ba4f12baa0
Implement brute force protection
...
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.
It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
2016-07-20 22:08:56 +02:00
020a2a6958
Merge pull request #476 from nextcloud/port-same-site-cookies
...
[master] Port Same-Site Cookies to master
2016-07-20 21:35:02 +02:00
a299fa38a9
[master] Port Same-Site Cookies to master
...
Fixes https://github.com/nextcloud/server/issues/50
2016-07-20 18:37:57 +02:00
e9c85e02ac
Merge pull request #462 from nextcloud/master-explode
...
[master] Use explode() instead of split()
2016-07-20 18:31:11 +02:00
99316ec02c
Show app name in error message if app could not be loaded. ( #25441 )
2016-07-20 15:16:16 +02:00
4f90447150
[master] Use explode() instead of split()
...
Sync from https://github.com/owncloud/core/pull/25488
2016-07-20 14:36:39 +02:00
ea470f8777
Merge pull request #405 from nextcloud/theming-fixes
...
Theming fixes
2016-07-18 15:59:47 +02:00
72464f1ce4
Remove asset pipelin
...
Fixes #215
The asset pipeline has shown to do more harm than good. Some apps fail
hard with it. Also it makes sure that you download a huge file on each
unvisited page.
2016-07-15 20:14:11 +02:00
2c988ecbf4
Use the themed Defaults everywhere
2016-07-15 09:17:30 +02:00
c2d88a08b7
Remove unneeded checks if it runs on a Windows machine
...
* the setup check is still there
2016-07-08 15:55:17 +02:00
27b699bdbc
Migrate logic to dynamic controller
...
Also adds support for having custom login backgrounds
2016-06-27 10:26:23 +02:00
10f6ca20bc
write theme settings to database
2016-06-27 10:26:22 +02:00
7a9d60d87e
Merge remote-tracking branch 'upstream/master' into master-upstream-sync
2016-06-26 12:55:05 +02:00
7f22aeb5d6
redirect to new login route ( #25099 )
...
* redirect to new login route
* encode anchor in url and restore it client-side
2016-06-21 16:14:51 +02:00
e95c15e53a
fix more strings
2016-06-20 13:14:24 +02:00
42c66efea5
Merge branch 'master' of https://github.com/owncloud/core into downstream-160611
2016-06-11 15:34:43 +02:00
7b3dc806eb
Check 2FA state for raw php files too
2016-06-10 09:52:52 +02:00
a636e4ff28
Downstream 2016-06-09
...
Merge branch 'master' of https://github.com/owncloud/core into downstream-160609
2016-06-09 18:45:12 +02:00
51fd2602a7
Revert "Downstream 2016-06-08"
2016-06-09 17:41:57 +02:00
6ba18934e6
Merge pull request #25000 from owncloud/fix-email-login-dav
...
Allow login by email address via webdav as well
2016-06-09 16:28:06 +02:00
bee918693a
dissalow symlinks in local storages that point outside the datadir
2016-06-09 14:00:01 +02:00
f20c617154
Allow login by email address via webdav as well - fixes #24791
2016-06-09 12:08:49 +02:00
90c1ec1c49
Merge pull request #25014 from owncloud/admin-datadircheck-fix
...
Use temporary htaccesstest.txt for data dir security check
2016-06-09 11:58:28 +02:00
81145ee57c
THIS IS NEXTCLOUD! adjusting the design
2016-06-08 17:02:18 +02:00
fb087a0261
Use temporary htaccesstest.txt for data dir security check
2016-06-07 18:36:13 +02:00
7b1b723e5b
dissalow symlinks in local storages that point outside the datadir
2016-06-07 14:01:53 +02:00
deef15a3c7
Remove "Help" link from personal sidebar
...
At the moment we want to hide the help link from the personal sidebar as it contains the original ownCloud documentation.
Once we have our own documentation with our proper branding and so on we can reenable this.
2016-06-06 18:40:15 +02:00
7d31ae9909
Fix second check for quota size ( #24989 )
2016-06-06 13:47:53 +02:00
53398b5146
Merge pull request #24936 from owncloud/2fa-block-ocs
...
block OCS if 2FA challenge needs to be solved first
2016-06-02 14:55:34 +02:00
f37d519d0d
Merge pull request #24946 from owncloud/issue-24943-duplicate-downgrade-unsupported-message
...
Do not show the hint when it's the same as the message
2016-06-02 10:40:53 +02:00
1d2cdfb9fd
Fix URL for client downloads
2016-06-01 16:58:57 +02:00
13892417c4
Do not show the hint when it's the same as the message
2016-06-01 13:34:57 +02:00
3ec6f4e165
block OCS if 2FA challenge needs to be solved first
2016-06-01 11:19:49 +02:00
7b4459d28d
Merge pull request #24912 from owncloud/session-tokens-apache-auth
...
Create session tokens for apache auth users
2016-06-01 10:56:10 +02:00
c58d8159d7
Create session tokens for apache auth users
2016-05-31 17:07:49 +02:00
a23df94af1
Properly check for mbstring extension
...
mb_detect_encoding is in the fallback we ship in the polyfill library, mb_strcut is not. Thus this lead to a false positive and ownCloud would just break.
