summaryrefslogtreecommitdiffstats
path: root/core/Controller/LoginController.php
Commit message (Collapse)AuthorAgeFilesLines
* refactor(core): Make all attribute arguments namedprovokateurin2024-07-271-2/+2
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* refactor(core): Replace security annotations with respective attributesprovokateurin2024-07-261-12/+11
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* feat: don't count failed CSRF as failed login attemptBenjamin Gaussorgues2024-07-111-4/+12
| | | | Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
* chore: Add SPDX headerAndy Scherzinger2024-05-271-29/+3
| | | | Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
* fix: Apply new coding standard to all filesCôme Chilliet2024-04-021-2/+2
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* feat(login): Clear login form (password) after IDLE timeoutFerdinand Thiessen2024-03-251-24/+17
| | | | | | | | | For security reasons it is recommended to stop the login process at a defined time, this could prevent password leaks by e.g. user forgetting that they entered their password on public devices. Enforced e.g. by the BSI ORP.4.A13 rule. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* feat: Limit email input on auth pages to 255 charsfenn-cs2024-03-211-1/+12
| | | | | | | | | Excessively long emails reported make server unresponsive. We could at some point, consider adding a configuration for sysadmins to bypass this setting on their instance if they want. Signed-off-by: fenn-cs <fenn25.fn@gmail.com>
* feat: added login's initial possible email-statesEduardo Morales2024-03-101-0/+31
| | | | Signed-off-by: Eduardo Morales <emoral435@gmail.com>
* refactor(core): Switch to attribute based routingprovokateurin2024-02-211-0/+5
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* feat(core): Expose the confirm password endpointprovokateurin2024-02-201-1/+12
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* refactor: Migrate IgnoreOpenAPI attributes to OpenAPIprovokateurin2024-01-181-2/+2
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* Keep https check Gaspard d'Hautefeuille2024-01-051-1/+4
| | | | | | https://github.com/nextcloud/server/issues/41196 + keep https check Co-authored-by: Louis <louis@chmn.me> Signed-off-by: Gaspard d'Hautefeuille <github@dhautefeuille.eu>
* Cancel PR #37405, remove regression codeGaspard d'Hautefeuille2024-01-051-2/+2
| | | | Signed-off-by: Gaspard d'Hautefeuille <github@dhautefeuille.eu>
* chore: apply changes from Nextcloud coding standards 1.1.1Joas Schilling2023-11-231-5/+5
| | | | | Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
* fix: Show error message when CSRF check fails at loginChristoph Wurst2023-11-081-1/+2
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Reset BFP for sudo actionMarcel Müller2023-10-281-1/+2
| | | | Signed-off-by: Marcel Müller <marcel-mueller@gmx.de>
* techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25Joas Schilling2023-08-281-2/+2
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* core: Add OpenAPI specjld31032023-07-131-0/+3
| | | | Signed-off-by: jld3103 <jld3103yt@gmail.com>
* Applies agreed-upon indentation convention to the changed controllers.Faraz Samapoor2023-06-161-13/+15
| | | | | | Based on https://github.com/nextcloud/server/pull/38636#discussion_r1218167753 Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>
* Fixes psalm error.Faraz Samapoor2023-06-161-2/+2
| | | | Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>
* Fixes php-cs-fixer error.Faraz Samapoor2023-06-161-1/+0
| | | | Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>
* Refactors controllers by using PHP8's constructor property promotion.Faraz Samapoor2023-06-161-35/+11
| | | | Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>
* Refactors "strpos" calls in /core to improve code readability.Faraz Samapoor2023-06-021-1/+1
| | | | Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>
* Use implementations instead of interfaces for accessing private methodsjld31032023-03-301-1/+1
| | | | Signed-off-by: jld3103 <jld3103yt@gmail.com>
* Send header to all browsers under HTTPSGit'Fellow2023-03-261-2/+2
| | | | | | | | | | | | Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com> Don't send Clear-Site-Data to Safari Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com> Fix lint Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
* fix the login log entrySimon L2023-01-301-2/+2
| | | | Signed-off-by: Simon L <szaimen@e.mail.de>
* feat(app-framework): Add UseSession attribute to replace annotationChristoph Wurst2023-01-271-4/+5
