Commit Graph

35 Commits

Author SHA1 Message Date
Bjoern Schiessle dfec66ca02
only warn about data lose on password reset if per-user keys are used
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-08-15 15:08:34 +02:00
Robin Appelman 8ed50d4b63
prefill userid for login after password reset
Signed-off-by: Robin Appelman <robin@icewind.nl>
2018-06-21 15:18:07 +02:00
Rémy Jacquin 04e1cab5ee
Fix translation bug on lost password page
Fix nextcloud/password_policy#26

Signed-off-by: Rémy Jacquin <remy@remyj.fr>
2018-05-20 12:51:50 +02:00
Joas Schilling 339e320064
Fix existing usages
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-02-15 12:18:51 +01:00
Arthur Schiwon 4f3d52a364
never translate login names when requiring with a user id
where appropriate, the preLoginNameUsedAsUserName hook should be thrown.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-03 13:25:00 +01:00
Morris Jobke 0eebff152a
Update license headers
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 16:56:19 +01:00
Joas Schilling 3119fd41ce
Set the data from the template
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-10-18 15:12:03 +02:00
Joas Schilling 8b37fe7f65
Set the subject with the email template to allow theming
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-10-18 15:12:03 +02:00
Joas Schilling 6dbb64c4a2
Merge setMetaData into constructor
This ensures that the meta data is set in the beginning

Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-09-04 15:07:41 +02:00
Joas Schilling 6a130d01e7
Also for reset password
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-24 18:02:37 +02:00
Joas Schilling d5c6d56170
No password reset for disabled users
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-18 13:21:53 +02:00
Morris Jobke 188b87e03b Cleanup legacy user class from unused methods
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-07-24 12:17:53 +02:00
Joas Schilling 0828df5ed4
Disable the API endpoints as well
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-05-11 17:03:57 +02:00
Joas Schilling 3d671cc536 Merge pull request #4443 from nextcloud/cleanup-unused-imports
Remove unused use statements
2017-04-24 11:47:37 +02:00
Morris Jobke c54a59d51e
Remove unused use statements
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-22 19:23:31 -05:00
Lukas Reschke d0d34d308a
Add at most 10 password reset requests per 5 minutes and IP range
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-22 08:12:54 +02:00
Morris Jobke 16c4755e03
Rename renderHTML to renderHtml
* fixes #4383
* improves consistency

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-19 15:46:41 -05:00
Lukas Reschke 727688ebd9
Adjust existing bruteforce protection code
- Moves code to annotation
- Adds the `throttle()` call on the responses on existing annotations

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-14 13:42:40 +02:00
Lukas Reschke 81d3732bf5 Merge pull request #4308 from nextcloud/lost-password-email
Update email template for lost password email
2017-04-13 20:02:15 +02:00
Lukas Reschke 66835476b5
Add support for ratelimiting via annotations
This allows adding rate limiting via annotations to controllers, as one example:

```
@UserRateThrottle(limit=5, period=100)
@AnonRateThrottle(limit=1, period=100)
```

Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 12:00:16 +02:00
Morris Jobke 1f962f9115
Update email template for lost password email
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-12 15:19:53 -05:00
Morris Jobke 5b4adf66e5
Move OC_Defaults to OCP\Defaults
* currently there are two ways to access default values:
  OCP\Defaults or OC_Defaults (which is extended by
  OCA\Theming\ThemingDefaults)
* our code used a mixture of both of them, which made
  it hard to work on theme values
* this extended the public interface with the missing
  methods and uses them everywhere to only rely on the
  public interface

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-09 21:43:01 -05:00
Joas Schilling 4bae7ef96d
Allow to reset the password with the email as an input
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-28 21:17:37 +02:00
Bjoern Schiessle 927d3865a0
add brute force protection to password reset to make it harder to guess user logins
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-01-19 10:12:45 +01:00
Bjoern Schiessle fcda3a20f4
create new encryption keys on password reset and backup the old one
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-01-10 17:04:32 +01:00
Bjoern Schiessle 16bbd3fd7c
fix password reset if encryption is enabled
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-12-08 12:08:05 +01:00
Lukas Reschke 6d686c213b
[WIP] Use mail for encrypting the password reset token as well 2016-11-03 14:27:26 +01:00
Joas Schilling 877cb06bfe
Use magic DI for core controllers
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-09-30 10:00:26 +02:00
Roeland Jago Douma f6423f74e3
Minor cleanup in core Controllers 2016-08-29 21:52:09 +02:00
Joas Schilling 736e884e9a
Move the reset token to core app 2016-08-23 15:01:38 +02:00
Joas Schilling ba87db3fcc
Fix others 2016-07-21 18:13:57 +02:00
Joas Schilling 2c988ecbf4
Use the themed Defaults everywhere 2016-07-15 09:17:30 +02:00
Lukas Reschke aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Julius Haertl 8ee2cb47d0 Show error messages if a password reset link is invalid or expired
- Moved token validation to method checkPasswordResetToken
- Render error with message from exceptions
2016-05-23 16:48:10 +02:00
Lukas Reschke a4b19a5b1e
Rename files to be PSR-4 compliant 2016-04-06 11:00:52 +02:00