Christoph Wurst
d907666232
bring back remember-me
* try to reuse the old session token for remember me login
* decrypt/encrypt token password and set the session id accordingly
* create remember-me cookies only if checkbox is checked and 2fa solved
* adjust db token cleanup to store remembered tokens longer
* adjust unit tests
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
7 years ago
Roeland Jago Douma
b05fe45d52
Fix avatar on exif rotated images
Fixes #1928
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
7 years ago
Lukas Reschke
015affb082
Missing returns + autoloader file
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
7 years ago
Roeland Jago Douma
d5589a15d5
Move oc.js to a proper class
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
7 years ago
Joas Schilling
656e3f7a24
Check the mimetype before reading the content and catch exception
Signed-off-by: Joas Schilling <coding@schilljs.com>
7 years ago
Joas Schilling
a1e4b17ff4
Remove unused endpoint
Signed-off-by: Joas Schilling <coding@schilljs.com>
7 years ago
Joas Schilling
877cb06bfe
Use magic DI for core controllers
Signed-off-by: Joas Schilling <coding@schilljs.com>
7 years ago
Joas Schilling
7c0951244a
Deprecate getEditionString()
7 years ago
Roeland Jago Douma
6740c627b8
Move AvatarController over to FileDisplayResponse
7 years ago
Christoph Wurst
8acb734854
add 2fa backup codes app
* add backup codes app unit tests
* add integration tests for the backup codes app
7 years ago
Christoph Wurst
0a0c7a9b92
redirect to default app after solving the 2FA challenge
7 years ago
Roeland Jago Douma
14136295b7
Cache avatars properly
* Set proper caching headers for avatars (15 minutes)
* For our own avatar use some extra logic to invalidate when we update
7 years ago
Roeland Jago Douma
b1a090f357
AvatarController use proper JSONResponse
* Do not rely on DataResponse magic. We want JSON so use JSON
* Fix tests
7 years ago
Roeland Jago Douma
f6423f74e3
Minor cleanup in core Controllers
7 years ago
Roeland Jago Douma
c0ed865ab2
UserController does not require Defaults
7 years ago
Christoph Wurst
291dd0bd31
redirect to 2fa provider if there's only one active for the user
7 years ago
Roeland Jago Douma
2f03853fb9
AvatarController cleanup
* Use all DI components
* Let the AppFramework resolve the AvatarController
* Update unit tests
* Unit tests no longer require DB
7 years ago
Joas Schilling
736e884e9a
Move the reset token to core app
7 years ago
Joas Schilling
139fb8de94
Remove "password reset token" after successful login
7 years ago
Roeland Jago Douma
0963397cb8
we are Nextcloud :)
8 years ago
Roeland Jago Douma
6bc1c6590c
Move /config over to Core OCSController
8 years ago
Roeland Jago Douma
0cb8f74cd1
Delete IE8 support in the avatar controller
8 years ago
Lukas Reschke
9ca25e857c
Redirect users when already logged-in on login form
8 years ago
Roeland Jago Douma
9544c97ffe
Fix Core's OCSController response
8 years ago
Thomas Müller
4cf2f97a16
Add missing array element - fixes #25714
8 years ago
Roeland Jago Douma
69da896785
Move /cloud/user to Core app
8 years ago
Roeland Jago Douma
02449c8336
Move getCapabilities over to Core
8 years ago
Roeland Jago Douma
575875e8d0
Allow OCS routes in Core and Settings
8 years ago
Damjan Georgievski
4d559267bd
SetupController should use \OC::$configDir too
8 years ago
Bjoern Schiessle
4ecd16c555
Redirect to default page after login
8 years ago
Joas Schilling
0215b004da
Update with robin
8 years ago
Joas Schilling
ba87db3fcc
Fix others
8 years ago
Lukas Reschke
c1589f163c
Mitigate race condition
8 years ago
Lukas Reschke
ba4f12baa0
Implement brute force protection
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.
It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
8 years ago
Joas Schilling
2c988ecbf4
Use the themed Defaults everywhere
8 years ago
Morris Jobke
2791b8f00d
Revert "occ web executor (#24957)"
This reverts commit 854352d9a0
.
8 years ago
VicDeo
854352d9a0
occ web executor (#24957)
* Initial web executor
* Fix PHPDoc
Fix broken integration test
OccControllerTests do not require database access - moch them all!
Kill unused sprintf
8 years ago
Lukas Reschke
5fdde426eb
Add fancy layout
8 years ago
blizzz
51fd2602a7
Revert "Downstream 2016-06-08"
8 years ago
Thomas Müller
232d735893
Do not leak the login name - fixes #25047
8 years ago
Joas Schilling
7f88645eab
Allow to cancel 2FA after login
8 years ago
Christoph Wurst
60e15e934c
do not generate device token if 2FA is enable for user
8 years ago
Joas Schilling
3e3b326c85
Allow to cancel 2FA after login
8 years ago
Christoph Wurst
8f7a4aaa4d
do not generate device token if 2FA is enable for user
8 years ago
Christoph Wurst
5e71d23ded
remember redirect_url when solving the 2FA challenge
8 years ago
Lukas Reschke
aba539703c
Update license headers
8 years ago
Christoph Wurst
ad10485cec
when generating browser/device token, save the login name for later password checks
8 years ago
Christoph Wurst
a0ccebfdcb
generate device token for UID, not login name
fixes #24785
8 years ago
Christoph Wurst
4128b853e5
login explicitly
8 years ago
Joas Schilling
5c063cf7c9
Allow opening the password reset link in a new window when its a URL
8 years ago