log the error in case a notification mail of a new share couldn't
be send to the recipient and finish the share operation successfully
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
When a password is reste we should make sure that all users are properly
logged in. Pending states should be cleared. For example a session where
the 2FA code is not entered yet should be cleared.
The token is now removed so the session will be killed the next time
this is checked (within 5 minutes).
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Fixes#7084
Now entering wrongly cased email (roeland@ instead of Roeland@) for
password reset etc. Will also work.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
When a touch is done (i.e. when creating a new file in the node API)
The hooks contain 'write' and 'touch' (and the operation is touch as
well). This would cause a double write update. Which doesn't make sense.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
The second execute statement should be inside the if block. Else it gets
executed twice which makes no sense.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Fixes#12498
This means that we set that it is a proper app token once it is
validated. This will allow the 2FA middleware to just run the same
check.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* fixes#9305 by not being prone to the race condition in insertIfNotExists
* fixes#6899 by not using a query that can result in a deadlock
* replaces the insertIfNotExists call with an insert which is wrapped into a try-catch block
* followup to #12371
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* fixes#6160 by not being prone to the race condition in insertIfNotExists
* fixes#12228 by not using a query that can result in a deadlock
* replaces the insertIfNotExists call with an insert which is wrapped into a try-catch block
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Fixes#1020
When an external storage is shared with you in full the root is ''
(empty). This adds an extra check for an empty jail basically.
Because if the jail is on the empty string. It matches all paths.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Fixes#12131
If we hit an expired token there is no need to continue checking. Since
we know it is a token.
We also should not register this with the bruteforce throttler as it is
actually a valid token. Just expired. Instead the authentication should
fail. And buisness continues as usual.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
When using atoken obtained via OAuth the token expires. Resulting in
brute force attempts hitting the requesting IP.
This resets the brute force attempts for that UID on a valid refresh of
the token.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Roeland Jago Douma
Christoph Wurst
Bjoern Schiessle
Morris Jobke
Robin Appelman
John Molakvoæ
Roeland Jago Douma
Joas Schilling
Carsten Wiedmann
Julius Härtl
Peter Kraume
Georg Ehrke
brad2014