2016-05-31 08:12:36 +02:00
aba539703c
Update license headers
2016-05-26 19:57:24 +02:00
51b0036d8f
Changed labels of chunk TTL to mention chunks
2016-05-24 15:18:56 +02:00
c9b26d065b
Move cache chunk TTL value to FileChunking class
...
This makes it less generic and only used for actual file chunking
2016-05-24 14:58:27 +02:00
adcf942901
Merge pull request #24750 from owncloud/lenz1111-share_download_range_requests_support
...
Http Range requests support in downloads
2016-05-23 21:01:26 +02:00
6577bbe887
Code style and doc fix
2016-05-23 15:17:00 +02:00
9999e05660
Http Range requests support in downloads
...
Http range requests support is required for video preview
2016-05-20 18:16:44 +02:00
db4c7fe743
Add encoding wrapper as opt-in mount option
...
The encoding wrapper is now only applied when the mount option is set,
disabled by default.
2016-05-20 09:33:59 +02:00
63bbbf29f4
Add wrapper for NFD encoding workaround
2016-05-20 09:33:59 +02:00
5c9103287f
Group fixup ( #24621 )
...
* Move used OC_Group_xx to \OC\Group
* Add (deprecated) legacy wrapper in legacy, OC_Group_xx
* Replace deprecated use of OC_Group_xx with \OC\Group\xx
2016-05-17 16:06:44 +02:00
eb79b83831
Move functions.php to legacy
...
This file should really be properly namespaced etc!
2016-05-13 08:54:07 +02:00
9b05f37fad
lib/private/ocs to PSR-4 ( #24558 )
...
* Move OC_OCS_XX to legacy
* Move \OC\OCS to PSR-4
* OC_OCS_xx to \OC\OCS\xx
* Moved OC_OCS_xx to proper namespace
* OC_OCS_xx is still there for legacy reasons as a wrapper
* No calls to OC_OCS_xx in \OC\OCS\
2016-05-12 09:43:53 +02:00
8729415880
Merge pull request #24531 from owncloud/psr4-loading-for-install-and-commands
...
Correctly register PSR-4 autoloading before install.php and loading commands
2016-05-11 13:53:16 +02:00
46bdf6ea2b
fix PHPDoc and other minor issues
2016-05-11 13:36:46 +02:00
699289cd26
pass in $request on OCS api
2016-05-11 13:36:46 +02:00
7aa16e1559
fix setup
2016-05-11 13:36:46 +02:00
fdc2cd7554
Add token auth for OCS APIs
2016-05-11 13:36:46 +02:00
3ab922601a
Check if session token is valid and log user out if the check fails
...
* Update last_activity timestamp of the session token
* Check user backend credentials once in 5 minutes
2016-05-11 13:36:46 +02:00
d8cde414bd
token based auth
...
* Add InvalidTokenException
* add DefaultTokenMapper and use it to check if a auth token exists
* create new token for the browser session if none exists
hash stored token; save user agent
* encrypt login password when creating the token
2016-05-11 13:36:46 +02:00
db16dc6644
Correctly register autoloading before install.php and loading commands
2016-05-11 11:18:00 +02:00
9eea062004
Merge pull request #24433 from owncloud/user_psr4
...
lib/private/user to PSR-4
2016-05-11 11:16:56 +02:00
4a05e9ce76
Merge pull request #24379 from owncloud/remove-unneeded-code
...
Remove unneeded private wrapper methods
2016-05-10 20:19:48 +02:00
f6ee738ba8
Add \OC\User\Backend
...
Since some apps (ldap et al) still depend on OC_User_Backend this seemed
like the cleanest approach.
2016-05-10 19:53:36 +02:00
9e1d9871a8
Move OC_User_Database to \OC\User\Database
2016-05-10 19:53:36 +02:00
c51ebb02fa
Move OC_User_XX to legacy folder
2016-05-10 19:53:36 +02:00
61be98f554
Merge pull request #24410 from owncloud/fix_24182
...
first call the post_login hooks, before we call getUserFolder.
2016-05-04 10:23:38 +02:00
4b2544925f
Merge pull request #23844 from owncloud/disable-user
...
Add occ commands to enable and disable a user + a disabled user can n…
2016-05-03 15:22:41 +02:00
df2eb96cc4
Merge pull request #24389 from owncloud/login-by-email
...
Allow login by email address
2016-05-03 13:44:38 +02:00
8c0984d605
first call the post_login hooks, before we call getUserFolder.
...
The login process needs to be completed before we can safely create
the users home folder. For example we need to give encryption a chance
to initialize the users encryption keys in order to copy the skeleton
files correctly
2016-05-03 10:46:05 +02:00
71fa0a75bf
Allow declaration of background jobs in info.xml
2016-05-03 08:58:12 +02:00
adf7e7295e
Merge pull request #24375 from owncloud/archive_move
...
