mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
35,377 Commits 349 Branches 696 Tags 1.6 GiB
Commit Graph

33 Commits

Author SHA1 Message Date
Lukas Reschke 9d6e01ef40
Add missing tests and fix PHPDoc 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-11-02 13:39:17 +01:00
Christoph Wurst 6f86e468d4
inject ISecureRandom into user session and use injected config too 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2016-11-02 13:39:16 +01:00
Christoph Wurst d907666232
bring back remember-me 
* try to reuse the old session token for remember me login
* decrypt/encrypt token password and set the session id accordingly
* create remember-me cookies only if checkbox is checked and 2fa solved
* adjust db token cleanup to store remembered tokens longer
* adjust unit tests

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2016-11-02 13:39:16 +01:00
Roeland Jago Douma f722640a32
Proper DI of config 
* Fixed comments

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-10-28 10:13:35 +02:00
Jörn Friedrich Dreyer f8352fcb8d
introduce callForSeenUsers and countSeenUsers (#26361) 
* introduce callForSeenUsers and countSeenUsers

* add tests

* oracle should support not null on clob

* since 9.2.0
 2016-10-28 08:44:05 +02:00
Roeland Jago Douma 593d52fe91
Fix and cleanup SessionTest 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-10-25 09:34:27 +02:00
Vincent Petry 6d1e858aa4
Fix logClientIn for non-existing users (#26292) 
The check for two factor enforcement would return true for non-existing
users. This fix makes it return false in order to be able to perform
the regular login which will then fail and return false.

This prevents throwing PasswordLoginForbidden for non-existing users.
 2016-10-25 09:34:27 +02:00
Robin Appelman 90db361827
Add test to ensure token times are updated 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2016-10-11 11:06:24 +02:00
Robin Appelman 25ed6714c7
dont update the auth token twice 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2016-10-11 11:05:25 +02:00
Joas Schilling 4d1acfd4ef
Only trigger postDelete hooks when the user was deleted... 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2016-09-29 15:40:53 +02:00
Joas Schilling f6ff60f4cb
Make sure that comments, notifications and preferences are deleted 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2016-09-29 15:40:53 +02:00
Roeland Jago Douma d616984879
Fix getMock User 2016-09-13 09:09:53 +02:00
Robin Appelman 6c93fe08f5 dont get bruteforce delay twice 2016-08-29 13:36:49 +02:00
Lukas Reschke c1589f163c
Mitigate race condition 2016-07-20 23:09:27 +02:00
Lukas Reschke ba4f12baa0
Implement brute force protection 
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.

It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
 2016-07-20 22:08:56 +02:00
Roeland Jago Douma f2d091a963
Fix failing tests after db split 2016-07-13 09:26:19 +02:00
Lukas Reschke 179a355b2c Merge remote-tracking branch 'upstream/master' into master-sync-upstream 2016-07-01 11:36:35 +02:00
Christoph Wurst 1710de8afb Login hooks (#25260) 
* fix login hooks

* adjust user session tests

* fix login return value of successful token logins

* trigger preLogin hook earlier; extract method 'loginWithPassword'

* call postLogin hook earlier; add PHPDoc
 2016-06-27 22:16:22 +02:00
Lukas Reschke 6670d37658 Merge remote-tracking branch 'upstream/master' into master-sync-upstream 2016-06-27 18:23:00 +02:00
Bjoern Schiessle 2a990a0db5
verify user password on change 2016-06-27 14:08:11 +02:00
Christoph Wurst 89198e62e8 check login name when authenticating with client token 2016-06-24 13:57:09 +02:00
Vincent Petry 3db5de95bd Merge pull request #25172 from owncloud/token-login-validation 
Token login validation
 2016-06-22 13:58:56 +02:00
Christoph Wurst b805908dca
update session token password on user password change 2016-06-21 10:24:25 +02:00
Christoph Wurst 56199eba37
fix unit test warning/errors 2016-06-20 10:41:23 +02:00
Christoph Wurst 8ef5431e7a
fix user session tests 2016-06-20 09:10:11 +02:00
Christoph Wurst 82b50d126c
add PasswordLoginForbiddenException 2016-06-17 11:02:07 +02:00
Christoph Wurst 465807490d
create session token only for clients that support cookies 2016-06-13 19:44:05 +02:00
Christoph Wurst ec929f07f2
When creating a session token, make sure it's the login password and not a device token 2016-06-08 13:31:55 +02:00
Christoph Wurst c58d8159d7
Create session tokens for apache auth users 2016-05-31 17:07:49 +02:00
Christoph Wurst 28ce7dd262
do not allow client password logins if token auth is enforced or 2FA is enabled 2016-05-24 17:54:02 +02:00
Christoph Wurst ad10485cec
when generating browser/device token, save the login name for later password checks 2016-05-24 11:49:15 +02:00
Christoph Wurst c20cdc2213
invalidate user session if the user is disabled 2016-05-23 10:32:16 +02:00
Joas Schilling 94ad54ec9b Move tests/ to PSR-4 (#24731) 
* Move a-b to PSR-4

* Move c-d to PSR-4

* Move e+g to PSR-4

* Move h-l to PSR-4

* Move m-r to PSR-4

* Move s-u to PSR-4

* Move files/ to PSR-4

* Move remaining tests to PSR-4

* Remove Test\ from old autoloader
 2016-05-20 15:38:20 +02:00