nextcloud

Commit Graph

Author	SHA1	Message	Date
Lukas Reschke	5680743c2b	Harden updater authentication - Reset tokens after 2 hours as discussed at https://github.com/owncloud/updater/issues/220#issuecomment-182033453 - Used BCrypt for storing the password in the config.php. This makes it substantially harder in case of a leakage of the token to bruteforce it. In the future we can evaluate also an HMAC including the IP. That's a bit tricker though at the moment considering that we support reverse proxies. Didn't feel brave enough to touch that dragon now as well ;)	2016-02-10 16:31:11 +01:00
Lukas Reschke	b9e3ed1468	Add SSO for updater application Allows logging-in into the updater application by visiting the admin panel and pressing "Open updater".	2016-02-09 20:28:30 +01:00
Lukas Reschke	abc675d87e	Move update notification code into app Moves the update notification code in a single app. This is required since we want to use SSO for the new updater and for this have some code running in ownCloud as well (and we don't want that in core neccessarily). This app can provide that in the future, right now it's only the update notification itself. Will continue working on the SSO right away but wanted to keep the PR small. Furthermore also makes some more code unit-testable...	2016-02-09 18:05:51 +01:00

Author

SHA1

Message

Date

Lukas Reschke

5680743c2b

Harden updater authentication

- Reset tokens after 2 hours as discussed at https://github.com/owncloud/updater/issues/220#issuecomment-182033453
- Used BCrypt for storing the password in the config.php. This makes it substantially harder in case of a leakage of the token to bruteforce it. In the future we can evaluate also an HMAC including the IP. That's a bit tricker though at the moment considering that we support reverse proxies. Didn't feel brave enough to touch that dragon now as well ;)

2016-02-10 16:31:11 +01:00

Lukas Reschke

b9e3ed1468

Add SSO for updater application

Allows logging-in into the updater application by visiting the admin panel and pressing "Open updater".

2016-02-09 20:28:30 +01:00

Lukas Reschke

abc675d87e

Move update notification code into app

Moves the update notification code in a single app. This is required since we want to use SSO for the new updater and for this have some code running in ownCloud as well (and we don't want that in core neccessarily). This app can provide that in the future, right now it's only the update notification itself. Will continue working on the SSO right away but wanted to keep the PR small.

Furthermore also makes some more code unit-testable...

2016-02-09 18:05:51 +01:00

3 Commits