summaryrefslogtreecommitdiffstats
path: root/core/Controller
Commit message (Collapse)AuthorAgeFilesLines
* Mitigate race conditionLukas Reschke2016-07-201-1/+4
|
* Implement brute force protectionLukas Reschke2016-07-202-16/+29
| | | | | | | | | Class Throttler implements the bruteforce protection for security actions in Nextcloud. It is working by logging invalid login attempts to the database and slowing down all login attempts from the same subnet. The max delay is 30 seconds and the starting delay are 200 milliseconds. (after the first failed login)
* Use the themed Defaults everywhereJoas Schilling2016-07-151-5/+3
|
* Revert "occ web executor (#24957)"Morris Jobke2016-07-071-147/+0
| | | | This reverts commit 854352d9a064a1e469ede207493bce44fd41d96c.
* Merge remote-tracking branch 'upstream/master' into master-upstream-syncLukas Reschke2016-06-261-0/+147
|\
| * occ web executor (#24957)VicDeo2016-06-221-0/+147
| | | | | | | | | | | | | | | | | | | | | | | | * Initial web executor * Fix PHPDoc Fix broken integration test OccControllerTests do not require database access - moch them all! Kill unused sprintf
* | Merge branch 'master' of https://github.com/owncloud/core into downstream-160611Arthur Schiwon2016-06-111-2/+3
|\|
| * Do not leak the login name - fixes #25047Thomas Müller2016-06-091-2/+3
| |
| * Merge pull request #25011 from owncloud/issue-24745-allow-to-cancel-2faVincent Petry2016-06-081-0/+9
| |\ | | | | | | Allow to cancel 2FA after login
| | * Allow to cancel 2FA after loginJoas Schilling2016-06-071-0/+9
| | |
| * | do not generate device token if 2FA is enable for userChristoph Wurst2016-06-071-11/+25
| |/
* | Add fancy layoutLukas Reschke2016-06-091-1/+2
| |
* | Allow to cancel 2FA after loginJoas Schilling2016-06-091-0/+9
| |
* | do not generate device token if 2FA is enable for userChristoph Wurst2016-06-091-11/+25
|/
* remember redirect_url when solving the 2FA challengeChristoph Wurst2016-06-012-5/+22
|
* Merge pull request #24795 from ↵Vincent Petry2016-05-311-1/+2
|\ | | | | | | | | owncloud/issue-24789-reset-password-link-new-window Allow opening the password reset link in a new window when its a URL
| * Allow opening the password reset link in a new window when its a URLJoas Schilling2016-05-241-1/+2
| |
* | Update license headersLukas Reschke2016-05-267-9/+7
| |
* | Merge pull request #24735 from juliushaertl/passwordreset-invalidVincent Petry2016-05-251-15/+35
|\ \ | | | | | | Show error messages if a password reset link is invalid or expired
| * | Show error messages if a password reset link is invalid or expiredJulius Haertl2016-05-231-15/+35
| | | | | | | | | | | | | | | - Moved token validation to method checkPasswordResetToken - Render error with message from exceptions
* | | when generating browser/device token, save the login name for later password ↵Christoph Wurst2016-05-243-5/+5
| | | | | | | | | | | | checks
* | | generate device token for UID, not login nameChristoph Wurst2016-05-241-2/+3
| | | | | | | | | | | | fixes #24785
* | | login explicitlyChristoph Wurst2016-05-241-0/+3
| |/ |/|
* | Add two factor auth to coreChristoph Wurst2016-05-232-2/+148
|/
* Show login error message correctly (#24599)Christoph Wurst2016-05-121-1/+0
|
* Use proper URL generation function (#24576)Lukas Reschke2016-05-111-1/+1
| | | Fixes the redirection after login, otherwise `core/files/index` is opened which fails.
* use the UID for creating the session token, not the login nameChristoph Wurst2016-05-111-4/+4
|
* fix login with emailChristoph Wurst2016-05-111-1/+2
|
* fix PHPDoc and other minor issuesChristoph Wurst2016-05-112-4/+3
|
* show login errorChristoph Wurst2016-05-111-5/+12
|
* PHPDoc and other minor fixesChristoph Wurst2016-05-111-2/+4
|
* add unit tests for all new classesChristoph Wurst2016-05-111-3/+3
|
* increase token column widthChristoph Wurst2016-05-111-2/+1
| | | | add some range to time() assertions
* fix LoginController unit testsChristoph Wurst2016-05-111-1/+1
|
* fix setupChristoph Wurst2016-05-111-4/+11
|
* Add token auth for OCS APIsChristoph Wurst2016-05-112-3/+7
|
* Add index on 'last_activity'Christoph Wurst2016-05-111-2/+3
| | | | | | add token type column and delete only temporary tokens in the background job debounce token updates; fix wrong class import
* Add controller to generate client tokensChristoph Wurst2016-05-111-0/+82
|
* Check if session token is valid and log user out if the check failsChristoph Wurst2016-05-111-1/+0
| | | | | * Update last_activity timestamp of the session token * Check user backend credentials once in 5 minutes
* token based authChristoph Wurst2016-05-111-23/+52
| | | | | | | | * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token
* Move logout to controllerLukas Reschke2016-04-181-1/+23
| | | | Testable code. Yay.
* Also check for an empty stringLukas Reschke2016-04-151-4/+4
| | | | PHP. Yay.
* Rename `username` to `loginName`Lukas Reschke2016-04-151-4/+4
| | | | UID and login name are two different things.
* Use !== instead of emptyLukas Reschke2016-04-151-4/+4
| | | | Users can be named null
* Move login form into controllerLukas Reschke2016-04-151-0/+138
| | | | First step on getting the authorisation stuff cleaned up. This is only for the login form, all other stuff is still where it is.
* Rename files to be PSR-4 compliantLukas Reschke2016-04-064-0/+789
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-18 03:09:29 +0000