Commit Graph

350 Commits

Author SHA1 Message Date
Michael Göhler ae1f33db54 implement fixed php session timeout and session id regeneration 2012-10-14 22:36:26 +02:00
Michael Göhler b92fd984aa removed username and password from token generation 2012-10-14 22:36:26 +02:00
Michael Göhler a6c4046f48 fixed typo and redundant method call 2012-10-14 22:36:25 +02:00
Michael Göhler d8fe6fbb40 added a warning message to the log when a cookie is rejected 2012-10-14 22:36:25 +02:00
Michael Göhler 382f8d060c fixed wrong variable usage 2012-10-14 22:36:25 +02:00
Michael Göhler 38b9bffaea call unsetMagicInCookie if token is invalid 2012-10-14 22:36:25 +02:00
Michael Göhler eb79ccafe3 forgot a class name 2012-10-14 22:36:25 +02:00
Michael Göhler 2ea06f67bd delete all tokens on password change 2012-10-14 22:36:25 +02:00
Michael Göhler 45f1c3f120 further improvements on multiple login token support
outdated tokens are deleted before checking against cookies
if an invalid token is used we delete all stored tokens for saveness
used token will be replaced by a new one after successful authentication
2012-10-14 22:36:25 +02:00
Michael Göhler ee5d0f328f improve token security
switched from time() to internal method OC_Util::generate_random_bytes()
2012-10-14 22:36:25 +02:00
Bart Visscher 4b799a6982 Make the lifetime of the remember login cookie 2012-10-14 22:36:25 +02:00
Bart Visscher 7f3e0b5566 Cleanup login tokens on login success 2012-10-14 22:36:25 +02:00
Bart Visscher 1012d317e3 Add support for multiple login cookie tokens 2012-10-14 22:36:25 +02:00
Michael Göhler 7095b3a083 extend logon page to display multiple error messages 2012-10-14 19:57:24 +02:00
Robin Appelman 11e9ce25e6 merge master into filesystem 2012-10-13 04:29:20 +02:00
Bart Visscher 9a35bd76fb Use resolved path for require_once in autoloader 2012-10-12 15:47:41 +02:00
Robin Appelman fb2d2bc201 merge master into filesystem 2012-10-11 22:54:39 +02:00
Bart Visscher 2c3674ea87 Add logging when stripping apps from autoload include path 2012-10-10 21:06:15 +02:00
Bart Visscher fe40277ec2 Use __DIR__ instead of __FILE__ to get SERVERROOT 2012-10-10 21:06:15 +02:00
Lukas Reschke cda2135966 Send a HSTS HTTP header to enforce SSL 2012-10-10 18:56:14 +02:00
Robin Appelman e7899e17de merge phpunit into filesystem 2012-10-08 13:53:53 +02:00
Arthur Schiwon 3affeb5bd7 destroy invalid sessions 2012-10-08 13:36:11 +02:00
Bart Visscher f3a211c03c Implement routing on javascript side 2012-10-05 09:42:36 +02:00
Robin Appelman b7eb3f3dff merge master into filesystem 2012-10-01 14:21:49 +02:00
Robin Appelman f8eebcbb01 reload the current url when login in instead of always redirecting to the default app (oc-1873) 2012-09-30 03:47:37 +02:00
Lukas Reschke 578aa4e425 Removed sectoken
This token is completly useless since an attacker can easily extract it
from the page.
