Commit Graph

134 Commits

Author SHA1 Message Date
Lukas Reschke c385423d10 Merge pull request #479 from nextcloud/add-bruteforce-throttler
Implement brute force protection
2016-07-21 00:31:02 +02:00
Lukas Reschke ba4f12baa0
Implement brute force protection
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.

It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
2016-07-20 22:08:56 +02:00
Lukas Reschke 020a2a6958 Merge pull request #476 from nextcloud/port-same-site-cookies
[master] Port Same-Site Cookies to master
2016-07-20 21:35:02 +02:00
Lukas Reschke a299fa38a9
[master] Port Same-Site Cookies to master
Fixes https://github.com/nextcloud/server/issues/50
2016-07-20 18:37:57 +02:00
Morris Jobke e9c85e02ac Merge pull request #462 from nextcloud/master-explode
[master] Use explode() instead of split()
2016-07-20 18:31:11 +02:00
Klaas Freitag 99316ec02c
Show app name in error message if app could not be loaded. (#25441) 2016-07-20 15:16:16 +02:00
Lukas Reschke 4f90447150
[master] Use explode() instead of split()
Sync from https://github.com/owncloud/core/pull/25488
2016-07-20 14:36:39 +02:00
Björn Schießle ea470f8777 Merge pull request #405 from nextcloud/theming-fixes
Theming fixes
2016-07-18 15:59:47 +02:00
Roeland Jago Douma 72464f1ce4
Remove asset pipelin
Fixes #215

The asset pipeline has shown to do more harm than good. Some apps fail
hard with it. Also it makes sure that you download a huge file on each
unvisited page.
2016-07-15 20:14:11 +02:00
Joas Schilling 2c988ecbf4
Use the themed Defaults everywhere 2016-07-15 09:17:30 +02:00
Morris Jobke c2d88a08b7
Remove unneeded checks if it runs on a Windows machine
* the setup check is still there
2016-07-08 15:55:17 +02:00
Lukas Reschke 27b699bdbc Migrate logic to dynamic controller
Also adds support for having custom login backgrounds
2016-06-27 10:26:23 +02:00
Bjoern Schiessle 10f6ca20bc write theme settings to database 2016-06-27 10:26:22 +02:00
Lukas Reschke 7a9d60d87e
Merge remote-tracking branch 'upstream/master' into master-upstream-sync 2016-06-26 12:55:05 +02:00
Christoph Wurst 7f22aeb5d6 redirect to new login route (#25099)
* redirect to new login route

* encode anchor in url and restore it client-side
2016-06-21 16:14:51 +02:00
Morris Jobke e95c15e53a
fix more strings 2016-06-20 13:14:24 +02:00
Arthur Schiwon 42c66efea5
Merge branch 'master' of https://github.com/owncloud/core into downstream-160611 2016-06-11 15:34:43 +02:00
Christoph Wurst 7b3dc806eb
Check 2FA state for raw php files too 2016-06-10 09:52:52 +02:00
Arthur Schiwon a636e4ff28
Downstream 2016-06-09
Merge branch 'master' of https://github.com/owncloud/core into downstream-160609
2016-06-09 18:45:12 +02:00
blizzz 51fd2602a7 Revert "Downstream 2016-06-08" 2016-06-09 17:41:57 +02:00
Vincent Petry 6ba18934e6 Merge pull request #25000 from owncloud/fix-email-login-dav
Allow login by email address via webdav as well
2016-06-09 16:28:06 +02:00
Robin Appelman bee918693a
dissalow symlinks in local storages that point outside the datadir 2016-06-09 14:00:01 +02:00
Thomas Müller f20c617154
Allow login by email address via webdav as well - fixes #24791 2016-06-09 12:08:49 +02:00
Vincent Petry 90c1ec1c49 Merge pull request #25014 from owncloud/admin-datadircheck-fix
Use temporary htaccesstest.txt for data dir security check
2016-06-09 11:58:28 +02:00
Jan-Christoph Borchardt 81145ee57c THIS IS NEXTCLOUD! adjusting the design 2016-06-08 17:02:18 +02:00
Vincent Petry fb087a0261
Use temporary htaccesstest.txt for data dir security check 2016-06-07 18:36:13 +02:00
Robin Appelman 7b1b723e5b dissalow symlinks in local storages that point outside the datadir 2016-06-07 14:01:53 +02:00
Lukas Reschke deef15a3c7
Remove "Help" link from personal sidebar
At the moment we want to hide the help link from the personal sidebar as it contains the original ownCloud documentation.

