* gives the admin a chance to discover the missing indexes and improve the performance of the instance without digging through the manual
* nicely integrated in the setup checks where this kind of hints belong to
* also adds an option to integrate this from an app based on events
* fix style of setting warnings
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* currently there are two ways to access default values:
OCP\Defaults or OC_Defaults (which is extended by
OCA\Theming\ThemingDefaults)
* our code used a mixture of both of them, which made
it hard to work on theme values
* this extended the public interface with the missing
methods and uses them everywhere to only rely on the
public interface
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.
It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
* Add InvalidTokenException
* add DefaultTokenMapper and use it to check if a auth token exists
* create new token for the browser session if none exists
hash stored token; save user agent
* encrypt login password when creating the token
* lostpassword.css is unneeded since #11696 is merged - 1b50d4f7ce
* js is already in core/js
* css is moved to core/css/lostpassword
* template is moved to core/templates/lostpassword
In case of an error the error message often contains sensitive data such as the full path which potentially leads to a full path disclosure.
Thus the error message should not directly get displayed to the user and instead be logged.
Expire token after 12h and if user logged-in again
As an hardening measure we should expire password reset tokens after 12h and if the user has logged-in again successfully after the token was requested.
* Original avatarcontroller migrated to the appframework
* Added DataDisplayResponse that show data inline in the browser (used
to retrun the image)
* Removed some unneeded code
* Added unit tests for the avatarcontroller
Warn for password reset when files_encryption is enabled
This patch wil warn the user of the consequences when resetting the password and requires checking a checkbox (as we had in the past) to reset a password.
Furthermore I updated the code to use our new classes and added some unit tests for it :dancers:
Fixes https://github.com/owncloud/core/issues/11438