summaryrefslogtreecommitdiffstats
path: root/lib/private/User
Commit message (Collapse)AuthorAgeFilesLines
* Fix othersJoas Schilling2016-07-217-13/+21
|
* Mitigate race conditionLukas Reschke2016-07-201-1/+4
|
* Implement brute force protectionLukas Reschke2016-07-201-5/+18
| | | | | | | | | Class Throttler implements the bruteforce protection for security actions in Nextcloud. It is working by logging invalid login attempts to the database and slowing down all login attempts from the same subnet. The max delay is 30 seconds and the starting delay are 200 milliseconds. (after the first failed login)
* Merge remote-tracking branch 'upstream/master' into master-sync-upstreamLukas Reschke2016-07-011-40/+61
|\
| * Login hooks (#25260)Christoph Wurst2016-06-271-40/+61
| | | | | | | | | | | | | | | | | | | | | | | | * fix login hooks * adjust user session tests * fix login return value of successful token logins * trigger preLogin hook earlier; extract method 'loginWithPassword' * call postLogin hook earlier; add PHPDoc
* | Merge remote-tracking branch 'upstream/master' into master-sync-upstreamLukas Reschke2016-06-271-2/+11
|\|
| * check login name when authenticating with client tokenChristoph Wurst2016-06-241-2/+11
| |
* | verify user password on changeBjoern Schiessle2016-06-271-2/+8
|/
* Merge pull request #25172 from owncloud/token-login-validationVincent Petry2016-06-221-67/+108
|\ | | | | Token login validation
| * fix unit test warning/errorsChristoph Wurst2016-06-201-11/+9
| |
| * fix nitpickChristoph Wurst2016-06-201-2/+3
| |
| * dont create a session token for clients, validate the app password insteadChristoph Wurst2016-06-171-8/+24
| |
| * store last check timestamp in token instead of sessionChristoph Wurst2016-06-171-52/+92
| |
| * use token last_activity instead of session valueChristoph Wurst2016-06-171-16/+2
| |
* | update session token password on user password changeChristoph Wurst2016-06-211-0/+17
| |
* | add PasswordLoginForbiddenExceptionChristoph Wurst2016-06-171-17/+20
|/
* create session token only for clients that support cookiesChristoph Wurst2016-06-131-2/+11
|
* create session token on all APIsChristoph Wurst2016-06-131-2/+7
|
* Merge pull request #25000 from owncloud/fix-email-login-davVincent Petry2016-06-091-3/+14
|\ | | | | Allow login by email address via webdav as well
| * Allow login by email address via webdav as well - fixes #24791Thomas Müller2016-06-091-3/+14
| |
* | catch sessionnotavailable exception if memory session is usedChristoph Wurst2016-06-081-5/+10
| |
* | When creating a session token, make sure it's the login password and not a ↵Christoph Wurst2016-06-081-5/+28
|/ | | | device token
* Create session tokens for apache auth usersChristoph Wurst2016-05-311-4/+14
|
* Update license headersLukas Reschke2016-05-265-30/+14
|
* add default token auth config on install, upgrade and add it to sample configChristoph Wurst2016-05-241-0/+3
|
* do not allow client password logins if token auth is enforced or 2FA is enabledChristoph Wurst2016-05-241-5/+65
|
* when generating browser/device token, save the login name for later password ↵Christoph Wurst2016-05-241-3/+4
| | | | checks
* login explicitlyChristoph Wurst2016-05-241-9/+6
|
* Merge pull request #24729 from owncloud/try-token-login-firstVincent Petry2016-05-231-5/+13
|\ | | | | try token login first
| * try token login firstChristoph Wurst2016-05-201-5/+13
| |
* | Merge pull request #24658 from owncloud/invalidate-disabled-user-sessionVincent Petry2016-05-231-3/+4
|\ \ | | | | | | invalidate user session if the user was disabled
| * | invalidate user session if the user is disabledChristoph Wurst2016-05-231-3/+4
| |/
* / Add two factor auth to coreChristoph Wurst2016-05-231-0/+1
|/
* don't allow token login for disabled usersChristoph Wurst2016-05-181-0/+4
|
* a single token provider sufficesChristoph Wurst2016-05-181-43/+22
|
* use the UID for creating the session token, not the login nameChristoph Wurst2016-05-111-0/+1
|
* delete the token in case an exception is thrown when decrypting the passwordChristoph Wurst2016-05-111-4/+10
|
* fix PHPDoc and other minor issuesChristoph Wurst2016-05-111-24/+21
|
* catch possible SessionNotAvailableExceptionsChristoph Wurst2016-05-111-6/+23
|
* PHPDoc and other minor fixesChristoph Wurst2016-05-111-14/+21
|
* pass in $request on OCS apiChristoph Wurst2016-05-111-0/+2
|
* try apache auth tooChristoph Wurst2016-05-111-4/+3
|
* Fix existing testsChristoph Wurst2016-05-111-21/+23
|
* fix setupChristoph Wurst2016-05-111-6/+22
|
* Add fallback to allow user:token basic authChristoph Wurst2016-05-111-0/+7
|
* Add token auth for OCS APIsChristoph Wurst2016-05-111-10/+24
|
* Add index on 'last_activity'Christoph Wurst2016-05-111-3/+7
| | | | | | add token type column and delete only temporary tokens in the background job debounce token updates; fix wrong class import
* Add controller to generate client tokensChristoph Wurst2016-05-111-1/+1
|
* Check if session token is valid and log user out if the check failsChristoph Wurst2016-05-111-7/+38
| | | | | * Update last_activity timestamp of the session token * Check user backend credentials once in 5 minutes
* invalidate (delete) session token on logoutChristoph Wurst2016-05-111-1/+10
| | | | add 'last_activity' column to session tokens and delete old ones via a background job
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-26 19:36:43 +0000