Commit Graph

29 Commits

Author SHA1 Message Date
Joas Schilling 23b205ed48
Run the license script 2016-07-22 11:40:41 +02:00
Lukas Reschke ba4f12baa0
Implement brute force protection
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.

It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
2016-07-20 22:08:56 +02:00
Bjoern Schiessle dc53788711
remove unused parameter 2016-07-14 16:39:48 +02:00
Lukas Reschke 7a9d60d87e
Merge remote-tracking branch 'upstream/master' into master-upstream-sync 2016-06-26 12:55:05 +02:00
Georg Ehrke 1452b74de7 Contacts API: replace raw image data with url (#25081)
* add uri to AddressBookImpl array

* Introduce ImageExportPlugin for CardDav

* add plugin to v1 routes

* replace binary contact photo with link

* update tests

* Adding unit tests
2016-06-21 15:25:44 +02:00
Arthur Schiwon 42c66efea5
Merge branch 'master' of https://github.com/owncloud/core into downstream-160611 2016-06-11 15:34:43 +02:00
Bjoern Schiessle 66d853680c
block webdav access if share is not readable 2016-06-09 15:15:17 +02:00
Roeland Jago Douma 1b5368bbaf
Wrap publicwebdav in sharePermission mask
Fixes #24868

The writable mask was a bit misleading. We should wrap with the
sharepermissions (as they are used everywhere else). The
PERMISSIONS_SHARE are added since that is required for the public link
check plugin.
2016-06-06 14:39:02 +02:00
Christoph Wurst da03a85c3c
block DAV if 2FA challenge needs to be solved first 2016-06-01 10:42:38 +02:00
Lukas Reschke aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Björn Schießle e10105474f
move federated sharing settings to the federatedfilesharing app 2016-04-22 14:55:40 +02:00
Thomas Müller 85d809c0d3 Merge pull request #23268 from owncloud/range-requests-should-not-block-the-session
Close session for publicwebdav
2016-04-18 09:23:39 +02:00
Roeland Jago Douma 375f6fcab1
Move public webdav auth over to share manager
The public webdav auth should use the shiny new share manager.
2016-04-08 14:17:13 +02:00
Vincent Petry 262547ba3d Return 401 DummyBasicAuth in case of ajax call 2016-03-31 19:31:31 +02:00
Thomas Müller 06e8c70400 Fix acls for calendar objects and cards - fixes #23273 2016-03-24 09:53:36 +01:00
Thomas Müller 7d638fdb34 In debugging mode we enable Sabre's browser plugin since it helps a lot when debugging 2016-03-17 16:51:19 +01:00
Lukas Reschke 7183854509 Close session for publicwebdav
We need to close the session otherwise streaming will lead to a blocked ownCloud.
2016-03-15 16:08:55 +01:00
Lukas Reschke 933f60e314 Update author information
Probably nice for the people that contributed to 9.0 to see themselves in the AUTHORS file :)
2016-03-01 17:25:15 +01:00
Joas Schilling b216be8cca Add correct principals for the current user before ACL check 2016-02-19 12:35:33 +01:00
Lukas Reschke 9b3c4e8dc4 Require CSRF token for non WebDAV authenticated requests 2016-02-18 11:18:36 +01:00
Robin Appelman fd9166488b Check that the owner of a link share still has share permissions on access 2016-02-09 15:02:34 +01:00
Thomas Müller 0c9a469f74 Adding pre oc 9.0 CalDAV endpoint for migration of old clients 2016-02-08 10:52:30 +01:00
Thomas Müller cca2ade199 Adding pre oc 9.0 CardDAV endpoint for migration of old clients 2016-02-08 10:52:30 +01:00
Joas Schilling 3bdcfef395 Remove the listener plugin 2016-01-13 10:33:08 +01:00
Thomas Müller 682821c71e Happy new year! 2016-01-12 15:02:18 +01:00
Lukas Reschke a3fc40921b Add fake locker plugin for WebDAVFS
WebDAVFS as used by Finder requires a Class 2 compatible WebDAV server. This change introduces a fake locking provider which will simply advertise Locking support when a request originates from WebDAVFS. It will also return successful LOCK and UNLOCK responses.
2015-11-13 23:31:08 +01:00
Lukas Reschke cddc9abc06 Add tests for Sabre Auth plugin + make getCurrentUser compatible 2015-10-23 17:30:47 +02:00
Roeland Jago Douma ca27024fa2 Fix webdav access
* Correct namespace
* Pass the EventDispatcher to the webDAV server
2015-10-16 13:17:12 +02:00
Thomas Müller f2889dc6e4 Consolidate webdav code - move all to one app 2015-10-16 13:17:12 +02:00