mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
42,857 Commits 349 Branches 696 Tags 1.6 GiB
Commit Graph

33 Commits

Author SHA1 Message Date
Bjoern Schiessle 9665637cd8
only warn about data lose on password reset if per-user keys are used 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2018-08-10 16:54:55 +02:00
Rémy Jacquin 0b8908b8df
Fix translation bug on lost password page 
Fix nextcloud/password_policy#26

Signed-off-by: Rémy Jacquin <remy@remyj.fr>
 2018-05-22 18:43:27 +02:00
Arthur Schiwon 4f3d52a364
never translate login names when requiring with a user id 
where appropriate, the preLoginNameUsedAsUserName hook should be thrown.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2018-01-03 13:25:00 +01:00
Morris Jobke 0eebff152a
Update license headers 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-11-06 16:56:19 +01:00
Joas Schilling 3119fd41ce
Set the data from the template 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-10-18 15:12:03 +02:00
Joas Schilling 8b37fe7f65
Set the subject with the email template to allow theming 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-10-18 15:12:03 +02:00
Joas Schilling 6dbb64c4a2
Merge setMetaData into constructor 
This ensures that the meta data is set in the beginning

Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-09-04 15:07:41 +02:00
Joas Schilling 6a130d01e7
Also for reset password 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-08-24 18:02:37 +02:00
Joas Schilling d5c6d56170
No password reset for disabled users 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-08-18 13:21:53 +02:00
Morris Jobke 188b87e03b Cleanup legacy user class from unused methods 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-07-24 12:17:53 +02:00
Joas Schilling 0828df5ed4
Disable the API endpoints as well 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-05-11 17:03:57 +02:00
Joas Schilling 3d671cc536 Merge pull request #4443 from nextcloud/cleanup-unused-imports 
Remove unused use statements
 2017-04-24 11:47:37 +02:00
Morris Jobke c54a59d51e
Remove unused use statements 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-04-22 19:23:31 -05:00
Lukas Reschke d0d34d308a
Add at most 10 password reset requests per 5 minutes and IP range 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-04-22 08:12:54 +02:00
Morris Jobke 16c4755e03
Rename renderHTML to renderHtml 
* fixes #4383
* improves consistency

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-04-19 15:46:41 -05:00
Lukas Reschke 727688ebd9
Adjust existing bruteforce protection code 
- Moves code to annotation
- Adds the `throttle()` call on the responses on existing annotations

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-04-14 13:42:40 +02:00
Lukas Reschke 81d3732bf5 Merge pull request #4308 from nextcloud/lost-password-email 
Update email template for lost password email
 2017-04-13 20:02:15 +02:00
Lukas Reschke 66835476b5
Add support for ratelimiting via annotations 
This allows adding rate limiting via annotations to controllers, as one example:

```
@UserRateThrottle(limit=5, period=100)
@AnonRateThrottle(limit=1, period=100)
```

Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-04-13 12:00:16 +02:00
Morris Jobke 1f962f9115
Update email template for lost password email 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-04-12 15:19:53 -05:00
Morris Jobke 5b4adf66e5
Move OC_Defaults to OCP\Defaults 
* currently there are two ways to access default values:
  OCP\Defaults or OC_Defaults (which is extended by
  OCA\Theming\ThemingDefaults)
* our code used a mixture of both of them, which made
  it hard to work on theme values
* this extended the public interface with the missing
  methods and uses them everywhere to only rely on the
  public interface

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-04-09 21:43:01 -05:00
Joas Schilling 4bae7ef96d
Allow to reset the password with the email as an input 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-03-28 21:17:37 +02:00
Bjoern Schiessle 927d3865a0
add brute force protection to password reset to make it harder to guess user logins 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2017-01-19 10:12:45 +01:00
Bjoern Schiessle fcda3a20f4
create new encryption keys on password reset and backup the old one 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2017-01-10 17:04:32 +01:00
Bjoern Schiessle 16bbd3fd7c
fix password reset if encryption is enabled 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2016-12-08 12:08:05 +01:00
Lukas Reschke 6d686c213b
[WIP] Use mail for encrypting the password reset token as well 2016-11-03 14:27:26 +01:00
Joas Schilling 877cb06bfe
Use magic DI for core controllers 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2016-09-30 10:00:26 +02:00
Roeland Jago Douma f6423f74e3
Minor cleanup in core Controllers 2016-08-29 21:52:09 +02:00
Joas Schilling 736e884e9a
Move the reset token to core app 2016-08-23 15:01:38 +02:00
Joas Schilling ba87db3fcc
Fix others 2016-07-21 18:13:57 +02:00
Joas Schilling 2c988ecbf4
Use the themed Defaults everywhere 2016-07-15 09:17:30 +02:00
Lukas Reschke aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Julius Haertl 8ee2cb47d0 Show error messages if a password reset link is invalid or expired 
- Moved token validation to method checkPasswordResetToken
- Render error with message from exceptions
 2016-05-23 16:48:10 +02:00
Lukas Reschke a4b19a5b1e
Rename files to be PSR-4 compliant 2016-04-06 11:00:52 +02:00