	b585d87d9d	Update license headers	10 years ago
Lukas Reschke	bbd5f28415	Let users configure security headers in their Webserver Doing this in the PHP code is not the right approach for multiple reasons: 1. A bug in the PHP code prevents them from being added to the response. 2. They are only added when something is served via PHP and not in other cases (that makes for example the newest IE UXSS which is not yet patched by Microsoft exploitable on ownCloud) 3. Some headers such as the Strict-Transport-Security might require custom modifications by administrators. This was not possible before and lead to buggy situations. This pull request moves those headers out of the PHP code and adds a security check to the admin settings performed via JS.	10 years ago
Morris Jobke	06aef4e8b1	Revert "Updating license headers" This reverts commit `6a1a4880f0`.	10 years ago
Jenkins for ownCloud	6a1a4880f0	Updating license headers	10 years ago
Robin Appelman	8eda661761	Throw an exception when login is canceled by an app	10 years ago
Lukas Reschke	a2e355a7fe	Use "HTTPOnly" for cookies when logging out This has no other reason than preventing some insane automated scanners from reporting this as security bug (which it obviously isn't as the cookie contains nothing of value) Thus it generally results in an happier Lukas and hopefully less reports to our support and security mail addresses...	10 years ago
Robin Appelman	857695ec87	Return false if the login is canceled in a hook	10 years ago
Lukas Reschke	dbbf568192	Fix typo	10 years ago
Lukas Reschke	a022e65285	Clarify return values This function returns `null` when no user is logged-in.	10 years ago
Lukas Reschke	e3230b5bc2	Add ultra-slim hack for incognito mode As discussed at https://github.com/owncloud/core/pull/12912#issuecomment-67391155	10 years ago
Bernhard Posselt	236632702c	add a isLoggedIn method to the usersession and deprecate the isLoggedIn method on the api	10 years ago
Bernhard Posselt	9ae48e184b	add a isLoggedIn method to the usersession and deprecate the isLoggedIn method on the api	10 years ago
Morris Jobke	0d4f0ab871	reduce OC_Preferences, OC_Config and \OCP\Config usage * files_encryption * files_versions * files_trashbin * tests * status.php * core * server container	10 years ago
Thomas Müller	5097d4dc05	remove deprecated \OC:$session	10 years ago
Lukas Reschke	770c62c5d8	Clear session after logout Fixes https://github.com/owncloud/core/issues/8420	11 years ago
Robin Appelman	912fbfab01	Unset the cached active user when using a different session object	11 years ago
Lukas Reschke	63a90a129b	Use proper RNG generator OC_Util::generateRandomBytes() only returns lowercase alphanumeric values. We should use the new RNG which has a broader characterset.	11 years ago
Jörn Friedrich Dreyer	f551917a3c	kill OC::$session maintain deprecated \OC::$session when getting or setting the session via the server container or UserSession restore order os OC::$session and OC::$CLI remove unneded initialization of dummy session write back session when $useCustomSession is true log warning when deprecated app is used	11 years ago
Joas Schilling	4865c52aa6	Fix isLoggedIn() check for user '0' Fix #9972	11 years ago
Robin Appelman	20c1ce7f47	Add public interfaces for User, UserManager and UserSession	11 years ago
Arthur Schiwon	748a219243	add preRememberedLogin hook and document this and postRememberedLogin in class descripttion. Also fixes documentation of postLogin hook	11 years ago
Arthur Schiwon	2c89962919	clean up tryRememberLogin and save the timestamp of users last login	11 years ago
Robin McCorkell	bac8962bbc	Fix Scrutinizer errors	11 years ago
Lukas Reschke	f7fa8662e2	Remove `session_id_regenerate` from here Jenkins somewhat complains that there are already sent headers.	11 years ago
Jörn Friedrich Dreyer	2a6a9a8cef	polish documentation based on scrutinizer patches	11 years ago
Thomas Müller	9b7c3a5c66	fixing PHPDoc and use cameCase names	11 years ago
NARUKAWA Hiroki	068688063e	Security Update: session fixation Previous version is vulnerable to session fixation attack in some situations, guessing non-apache-module-php5 environment. Regeneration of session id should be done here.	11 years ago
Arthur Schiwon	91d6a6dd7c	On webdav sesssions, loginname was compared to username which does not need to match necessarily	11 years ago
Vincent Petry	013444813e	Now removing stray old cookies from 5.0.12 Cookies from 5.0.12 seemed to have an extra slash in the path. Firefox doesn't allow to remove them if the trailing slash isn't there, thus making it impossible to logout correctly. This fix adds extra code to delete such stray cookies. Ported from stable5 branch `99e5c6f7eb`	12 years ago
Thomas Müller	9c9dc276b7	move the private namespace OC into lib/private - OCP will stay in lib/public Conflicts: lib/private/vcategories.php	12 years ago
Arthur Schiwon	d101ff42f1	User: move checkPassword from User to Manager to not break API	12 years ago
Bart Visscher	0c6dcdba6b	Add missing implements and fix parameters in IConfig	12 years ago
Thomas Tanghus	9e9c323acd	Set path in cookie.	12 years ago
Jan-Christoph Borchardt	d70d4f435e	apply @LukasReschke's cookie changes, hopefully finally fix #854	12 years ago
Robin Appelman	eb2a1e0f8a	move phpdoc comments	12 years ago
Robin Appelman	2c69403fd6	fix namespacing error	12 years ago
Florin Peter	b840de4e01	user should set into session before postLogin hook otherwise it will break not only the files_encryption app	12 years ago
Robin Appelman	cdb2f559a8	Fix postLogin hook	12 years ago
Robin Appelman	955bda1842	New user management classes	12 years ago

33 Commits (f4dc9e6bf3bf1db1712fde818b5df64516763ce6)