aboutsummaryrefslogtreecommitdiffstats
path: root/tests/lib/User
Commit message (Collapse)AuthorAgeFilesLines
...
* Add missing tests and fix PHPDocLukas Reschke2016-11-021-1/+44
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* inject ISecureRandom into user session and use injected config tooChristoph Wurst2016-11-021-49/+60
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* bring back remember-meChristoph Wurst2016-11-021-128/+161
| | | | | | | | | | * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Proper DI of configRoeland Jago Douma2016-10-282-26/+55
| | | | | | * Fixed comments Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* introduce callForSeenUsers and countSeenUsers (#26361)Jörn Friedrich Dreyer2016-10-281-1/+63
| | | | | | | | | | * introduce callForSeenUsers and countSeenUsers * add tests * oracle should support not null on clob * since 9.2.0
* Fix and cleanup SessionTestRoeland Jago Douma2016-10-251-43/+26
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Fix logClientIn for non-existing users (#26292)Vincent Petry2016-10-251-0/+26
| | | | | | | The check for two factor enforcement would return true for non-existing users. This fix makes it return false in order to be able to perform the regular login which will then fail and return false. This prevents throwing PasswordLoginForbidden for non-existing users.
* Add test to ensure token times are updatedRobin Appelman2016-10-111-24/+128
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* dont update the auth token twiceRobin Appelman2016-10-111-3/+0
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* Only trigger postDelete hooks when the user was deleted...Joas Schilling2016-09-291-4/+5
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Make sure that comments, notifications and preferences are deletedJoas Schilling2016-09-291-11/+74
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Fix getMock UserRoeland Jago Douma2016-09-134-136/+146
|
* dont get bruteforce delay twiceRobin Appelman2016-08-291-6/+6
|
* Mitigate race conditionLukas Reschke2016-07-201-3/+18
|
* Implement brute force protectionLukas Reschke2016-07-201-11/+35
| | | | | | | | | Class Throttler implements the bruteforce protection for security actions in Nextcloud. It is working by logging invalid login attempts to the database and slowing down all login attempts from the same subnet. The max delay is 30 seconds and the starting delay are 200 milliseconds. (after the first failed login)
* Fix failing tests after db splitRoeland Jago Douma2016-07-131-4/+4
|
* Merge remote-tracking branch 'upstream/master' into master-sync-upstreamLukas Reschke2016-07-011-1/+4
|\
| * Login hooks (#25260)Christoph Wurst2016-06-271-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | * fix login hooks * adjust user session tests * fix login return value of successful token logins * trigger preLogin hook earlier; extract method 'loginWithPassword' * call postLogin hook earlier; add PHPDoc
* | Merge remote-tracking branch 'upstream/master' into master-sync-upstreamLukas Reschke2016-06-271-0/+30
|\|
| * check login name when authenticating with client tokenChristoph Wurst2016-06-241-0/+30
| |
* | verify user password on changeBjoern Schiessle2016-06-271-1/+46
|/
* Merge pull request #25172 from owncloud/token-login-validationVincent Petry2016-06-221-80/+81
|\ | | | | Token login validation
| * fix unit test warning/errorsChristoph Wurst2016-06-201-15/+16
| |
| * fix user session testsChristoph Wurst2016-06-201-73/+73
| |
* | update session token password on user password changeChristoph Wurst2016-06-211-0/+65
| |
* | add PasswordLoginForbiddenExceptionChristoph Wurst2016-06-171-2/+8
|/
* create session token only for clients that support cookiesChristoph Wurst2016-06-131-3/+45
|
* When creating a session token, make sure it's the login password and not a ↵Christoph Wurst2016-06-081-24/+135
| | | | device token
* Create session tokens for apache auth usersChristoph Wurst2016-05-311-0/+38
|
* do not allow client password logins if token auth is enforced or 2FA is enabledChristoph Wurst2016-05-241-13/+71
|
* when generating browser/device token, save the login name for later password ↵Christoph Wurst2016-05-241-6/+13
| | | | checks
* invalidate user session if the user is disabledChristoph Wurst2016-05-231-0/+47
|
* Move tests/ to PSR-4 (#24731)Joas Schilling2016-05-207-0/+1695
* Move a-b to PSR-4 * Move c-d to PSR-4 * Move e+g to PSR-4 * Move h-l to PSR-4 * Move m-r to PSR-4 * Move s-u to PSR-4 * Move files/ to PSR-4 * Move remaining tests to PSR-4 * Remove Test\ from old autoloader
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-06 20:16:27 +0000