Commit Graph

146 Commits

Author SHA1 Message Date
Arthur Schiwon 01cdc70f9c introduce comments read marke tables, comes with user cleanup after deletion 2016-01-29 13:08:02 +01:00
Thomas Müller f165ad8864 Changing the avatar of the user emits the changeUser event which triggers update of the system addressbook 2016-01-25 20:05:11 +01:00
Thomas Müller adf532fe4e Merge pull request #21806 from owncloud/mdusher-master
[jenkins] Added ' to characters allowed in the username
2016-01-25 10:01:43 +01:00
Thomas Müller 51b50bd260 Emit OC\User::changeUser on change of display name 2016-01-20 14:57:20 +01:00
Thomas Müller aeb89947a2 Introduce IUser::setEMailAddress and add hook mechanism 2016-01-20 14:57:20 +01:00
Morris Jobke 7b54bf26ea fix error message and comment 2016-01-20 14:21:54 +01:00
Michael U dbfa143e2d Added ' to characters allowed in the username 2016-01-20 14:11:27 +01:00
Jörn Friedrich Dreyer 64043e9bcc move methods to correct interface, deprecate private interface 2016-01-14 14:28:03 +01:00
Thomas Müller 682821c71e Happy new year! 2016-01-12 15:02:18 +01:00
Roeland Jago Douma 876fb83ddc getMediumStrengthGenerator is deprecated and does not do anything anymore 2016-01-11 20:06:30 +01:00
Morris Jobke 3917d888bd Remove OC_DB::isError 2016-01-07 14:54:55 +01:00
Lukas Reschke fec41e7539 Move regeneration of session ID into session classes
There were code paths that nowadays call ISession::login directly thus bypassing the desired regeneration of the session ID. This moves the session regeneration deeper into the session handling and thus ensures that it is always called. Furthermore, I also added the session regeneration to the remember me cookie plus added some test case expectations for this.
2016-01-04 15:09:01 +01:00
Arthur Schiwon e3dbc3d40c different strategy in cleaning up after user was deleted
we do not listen to deletion hooks anymore, because there is no guarantee that they
will be heard - requires that something fetches the CommentsManager first.

Instead, in the user deletion routine the clean up method will be called directly. Same way
as it happens for files, group memberships, config values.
2015-12-09 14:34:23 +01:00
Morris Jobke c60c793cf2 More cleanups of OC_Config usage 2015-12-03 16:41:23 +01:00
Thomas Müller eebe2b9c23 User IUser::getEMailAddress() all over the place 2015-12-02 21:25:05 +01:00
Thomas Müller 28ceab2f61 Fix endless recursion 2015-12-02 14:44:41 +01:00
Thomas Müller 4c695e63c0 Fix comments 2015-12-02 09:20:58 +01:00
Thomas Müller 0391cc0451 Fix getCloudId 2015-12-02 09:14:41 +01:00
Thomas Müller 6abc02cb88 Proposal: add enumeration function to IUserManager which simply calls a callbask for each user in all backends 2015-12-02 09:14:41 +01:00
Thomas Müller df6fc6cc70 Add the user's cloud id to the vCard 2015-12-02 09:14:41 +01:00
Thomas Müller dad6470baa Add IUser::getAvatarImage() for easy access 2015-12-02 09:14:41 +01:00
Thomas Müller b799e42b4e Introduce \OCP\IUser::getEMailAddress() 2015-11-25 22:23:34 +01:00
Joas Schilling 13dd62f7b0 Make sure that remote shares use the correct uid casing 2015-10-06 15:16:19 +02:00
Morris Jobke b945d71384 update licence headers via script 2015-10-05 21:15:52 +02:00
Lukas Reschke 36ce254ffd Move dummy backend to Tests namespace 2015-09-22 11:01:11 +02:00
Lukas Reschke 3d2ee95f1e Remove last occurence of `forcessl`
This shoudl have been adjusted as well, now it's consistent with `setMagicInCookie`. While it does not have a security impact directly some automated scanners reported this all the time.
2015-08-26 14:29:36 +02:00
RealRancor e62c375749 Fixed "Remote IP:" syntax on failed logins 2015-07-09 10:04:51 +02:00
Thomas Müller d3ac73c0c9 Remove OC_Log 2015-07-03 18:00:16 +02:00
Lukas Reschke a793b98fd0 Fix indentation 2015-06-27 20:37:07 +02:00
Lukas Reschke af01958f3e Add missing annotations for parameters 2015-06-27 20:35:47 +02:00
Morris Jobke f63915d0c8 update license headers and authors 2015-06-25 14:13:49 +02:00
Robin Appelman 0497534a6e more type hints 2015-06-02 14:07:55 +02:00
Joas Schilling 8efc8c0a96 Reduce the complexity of the search queries in the backends to a minimum 2015-05-18 16:39:21 +02:00
Morris Jobke e837927ad5 fix followup issues with unneeded parameters 2015-04-18 17:02:39 +02:00
Jörn Friedrich Dreyer b069f33a72 throw exception when backends don't provide a user instead of creating legacy local storages 2015-04-10 09:12:37 +02:00
Jenkins for ownCloud b585d87d9d Update license headers 2015-03-26 11:44:36 +01:00
Lukas Reschke e77d2ff2b4 Remove outdated comment 2015-03-13 16:19:52 +01:00
Lukas Reschke bf9030e874 Drop example user backend
We already provide an interface for application developers, this file is outdated and thus should get removed.

