Commit Graph

82 Commits

Author SHA1 Message Date
Roeland Jago Douma a07f6d46e3
Use proper types
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-04-11 00:21:25 +02:00
Morris Jobke fd3c97b93b
Avoid to leak a user ID that is not a string to reach a user backend
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-04-11 00:03:30 +02:00
Roeland Jago Douma 33b93db953
Remove unused parameter
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-04-06 21:44:23 +02:00
Roeland Jago Douma 2b7d4d5069
Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-04-06 19:58:37 +02:00
Roeland Jago Douma caee215120
Always remember me
Fixes #8004

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-04-06 15:44:28 +02:00
Arthur Schiwon ffc05e2fed
don't try login with the same name that just failed
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-02-22 13:05:48 +01:00
Roeland Jago Douma 7cab7feb38
Display message when connection is throttled on logi page
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-15 21:43:09 +01:00
Julius Härtl f5f6ed664d
Hide stay logged in checkbox when flow authentication is used
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-12-28 11:15:26 +01:00
Morris Jobke 0eebff152a
Update license headers
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 16:56:19 +01:00
Lukas Reschke 0bccd5a0d9
Fix "Uninitialized string offset: 0 at \/media\/psf\/stable9\/lib\/private\/URLGenerator.php#224"
The URLGenerator doesn't support `` as target for absolute URLs, we need to link to `/` thus.

Regression introduced with 46229a00f3

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-09-07 08:34:02 +02:00
Morris Jobke 30ca3b70ed Merge pull request #6196 from nextcloud/downstream-26539-2
Handle invalid ext storage backend to keep mount point visible
2017-09-04 14:17:28 +02:00
Morris Jobke 0326c2c54f
Fix broken tests
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-09-04 14:17:03 +02:00
Julius Härtl 46229a00f3
Add rich link preview to the login page
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-09-02 21:39:38 +02:00
Lukas Reschke f22ab3e665
Add metadata to \OCP\AppFramework\Http\Response::throttle
Fixes https://github.com/nextcloud/server/issues/5891

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-27 14:17:45 +02:00
Lukas Reschke 2f87fb6b45
Add Clear-Site-Data header
This adds a Clear-Site-Data header to the logout response which will delete all relevant data in the caches which may contain potentially sensitive content.

See https://w3c.github.io/webappsec-clear-site-data/#header for the definition of the types.

Ref https://twitter.com/mikewest/status/877149667909406723

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-06-20 19:46:10 +02:00
Ujjwal Bhardwaj 7c23414eef
Disable reset password link. Issue: #27440 2017-05-11 10:27:33 +02:00
Christoph Wurst bb1d191f82
Fix remember redirect_url on failed login attempts
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-04-25 09:38:19 +02:00
Lukas Reschke 8149945a91
Make BruteForceProtection annotation more clever
This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware.

Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 23:05:33 +02:00
Morris Jobke d36751ee38 Merge pull request #2424 from nextcloud/fix-login-controller-test-consolidate-login
Fix login controller test and consolidate login
2017-04-13 12:16:38 -05:00
Joas Schilling 7ad791efb4
Dont create a log entry on email login
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-07 10:15:20 +02:00
Arthur Schiwon 7b3fdfeeaa
do login routine only once when done via LoginController
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-04-06 15:22:42 +02:00
Arthur Schiwon 2994cbc586
fix login controller tests
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-04-06 15:20:17 +02:00
blizzz 19fc68cbdc Merge pull request #2606 from temparus/master
Add preLoginValidation hook
2017-02-15 21:47:47 +01:00
Joas Schilling ac841ee002 Merge pull request #3362 from nextcloud/fix/nc-token-cookie-name
oc_token should be nc_token
2017-02-09 10:07:59 +01:00
Sandro Lutz 9b6f99ab08 Update license header
Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
2017-02-07 01:25:39 +01:00
Sandro Lutz fa1d607bfa Merge remote-tracking branch 'nextcloud/master'
Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
2017-02-07 00:15:30 +01:00
Sandro Lutz ff3fa538e4 Add missing use statement for PublicEmitter
Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
2017-02-07 00:12:19 +01:00
Christoph Wurst 5e728d0eda oc_token should be nc_token
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-02-02 21:56:44 +01:00
Sandro Lutz 20f878b014 Fix typo for UserManager variable
Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
2017-02-01 21:54:00 +01:00
Sandro Lutz 6feff0ceba Add check if UserManager is of type PublicEmitter before calling preLogin hook
Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
2017-02-01 21:53:50 +01:00
Sandro Lutz e30d28f7eb Change where preLogin hook gets called
Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
2017-02-01 21:53:42 +01:00
Sandro Lutz 6ab0a3215d Remove preLoginValidation hook
Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
2017-02-01 21:53:29 +01:00
Sandro Lutz e14d50eb1f Fix indentation
Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
2017-02-01 21:50:47 +01:00
Sandro Lutz 4ebcd5ac0b Add preLoginValidation hook
Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
2017-02-01 21:50:25 +01:00
John Molakvoæ (skjnldsv) 2c9d7eeb76
Fix public page css fallback loading
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2017-02-01 18:03:51 +01:00
Morris Jobke 5bad417e57 Merge pull request #2044 from nextcloud/login-credential-store
Login credential store
2017-01-30 19:30:04 -06:00
Lukas Reschke bde1150d04 Merge pull request #3004 from nextcloud/fix-installation-css
Fixed installation page
2017-01-22 18:28:33 +01:00
Bjoern Schiessle cdf01feba7
add action to existing brute force protection
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-01-18 15:25:16 +01:00
Christoph Wurst 140555b786
always allow remembered login
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-01-11 19:20:11 +01:00
John Molakvoæ (skjnldsv) e4b3ba6590
Create unified css file and merge all needed data into this file
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2017-01-10 17:50:29 +01:00
Joas Schilling 2f21eaaf47
Use login name to fix password confirm with ldap users
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-01-05 12:17:30 +01:00
Joas Schilling 924358ef96
Save the timezone on login again
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-12-08 10:45:24 +01:00
justin-sleep 25a5c655f7 Move integer casting to the top of the chain
Signed-off-by: justin-sleep <justin@quarterfull.com>
2016-12-02 14:07:45 -06:00
Joas Schilling d75e35b75e
Introduce the UI for password confirmation
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-18 11:57:16 +01:00
Christoph Wurst d907666232
bring back remember-me
* try to reuse the old session token for remember me login
* decrypt/encrypt token password and set the session id accordingly
* create remember-me cookies only if checkbox is checked and 2fa solved
* adjust db token cleanup to store remembered tokens longer
* adjust unit tests

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-11-02 13:39:16 +01:00
Joas Schilling 877cb06bfe
Use magic DI for core controllers
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-09-30 10:00:26 +02:00
Morris Jobke e341bde8b9 Merge pull request #1172 from nextcloud/core_cleanup
Core controller cleanup
2016-08-30 08:32:55 +02:00
Roeland Jago Douma f6423f74e3
Minor cleanup in core Controllers 2016-08-29 21:52:09 +02:00
Christoph Wurst 291dd0bd31 redirect to 2fa provider if there's only one active for the user 2016-08-29 18:36:39 +02:00
Joas Schilling 736e884e9a
Move the reset token to core app 2016-08-23 15:01:38 +02:00