| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
| |
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
|
| |
|
|
|
|
| |
These hooks are only used in the Encryption app from what I can see.
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
|
| |
|
|
|
|
|
| |
- Typed properties
- Port to LoggerInterface
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
|
| |\
| |
| |
| |
| | |
nextcloud/fix/noid/guest-activation-pwd-reset-disabled
allow using of disabled password reset mechanism for special cases
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- LostController has three endpoints
- door opener email() still rejects
- resetform(), reachable from mail, checks the token first and may report
that password reset is disabled
- setPassword() got its check removed as it is behind CSFR anyway and still
requires a valid token
- this allows special cases like activating a freshly created guest account
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
|
| |/
|
|
|
|
| |
- also fixes the test which missed asserting the presence of it
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
|
| |
|
|
| |
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
|
| |
|
|
|
|
|
| |
- to make it reusable
- needed for local email verification
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
|
| |
|
|
| |
Signed-off-by: Gary Kim <gary@garykim.dev>
|
| |
|
|
| |
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
|
| |
|
|
| |
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
| |
|
|
| |
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.
This also removes and empty lines from method/function bodies at the
beginning and end.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
| |
|
|
| |
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
| |
|
|
| |
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
| |
|
|
| |
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
| |
|
|
| |
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
| |
|
|
| |
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
| |
|
|
|
|
|
|
|
|
|
| |
* Order the imports
* No leading slash on imports
* Empty line before namespace
* One line per import
* Empty after imports
* Emmpty line at bottom of file
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
| |
|
|
|
|
| |
Fix Argument 1 passed to OC\Security\Crypto::decrypt() must be of the type string, null given
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
|
| |\
| |
| | |
Add missing password reset page to vue
|
| | |
| |
| |
| | |
Signed-off-by: Julius Härtl <jus@bitgrid.net>
|
| |/
|
|
|
|
|
|
|
|
| |
There is no need to log the expcetion of most of the stuff here.
We should properly log them but an exception is excessive.
This moves it to a proper exception which we can catch and then log.
The other exceptions will still be fully logged.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
| |
|
|
| |
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
|
| |
|
|
|
|
|
|
|
|
|
| |
When a password is reste we should make sure that all users are properly
logged in. Pending states should be cleared. For example a session where
the 2FA code is not entered yet should be cleared.
The token is now removed so the session will be killed the next time
this is checked (within 5 minutes).
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
| |
|
|
|
|
| |
There is no need to inform the user if the account existed or not.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
| |\
| |
| |
| |
| | |
danielkesselberg/bugfix/noid/allow-password-reset-for-duplicate-email
Enable password reset for user with same email address when only one is active
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
When two or more user share the same email address its not possible to
reset password by email. Even when only one account is active.
This pr reduce list of users returned by getByEmail by disabled users.
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
|
| |/
|
|
|
|
| |
We use the same logic for creating accounts without a password and there the 12h is a bit short. Users don't expect that the signup link needs to be clicked within 12h - 7d should be a more expected behavior.
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
| |
|
|
| |
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
|
| |
|
|
| |
Signed-off-by: Robin Appelman <robin@icewind.nl>
|
| |
|
|
|
|
| |
Fix nextcloud/password_policy#26
Signed-off-by: Rémy Jacquin <remy@remyj.fr>
|
| |
|
|
| |
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
| |
|
|
|
|
| |
where appropriate, the preLoginNameUsedAsUserName hook should be thrown.
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
|
| |
|
|
| |
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
| |
|
|
| |
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
| |
|
|
| |
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
| |
|
|
|
|
| |
This ensures that the meta data is set in the beginning
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
| |
|
|
| |
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
| |
|
|
| |
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
| |
|
|
| |
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
| |
|
|
| |
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
| |\
| |
| | |
Remove unused use statements
|
| | |
| |
| |
| | |
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
| |/
|
|
| |
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
|
| |
|
|
|
|
|
| |
* fixes #4383
* improves consistency
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
| |
|
|
|
|
|
| |
- Moves code to annotation
- Adds the `throttle()` call on the responses on existing annotations
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
|
| |\
| |
| | |
Update email template for lost password email
|
| | |
| |
| |
| | |
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
| |/
|
|
|
|
|
|
|
|
|
|
|
| |
This allows adding rate limiting via annotations to controllers, as one example:
```
@UserRateThrottle(limit=5, period=100)
@AnonRateThrottle(limit=1, period=100)
```
Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
|
