Lukas Reschke
ba4f12baa0
Implement brute force protection
...
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.
It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
2016-07-20 22:08:56 +02:00
Bjoern Schiessle
dc53788711
remove unused parameter
2016-07-14 16:39:48 +02:00
Lukas Reschke
7a9d60d87e
Merge remote-tracking branch 'upstream/master' into master-upstream-sync
2016-06-26 12:55:05 +02:00
Georg Ehrke
1452b74de7
Contacts API: replace raw image data with url ( #25081 )
...
* add uri to AddressBookImpl array
* Introduce ImageExportPlugin for CardDav
* add plugin to v1 routes
* replace binary contact photo with link
* update tests
* Adding unit tests
2016-06-21 15:25:44 +02:00
Arthur Schiwon
42c66efea5
Merge branch 'master' of https://github.com/owncloud/core into downstream-160611
2016-06-11 15:34:43 +02:00
Bjoern Schiessle
66d853680c
block webdav access if share is not readable
2016-06-09 15:15:17 +02:00
Roeland Jago Douma
1b5368bbaf
Wrap publicwebdav in sharePermission mask
...
Fixes #24868
The writable mask was a bit misleading. We should wrap with the
sharepermissions (as they are used everywhere else). The
PERMISSIONS_SHARE are added since that is required for the public link
check plugin.
2016-06-06 14:39:02 +02:00
Christoph Wurst
da03a85c3c
block DAV if 2FA challenge needs to be solved first
2016-06-01 10:42:38 +02:00
Lukas Reschke
aba539703c
Update license headers
2016-05-26 19:57:24 +02:00
Björn Schießle
e10105474f
move federated sharing settings to the federatedfilesharing app
2016-04-22 14:55:40 +02:00
Thomas Müller
85d809c0d3
Merge pull request #23268 from owncloud/range-requests-should-not-block-the-session
...
Close session for publicwebdav
2016-04-18 09:23:39 +02:00
Roeland Jago Douma
375f6fcab1
Move public webdav auth over to share manager
...
The public webdav auth should use the shiny new share manager.
2016-04-08 14:17:13 +02:00
Vincent Petry
262547ba3d
Return 401 DummyBasicAuth in case of ajax call
2016-03-31 19:31:31 +02:00
Thomas Müller
06e8c70400
Fix acls for calendar objects and cards - fixes #23273
2016-03-24 09:53:36 +01:00
Thomas Müller
7d638fdb34
In debugging mode we enable Sabre's browser plugin since it helps a lot when debugging
2016-03-17 16:51:19 +01:00
Lukas Reschke
7183854509
Close session for publicwebdav
...
We need to close the session otherwise streaming will lead to a blocked ownCloud.
2016-03-15 16:08:55 +01:00
Lukas Reschke
933f60e314
Update author information
...
Probably nice for the people that contributed to 9.0 to see themselves in the AUTHORS file :)
2016-03-01 17:25:15 +01:00
Joas Schilling
b216be8cca
Add correct principals for the current user before ACL check
2016-02-19 12:35:33 +01:00
Lukas Reschke
9b3c4e8dc4
Require CSRF token for non WebDAV authenticated requests
2016-02-18 11:18:36 +01:00
Robin Appelman
fd9166488b
Check that the owner of a link share still has share permissions on access
2016-02-09 15:02:34 +01:00
Thomas Müller
0c9a469f74
Adding pre oc 9.0 CalDAV endpoint for migration of old clients
2016-02-08 10:52:30 +01:00
Thomas Müller
cca2ade199
Adding pre oc 9.0 CardDAV endpoint for migration of old clients
2016-02-08 10:52:30 +01:00
Joas Schilling
3bdcfef395
Remove the listener plugin
2016-01-13 10:33:08 +01:00
Thomas Müller
682821c71e
Happy new year!
2016-01-12 15:02:18 +01:00
Lukas Reschke
a3fc40921b
Add fake locker plugin for WebDAVFS
...
WebDAVFS as used by Finder requires a Class 2 compatible WebDAV server. This change introduces a fake locking provider which will simply advertise Locking support when a request originates from WebDAVFS. It will also return successful LOCK and UNLOCK responses.
2015-11-13 23:31:08 +01:00
Lukas Reschke
cddc9abc06
Add tests for Sabre Auth plugin + make getCurrentUser compatible
2015-10-23 17:30:47 +02:00
Roeland Jago Douma
ca27024fa2
Fix webdav access
...
* Correct namespace
* Pass the EventDispatcher to the webDAV server
2015-10-16 13:17:12 +02:00
Thomas Müller
f2889dc6e4
Consolidate webdav code - move all to one app
2015-10-16 13:17:12 +02:00