mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
22,192 Commits 349 Branches 696 Tags 1.6 GiB
Commit Graph

55 Commits

Author SHA1 Message Date
Lukas Reschke f671b232cc Merge pull request #12923 from owncloud/ultra-slim-version-of-incognito-mode 
Add ultra-slim hack for incognito mode
 2014-12-19 14:54:11 +01:00
Robin McCorkell 619dcae7af Merge pull request #12901 from owncloud/move-ldap-check-to-manager 
Move the Null-Byte LDAP check to the user manager
 2014-12-18 00:28:00 +00:00
Lukas Reschke e3230b5bc2 Add ultra-slim hack for incognito mode 
As discussed at https://github.com/owncloud/core/pull/12912#issuecomment-67391155
 2014-12-17 21:53:43 +01:00
Lukas Reschke b91a435ed4 Move basic auth login out of `isLoggedIn` 
Potentially fixes https://github.com/owncloud/core/issues/12915 and opens the door for potential other bugs...

Please test very carefully, this includes:

- Testing from OCS via cURL (as in #12915)
- Testing from OCS via browser (Open the "Von Dir geteilt" shares overview)
- WebDAV
- CalDAV
- CardDAV
 2014-12-17 20:12:14 +01:00
Lukas Reschke f6820406b6 Move the Null-Byte LDAP check to the user manager 
The existing method is deprecated and just a wrapper around the manager method. Since in the future other code paths might call this function instead we need to perform that check here.

Related to http://owncloud.org/security/advisory/?id=oc-sa-2014-020
 2014-12-17 12:47:00 +01:00
Lukas Reschke 5dc6406b70 Add filter for 'backend' to user REST route 
This adds a "backend" type filter to the index REST route which is a pre-requisite for https://github.com/owncloud/core/issues/12620

For example when calling `index.php/settings/users/users?offset=0&limit=10&gid=&pattern=&backend=OC_User_Database` only users within the backend `OC_User_Database` would be shown. (requires sending a CSRF token as well)

Depends upon https://github.com/owncloud/core/pull/12711
 2014-12-10 12:07:34 +01:00
Lukas Reschke fe7d9a7ca0 Add REST route for user & group management 
First step of a somewhat testable user management. - I know, the JSON returns are in an ugly format but the JS expects it that way. So let's keep it that way until we have time to fix the JS in the future.
 2014-12-08 12:11:01 +01:00
Craig Morrissey 541344d880 logging changes 2014-11-07 12:45:42 -05:00
Robin Appelman 1eefc21329 Remove confusingly names \OC\User\Manager::delete and fix the automatic cache cleanup instead 2014-11-05 15:45:58 +01:00
Arthur Schiwon 993376fb6f better variable name 2014-10-22 13:36:57 +02:00
Arthur Schiwon e0342db47c set up FS by username, not login name\! 2014-10-22 13:28:08 +02:00
Lukas Reschke d0d3b7457b Move BasicAuth check to "isLoggedIn()" 
Ensures that Basic Auth works properly for APIs and removes the need for some even uglier lines of code.
 2014-09-18 16:14:07 +02:00
Lukas Reschke 63a90a129b Use proper RNG generator 
OC_Util::generateRandomBytes() only returns lowercase alphanumeric values.
We should use the new RNG which has a broader characterset.
 2014-09-03 17:46:48 +02:00
Robin Appelman a9a37b5363 Don't automatically setup the filesystem the moment we load OC\Files\FileSystem 2014-09-02 16:15:42 +02:00
Jörn Friedrich Dreyer f551917a3c kill OC::$session 
maintain deprecated \OC::$session when getting or setting the session via the server container or UserSession

