mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
38,355 Commits 349 Branches 696 Tags 1.6 GiB
Commit Graph

119 Commits

Author SHA1 Message Date
Joas Schilling a3922bbcdc
Better validation of allowed user names 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-04-18 14:29:34 +02:00
Roeland Jago Douma f40b9fa9bd Merge pull request #4330 from nextcloud/activities-for-password-mail-change 
Add activities when email or password is changed
 2017-04-14 08:16:43 +02:00
Morris Jobke d36751ee38 Merge pull request #2424 from nextcloud/fix-login-controller-test-consolidate-login 
Fix login controller test and consolidate login
 2017-04-13 12:16:38 -05:00
Morris Jobke ac05d6dd67
Improve PHPDoc 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-04-13 12:16:12 -05:00
Joas Schilling 1110b51aa3
Allow to read the old email on the hook as well 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-04-13 12:34:02 +02:00
Joas Schilling 7ad791efb4
Dont create a log entry on email login 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-04-07 10:15:20 +02:00
Arthur Schiwon fbadb37b9b
use known LockdownManager 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2017-04-06 15:27:30 +02:00
Arthur Schiwon 0a463e55ae
Save correct login name 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2017-04-06 15:22:43 +02:00
Arthur Schiwon daf9d23547
don't regenerate Session ID twice, also fixes tests 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2017-04-06 15:22:43 +02:00
Arthur Schiwon 50844e8c47
regenerate session id on successful login, fixes integration test 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2017-04-06 15:22:43 +02:00
Arthur Schiwon 7b3fdfeeaa
do login routine only once when done via LoginController 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2017-04-06 15:22:42 +02:00
Robin Appelman baec42e80a
Save the scope of an auth token in the session 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-04-05 17:58:33 +02:00
Robin Appelman 0aeb595784
user ids are strings 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-03-30 12:24:46 +02:00
Morris Jobke d197f609a8 Merge pull request #3889 from nextcloud/downstream-26950 
Sharing dialog: make autocomplete sorting case insensitive
 2017-03-23 23:45:28 -06:00
Morris Jobke dbaebc53b0
fix sorting in the backend 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-03-23 15:41:25 -06:00
Joas Schilling 257fbd85eb Merge pull request #3929 from nextcloud/downstream-27068 
cache loadUser if not exists
 2017-03-20 12:44:54 +01:00
Vincent Petry aacfef463c
Add tests for database user backend caching 
Add comment, closeCursor in user DB query

Invalidate user in cache after successful creation

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-03-20 02:03:03 -06:00
Jörn Friedrich Dreyer 592c04a9db
cache loadUser if not exists 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-03-20 02:01:41 -06:00
Felix Rupp e7dc1f4326
Add postLogout hook to finish sessions from external session managers (#27048) 
* Add postLogout hook to finish sessions from external session managers like CAS

* Add postLogout hook to finish sessions from external session managers like CAS

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-03-19 23:00:12 -06:00
Lukas Reschke d134dea508
Don't call function in constructor 
The constructor is iniitiated already very early in base.php, thus requiring this here will break the setup and some more. For now we probably have to live with a static function call here thus.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-03-16 21:59:47 +01:00
Lukas Reschke 085891a15d
Escape like parameters in database user backend 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-03-15 22:46:40 +01:00
Morris Jobke a5ba1f7803
Remove legacy class OC_Group and OC_User 
* basically a straight replacement of the wrapped code at the calling code parts

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-03-09 17:35:09 -06:00
blizzz 19fc68cbdc Merge pull request #2606 from temparus/master 
Add preLoginValidation hook
 2017-02-15 21:47:47 +01:00
Morris Jobke dfaaebd765 Merge pull request #3417 from nextcloud/push-notification 
Push notification
 2017-02-10 16:00:47 -06:00
Joas Schilling 7c47f822a1
Save the used token id in the session so it can be used later on 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-02-09 15:02:59 +01:00
Robin Appelman fa49c4a13b
Add a single public api for resolving a cloud id to a user and remote and back 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2017-02-08 15:17:02 +01:00
Sandro Lutz 9b6f99ab08 Update license header 
Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
 2017-02-07 01:25:39 +01:00
Sandro Lutz fa1d607bfa Merge remote-tracking branch 'nextcloud/master' 
Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
 2017-02-07 00:15:30 +01:00
Sandro Lutz 6feff0ceba Add check if UserManager is of type PublicEmitter before calling preLogin hook 
Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
 2017-02-01 21:53:50 +01:00
Sandro Lutz e30d28f7eb Change where preLogin hook gets called 
Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
 2017-02-01 21:53:42 +01:00
Morris Jobke a4ad8af6e3
Add proper default value for datadir 
* better safe than sorry
* fixes #3091