Once we have our own documentation with our proper branding and so on we can reenable this.
2016-06-06 18:40:15 +02:00
Joas Schilling 7d31ae9909 Fix second check for quota size (#24989) 2016-06-06 13:47:53 +02:00
Vincent Petry 53398b5146 Merge pull request #24936 from owncloud/2fa-block-ocs
block OCS if 2FA challenge needs to be solved first
2016-06-02 14:55:34 +02:00
Vincent Petry f37d519d0d Merge pull request #24946 from owncloud/issue-24943-duplicate-downgrade-unsupported-message
Do not show the hint when it's the same as the message
2016-06-02 10:40:53 +02:00
Joas Schilling 1d2cdfb9fd
Fix URL for client downloads 2016-06-01 16:58:57 +02:00
Joas Schilling 13892417c4
Do not show the hint when it's the same as the message 2016-06-01 13:34:57 +02:00
Christoph Wurst 3ec6f4e165
block OCS if 2FA challenge needs to be solved first 2016-06-01 11:19:49 +02:00
Vincent Petry 7b4459d28d Merge pull request #24912 from owncloud/session-tokens-apache-auth
Create session tokens for apache auth users
2016-06-01 10:56:10 +02:00
Christoph Wurst c58d8159d7
Create session tokens for apache auth users 2016-05-31 17:07:49 +02:00
Lukas Reschke a23df94af1
Properly check for mbstring extension
mb_detect_encoding is in the fallback we ship in the polyfill library, mb_strcut is not. Thus this lead to a false positive and ownCloud would just break.
2016-05-31 08:12:36 +02:00
Lukas Reschke aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Vincent Petry 51b0036d8f
Changed labels of chunk TTL to mention chunks 2016-05-24 15:18:56 +02:00
Vincent Petry c9b26d065b
Move cache chunk TTL value to FileChunking class
This makes it less generic and only used for actual file chunking
2016-05-24 14:58:27 +02:00
Vincent Petry adcf942901 Merge pull request #24750 from owncloud/lenz1111-share_download_range_requests_support
Http Range requests support in downloads
2016-05-23 21:01:26 +02:00
Piotr Filiciak 6577bbe887 Code style and doc fix 2016-05-23 15:17:00 +02:00
Piotr Filiciak 9999e05660
Http Range requests support in downloads
Http range requests support is required for video preview
2016-05-20 18:16:44 +02:00
Vincent Petry db4c7fe743
Add encoding wrapper as opt-in mount option
The encoding wrapper is now only applied when the mount option is set,
disabled by default.
2016-05-20 09:33:59 +02:00
Vincent Petry 63bbbf29f4
Add wrapper for NFD encoding workaround 2016-05-20 09:33:59 +02:00
Roeland Douma 5c9103287f Group fixup (#24621)
* Move used OC_Group_xx to \OC\Group

* Add (deprecated) legacy wrapper in legacy, OC_Group_xx

* Replace deprecated use of OC_Group_xx with \OC\Group\xx
2016-05-17 16:06:44 +02:00
Roeland Jago Douma eb79b83831
Move functions.php to legacy
This file should really be properly namespaced etc!
2016-05-13 08:54:07 +02:00
Roeland Douma 9b05f37fad lib/private/ocs to PSR-4 (#24558)
* Move OC_OCS_XX to legacy

* Move \OC\OCS to PSR-4

* OC_OCS_xx to \OC\OCS\xx

* Moved OC_OCS_xx to proper namespace
* OC_OCS_xx is still there for legacy reasons as a wrapper

* No calls to OC_OCS_xx in \OC\OCS\
2016-05-12 09:43:53 +02:00
Thomas Müller 8729415880 Merge pull request #24531 from owncloud/psr4-loading-for-install-and-commands
Correctly register PSR-4 autoloading before install.php and loading commands
2016-05-11 13:53:16 +02:00
Christoph Wurst 46bdf6ea2b
fix PHPDoc and other minor issues 2016-05-11 13:36:46 +02:00