nextcloud

Commit Graph

Author	SHA1	Message	Date
Lukas Reschke	8149945a91	Make BruteForceProtection annotation more clever This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware. Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-04-13 23:05:33 +02:00
Lukas Reschke	81d3732bf5	Merge pull request #4308 from nextcloud/lost-password-email Update email template for lost password email	2017-04-13 20:02:15 +02:00
Morris Jobke	d36751ee38	Merge pull request #2424 from nextcloud/fix-login-controller-test-consolidate-login Fix login controller test and consolidate login	2017-04-13 12:16:38 -05:00
Lukas Reschke	66835476b5	Add support for ratelimiting via annotations This allows adding rate limiting via annotations to controllers, as one example: ``` @UserRateThrottle(limit=5, period=100) @AnonRateThrottle(limit=1, period=100) ``` Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-04-13 12:00:16 +02:00
Morris Jobke	7cb6038fca	Merge pull request #3043 from nextcloud/issue-3038-no-logentry-on-email-login Dont create a log entry on email login	2017-04-13 01:04:11 -05:00
Morris Jobke	1f962f9115	Update email template for lost password email Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2017-04-12 15:19:53 -05:00
Morris Jobke	5b4adf66e5	Move OC_Defaults to OCP\Defaults * currently there are two ways to access default values: OCP\Defaults or OC_Defaults (which is extended by OCA\Theming\ThemingDefaults) * our code used a mixture of both of them, which made it hard to work on theme values * this extended the public interface with the missing methods and uses them everywhere to only rely on the public interface Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2017-04-09 21:43:01 -05:00
Joas Schilling	7ad791efb4	Dont create a log entry on email login Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-04-07 10:15:20 +02:00
Arthur Schiwon	7b3fdfeeaa	do login routine only once when done via LoginController Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2017-04-06 15:22:42 +02:00
Arthur Schiwon	2994cbc586	fix login controller tests Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2017-04-06 15:20:17 +02:00
Roeland Jago Douma	6bdd3a167d	Merge pull request #4123 from nextcloud/allow-password-reset-with-email Allow to reset the password with the email as an input	2017-04-05 09:12:41 +02:00
Morris Jobke	9813023aab	Fix gzip files for Safari * Safari support gzip only if the filename does not end on .gz - so this renames them to .gzip Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2017-03-29 00:11:51 -06:00
Roeland Jago Douma	54f9b35f71	Allow to gzip CSS/JS files Since in production the SCSS files are compiled once and the javascript files are combined once we can just as well gzip them aggresively. This means that once they are requested and the browser supports gzip we can just serve the gzipped file saving precious bandwidth. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-03-28 21:46:23 +02:00
Joas Schilling	4bae7ef96d	Allow to reset the password with the email as an input Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-03-28 21:17:37 +02:00
Roeland Jago Douma	8e89ad21a2	[PoC] JS Combiner Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-03-24 10:58:10 +01:00
blizzz	19fc68cbdc	Merge pull request #2606 from temparus/master Add preLoginValidation hook	2017-02-15 21:47:47 +01:00
Joas Schilling	ac841ee002	Merge pull request #3362 from nextcloud/fix/nc-token-cookie-name oc_token should be nc_token	2017-02-09 10:07:59 +01:00
Sandro Lutz	9b6f99ab08	Update license header Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>	2017-02-07 01:25:39 +01:00
Sandro Lutz	fa1d607bfa	Merge remote-tracking branch 'nextcloud/master' Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>	2017-02-07 00:15:30 +01:00
Sandro Lutz	ff3fa538e4	Add missing use statement for PublicEmitter Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>	2017-02-07 00:12:19 +01:00
Christoph Wurst	5e728d0eda	oc_token should be nc_token Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2017-02-02 21:56:44 +01:00
Sandro Lutz	20f878b014	Fix typo for UserManager variable Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>	2017-02-01 21:54:00 +01:00
Sandro Lutz	6feff0ceba	Add check if UserManager is of type PublicEmitter before calling preLogin hook Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>	2017-02-01 21:53:50 +01:00
Sandro Lutz	e30d28f7eb	Change where preLogin hook gets called Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>	2017-02-01 21:53:42 +01:00
