nextcloud

Graphique des révisions

Auteur	SHA1	Message	Date
Andy Scherzinger	e07a190641	chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>	il y a 6 jours
Christoph Wurst	22dc27810e	fix(auth): Keep redirect URL during 2FA setup and challenge Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	il y a 1 mois
Alexander Piskun	26d343d33a	AppAPI: allowed to bypass Two-Factor Signed-off-by: Alexander Piskun <bigcat88@icloud.com>	il y a 5 mois
Faraz Samapoor	e98cf3c374	Uses PHP8's constructor property promotion. Signed-off-by: Faraz Samapoor <fsa@adlas.at>	il y a 11 mois
Côme Chilliet	f5c361cf44	composer run cs:fix Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	il y a 1 an
Christoph Wurst	df908c728a	Enable strict types for the 2FA middleware Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	il y a 2 ans
Christoph Wurst	74b1bf1d1c	Fix setting up 2FA when no providers are set up but backup codes 2FA set up is allowed when only backup codes are set up but no other provider and no provider is failing. This patch syncs up the login controller check with the challenge controller check 10 lines above. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	il y a 2 ans
Christoph Wurst	c8caba265f	Explicitly allow some routes without 2FA Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	il y a 2 ans
Joas Schilling	3710eca104	Allow "TwoFactor Nextcloud Notifications" to pull the state of the 2FA again Signed-off-by: Joas Schilling <coding@schilljs.com>	il y a 2 ans
Lukas Reschke	7c1038bfb3	Remove 2FA exemption from PublicPage annotation Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	il y a 2 ans
Christoph Wurst	2fca843cc0	Fix setting up 2FA providers when 2FA is enforced and bc are generated When a user has backup codes generated and got their 2FA enforced then they should be able to set up TOTP and similar providers during the login. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	il y a 2 ans
Lukas Reschke	04fa36d411	Improve provider check Check if there is a provider missing. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	il y a 2 ans
John Molakvoæ (skjnldsv)	215aef3cbd	Update php licenses Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	il y a 3 ans
Christoph Wurst	caff1023ea	Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	il y a 4 ans
Christoph Wurst	14c996d982	Use elseif instead of else if Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	il y a 4 ans
Christoph Wurst	5bf3d1bb38	Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	il y a 4 ans
Roeland Jago Douma	2cf068463f	Harden middleware check These annotations will allow for extra checks. And thus make it harder to break things. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	il y a 4 ans
Roeland Jago Douma	579162d7b9	Allow 2FA to be setup on first login Once 2FA is enforced for a user and they have no 2FA setup yet this will now prompt them with a setup screen. Given that providers are enabled that allow setup then. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	il y a 5 ans
Roeland Jago Douma	8c77882794	No need to check 2fa state on apptoken logins If you login with an apptoken there is no need to check 2FA state as this does not apply to apptokens. Not checking saves us a query on each request made from a client. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	il y a 5 ans
Morris Jobke	0eebff152a	Update license headers Signed-off-by: Morris Jobke <hey@morrisjobke.de>	il y a 6 ans
Lukas Reschke	f93a82b8b0	Remove explicit type hints for Controller This is public API and breaks the middlewares of existing apps. Since this also requires maintaining two different code paths for 12 and 13 I'm at the moment voting for reverting this change. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	il y a 6 ans
Roeland Jago Douma	3548603a88	Fix middleware implementations signatures Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	il y a 6 ans
Joas Schilling	72c1b24844	Check whether the $_SERVER['REQUEST_*'] vars exist before using them Signed-off-by: Joas Schilling <coding@schilljs.com>	il y a 7 ans
Christoph Wurst	6af2efb679	prevent infinite redirect loops if the there is no 2fa provider to pass This fixes infinite loops that are caused whenever a user is about to solve a 2FA challenge, but the provider app is disabled at the same time. Since the session value usually indicates that the challenge needs to be solved before we grant access we have to remove that value instead in this special case.	il y a 7 ans
Roeland Jago Douma	33f1532079	Throw exception if you don't handle it	il y a 7 ans
Joas Schilling	ba87db3fcc	Fix others	il y a 7 ans
blizzz	51fd2602a7	Revert "Downstream 2016-06-08"	il y a 8 ans
Joas Schilling	7f88645eab	Allow to cancel 2FA after login	il y a 8 ans
Joas Schilling	3e3b326c85	Allow to cancel 2FA after login	il y a 8 ans
Christoph Wurst	5e71d23ded	remember redirect_url when solving the 2FA challenge	il y a 8 ans
Lukas Reschke	aba539703c	Update license headers	il y a 8 ans
Christoph Wurst	847bbc51b6	add OCC command to enable/disable 2FA for a user	il y a 8 ans
Christoph Wurst	dfb4d426c2	Add two factor auth to core	il y a 8 ans

31 Révisions (master)