Commit Graph

64 Commits

Author SHA1 Message Date
Joas Schilling 71de1d58cd Fix namespace duplication and other issues in repairlegacystorages 2015-04-13 16:34:10 +02:00
Jenkins for ownCloud b585d87d9d Update license headers 2015-03-26 11:44:36 +01:00
Morris Jobke 06aef4e8b1 Revert "Updating license headers"
This reverts commit 6a1a4880f0.
2015-02-26 11:37:37 +01:00
Thomas Müller 1fd1b355e4 Fix namespace of OC_Setup -> \OC\Setup 2015-02-23 16:44:40 +01:00
Vincent Petry 4290e1990e Merge pull request #13829 from owncloud/appmanager-list
Better caching for enabled apps
2015-02-23 16:03:32 +01:00
Jenkins for ownCloud 6a1a4880f0 Updating license headers 2015-02-23 12:13:59 +01:00
Robin Appelman 434835b326 also set user in UserSession when doing OC_User::setUserId 2015-02-17 15:05:29 +01:00
Lukas Reschke 025110821f URLEncode logout attribute
Otherwise logout can fail if the requesttoken contains a +
2015-02-13 12:08:23 +01:00
Lukas Reschke 476579b9c6 Fix WebDAV auth for session authentication only
\Sabre\DAV\Auth\Backend\AbstractBasic::authenticate was only calling \OC_Connector_Sabre_Auth::validateUserPass when the response of \Sabre\HTTP\BasicAuth::getUserPass was not null.

However, there is a case where the value can be null and the user could be authenticated anyways: The authentication via ownCloud web-interface and then accessing WebDAV resources. This was not possible anymore with this patch because it never reached the code path in this scenario.

This patchs allows authenticating with a session without isDavAuthenticated value stored (this is for ugly WebDAV clients that send the cookie in any case) and thus the functionality should work again.

To test this go to the admin settings and test if the WebDAV check works fine. Furthermore all the usual stuff (WebDAV / Shibboleth / etc...) needs testing as well.
2015-01-20 10:03:14 +01:00
Lukas Reschke f671b232cc Merge pull request #12923 from owncloud/ultra-slim-version-of-incognito-mode
Add ultra-slim hack for incognito mode
2014-12-19 14:54:11 +01:00
Robin McCorkell 619dcae7af Merge pull request #12901 from owncloud/move-ldap-check-to-manager
Move the Null-Byte LDAP check to the user manager
2014-12-18 00:28:00 +00:00
Lukas Reschke e3230b5bc2 Add ultra-slim hack for incognito mode
As discussed at https://github.com/owncloud/core/pull/12912#issuecomment-67391155
2014-12-17 21:53:43 +01:00
Lukas Reschke b91a435ed4 Move basic auth login out of `isLoggedIn`
Potentially fixes https://github.com/owncloud/core/issues/12915 and opens the door for potential other bugs...

Please test very carefully, this includes:

- Testing from OCS via cURL (as in #12915)
- Testing from OCS via browser (Open the "Von Dir geteilt" shares overview)
- WebDAV
- CalDAV
- CardDAV
2014-12-17 20:12:14 +01:00
Lukas Reschke f6820406b6 Move the Null-Byte LDAP check to the user manager
The existing method is deprecated and just a wrapper around the manager method. Since in the future other code paths might call this function instead we need to perform that check here.

Related to http://owncloud.org/security/advisory/?id=oc-sa-2014-020
2014-12-17 12:47:00 +01:00
Lukas Reschke 5dc6406b70 Add filter for 'backend' to user REST route
This adds a "backend" type filter to the index REST route which is a pre-requisite for https://github.com/owncloud/core/issues/12620

For example when calling `index.php/settings/users/users?offset=0&limit=10&gid=&pattern=&backend=OC_User_Database` only users within the backend `OC_User_Database` would be shown. (requires sending a CSRF token as well)

Depends upon https://github.com/owncloud/core/pull/12711
2014-12-10 12:07:34 +01:00
Lukas Reschke fe7d9a7ca0 Add REST route for user & group management
First step of a somewhat testable user management. - I know, the JSON returns are in an ugly format but the JS expects it that way. So let's keep it that way until we have time to fix the JS in the future.
2014-12-08 12:11:01 +01:00
Craig Morrissey 541344d880 logging changes 2014-11-07 12:45:42 -05:00
Robin Appelman 1eefc21329 Remove confusingly names \OC\User\Manager::delete and fix the automatic cache cleanup instead 2014-11-05 15:45:58 +01:00
Arthur Schiwon 993376fb6f better variable name 2014-10-22 13:36:57 +02:00
Arthur Schiwon e0342db47c set up FS by username, not login name\! 2014-10-22 13:28:08 +02:00
Lukas Reschke d0d3b7457b Move BasicAuth check to "isLoggedIn()"
Ensures that Basic Auth works properly for APIs and removes the need for some even uglier lines of code.
2014-09-18 16:14:07 +02:00
Lukas Reschke 63a90a129b Use proper RNG generator
OC_Util::generateRandomBytes() only returns lowercase alphanumeric values.
We should use the new RNG which has a broader characterset.
2014-09-03 17:46:48 +02:00
Robin Appelman a9a37b5363 Don't automatically setup the filesystem the moment we load OC\Files\FileSystem 2014-09-02 16:15:42 +02:00
Jörn Friedrich Dreyer f551917a3c kill OC::$session
maintain deprecated \OC::$session when getting or setting the session via the server container or UserSession

