mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
39,869 Commits 349 Branches 696 Tags 1.6 GiB
Commit Graph

67 Commits

Author SHA1 Message Date
Ujjwal Bhardwaj 7c23414eef
Disable reset password link. Issue: #27440 2017-05-11 10:27:33 +02:00
Christoph Wurst bb1d191f82
Fix remember redirect_url on failed login attempts 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2017-04-25 09:38:19 +02:00
Lukas Reschke 8149945a91
Make BruteForceProtection annotation more clever 
This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware.

Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-04-13 23:05:33 +02:00
Morris Jobke d36751ee38 Merge pull request #2424 from nextcloud/fix-login-controller-test-consolidate-login 
Fix login controller test and consolidate login
 2017-04-13 12:16:38 -05:00
Joas Schilling 7ad791efb4
Dont create a log entry on email login 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-04-07 10:15:20 +02:00
Arthur Schiwon 7b3fdfeeaa
do login routine only once when done via LoginController 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2017-04-06 15:22:42 +02:00
Arthur Schiwon 2994cbc586
fix login controller tests 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2017-04-06 15:20:17 +02:00
blizzz 19fc68cbdc Merge pull request #2606 from temparus/master 
Add preLoginValidation hook
 2017-02-15 21:47:47 +01:00
Joas Schilling ac841ee002 Merge pull request #3362 from nextcloud/fix/nc-token-cookie-name 
oc_token should be nc_token
 2017-02-09 10:07:59 +01:00
Sandro Lutz 9b6f99ab08 Update license header 
Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
 2017-02-07 01:25:39 +01:00
Sandro Lutz fa1d607bfa Merge remote-tracking branch 'nextcloud/master' 
Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
 2017-02-07 00:15:30 +01:00
Sandro Lutz ff3fa538e4 Add missing use statement for PublicEmitter 
Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
 2017-02-07 00:12:19 +01:00
Christoph Wurst 5e728d0eda oc_token should be nc_token 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2017-02-02 21:56:44 +01:00
Sandro Lutz 20f878b014 Fix typo for UserManager variable 
Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
 2017-02-01 21:54:00 +01:00
Sandro Lutz 6feff0ceba Add check if UserManager is of type PublicEmitter before calling preLogin hook 
Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
 2017-02-01 21:53:50 +01:00
Sandro Lutz e30d28f7eb Change where preLogin hook gets called 
Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
 2017-02-01 21:53:42 +01:00
Sandro Lutz 6ab0a3215d Remove preLoginValidation hook 
Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
 2017-02-01 21:53:29 +01:00
Sandro Lutz e14d50eb1f Fix indentation 
Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
 2017-02-01 21:50:47 +01:00
Sandro Lutz 4ebcd5ac0b Add preLoginValidation hook 
Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
 2017-02-01 21:50:25 +01:00
John Molakvoæ (skjnldsv) 2c9d7eeb76
Fix public page css fallback loading 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2017-02-01 18:03:51 +01:00
Morris Jobke 5bad417e57 Merge pull request #2044 from nextcloud/login-credential-store 
Login credential store
 2017-01-30 19:30:04 -06:00
Lukas Reschke bde1150d04 Merge pull request #3004 from nextcloud/fix-installation-css 
Fixed installation page
 2017-01-22 18:28:33 +01:00
Bjoern Schiessle cdf01feba7
add action to existing brute force protection 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2017-01-18 15:25:16 +01:00
Christoph Wurst 140555b786
always allow remembered login 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2017-01-11 19:20:11 +01:00
John Molakvoæ (skjnldsv) e4b3ba6590
Create unified css file and merge all needed data into this file 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2017-01-10 17:50:29 +01:00
Joas Schilling 2f21eaaf47
Use login name to fix password confirm with ldap users 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-01-05 12:17:30 +01:00
Joas Schilling 924358ef96
Save the timezone on login again 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2016-12-08 10:45:24 +01:00
justin-sleep 25a5c655f7 Move integer casting to the top of the chain 
Signed-off-by: justin-sleep <justin@quarterfull.com>
 2016-12-02 14:07:45 -06:00
Joas Schilling d75e35b75e
Introduce the UI for password confirmation 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2016-11-18 11:57:16 +01:00
Christoph Wurst d907666232
bring back remember-me 
* try to reuse the old session token for remember me login
* decrypt/encrypt token password and set the session id accordingly
* create remember-me cookies only if checkbox is checked and 2fa solved
* adjust db token cleanup to store remembered tokens longer
* adjust unit tests

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2016-11-02 13:39:16 +01:00
Joas Schilling 877cb06bfe
Use magic DI for core controllers 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2016-09-30 10:00:26 +02:00
Morris Jobke e341bde8b9 Merge pull request #1172 from nextcloud/core_cleanup 
Core controller cleanup
 2016-08-30 08:32:55 +02:00
Roeland Jago Douma f6423f74e3
Minor cleanup in core Controllers 2016-08-29 21:52:09 +02:00
Christoph Wurst 291dd0bd31 redirect to 2fa provider if there's only one active for the user 2016-08-29 18:36:39 +02:00
Joas Schilling 736e884e9a
Move the reset token to core app 2016-08-23 15:01:38 +02:00
Joas Schilling 139fb8de94
Remove "password reset token" after successful login 2016-08-23 12:54:45 +02:00
Lukas Reschke 9ca25e857c
Redirect users when already logged-in on login form 2016-08-11 15:22:29 +02:00
Thomas Müller 4cf2f97a16
Add missing array element - fixes #25714 2016-08-10 11:11:23 +02:00
Bjoern Schiessle 4ecd16c555
Redirect to default page after login 2016-07-27 12:11:58 +02:00
Joas Schilling ba87db3fcc
Fix others 2016-07-21 18:13:57 +02:00
Lukas Reschke c1589f163c
Mitigate race condition 2016-07-20 23:09:27 +02:00
Lukas Reschke ba4f12baa0
Implement brute force protection 
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.

It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
 2016-07-20 22:08:56 +02:00
Thomas Müller 232d735893
Do not leak the login name - fixes #25047 2016-06-09 16:44:31 +02:00
Christoph Wurst 5e71d23ded
remember redirect_url when solving the 2FA challenge 2016-06-01 14:43:47 +02:00
Vincent Petry 235f03da64 Merge pull request #24795 from owncloud/issue-24789-reset-password-link-new-window 
Allow opening the password reset link in a new window when its a URL
 2016-05-31 10:12:30 +02:00
Lukas Reschke aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Christoph Wurst ad10485cec
when generating browser/device token, save the login name for later password checks 2016-05-24 11:49:15 +02:00
Christoph Wurst 4128b853e5
login explicitly 2016-05-24 09:48:02 +02:00
Joas Schilling 5c063cf7c9
Allow opening the password reset link in a new window when its a URL 2016-05-24 09:23:25 +02:00
Christoph Wurst dfb4d426c2
Add two factor auth to core 2016-05-23 11:21:10 +02:00