aboutsummaryrefslogtreecommitdiffstats
path: root/core/Controller/LoginController.php
Commit message (Collapse)AuthorAgeFilesLines
* Applies agreed-upon indentation convention to the changed controllers.Faraz Samapoor2023-06-161-13/+15
| | | | | | Based on https://github.com/nextcloud/server/pull/38636#discussion_r1218167753 Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>
* Fixes psalm error.Faraz Samapoor2023-06-161-2/+2
| | | | Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>
* Fixes php-cs-fixer error.Faraz Samapoor2023-06-161-1/+0
| | | | Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>
* Refactors controllers by using PHP8's constructor property promotion.Faraz Samapoor2023-06-161-35/+11
| | | | Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>
* Refactors "strpos" calls in /core to improve code readability.Faraz Samapoor2023-06-021-1/+1
| | | | Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>
* Use implementations instead of interfaces for accessing private methodsjld31032023-03-301-1/+1
| | | | Signed-off-by: jld3103 <jld3103yt@gmail.com>
* Send header to all browsers under HTTPSGit'Fellow2023-03-261-2/+2
| | | | | | | | | | | | Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com> Don't send Clear-Site-Data to Safari Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com> Fix lint Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
* fix the login log entrySimon L2023-01-301-2/+2
| | | | Signed-off-by: Simon L <szaimen@e.mail.de>
* feat(app-framework): Add UseSession attribute to replace annotationChristoph Wurst2023-01-271-4/+5
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* feat(app framework)!: Inject services into controller methodsChristoph Wurst2023-01-181-11/+3
| | | | | | | | | | | | | | | Usually Nextcloud DI goes through constructor injection. This has the implication that each instance of a class builds the full DI tree. That is the injected services, their services, etc. Occasionally there is a service that is only needed for one controller method. Then the DI tree is build regardless if used or not. If services are injected into the method, we only build the DI tree if that method gets executed. This is also how Laravel allows injection. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix login loop if login CSRF fails and user is not logged inChristoph Wurst2023-01-181-4/+16
| | | | | | | | | | If CSRF fails but the user is logged in that they probably logged in in another tab. This is fine. We can just redirect. If CSRF fails and the user is also not logged in then something is fishy. E.g. because Nextcloud contantly regenrates the session and the CSRF token and the user is stuck in an endless login loop. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Also limit the password length on resetJoas Schilling2023-01-031-1/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* chore: Make the LoginController strictChristoph Wurst2022-12-151-1/+4
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix wording of undeliverable push notificationsJoas Schilling2022-08-311-1/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Redesign guest pages for better accessibilityCarl Schwan2022-07-271-0/+1
| | | | | | | - Use white box and put content on it - Improve focus indicator Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* Identify the login page explicitly by the page titleChristopher Ng2022-07-201-1/+5
| | | | Signed-off-by: Christopher Ng <chrng8@gmail.com>
* Update core to PHP 7.4 standardCarl Schwan2022-05-201-31/+12
| | | | | | | - Typed properties - Port to LoggerInterface Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* add check isFairUseOfFreePushService on loginVitor Mattos2021-10-231-1/+17
| | | | Signed-off-by: Vitor Mattos <vitor@php.rio>
* Deprecate RedirectToDefaultAppResponseDaniel Rudolf2021-07-011-3/+2
| | | | Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
* Add IUrlGenerator::linkToDefaultPageUrl()Daniel Rudolf2021-06-301-3/+3
| | | | | | Replaces the deprecated \OC_Util::getDefaultPageUrl() and makes this API public. Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
* Update php licensesJohn Molakvoæ (skjnldsv)2021-06-041-2/+1
| | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* Handle device login like an alternative loginJoas Schilling2021-04-201-0/+3
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Allow admins to disable the login formRoeland Jago Douma2021-03-081-0/+2
| | | | | | | | | In case they want to not allow this because they use SSO (and do not want the users to enter their credentials there by accident). ?direct=1 still works. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Bump nextcloud/coding-standard from 0.3.0 to 0.5.0dependabot-preview[bot]2021-02-181-1/+1
| | | | | | | | | | Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 0.3.0 to 0.5.0. - [Release notes](https://github.com/nextcloud/coding-standard/releases) - [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md) - [Commits](https://github.com/nextcloud/coding-standard/compare/v0.3.0...v0.5.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Keep direct login active when redirectingJulius Härtl2021-02-011-1/+1
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Do not redirect to logout after loginRoeland Jago Douma2021-01-151-1/+4
| | | | | | | This can happen when the session was killed due to a timeout. Then logout was triggered. Nobody wants to login only to be logged out again. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Update license headers for 19Christoph Wurst2020-04-291-0/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Merge pull request #20401 from nextcloud/fix/login-sso-redirctRoeland Jago Douma2020-04-151-1/+1
|\ | | | | Fix absolute redirect
| * Fix absolute redirectJohn Molakvoæ (skjnldsv)2020-04-101-1/+1
| | | | | | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* | Add visibility to all constantsChristoph Wurst2020-04-101-2/+2
