Joas Schilling
3d671cc536
Merge pull request #4443 from nextcloud/cleanup-unused-imports
...
Remove unused use statements
2017-04-24 11:47:37 +02:00
Morris Jobke
c54a59d51e
Remove unused use statements
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-22 19:23:31 -05:00
Lukas Reschke
d0d34d308a
Add at most 10 password reset requests per 5 minutes and IP range
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-22 08:12:54 +02:00
Morris Jobke
16c4755e03
Rename renderHTML to renderHtml
...
* fixes #4383
* improves consistency
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-19 15:46:41 -05:00
Lukas Reschke
727688ebd9
Adjust existing bruteforce protection code
...
- Moves code to annotation
- Adds the `throttle()` call on the responses on existing annotations
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-14 13:42:40 +02:00
Lukas Reschke
81d3732bf5
Merge pull request #4308 from nextcloud/lost-password-email
...
Update email template for lost password email
2017-04-13 20:02:15 +02:00
Lukas Reschke
66835476b5
Add support for ratelimiting via annotations
...
This allows adding rate limiting via annotations to controllers, as one example:
```
@UserRateThrottle(limit=5, period=100)
@AnonRateThrottle(limit=1, period=100)
```
Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 12:00:16 +02:00
Morris Jobke
1f962f9115
Update email template for lost password email
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-12 15:19:53 -05:00
Morris Jobke
5b4adf66e5
Move OC_Defaults to OCP\Defaults
...
* currently there are two ways to access default values:
OCP\Defaults or OC_Defaults (which is extended by
OCA\Theming\ThemingDefaults)
* our code used a mixture of both of them, which made
it hard to work on theme values
* this extended the public interface with the missing
methods and uses them everywhere to only rely on the
public interface
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-09 21:43:01 -05:00
Joas Schilling
4bae7ef96d
Allow to reset the password with the email as an input
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-03-28 21:17:37 +02:00
Bjoern Schiessle
927d3865a0
add brute force protection to password reset to make it harder to guess user logins
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-01-19 10:12:45 +01:00
Bjoern Schiessle
fcda3a20f4
create new encryption keys on password reset and backup the old one
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-01-10 17:04:32 +01:00
Bjoern Schiessle
16bbd3fd7c
fix password reset if encryption is enabled
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2016-12-08 12:08:05 +01:00
Lukas Reschke
6d686c213b
[WIP] Use mail for encrypting the password reset token as well
2016-11-03 14:27:26 +01:00
Joas Schilling
877cb06bfe
Use magic DI for core controllers
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-09-30 10:00:26 +02:00
Roeland Jago Douma
f6423f74e3
Minor cleanup in core Controllers
2016-08-29 21:52:09 +02:00
Joas Schilling
736e884e9a
Move the reset token to core app
2016-08-23 15:01:38 +02:00
Joas Schilling
ba87db3fcc
Fix others
2016-07-21 18:13:57 +02:00
Joas Schilling
2c988ecbf4
Use the themed Defaults everywhere
2016-07-15 09:17:30 +02:00
Lukas Reschke
aba539703c
Update license headers
2016-05-26 19:57:24 +02:00
Julius Haertl
8ee2cb47d0
Show error messages if a password reset link is invalid or expired
...
- Moved token validation to method checkPasswordResetToken
- Render error with message from exceptions
2016-05-23 16:48:10 +02:00
Lukas Reschke
a4b19a5b1e
Rename files to be PSR-4 compliant
2016-04-06 11:00:52 +02:00