summaryrefslogtreecommitdiffstats
path: root/lib/private/user
Commit message (Collapse)AuthorAgeFilesLines
* Remove last occurence of `forcessl`Lukas Reschke2015-08-261-2/+2
| | | | This shoudl have been adjusted as well, now it's consistent with `setMagicInCookie`. While it does not have a security impact directly some automated scanners reported this all the time.
* Fixed "Remote IP:" syntax on failed loginsRealRancor2015-07-091-1/+1
|
* Remove OC_LogThomas Müller2015-07-031-2/+2
|
* Fix indentationLukas Reschke2015-06-271-15/+15
|
* Add missing annotations for parametersLukas Reschke2015-06-274-26/+36
|
* update license headers and authorsMorris Jobke2015-06-252-5/+17
|
* more type hintsRobin Appelman2015-06-021-2/+2
|
* Reduce the complexity of the search queries in the backends to a minimumJoas Schilling2015-05-181-5/+20
|
* fix followup issues with unneeded parametersMorris Jobke2015-04-181-2/+2
|
* throw exception when backends don't provide a user instead of creating ↵Jörn Friedrich Dreyer2015-04-101-0/+14
| | | | legacy local storages
* Update license headersJenkins for ownCloud2015-03-268-73/+179
|
* Remove outdated commentLukas Reschke2015-03-131-2/+0
|
* Drop example user backendLukas Reschke2015-03-131-70/+0
| | | | | | We already provide an interface for application developers, this file is outdated and thus should get removed. Addresses No. 3 from https://github.com/owncloud/core/issues/14847
* Merge pull request #14867 from owncloud/drop-OC_User_HTTPMorris Jobke2015-03-131-120/+0
|\ | | | | Remove OC_User_HTTP
| * Remove OC_User_HTTPLukas Reschke2015-03-131-120/+0
| | | | | | | | Addresses No. 1 from https://github.com/owncloud/core/issues/14847
* | Can also be nullLukas Reschke2015-03-131-1/+1
|/ | | | If the user does not exist this returns null and can lead to nasty bugs since the IDE is not indicating this...
* Let users configure security headers in their WebserverLukas Reschke2015-03-021-1/+1
| | | | | | | | | | Doing this in the PHP code is not the right approach for multiple reasons: 1. A bug in the PHP code prevents them from being added to the response. 2. They are only added when something is served via PHP and not in other cases (that makes for example the newest IE UXSS which is not yet patched by Microsoft exploitable on ownCloud) 3. Some headers such as the Strict-Transport-Security might require custom modifications by administrators. This was not possible before and lead to buggy situations. This pull request moves those headers out of the PHP code and adds a security check to the admin settings performed via JS.
* Revert "Updating license headers"Morris Jobke2015-02-2610-222/+144
| | | | This reverts commit 6a1a4880f0d556fb090f19a5019fec31916f5c36.
* Merge pull request #10735 from owncloud/use_remote_addrRobin McCorkell2015-02-251-4/+1
|\ | | | | Use getRemoteAddress which supports reverse proxies
| * Use getRemoteAddress which supports reverse proxiesLukas Reschke2015-02-241-4/+1
| | | | | | | | | | | | Breaking change for 8.1 wiki (Security > Administrators): The log format for failed logins has changed and uses now the remote address and is considering reverse proxies for such scenarios when configured correctly.
* | Merge pull request #13340 from owncloud/use-http-onlyLukas Reschke2015-02-241-10/+13
|\ \ | |/ |/| Use "HTTPOnly" for cookies when logging out
| * Use "HTTPOnly" for cookies when logging outLukas Reschke2015-01-141-10/+13
| | | | | | | | | | | | This has no other reason than preventing some insane automated scanners from reporting this as security bug (which it obviously isn't as the cookie contains nothing of value) Thus it generally results in an happier Lukas and hopefully less reports to our support and security mail addresses...
* | Updating license headersJenkins for ownCloud2015-02-2310-144/+222
| |
* | Throw an exception when login is canceled by an appRobin Appelman2015-01-222-1/+18
| |
* | Return false if the login is canceled in a hookRobin Appelman2015-01-131-1/+1
|/
* Merge pull request #12969 from owncloud/clarify-docsMorris Jobke2014-12-221-2/+2
|\ | | | | Clarify return values
| * Fix typoLukas Reschke2014-12-191-1/+1
| |
| * Clarify return valuesLukas Reschke2014-12-191-1/+1
| | | | | | | | This function returns `null` when no user is logged-in.
