Commit Graph

26 Commits

Author SHA1 Message Date
Christoph Wurst b824706ec5
check same URL in unit tests 2016-09-21 12:57:43 +02:00
Christoph Wurst 8c82628622
redirect to default app after solving the 2FA challenge 2016-09-21 12:57:37 +02:00
Lukas Reschke 1f177aa105
Use getMockBuilder instead of createMock 2016-08-16 21:36:59 +02:00
Lukas Reschke 737591f239 Merge pull request #858 from nextcloud/stable10-when-logged-in-then-just-redirect-to-redirected-page
[stable10] when logged in then just redirect to redirected page
2016-08-16 18:13:24 +02:00
Roeland Jago Douma a8ba573ba9
We have to mock the is_uploaded_file in the OC\Core\Controller namespace 2016-08-15 20:09:48 +02:00
Roeland Jago Douma b860fa7125
Fix mock call in AvatarControllerTest 2016-08-15 20:09:37 +02:00
Lukas Reschke 5e9c7d3ff3
Use generated URL 2016-08-15 19:26:24 +02:00
Lukas Reschke ab9a8ce952
Fix tests for LoginController 2016-08-15 17:52:54 +02:00
Lukas Reschke 9ac6b83687 Use createMock instead of deprecated getMock 2016-08-13 21:04:16 +02:00
Lukas Reschke be1e64486f Redirect users when already logged-in on login form 2016-08-13 21:04:10 +02:00
Lukas Reschke c1589f163c
Mitigate race condition 2016-07-20 23:09:27 +02:00
Lukas Reschke ba4f12baa0
Implement brute force protection
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.

It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
2016-07-20 22:08:56 +02:00
Morris Jobke 2791b8f00d Revert "occ web executor (#24957)"
This reverts commit 854352d9a0.
2016-07-07 12:14:45 +02:00
VicDeo 854352d9a0 occ web executor (#24957)
* Initial web executor

* Fix PHPDoc

Fix broken integration test

OccControllerTests do not require database access - moch them all!

Kill unused sprintf
2016-06-22 13:12:36 +02:00
Thomas Müller 232d735893
Do not leak the login name - fixes #25047 2016-06-09 16:44:31 +02:00
Vincent Petry 7dcc47dc94 Merge pull request #25011 from owncloud/issue-24745-allow-to-cancel-2fa
Allow to cancel 2FA after login
2016-06-08 10:27:21 +02:00
Joas Schilling 3e3b326c85
Allow to cancel 2FA after login 2016-06-07 18:17:29 +02:00
Christoph Wurst 8f7a4aaa4d
do not generate device token if 2FA is enable for user 2016-06-07 09:09:51 +02:00
Christoph Wurst 5e71d23ded
remember redirect_url when solving the 2FA challenge 2016-06-01 14:43:47 +02:00
Vincent Petry 7f20203006 Merge pull request #24836 from owncloud/auth-tests-to-psr4
Move parallel merged auth tests to PSR-4
2016-05-25 15:15:19 +02:00
Joas Schilling 8afbd80328
Move parallel merged auth tests to PSR-4 2016-05-25 12:02:05 +02:00
Vincent Petry 25e6026fa6 Merge pull request #24735 from juliushaertl/passwordreset-invalid
Show error messages if a password reset link is invalid or expired
2016-05-25 11:08:46 +02:00
Christoph Wurst ad10485cec
when generating browser/device token, save the login name for later password checks 2016-05-24 11:49:15 +02:00
Julius Haertl d065980814 Add more tests for OC\Core\Controller\LostController
- remove testResetFormUnsuccessful as it is now splitted up in different test cases
- add testResetFormInvalidToken to check if timestamp and token are present
- add testResetFormInvalidTokenMatch to check if the saved token matches the provided
- add testResetFormExpiredToken to check if expiration detection works
- add testResetFormValidToken to check if detection of valid tokens works
2016-05-23 16:48:10 +02:00
Christoph Wurst dfb4d426c2
Add two factor auth to core 2016-05-23 11:21:10 +02:00
Joas Schilling 392bc0c6b9
Move tests/core/ to PSR-4 2016-05-19 11:18:25 +02:00