Sandro Lutz	6ab0a3215d	Remove preLoginValidation hook Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>	2017-02-01 21:53:29 +01:00
Sandro Lutz	e14d50eb1f	Fix indentation Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>	2017-02-01 21:50:47 +01:00
Sandro Lutz	4ebcd5ac0b	Add preLoginValidation hook Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>	2017-02-01 21:50:25 +01:00
John Molakvoæ (skjnldsv)	2c9d7eeb76	Fix public page css fallback loading Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	2017-02-01 18:03:51 +01:00
Morris Jobke	5bad417e57	Merge pull request #2044 from nextcloud/login-credential-store Login credential store	2017-01-30 19:30:04 -06:00
Bjoern Schiessle	5086335643	unify endpoints form core and the the provisioning api Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	2017-01-25 11:20:35 +01:00
Lukas Reschke	bde1150d04	Merge pull request #3004 from nextcloud/fix-installation-css Fixed installation page	2017-01-22 18:28:33 +01:00
Bjoern Schiessle	927d3865a0	add brute force protection to password reset to make it harder to guess user logins Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	2017-01-19 10:12:45 +01:00
Bjoern Schiessle	cdf01feba7	add action to existing brute force protection Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	2017-01-18 15:25:16 +01:00
Morris Jobke	622101f2dd	Merge pull request #2918 from nextcloud/encryption-recovery-improvements create new encryption keys on password reset and backup the old one	2017-01-13 11:28:43 +01:00
Christoph Wurst	140555b786	always allow remembered login Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2017-01-11 19:20:11 +01:00
Christoph Wurst	243c9c0941	fix coding style and increase code coverage Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2017-01-11 11:01:54 +01:00
Cornelius Kölbel	e077e01bf2	Add a TwoFactorException A Two Factor third party App may throw a TwoFactorException() with a more detailed error message in case the authentication fails. The 2FA Controller will then display the message of this Exception to the user. Working on #26593 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-01-11 11:01:52 +01:00
John Molakvoæ (skjnldsv)	e4b3ba6590	Create unified css file and merge all needed data into this file Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	2017-01-10 17:50:29 +01:00
Bjoern Schiessle	fcda3a20f4	create new encryption keys on password reset and backup the old one Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	2017-01-10 17:04:32 +01:00
John Molakvoæ (skjnldsv)	67467873c2	Removed jquery scss - Switched to setup.css - Disable scss when displaying the update page - Improved setup css - Fixed loading failure of other styles on setup & update page - Improved scss compiler with an ignore scss compilation option Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	2017-01-10 11:06:03 +01:00
Roeland Jago Douma	350b7ebc86	Adds CssControllerTests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-01-06 09:42:39 +01:00
Roeland Jago Douma	1e44a15dd1	No need for the CssManager * It is a simple wrapper we can always add it later if needed Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-01-06 09:42:14 +01:00
Roeland Jago Douma	95d85ba8eb	Do not add ICssManager to OCP We can add it later if needed Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-01-06 09:42:13 +01:00
Roeland Jago Douma	2816177ecb	Code cleanup Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-01-06 09:42:13 +01:00
John Molakvoæ (skjnldsv)	6380d503af	Css cache folder name fix, route fix and various fixes Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	2017-01-06 09:42:13 +01:00
John Molakvoæ (skjnldsv)	3b62003c9c	Injection fix and log appname fix Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	2017-01-06 09:42:13 +01:00
John Molakvoæ (skjnldsv)	1caaa7f4cd	Appdata integration 2 Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	2017-01-06 09:42:13 +01:00
Joas Schilling	2f21eaaf47	Use login name to fix password confirm with ldap users Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-01-05 12:17:30 +01:00
Christoph Wurst	eff904473d	Set redirect_url on 2FA challenge page Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2016-12-23 20:53:26 +01:00
Morris Jobke	998f235474	Merge pull request #2563 from nextcloud/fix-password-reset fix password reset if encryption is enabled	2016-12-22 11:18:04 +01:00

1 2 3

147 Commits