aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/AppFramework/Middleware/Security/PasswordConfirmationMiddleware.php
Commit message (Collapse)AuthorAgeFilesLines
* fix: Use login name to check the passwordartonge/fix/use_loginname_to_check_passwordLouis Chemineau2025-04-021-1/+2
| | | | Signed-off-by: Louis Chemineau <louis@chmn.me>
* feat: Use inline password confirmation in external storage settingsLouis Chemineau2024-11-281-66/+57
| | | | Signed-off-by: Louis Chemineau <louis@chmn.me>
* chore(deps): Update nextcloud/coding-standard to v1.3.1provokateurin2024-09-191-1/+2
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* style: update codestyle for coding-standard 1.2.3Daniel Kesselberg2024-08-251-1/+1
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* feat(Security): Warn about using annotations instead of attributesprovokateurin2024-07-181-0/+3
| | | | Signed-off-by: provokateurin <kate@provokateurin.de>
* refactor(Token): introduce scope constantsArthur Schiwon2024-06-051-1/+2
| | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* fix(Session): avoid password confirmation on SSOArthur Schiwon2024-06-051-2/+24
| | | | | | | | | | | SSO backends like SAML and OIDC tried a trick to suppress password confirmations as they are not possible by design. At least for SAML it was not reliable when existing user backends where used as user repositories. Now we are setting a special scope with the token, and also make sure that the scope is taken over when tokens are regenerated. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* chore: Add SPDX headerAndy Scherzinger2024-05-241-20/+2
| | | | Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
* chore: apply changes from Nextcloud coding standards 1.1.1Joas Schilling2023-11-231-3/+3
| | | | | Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
* feat(security): Add PHP \Attribute for remaining security annotationsJoas Schilling2023-04-251-1/+25
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Update php licensesJohn Molakvoæ (skjnldsv)2021-06-041-2/+1
| | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* Update license headersChristoph Wurst2019-12-051-1/+2
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Some php-cs fixesRoeland Jago Douma2019-11-221-0/+1
| | | | | | | | | | | * Order the imports * No leading slash on imports * Empty line before namespace * One line per import * Empty after imports * Emmpty line at bottom of file Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Update password confirmation middlewareRoeland Jago Douma2018-11-021-0/+8
| | | | | | | If the userbackend doesn't allow validating the password for a given uid then there is no need to perform this check. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* add global site selector as user back-end which doesn't support password ↵Bjoern Schiessle2018-10-271-1/+3
| | | | | | confirmation Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
* Move passwordconfirmation to its own midlewareRoeland Jago Douma2018-01-021-0/+81
Add tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-26 21:18:23 +0000