* | Merge pull request #12923 from owncloud/ultra-slim-version-of-incognito-modeLukas Reschke2014-12-191-0/+5
|\ \ | |/ |/| Add ultra-slim hack for incognito mode
| * Add ultra-slim hack for incognito modeLukas Reschke2014-12-171-0/+5
| | | | | | | | As discussed at https://github.com/owncloud/core/pull/12912#issuecomment-67391155
* | introduce names for user backends - IUserBackendMorris Jobke2014-12-195-6/+38
| | | | | | | | * LDAP with multiple servers also proved backendName
* | Merge pull request #12901 from owncloud/move-ldap-check-to-managerRobin McCorkell2014-12-181-0/+3
|\ \ | |/ |/| Move the Null-Byte LDAP check to the user manager
| * Move the Null-Byte LDAP check to the user managerLukas Reschke2014-12-171-0/+3
| | | | | | | | | | | | The existing method is deprecated and just a wrapper around the manager method. Since in the future other code paths might call this function instead we need to perform that check here. Related to http://owncloud.org/security/advisory/?id=oc-sa-2014-020
* | add a isLoggedIn method to the usersession and deprecate the isLoggedIn ↵Bernhard Posselt2014-12-171-0/+9
|/ | | | method on the api
* Use public interfaceLukas Reschke2014-12-111-5/+5
|
* Add filter for 'backend' to user REST routeLukas Reschke2014-12-101-0/+8
| | | | | | | | This adds a "backend" type filter to the index REST route which is a pre-requisite for https://github.com/owncloud/core/issues/12620 For example when calling `index.php/settings/users/users?offset=0&limit=10&gid=&pattern=&backend=OC_User_Database` only users within the backend `OC_User_Database` would be shown. (requires sending a CSRF token as well) Depends upon https://github.com/owncloud/core/pull/12711
* Merge pull request #12711 from owncloud/add-backend-to-rest-indexLukas Reschke2014-12-101-0/+9
|\ | | | | Expose backend type via REST API
| * Expose backend type via REST APILukas Reschke2014-12-091-0/+9
| | | | | | | | | | | | | | | | | | This change will expose the user backend via the REST API which is a pre-requisite for https://github.com/owncloud/core/issues/12620. For example: ````json [{"name":"9707A09E-CA9A-4ABE-A66A-3F632F16C409","displayname":"Document Conversion User Account","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/9707A09E-CA9A-4ABE-A66A-3F632F16C409","lastLogin":0,"backend":"OCA\\user_ldap\\USER_LDAP"},{"name":"ED86733E-745C-4E4D-90CB-278A9737DB3C","displayname":"Hacker","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/ED86733E-745C-4E4D-90CB-278A9737DB3C","lastLogin":0,"backend":"OCA\\user_ldap\\USER_LDAP"},{"name":"71CDF45B-E125-450D-983C-D9192F36EC88","displayname":"admin","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/71CDF45B-E125-450D-983C-D9192F36EC88","lastLogin":0,"backend":"OCA\\user_ldap\\USER_LDAP"},{"name":"admin","displayname":"admin","groups":["admin"],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/admin","lastLogin":"1418057287","backend":"OC_User_Database"},{"name":"test","displayname":"test","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/test","lastLogin":0,"backend":"OC_User_Database"}] ```
* | reduce OC_Preferences, OC_Config and \OCP\Config usageMorris Jobke2014-12-082-6/+7
| | | | | | | | | | | | | | | | | | | | * files_encryption * files_versions * files_trashbin * tests * status.php * core * server container
* | migrate \OC\AllConfig to \OCP\IConfigMorris Jobke2014-12-082-6/+8
|/
* Add REST route for user & group managementLukas Reschke2014-12-082-1/+19
| | | | First step of a somewhat testable user management. - I know, the JSON returns are in an ugly format but the JS expects it that way. So let's keep it that way until we have time to fix the JS in the future.
* Move OC_USER_BACKEND_* constants to OC_User_Backend classJoas Schilling2014-11-274-22/+47
|
* remove deprecated \OC:$sessionThomas Müller2014-11-261-17/+0
|
* removal of wrong/double implemented checkmichag862014-11-131-1/+1
| | | | Check already implemented in core/settings/ajax/changedisplayname.php
* Merge pull request #12003 from owncloud/password-migrationLukas Reschke2014-11-061-32/+7
|\ | | | | Use new hashing API for OC_User_Database
| * Use new hashing API for OC_User_DatabaseLukas Reschke2014-11-061-32/+7
| | | | | | | | This will use the new Hashing API for OC_User_Database and migrate old passwords upon initial login of the user.
* | Support displaynames for dummy user backendRobin Appelman2014-11-061-3/+18
|/
* Remove confusingly names \OC\User\Manager::delete and fix the automatic ↵Robin Appelman2014-11-051-19/+5
| | | | cache cleanup instead
* Clear session after logoutLukas Reschke2014-10-301-0/+1
| | | | Fixes https://github.com/owncloud/core/issues/8420
* strip whitespace from the beginning and end of the display name to avoid ↵Bjoern Schiessle2014-10-151-2/+12
| | | | empty display names
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-10 21:13:16 +0000