aboutsummaryrefslogtreecommitdiffstats
path: root/apps/dav/lib/Connector/Sabre/Auth.php
Commit message (Collapse)AuthorAgeFilesLines
* fix(dav): fallback realm for HTTP authenticationMichaIng2024-02-231-1/+1
| | | | | | | | | | By default, the name of the Nextcloud instance is an empty string, until changed by the admin. This leads to an empty realm sent with the WWW-Authenticate header, while the realm is mandatory for Basic HTTP authentication. Some clients have issues with an empty realm, e.g. Thunderbird cannot store passwords in this case. This commit applies "Nextcloud" as fallback for the realm, in case the name of the Nextcloud instance is not set. Solves: https://help.nextcloud.com/t/thunderbird-dont-save-caldav-password-because-of-missing-httprealm-or-formsubmiturl/93233 Signed-off-by: MichaIng <micha@dietpi.com>
* chore: apply changes from Nextcloud coding standards 1.1.1Joas Schilling2023-11-231-6/+6
| | | | | Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
* techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25Joas Schilling2023-08-281-3/+3
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* fix!: Remove legacy event dispatching Symfony's GenericEvent from 2FA ManagerJoas Schilling2023-07-271-1/+0
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* fix(dav): Abort requests with 429 instead of waitingJoas Schilling2023-05-031-0/+6
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* perf(dav): Do not call general setupFS on ever dav authJulius Härtl2023-02-091-3/+0
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Fix more psalm issuesCarl Schwan2022-05-161-1/+1
| | | | Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* Cleanup davCarl Schwan2022-05-051-35/+12
| | | | | | | - Remove unused class AppEnabledPlugin - Add more type hinting when possible Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* Migrate dav application from ILogger to LoggerInterfaceCôme Chilliet2022-05-021-1/+2
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* dont setup full fs after dav authRobin Appelman2022-03-241-1/+0
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* Fix dav application tests and code for PHP 8.1Côme Chilliet2021-11-231-1/+1
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Update php licensesJohn Molakvoæ (skjnldsv)2021-06-041-2/+0
| | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* Update all license headers for Nextcloud 21Christoph Wurst2020-12-161-1/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add visibility to all constantsChristoph Wurst2020-04-101-1/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add visibility to all methods and position of static keywordChristoph Wurst2020-04-101-1/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Format control structures, classes, methods and functionChristoph Wurst2020-04-101-12/+10
| | | | | | | | | | | | | | | To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Update license headersChristoph Wurst2019-12-051-2/+4
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Some php-cs fixesRoeland Jago Douma2019-11-221-0/+1
| | | | | | | | | | | * Order the imports * No leading slash on imports * Empty line before namespace * One line per import * Empty after imports * Emmpty line at bottom of file Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* first check if the user is already logged in and then try to authenticate ↵Bjoern Schiessle2018-10-301-2/+3
| | | | | | via apache, this way we suppress wrong audit log messages about failed login attempts Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
* Simplify return statementMorris Jobke2018-02-131-2/+1
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Update license headersMorris Jobke2017-11-061-0/+1
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Use Bearer backend for SabreDAVLukas Reschke2017-05-181-12/+0
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Add basic implementation for OAuth 2.0 Authorization Code FlowLukas Reschke2017-05-181-0/+13
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Update comments to NextcloudMorris Jobke2017-04-111-1/+1
| | | | | | | * based on PR by @Ardinis * see #4311 Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Fix detection of the new iOS appJoas Schilling2017-02-101-4/+3
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* basic lockdown logicRobin Appelman2016-11-161-0/+1
| | | | Signed-off-by: Robin Appelman <icewind@owncloud.com>
* prevent infinite redirect loops if the there is no 2fa provider to passChristoph Wurst2016-08-241-1/+1
| | | | | | | This fixes infinite loops that are caused whenever a user is about to solve a 2FA challenge, but the provider app is disabled at the same time. Since the session value usually indicates that the challenge needs to be solved before we grant access we have to remove that value instead in this special case.
* Fix apps/Joas Schilling2016-07-211-1/+3
|
* Implement brute force protectionLukas Reschke2016-07-201-1/+8
| | | | | | | | | Class Throttler implements the bruteforce protection for security actions in Nextcloud. It is working by logging invalid login attempts to the database and slowing down all login attempts from the same subnet. The max delay is 30 seconds and the starting delay are 200 milliseconds. (after the first failed login)
* Use the themed Defaults everywhereJoas Schilling2016-07-151-1/+1
|
* throw PasswordLoginForbidden on DAVChristoph Wurst2016-06-171-2/+2
|
* add PasswordLoginForbiddenExceptionChristoph Wurst2016-06-171-6/+13
|
* create session token on all APIsChristoph Wurst2016-06-131-2/+1
|
* Merge pull request #25046 from owncloud/fix-the-realmVincent Petry2016-06-101-0/+4
|\ | | | | Use the correct realm for basic authentication
| * Use the correct realm for basic authentication - fixes #23427Thomas Müller2016-06-091-0/+4
| |
* | Allow login by email address via webdav as well - fixes #24791Thomas Müller2016-06-091-2/+2
|/
* block DAV if 2FA challenge needs to be solved firstChristoph Wurst2016-06-011-1/+12
|
* Update license headersLukas Reschke2016-05-261-3/+3
|
* do not allow client password logins if token auth is enforced or 2FA is enabledChristoph Wurst2016-05-241-2/+1
|
* when generating browser/device token, save the login name for later password ↵Christoph Wurst2016-05-241-1/+1
| | | | checks
* Add two factor auth to coreChristoph Wurst2016-05-231-0/+1
|
* Move dav app to PSR-4 (#24527)Joas Schilling2016-05-121-0/+229
* Move Application to correct namespace and PSR-4 it * Move dav app to PSR-4
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-01 15:52:04 +0000