summaryrefslogtreecommitdiffstats
path: root/core/Controller/LoginController.php
Commit message (Collapse)AuthorAgeFilesLines
* add check isFairUseOfFreePushService on loginVitor Mattos2021-10-231-1/+17
| | | | Signed-off-by: Vitor Mattos <vitor@php.rio>
* Deprecate RedirectToDefaultAppResponseDaniel Rudolf2021-07-011-3/+2
| | | | Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
* Add IUrlGenerator::linkToDefaultPageUrl()Daniel Rudolf2021-06-301-3/+3
| | | | | | Replaces the deprecated \OC_Util::getDefaultPageUrl() and makes this API public. Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
* Update php licensesJohn Molakvoæ (skjnldsv)2021-06-041-2/+1
| | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* Handle device login like an alternative loginJoas Schilling2021-04-201-0/+3
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Allow admins to disable the login formRoeland Jago Douma2021-03-081-0/+2
| | | | | | | | | In case they want to not allow this because they use SSO (and do not want the users to enter their credentials there by accident). ?direct=1 still works. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Bump nextcloud/coding-standard from 0.3.0 to 0.5.0dependabot-preview[bot]2021-02-181-1/+1
| | | | | | | | | | Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 0.3.0 to 0.5.0. - [Release notes](https://github.com/nextcloud/coding-standard/releases) - [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md) - [Commits](https://github.com/nextcloud/coding-standard/compare/v0.3.0...v0.5.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Keep direct login active when redirectingJulius Härtl2021-02-011-1/+1
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Do not redirect to logout after loginRoeland Jago Douma2021-01-151-1/+4
| | | | | | | This can happen when the session was killed due to a timeout. Then logout was triggered. Nobody wants to login only to be logged out again. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Update license headers for 19Christoph Wurst2020-04-291-0/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Merge pull request #20401 from nextcloud/fix/login-sso-redirctRoeland Jago Douma2020-04-151-1/+1
|\ | | | | Fix absolute redirect
| * Fix absolute redirectJohn Molakvoæ (skjnldsv)2020-04-101-1/+1
| | | | | | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* | Add visibility to all constantsChristoph Wurst2020-04-101-2/+2
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Format control structures, classes, methods and functionChristoph Wurst2020-04-101-1/+0
|/ | | | | | | | | | | | | | | To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Start with webauthnRoeland Jago Douma2020-03-311-1/+8
| | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>
* Merge pull request #17784 from nextcloud/enh/disable-clear-site-data-via-configRoeland Jago Douma2019-12-121-2/+6
|\ | | | | Disable Clear-Site-Data for Chrom* (and Opera, Brave, etc)
| * Send Clear-Site-Data expect for ChromeDaniel Kesselberg2019-11-301-2/+6
| | | | | | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* | Update license headersChristoph Wurst2019-12-051-8/+6
|/ | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Trim the login nameChristoph Wurst2019-11-281-1/+1
| | | | | | | | | | | | | | Otherwise we keep on using it with leading or trailing whitespaces for app tokens and other logic. The reason this doesn't throw an error immediately with local users is that (My)SQL compares strings regardless of their padding by default. So we look up 'uid ' and get the row for the user 'uid'. Other back-ends will lead to a hard error, though, and the user is unable to log out as all request fail. Ref https://stackoverflow.com/a/10495807/2239067 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Don't send executionContexts for Clear-Site-DataDaniel Kesselberg2019-07-091-1/+1
| | | | | | | | | | There are plans to remove executionContexts from the spec: https://github.com/w3c/webappsec-clear-site-data/issues/59 Firefox already removed it https://bugzilla.mozilla.org/show_bug.cgi?id=1548034 Chromium implementation is not finish: https://bugs.chromium.org/p/chromium/issues/detail?id=898503&q=clear-site-data&sort=-modified&colspec=ID%20Pri%20M%20Stars%20ReleaseBlock%20Component%20Status%20Owner%20Summary%20OS%20Modified Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Vueify the login pageChristoph Wurst2019-05-291-54/+71
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add a login chain to reduce the complexity of LoginController::tryLoginChristoph Wurst2019-05-071-126/+37
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Do not do redirect handling when loggin outRoeland Jago Douma2019-02-061-1/+3
| | | | | | | | | | | | | Fixes #12568 Since the clearing of the execution context causes another reload. We should not do the redirect_uri handling as this results in redirecting back to the logout page on login. This adds a simple middleware that will just check if the ClearExecutionContext session variable is set. If that is the case it will just redirect back to the login page. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Clears the local storage after logoutMichael Weimann2019-01-291-1/+4
| | | | Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
* Honor remember_login_cookie_lifetimeRoeland Jago Douma2019-01-231-1/+8
| | | | | | | | | | | | If the remember_login_cookie_lifetime is set to 0 this means we do not want to use remember me at all. In that case we should also not creatae a remember me cookie and should create a proper temp token. Further this specifies that is not 0 the remember me time should always be larger than the session timeout. Because else the behavior is not really defined. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Respect the disabled setting for lost_password_linkRoeland Jago Douma2018-11-201-1/+3
