nextcloud

Commit Graph

Author	SHA1	Message	Date
Lukas Reschke	26ee889fec	Add tests for ClientFlowLoginController Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-05-18 20:49:08 +02:00
Joas Schilling	0828df5ed4	Disable the API endpoints as well Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-05-11 17:03:57 +02:00
Joas Schilling	d418ea550b	Automatic injection for CssController Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-05-10 09:42:40 +02:00
Joas Schilling	9c8fe82000	Automatic injection for JsController Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-05-10 09:42:15 +02:00
Mario Danic	e4aac15a92	Update login flow redirection Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-05-04 19:21:22 +02:00
Georg Ehrke	60f9ed6241	add contactsmenu popover Signed-off-by: Georg Ehrke <developer@georgehrke.com>	2017-04-26 09:26:53 +02:00
Jan-Christoph Borchardt	241e397326	Merge branch 'master' into contactsmenu Signed-off-by: Jan-Christoph Borchardt <hey@jancborchardt.net>	2017-04-26 00:50:38 +02:00
Christoph Wurst	36cee1f386	Let apps register contact menu provider via info.xml Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2017-04-25 20:47:17 +02:00
Christoph Wurst	d091793ceb	Contacts menu * load list of contacts from the server * show last message of each contact Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2017-04-25 20:47:17 +02:00
Roeland Jago Douma	aae079aa29	AppToken to 72 chars Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-04-25 20:18:49 +02:00
Lukas Reschke	6a16df7288	Add new auth flow This implements the basics for the new app-password based authentication flow for our clients. The current implementation tries to keep it as simple as possible and works the following way: 1. Unauthenticated client opens `/index.php/login/flow` 2. User will be asked whether they want to grant access to the client 3. If accepted the user has the chance to do so using existing App Token or automatically generate an app password. If the user chooses to use an existing app token then that one will simply be redirected to the `nc://` protocol handler. While we can improve on that in the future, I think keeping this smaller at the moment has its advantages. Also, in the near future we have to think about an automatic migration endpoint so there's that anyways :-) If the user chooses to use the regular login the following happens: 1. A session state token is written to the session 2. User is redirected to the login page 3. If successfully authenticated they will be redirected to a page redirecting to the POST controller 4. The POST controller will check if the CSRF token as well as the state token is correct, if yes the user will be redirected to the `nc://` protocol handler. This approach is quite simple but also allows to be extended in the future. One could for example allow external websites to consume this authentication endpoint as well. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-04-25 20:18:49 +02:00
Christoph Wurst	bb1d191f82	Fix remember redirect_url on failed login attempts Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2017-04-25 09:38:19 +02:00
Morris Jobke	16c4755e03	Rename renderHTML to renderHtml * fixes #4383 * improves consistency Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2017-04-19 15:46:41 -05:00
Roeland Jago Douma	ad24b86013	Merge pull request #4350 from nextcloud/adjust-old-bruteforce-protection-annotations Adjust existing bruteforce protection code	2017-04-19 09:27:23 +02:00
Lukas Reschke	805419bb95	Add bruteforce protection to changePersonalPassword While the risk is actually quite low because one would already have the user session and could potentially do other havoc it makes sense to throttle here in case of invalid previous password attempts. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-04-18 17:55:51 +02:00
Lukas Reschke	727688ebd9	Adjust existing bruteforce protection code - Moves code to annotation - Adds the `throttle()` call on the responses on existing annotations Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-04-14 13:42:40 +02:00
Lukas Reschke	8149945a91	Make BruteForceProtection annotation more clever This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware. Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-04-13 23:05:33 +02:00
Lukas Reschke	81d3732bf5	Merge pull request #4308 from nextcloud/lost-password-email Update email template for lost password email	2017-04-13 20:02:15 +02:00
Morris Jobke	d36751ee38	Merge pull request #2424 from nextcloud/fix-login-controller-test-consolidate-login Fix login controller test and consolidate login	2017-04-13 12:16:38 -05:00
Morris Jobke	7cb6038fca	Merge pull request #3043 from nextcloud/issue-3038-no-logentry-on-email-login Dont create a log entry on email login	2017-04-13 01:04:11 -05:00
