Commit graph

73 commits

Author SHA1 Message Date
Lukas Reschke
f6e055b2fd Add remark that $run is not supported anymore
Fixes https://github.com/owncloud/core/issues/16908
2015-10-02 23:19:26 +02:00
Lukas Reschke
36ce254ffd Move dummy backend to Tests namespace 2015-09-22 11:01:11 +02:00
Thomas Müller
0f2865abb2 Repeated calls to loginWithApache() should not not try to set user information in the session again 2015-09-21 11:55:41 +02:00
Morris Jobke
5a5c59639b Escape ampersand in logout URL
* fixes #17757
2015-07-21 00:26:30 +02:00
Thomas Müller
d3ac73c0c9 Remove OC_Log 2015-07-03 18:00:16 +02:00
Morris Jobke
f63915d0c8 update license headers and authors 2015-06-25 14:13:49 +02:00
Lukas Reschke
94077caea9 Merge pull request #16499 from owncloud/fix-phpdoc-annotations
Fix PHPDoc 🙈
2015-05-21 13:54:01 +02:00
Lukas Reschke
694d639f94 Fix PHPDoc 🙈
*sigh*
2015-05-21 13:07:54 +02:00
Robin Appelman
077d41a9ce wait with copying the skeleton untill login and setupfs are done 2015-05-18 12:11:31 +02:00
Joas Schilling
71de1d58cd Fix namespace duplication and other issues in repairlegacystorages 2015-04-13 16:34:10 +02:00
Jenkins for ownCloud
b585d87d9d Update license headers 2015-03-26 11:44:36 +01:00
Morris Jobke
06aef4e8b1 Revert "Updating license headers"
This reverts commit 6a1a4880f0.
2015-02-26 11:37:37 +01:00
Thomas Müller
1fd1b355e4 Fix namespace of OC_Setup -> \OC\Setup 2015-02-23 16:44:40 +01:00
Vincent Petry
4290e1990e Merge pull request #13829 from owncloud/appmanager-list
Better caching for enabled apps
2015-02-23 16:03:32 +01:00
Jenkins for ownCloud
6a1a4880f0 Updating license headers 2015-02-23 12:13:59 +01:00
Robin Appelman
434835b326 also set user in UserSession when doing OC_User::setUserId 2015-02-17 15:05:29 +01:00
Lukas Reschke
025110821f URLEncode logout attribute
Otherwise logout can fail if the requesttoken contains a +
2015-02-13 12:08:23 +01:00
Lukas Reschke
476579b9c6 Fix WebDAV auth for session authentication only
\Sabre\DAV\Auth\Backend\AbstractBasic::authenticate was only calling \OC_Connector_Sabre_Auth::validateUserPass when the response of \Sabre\HTTP\BasicAuth::getUserPass was not null.

However, there is a case where the value can be null and the user could be authenticated anyways: The authentication via ownCloud web-interface and then accessing WebDAV resources. This was not possible anymore with this patch because it never reached the code path in this scenario.

This patchs allows authenticating with a session without isDavAuthenticated value stored (this is for ugly WebDAV clients that send the cookie in any case) and thus the functionality should work again.

To test this go to the admin settings and test if the WebDAV check works fine. Furthermore all the usual stuff (WebDAV / Shibboleth / etc...) needs testing as well.
2015-01-20 10:03:14 +01:00
Lukas Reschke
f671b232cc Merge pull request #12923 from owncloud/ultra-slim-version-of-incognito-mode
Add ultra-slim hack for incognito mode
2014-12-19 14:54:11 +01:00
Robin McCorkell
619dcae7af Merge pull request #12901 from owncloud/move-ldap-check-to-manager
Move the Null-Byte LDAP check to the user manager
2014-12-18 00:28:00 +00:00
Lukas Reschke
e3230b5bc2 Add ultra-slim hack for incognito mode
As discussed at https://github.com/owncloud/core/pull/12912#issuecomment-67391155
2014-12-17 21:53:43 +01:00
Lukas Reschke
b91a435ed4 Move basic auth login out of isLoggedIn
Potentially fixes https://github.com/owncloud/core/issues/12915 and opens the door for potential other bugs...

Please test very carefully, this includes:

- Testing from OCS via cURL (as in #12915)
- Testing from OCS via browser (Open the "Von Dir geteilt" shares overview)
- WebDAV
- CalDAV
- CardDAV
2014-12-17 20:12:14 +01:00
Lukas Reschke
f6820406b6 Move the Null-Byte LDAP check to the user manager
The existing method is deprecated and just a wrapper around the manager method. Since in the future other code paths might call this function instead we need to perform that check here.

