summaryrefslogtreecommitdiffstats
path: root/lib/private/User
Commit message (Collapse)AuthorAgeFilesLines
* Proper DI of configRoeland Jago Douma2016-10-281-12/+13
| | | | | | * Fixed comments Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* introduce callForSeenUsers and countSeenUsers (#26361)Jörn Friedrich Dreyer2016-10-281-19/+116
| | | | | | | | | | * introduce callForSeenUsers and countSeenUsers * add tests * oracle should support not null on clob * since 9.2.0
* Fix logClientIn for non-existing users (#26292)Vincent Petry2016-10-251-0/+3
| | | | | | | The check for two factor enforcement would return true for non-existing users. This fix makes it return false in order to be able to perform the regular login which will then fail and return false. This prevents throwing PasswordLoginForbidden for non-existing users.
* dont update the auth token twiceRobin Appelman2016-10-111-2/+0
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* Cache non existing DB userRoeland Jago Douma2016-10-101-2/+7
| | | | | | | | | We always query the database backend. Even if we use a different one (ldap for example). Now we do this everytime we try to get a user object so caching that a user is not in the DB safes some queries on each request then (at least 2 what I found). Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Only trigger postDelete hooks when the user was deleted...Joas Schilling2016-09-291-3/+3
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Remove notifications upon user deletionJoas Schilling2016-09-291-0/+4
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Merge pull request #1087 from nextcloud/get-delay-twiceLukas Reschke2016-08-301-2/+1
|\ | | | | dont get bruteforce delay twice
| * dont get bruteforce delay twiceRobin Appelman2016-08-291-2/+1
| |
* | Fix issues where some user settings cannot be loaded when the user id ↵Thomas Müller2016-08-291-0/+10
|/ | | | differs in case sensitivity - fixes #25684 (#25686)
* Add PHPdocRoeland Jago Douma2016-08-151-3/+5
|
* missing PHPDocJörn Friedrich Dreyer2016-08-141-0/+1
|
* Type compatabilityJörn Friedrich Dreyer2016-08-141-1/+1
|
* Method is deprecatedJörn Friedrich Dreyer2016-08-141-3/+3
|
* Unreachable statementJörn Friedrich Dreyer2016-08-141-4/+1
|
* Unnecessary fully qualified namesJörn Friedrich Dreyer2016-08-144-17/+25
|
* Apply password policy on user creationmichag862016-08-031-0/+2
|
* Update with robinJoas Schilling2016-07-215-5/+5
|
* Fix othersJoas Schilling2016-07-217-13/+21
|
* Mitigate race conditionLukas Reschke2016-07-201-1/+4
|
* Implement brute force protectionLukas Reschke2016-07-201-5/+18
| | | | | | | | | Class Throttler implements the bruteforce protection for security actions in Nextcloud. It is working by logging invalid login attempts to the database and slowing down all login attempts from the same subnet. The max delay is 30 seconds and the starting delay are 200 milliseconds. (after the first failed login)
* Merge remote-tracking branch 'upstream/master' into master-sync-upstreamLukas Reschke2016-07-011-40/+61
|\
| * Login hooks (#25260)Christoph Wurst2016-06-271-40/+61
| | | | | | | | | | | | | | | | | | | | | | | | * fix login hooks * adjust user session tests * fix login return value of successful token logins * trigger preLogin hook earlier; extract method 'loginWithPassword' * call postLogin hook earlier; add PHPDoc
* | Merge remote-tracking branch 'upstream/master' into master-sync-upstreamLukas Reschke2016-06-271-2/+11
|\|
| * check login name when authenticating with client tokenChristoph Wurst2016-06-241-2/+11
| |
* | verify user password on changeBjoern Schiessle2016-06-271-2/+8
|/
* Merge pull request #25172 from owncloud/token-login-validationVincent Petry2016-06-221-67/+108
|\ | | | | Token login validation
| * fix unit test warning/errorsChristoph Wurst2016-06-201-11/+9
| |
| * fix nitpickChristoph Wurst2016-06-201-2/+3
| |
| * dont create a session token for clients, validate the app password insteadChristoph Wurst2016-06-171-8/+24
| |
| * store last check timestamp in token instead of sessionChristoph Wurst2016-06-171-52/+92
| |
| * use token last_activity instead of session valueChristoph Wurst2016-06-171-16/+2
| |
* | update session token password on user password changeChristoph Wurst2016-06-211-0/+17
| |
* | add PasswordLoginForbiddenExceptionChristoph Wurst2016-06-171-17/+20
|/
* create session token only for clients that support cookiesChristoph Wurst2016-06-131-2/+11
|
* create session token on all APIsChristoph Wurst2016-06-131-2/+7
|
* Merge pull request #25000 from owncloud/fix-email-login-davVincent Petry2016-06-091-3/+14
|\ | | | | Allow login by email address via webdav as well
| * Allow login by email address via webdav as well - fixes #24791Thomas Müller2016-06-091-3/+14
| |
* | catch sessionnotavailable exception if memory session is usedChristoph Wurst2016-06-081-5/+10
| |
* | When creating a session token, make sure it's the login password and not a ↵Christoph Wurst2016-06-081-5/+28
|/ | | | device token
* Create session tokens for apache auth usersChristoph Wurst2016-05-311-4/+14
|
* Update license headersLukas Reschke2016-05-265-30/+14
|
* add default token auth config on install, upgrade and add it to sample configChristoph Wurst2016-05-241-0/+3
|
* do not allow client password logins if token auth is enforced or 2FA is enabledChristoph Wurst2016-05-241-5/+65
|
* when generating browser/device token, save the login name for later password ↵Christoph Wurst2016-05-241-3/+4
| | | | checks
* login explicitlyChristoph Wurst2016-05-241-9/+6
|
* Merge pull request #24729 from owncloud/try-token-login-firstVincent Petry2016-05-231-5/+13
|\ | | | | try token login first
| * try token login firstChristoph Wurst2016-05-201-5/+13
| |
* | Merge pull request #24658 from owncloud/invalidate-disabled-user-sessionVincent Petry2016-05-231-3/+4
|\ \ | | | | | | invalidate user session if the user was disabled
| * | invalidate user session if the user is disabledChristoph Wurst2016-05-231-3/+4
| |/
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-05 00:56:55 +0000