2012-09-29 15:18:38 +02:00
Bart Visscher c9317b5a68 Merge branch 'master' into routing 2012-09-28 21:41:21 +02:00
Bart Visscher bf1057143c Merge branch 'master' into routing
Conflicts:
	apps/files/js/filelist.js
	core/js/js.js
	lib/ocs.php
2012-09-28 15:38:49 +02:00
Christian Reiner 743826bbf3 Reimplementation of CSRF protection including autorefresh 2012-09-28 13:30:44 +02:00
Robin Appelman 88bca9bc49 Merge branch 'master' into filesystem 2012-09-26 17:52:28 +02:00
VicDeo 2b6869bcea Uncaught exception logging 2012-09-26 14:38:06 +03:00
Lukas Reschke c4fc291fa7 Passwords containing a ":" don't work with this explode
Thanks to mETz
2012-09-25 19:57:40 +02:00
Robin Appelman b206d16b10 add support for loading namespaced test cases 2012-09-22 14:51:34 +02:00
Robin Appelman 93292516d9 Merge branch 'master' into filesystem 2012-09-22 14:28:14 +02:00
Victor Dubiniuk bbf8bb0bb3 Log PHP errors to the OC log 2012-09-12 22:30:04 +03:00
Michael Gapczynski c5f9b887ff Don't call clearCache() for OC_Minimizer statically, create OC_Minimizer objects for both CSS and JS to clear cache after upgrade 2012-09-12 01:18:07 -04:00
Robin Appelman 46422e6dbe don't use regular expresions for a simple string replace 2012-09-08 23:40:23 +02:00
Robin Appelman bd83422095 put filestorages in a namespace 2012-09-07 18:30:48 +02:00
Bart Visscher ceec5e593c Remove redundant loadApps 2012-09-07 16:19:08 +02:00
Bart Visscher 5eba579827 Merge branch 'master' into routing
Conflicts:
	apps/files/js/fileactions.js
	lib/base.php
	lib/helper.php
	lib/ocs.php
2012-09-07 15:51:44 +02:00
Thomas Mueller 3829460ab8 adding space between) and { 2012-09-07 15:22:01 +02:00
Bart Visscher 5e55b4d6e7 Whitespace fixes in lib 2012-09-07 14:08:29 +02:00
Bart Visscher 9ea7817a40 Remove core.{css,js} cache on upgrade 2012-09-07 13:42:22 +02:00
Thomas Müller 9eccc0121a Respect coding style 2012-09-05 13:22:38 +03:00
Thomas Müller 7901fc33a8 fixing syntax error 2012-09-04 15:54:38 +03:00
Thomas Müller aff08925c1 fixing syntax error - sorry for that 2012-09-04 15:46:43 +03:00
Thomas Müller 2028500c0a fixing syntax error - sorry for that 2012-09-04 15:42:58 +03:00
Thomas Müller e4e0b5a822 Respect coding style 2012-09-04 15:34:09 +03:00
Robin Appelman 2508f64efe set debug mode if an xdebug session is active 2012-09-01 20:52:13 +02:00
Robin Appelman a7255181ad fix autoloader throwing errors for non-oc classes 2012-09-01 15:36:52 +02:00
Robin Appelman 3dacf149de allow configuring user backends in config.php 2012-09-01 02:50:27 +02:00
Robin Appelman f67aef608f load authentication apps on login 2012-09-01 02:50:27 +02:00
Robin Appelman ebd813ae95 don't throw errors in the autoloader when a class doesn't exist 2012-09-01 02:50:27 +02:00
Bart Visscher b483f2aab8 Merge branch 'master' into routing
Conflicts:
	apps/contacts/js/contacts.js
	apps/contacts/lib/search.php
	apps/files_archive/js/archive.js
	apps/gallery/lib/tiles.php
	apps/gallery/templates/index.php
	lib/ocs.php
2012-08-30 21:49:28 +02:00
Bart Visscher db18218a1b Space before tab fixes 2012-08-29 20:34:44 +02:00
Bart Visscher 52f2e7112e Whitespace fixes in lib 2012-08-29 20:28:45 +02:00
Bart Visscher 53e51fe46b Clean user cache on login 2012-08-28 23:07:28 +02:00
Bart Visscher 8a02a8852f Add background job for global file cache cleanup 2012-08-28 23:07:28 +02:00
Bart Visscher 63af75586b Merge branch 'master' into routing 2012-08-15 17:39:00 +02:00
Bart Visscher db4111f6d5 Routing: Add some core routes 2012-08-12 16:52:36 +02:00
Bart Visscher 8c02494744 Routing: Prepare load funtions to be called from OC_Router 2012-08-12 16:16:22 +02:00
Lukas Reschke 0d8df3f55c Revert "Combine install checks in lib/base.php"
This reverts commit aa9fbf6639.
