Commit graph

7435 commits

Author SHA1 Message Date
Lukas Reschke
e3054b6201 Revert "Verify user login before changing the password reset mail"
This reverts commit 9aa9110fd9.
2012-10-15 23:50:12 +02:00
Lukas Reschke
f475ed5cc1 Revert "Remove old password check from changepassword and use verifyUser instead"
This reverts commit e6b8153865.
2012-10-15 23:49:49 +02:00
Lukas Reschke
c9ac1364d1 "deny from all" instead directory 2012-10-15 23:35:27 +02:00
Lukas Reschke
3eb43c1fbe Show a warning in the installer if .htaccess is not working 2012-10-15 23:25:15 +02:00
Lukas Reschke
9458a6c10e Merge pull request #35 from visit1985/logonpage
avoid undefined index warning on login page
2012-10-15 11:44:42 -07:00
Michael Göhler
d7a4547482 avoid undefined index warning on login page 2012-10-15 20:37:52 +02:00
Michael Göhler
8be9c04a3a 128byte is not 128bit - now we realy use 256bit (same as PHPSESSID) 2012-10-15 20:04:22 +02:00
Lukas Reschke
fa71e51e67 Use /dev/urandom instead of /dev/random
The usage of /dev/urandom is enough secure
2012-10-15 19:21:37 +02:00
Arthur Schiwon
24ad6b5a62 LDAP: fix retrieval of Quota and Email 2012-10-15 18:47:28 +02:00
Arthur Schiwon
5708488b3e make files_versions use OC_User::getHome, fixes 'PHP Warning: Missing argument 1 for OC_FilesystemView::getAbsolutePath' with custom user home dirs 2012-10-15 18:16:27 +02:00
Lukas Reschke
9aa9110fd9 Verify user login before changing the password reset mail 2012-10-15 17:44:44 +02:00
Lukas Reschke
e6b8153865 Remove old password check from changepassword and use verifyUser instead 2012-10-15 17:44:44 +02:00
Lukas Reschke
6b39b80648 Change auth checks 2012-10-15 17:44:44 +02:00
Lukas Reschke
6e045b9ea1 Check if $_Post 2012-10-15 17:42:38 +02:00
Lukas Reschke
1c865f702c Change verifyUser so that external json files can call it 2012-10-15 17:42:38 +02:00
Lukas Reschke
842d6dad47 Remove space 2012-10-15 17:42:38 +02:00
Lukas Reschke
4d7b0e9bb3 verifyUser() for the json part 2012-10-15 17:42:38 +02:00
Lukas Reschke
d33bec09fe Verify password page for users 2012-10-15 17:42:38 +02:00
Arthur Schiwon
800fd5fd79 LDAP: check if index is set, fix Notices 2012-10-15 17:17:37 +02:00
Lukas Reschke
0b42d70259 Unneeded double check 2012-10-15 16:08:39 +03:00
Lukas Reschke
f08ff3b6e6 Correct formatting 2012-10-15 15:25:40 +03:00
Lukas Reschke
c930ac9f88 Merge pull request #30 from visit1985/logonpage
extend logon page to display multiple error messages
2012-10-15 03:52:11 -07:00
Jenkins for ownCloud
cf7df2db7a [tx-robot] updated from transifex 2012-10-15 02:09:11 +02:00
Michael Göhler
22fa23b4da extend configkey column to hold 128bit values 2012-10-14 22:37:05 +02:00
Michael Göhler
ae1f33db54 implement fixed php session timeout and session id regeneration 2012-10-14 22:36:26 +02:00
Michael Göhler
b92fd984aa removed username and password from token generation 2012-10-14 22:36:26 +02:00
Michael Göhler
a6c4046f48 fixed typo and redundant method call 2012-10-14 22:36:25 +02:00
Michael Göhler
d8fe6fbb40 added a warning message to the log when a cookie is rejected 2012-10-14 22:36:25 +02:00
Michael Göhler
382f8d060c fixed wrong variable usage 2012-10-14 22:36:25 +02:00
Michael Göhler
38b9bffaea call unsetMagicInCookie if token is invalid 2012-10-14 22:36:25 +02:00
Michael Göhler
eb79ccafe3 forgot a class name 2012-10-14 22:36:25 +02:00
Michael Göhler
2ea06f67bd delete all tokens on password change 2012-10-14 22:36:25 +02:00
Michael Göhler
45f1c3f120 further improvements on multiple login token support
outdated tokens are deleted before checking against cookies
if an invalid token is used we delete all stored tokens for saveness
used token will be replaced by a new one after successful authentication
2012-10-14 22:36:25 +02:00
Michael Göhler
ee5d0f328f improve token security
switched from time() to internal method OC_Util::generate_random_bytes()
2012-10-14 22:36:25 +02:00
Bart Visscher
4b799a6982 Make the lifetime of the remember login cookie 2012-10-14 22:36:25 +02:00
Bart Visscher
7f3e0b5566 Cleanup login tokens on login success 2012-10-14 22:36:25 +02:00
Bart Visscher
1012d317e3 Add support for multiple login cookie tokens 2012-10-14 22:36:25 +02:00
Bart Visscher
4af5b016cc Whitespace cleanup 2012-10-14 21:04:08 +02:00
Michael Göhler
7095b3a083 extend logon page to display multiple error messages 2012-10-14 19:57:24 +02:00
Lukas Reschke
2c427f050e Show a warning in the installer if no secure RNG is available 2012-10-14 17:18:30 +02:00
Lukas Reschke
d6c4b83f13 Fallback to /dev/random if openssl_random_pseudo_bytes not available 2012-10-14 16:14:45 +02:00
Lukas Reschke
99cd922b82 Doublehash the token to prevent timing attacks 2012-10-14 12:13:02 +02:00
Jenkins for ownCloud
c88cf5cae5 [tx-robot] updated from transifex 2012-10-14 02:08:47 +02:00
Lukas Reschke
dcfbbf3db7 Revert "Update SabreDAV to 1.7.1"
This reverts commit 183cc22501.
2012-10-13 22:29:57 +02:00
Lukas Reschke
183cc22501 Update SabreDAV to 1.7.1 2012-10-13 22:04:22 +02:00
Bart Visscher
5713dcfd11 Use $SERVERROOT/tests/data for testGetMimeType 2012-10-13 21:02:12 +02:00
Bart Visscher
fea6ac46ef Change the Archive_Tar _addFile function to make it possible to use a different filename 2012-10-13 21:01:00 +02:00
Bart Visscher
3fef4564f0 Give share test users a unique prefix 2012-10-13 20:23:02 +02:00
Bart Visscher
730d7c4e7d Disable loading apps before starting tests 2012-10-13 20:23:02 +02:00
Lukas Reschke
41d1494898 Remove not reliable test 2012-10-13 16:53:36 +03:00