Move OC_Archive to \OC\Archive and PSR-4
2016-05-03 08:37:01 +02:00
a72e6a2dac
Merge pull request #24386 from owncloud/psr4-for-apps
...
PSR-4 for apps
2016-05-03 08:24:22 +02:00
c96ed5c4ce
Move OC_Archive to \OC\Archive\Archive
...
* Move out of legacy folder
* Move to proper namespace
* Fix calling code
2016-05-02 19:34:32 +02:00
0cb434686c
Move OC_Archive_XX to PSR-4
...
* Fix code
* Fix tests
2016-05-02 19:32:51 +02:00
d879354ccb
Use lib/ instead of src/ because that is what people are used to
2016-05-02 15:45:52 +02:00
ee3457aec0
Register the PSR-4 path on loadApp
2016-05-02 15:17:14 +02:00
7aca13f14c
Allow login by email address
2016-05-02 14:51:01 +02:00
5595e038ae
Remove unneeded private wrapper methods
2016-05-02 11:23:14 +02:00
9b875db8b8
OCS API should catch LoginExceptions
...
Catching the login exception and returning false (login failed). Makes
the OCS API properly return data instead of printing the exception page.
2016-05-02 09:31:22 +02:00
9c9fec36dd
Add occ commands to enable and disable a user + a disabled user can no longer login - fixes #23838
2016-05-02 09:31:22 +02:00
5e055ca6c1
Move uninstall repair step execution to the correct place
2016-05-02 09:22:26 +02:00
f91e5f87d2
Fix installer file location
2016-05-02 09:06:19 +02:00
e049953d1a
OC_Installer -> \OC\Installer
2016-05-02 08:52:06 +02:00
54f45f95f5
Adding repair steps for install and uninstall - fixes #24306
2016-05-02 08:52:06 +02:00
d89b533fa5
Move old classes to legacy
2016-05-01 13:09:28 +02:00
368be8894c
Move non PSR-4 files from lib/private root to legacy
...
As discussed we move all old style classes (OC_FOO_BAR) to legacy.
Then from there we can evaluate the need to convert them back or if they
can be fully deprecated/deleted.
2016-04-30 11:32:22 +02:00
20020abff4
Move OC_L10N_String to legacy folder
2016-04-27 20:23:25 +02:00
d09f835dca
Move \OC\DB to PSR-4
...
Besides the statement wrapper that is moved to the legacy folder
(namepsace of shame folder)
2016-04-15 19:46:34 +02:00
c353d51810
Remove Scrutinizer Auto Fixer
2016-03-01 17:48:23 +01:00
933f60e314
Update author information
...
Probably nice for the people that contributed to 9.0 to see themselves in the AUTHORS file :)
2016-03-01 17:25:15 +01:00
3a6390031c
Move class to legacy folder
2016-01-26 14:10:05 +01:00
82bf99c0cf
Get rid of legacy OC_Config
...
We were still using the lecagy class OC_Config all over the place. Which
was a wrapper around the new class OC\Config
2015-12-18 11:53:41 +01:00
c6f6a8758b
Drop OC_SubAdmin and replace usages
2015-10-29 11:31:18 +01:00
8f09d5b67c
Update license headers
2015-10-26 14:04:01 +01:00
c515628ebe
Legacy OC_SubAdmin is now just a wrapper
2015-10-21 11:32:38 +02:00
0e9ab13943
New \OC\SubAdmin class
...
* DI
* Tests
* moved OC_SubAdmin to legacy
* Added to private OC\GroupManager
2015-10-21 11:32:38 +02:00
1385b1ec48
Remove OC_Appconfig
2015-07-03 18:00:16 +02:00
d3ac73c0c9
Remove OC_Log
2015-07-03 18:00:16 +02:00
68fd74963e
Remove legacy search classes
2015-07-03 17:56:14 +02:00
f63915d0c8
update license headers and authors
2015-06-25 14:13:49 +02:00
a32c71d25e
Revert "Deprecated \OCP\IAppConfig - add missing methods to IConfig"
...
This reverts commit 012016d331
2015-03-27 18:50:11 +01:00
4d12c4a38b
Merge pull request #13938 from owncloud/deprecate-iappconfig
...
Deprecated \OCP\IAppConfig - add missing methods to IConfig
2015-03-27 16:07:41 +01:00
b585d87d9d
Update license headers
2015-03-26 11:44:36 +01:00
012016d331
Deprecated \OCP\IAppConfig - add missing methods to IConfig
2015-03-17 17:19:33 +01:00
06aef4e8b1
Revert "Updating license headers"
...
This reverts commit 6a1a4880f0
2015-02-26 11:37:37 +01:00
Lukas Reschke
Morris Jobke
Klaas Freitag
Björn Schießle
Roeland Jago Douma
Joas Schilling
Lukas Reschke
Christoph Wurst
Arthur Schiwon
Christoph Wurst
Vincent Petry
Robin Appelman
Thomas Müller
Jan-Christoph Borchardt
Joas Schilling
Joas Schilling
Piotr Filiciak
Roeland Douma
Roeland Jago Douma
Thomas Müller
Björn Schießle
Jenkins for ownCloud