Roeland Jago Douma
5c718b13b8
We should properly check for 'true' instaed of the bool
2016-08-01 08:52:50 +02:00
Roeland Jago Douma
f7f5216aa3
Dark hackery to not always disable CSRF for OCS controllers
2016-07-29 15:49:27 +02:00
Roeland Jago Douma
8bdd0adcee
Support subdir in the OCS v2 endpoint
...
We should check against the ending substring since people could
run their nextcloud in a subfolder.
* Added test
2016-07-27 15:28:35 +02:00
Roeland Jago Douma
b543fd8d30
Set proper status code in OCS AppFramework Middleware
2016-07-22 12:53:47 +02:00
Morris Jobke
8c7d7d7746
Merge pull request #507 from nextcloud/run-le-script
...
Update emails and license headers with latest changes
2016-07-21 23:27:15 +02:00
Lukas Reschke
562e63cf69
Merge pull request #480 from nextcloud/fix_ocs_response_format
...
AppFramework default response for OCS is xml
2016-07-21 19:52:17 +02:00
Joas Schilling
ba87db3fcc
Fix others
2016-07-21 18:13:57 +02:00
Lukas Reschke
c385423d10
Merge pull request #479 from nextcloud/add-bruteforce-throttler
...
Implement brute force protection
2016-07-21 00:31:02 +02:00
Lukas Reschke
ba4f12baa0
Implement brute force protection
...
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.
It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
2016-07-20 22:08:56 +02:00
Roeland Jago Douma
e42f2f2650
AppFramework do not get default response
...
The OCSResponse differs from other responses in that it defaults to
XML. However we fell back to json by default.
This makes sure that if nothing is set we don't pass anything.
Which defaults then to the controllers default (which is often 'json')
but in the case of the OCSResponse 'xml'.
2016-07-20 22:05:43 +02:00
Lukas Reschke
020a2a6958
Merge pull request #476 from nextcloud/port-same-site-cookies
...
[master] Port Same-Site Cookies to master
2016-07-20 21:35:02 +02:00
Roeland Jago Douma
ea47974a08
Add OCSMiddleware to catch OCS exceptions
...
* OCSException
* OCSBadRequestException
* OCSForbiddenException
* OCSNotFoundException
2016-07-20 20:03:49 +02:00
Lukas Reschke
a299fa38a9
[master] Port Same-Site Cookies to master
...
Fixes https://github.com/nextcloud/server/issues/50
2016-07-20 18:37:57 +02:00
Christoph Wurst
82b50d126c
add PasswordLoginForbiddenException
2016-06-17 11:02:07 +02:00
Christoph Wurst
331d88bcab
create session token on all APIs
2016-06-13 15:38:34 +02:00
Christoph Wurst
9997c431c3
use client login method on CORS routes
2016-06-08 15:18:53 +02:00
Lukas Reschke
aba539703c
Update license headers
2016-05-26 19:57:24 +02:00
Roeland Jago Douma
4eebccd81f
Fix inconsistent nameing of AppFramework
2016-04-22 16:00:00 +02:00
Roeland Jago Douma
1d33a5ef13
Move \OC\AppFramework to PSR-4
...
* Also moved the autoloader setup a bit up since we need it in initpaths
2016-04-22 15:28:09 +02:00