Related to http://owncloud.org/security/advisory/?id=oc-sa-2014-020
2014-12-17 12:47:00 +01:00
Lukas Reschke
5dc6406b70 Add filter for 'backend' to user REST route
This adds a "backend" type filter to the index REST route which is a pre-requisite for https://github.com/owncloud/core/issues/12620

For example when calling `index.php/settings/users/users?offset=0&limit=10&gid=&pattern=&backend=OC_User_Database` only users within the backend `OC_User_Database` would be shown. (requires sending a CSRF token as well)

Depends upon https://github.com/owncloud/core/pull/12711
2014-12-10 12:07:34 +01:00
Lukas Reschke
fe7d9a7ca0 Add REST route for user & group management
First step of a somewhat testable user management. - I know, the JSON returns are in an ugly format but the JS expects it that way. So let's keep it that way until we have time to fix the JS in the future.
2014-12-08 12:11:01 +01:00
Craig Morrissey
541344d880 logging changes 2014-11-07 12:45:42 -05:00
Robin Appelman
1eefc21329 Remove confusingly names \OC\User\Manager::delete and fix the automatic cache cleanup instead 2014-11-05 15:45:58 +01:00
Arthur Schiwon
993376fb6f better variable name 2014-10-22 13:36:57 +02:00
Arthur Schiwon
e0342db47c set up FS by username, not login name\! 2014-10-22 13:28:08 +02:00
Lukas Reschke
d0d3b7457b Move BasicAuth check to "isLoggedIn()"
Ensures that Basic Auth works properly for APIs and removes the need for some even uglier lines of code.
2014-09-18 16:14:07 +02:00
Lukas Reschke
63a90a129b Use proper RNG generator
OC_Util::generateRandomBytes() only returns lowercase alphanumeric values.
We should use the new RNG which has a broader characterset.
2014-09-03 17:46:48 +02:00
Robin Appelman
a9a37b5363 Don't automatically setup the filesystem the moment we load OC\Files\FileSystem 2014-09-02 16:15:42 +02:00
Jörn Friedrich Dreyer
f551917a3c kill OC::$session
maintain deprecated \OC::$session when getting or setting the session via the server container or UserSession

restore order os OC::$session and OC::$CLI

remove unneded initialization of dummy session

write back session when $useCustomSession is true

log warning when deprecated app is used
2014-08-29 10:22:21 +02:00
Jörn Friedrich Dreyer
fd798fd982 update deprecation docs 2014-08-14 12:22:34 +02:00
Thomas Müller
a72dae6842 Merge pull request #10144 from owncloud/issue/9972
Issue/9972 Fix issues with group and username `0`
2014-08-06 09:53:13 +02:00
Joas Schilling
4865c52aa6 Fix isLoggedIn() check for user '0'
Fix #9972
2014-08-04 15:53:55 +02:00
Vincent Petry
4e957c7b18 Merge pull request #8443 from owncloud/csrf-on-login-and-logout
Add CSRF check on login and logout
2014-06-02 11:27:20 +02:00
Arthur Schiwon
2c89962919 clean up tryRememberLogin and save the timestamp of users last login 2014-05-21 18:03:37 +02:00
Thomas Müller
f8cb8f4803 Merge branch 'master' into csrf-on-login-and-logout
Conflicts:
	core/templates/login.php
2014-05-19 20:40:55 +02:00
Morris Jobke
dc36d30953 Remove all occurences of @brief and @returns from PHPDoc
* test case added to avoid adding them later
2014-05-19 17:50:53 +02:00
Robin McCorkell
3bed3d2a23 Change parameter type for useBackend 2014-05-13 19:08:14 +01:00
Robin McCorkell
a7ae2e874a Squash 'a | b' into 'a|b', in /lib 2014-05-13 19:08:14 +01:00
Robin McCorkell
b5bc37d2e4 Fix @return array PHPDocs, in /lib 2014-05-13 19:08:14 +01:00
Robin McCorkell
b653ad164b Replace @returns with @return, in /lib 2014-05-13 19:08:14 +01:00
Lukas Reschke
73b914ddbc Add CSRF check on login and logout
This is a minor issue and not worth a backport in my opinion as it could break more things than it's worth having it.
2014-05-04 13:56:21 +02:00
Lukas Reschke
e88731a477 Some more PHPDoc fixes 2014-04-21 15:44:54 +02:00
Thomas Müller
6ff96b34ad Merge branch 'master' into load-apps-proper-master
Conflicts:
	apps/files/ajax/rawlist.php
	cron.php
	ocs/v1.php
2014-03-21 14:05:08 +01:00
Lukas Reschke
69325c5eeb Move session_regenerate_id to login() 2014-02-21 08:11:07 +01:00
Lukas Reschke
0241ddc759 Merge pull request #6519 from nhirokinet/master
Security Update: session fixation
2014-02-20 14:28:26 +01:00
Scrutinizer Auto-Fixer
adaee6a5a1 Scrutinizer Auto-Fixes
This patch was automatically generated as part of the following inspection:
https://scrutinizer-ci.com/g/owncloud/core/inspections/cdfecc4e-a37e-4233-8025-f0d7252a8720

Enabled analysis tools:
 - PHP Analyzer
 - JSHint
 - PHP Copy/Paste Detector
 - PHP PDepend
2014-02-19 09:31:54 +01:00