Commit Graph

70 Commits

Author SHA1 Message Date
Lukas Reschke 3da6b3b533 Merge pull request #11229 from kofemann/for-upstream
user/backed: use pow of two for backed action constants
2014-09-24 15:19:11 +02:00
Tigran Mkrtchyan 276f50a1ba user/backed: use pow of two for backed action constants
the current implementation limits number of possible backed actions
to 8 as it uses pow of 16 for constants. This change introduces pow
of two and allows up-to 32 actions to be defined.

The old values are preserved for backward compatibility.
2014-09-23 15:18:01 +02:00
Lukas Reschke 6eeb905871 Do only follow HTTP and HTTPS redirects
We do not want to follow redirects to other protocols since they might allow an adversary to bypass network restrictions. (i.e. a redirect to ftp:// might be used to access files of a FTP server which might be in a secure zone and not be reachable from the net but from the ownCloud server)

Get final redirect manually using get_headers()

Migrate to HTTPHelper class and add unit tests
2014-09-22 20:02:32 +02:00
Lukas Reschke 63a90a129b Use proper RNG generator
OC_Util::generateRandomBytes() only returns lowercase alphanumeric values.
We should use the new RNG which has a broader characterset.
2014-09-03 17:46:48 +02:00
Robin Appelman d0266c0bf8 Use public api for getting l10n 2014-08-31 10:08:22 +02:00
Arthur Schiwon 0bb460c9b5 retrieve local users, groups and group members in a sorted way 2014-08-29 15:17:37 +02:00
Jörn Friedrich Dreyer f551917a3c kill OC::$session
maintain deprecated \OC::$session when getting or setting the session via the server container or UserSession

restore order os OC::$session and OC::$CLI

remove unneded initialization of dummy session

write back session when $useCustomSession is true

log warning when deprecated app is used
2014-08-29 10:22:21 +02:00
Lukas Reschke a82cd1ff67 Fix unit test 2014-08-15 14:15:27 +02:00
Lukas Reschke 5bb4772858 Move authentication failed logging to checkPassword
Fixes https://github.com/owncloud/core/issues/10366
2014-08-15 12:13:00 +02:00
Thomas Müller a72dae6842 Merge pull request #10144 from owncloud/issue/9972
Issue/9972 Fix issues with group and username `0`
2014-08-06 09:53:13 +02:00
Joas Schilling 4865c52aa6 Fix isLoggedIn() check for user '0'
Fix #9972
2014-08-04 15:53:55 +02:00
Thomas Müller a8b6cc6a07 - adding default value for $recoveryPassword
- set password correctly in lost password
2014-07-24 12:50:39 +02:00
Robin Appelman 20c1ce7f47 Add public interfaces for User, UserManager and UserSession 2014-07-14 15:10:51 +02:00
Arthur Schiwon 16275eca84 loop over usernames, not passwords 2014-06-30 20:43:50 +02:00
Arthur Schiwon f3ecf819ec extend Dummy user and group implementation to pass tests 2014-06-25 13:13:53 +02:00
Arthur Schiwon 01a012980a search term for users and groups may occur anywhere in the name or displayname, not just in the beginning 2014-06-23 12:03:09 +02:00
Arthur Schiwon 4a4ea67a31 drop superflous statement in phpdoc 2014-05-26 13:56:08 +02:00
Arthur Schiwon 748a219243 add preRememberedLogin hook and document this and postRememberedLogin in class descripttion. Also fixes documentation of postLogin hook 2014-05-26 13:53:26 +02:00
Arthur Schiwon 2e85d5a852 increase scrutinizer happyiness by removing minor/informational issues 2014-05-23 11:20:46 +02:00
Arthur Schiwon 2c89962919 clean up tryRememberLogin and save the timestamp of users last login 2014-05-21 18:03:37 +02:00
Morris Jobke dc36d30953 Remove all occurences of @brief and @returns from PHPDoc
* test case added to avoid adding them later
2014-05-19 17:50:53 +02:00
Morris Jobke 804020bb6d Merge pull request #7363 from owncloud/optimize-startup-queries
Optimize some queries that are always executed when loading base.php
2014-05-19 01:21:37 +02:00
Robin McCorkell bac8962bbc Fix Scrutinizer errors 2014-05-13 19:08:14 +01:00
Robin McCorkell 8ab01599a9 Use OC_User_Interface instead of OC_User_Backend 2014-05-13 19:08:14 +01:00
Robin McCorkell 87b548ed91 Fix all PHPDoc types and variable names, in /lib 2014-05-13 19:08:14 +01:00
Robin McCorkell a7ae2e874a Squash 'a | b' into 'a|b', in /lib 2014-05-13 19:08:14 +01:00
Robin McCorkell b5bc37d2e4 Fix @return array PHPDocs, in /lib 2014-05-13 19:08:14 +01:00
Robin McCorkell b653ad164b Replace @returns with @return, in /lib 2014-05-13 19:08:14 +01:00
Bart Visscher f569c721a6 Merge branch 'master' into optimize-startup-queries
Conflicts:
	apps/files_sharing/lib/sharedstorage.php
	tests/lib/group/manager.php

