summaryrefslogtreecommitdiffstats
path: root/core/Controller/TwoFactorChallengeController.php
Commit message (Collapse)AuthorAgeFilesLines
* Merge pull request #27733 from ↵Julius Härtl2021-10-051-3/+2
|\ | | | | | | PhrozenByte/enhancement/noid/IURLGenerator-linkToDefaultPageUrl
| * Deprecate RedirectToDefaultAppResponseDaniel Rudolf2021-07-011-2/+1
| | | | | | | | Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
| * Add IUrlGenerator::linkToDefaultPageUrl()Daniel Rudolf2021-06-301-3/+3
| | | | | | | | | | | | Replaces the deprecated \OC_Util::getDefaultPageUrl() and makes this API public. Signed-off-by: Daniel Rudolf <github.com@daniel-rudolf.de>
* | Merge pull request #27294 from pjft/patch-2Christoph Wurst2021-08-191-1/+10
|\ \ | |/ |/| Update TwoFactorChallengeController.php
| * Add logging to 2FA failurepjft2021-06-211-1/+10
| | | | | | | | | | | | | | | | For security reasons, we may want to monitor failures of 2FA challenges in order to ban attackers who might try to access compromised accounts but are stopped by the 2FA challenge. Right now, the only hindrance is rate-limiting, but it's probably not enough. Added dependency injection. Signed-off-by: pjft <paulo.j.tavares@gmail.com>
* | Update php licensesJohn Molakvoæ (skjnldsv)2021-06-041-1/+0
|/ | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* Bump nextcloud/coding-standard from 0.3.0 to 0.5.0dependabot-preview[bot]2021-02-181-1/+1
| | | | | | | | | | Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 0.3.0 to 0.5.0. - [Release notes](https://github.com/nextcloud/coding-standard/releases) - [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md) - [Commits](https://github.com/nextcloud/coding-standard/compare/v0.3.0...v0.5.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Format control structures, classes, methods and functionChristoph Wurst2020-04-101-1/+0
| | | | | | | | | | | | | | | To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Update license headersChristoph Wurst2019-12-051-2/+2
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Harden middleware checkRoeland Jago Douma2019-10-251-0/+3
| | | | | | | These annotations will allow for extra checks. And thus make it harder to break things. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Allow 2FA to be setup on first loginRoeland Jago Douma2019-05-171-0/+67
| | | | | | | | | Once 2FA is enforced for a user and they have no 2FA setup yet this will now prompt them with a setup screen. Given that providers are enabled that allow setup then. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add StandaloneTemplateResponseRoeland Jago Douma2019-02-061-5/+5
| | | | | | | This can be used by pages that do not have the full Nextcloud UI. So notifications etc do not load there. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Make 2FA providers statefulChristoph Wurst2018-06-201-4/+25
| | | | | | | | | | | This adds persistence to the Nextcloud server 2FA logic so that the server knows which 2FA providers are enabled for a specific user at any time, even when the provider is not available. The `IStatefulProvider` interface was added as tagging interface for providers that are compatible with this new API. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Update license headersMorris Jobke2017-11-061-1/+3
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Merge pull request #6177 from nextcloud/properly-add-slo-urlMorris Jobke2017-08-261-4/+4
|\ | | | | Properly allow \OCP\Authentication\IApacheBackend to specify logout URL
| * Inject \OCP\IURLGenerator to make tests workLukas Reschke2017-08-181-1/+1
| | | | | | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
| * Properly allow \OCP\Authentication\IApacheBackend to specify logout URLLukas Reschke2017-08-181-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Any `\OCP\Authentication\IApacheBackend` previously had to implement `getLogoutAttribute` which returns a string. This string is directly injected into the logout `<a>` tag, so returning something like `href="foo"` would result in `<a href="foo">`. This is rather error prone and also in Nextcloud 12 broken as the logout entry has been moved with 054e161eb5f4a5c5c13ee322ae8e93ce66f01b13 inside the navigation manager where one cannot simply inject attributes. Thus this feature is broken in Nextcloud 12 which effectively leads to the bug described at nextcloud/user_saml#112, people cannot logout anymore when using SAML using SLO. Basically in case of SAML you have a SLO url which redirects you to the IdP and properly logs you out there as well. Instead of monkey patching the Navigation manager I decided to instead change `\OCP\Authentication\IApacheBackend` to use `\OCP\Authentication\IApacheBackend::getLogoutUrl` instead where it can return a string with the appropriate logout URL. Since this functionality is only prominently used in the SAML plugin. Any custom app would need a small change but I'm not aware of any and there's simply no way to fix this properly otherwise. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* | Allow 2FA providers to specify their custom CSPChristoph Wurst2017-08-261-1/+7
|/ | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add rate limit to TOTP solve challenge controllerLukas Reschke2017-04-221-0/+2
| | | | | | Fixes https://github.com/nextcloud/server/issues/2626 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* fix coding style and increase code coverageChristoph Wurst2017-01-111-9/+7
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add a TwoFactorExceptionCornelius Kölbel2017-01-111-4/+19
| | | | | | | | | | | A Two Factor third party App may throw a TwoFactorException() with a more detailed error message in case the authentication fails. The 2FA Controller will then display the message of this Exception to the user. Working on #26593 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Set redirect_url on 2FA challenge pageChristoph Wurst2016-12-231-0/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* add 2fa backup codes appChristoph Wurst2016-09-051-0/+9
| | | | | * add backup codes app unit tests * add integration tests for the backup codes app
* redirect to default app after solving the 2FA challengeChristoph Wurst2016-08-301-2/+4
|
* Minor cleanup in core ControllersRoeland Jago Douma2016-08-291-1/+1
|
* Fix othersJoas Schilling2016-07-211-1/+3
|
* Allow to cancel 2FA after loginJoas Schilling2016-06-071-0/+9
|
* remember redirect_url when solving the 2FA challengeChristoph Wurst2016-06-011-5/+17
|
* Update license headersLukas Reschke2016-05-261-1/+0
|
* when generating browser/device token, save the login name for later password ↵Christoph Wurst2016-05-241-3/+3
| | | | checks
* Add two factor auth to coreChristoph Wurst2016-05-231-0/+134
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-10 14:36:45 +0000