Commits · 61b0d65353ca77065f76cbfa70aeab1d1a9826ca · TeDomum / Nextcloud

Jan 15, 2018
- Display message when connection is throttled on logi page · 7cab7feb
  Roeland Jago Douma authored 7 years ago
  
  Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
  7cab7feb
Dec 28, 2017
- Hide stay logged in checkbox when flow authentication is used · f5f6ed66
  Julius Härtl authored 7 years ago
  
  Signed-off-by: Julius Härtl <jus@bitgrid.net>
  f5f6ed66
Nov 06, 2017
- Update license headers · 0eebff15
  Morris Jobke authored 7 years ago
  
  Signed-off-by: Morris Jobke <hey@morrisjobke.de>
  0eebff15
Sep 07, 2017

Fix "Uninitialized string offset: 0 at \/media\/psf\/stable9\/lib\/private\/URLGenerator.php#224" · 0bccd5a0

Lukas Reschke authored 7 years ago

The URLGenerator doesn't support `` as target for absolute URLs, we need to link to `/` thus.

Regression introduced with https://github.com/nextcloud/server/commit/46229a00f39e507249dbe3ceb7507277da3fa4f8

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>

0bccd5a0

Sep 04, 2017
- Fix broken tests · 0326c2c5
  Morris Jobke authored 7 years ago
  
  Signed-off-by: Morris Jobke <hey@morrisjobke.de>
  0326c2c5
Sep 02, 2017
- Add rich link preview to the login page · 46229a00
  Julius Härtl authored 7 years ago
  
  Signed-off-by: Julius Härtl <jus@bitgrid.net>
  46229a00
Jul 27, 2017

Add metadata to \OCP\AppFramework\Http\Response::throttle · f22ab3e6

Lukas Reschke authored 7 years ago

Fixes https://github.com/nextcloud/server/issues/5891



Signed-off-by: Lukas Reschke <lukas@statuscode.ch>

f22ab3e6

Jun 20, 2017

Add Clear-Site-Data header · 2f87fb6b

Lukas Reschke authored 7 years ago

This adds a Clear-Site-Data header to the logout response which will delete all relevant data in the caches which may contain potentially sensitive content.

See https://w3c.github.io/webappsec-clear-site-data/#header for the definition of the types.

Ref https://twitter.com/mikewest/status/877149667909406723

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>

2f87fb6b

May 11, 2017
- Disable reset password link. Issue: #27440 · 7c23414e
  Ujjwal Bhardwaj authored 7 years ago
  
  7c23414e
Apr 25, 2017
- Fix remember redirect_url on failed login attempts · bb1d191f
  Christoph Wurst authored 7 years ago
  
  Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
  bb1d191f
Apr 13, 2017

Make BruteForceProtection annotation more clever · 8149945a

Lukas Reschke authored 7 years ago

This makes the new `@BruteForceProtection` annotation more clever and moves the relevant code into it's own middleware.

Basically you can now set `@BruteForceProtection(action=$key)` as annotation and that will make the controller bruteforce protected. However, the difference to before is that you need to call `$responmse->throttle()` to increase the counter. Before the counter was increased every time which leads to all kind of unexpected problems.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>

8149945a

Apr 07, 2017
- Dont create a log entry on email login · 7ad791ef
  Joas Schilling authored 8 years ago
  
  Signed-off-by: Joas Schilling <coding@schilljs.com>
  7ad791ef
Apr 06, 2017
- do login routine only once when done via LoginController · 7b3fdfee
  Arthur Schiwon authored 8 years ago
  
  Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
  7b3fdfee
- fix login controller tests · 2994cbc5
  Arthur Schiwon authored 8 years ago
  
  Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
  2994cbc5
Feb 07, 2017
- Update license header · 9b6f99ab
  Sandro Lutz authored 8 years ago
  
  Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
  9b6f99ab
Feb 06, 2017
- Add missing use statement for PublicEmitter · ff3fa538
  Sandro Lutz authored 8 years ago
  
  Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
  ff3fa538
Feb 02, 2017
- oc_token should be nc_token · 5e728d0e
  Christoph Wurst authored 8 years ago
  
  Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
  5e728d0e
Feb 01, 2017
- Fix typo for UserManager variable · 20f878b0
  Sandro Lutz authored 8 years ago
  
  Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
  20f878b0
- Add check if UserManager is of type PublicEmitter before calling preLogin hook · 6feff0ce
  Sandro Lutz authored 8 years ago
  
  Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
  6feff0ce
- Change where preLogin hook gets called · e30d28f7
  Sandro Lutz authored 8 years ago
  
  Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
  e30d28f7
- Remove preLoginValidation hook · 6ab0a321
  Sandro Lutz authored 8 years ago
  
  Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
  6ab0a321
- Fix indentation · e14d50eb
  Sandro Lutz authored 8 years ago
  
  Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
  e14d50eb
- Add preLoginValidation hook · 4ebcd5ac
  Sandro Lutz authored 8 years ago
  
  Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
  4ebcd5ac
- Fix public page css fallback loading · 2c9d7eeb
  John Molakvoæ authored 8 years ago
  
  Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
  2c9d7eeb
Jan 18, 2017
- add action to existing brute force protection · cdf01feb
  Bjoern Schiessle authored 8 years ago
  
  Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
  cdf01feb
Jan 11, 2017
- always allow remembered login · 140555b7
  Christoph Wurst authored 8 years ago
  
  Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
  140555b7
Jan 10, 2017
- Create unified css file and merge all needed data into this file · e4b3ba65
  John Molakvoæ authored 8 years ago
  
  Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
  e4b3ba65
Jan 05, 2017
- Use login name to fix password confirm with ldap users · 2f21eaaf
  Joas Schilling authored 8 years ago
  
  Signed-off-by: Joas Schilling <coding@schilljs.com>
  2f21eaaf
Dec 08, 2016
- Save the timezone on login again · 924358ef
  Joas Schilling authored 8 years ago
  
  Signed-off-by: Joas Schilling <coding@schilljs.com>
  924358ef
Dec 02, 2016
- Move integer casting to the top of the chain · 25a5c655
  justin-sleep authored 8 years ago
  
  Signed-off-by: justin-sleep <justin@quarterfull.com>
  25a5c655
Nov 18, 2016
- Introduce the UI for password confirmation · d75e35b7
  Joas Schilling authored 8 years ago
  
  Signed-off-by: Joas Schilling <coding@schilljs.com>
  d75e35b7
Nov 02, 2016

bring back remember-me · d9076662

Christoph Wurst authored 8 years ago

* try to reuse the old session token for remember me login
* decrypt/encrypt token password and set the session id accordingly
* create remember-me cookies only if checkbox is checked and 2fa solved
* adjust db token cleanup to store remembered tokens longer
* adjust unit tests

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>

d9076662

Sep 30, 2016
- Use magic DI for core controllers · 877cb06b
  Joas Schilling authored 8 years ago
  
  Signed-off-by: Joas Schilling <coding@schilljs.com>
  877cb06b
Aug 29, 2016
- Minor cleanup in core Controllers · f6423f74
  Roeland Jago Douma authored 8 years ago
  
  f6423f74
- redirect to 2fa provider if there's only one active for the user · 291dd0bd
  Christoph Wurst authored 8 years ago
  
  291dd0bd
Aug 23, 2016
- Move the reset token to core app · 736e884e
  Joas Schilling authored 8 years ago
  
  736e884e
- Remove "password reset token" after successful login · 139fb8de
  Joas Schilling authored 8 years ago
  
  139fb8de
Aug 11, 2016
- Redirect users when already logged-in on login form · 9ca25e85
  Lukas Reschke authored 8 years ago
  
  9ca25e85
Aug 10, 2016
- Add missing array element - fixes #25714 · 4cf2f97a
  Thomas Müller authored 8 years ago
  
  4cf2f97a
Jul 27, 2016
- Redirect to default page after login · 4ecd16c5
  Bjoern Schiessle authored 8 years ago
  
  4ecd16c5