The current check does not trigger if $request->getRequestUri() does not return index.php as a prefix
(on my config this was occuring using nginx to serve Nextcloud)
Signed-off-by: Vincent Vanackere <vincent.vanackere@trustelem.com>
Single user mode basically disables WebDAV, OCS and cron execution. Since
we heavily rely on WebDAV and OCS also in the web UI it's basically useless.
An admin only sees a broken interface and can't even change any settings nor
sees any files. Also sharing is not possible.
As this is at least the case since Nextcloud 9 and we haven't received any
reports for this it seems that this feature is not used at all so I removed it.
The encryption commands now rely on the well tested maintenance mode.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
This didn't really work anyways and Chrome 54 for Android has been pushed out via Google Play on October 19th. So we should remove this.
This is only in master and doesn't affect any stable branch.
Fixes https://github.com/nextcloud/server/issues/2318
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* try to reuse the old session token for remember me login
* decrypt/encrypt token password and set the session id accordingly
* create remember-me cookies only if checkbox is checked and 2fa solved
* adjust db token cleanup to store remembered tokens longer
* adjust unit tests
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Chrome on Android has a bug that it doesn't sent cookies with the
same-site attribute for the download manager. To work around that
all same-site cookies get deleted and recreated directly. Awesome!
FIXME: Remove once Chrome 54 is deployed to end-users
@see https://github.com/nextcloud/server/pull/1454
Some user agents are notorious and don't really properly follow HTTP
specifications. For those, have an automated opt-out. Since the protection
for remote.php is applied in base.php as starting point we need to opt out
here.
nextcloud by default uses the `/config/` directory in the source/application tree for its config file(s).
with this commit that directory can be overridden by the `NEXTCLOUD_CONFIG_DIR` environment variable.
in uwsgi, you would use the option `--env "NEXTCLOUD_CONFIG_DIR=/tmp/nx-config/"`
in apache `SetENV …`
and the cli command can be run with: `NEXTCLOUD_CONFIG_DIR=/tmp/nx-config ./occ` (or just use `export` once in the
shell).
NEXTCLOUD_CONFIG_DIR can be supplied with or without the trailing slash (`/`), but in all cases `$configDir` will have
it automatically added if needed.
The other changes are several occurrences of `OC::$SERVERROOT . '/config'` to `OC::$configDir`.
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.
It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)