restore order os OC::$session and OC::$CLI

remove unneded initialization of dummy session

write back session when $useCustomSession is true

log warning when deprecated app is used
 2014-08-29 10:22:21 +02:00
Jörn Friedrich Dreyer fd798fd982 update deprecation docs 2014-08-14 12:22:34 +02:00
Thomas Müller a72dae6842 Merge pull request #10144 from owncloud/issue/9972 
Issue/9972 Fix issues with group and username `0`
 2014-08-06 09:53:13 +02:00
Joas Schilling 4865c52aa6 Fix isLoggedIn() check for user '0' 
Fix #9972
 2014-08-04 15:53:55 +02:00
Vincent Petry 4e957c7b18 Merge pull request #8443 from owncloud/csrf-on-login-and-logout 
Add CSRF check on login and logout
 2014-06-02 11:27:20 +02:00
Arthur Schiwon 2c89962919 clean up tryRememberLogin and save the timestamp of users last login 2014-05-21 18:03:37 +02:00
Thomas Müller f8cb8f4803 Merge branch 'master' into csrf-on-login-and-logout 
Conflicts:
	core/templates/login.php
 2014-05-19 20:40:55 +02:00
Morris Jobke dc36d30953 Remove all occurences of @brief and @returns from PHPDoc 
* test case added to avoid adding them later
 2014-05-19 17:50:53 +02:00
Robin McCorkell 3bed3d2a23 Change parameter type for useBackend 2014-05-13 19:08:14 +01:00
Robin McCorkell a7ae2e874a Squash 'a | b' into 'a|b', in /lib 2014-05-13 19:08:14 +01:00
Robin McCorkell b5bc37d2e4 Fix @return array PHPDocs, in /lib 2014-05-13 19:08:14 +01:00
Robin McCorkell b653ad164b Replace @returns with @return, in /lib 2014-05-13 19:08:14 +01:00
Lukas Reschke 73b914ddbc Add CSRF check on login and logout 
This is a minor issue and not worth a backport in my opinion as it could break more things than it's worth having it.
 2014-05-04 13:56:21 +02:00
Lukas Reschke e88731a477 Some more PHPDoc fixes 2014-04-21 15:44:54 +02:00
Thomas Müller 6ff96b34ad Merge branch 'master' into load-apps-proper-master 
Conflicts:
	apps/files/ajax/rawlist.php
	cron.php
	ocs/v1.php
 2014-03-21 14:05:08 +01:00
Lukas Reschke 69325c5eeb Move session_regenerate_id to `login()` 2014-02-21 08:11:07 +01:00
Lukas Reschke 0241ddc759 Merge pull request #6519 from nhirokinet/master 
Security Update: session fixation
 2014-02-20 14:28:26 +01:00
Scrutinizer Auto-Fixer adaee6a5a1 Scrutinizer Auto-Fixes 
This patch was automatically generated as part of the following inspection:
https://scrutinizer-ci.com/g/owncloud/core/inspections/cdfecc4e-a37e-4233-8025-f0d7252a8720

Enabled analysis tools:
 - PHP Analyzer
 - JSHint
 - PHP Copy/Paste Detector
 - PHP PDepend
 2014-02-19 09:31:54 +01:00
Thomas Müller 9fac95c2ab Merge branch 'master' into scrutinizer_documentation_patches 
Conflicts:
	lib/private/appconfig.php
 2014-02-14 23:03:27 +01:00
Jörn Friedrich Dreyer 2a6a9a8cef polish documentation based on scrutinizer patches 2014-02-06 17:02:21 +01:00
Thomas Müller 79fc4f3126 Within OC:init() the minimum set of apps is loaded - which is filesystem, authentication and logging 2014-02-06 11:34:27 +01:00
Robin Appelman 8d6a3a00b4 Revert "Use Cache->clear to cleanup the filecache for removed users" 
This reverts commit 5a5b6f187e.
 2014-02-03 16:29:04 +01:00
Robin Appelman 5a5b6f187e Use Cache->clear to cleanup the filecache for removed users 2014-01-22 13:00:45 +01:00
Robin Appelman 374e3475c9 Also remove the user's home storage from the storage table when deleting a user 2014-01-21 23:58:48 +01:00
Thomas Müller 22bd69f75c set login name within apache auth backend 2014-01-09 10:28:24 +01:00
nhirokinet c2e2c59ca7 Update user.php to fix duplicate session-duplicate 2013-12-22 01:31:04 +09:00
Bjoern Schiessle 6deda1b9f6 return false if user is in incognito mode 2013-11-27 16:52:30 +01:00
blizzz 4f15282bc9 Merge pull request #6058 from owncloud/ldap2avatar 
Set Avatar for LDAP users automatically (if a picture is available)
 2013-11-26 12:05:32 -08:00
Bjoern Schiessle 7e4f50d4e3 add incognito mode, allows to hide my user ID. For example, this is useful to access public resources while a user is still logged in 2013-11-22 13:55:38 +01:00
Arthur Schiwon 8ccac86c98 Enable user backends to provide avatar images 2013-11-22 13:25:20 +01:00
Bjoern Schiessle db0fa6c529 use getHome() to delete users data 2013-10-29 18:01:37 +01:00
Bjoern Schiessle f021dad204 remove user from cache if he was deleted successfully 2013-10-29 15:50:33 +01:00
Andreas Fischer 06f9b7b862 Fix logout link HTML. 
<a id="logout" href=/projects/owncloud/core/index.php?logout=true>
 2013-10-14 22:31:13 +02:00
Victor Dubiniuk 77f43c357c User::delete should return bool 2013-10-07 22:30:15 +03:00
Andreas Fischer 47ed6a5135 Move backend finding into its own method. 2013-10-07 12:26:25 +02:00
Thomas Müller 131d82e41e move call to print_unescaped() to template 2013-10-07 11:49:43 +02:00