summaryrefslogtreecommitdiffstats
path: root/core/Controller
Commit message (Collapse)AuthorAgeFilesLines
* Login flow V2Roeland Jago Douma2019-02-251-0/+299
| | | | | | | | This adds the new login flow. The desktop client will open up a browser and poll a returned endpoint at regular intervals to check if the flow is done. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Emit event if app password createdDaniel Kesselberg2019-02-182-56/+18
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Publish activity for app token created by client login flowDaniel Kesselberg2019-02-171-1/+30
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Publish activity for app token created by ocs apiDaniel Kesselberg2019-02-171-2/+31
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Merge pull request #13969 from ↵Morris Jobke2019-02-072-13/+13
|\ | | | | | | | | nextcloud/enh/additional_scripts_no_on_public_pages No need to emit additonalscript event on public pages
| * Add StandaloneTemplateResponseRoeland Jago Douma2019-02-062-13/+13
| | | | | | | | | | | | | | This can be used by pages that do not have the full Nextcloud UI. So notifications etc do not load there. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Implement guest avatar endpointMichael Weimann2019-02-072-1/+107
| | | | | | | | Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
* | Do not do redirect handling when loggin outRoeland Jago Douma2019-02-061-1/+3
|/ | | | | | | | | | | | | Fixes #12568 Since the clearing of the execution context causes another reload. We should not do the redirect_uri handling as this results in redirecting back to the logout page on login. This adds a simple middleware that will just check if the ClearExecutionContext session variable is set. If that is the case it will just redirect back to the login page. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Merge pull request #13869 from ↵Roeland Jago Douma2019-01-291-2/+8
|\ | | | | | | | | nextcloud/enh/clean_pending_2fa_session_on_password_change Clean pending 2FA authentication on password reset
| * Clean pending 2FA authentication on password resetRoeland Jago Douma2019-01-291-2/+8
| | | | | | | | | | | | | | | | | | | | | | When a password is reste we should make sure that all users are properly logged in. Pending states should be cleared. For example a session where the 2FA code is not entered yet should be cleared. The token is now removed so the session will be killed the next time this is checked (within 5 minutes). Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Clears the local storage after logoutMichael Weimann2019-01-291-1/+4
|/ | | | Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
* Honor remember_login_cookie_lifetimeRoeland Jago Douma2019-01-231-1/+8
| | | | | | | | | | | | If the remember_login_cookie_lifetime is set to 0 this means we do not want to use remember me at all. In that case we should also not creatae a remember me cookie and should create a proper temp token. Further this specifies that is not 0 the remember me time should always be larger than the session timeout. Because else the behavior is not really defined. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Fix template paramterRoeland Jago Douma2019-01-181-1/+1
| | | | | | Else we get shown an error page instead of the correct 403. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Generic message on password resetRoeland Jago Douma2019-01-151-5/+11
| | | | | | There is no need to inform the user if the account existed or not. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Npmize (vendor) scriptsChristoph Wurst2019-01-091-2/+0
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix loginflow with apptoken enter on iOSRoeland Jago Douma2019-01-041-0/+12
| | | | | | | It seems iOS doesn't like us to change the location. So now we submit it to the server that geneartes the redirect. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Fix SAML Client login flow on Apple devicesRoeland Jago Douma2018-12-171-0/+1
| | | | | | | | | | | Because the redirect from the SAML/SSO endpoint is a POST the lax/strict cookies are not properly send. Note that it is not strictly requried on this endpoint as we do not need the remember me data. Only the real session info is enough. The endpoint is also already protected by a state token. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Remove redirect pageJohn Molakvoæ (skjnldsv)2018-11-291-28/+0
| | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* Respect the disabled setting for lost_password_linkRoeland Jago Douma2018-11-201-1/+3
| | | | | | | | Fixes #11146 As documented when it is set to disabled the user can't request a lost password. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Use the proper server for the apptoken flow loginRoeland Jago Douma2018-11-011-21/+23
| | | | | | | | | | | | | If a user can't authenticate normally (because they have 2FA that is not available on their devices for example). The redirect that is generated should be of the proper format. This means 1. Include the protocol 2. Include the possible subfolder Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* added possibility to disable autocomplete in login formRayn0r2018-10-301-0/+8
| | | | Signed-off-by: Rayn0r <Andre.Weidemann@web.de>
* Keep list of icons in a separate file for use in the accessibility appJulius Härtl2018-10-251-9/+9
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Merge pull request #11847 from iPaat/Fix/DeleteCookiesThroughClearSiteDataMorris Jobke2018-10-231-1/+1
|\ | | | | Remove cookies from Clear-Site-Data Header
| * Remove cookies from Clear-Site-Data HeaderPatrick Conrad2018-10-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | In https://github.com/nextcloud/server/commit/2f87fb6b456fd109c90a5093c31b7a3f62a32040 this header was introduced. The referenced documentation says: > When delivered with a response from https://example.com/clear, the following header will cause cookies associated with the origin https://example.com to be cleared, as well as cookies on any origin in the same registered domain (e.g. https://www.example.com/ and https://more.subdomains.example.com/). This also applies if `https://nextcloud.example.com/` sends the `Clear-Site-Data: "cookies"` header. This is not the behavior we want at this point! So I removed the deletion of cookies from the header. This has no effect on the logout process as this header is supported only recently and the logout works in old browsers as well. Signed-off-by: Patrick Conrad <conrad@iza.org>
