summaryrefslogtreecommitdiffstats
path: root/core/Middleware
Commit message (Collapse)AuthorAgeFilesLines
* Enable strict types for the 2FA middlewareChristoph Wurst2021-12-161-0/+3
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix setting up 2FA when no providers are set up but backup codesChristoph Wurst2021-12-101-1/+1
| | | | | | | | | | 2FA set up is allowed when only backup codes are set up but no other provider and no provider is failing. This patch syncs up the login controller check with the challenge controller check 10 lines above. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Explicitly allow some routes without 2FAChristoph Wurst2021-11-171-0/+6
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Allow "TwoFactor Nextcloud Notifications" to pull the state of the 2FA againJoas Schilling2021-10-041-0/+6
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Remove 2FA exemption from PublicPage annotationLukas Reschke2021-09-061-5/+0
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Fix setting up 2FA providers when 2FA is enforced and bc are generatedChristoph Wurst2021-07-301-1/+1
| | | | | | | | When a user has backup codes generated and got their 2FA enforced then they should be able to set up TOTP and similar providers during the login. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Improve provider checkLukas Reschke2021-07-211-1/+5
| | | | | | Check if there is a provider missing. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Update php licensesJohn Molakvoæ (skjnldsv)2021-06-041-1/+0
| | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* Format control structures, classes, methods and functionChristoph Wurst2020-04-101-1/+0
| | | | | | | | | | | | | | | To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Use elseif instead of else ifChristoph Wurst2020-04-101-1/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Update license headersChristoph Wurst2019-12-051-2/+2
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Harden middleware checkRoeland Jago Douma2019-10-251-0/+10
| | | | | | | These annotations will allow for extra checks. And thus make it harder to break things. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Allow 2FA to be setup on first loginRoeland Jago Douma2019-05-171-1/+7
| | | | | | | | | Once 2FA is enforced for a user and they have no 2FA setup yet this will now prompt them with a setup screen. Given that providers are enabled that allow setup then. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* No need to check 2fa state on apptoken loginsRoeland Jago Douma2019-02-201-1/+2
| | | | | | | | If you login with an apptoken there is no need to check 2FA state as this does not apply to apptokens. Not checking saves us a query on each request made from a client. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Update license headersMorris Jobke2017-11-061-0/+2
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Remove explicit type hints for ControllerLukas Reschke2017-08-011-2/+2
| | | | | | This is public API and breaks the middlewares of existing apps. Since this also requires maintaining two different code paths for 12 and 13 I'm at the moment voting for reverting this change. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Fix middleware implementations signaturesRoeland Jago Douma2017-07-311-3/+3
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Check whether the $_SERVER['REQUEST_*'] vars exist before using themJoas Schilling2017-05-151-3/+5
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* prevent infinite redirect loops if the there is no 2fa provider to passChristoph Wurst2016-08-241-4/+6
| | | | | | | This fixes infinite loops that are caused whenever a user is about to solve a 2FA challenge, but the provider app is disabled at the same time. Since the session value usually indicates that the challenge needs to be solved before we grant access we have to remove that value instead in this special case.
* Throw exception if you don't handle itRoeland Jago Douma2016-08-121-0/+2
|
* Fix othersJoas Schilling2016-07-211-2/+3
|
* Allow to cancel 2FA after loginJoas Schilling2016-06-071-0/+5
|
* remember redirect_url when solving the 2FA challengeChristoph Wurst2016-06-011-2/+10
|
* Update license headersLukas Reschke2016-05-261-1/+0
|
* add OCC command to enable/disable 2FA for a userChristoph Wurst2016-05-231-0/+4
|
* Add two factor auth to coreChristoph Wurst2016-05-231-0/+117