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-01-19 19:49:41 -06:00
Bjoern Schiessle cdf01feba7
add action to existing brute force protection 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2017-01-18 15:25:16 +01:00
Loki3000 8ab16f87ac spaces added 2017-01-10 16:44:14 +03:00
Loki3000 5c77923360 allowed '0' uid 2017-01-10 16:39:10 +03:00
Loki3000 b0ff59d42f remove non required db requests 2017-01-10 13:09:33 +03:00
Loki3000 135198bf0d Default value for null user 
For guest users on every request executes query:
SELECT `uid`, `displayname` FROM `users` WHERE LOWER(`uid`) = LOWER(null)
as I see, uid can't be equal to null by design.
 2017-01-09 23:34:23 +03:00
Joas Schilling 5aa388bbe2
Make sure the loginname is set when logging in via cookie 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-01-05 12:17:30 +01:00
Vincent Petry 91cd57e55b
Get user home folder before deletion 
After the deletion getHome() will fail because the user doesn't exist
any more, so we need to fetch that value earlier.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-12-23 12:42:31 +01:00
Roeland Jago Douma e368a745aa
Set last-login-check on basic auth 
Else the last-login-check fails hard because the session value is not
set and thus defaults to 0.

* Started with tests

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-12-05 20:57:15 +01:00
Christoph Wurst 9b808c4014 do not remember session tokens by default 
We have to respect the value of the remember-me checkbox. Due to an error
in the source code the default value for the session token was to remember
it.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2016-11-27 14:03:28 +01:00
Robin Appelman 0e88b519d1
fix warning with token login 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2016-11-16 16:33:56 +01:00
Robin Appelman 2389e0f250
read lockdown scope from token 
Signed-off-by: Robin Appelman <icewind@owncloud.com>
 2016-11-16 15:24:27 +01:00
Robin Appelman b56f2c9ed0
basic lockdown logic 
Signed-off-by: Robin Appelman <icewind@owncloud.com>
 2016-11-16 15:24:23 +01:00
Roeland Jago Douma f07d75a4dd
@since 9.2.0 to @since 11.0.0 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-11-15 18:51:52 +01:00
Thomas Müller 506ccdbd8d
Introduce an event for first time login based on the last login time stamp 
Use firstLogin event to trigger creation of default calendar and default address book

Delay login of admin user after setup so that firstLogin event can properly be processed for the admin

Fixing tests ...

Skeleton files are not copied over -> only 3 cache entries are remaining

Use updateLastLoginTimestamp to properly setup lastLogin value for a test user
 2016-11-14 14:50:10 +01:00
Christoph Wurst 6f86e468d4
inject ISecureRandom into user session and use injected config too 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2016-11-02 13:39:16 +01:00
Christoph Wurst d907666232
bring back remember-me 
* try to reuse the old session token for remember me login
* decrypt/encrypt token password and set the session id accordingly
* create remember-me cookies only if checkbox is checked and 2fa solved
* adjust db token cleanup to store remembered tokens longer
* adjust unit tests

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2016-11-02 13:39:16 +01:00
Roeland Jago Douma f722640a32
Proper DI of config 
* Fixed comments

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-10-28 10:13:35 +02:00
Jörn Friedrich Dreyer f8352fcb8d
introduce callForSeenUsers and countSeenUsers (#26361) 
* introduce callForSeenUsers and countSeenUsers

* add tests

* oracle should support not null on clob

* since 9.2.0
 2016-10-28 08:44:05 +02:00
Vincent Petry 6d1e858aa4
Fix logClientIn for non-existing users (#26292) 
The check for two factor enforcement would return true for non-existing
users. This fix makes it return false in order to be able to perform
the regular login which will then fail and return false.

This prevents throwing PasswordLoginForbidden for non-existing users.
 2016-10-25 09:34:27 +02:00