a07f6d46e3
Use proper types
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-04-11 00:21:25 +02:00
fd3c97b93b
Avoid to leak a user ID that is not a string to reach a user backend
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-04-11 00:03:30 +02:00
33b93db953
Remove unused parameter
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-04-06 21:44:23 +02:00
2b7d4d5069
Fix tests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-04-06 19:58:37 +02:00
caee215120
Always remember me
...
Fixes #8004
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-04-06 15:44:28 +02:00
ffc05e2fed
don't try login with the same name that just failed
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-02-22 13:05:48 +01:00
7cab7feb38
Display message when connection is throttled on logi page
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-15 21:43:09 +01:00
f5f6ed664d
Hide stay logged in checkbox when flow authentication is used
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-12-28 11:15:26 +01:00
0eebff152a
Update license headers
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 16:56:19 +01:00
0bccd5a0d9
Fix "Uninitialized string offset: 0 at \/media\/psf\/stable9\/lib\/private\/URLGenerator.php#224"
...
The URLGenerator doesn't support `` as target for absolute URLs, we need to link to `/` thus.
Regression introduced with 46229a00f3
2017-09-07 08:34:02 +02:00
30ca3b70ed
Merge pull request #6196 from nextcloud/downstream-26539-2
...
Handle invalid ext storage backend to keep mount point visible
2017-09-04 14:17:28 +02:00
0326c2c54f
Fix broken tests
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-09-04 14:17:03 +02:00
46229a00f3
Add rich link preview to the login page
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2017-09-02 21:39:38 +02:00
f22ab3e665
Add metadata to \OCP\AppFramework\Http\Response::throttle
...
Fixes https://github.com/nextcloud/server/issues/5891
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-07-27 14:17:45 +02:00
2f87fb6b45
Add Clear-Site-Data header
...
This adds a Clear-Site-Data header to the logout response which will delete all relevant data in the caches which may contain potentially sensitive content.
See https://w3c.github.io/webappsec-clear-site-data/#header for the definition of the types.
Ref https://twitter.com/mikewest/status/877149667909406723
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-06-20 19:46:10 +02:00
7c23414eef
Disable reset password link. Issue: #27440
2017-05-11 10:27:33 +02:00
bb1d191f82
Fix remember redirect_url on failed login attempts
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-04-25 09:38:19 +02:00
8149945a91
Make BruteForceProtection annotation more clever
...
This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware.
Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-04-13 23:05:33 +02:00
d36751ee38
Merge pull request #2424 from nextcloud/fix-login-controller-test-consolidate-login
...
Fix login controller test and consolidate login
2017-04-13 12:16:38 -05:00
7ad791efb4
Dont create a log entry on email login
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-07 10:15:20 +02:00
7b3fdfeeaa
do login routine only once when done via LoginController
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-04-06 15:22:42 +02:00
2994cbc586
fix login controller tests
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-04-06 15:20:17 +02:00
19fc68cbdc
Merge pull request #2606 from temparus/master
...
Add preLoginValidation hook
2017-02-15 21:47:47 +01:00
ac841ee002
Merge pull request #3362 from nextcloud/fix/nc-token-cookie-name
...
oc_token should be nc_token
2017-02-09 10:07:59 +01:00
9b6f99ab08
Update license header
...
Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
2017-02-07 01:25:39 +01:00
fa1d607bfa
Merge remote-tracking branch 'nextcloud/master'
...
Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
2017-02-07 00:15:30 +01:00
ff3fa538e4
Add missing use statement for PublicEmitter
...
Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
2017-02-07 00:12:19 +01:00
5e728d0eda
oc_token should be nc_token
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-02-02 21:56:44 +01:00
20f878b014
Fix typo for UserManager variable
...
Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
2017-02-01 21:54:00 +01:00
6feff0ceba
Add check if UserManager is of type PublicEmitter before calling preLogin hook
...
Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
2017-02-01 21:53:50 +01:00
e30d28f7eb
Change where preLogin hook gets called
...
Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
2017-02-01 21:53:42 +01:00
6ab0a3215d
Remove preLoginValidation hook
...
Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
2017-02-01 21:53:29 +01:00
e14d50eb1f
Fix indentation
...
Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
2017-02-01 21:50:47 +01:00
4ebcd5ac0b
Add preLoginValidation hook
...
Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
2017-02-01 21:50:25 +01:00
2c9d7eeb76
Fix public page css fallback loading
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2017-02-01 18:03:51 +01:00
5bad417e57
Merge pull request #2044 from nextcloud/login-credential-store
...
Login credential store
2017-01-30 19:30:04 -06:00
bde1150d04
Merge pull request #3004 from nextcloud/fix-installation-css
...
Fixed installation page
2017-01-22 18:28:33 +01:00
cdf01feba7
add action to existing brute force protection
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-01-18 15:25:16 +01:00
140555b786
always allow remembered login
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-01-11 19:20:11 +01:00
e4b3ba6590
Create unified css file and merge all needed data into this file
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2017-01-10 17:50:29 +01:00
2f21eaaf47
Use login name to fix password confirm with ldap users
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-01-05 12:17:30 +01:00
924358ef96
Save the timezone on login again
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-12-08 10:45:24 +01:00
25a5c655f7
Move integer casting to the top of the chain
...
Signed-off-by: justin-sleep <justin@quarterfull.com>
2016-12-02 14:07:45 -06:00
d75e35b75e
Introduce the UI for password confirmation
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-11-18 11:57:16 +01:00
d907666232
bring back remember-me
...
* try to reuse the old session token for remember me login
* decrypt/encrypt token password and set the session id accordingly
* create remember-me cookies only if checkbox is checked and 2fa solved
* adjust db token cleanup to store remembered tokens longer
* adjust unit tests
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-11-02 13:39:16 +01:00
877cb06bfe
Use magic DI for core controllers
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-09-30 10:00:26 +02:00
e341bde8b9
Merge pull request #1172 from nextcloud/core_cleanup
...
Core controller cleanup
2016-08-30 08:32:55 +02:00
f6423f74e3
Minor cleanup in core Controllers
2016-08-29 21:52:09 +02:00
291dd0bd31
redirect to 2fa provider if there's only one active for the user
2016-08-29 18:36:39 +02:00
736e884e9a
Move the reset token to core app
2016-08-23 15:01:38 +02:00
Roeland Jago Douma
Morris Jobke
Arthur Schiwon
Julius Härtl
Lukas Reschke
Ujjwal Bhardwaj
Christoph Wurst
Joas Schilling
Sandro Lutz
John Molakvoæ (skjnldsv)
Bjoern Schiessle
justin-sleep