nextcloud

Commit Graph

Author	SHA1	Message	Date
Roeland Jago Douma	43d6ae7476	Respect the disabled setting for lost_password_link Fixes #11146 As documented when it is set to disabled the user can't request a lost password. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-11-20 13:28:40 +01:00
Rayn0r	85eb43baff	added possibility to disable autocomplete in login form Signed-off-by: Rayn0r <Andre.Weidemann@web.de>	2018-10-30 11:36:16 +01:00
Patrick Conrad	1806baaeaf	Remove cookies from Clear-Site-Data Header In `2f87fb6b45` this header was introduced. The referenced documentation says: > When delivered with a response from https://example.com/clear, the following header will cause cookies associated with the origin https://example.com to be cleared, as well as cookies on any origin in the same registered domain (e.g. https://www.example.com/ and https://more.subdomains.example.com/). This also applies if `https://nextcloud.example.com/` sends the `Clear-Site-Data: "cookies"` header. This is not the behavior we want at this point! So I removed the deletion of cookies from the header. This has no effect on the logout process as this header is supported only recently and the logout works in old browsers as well. Signed-off-by: Patrick Conrad <conrad@iza.org>	2018-10-15 14:46:06 +02:00
Morris Jobke	7971ba5cc6	Merge pull request #10898 from nextcloud/feature/10684/default-logo-color-theme-colors Switches the default logo color depending on the primary color	2018-10-08 10:33:22 +02:00
Roeland Jago Douma	d9febae5b2	Update all the publickey tokens if needed on web login * On weblogin check if we have invalid public key tokens * If so update them all with the new token This ensures that your marked as invalid tokens work again if you once login on the web. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-10-02 19:50:54 +02:00
Michael Weimann	d855c38e07	Moves the logo files to logo Signed-off-by: Michael Weimann <mail@michael-weimann.eu>	2018-10-02 08:37:54 +02:00
Christoph Wurst	42300d19e9	Fix max length requirements for the throttler metadata If a failed login is logged, we save the username as metadata in the bruteforce throttler. To prevent database error due to very long strings, this truncates the username at 64 bytes in the assumption that no real username is longer than that.long strings, Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2018-08-13 15:52:09 +02:00
Christoph Wurst	d8197f2b97	Rename providerset method to get primary providers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2018-08-08 20:28:21 +02:00
Christoph Wurst	c6e47e8a51	Fix login redirection if only one 2FA provider is active Fixes https://github.com/nextcloud/server/issues/10500. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2018-08-08 15:25:59 +02:00
Michael Weimann	c92d7429d7	Implements handling for deactivated users Signed-off-by: Michael Weimann <mail@michael-weimann.eu>	2018-07-21 13:05:13 +02:00
Christoph Wurst	13d93f5b25	Make 2FA providers stateful This adds persistence to the Nextcloud server 2FA logic so that the server knows which 2FA providers are enabled for a specific user at any time, even when the provider is not available. The `IStatefulProvider` interface was added as tagging interface for providers that are compatible with this new API. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2018-06-20 08:30:26 +02:00
Roeland Jago Douma	a07f6d46e3	Use proper types Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-04-11 00:21:25 +02:00
Morris Jobke	fd3c97b93b	Avoid to leak a user ID that is not a string to reach a user backend Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2018-04-11 00:03:30 +02:00
Roeland Jago Douma	33b93db953	Remove unused parameter Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-04-06 21:44:23 +02:00
Roeland Jago Douma	2b7d4d5069	Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-04-06 19:58:37 +02:00
Roeland Jago Douma	caee215120	Always remember me Fixes #8004 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-04-06 15:44:28 +02:00
Arthur Schiwon	ffc05e2fed	don't try login with the same name that just failed Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2018-02-22 13:05:48 +01:00
Roeland Jago Douma	7cab7feb38	Display message when connection is throttled on logi page Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-01-15 21:43:09 +01:00
Julius Härtl	f5f6ed664d	Hide stay logged in checkbox when flow authentication is used Signed-off-by: Julius Härtl <jus@bitgrid.net>	2017-12-28 11:15:26 +01:00
Morris Jobke	0eebff152a	Update license headers Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2017-11-06 16:56:19 +01:00
