summaryrefslogtreecommitdiffstats
path: root/lib/private/user/session.php
Commit message (Collapse)AuthorAgeFilesLines
* Move \OC\User to PSR-4Roeland Jago Douma2016-05-101-322/+0
|
* Add occ commands to enable and disable a user + a disabled user can no ↵Thomas Müller2016-05-021-21/+25
| | | | longer login - fixes #23838
* Happy new year!Thomas Müller2016-01-121-2/+3
|
* getMediumStrengthGenerator is deprecated and does not do anything anymoreRoeland Jago Douma2016-01-111-1/+1
|
* Move regeneration of session ID into session classesLukas Reschke2016-01-041-0/+2
| | | | There were code paths that nowadays call ISession::login directly thus bypassing the desired regeneration of the session ID. This moves the session regeneration deeper into the session handling and thus ensures that it is always called. Furthermore, I also added the session regeneration to the remember me cookie plus added some test case expectations for this.
* More cleanups of OC_Config usageMorris Jobke2015-12-031-1/+1
|
* Remove last occurence of `forcessl`Lukas Reschke2015-08-261-2/+2
| | | | This shoudl have been adjusted as well, now it's consistent with `setMagicInCookie`. While it does not have a security impact directly some automated scanners reported this all the time.
* more type hintsRobin Appelman2015-06-021-2/+2
|
* Update license headersJenkins for ownCloud2015-03-261-5/+26
|
* Let users configure security headers in their WebserverLukas Reschke2015-03-021-1/+1
| | | | | | | | | | Doing this in the PHP code is not the right approach for multiple reasons: 1. A bug in the PHP code prevents them from being added to the response. 2. They are only added when something is served via PHP and not in other cases (that makes for example the newest IE UXSS which is not yet patched by Microsoft exploitable on ownCloud) 3. Some headers such as the Strict-Transport-Security might require custom modifications by administrators. This was not possible before and lead to buggy situations. This pull request moves those headers out of the PHP code and adds a security check to the admin settings performed via JS.
* Revert "Updating license headers"Morris Jobke2015-02-261-26/+6
| | | | This reverts commit 6a1a4880f0d556fb090f19a5019fec31916f5c36.
* Merge pull request #13340 from owncloud/use-http-onlyLukas Reschke2015-02-241-10/+13
|\ | | | | Use "HTTPOnly" for cookies when logging out
| * Use "HTTPOnly" for cookies when logging outLukas Reschke2015-01-141-10/+13
| | | | | | | | | | | | This has no other reason than preventing some insane automated scanners from reporting this as security bug (which it obviously isn't as the cookie contains nothing of value) Thus it generally results in an happier Lukas and hopefully less reports to our support and security mail addresses...
* | Updating license headersJenkins for ownCloud2015-02-231-6/+26
| |
* | Throw an exception when login is canceled by an appRobin Appelman2015-01-221-1/+6
| |
* | Return false if the login is canceled in a hookRobin Appelman2015-01-131-1/+1
|/
* Merge pull request #12969 from owncloud/clarify-docsMorris Jobke2014-12-221-2/+2
|\ | | | | Clarify return values
| * Fix typoLukas Reschke2014-12-191-1/+1
| |
| * Clarify return valuesLukas Reschke2014-12-191-1/+1
| | | | | | | | This function returns `null` when no user is logged-in.
* | Add ultra-slim hack for incognito modeLukas Reschke2014-12-171-0/+5
|/ | | | As discussed at https://github.com/owncloud/core/pull/12912#issuecomment-67391155
* add a isLoggedIn method to the usersession and deprecate the isLoggedIn ↵Bernhard Posselt2014-12-171-0/+9
| | | | method on the api
* reduce OC_Preferences, OC_Config and \OCP\Config usageMorris Jobke2014-12-081-3/+3
| | | | | | | | | | * files_encryption * files_versions * files_trashbin * tests * status.php * core * server container
* remove deprecated \OC:$sessionThomas Müller2014-11-261-17/+0
|
* Clear session after logoutLukas Reschke2014-10-301-0/+1
| | | | Fixes https://github.com/owncloud/core/issues/8420
* Unset the cached active user when using a different session objectRobin Appelman2014-10-131-11/+12
|
* Use proper RNG generatorLukas Reschke2014-09-031-1/+1
| | | | | OC_Util::generateRandomBytes() only returns lowercase alphanumeric values. We should use the new RNG which has a broader characterset.
* kill OC::$sessionJörn Friedrich Dreyer2014-08-291-3/+41
| | | | | | | | | | | | maintain deprecated \OC::$session when getting or setting the session via the server container or UserSession restore order os OC::$session and OC::$CLI remove unneded initialization of dummy session write back session when $useCustomSession is true log warning when deprecated app is used
* Merge pull request #10144 from owncloud/issue/9972Thomas Müller2014-08-061-1/+1
|\ | | | | Issue/9972 Fix issues with group and username `0`
| * Fix isLoggedIn() check for user '0'Joas Schilling2014-08-041-1/+1
| | | | | | | | Fix #9972
* | Add public interfaces for User, UserManager and UserSessionRobin Appelman2014-07-141-1/+2
|/
* add preRememberedLogin hook and document this and postRememberedLogin in ↵Arthur Schiwon2014-05-261-1/+4
| | | | class descripttion. Also fixes documentation of postLogin hook
* clean up tryRememberLogin and save the timestamp of users last loginArthur Schiwon2014-05-211-0/+32
|
* Fix Scrutinizer errorsRobin McCorkell2014-05-131-3/+3
|
* Remove `session_id_regenerate` from hereLukas Reschke2014-02-211-1/+0
| | | Jenkins somewhat complains that there are already sent headers.
* Merge pull request #6519 from nhirokinet/masterLukas Reschke2014-02-201-0/+1
|\ | | | | Security Update: session fixation
| * Security Update: session fixationNARUKAWA Hiroki2013-12-201-0/+1
| | | | | | Previous version is vulnerable to session fixation attack in some situations, guessing non-apache-module-php5 environment. Regeneration of session id should be done here.
* | polish documentation based on scrutinizer patchesJörn Friedrich Dreyer2014-02-061-1/+1
| |
* | fixing PHPDoc and use cameCase namesThomas Müller2014-01-091-7/+7
|/
* On webdav sesssions, loginname was compared to username which does not need ↵Arthur Schiwon2013-12-131-0/+34
| | | | to match necessarily
* Now removing stray old cookies from 5.0.12Vincent Petry2013-11-071-0/+5
| | | | | | | | | | | Cookies from 5.0.12 seemed to have an extra slash in the path. Firefox doesn't allow to remove them if the trailing slash isn't there, thus making it impossible to logout correctly. This fix adds extra code to delete such stray cookies. Ported from stable5 branch 99e5c6f7eb58404be2cc5448ec380f29c9a71225
* move the private namespace OC into lib/private - OCP will stay in lib/publicThomas Müller2013-09-301-0/+174
Conflicts: lib/private/vcategories.php
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-21 11:30:13 +0000