aboutsummaryrefslogtreecommitdiffstats
path: root/core/Middleware
Commit message (Collapse)AuthorAgeFilesLines
* Update license headersChristoph Wurst2019-12-051-2/+2
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Harden middleware checkRoeland Jago Douma2019-10-251-0/+10
| | | | | | | These annotations will allow for extra checks. And thus make it harder to break things. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Allow 2FA to be setup on first loginRoeland Jago Douma2019-05-171-1/+7
| | | | | | | | | Once 2FA is enforced for a user and they have no 2FA setup yet this will now prompt them with a setup screen. Given that providers are enabled that allow setup then. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* No need to check 2fa state on apptoken loginsRoeland Jago Douma2019-02-201-1/+2
| | | | | | | | If you login with an apptoken there is no need to check 2FA state as this does not apply to apptokens. Not checking saves us a query on each request made from a client. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Update license headersMorris Jobke2017-11-061-0/+2
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Remove explicit type hints for ControllerLukas Reschke2017-08-011-2/+2
| | | | | | This is public API and breaks the middlewares of existing apps. Since this also requires maintaining two different code paths for 12 and 13 I'm at the moment voting for reverting this change. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Fix middleware implementations signaturesRoeland Jago Douma2017-07-311-3/+3
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Check whether the $_SERVER['REQUEST_*'] vars exist before using themJoas Schilling2017-05-151-3/+5
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* prevent infinite redirect loops if the there is no 2fa provider to passChristoph Wurst2016-08-241-4/+6
| | | | | | | This fixes infinite loops that are caused whenever a user is about to solve a 2FA challenge, but the provider app is disabled at the same time. Since the session value usually indicates that the challenge needs to be solved before we grant access we have to remove that value instead in this special case.
* Throw exception if you don't handle itRoeland Jago Douma2016-08-121-0/+2
|
* Fix othersJoas Schilling2016-07-211-2/+3
|
* Allow to cancel 2FA after loginJoas Schilling2016-06-071-0/+5
|
* remember redirect_url when solving the 2FA challengeChristoph Wurst2016-06-011-2/+10
|
* Update license headersLukas Reschke2016-05-261-1/+0
|
* add OCC command to enable/disable 2FA for a userChristoph Wurst2016-05-231-0/+4
|
* Add two factor auth to coreChristoph Wurst2016-05-231-0/+117