summaryrefslogtreecommitdiffstats
path: root/core/Controller
Commit message (Collapse)AuthorAgeFilesLines
* Make BruteForceProtection annotation more cleverLukas Reschke2017-04-131-25/+11
| | | | | | | | This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware. Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Merge pull request #4308 from nextcloud/lost-password-emailLukas Reschke2017-04-131-4/+18
|\ | | | | Update email template for lost password email
| * Update email template for lost password emailMorris Jobke2017-04-121-4/+18
| | | | | | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* | Merge pull request #2424 from ↵Morris Jobke2017-04-131-1/+4
|\ \ | | | | | | | | | | | | nextcloud/fix-login-controller-test-consolidate-login Fix login controller test and consolidate login
| * | do login routine only once when done via LoginControllerArthur Schiwon2017-04-061-1/+1
| | | | | | | | | | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
| * | fix login controller testsArthur Schiwon2017-04-061-0/+3
| | | | | | | | | | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | | Add support for ratelimiting via annotationsLukas Reschke2017-04-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows adding rate limiting via annotations to controllers, as one example: ``` @UserRateThrottle(limit=5, period=100) @AnonRateThrottle(limit=1, period=100) ``` Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* | | Merge pull request #3043 from nextcloud/issue-3038-no-logentry-on-email-loginMorris Jobke2017-04-131-2/+10
|\ \ \ | |_|/ |/| | Dont create a log entry on email login
| * | Dont create a log entry on email loginJoas Schilling2017-04-071-2/+10
| |/ | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* / Move OC_Defaults to OCP\DefaultsMorris Jobke2017-04-092-5/+7
|/ | | | | | | | | | | | | * currently there are two ways to access default values: OCP\Defaults or OC_Defaults (which is extended by OCA\Theming\ThemingDefaults) * our code used a mixture of both of them, which made it hard to work on theme values * this extended the public interface with the missing methods and uses them everywhere to only rely on the public interface Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Merge pull request #4123 from nextcloud/allow-password-reset-with-emailRoeland Jago Douma2017-04-051-13/+26
|\ | | | | Allow to reset the password with the email as an input
| * Allow to reset the password with the email as an inputJoas Schilling2017-03-281-13/+26
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | Fix gzip files for SafariMorris Jobke2017-03-292-2/+2
| | | | | | | | | | | | | | * Safari support gzip only if the filename does not end on .gz - so this renames them to .gzip Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* | Allow to gzip CSS/JS filesRoeland Jago Douma2017-03-282-4/+60
|/ | | | | | | | | | Since in production the SCSS files are compiled once and the javascript files are combined once we can just as well gzip them aggresively. This means that once they are requested and the browser supports gzip we can just serve the gzipped file saving precious bandwidth. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* [PoC] JS CombinerRoeland Jago Douma2017-03-241-0/+80
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Merge pull request #2606 from temparus/masterblizzz2017-02-151-0/+7
|\ | | | | Add preLoginValidation hook
| * Update license headerSandro Lutz2017-02-071-0/+2
| | | | | | | | Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
| * Merge remote-tracking branch 'nextcloud/master'Sandro Lutz2017-02-076-36/+117
| |\ | | | | | | | | | Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
| * | Add missing use statement for PublicEmitterSandro Lutz2017-02-071-0/+1
| | | | | | | | | | | | Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
| * | Fix typo for UserManager variableSandro Lutz2017-02-011-1/+1
| | | | | | | | | | | | Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
| * | Add check if UserManager is of type PublicEmitter before calling preLogin hookSandro Lutz2017-02-011-1/+3
| | | | | | | | | | | | Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
| * | Change where preLogin hook gets calledSandro Lutz2017-02-011-0/+2
| | | | | | | | | | | | Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
| * | Remove preLoginValidation hookSandro Lutz2017-02-011-3/+0
| | | | | | | | | | | | Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
| * | Fix indentationSandro Lutz2017-02-011-1/+1
| | | | | | | | | | | | Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