2012-08-11 17:07:35 +02:00
Michael Gapczynski 465767670b Check blacklist when renaming files 2012-08-11 11:04:04 -04:00
Bart Visscher 1025e451a7 Add router match to OC::handleRequest 2012-08-11 01:36:16 +02:00
Bart Visscher c2160433cd Merge branch 'master' into routing
Conflicts:
	lib/base.php
2012-08-11 00:43:26 +02:00
Bart Visscher 72b2324b68 Move loading of routes to OC::getRouter function 2012-08-10 23:31:11 +02:00
Bart Visscher 3722928c46 Change access to router object to getter function 2012-08-10 23:30:04 +02:00
Bart Visscher 3e8b6e816a Create OC_Router in OC::init 2012-08-10 23:03:57 +02:00
Lukas Reschke 8ec45870a3 Validate cookie properly and prevent auth bypass
BIG (!) thanks to Julien CAYSSOL
2012-08-10 15:28:59 +02:00
Jakob Sack 0ea4fa298c Backgroundjobs: don't try to access OC_Appconfig if ownCloud has not been installed 2012-08-10 13:53:40 +02:00
Jakob Sack 81b997b56e Merge branch 'backgroundjobs' 2012-08-10 13:00:51 +02:00
Bart Visscher 82b10954e7 Simplify loading app php script files 2012-08-10 12:27:37 +02:00
Bart Visscher 5e7086adc9 Move login handling to OC class 2012-08-10 12:17:13 +02:00
Bart Visscher 83403784d1 Always load when the requested file is css 2012-08-10 11:43:04 +02:00
Bart Visscher da07245f59 Move OC::loadfile and OC::loadapp next to OC::handleRequest 2012-08-10 11:43:04 +02:00
Bart Visscher e3c732040b Make OC::loadfile and OC::loadapp protected, only used in OC::handleRequest 2012-08-10 11:43:04 +02:00
Bart Visscher 0973969386 Cleanup OC::loadfile 2012-08-10 11:43:04 +02:00
Bart Visscher aa9fbf6639 Combine install checks in lib/base.php 2012-08-10 11:43:04 +02:00
Jakob Sack 889f0a1c6d rename appconfig keys for backgroundjobs 2012-08-09 10:40:39 +02:00
Jakob Sack 13a0818fec Be more precise regarding backgroundjobs mode 2012-08-09 01:02:05 +02:00
Bart Visscher 3387454094 Move login code from index.php to OC class 2012-08-08 22:42:51 +02:00
Bart Visscher 9156fb73fd Move handling request of index.php to OC class 2012-08-08 22:42:50 +02:00
Bart Visscher 7522a23693 Remove unused RUNTIME_NOSETUPFS var 2012-08-08 22:42:50 +02:00
Bart Visscher 99ce7ba1df Move serverHost and serverProtocol functions to OC_Request 2012-08-07 20:43:00 +02:00
Bart Visscher 6d0390dcca Fix rewriting GET parameters with ? in REQUESTEDAPP 2012-08-07 20:43:00 +02:00
Bart Visscher d579defc66 Merge branch 'master' into routing 2012-07-25 17:51:36 +02:00
Arthur Schiwon 57c375ea24 Support for OCA namespace 2012-07-25 12:56:08 +02:00
Bart Visscher d0cae6a99a Very basic conversion of ocs to Symfony Routing Component 2012-07-21 19:43:50 +02:00
Robin Appelman 33b8de91ea allow a more flexible way of using user backends 2012-07-19 16:31:55 +02:00
Bart Visscher 621b83df72 Remove referer check, this is unreliable. The header doesnt need te exist, or can be wrong 2012-07-04 17:51:07 +02:00
Robin Appelman 12f7cb8767 fix running tests from cli 2012-06-27 13:21:45 +02:00
Bart Visscher 2f0b4983e9 Move app upgrade check to loading of apps 2012-06-27 01:05:12 +02:00
Brice Maron 09a9f5400e Trim url and path of appsroot to have and standart type of path fix oc-1107 2012-06-25 15:50:27 +02:00
Brice Maron df60d6d5d2 Fixes for multi app dir :
Url should be given as relative path (to webroot)
Correct link construction from js
2012-06-22 12:24:56 +02:00
Brice Maron b5953e7a83 Provide solution for smoother migration for apps to multi-app dir 2012-06-21 22:22:36 +00:00
Brice Maron e5c56b2433 Merge branch 'master' into multi_app_dir
Conflicts:
	lib/app.php
	lib/base.php
	lib/minimizer/css.php
	lib/minimizer/js.php
	lib/template.php
	lib/util.php
2012-06-21 17:15:35 +00:00
Bart Visscher 6404476bec Delay setup of FS until OC_Filesystem is used 2012-06-20 17:10:49 +02:00
Bart Visscher f54ef5a464 Remove OC::$CONFIG_DATADIRECTORY, not used 2012-06-19 22:54:14 +02:00
Bart Visscher 332603a263 Move formfactor code to OC_Template 2012-06-18 15:40:48 +02:00
Bart Visscher 977cd0df6b Fix errors for minimizer 2012-06-18 11:33:24 +02:00