Mirrors/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2024-07-29 20:15:55 +02:00
Code Issues Actions 34 Packages Projects Releases Wiki Activity
35,368 Commits 420 Branches 1,013 Tags 5 GiB
e74c527268
Commit Graph

38 Commits

Author SHA1 Message Date
Christoph Wurst
d907666232
bring back remember-me 
* try to reuse the old session token for remember me login
* decrypt/encrypt token password and set the session id accordingly
* create remember-me cookies only if checkbox is checked and 2fa solved
* adjust db token cleanup to store remembered tokens longer
* adjust unit tests

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2016-11-02 13:39:16 +01:00
Joas Schilling
877cb06bfe
Use magic DI for core controllers 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2016-09-30 10:00:26 +02:00
Morris Jobke
e341bde8b9 Merge pull request #1172 from nextcloud/core_cleanup 
Core controller cleanup
 2016-08-30 08:32:55 +02:00
Roeland Jago Douma
f6423f74e3
Minor cleanup in core Controllers 2016-08-29 21:52:09 +02:00
Christoph Wurst
291dd0bd31 redirect to 2fa provider if there's only one active for the user 2016-08-29 18:36:39 +02:00
Joas Schilling
736e884e9a
Move the reset token to core app 2016-08-23 15:01:38 +02:00
Joas Schilling
139fb8de94
Remove "password reset token" after successful login 2016-08-23 12:54:45 +02:00
Lukas Reschke
9ca25e857c
Redirect users when already logged-in on login form 2016-08-11 15:22:29 +02:00
Thomas Müller
4cf2f97a16
Add missing array element - fixes #25714 2016-08-10 11:11:23 +02:00
Bjoern Schiessle
4ecd16c555
Redirect to default page after login 2016-07-27 12:11:58 +02:00
Joas Schilling
ba87db3fcc
Fix others 2016-07-21 18:13:57 +02:00
Lukas Reschke
c1589f163c
Mitigate race condition 2016-07-20 23:09:27 +02:00
Lukas Reschke
ba4f12baa0
Implement brute force protection 
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.

It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
 2016-07-20 22:08:56 +02:00
Thomas Müller
232d735893
Do not leak the login name - fixes #25047 2016-06-09 16:44:31 +02:00
Christoph Wurst
5e71d23ded
remember redirect_url when solving the 2FA challenge 2016-06-01 14:43:47 +02:00
Vincent Petry
235f03da64 Merge pull request #24795 from owncloud/issue-24789-reset-password-link-new-window 
Allow opening the password reset link in a new window when its a URL
 2016-05-31 10:12:30 +02:00
Lukas Reschke
aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Christoph Wurst
ad10485cec
when generating browser/device token, save the login name for later password checks 2016-05-24 11:49:15 +02:00
Christoph Wurst
4128b853e5
login explicitly 2016-05-24 09:48:02 +02:00
Joas Schilling
5c063cf7c9
Allow opening the password reset link in a new window when its a URL 2016-05-24 09:23:25 +02:00
Christoph Wurst
dfb4d426c2
Add two factor auth to core 2016-05-23 11:21:10 +02:00
Christoph Wurst
e077d78ec9 Show login error message correctly (#24599) 2016-05-12 16:53:50 +02:00
Lukas Reschke
ee0ebd192a Use proper URL generation function (#24576) 
Fixes the redirection after login, otherwise `core/files/index` is opened which fails.
 2016-05-11 19:39:57 +02:00
Christoph Wurst
0486d750aa
use the UID for creating the session token, not the login name 2016-05-11 13:36:46 +02:00
Christoph Wurst
214aa6639c
fix login with email 2016-05-11 13:36:46 +02:00
Christoph Wurst
46bdf6ea2b
fix PHPDoc and other minor issues 2016-05-11 13:36:46 +02:00
Christoph Wurst
3ffa7d986a
show login error 2016-05-11 13:36:46 +02:00
Christoph Wurst
aa85edd224
increase token column width 
add some range to time() assertions
 2016-05-11 13:36:46 +02:00
Christoph Wurst
aafd660b97
fix LoginController unit tests 2016-05-11 13:36:46 +02:00
Christoph Wurst
7aa16e1559
fix setup 2016-05-11 13:36:46 +02:00
Christoph Wurst
fdc2cd7554
Add token auth for OCS APIs 2016-05-11 13:36:46 +02:00
Christoph Wurst
3ab922601a
Check if session token is valid and log user out if the check fails 
* Update last_activity timestamp of the session token
* Check user backend credentials once in 5 minutes
 2016-05-11 13:36:46 +02:00
Christoph Wurst
d8cde414bd
token based auth 
* Add InvalidTokenException
* add DefaultTokenMapper and use it to check if a auth token exists
* create new token for the browser session if none exists
hash stored token; save user agent
* encrypt login password when creating the token
 2016-05-11 13:36:46 +02:00
Lukas Reschke
8222ad5157
Move logout to controller 
Testable code. Yay.
 2016-04-18 21:21:52 +02:00
Lukas Reschke
d4a93893bb
Also check for an empty string 
PHP. Yay.
 2016-04-15 19:53:14 +02:00
Lukas Reschke
fee95084ae
Rename username to loginName 
UID and login name are two different things.
 2016-04-15 19:02:19 +02:00
Lukas Reschke
8a650a51be
Use !== instead of empty 
Users can be named null
 2016-04-15 18:57:11 +02:00
Lukas Reschke
331e4efacb
Move login form into controller 
First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is.
 2016-04-15 17:36:23 +02:00