Lukas Reschke	0bccd5a0d9	Fix "Uninitialized string offset: 0 at \/media\/psf\/stable9\/lib\/private\/URLGenerator.php#224" The URLGenerator doesn't support `` as target for absolute URLs, we need to link to `/` thus. Regression introduced with `46229a00f3` Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-09-07 08:34:02 +02:00
Morris Jobke	30ca3b70ed	Merge pull request #6196 from nextcloud/downstream-26539-2 Handle invalid ext storage backend to keep mount point visible	2017-09-04 14:17:28 +02:00
Morris Jobke	0326c2c54f	Fix broken tests Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2017-09-04 14:17:03 +02:00
Julius Härtl	46229a00f3	Add rich link preview to the login page Signed-off-by: Julius Härtl <jus@bitgrid.net>	2017-09-02 21:39:38 +02:00
Lukas Reschke	f22ab3e665	Add metadata to \OCP\AppFramework\Http\Response::throttle Fixes https://github.com/nextcloud/server/issues/5891 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-07-27 14:17:45 +02:00
Lukas Reschke	2f87fb6b45	Add Clear-Site-Data header This adds a Clear-Site-Data header to the logout response which will delete all relevant data in the caches which may contain potentially sensitive content. See https://w3c.github.io/webappsec-clear-site-data/#header for the definition of the types. Ref https://twitter.com/mikewest/status/877149667909406723 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-06-20 19:46:10 +02:00
Ujjwal Bhardwaj	7c23414eef	Disable reset password link. Issue: #27440	2017-05-11 10:27:33 +02:00
Christoph Wurst	bb1d191f82	Fix remember redirect_url on failed login attempts Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2017-04-25 09:38:19 +02:00
Lukas Reschke	8149945a91	Make BruteForceProtection annotation more clever This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware. Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-04-13 23:05:33 +02:00
Morris Jobke	d36751ee38	Merge pull request #2424 from nextcloud/fix-login-controller-test-consolidate-login Fix login controller test and consolidate login	2017-04-13 12:16:38 -05:00
Joas Schilling	7ad791efb4	Dont create a log entry on email login Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-04-07 10:15:20 +02:00
Arthur Schiwon	7b3fdfeeaa	do login routine only once when done via LoginController Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2017-04-06 15:22:42 +02:00
Arthur Schiwon	2994cbc586	fix login controller tests Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2017-04-06 15:20:17 +02:00
blizzz	19fc68cbdc	Merge pull request #2606 from temparus/master Add preLoginValidation hook	2017-02-15 21:47:47 +01:00
Joas Schilling	ac841ee002	Merge pull request #3362 from nextcloud/fix/nc-token-cookie-name oc_token should be nc_token	2017-02-09 10:07:59 +01:00
Sandro Lutz	9b6f99ab08	Update license header Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>	2017-02-07 01:25:39 +01:00
Sandro Lutz	fa1d607bfa	Merge remote-tracking branch 'nextcloud/master' Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>	2017-02-07 00:15:30 +01:00
Sandro Lutz	ff3fa538e4	Add missing use statement for PublicEmitter Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>	2017-02-07 00:12:19 +01:00
Christoph Wurst	5e728d0eda	oc_token should be nc_token Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2017-02-02 21:56:44 +01:00
Sandro Lutz	20f878b014	Fix typo for UserManager variable Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>	2017-02-01 21:54:00 +01:00
Sandro Lutz	6feff0ceba	Add check if UserManager is of type PublicEmitter before calling preLogin hook Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>	2017-02-01 21:53:50 +01:00
Sandro Lutz	e30d28f7eb	Change where preLogin hook gets called Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>	2017-02-01 21:53:42 +01:00
Sandro Lutz	6ab0a3215d	Remove preLoginValidation hook Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>	2017-02-01 21:53:29 +01:00
Sandro Lutz	e14d50eb1f	Fix indentation Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>	2017-02-01 21:50:47 +01:00
Sandro Lutz	4ebcd5ac0b	Add preLoginValidation hook Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>	2017-02-01 21:50:25 +01:00
John Molakvoæ (skjnldsv)	2c9d7eeb76	Fix public page css fallback loading Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	2017-02-01 18:03:51 +01:00
Morris Jobke	5bad417e57	Merge pull request #2044 from nextcloud/login-credential-store Login credential store	2017-01-30 19:30:04 -06:00
Lukas Reschke	bde1150d04	Merge pull request #3004 from nextcloud/fix-installation-css Fixed installation page	2017-01-22 18:28:33 +01:00
Bjoern Schiessle	cdf01feba7	add action to existing brute force protection Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	2017-01-18 15:25:16 +01:00
Christoph Wurst	140555b786	always allow remembered login Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2017-01-11 19:20:11 +01:00

1 2

93 Commits