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Format control structures, classes, methods and functionChristoph Wurst2020-04-101-1/+0
|/ | | | | | | | | | | | | | | To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Start with webauthnRoeland Jago Douma2020-03-311-1/+8
| | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>
* Merge pull request #17784 from nextcloud/enh/disable-clear-site-data-via-configRoeland Jago Douma2019-12-121-2/+6
|\ | | | | Disable Clear-Site-Data for Chrom* (and Opera, Brave, etc)
| * Send Clear-Site-Data expect for ChromeDaniel Kesselberg2019-11-301-2/+6
| | | | | | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* | Update license headersChristoph Wurst2019-12-051-8/+6
|/ | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Trim the login nameChristoph Wurst2019-11-281-1/+1
| | | | | | | | | | | | | | Otherwise we keep on using it with leading or trailing whitespaces for app tokens and other logic. The reason this doesn't throw an error immediately with local users is that (My)SQL compares strings regardless of their padding by default. So we look up 'uid ' and get the row for the user 'uid'. Other back-ends will lead to a hard error, though, and the user is unable to log out as all request fail. Ref https://stackoverflow.com/a/10495807/2239067 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Don't send executionContexts for Clear-Site-DataDaniel Kesselberg2019-07-091-1/+1
| | | | | | | | | | There are plans to remove executionContexts from the spec: https://github.com/w3c/webappsec-clear-site-data/issues/59 Firefox already removed it https://bugzilla.mozilla.org/show_bug.cgi?id=1548034 Chromium implementation is not finish: https://bugs.chromium.org/p/chromium/issues/detail?id=898503&q=clear-site-data&sort=-modified&colspec=ID%20Pri%20M%20Stars%20ReleaseBlock%20Component%20Status%20Owner%20Summary%20OS%20Modified Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Vueify the login pageChristoph Wurst2019-05-291-54/+71
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add a login chain to reduce the complexity of LoginController::tryLoginChristoph Wurst2019-05-071-126/+37
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Do not do redirect handling when loggin outRoeland Jago Douma2019-02-061-1/+3
| | | | | | | | | | | | | Fixes #12568 Since the clearing of the execution context causes another reload. We should not do the redirect_uri handling as this results in redirecting back to the logout page on login. This adds a simple middleware that will just check if the ClearExecutionContext session variable is set. If that is the case it will just redirect back to the login page. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Clears the local storage after logoutMichael Weimann2019-01-291-1/+4
| | | | Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
* Honor remember_login_cookie_lifetimeRoeland Jago Douma2019-01-231-1/+8
| | | | | | | | | | | | If the remember_login_cookie_lifetime is set to 0 this means we do not want to use remember me at all. In that case we should also not creatae a remember me cookie and should create a proper temp token. Further this specifies that is not 0 the remember me time should always be larger than the session timeout. Because else the behavior is not really defined. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Respect the disabled setting for lost_password_linkRoeland Jago Douma2018-11-201-1/+3
| | | | | | | | Fixes #11146 As documented when it is set to disabled the user can't request a lost password. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* added possibility to disable autocomplete in login formRayn0r2018-10-301-0/+8
| | | | Signed-off-by: Rayn0r <Andre.Weidemann@web.de>
* Remove cookies from Clear-Site-Data HeaderPatrick Conrad2018-10-151-1/+1
| | | | | | | | | | | | | In https://github.com/nextcloud/server/commit/2f87fb6b456fd109c90a5093c31b7a3f62a32040 this header was introduced. The referenced documentation says: > When delivered with a response from https://example.com/clear, the following header will cause cookies associated with the origin https://example.com to be cleared, as well as cookies on any origin in the same registered domain (e.g. https://www.example.com/ and https://more.subdomains.example.com/). This also applies if `https://nextcloud.example.com/` sends the `Clear-Site-Data: "cookies"` header. This is not the behavior we want at this point! So I removed the deletion of cookies from the header. This has no effect on the logout process as this header is supported only recently and the logout works in old browsers as well. Signed-off-by: Patrick Conrad <conrad@iza.org>
* Merge pull request #10898 from ↵Morris Jobke2018-10-081-1/+1
|\ | | | | | | | | nextcloud/feature/10684/default-logo-color-theme-colors Switches the default logo color depending on the primary color
| * Moves the logo files to logoMichael Weimann2018-10-021-1/+1
| | | | | | | | Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
* | Update all the publickey tokens if needed on web loginRoeland Jago Douma2018-10-021-0/+1
|/ | | | | | | | | | * On weblogin check if we have invalid public key tokens * If so update them all with the new token This ensures that your marked as invalid tokens work again if you once login on the web. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Fix max length requirements for the throttler metadataChristoph Wurst2018-08-131-1/+1
| | | | | | | | | If a failed login is logged, we save the username as metadata in the bruteforce throttler. To prevent database error due to very long strings, this truncates the username at 64 bytes in the assumption that no real username is longer than that.long strings, Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Rename providerset method to get primary providersChristoph Wurst2018-08-081-1/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-24 05:45:47 +0000