| | | | | | | | Fixes #11146 As documented when it is set to disabled the user can't request a lost password. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* added possibility to disable autocomplete in login formRayn0r2018-10-301-0/+8
| | | | Signed-off-by: Rayn0r <Andre.Weidemann@web.de>
* Remove cookies from Clear-Site-Data HeaderPatrick Conrad2018-10-151-1/+1
| | | | | | | | | | | | | In https://github.com/nextcloud/server/commit/2f87fb6b456fd109c90a5093c31b7a3f62a32040 this header was introduced. The referenced documentation says: > When delivered with a response from https://example.com/clear, the following header will cause cookies associated with the origin https://example.com to be cleared, as well as cookies on any origin in the same registered domain (e.g. https://www.example.com/ and https://more.subdomains.example.com/). This also applies if `https://nextcloud.example.com/` sends the `Clear-Site-Data: "cookies"` header. This is not the behavior we want at this point! So I removed the deletion of cookies from the header. This has no effect on the logout process as this header is supported only recently and the logout works in old browsers as well. Signed-off-by: Patrick Conrad <conrad@iza.org>
* Merge pull request #10898 from ↵Morris Jobke2018-10-081-1/+1
|\ | | | | | | | | nextcloud/feature/10684/default-logo-color-theme-colors Switches the default logo color depending on the primary color
| * Moves the logo files to logoMichael Weimann2018-10-021-1/+1
| | | | | | | | Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
* | Update all the publickey tokens if needed on web loginRoeland Jago Douma2018-10-021-0/+1
|/ | | | | | | | | | * On weblogin check if we have invalid public key tokens * If so update them all with the new token This ensures that your marked as invalid tokens work again if you once login on the web. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Fix max length requirements for the throttler metadataChristoph Wurst2018-08-131-1/+1
| | | | | | | | | If a failed login is logged, we save the username as metadata in the bruteforce throttler. To prevent database error due to very long strings, this truncates the username at 64 bytes in the assumption that no real username is longer than that.long strings, Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Rename providerset method to get primary providersChristoph Wurst2018-08-081-1/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix login redirection if only one 2FA provider is activeChristoph Wurst2018-08-081-1/+1
| | | | | | Fixes https://github.com/nextcloud/server/issues/10500. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Implements handling for deactivated usersMichael Weimann2018-07-211-25/+84
| | | | Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
* Make 2FA providers statefulChristoph Wurst2018-06-201-1/+1
| | | | | | | | | | | This adds persistence to the Nextcloud server 2FA logic so that the server knows which 2FA providers are enabled for a specific user at any time, even when the provider is not available. The `IStatefulProvider` interface was added as tagging interface for providers that are compatible with this new API. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Use proper typesRoeland Jago Douma2018-04-111-4/+1
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Avoid to leak a user ID that is not a string to reach a user backendMorris Jobke2018-04-111-0/+4
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Remove unused parameterRoeland Jago Douma2018-04-061-2/+1
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Fix testsRoeland Jago Douma2018-04-061-1/+2
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Always remember meRoeland Jago Douma2018-04-061-3/+1
| | | | | | Fixes #8004 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* don't try login with the same name that just failedArthur Schiwon2018-02-221-3/+5
| | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* Display message when connection is throttled on logi pageRoeland Jago Douma2018-01-151-4/+12
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Hide stay logged in checkbox when flow authentication is usedJulius Härtl2017-12-281-0/+1
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Update license headersMorris Jobke2017-11-061-1/+6
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Fix "Uninitialized string offset: 0 at ↵Lukas Reschke2017-09-071-6/+6
| | | | | | | | | | \/media\/psf\/stable9\/lib\/private\/URLGenerator.php#224" The URLGenerator doesn't support `` as target for absolute URLs, we need to link to `/` thus. Regression introduced with https://github.com/nextcloud/server/commit/46229a00f39e507249dbe3ceb7507277da3fa4f8 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Merge pull request #6196 from nextcloud/downstream-26539-2Morris Jobke2017-09-041-0/+1
|\ | | | | Handle invalid ext storage backend to keep mount point visible
| * Fix broken testsMorris Jobke2017-09-041-0/+1
| | | | | | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* | Add rich link preview to the login pageJulius Härtl2017-09-021-8/+22
|/ | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Add metadata to \OCP\AppFramework\Http\Response::throttleLukas Reschke2017-07-271-1/+1
| | | | | | Fixes https://github.com/nextcloud/server/issues/5891 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-24 06:10:07 +0000