removed hasFilesSharedWith from lib/public/share.php and
sharedstorage.php to fix merge
2014-05-07 17:54:38 +02:00
Lukas Reschke c4109d9aef Use strict type comparison
We certainly don't want to have type juggling on that.
2014-05-07 15:11:42 +02:00
Arthur Schiwon 45e42c25de Group Database backend must not gather user details itself but ask user
backends. This is a port to master from PR #7745

remove OC_GROUP_BACKEND_GET_DISPLAYNAME option for group backends

Conflicts:
	lib/private/group/backend.php

LDAP: getDisplayNamesInGroup is not an option for group backends anymore

Conflicts:
	apps/user_ldap/group_ldap.php
	apps/user_ldap/group_proxy.php

clean up group backends

Conflicts:
	lib/private/group/database.php

remove now unnecessary test

implement getDisplayNames in group manager

adjust user manager tests

test for group manager's displayNamesInGroup

trim must not be used in empty in PHP < 5.5

keep the constant to not provoke PHP warnings

Conflicts:
	lib/private/group/backend.php
2014-04-28 13:49:56 +02:00
Thomas Müller 535e6ff71f Merge pull request #7617 from nishiki/cache_user
Cache user
2014-04-23 12:32:30 +02:00
Morris Jobke 707658c00a Merge pull request #8205 from owncloud/fix-8202
Add one more LOWER.
2014-04-17 16:10:33 +02:00
Arthur Schiwon 64679b2e62 Remove limit and offset manipulation when getting users or groups, because it does not work when more than one user or group backend. Fixing it would be too costly performancewise, so we switch back to the model used in OC 5: limit and offset are effective per backend, and not a general constraint 2014-04-15 17:46:48 +02:00
Victor Dubiniuk 91d40f5033 remove unneeded LOWER. Fixes #8202 2014-04-14 22:19:21 +03:00
Volkan Gezer a4f42676ea Make hardcoded exception messages translatable 2014-04-08 20:07:25 +02:00
adrien 0da61a26ee remove cache all user 2014-03-21 15:50:25 +01:00
adrien ea6f8ba352 fix remove cache when delete 2014-03-11 16:58:10 +01:00
adrien f827761e71 remove static variable, add limit and offset 2014-03-11 11:56:46 +01:00
adrien 415b1d03bc fix cache when remove an user 2014-03-10 17:27:51 +01:00
nishiki ba9d8f7c1a fix undifined uid 2014-03-09 12:47:19 +01:00
nishiki 75011c2e09 add query result (boolean) for update or delete 2014-03-09 12:22:47 +01:00
nishiki d8843f6cd3 minor clean code 2014-03-09 12:01:35 +01:00
adrien fbde24c89a fix undefined in loadUsers 2014-03-07 08:46:34 +01:00
adrien 5cdfc56867 update the cache when add user 2014-03-06 22:34:43 +01:00
adrien dde4f2f917 upgrade the cache user 2014-03-06 22:23:17 +01:00
adrien 08a46e3080 add cache for single users 2014-03-06 17:57:09 +01:00
Bart Visscher f4f72e77d8 Delay fetching the display name until it is requested 2014-02-21 23:07:35 +01:00
Lukas Reschke f7fa8662e2 Remove `session_id_regenerate` from here
Jenkins somewhat complains that there are already sent headers.
2014-02-21 08:12:45 +01:00
Lukas Reschke 0241ddc759 Merge pull request #6519 from nhirokinet/master
Security Update: session fixation
2014-02-20 14:28:26 +01:00