Morris Jobke	1f962f9115	Update email template for lost password email Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2017-04-12 15:19:53 -05:00
Morris Jobke	5b4adf66e5	Move OC_Defaults to OCP\Defaults * currently there are two ways to access default values: OCP\Defaults or OC_Defaults (which is extended by OCA\Theming\ThemingDefaults) * our code used a mixture of both of them, which made it hard to work on theme values * this extended the public interface with the missing methods and uses them everywhere to only rely on the public interface Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2017-04-09 21:43:01 -05:00
Joas Schilling	7ad791efb4	Dont create a log entry on email login Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-04-07 10:15:20 +02:00
Arthur Schiwon	7b3fdfeeaa	do login routine only once when done via LoginController Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2017-04-06 15:22:42 +02:00
Arthur Schiwon	2994cbc586	fix login controller tests Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2017-04-06 15:20:17 +02:00
Roeland Jago Douma	6bdd3a167d	Merge pull request #4123 from nextcloud/allow-password-reset-with-email Allow to reset the password with the email as an input	2017-04-05 09:12:41 +02:00
Morris Jobke	9813023aab	Fix gzip files for Safari * Safari support gzip only if the filename does not end on .gz - so this renames them to .gzip Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2017-03-29 00:11:51 -06:00
Roeland Jago Douma	3a0ef65f33	Fix controller tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-03-28 23:42:20 +02:00
Joas Schilling	4bae7ef96d	Allow to reset the password with the email as an input Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-03-28 21:17:37 +02:00
Roeland Jago Douma	677e11b1a4	Tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-03-24 11:31:48 +01:00
Christoph Wurst	5e728d0eda	oc_token should be nc_token Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2017-02-02 21:56:44 +01:00
Morris Jobke	5bad417e57	Merge pull request #2044 from nextcloud/login-credential-store Login credential store	2017-01-30 19:30:04 -06:00
Bjoern Schiessle	5086335643	unify endpoints form core and the the provisioning api Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	2017-01-25 11:20:35 +01:00
Morris Jobke	622101f2dd	Merge pull request #2918 from nextcloud/encryption-recovery-improvements create new encryption keys on password reset and backup the old one	2017-01-13 11:28:43 +01:00
Christoph Wurst	140555b786	always allow remembered login Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2017-01-11 19:20:11 +01:00
Christoph Wurst	243c9c0941	fix coding style and increase code coverage Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2017-01-11 11:01:54 +01:00
Cornelius Kölbel	b8d41752ca	Fix tests Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-01-11 11:01:54 +01:00
Bjoern Schiessle	fcda3a20f4	create new encryption keys on password reset and backup the old one Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	2017-01-10 17:04:32 +01:00
Roeland Jago Douma	350b7ebc86	Adds CssControllerTests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-01-06 09:42:39 +01:00
Roeland Jago Douma	31a3e9847f	Adds user controller tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2016-12-30 13:26:26 +01:00
Christoph Wurst	eff904473d	Set redirect_url on 2FA challenge page Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2016-12-23 20:53:26 +01:00
Morris Jobke	998f235474	Merge pull request #2563 from nextcloud/fix-password-reset fix password reset if encryption is enabled	2016-12-22 11:18:04 +01:00
Bjoern Schiessle	16bbd3fd7c	fix password reset if encryption is enabled Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	2016-12-08 12:08:05 +01:00
Joas Schilling	924358ef96	Save the timezone on login again Signed-off-by: Joas Schilling <coding@schilljs.com>	2016-12-08 10:45:24 +01:00
Lukas Reschke	8bf4111368	Fix changing display names for subadmins Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2016-11-21 11:30:00 +01:00
Roeland Jago Douma	74c68d8761	Add OCSControllerTests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2016-11-16 19:49:51 +01:00
Morris Jobke	ac61f64190	Merge pull request #1109 from nextcloud/add-more-secrets-to-password-reset-link Use mail for encrypting the password reset token as well	2016-11-03 22:11:43 +01:00
Roeland Jago Douma	dca9184a12	Fix tests * Tests fixed and controller coverage to 100% Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2016-11-03 19:08:56 +01:00
Lukas Reschke	6d686c213b	[WIP] Use mail for encrypting the password reset token as well	2016-11-03 14:27:26 +01:00
Roeland Jago Douma	9e6b26dcd0	Add cache 1 day cache to preview endpoint Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2016-11-03 14:00:33 +01:00

1 2

94 Commits