Lukas Reschke
c385423d10
Merge pull request #479 from nextcloud/add-bruteforce-throttler
...
Implement brute force protection
2016-07-21 00:31:02 +02:00
Lukas Reschke
ba4f12baa0
Implement brute force protection
...
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.
It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
2016-07-20 22:08:56 +02:00
Lukas Reschke
a17ba2f488
Merge pull request #466 from nextcloud/escape-special-characters
...
Escape special characters (#25429 )
2016-07-20 21:24:19 +02:00
Roeland Douma
26cf51403e
Merge pull request #464 from nextcloud/master-change-load-order
...
[master] Change load order of auth backends so that we can throw an exception …
2016-07-20 20:08:22 +02:00
Vincent Petry
e5c4f53eea
Cast share id to string ( #25402 )
2016-07-20 15:10:10 +02:00
Aaron Wood
7c0de08cc4
Escape special characters ( #25429 )
...
* Escape LIKE parameter
* Escape LIKE parameter
* Escape LIKE parameter
* Escape LIKE parameter
* Escape LIKE parameter
* Use correct method in the AbstractMapping class
* Change the getNamesBySearch method so that input can be properly escaped while still supporting matches
* Don't escape hardcoded wildcard
2016-07-20 14:46:47 +02:00
Thomas Müller
e795f7b106
Change load order of auth backends so that we can throw an exception in OCA\DAV\Connector\Sabre\Auth - fixes #25362 ( #25476 )
2016-07-20 14:40:52 +02:00
Morris Jobke
0a6d95b126
Merge pull request #394 from nextcloud/tags-for-everything
...
SystemTags for everything not just files
2016-07-19 10:47:12 +02:00
Björn Schießle
ea470f8777
Merge pull request #405 from nextcloud/theming-fixes
...
Theming fixes
2016-07-18 15:59:47 +02:00
Joas Schilling
54708f97a1
Fix non-existing exception class
2016-07-18 10:26:42 +02:00
Joas Schilling
7c039bcbf6
Allow apps to register SystemTags plugins
2016-07-18 10:26:42 +02:00
Joas Schilling
c2b077e185
Fix doc blocks
2016-07-18 10:26:42 +02:00
Joas Schilling
8e13ff2c86
Fix TODO and bring in abstraction (similar to comments)
2016-07-18 10:26:36 +02:00
Morris Jobke
40328114f9
Merge pull request #379 from nextcloud/create_federated_share_on_mount
...
Create federated share on mount
2016-07-18 09:22:48 +02:00
Morris Jobke
ab6db739fa
Merge pull request #407 from nextcloud/dav_phpunit_fixes
...
Fix PHPUnit 5.4 warnings in DAV app
2016-07-15 11:14:15 +02:00
Roeland Jago Douma
2fcb24166f
Fix PHPUnit 5.4 warnings in DAV app
...
* getMock is deprecated
2016-07-15 09:52:46 +02:00
Joas Schilling
2c988ecbf4
Use the themed Defaults everywhere
2016-07-15 09:17:30 +02:00
Roeland Jago Douma
059b7435ab
PasswordLoginForbidden is not a FATAL exception
...
It is just a 'Sabre\DAV\Exception\NotAuthenticated' exception
with some special meaning.
So just log it as DEBUG and not as FATAL.
2016-07-14 22:53:12 +02:00
Bjoern Schiessle
dc53788711
remove unused parameter
2016-07-14 16:39:48 +02:00
Robin Appelman
6da066e7be
Fix test using private propertries
2016-07-08 12:36:25 +02:00
Robin Appelman
f98cb9efa0
Fix type hinting
2016-07-08 12:35:50 +02:00
Robin Appelman
8f84c99e3f
Fix undefined properties
2016-07-08 12:35:16 +02:00
Morris Jobke
ba16fd0d33
Merge branch 'master' into sync-master
2016-07-07 11:29:46 +02:00
Thomas Pulzer
90b7f74da7
Changed name of default logfile from owncloud.log to nextcloud.log.
2016-07-04 11:50:32 +02:00
Thomas Citharel
7d95cde37d
Add all properties while creating a subscription ( #25318 )
...
