This didn't really work anyways and Chrome 54 for Android has been pushed out via Google Play on October 19th. So we should remove this.
This is only in master and doesn't affect any stable branch.
Fixes https://github.com/nextcloud/server/issues/2318
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* try to reuse the old session token for remember me login
* decrypt/encrypt token password and set the session id accordingly
* create remember-me cookies only if checkbox is checked and 2fa solved
* adjust db token cleanup to store remembered tokens longer
* adjust unit tests
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Chrome on Android has a bug that it doesn't sent cookies with the
same-site attribute for the download manager. To work around that
all same-site cookies get deleted and recreated directly. Awesome!
FIXME: Remove once Chrome 54 is deployed to end-users
@see https://github.com/nextcloud/server/pull/1454
Some user agents are notorious and don't really properly follow HTTP
specifications. For those, have an automated opt-out. Since the protection
for remote.php is applied in base.php as starting point we need to opt out
here.
nextcloud by default uses the `/config/` directory in the source/application tree for its config file(s).
with this commit that directory can be overridden by the `NEXTCLOUD_CONFIG_DIR` environment variable.
in uwsgi, you would use the option `--env "NEXTCLOUD_CONFIG_DIR=/tmp/nx-config/"`
in apache `SetENV …`
and the cli command can be run with: `NEXTCLOUD_CONFIG_DIR=/tmp/nx-config ./occ` (or just use `export` once in the
shell).
NEXTCLOUD_CONFIG_DIR can be supplied with or without the trailing slash (`/`), but in all cases `$configDir` will have
it automatically added if needed.
The other changes are several occurrences of `OC::$SERVERROOT . '/config'` to `OC::$configDir`.
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.
It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
* Move used OC_Group_xx to \OC\Group
* Add (deprecated) legacy wrapper in legacy, OC_Group_xx
* Replace deprecated use of OC_Group_xx with \OC\Group\xx
Morris Jobke
Bjoern Schiessle
Lukas Reschke
Joas Schilling
Jan-Christoph Borchardt
Christoph Wurst
Thomas Müller
Jörn Friedrich Dreyer
Vincent Petry
Robin Appelman
Juan Pablo Villafáñez
Arthur Schiwon
Damjan Georgievski
Roeland Douma
Roeland Jago Douma
Victor Dubiniuk
Thomas Pulzer
Lukas Reschke
VicDeo
Joachim Sokolowski
Joas Schilling
Christoph Wurst
Christoph Wurst