Commit Graph

190 Commits

Author SHA1 Message Date
Joas Schilling ba87db3fcc
Fix others 2016-07-21 18:13:57 +02:00
Lukas Reschke ba4f12baa0
Implement brute force protection
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.

It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
2016-07-20 22:08:56 +02:00
Joas Schilling 80168613be
Fix maintenance mode
When the server is in maintenance mode, apps are not loaded.
That means apps/theming/ is not in the allowed paths. So we
need to check without autoloading, whether the class exists.
2016-07-19 09:54:42 +02:00
Joas Schilling 2c988ecbf4
Use the themed Defaults everywhere 2016-07-15 09:17:30 +02:00
Lukas Reschke e0445856b9 Merge pull request #59 from nextcloud/theming-app
Theming app
2016-06-27 21:14:40 +02:00
Bjoern Schiessle 630e4b1b46
check password for link shares 2016-06-27 14:05:27 +02:00
Lukas Reschke 89e889c832 Check if server is installed
AppManager has a dependency on Nc being installed
2016-06-27 10:26:23 +02:00
Lukas Reschke 27b699bdbc Migrate logic to dynamic controller
Also adds support for having custom login backgrounds
2016-06-27 10:26:23 +02:00
Lukas Reschke aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Christoph Wurst 28ce7dd262
do not allow client password logins if token auth is enforced or 2FA is enabled 2016-05-24 17:54:02 +02:00
Vincent Petry 87fa86a69a Merge pull request #24559 from owncloud/2fa
two factor auth
2016-05-23 20:50:03 +02:00
Christoph Wurst 847bbc51b6
add OCC command to enable/disable 2FA for a user 2016-05-23 11:21:13 +02:00
Christoph Wurst dfb4d426c2
Add two factor auth to core 2016-05-23 11:21:10 +02:00
Christoph Wurst 12431aa399
list user's auth tokens on the personal settings page 2016-05-23 09:11:12 +02:00
Joas Schilling d0a2fa0506
Lock jobs while executing them, to allow multiple executors to run in parallel 2016-05-21 01:59:25 +02:00
Christoph Wurst 98b465a8b9
a single token provider suffices 2016-05-18 09:20:48 +02:00
Robin Appelman de5b7609f9 use mount providers to setup home storages (#24567) 2016-05-17 21:40:55 +02:00
Morris Jobke 9b3eefbf95 Merge pull request #24563 from owncloud/redis-factory
factor out redis configuration into it's own factory
2016-05-12 13:15:12 +02:00
Christoph Wurst f0f8bdd495
PHPDoc and other minor fixes 2016-05-11 13:36:46 +02:00
Christoph Wurst 7aa16e1559
fix setup 2016-05-11 13:36:46 +02:00
Christoph Wurst 2fa5e0a24e
invalidate (delete) session token on logout
add 'last_activity' column to session tokens and delete old ones via a background job
2016-05-11 13:36:46 +02:00
Christoph Wurst d8cde414bd
token based auth
* Add InvalidTokenException
* add DefaultTokenMapper and use it to check if a auth token exists
* create new token for the browser session if none exists
hash stored token; save user agent
* encrypt login password when creating the token
2016-05-11 13:36:46 +02:00
Robin Appelman e2f6aa3a57 factor out redis configuration into it's own factory 2016-05-03 16:02:17 +02:00
Thomas Müller 15a479fb96 Merge pull request #24408 from owncloud/improve-server-container
Improve server container
2016-05-03 12:03:09 +02:00
Joas Schilling 6ab004fac1
Fix doc block 2016-05-03 10:30:07 +02:00
Joas Schilling 1e5f85ac8c
Use internal tag so IDEs highlight the usage 2016-05-03 10:29:47 +02:00
Roeland Jago Douma fc82047e26
Move OC_Log_xx to \OC\Log namespace 2016-05-03 08:57:26 +02:00
Roeland Douma ed3b9d5aff Merge pull request #24381 from owncloud/correc_typehint
Use correct typehint for the IProviderFactory
2016-05-03 07:40:25 +02:00
Roeland Jago Douma eb1d5fdaf8
Use correct typehint 2016-05-02 11:59:54 +02:00
Joas Schilling 7bfc617b03
Move activity manager to the namespace 2016-05-02 11:57:24 +02:00
Robin Appelman e51467689d
mount custom cache folder using mount providers 2016-04-29 17:41:09 +02:00
Thomas Müller 55735e1450
Translate contacts birthday - fixes #23982 2016-04-14 16:58:45 +02:00
Roeland Jago Douma 5cd8382d39
Add lazyRootFolder 2016-04-13 11:23:02 +02:00
Robin Appelman cdedda99e4 Make lock ttl configurable 2016-04-07 08:24:13 +02:00
Bjoern Schiessle 93ed965cbb fix creation of versions of encrypted files on external storages
in order to create a 1:1 copy of a file if a version gets created
we need to store this information on copyBetweenStorage(). This
allows us to by-pass the encryption wrapper if we read the source file.
2016-03-31 19:24:47 +02:00
Thomas Müller b8812c8cba Merge pull request #23154 from owncloud/avatar-save-failure
dont die when we cant save the resized avatar, log instead
2016-03-24 22:43:17 +01:00
Morris Jobke 76455204c0 Inject server root - allows proper testing and separation of concerns 2016-03-18 13:59:44 +01:00
Lukas Reschke 5278bfe0e4 Add support for custom values in integrity checker 2016-03-15 10:41:17 +01:00
Robin Appelman 54e750ba78 dont die when we cant save the resized avatar, log instead 2016-03-11 13:44:35 +01:00
Roeland Jago Douma d16b371e38 POC for PSR-4 autoloader server.php => Server.php 2016-03-09 16:53:39 +01:00