Fixes #24469
2016-07-01 13:42:35 +02:00
Lukas Reschke
179a355b2c
Merge remote-tracking branch 'upstream/master' into master-sync-upstream
2016-07-01 11:36:35 +02:00
Bjoern Schiessle
26e14529be
fix error message
2016-06-30 13:50:31 +02:00
Lukas Reschke
149218ead9
Fix tests
2016-06-30 13:46:08 +02:00
Lukas Reschke
c771368c4e
Add proper throws PHP docs
2016-06-30 13:19:50 +02:00
Lukas Reschke
1e7f0f7341
Add required $message parameter
2016-06-30 13:17:53 +02:00
Bjoern Schiessle
3571207bd9
add some additonal permission checks to the webdav backend
2016-06-30 11:16:49 +02:00
Björn Schießle
5ace6b53f3
get only vcards which match both the address book id and the vcard uri ( #25294 )
2016-06-29 12:13:59 +02:00
Bjoern Schiessle
5f6944954b
get only vcard which match both the address book id and the vcard uri
2016-06-28 16:11:06 +02:00
Georg Ehrke
3c399be6ec
fix a ImageExportPlugin Test ( #25215 )
2016-06-27 21:26:56 +02:00
Lukas Reschke
7a9d60d87e
Merge remote-tracking branch 'upstream/master' into master-upstream-sync
2016-06-26 12:55:05 +02:00
Vincent Petry
56ad4cdfec
Show error message when posting an invalid comment
...
When an internal server error occurs while creating or updating a
comment, display a proper error notification in the UI.
2016-06-24 10:17:12 +02:00
Georg Ehrke
1452b74de7
Contacts API: replace raw image data with url ( #25081 )
...
* add uri to AddressBookImpl array
* Introduce ImageExportPlugin for CardDav
* add plugin to v1 routes
* replace binary contact photo with link
* update tests
* Adding unit tests
2016-06-21 15:25:44 +02:00
Lukas Reschke
2b493e2f9d
Merge remote-tracking branch 'upstream/master' into master-sync-upstream
2016-06-21 11:18:22 +02:00
Vincent Petry
2340660a5b
PasswordLoginForbidden must extend NotAuthenticated
...
The auth code from Sabre will forward NotAuthenticated exceptions but
in the case of a generic exception, it is packaged as "service not
available".
2016-06-17 15:50:24 +02:00
Christoph Wurst
5a8cfab68f
throw PasswordLoginForbidden on DAV
2016-06-17 11:30:24 +02:00
Christoph Wurst
82b50d126c
add PasswordLoginForbiddenException
2016-06-17 11:02:07 +02:00
Thomas Müller
0b7685d326
Move birthday calendar generation to a live migration job ( #25135 )
2016-06-16 16:14:28 +02:00
Christoph Wurst
465807490d
create session token only for clients that support cookies
2016-06-13 19:44:05 +02:00
Christoph Wurst
331d88bcab
create session token on all APIs
2016-06-13 15:38:34 +02:00
Arthur Schiwon
42c66efea5
Merge branch 'master' of https://github.com/owncloud/core into downstream-160611
2016-06-11 15:34:43 +02:00
Lukas Reschke
842cc2a788
Merge pull request #19 from nextcloud/files-drop
...
add "hide file list" option
2016-06-10 18:29:09 +02:00
Vincent Petry
57b999fde7
Merge pull request #24990 from owncloud/fix_24868
...
Wrap publicwebdav in sharePermission mask
2016-06-10 14:33:06 +02:00
Vincent Petry
68c3b23e04
Merge pull request #24080 from owncloud/support-calendar-class-property
...
Extract CLASS property from calendar object and store it in the database
2016-06-10 11:22:11 +02:00
Vincent Petry
67c3a97401
Merge pull request #25046 from owncloud/fix-the-realm
...
Use the correct realm for basic authentication
2016-06-10 10:41:46 +02:00
Vincent Petry
543545505d
Merge pull request #25043 from owncloud/webdav-download-mimetype
...
DAV now returns file name with Content-Disposition header
2016-06-10 09:55:59 +02:00