summaryrefslogtreecommitdiffstats
path: root/lib/private/User
Commit message (Collapse)AuthorAgeFilesLines
* Set last-login-check on basic authRoeland Jago Douma2016-12-051-0/+5
| | | | | | | | | Else the last-login-check fails hard because the session value is not set and thus defaults to 0. * Started with tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* do not remember session tokens by defaultChristoph Wurst2016-11-271-1/+1
| | | | | | | | We have to respect the value of the remember-me checkbox. Due to an error in the source code the default value for the session token was to remember it. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* fix warning with token loginRobin Appelman2016-11-161-1/+1
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* read lockdown scope from tokenRobin Appelman2016-11-161-2/+1
| | | | Signed-off-by: Robin Appelman <icewind@owncloud.com>
* basic lockdown logicRobin Appelman2016-11-161-0/+2
| | | | Signed-off-by: Robin Appelman <icewind@owncloud.com>
* @since 9.2.0 to @since 11.0.0Roeland Jago Douma2016-11-151-2/+2
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Introduce an event for first time login based on the last login time stampThomas Müller2016-11-143-15/+23
| | | | | | | | | | | | Use firstLogin event to trigger creation of default calendar and default address book Delay login of admin user after setup so that firstLogin event can properly be processed for the admin Fixing tests ... Skeleton files are not copied over -> only 3 cache entries are remaining Use updateLastLoginTimestamp to properly setup lastLogin value for a test user
* inject ISecureRandom into user session and use injected config tooChristoph Wurst2016-11-021-11/+18
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* bring back remember-meChristoph Wurst2016-11-021-19/+51
| | | | | | | | | | * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Proper DI of configRoeland Jago Douma2016-10-281-12/+13
| | | | | | * Fixed comments Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* introduce callForSeenUsers and countSeenUsers (#26361)Jörn Friedrich Dreyer2016-10-281-19/+116
| | | | | | | | | | * introduce callForSeenUsers and countSeenUsers * add tests * oracle should support not null on clob * since 9.2.0
* Fix logClientIn for non-existing users (#26292)Vincent Petry2016-10-251-0/+3
| | | | | | | The check for two factor enforcement would return true for non-existing users. This fix makes it return false in order to be able to perform the regular login which will then fail and return false. This prevents throwing PasswordLoginForbidden for non-existing users.
* dont update the auth token twiceRobin Appelman2016-10-111-2/+0
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* Cache non existing DB userRoeland Jago Douma2016-10-101-2/+7
| | | | | | | | | We always query the database backend. Even if we use a different one (ldap for example). Now we do this everytime we try to get a user object so caching that a user is not in the DB safes some queries on each request then (at least 2 what I found). Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Only trigger postDelete hooks when the user was deleted...Joas Schilling2016-09-291-3/+3
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Remove notifications upon user deletionJoas Schilling2016-09-291-0/+4
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Merge pull request #1087 from nextcloud/get-delay-twiceLukas Reschke2016-08-301-2/+1
|\ | | | | dont get bruteforce delay twice
| * dont get bruteforce delay twiceRobin Appelman2016-08-291-2/+1
| |
* | Fix issues where some user settings cannot be loaded when the user id ↵Thomas Müller2016-08-291-0/+10
|/ | | | differs in case sensitivity - fixes #25684 (#25686)
* Add PHPdocRoeland Jago Douma2016-08-151-3/+5
|
* missing PHPDocJörn Friedrich Dreyer2016-08-141-0/+1
|
* Type compatabilityJörn Friedrich Dreyer2016-08-141-1/+1
|
* Method is deprecatedJörn Friedrich Dreyer2016-08-141-3/+3
|
* Unreachable statementJörn Friedrich Dreyer2016-08-141-4/+1
|
* Unnecessary fully qualified namesJörn Friedrich Dreyer2016-08-144-17/+25
|
* Apply password policy on user creationmichag862016-08-031-0/+2
|
* Update with robinJoas Schilling2016-07-215-5/+5
|
* Fix othersJoas Schilling2016-07-217-13/+21
|
* Mitigate race conditionLukas Reschke2016-07-201-1/+4
|
* Implement brute force protectionLukas Reschke2016-07-201-5/+18
| | | | | | | | | Class Throttler implements the bruteforce protection for security actions in Nextcloud. It is working by logging invalid login attempts to the database and slowing down all login attempts from the same subnet. The max delay is 30 seconds and the starting delay are 200 milliseconds. (after the first failed login)
* Merge remote-tracking branch 'upstream/master' into master-sync-upstreamLukas Reschke2016-07-011-40/+61
|\
| * Login hooks (#25260)Christoph Wurst2016-06-271-40/+61
| | | | | | | | | | | | | | | | | | | | | | | | * fix login hooks * adjust user session tests * fix login return value of successful token logins * trigger preLogin hook earlier; extract method 'loginWithPassword' * call postLogin hook earlier; add PHPDoc
* | Merge remote-tracking branch 'upstream/master' into master-sync-upstreamLukas Reschke2016-06-271-2/+11
|\|
| * check login name when authenticating with client tokenChristoph Wurst2016-06-241-2/+11
| |
* | verify user password on changeBjoern Schiessle2016-06-271-2/+8
|/
* Merge pull request #25172 from owncloud/token-login-validationVincent Petry2016-06-221-67/+108
|\ | | | | Token login validation
| * fix unit test warning/errorsChristoph Wurst2016-06-201-11/+9
| |
| * fix nitpickChristoph Wurst2016-06-201-2/+3
| |
| * dont create a session token for clients, validate the app password insteadChristoph Wurst2016-06-171-8/+24
| |
| * store last check timestamp in token instead of sessionChristoph Wurst2016-06-171-52/+92
| |
| * use token last_activity instead of session valueChristoph Wurst2016-06-171-16/+2
| |
* | update session token password on user password changeChristoph Wurst2016-06-211-0/+17
| |
* | add PasswordLoginForbiddenExceptionChristoph Wurst2016-06-171-17/+20
|/
* create session token only for clients that support cookiesChristoph Wurst2016-06-131-2/+11
|
* create session token on all APIsChristoph Wurst2016-06-131-2/+7
|
* Merge pull request #25000 from owncloud/fix-email-login-davVincent Petry2016-06-091-3/+14
|\ | | | | Allow login by email address via webdav as well
| * Allow login by email address via webdav as well - fixes #24791Thomas Müller2016-06-091-3/+14
| |
* | catch sessionnotavailable exception if memory session is usedChristoph Wurst2016-06-081-5/+10
| |
* | When creating a session token, make sure it's the login password and not a ↵Christoph Wurst2016-06-081-5/+28
|/ | | | device token
* Create session tokens for apache auth usersChristoph Wurst2016-05-311-4/+14
|
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-06 14:08:42 +0000