| * | Add preLoginValidation hookSandro Lutz2017-02-011-0/+3
| | | | | | | | | | | | Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
* | | Merge pull request #3362 from nextcloud/fix/nc-token-cookie-nameJoas Schilling2017-02-091-1/+1
|\ \ \ | | | | | | | | oc_token should be nc_token
| * | | oc_token should be nc_tokenChristoph Wurst2017-02-021-1/+1
| | |/ | |/| | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* / | Fix public page css fallback loadingJohn Molakvoæ (skjnldsv)2017-02-012-3/+0
|/ / | | | | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* | Merge pull request #2044 from nextcloud/login-credential-storeMorris Jobke2017-01-301-1/+0
|\ \ | | | | | | Login credential store
| * | always allow remembered loginChristoph Wurst2017-01-111-1/+0
| | | | | | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | | unify endpoints form core and the the provisioning apiBjoern Schiessle2017-01-251-14/+0
| | | | | | | | | | | | Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
* | | Merge pull request #3004 from nextcloud/fix-installation-cssLukas Reschke2017-01-222-0/+3
|\ \ \ | | | | | | | | Fixed installation page
| * | | Create unified css file and merge all needed data into this fileJohn Molakvoæ (skjnldsv)2017-01-102-1/+3
| | | | | | | | | | | | | | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
| * | | Removed jquery scssJohn Molakvoæ (skjnldsv)2017-01-101-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Switched to setup.css - Disable scss when displaying the update page - Improved setup css - Fixed loading failure of other styles on setup & update page - Improved scss compiler with an ignore scss compilation option Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* | | | add brute force protection to password reset to make it harder to guess user ↵Bjoern Schiessle2017-01-191-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | logins Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
* | | | add action to existing brute force protectionBjoern Schiessle2017-01-182-7/+7
| | | | | | | | | | | | | | | | Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
* | | | Merge pull request #2918 from nextcloud/encryption-recovery-improvementsMorris Jobke2017-01-131-5/+2
|\ \ \ \ | |_|/ / |/| | | create new encryption keys on password reset and backup the old one
| * | | create new encryption keys on password reset and backup the old oneBjoern Schiessle2017-01-101-5/+2
| |/ / | | | | | | | | | Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
* | | fix coding style and increase code coverageChristoph Wurst2017-01-111-9/+7
| | | | | | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | | Add a TwoFactorExceptionCornelius Kölbel2017-01-111-4/+19
|/ / | | | | | | | | | | | | | | | | | | | | A Two Factor third party App may throw a TwoFactorException() with a more detailed error message in case the authentication fails. The 2FA Controller will then display the message of this Exception to the user. Working on #26593 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* | Adds CssControllerTestsRoeland Jago Douma2017-01-061-17/+12
| | | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | No need for the CssManagerRoeland Jago Douma2017-01-061-9/+9
| | | | | | | | | | | | * It is a simple wrapper we can always add it later if needed Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Do not add ICssManager to OCPRoeland Jago Douma2017-01-061-4/+5
| | | | | | | | | | | | We can add it later if needed Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Code cleanupRoeland Jago Douma2017-01-061-1/+1
| | | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Css cache folder name fix, route fix and various fixesJohn Molakvoæ (skjnldsv)2017-01-061-2/+3
| | | | | | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* | Injection fix and log appname fixJohn Molakvoæ (skjnldsv)2017-01-061-3/+2
| | | | | | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* | Appdata integration 2John Molakvoæ (skjnldsv)2017-01-061-0/+83
| | | | | | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* | Use login name to fix password confirm with ldap usersJoas Schilling2017-01-051-7/+3
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | Set redirect_url on 2FA challenge pageChristoph Wurst2016-12-231-0/+1
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Merge pull request #2563 from nextcloud/fix-password-resetMorris Jobke2016-12-221-1/+7
|\ \ | |/ |/| fix password reset if encryption is enabled
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-19 15:05:26 +0000