Commit Graph

14 Commits

Author SHA1 Message Date
Christoph Wurst 291dd0bd31 redirect to 2fa provider if there's only one active for the user 2016-08-29 18:36:39 +02:00
Joas Schilling 736e884e9a
Move the reset token to core app 2016-08-23 15:01:38 +02:00
Joas Schilling 139fb8de94
Remove "password reset token" after successful login 2016-08-23 12:54:45 +02:00
Lukas Reschke cf3cfca356
Use generated URL 2016-08-15 17:37:55 +02:00
Lukas Reschke 75d135d8d4
Fix tests for LoginController 2016-08-15 17:19:32 +02:00
Lukas Reschke 65d1472005
Don't use create mock
Not compatible with this PHPunit version
2016-08-15 17:08:27 +02:00
Lukas Reschke 72b5f9bfac
Use createMock instead of deprecated getMock 2016-08-11 15:22:29 +02:00
Lukas Reschke 9ca25e857c
Redirect users when already logged-in on login form 2016-08-11 15:22:29 +02:00
Lukas Reschke c1589f163c
Mitigate race condition 2016-07-20 23:09:27 +02:00
Lukas Reschke ba4f12baa0
Implement brute force protection
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.

It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
2016-07-20 22:08:56 +02:00
Thomas Müller 232d735893
Do not leak the login name - fixes #25047 2016-06-09 16:44:31 +02:00
Christoph Wurst ad10485cec
when generating browser/device token, save the login name for later password checks 2016-05-24 11:49:15 +02:00
Christoph Wurst dfb4d426c2
Add two factor auth to core 2016-05-23 11:21:10 +02:00
Joas Schilling 392bc0c6b9
Move tests/core/ to PSR-4 2016-05-19 11:18:25 +02:00