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* feat(app framework)!: Inject services into controller methodsChristoph Wurst2023-01-181-11/+3
| | | | | | | | | | | | | | | Usually Nextcloud DI goes through constructor injection. This has the implication that each instance of a class builds the full DI tree. That is the injected services, their services, etc. Occasionally there is a service that is only needed for one controller method. Then the DI tree is build regardless if used or not. If services are injected into the method, we only build the DI tree if that method gets executed. This is also how Laravel allows injection. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix login loop if login CSRF fails and user is not logged inChristoph Wurst2023-01-181-4/+16
| | | | | | | | | | If CSRF fails but the user is logged in that they probably logged in in another tab. This is fine. We can just redirect. If CSRF fails and the user is also not logged in then something is fishy. E.g. because Nextcloud contantly regenrates the session and the CSRF token and the user is stuck in an endless login loop. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Also limit the password length on resetJoas Schilling2023-01-031-1/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* chore: Make the LoginController strictChristoph Wurst2022-12-151-1/+4
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix wording of undeliverable push notificationsJoas Schilling2022-08-311-1/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Redesign guest pages for better accessibilityCarl Schwan2022-07-271-0/+1
| | | | | | | - Use white box and put content on it - Improve focus indicator Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* Identify the login page explicitly by the page titleChristopher Ng2022-07-201-1/+5
| | | | Signed-off-by: Christopher Ng <chrng8@gmail.com>
* Update core to PHP 7.4 standardCarl Schwan2022-05-201-31/+12
| | | | | | | - Typed properties - Port to LoggerInterface Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* add check isFairUseOfFreePushService on loginVitor Mattos2021-10-231-1/+17
| | | | Signed-off-by: Vitor Mattos <vitor@php.rio>
* Deprecate RedirectToDefaultAppResponseDaniel Rudolf2021-07-011-3/+2
| | | | Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
* Add IUrlGenerator::linkToDefaultPageUrl()Daniel Rudolf2021-06-301-3/+3
| | | | | | Replaces the deprecated \OC_Util::getDefaultPageUrl() and makes this API public. Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
* Update php licensesJohn Molakvoæ (skjnldsv)2021-06-041-2/+1
| | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* Handle device login like an alternative loginJoas Schilling2021-04-201-0/+3
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Allow admins to disable the login formRoeland Jago Douma2021-03-081-0/+2
| | | | | | | | | In case they want to not allow this because they use SSO (and do not want the users to enter their credentials there by accident). ?direct=1 still works. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Bump nextcloud/coding-standard from 0.3.0 to 0.5.0dependabot-preview[bot]2021-02-181-1/+1
| | | | | | | | | | Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 0.3.0 to 0.5.0. - [Release notes](https://github.com/nextcloud/coding-standard/releases) - [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md) - [Commits](https://github.com/nextcloud/coding-standard/compare/v0.3.0...v0.5.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Keep direct login active when redirectingJulius Härtl2021-02-011-1/+1
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Do not redirect to logout after loginRoeland Jago Douma2021-01-151-1/+4
| | | | | | | This can happen when the session was killed due to a timeout. Then logout was triggered. Nobody wants to login only to be logged out again. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Update license headers for 19Christoph Wurst2020-04-291-0/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Merge pull request #20401 from nextcloud/fix/login-sso-redirctRoeland Jago Douma2020-04-151-1/+1
|\ | | | | Fix absolute redirect
| * Fix absolute redirectJohn Molakvoæ (skjnldsv)2020-04-101-1/+1
| | | | | | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* | Add visibility to all constantsChristoph Wurst2020-04-101-2/+2
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Format control structures, classes, methods and functionChristoph Wurst2020-04-101-1/+0
|/ | | | | | | | | | | | | | | To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Start with webauthnRoeland Jago Douma2020-03-311-1/+8
| | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-22 16:40:51 +0000