Addresses No. 3 from https://github.com/owncloud/core/issues/14847
2015-03-13 16:12:32 +01:00
Morris Jobke 0d9f149dd9 Merge pull request #14867 from owncloud/drop-OC_User_HTTP
Remove OC_User_HTTP
2015-03-13 15:53:22 +01:00
Lukas Reschke 38fec9b095 Can also be null
If the user does not exist this returns null and can lead to nasty bugs since the IDE is not indicating this...
2015-03-13 14:01:24 +01:00
Lukas Reschke 93a303970f Remove OC_User_HTTP
Addresses No. 1 from https://github.com/owncloud/core/issues/14847
2015-03-13 12:26:33 +01:00
Lukas Reschke bbd5f28415 Let users configure security headers in their Webserver
Doing this in the PHP code is not the right approach for multiple reasons:

1. A bug in the PHP code prevents them from being added to the response.
2. They are only added when something is served via PHP and not in other cases (that makes for example the newest IE UXSS which is not yet patched by Microsoft exploitable on ownCloud)
3. Some headers such as the Strict-Transport-Security might require custom modifications by administrators. This was not possible before and lead to buggy situations.

This pull request moves those headers out of the PHP code and adds a security check to the admin settings performed via JS.
2015-03-02 19:07:46 +01:00
Morris Jobke 06aef4e8b1 Revert "Updating license headers"
This reverts commit 6a1a4880f0.
2015-02-26 11:37:37 +01:00
Robin McCorkell 695f43a1ed Merge pull request #10735 from owncloud/use_remote_addr
Use getRemoteAddress which supports reverse proxies
2015-02-25 13:24:39 +00:00
Lukas Reschke 276824299c Merge pull request #13340 from owncloud/use-http-only
Use "HTTPOnly" for cookies when logging out
2015-02-24 13:50:49 +01:00
Lukas Reschke 165afb004b Use getRemoteAddress which supports reverse proxies
Breaking change for 8.1 wiki (Security > Administrators):

The log format for failed logins has changed and uses now the remote address and is considering reverse proxies for such scenarios when configured correctly.
2015-02-24 11:49:40 +01:00
Jenkins for ownCloud 6a1a4880f0 Updating license headers 2015-02-23 12:13:59 +01:00
Robin Appelman 8eda661761 Throw an exception when login is canceled by an app 2015-01-22 14:13:17 +01:00
Lukas Reschke a2e355a7fe Use "HTTPOnly" for cookies when logging out
This has no other reason than preventing some insane automated scanners from reporting this as security bug (which it obviously isn't as the cookie contains nothing of value)

Thus it generally results in an happier Lukas and hopefully less reports to our support and security mail addresses...
2015-01-14 11:20:53 +01:00
Robin Appelman 857695ec87 Return false if the login is canceled in a hook 2015-01-13 13:25:20 +01:00