Fixes#7084
Now entering wrongly cased email (roeland@ instead of Roeland@) for
password reset etc. Will also work.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
When a touch is done (i.e. when creating a new file in the node API)
The hooks contain 'write' and 'touch' (and the operation is touch as
well). This would cause a double write update. Which doesn't make sense.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
The second execute statement should be inside the if block. Else it gets
executed twice which makes no sense.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Fixes#12498
This means that we set that it is a proper app token once it is
validated. This will allow the 2FA middleware to just run the same
check.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* fixes#9305 by not being prone to the race condition in insertIfNotExists
* fixes#6899 by not using a query that can result in a deadlock
* replaces the insertIfNotExists call with an insert which is wrapped into a try-catch block
* followup to #12371
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* fixes#6160 by not being prone to the race condition in insertIfNotExists
* fixes#12228 by not using a query that can result in a deadlock
* replaces the insertIfNotExists call with an insert which is wrapped into a try-catch block
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Fixes#1020
When an external storage is shared with you in full the root is ''
(empty). This adds an extra check for an empty jail basically.
Because if the jail is on the empty string. It matches all paths.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Fixes#12131
If we hit an expired token there is no need to continue checking. Since
we know it is a token.
We also should not register this with the bruteforce throttler as it is
actually a valid token. Just expired. Instead the authentication should
fail. And buisness continues as usual.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
When using atoken obtained via OAuth the token expires. Resulting in
brute force attempts hitting the requesting IP.
This resets the brute force attempts for that UID on a valid refresh of
the token.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>