3da6b3b533
Merge pull request #11229 from kofemann/for-upstream
...
user/backed: use pow of two for backed action constants
2014-09-24 15:19:11 +02:00
276f50a1ba
user/backed: use pow of two for backed action constants
...
the current implementation limits number of possible backed actions
to 8 as it uses pow of 16 for constants. This change introduces pow
of two and allows up-to 32 actions to be defined.
The old values are preserved for backward compatibility.
2014-09-23 15:18:01 +02:00
6eeb905871
Do only follow HTTP and HTTPS redirects
...
We do not want to follow redirects to other protocols since they might allow an adversary to bypass network restrictions. (i.e. a redirect to ftp:// might be used to access files of a FTP server which might be in a secure zone and not be reachable from the net but from the ownCloud server)
Get final redirect manually using get_headers()
Migrate to HTTPHelper class and add unit tests
2014-09-22 20:02:32 +02:00
63a90a129b
Use proper RNG generator
...
OC_Util::generateRandomBytes() only returns lowercase alphanumeric values.
We should use the new RNG which has a broader characterset.
2014-09-03 17:46:48 +02:00
d0266c0bf8
Use public api for getting l10n
2014-08-31 10:08:22 +02:00
0bb460c9b5
retrieve local users, groups and group members in a sorted way
2014-08-29 15:17:37 +02:00
f551917a3c
kill OC::$session
...
maintain deprecated \OC::$session when getting or setting the session via the server container or UserSession
restore order os OC::$session and OC::$CLI
remove unneded initialization of dummy session
write back session when $useCustomSession is true
log warning when deprecated app is used
2014-08-29 10:22:21 +02:00
a82cd1ff67
Fix unit test
2014-08-15 14:15:27 +02:00
5bb4772858
Move authentication failed logging to checkPassword
...
Fixes https://github.com/owncloud/core/issues/10366
2014-08-15 12:13:00 +02:00
a72dae6842
Merge pull request #10144 from owncloud/issue/9972
...
Issue/9972 Fix issues with group and username `0`
2014-08-06 09:53:13 +02:00
4865c52aa6
Fix isLoggedIn() check for user '0'
...
Fix #9972
2014-08-04 15:53:55 +02:00
a8b6cc6a07
- adding default value for $recoveryPassword
...
- set password correctly in lost password
2014-07-24 12:50:39 +02:00
20c1ce7f47
Add public interfaces for User, UserManager and UserSession
2014-07-14 15:10:51 +02:00
16275eca84
loop over usernames, not passwords
2014-06-30 20:43:50 +02:00
f3ecf819ec
extend Dummy user and group implementation to pass tests
2014-06-25 13:13:53 +02:00
01a012980a
search term for users and groups may occur anywhere in the name or displayname, not just in the beginning
2014-06-23 12:03:09 +02:00
4a4ea67a31
drop superflous statement in phpdoc
2014-05-26 13:56:08 +02:00
748a219243
add preRememberedLogin hook and document this and postRememberedLogin in class descripttion. Also fixes documentation of postLogin hook
2014-05-26 13:53:26 +02:00
2e85d5a852
increase scrutinizer happyiness by removing minor/informational issues
2014-05-23 11:20:46 +02:00
2c89962919
clean up tryRememberLogin and save the timestamp of users last login
2014-05-21 18:03:37 +02:00
dc36d30953
Remove all occurences of @brief and @returns from PHPDoc
...
* test case added to avoid adding them later
2014-05-19 17:50:53 +02:00
804020bb6d
Merge pull request #7363 from owncloud/optimize-startup-queries
...
Optimize some queries that are always executed when loading base.php
2014-05-19 01:21:37 +02:00
bac8962bbc
Fix Scrutinizer errors
2014-05-13 19:08:14 +01:00
8ab01599a9
Use OC_User_Interface instead of OC_User_Backend
2014-05-13 19:08:14 +01:00
87b548ed91
Fix all PHPDoc types and variable names, in /lib
2014-05-13 19:08:14 +01:00
a7ae2e874a
Squash 'a | b' into 'a|b', in /lib
2014-05-13 19:08:14 +01:00
b5bc37d2e4
Fix @return array PHPDocs, in /lib
2014-05-13 19:08:14 +01:00
b653ad164b
Replace @returns with @return, in /lib
2014-05-13 19:08:14 +01:00
f569c721a6
Merge branch 'master' into optimize-startup-queries
...
Conflicts:
apps/files_sharing/lib/sharedstorage.php
tests/lib/group/manager.php
removed hasFilesSharedWith from lib/public/share.php and
sharedstorage.php to fix merge
2014-05-07 17:54:38 +02:00
c4109d9aef
Use strict type comparison
...
We certainly don't want to have type juggling on that.
2014-05-07 15:11:42 +02:00
45e42c25de
Group Database backend must not gather user details itself but ask user
...
backends. This is a port to master from PR #7745
remove OC_GROUP_BACKEND_GET_DISPLAYNAME option for group backends
Conflicts:
lib/private/group/backend.php
LDAP: getDisplayNamesInGroup is not an option for group backends anymore
Conflicts:
apps/user_ldap/group_ldap.php
apps/user_ldap/group_proxy.php
clean up group backends
Conflicts:
lib/private/group/database.php
remove now unnecessary test
implement getDisplayNames in group manager
adjust user manager tests
test for group manager's displayNamesInGroup
trim must not be used in empty in PHP < 5.5
keep the constant to not provoke PHP warnings
Conflicts:
lib/private/group/backend.php
2014-04-28 13:49:56 +02:00
535e6ff71f
Merge pull request #7617 from nishiki/cache_user
...