restore order os OC::$session and OC::$CLI

remove unneded initialization of dummy session

write back session when $useCustomSession is true

log warning when deprecated app is used
2014-08-29 10:22:21 +02:00
Jörn Friedrich Dreyer fd798fd982 update deprecation docs 2014-08-14 12:22:34 +02:00
Thomas Müller a72dae6842 Merge pull request #10144 from owncloud/issue/9972
Issue/9972 Fix issues with group and username `0`
2014-08-06 09:53:13 +02:00
Joas Schilling 4865c52aa6 Fix isLoggedIn() check for user '0'
Fix #9972
2014-08-04 15:53:55 +02:00
Vincent Petry 4e957c7b18 Merge pull request #8443 from owncloud/csrf-on-login-and-logout
Add CSRF check on login and logout
2014-06-02 11:27:20 +02:00
Arthur Schiwon 2c89962919 clean up tryRememberLogin and save the timestamp of users last login 2014-05-21 18:03:37 +02:00
Thomas Müller f8cb8f4803 Merge branch 'master' into csrf-on-login-and-logout
Conflicts:
	core/templates/login.php
2014-05-19 20:40:55 +02:00
Morris Jobke dc36d30953 Remove all occurences of @brief and @returns from PHPDoc
* test case added to avoid adding them later
2014-05-19 17:50:53 +02:00
Robin McCorkell 3bed3d2a23 Change parameter type for useBackend 2014-05-13 19:08:14 +01:00
Robin McCorkell a7ae2e874a Squash 'a | b' into 'a|b', in /lib 2014-05-13 19:08:14 +01:00
Robin McCorkell b5bc37d2e4 Fix @return array PHPDocs, in /lib 2014-05-13 19:08:14 +01:00
Robin McCorkell b653ad164b Replace @returns with @return, in /lib 2014-05-13 19:08:14 +01:00
Lukas Reschke 73b914ddbc Add CSRF check on login and logout
This is a minor issue and not worth a backport in my opinion as it could break more things than it's worth having it.
2014-05-04 13:56:21 +02:00
Lukas Reschke e88731a477 Some more PHPDoc fixes 2014-04-21 15:44:54 +02:00
Thomas Müller 6ff96b34ad Merge branch 'master' into load-apps-proper-master
Conflicts:
	apps/files/ajax/rawlist.php
	cron.php
	ocs/v1.php
2014-03-21 14:05:08 +01:00
Lukas Reschke 69325c5eeb Move session_regenerate_id to `login()` 2014-02-21 08:11:07 +01:00
Lukas Reschke 0241ddc759 Merge pull request #6519 from nhirokinet/master
Security Update: session fixation
2014-02-20 14:28:26 +01:00
Scrutinizer Auto-Fixer adaee6a5a1 Scrutinizer Auto-Fixes
This patch was automatically generated as part of the following inspection:
https://scrutinizer-ci.com/g/owncloud/core/inspections/cdfecc4e-a37e-4233-8025-f0d7252a8720

Enabled analysis tools:
 - PHP Analyzer
 - JSHint
 - PHP Copy/Paste Detector
 - PHP PDepend
2014-02-19 09:31:54 +01:00
Thomas Müller 9fac95c2ab Merge branch 'master' into scrutinizer_documentation_patches
Conflicts:
	lib/private/appconfig.php
2014-02-14 23:03:27 +01:00
Jörn Friedrich Dreyer 2a6a9a8cef polish documentation based on scrutinizer patches 2014-02-06 17:02:21 +01:00
Thomas Müller 79fc4f3126 Within OC:init() the minimum set of apps is loaded - which is filesystem, authentication and logging 2014-02-06 11:34:27 +01:00
Robin Appelman 8d6a3a00b4 Revert "Use Cache->clear to cleanup the filecache for removed users"
This reverts commit 5a5b6f187e.
2014-02-03 16:29:04 +01:00
Robin Appelman 5a5b6f187e Use Cache->clear to cleanup the filecache for removed users 2014-01-22 13:00:45 +01:00
Robin Appelman 374e3475c9 Also remove the user's home storage from the storage table when deleting a user 2014-01-21 23:58:48 +01:00
Thomas Müller 22bd69f75c set login name within apache auth backend 2014-01-09 10:28:24 +01:00
nhirokinet c2e2c59ca7 Update user.php to fix duplicate session-duplicate 2013-12-22 01:31:04 +09:00
Bjoern Schiessle 6deda1b9f6 return false if user is in incognito mode 2013-11-27 16:52:30 +01:00