736e884e9a
Move the reset token to core app
2016-08-23 15:01:38 +02:00
139fb8de94
Remove "password reset token" after successful login
2016-08-23 12:54:45 +02:00
cf3cfca356
Use generated URL
2016-08-15 17:37:55 +02:00
75d135d8d4
Fix tests for LoginController
2016-08-15 17:19:32 +02:00
65d1472005
Don't use create mock
...
Not compatible with this PHPunit version
2016-08-15 17:08:27 +02:00
72b5f9bfac
Use createMock instead of deprecated getMock
2016-08-11 15:22:29 +02:00
9ca25e857c
Redirect users when already logged-in on login form
2016-08-11 15:22:29 +02:00
c1589f163c
Mitigate race condition
2016-07-20 23:09:27 +02:00
ba4f12baa0
Implement brute force protection
...
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.
It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
2016-07-20 22:08:56 +02:00
232d735893
Do not leak the login name - fixes #25047
2016-06-09 16:44:31 +02:00
ad10485cec
when generating browser/device token, save the login name for later password checks
2016-05-24 11:49:15 +02:00
dfb4d426c2
Add two factor auth to core
2016-05-23 11:21:10 +02:00
392bc0c6b9
Move tests/core/ to PSR-4
2016-05-19 11:18:25 +02:00
Joas Schilling
Lukas Reschke
Thomas Müller
Christoph Wurst
Joas Schilling