Joas Schilling
0215b004da
Update with robin
2016-07-21 18:13:58 +02:00
Joas Schilling
ba87db3fcc
Fix others
2016-07-21 18:13:57 +02:00
Lukas Reschke
c1589f163c
Mitigate race condition
2016-07-20 23:09:27 +02:00
Lukas Reschke
ba4f12baa0
Implement brute force protection
...
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.
It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
2016-07-20 22:08:56 +02:00
Joas Schilling
2c988ecbf4
Use the themed Defaults everywhere
2016-07-15 09:17:30 +02:00
Morris Jobke
2791b8f00d
Revert "occ web executor ( #24957 )"
...
This reverts commit 854352d9a0
.
2016-07-07 12:14:45 +02:00
Lukas Reschke
7a9d60d87e
Merge remote-tracking branch 'upstream/master' into master-upstream-sync
2016-06-26 12:55:05 +02:00
VicDeo
854352d9a0
occ web executor ( #24957 )
...
* Initial web executor
* Fix PHPDoc
Fix broken integration test
OccControllerTests do not require database access - moch them all!
Kill unused sprintf
2016-06-22 13:12:36 +02:00
Arthur Schiwon
42c66efea5
Merge branch 'master' of https://github.com/owncloud/core into downstream-160611
2016-06-11 15:34:43 +02:00
Lukas Reschke
5fdde426eb
Add fancy layout
2016-06-09 17:55:26 +02:00
Thomas Müller
232d735893
Do not leak the login name - fixes #25047
2016-06-09 16:44:31 +02:00
Joas Schilling
7f88645eab
Allow to cancel 2FA after login
2016-06-09 14:00:02 +02:00
Christoph Wurst
60e15e934c
do not generate device token if 2FA is enable for user
2016-06-09 14:00:00 +02:00
Vincent Petry
7dcc47dc94
Merge pull request #25011 from owncloud/issue-24745-allow-to-cancel-2fa
...
Allow to cancel 2FA after login
2016-06-08 10:27:21 +02:00
Joas Schilling
3e3b326c85
Allow to cancel 2FA after login
2016-06-07 18:17:29 +02:00
Christoph Wurst
8f7a4aaa4d
do not generate device token if 2FA is enable for user
2016-06-07 09:09:51 +02:00
Christoph Wurst
5e71d23ded
remember redirect_url when solving the 2FA challenge
2016-06-01 14:43:47 +02:00
Vincent Petry
235f03da64
Merge pull request #24795 from owncloud/issue-24789-reset-password-link-new-window
...
Allow opening the password reset link in a new window when its a URL
2016-05-31 10:12:30 +02:00
Lukas Reschke
aba539703c
Update license headers
2016-05-26 19:57:24 +02:00
Vincent Petry
25e6026fa6
Merge pull request #24735 from juliushaertl/passwordreset-invalid
...
Show error messages if a password reset link is invalid or expired
2016-05-25 11:08:46 +02:00
Christoph Wurst
ad10485cec
when generating browser/device token, save the login name for later password checks
2016-05-24 11:49:15 +02:00
Christoph Wurst
a0ccebfdcb
generate device token for UID, not login name
...
fixes #24785
2016-05-24 09:49:40 +02:00
Christoph Wurst
4128b853e5
login explicitly
2016-05-24 09:48:02 +02:00
Joas Schilling
5c063cf7c9
Allow opening the password reset link in a new window when its a URL
2016-05-24 09:23:25 +02:00
Julius Haertl
8ee2cb47d0
Show error messages if a password reset link is invalid or expired
...
- Moved token validation to method checkPasswordResetToken
- Render error with message from exceptions
2016-05-23 16:48:10 +02:00
Christoph Wurst
dfb4d426c2
Add two factor auth to core
2016-05-23 11:21:10 +02:00
Christoph Wurst
e077d78ec9
Show login error message correctly ( #24599 )
2016-05-12 16:53:50 +02:00
Lukas Reschke
ee0ebd192a
Use proper URL generation function ( #24576 )
...
Fixes the redirection after login, otherwise `core/files/index` is opened which fails.
2016-05-11 19:39:57 +02:00
Christoph Wurst
0486d750aa
use the UID for creating the session token, not the login name
2016-05-11 13:36:46 +02:00
Christoph Wurst
214aa6639c
fix login with email
2016-05-11 13:36:46 +02:00
Christoph Wurst
46bdf6ea2b
fix PHPDoc and other minor issues
2016-05-11 13:36:46 +02:00
Christoph Wurst
3ffa7d986a
show login error
2016-05-11 13:36:46 +02:00
Christoph Wurst
f0f8bdd495
PHPDoc and other minor fixes
2016-05-11 13:36:46 +02:00
Christoph Wurst
fbb5768587
add unit tests for all new classes
2016-05-11 13:36:46 +02:00
Christoph Wurst
aa85edd224
increase token column width
...
add some range to time() assertions
2016-05-11 13:36:46 +02:00
Christoph Wurst
aafd660b97
fix LoginController unit tests
2016-05-11 13:36:46 +02:00
Christoph Wurst
7aa16e1559
fix setup
2016-05-11 13:36:46 +02:00
Christoph Wurst
fdc2cd7554
Add token auth for OCS APIs
2016-05-11 13:36:46 +02:00
Christoph Wurst
8d48502187
Add index on 'last_activity'
...
add token type column and delete only temporary tokens in the background job
debounce token updates; fix wrong class import
2016-05-11 13:36:46 +02:00
Christoph Wurst
53636c73d6
Add controller to generate client tokens
2016-05-11 13:36:46 +02:00
Christoph Wurst
3ab922601a
Check if session token is valid and log user out if the check fails
...
* Update last_activity timestamp of the session token
* Check user backend credentials once in 5 minutes
2016-05-11 13:36:46 +02:00
Christoph Wurst
d8cde414bd
token based auth
...
* Add InvalidTokenException
* add DefaultTokenMapper and use it to check if a auth token exists
* create new token for the browser session if none exists
hash stored token; save user agent
* encrypt login password when creating the token
2016-05-11 13:36:46 +02:00
Lukas Reschke
8222ad5157
Move logout to controller
...
Testable code. Yay.
2016-04-18 21:21:52 +02:00
Lukas Reschke
d4a93893bb
Also check for an empty string
...
PHP. Yay.
2016-04-15 19:53:14 +02:00
Lukas Reschke
fee95084ae
Rename `username` to `loginName`
...
UID and login name are two different things.
2016-04-15 19:02:19 +02:00
Lukas Reschke
8a650a51be
Use !== instead of empty
...
Users can be named null
2016-04-15 18:57:11 +02:00
Lukas Reschke
331e4efacb
Move login form into controller
...
First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is.
2016-04-15 17:36:23 +02:00
Lukas Reschke
a4b19a5b1e
Rename files to be PSR-4 compliant
2016-04-06 11:00:52 +02:00