* | Don't require Same Site Cookies on assetsThomas Citharel2018-10-173-0/+4
|/ | | | | | | | Which can be used for public iframe embeeding See https://github.com/nextcloud/calendar/issues/169 Signed-off-by: Thomas Citharel <tcit@tcit.fr>
* Merge pull request #10898 from ↵Morris Jobke2018-10-082-5/+2
|\ | | | | | | | | nextcloud/feature/10684/default-logo-color-theme-colors Switches the default logo color depending on the primary color
| * Refactors the scss svg functionsMichael Weimann2018-10-021-3/+1
| | | | | | | | Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
| * Moves the logo files to logoMichael Weimann2018-10-022-4/+3
| | | | | | | | Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
* | Add an endppoint for clients to request an app passwordRoeland Jago Douma2018-10-031-0/+108
| | | | | | | | | | | | | | | | Now that we allow enforcing 2 factor auth it make sense if we also allow and endpoint where the clients can in the background fetch an apppassword if they were configured before the login flow was present. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Update all the publickey tokens if needed on web loginRoeland Jago Douma2018-10-021-0/+1
|/ | | | | | | | | | * On weblogin check if we have invalid public key tokens * If so update them all with the new token This ensures that your marked as invalid tokens work again if you once login on the web. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Merge pull request #10743 from ↵blizzz2018-09-131-9/+12
|\ | | | | | | | | danielkesselberg/bugfix/noid/allow-password-reset-for-duplicate-email Enable password reset for user with same email address when only one is active
| * Enable password reset for user with same email address when only one is activeDaniel Kesselberg2018-08-191-9/+12
| | | | | | | | | | | | | | | | | | When two or more user share the same email address its not possible to reset password by email. Even when only one account is active. This pr reduce list of users returned by getByEmail by disabled users. Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* | Do not invalidate main token on OAuthRoeland Jago Douma2018-09-061-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #10584 We deleted the main token when using the login flow else mutliple tokens would show up for a single user. However in the case of OAuth this is perfectly fine as the authentication happens really in your browser: 1. You are already logged in, no need to log you out 2. You are not logged in yet, but since you log in into the exact same browser the expected behavior is to stay logged in. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Change password expiration time from 12h to 7dMorris Jobke2018-08-311-1/+1
| | | | | | | | | | | | We use the same logic for creating accounts without a password and there the 12h is a bit short. Users don't expect that the signup link needs to be clicked within 12h - 7d should be a more expected behavior. Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* | Merge pull request #10670 from nextcloud/fix/login-throttle-username-lengthMorris Jobke2018-08-241-1/+1
|\ \ | |/ |/| Fix max length requirements for the throttler metadata
| * Fix max length requirements for the throttler metadataChristoph Wurst2018-08-131-1/+1
| | | | | | | | | | | | | | | | | | If a failed login is logged, we save the username as metadata in the bruteforce throttler. To prevent database error due to very long strings, this truncates the username at 64 bytes in the assumption that no real username is longer than that.long strings, Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | only warn about data lose on password reset if per-user keys are usedBjoern Schiessle2018-08-151-1/+10
|/ | | | Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
* Rename providerset method to get primary providersChristoph Wurst2018-08-081-1/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix login redirection if only one 2FA provider is activeChristoph Wurst2018-08-081-1/+1
| | | | | | Fixes https://github.com/nextcloud/server/issues/10500. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Make the info available if the avatar was uploaded or generatedJoas Schilling2018-08-011-5/+6
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Merge pull request #10391 from ↵Morris Jobke2018-07-251-1/+2
|\ | | | | | | | | nextcloud/bugfix/10389/fix-app-navigation-controller Fix app navigation controller to return an array
| * Fix app navigation controller to return an arrayJulius Härtl2018-07-251-1/+2
| | | | | | | | | | | | This is required to not break compatibility with existing consumers of that endpoint like the apps management or the client Signed-off-by: Julius Härtl <jus@bitgrid.net>
* | Allow to access SVGs as guestJoas Schilling2018-07-251-3/+3
|/ | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Implements handling for deactivated usersMichael Weimann2018-07-211-25/+84
| | | | Signed-off-by: Michael Weimann <mail@michael-weimann.eu>
* Php code bumpJohn Molakvoæ (skjnldsv)2018-07-191-5/+13
| | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* Fix settings icon fetchingJulius Härtl2018-07-191-1/+1
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Fixed svg generator regex && added missing iconsJohn Molakvoæ (skjnldsv)2018-07-191-1/+1
| | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* Fixed icons detection and cachingJohn Molakvoæ (skjnldsv)2018-07-191-10/+4
| | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* Mixin scss icon apiJohn Molakvoæ (skjnldsv)2018-07-191-1/+7
| | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* use built in response cacheFor functionJohn Molakvoæ (skjnldsv)2018-07-191-1/+1
| | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-29 14:43:47 +0000