Cache user
2014-04-23 12:32:30 +02:00
707658c00a
Merge pull request #8205 from owncloud/fix-8202
...
Add one more LOWER.
2014-04-17 16:10:33 +02:00
64679b2e62
Remove limit and offset manipulation when getting users or groups, because it does not work when more than one user or group backend. Fixing it would be too costly performancewise, so we switch back to the model used in OC 5: limit and offset are effective per backend, and not a general constraint
2014-04-15 17:46:48 +02:00
91d40f5033
remove unneeded LOWER. Fixes #8202
2014-04-14 22:19:21 +03:00
a4f42676ea
Make hardcoded exception messages translatable
2014-04-08 20:07:25 +02:00
0da61a26ee
remove cache all user
2014-03-21 15:50:25 +01:00
ea6f8ba352
fix remove cache when delete
2014-03-11 16:58:10 +01:00
f827761e71
remove static variable, add limit and offset
2014-03-11 11:56:46 +01:00
415b1d03bc
fix cache when remove an user
2014-03-10 17:27:51 +01:00
ba9d8f7c1a
fix undifined uid
2014-03-09 12:47:19 +01:00
75011c2e09
add query result (boolean) for update or delete
2014-03-09 12:22:47 +01:00
d8843f6cd3
minor clean code
2014-03-09 12:01:35 +01:00
fbde24c89a
fix undefined in loadUsers
2014-03-07 08:46:34 +01:00
5cdfc56867
update the cache when add user
2014-03-06 22:34:43 +01:00
dde4f2f917
upgrade the cache user
2014-03-06 22:23:17 +01:00
08a46e3080
add cache for single users
2014-03-06 17:57:09 +01:00
f4f72e77d8
Delay fetching the display name until it is requested
2014-02-21 23:07:35 +01:00
f7fa8662e2
Remove `session_id_regenerate` from here
...
Jenkins somewhat complains that there are already sent headers.
2014-02-21 08:12:45 +01:00
0241ddc759
Merge pull request #6519 from nhirokinet/master
...
Security Update: session fixation
2014-02-20 14:28:26 +01:00
adaee6a5a1
Scrutinizer Auto-Fixes
...
This patch was automatically generated as part of the following inspection:
https://scrutinizer-ci.com/g/owncloud/core/inspections/cdfecc4e-a37e-4233-8025-f0d7252a8720
Enabled analysis tools:
- PHP Analyzer
- JSHint
- PHP Copy/Paste Detector
- PHP PDepend
2014-02-19 09:31:54 +01:00
2a6a9a8cef
polish documentation based on scrutinizer patches
2014-02-06 17:02:21 +01:00
9b7c3a5c66
fixing PHPDoc and use cameCase names
2014-01-09 10:27:47 +01:00
4585b4ea3f
Infowarning about 32bit
2014-01-08 19:41:10 +01:00
d7cb5ab080
add tests for user counting
2014-01-08 13:26:48 +01:00
cb6a3e2617
if backends have the same class name, sum their users up instead of overwriting
2014-01-08 13:24:28 +01:00
1e1ced7772
Introduce user count action to user management
2014-01-07 23:05:37 +01:00
068688063e
Security Update: session fixation
...
Previous version is vulnerable to session fixation attack in some situations, guessing non-apache-module-php5 environment. Regeneration of session id should be done here.
2013-12-20 03:38:51 +09:00
e7a5c90cab
Replace static usage of OC_Config and OC_Preferences with the injected \OC\ConfigAll
2013-12-18 13:03:19 +01:00
a6c1b3ece3
fix the config option to remove the ability for users to set their displayname
2013-12-18 13:03:19 +01:00
91d6a6dd7c
On webdav sesssions, loginname was compared to username which does not need to match necessarily
2013-12-13 16:58:03 +01:00
f23b7a262f
fix fallback overwriting result of getHome
2013-12-12 12:57:25 +01:00
366d75e947
cache the home folder of a User
2013-12-11 16:22:26 +01:00
8ccac86c98
Enable user backends to provide avatar images
2013-11-22 13:25:20 +01:00
013444813e
Now removing stray old cookies from 5.0.12
...
Cookies from 5.0.12 seemed to have an extra slash in the path.
Firefox doesn't allow to remove them if the trailing slash isn't
there,
thus making it impossible to logout correctly.
This fix adds extra code to delete such stray cookies.
Ported from stable5 branch 99e5c6f7eb
2013-11-07 18:49:50 +01:00
f021dad204
remove user from cache if he was deleted successfully
2013-10-29 15:50:33 +01:00
466b6c1ee0
local user backend shall search for both username and displayname, fixes #5401
2013-10-25 21:57:12 +02:00
75588fc0b6
Use strict comparison === instead of ==.
2013-10-08 20:03:16 +02:00
6eab36a89b
Make OC_User_Dummy::checkPassword() compatible with OC_User_Example.
...
The user id has to be returned.
2013-10-08 19:57:37 +02:00
9c9dc276b7
move the private namespace OC into lib/private - OCP will stay in lib/public
...
Conflicts:
lib/private/vcategories.php
2013-09-30 16:36:59 +02:00
Lukas Reschke
Tigran Mkrtchyan
Robin Appelman
Arthur Schiwon
Jörn Friedrich Dreyer
Thomas Müller
Joas Schilling
Morris Jobke
Robin McCorkell
Bart Visscher
Lukas Reschke
Victor Dubiniuk
Volkan Gezer
adrien
nishiki
Scrutinizer Auto-Fixer
NARUKAWA Hiroki
Vincent Petry
Bjoern Schiessle
Andreas Fischer