Lukas Reschke
f671b232cc
Merge pull request #12923 from owncloud/ultra-slim-version-of-incognito-mode
...
Add ultra-slim hack for incognito mode
2014-12-19 14:54:11 +01:00
Robin McCorkell
619dcae7af
Merge pull request #12901 from owncloud/move-ldap-check-to-manager
...
Move the Null-Byte LDAP check to the user manager
2014-12-18 00:28:00 +00:00
Lukas Reschke
e3230b5bc2
Add ultra-slim hack for incognito mode
...
As discussed at https://github.com/owncloud/core/pull/12912#issuecomment-67391155
2014-12-17 21:53:43 +01:00
Lukas Reschke
b91a435ed4
Move basic auth login out of isLoggedIn
...
Potentially fixes https://github.com/owncloud/core/issues/12915 and opens the door for potential other bugs...
Please test very carefully, this includes:
- Testing from OCS via cURL (as in #12915 )
- Testing from OCS via browser (Open the "Von Dir geteilt" shares overview)
- WebDAV
- CalDAV
- CardDAV
2014-12-17 20:12:14 +01:00
Lukas Reschke
f6820406b6
Move the Null-Byte LDAP check to the user manager
...
The existing method is deprecated and just a wrapper around the manager method. Since in the future other code paths might call this function instead we need to perform that check here.
Related to http://owncloud.org/security/advisory/?id=oc-sa-2014-020
2014-12-17 12:47:00 +01:00
Lukas Reschke
5dc6406b70
Add filter for 'backend' to user REST route
...
This adds a "backend" type filter to the index REST route which is a pre-requisite for https://github.com/owncloud/core/issues/12620
For example when calling `index.php/settings/users/users?offset=0&limit=10&gid=&pattern=&backend=OC_User_Database` only users within the backend `OC_User_Database` would be shown. (requires sending a CSRF token as well)
Depends upon https://github.com/owncloud/core/pull/12711
2014-12-10 12:07:34 +01:00
Lukas Reschke
fe7d9a7ca0
Add REST route for user & group management
...
First step of a somewhat testable user management. - I know, the JSON returns are in an ugly format but the JS expects it that way. So let's keep it that way until we have time to fix the JS in the future.
2014-12-08 12:11:01 +01:00
Craig Morrissey
541344d880
logging changes
2014-11-07 12:45:42 -05:00
Robin Appelman
1eefc21329
Remove confusingly names \OC\User\Manager::delete and fix the automatic cache cleanup instead
2014-11-05 15:45:58 +01:00
Arthur Schiwon
993376fb6f
better variable name
2014-10-22 13:36:57 +02:00
Arthur Schiwon
e0342db47c
set up FS by username, not login name\!
2014-10-22 13:28:08 +02:00
Lukas Reschke
d0d3b7457b
Move BasicAuth check to "isLoggedIn()"
...
Ensures that Basic Auth works properly for APIs and removes the need for some even uglier lines of code.
2014-09-18 16:14:07 +02:00
Lukas Reschke
63a90a129b
Use proper RNG generator
...
OC_Util::generateRandomBytes() only returns lowercase alphanumeric values.
We should use the new RNG which has a broader characterset.
2014-09-03 17:46:48 +02:00
Robin Appelman
a9a37b5363
Don't automatically setup the filesystem the moment we load OC\Files\FileSystem
2014-09-02 16:15:42 +02:00
Jörn Friedrich Dreyer
f551917a3c
kill OC::$session
...
maintain deprecated \OC::$session when getting or setting the session via the server container or UserSession
restore order os OC::$session and OC::$CLI
remove unneded initialization of dummy session
write back session when $useCustomSession is true
log warning when deprecated app is used
2014-08-29 10:22:21 +02:00
Jörn Friedrich Dreyer
fd798fd982
update deprecation docs
2014-08-14 12:22:34 +02:00
Thomas Müller
a72dae6842
Merge pull request #10144 from owncloud/issue/9972
...
Issue/9972 Fix issues with group and username `0`
2014-08-06 09:53:13 +02:00
Joas Schilling
4865c52aa6
Fix isLoggedIn() check for user '0'
...
Fix #9972
2014-08-04 15:53:55 +02:00
Vincent Petry
4e957c7b18
Merge pull request #8443 from owncloud/csrf-on-login-and-logout
...
Add CSRF check on login and logout
2014-06-02 11:27:20 +02:00
Arthur Schiwon
2c89962919
clean up tryRememberLogin and save the timestamp of users last login
2014-05-21 18:03:37 +02:00
Thomas Müller
f8cb8f4803
Merge branch 'master' into csrf-on-login-and-logout
...
Conflicts:
core/templates/login.php
2014-05-19 20:40:55 +02:00
Morris Jobke
dc36d30953
Remove all occurences of @brief and @returns from PHPDoc
...
* test case added to avoid adding them later
2014-05-19 17:50:53 +02:00
Robin McCorkell
3bed3d2a23
Change parameter type for useBackend
2014-05-13 19:08:14 +01:00
Robin McCorkell
a7ae2e874a
Squash 'a | b' into 'a|b', in /lib
2014-05-13 19:08:14 +01:00
Robin McCorkell
b5bc37d2e4
Fix @return array PHPDocs, in /lib
2014-05-13 19:08:14 +01:00
Robin McCorkell
b653ad164b
Replace @returns with @return, in /lib
2014-05-13 19:08:14 +01:00
Lukas Reschke
73b914ddbc
Add CSRF check on login and logout
...
This is a minor issue and not worth a backport in my opinion as it could break more things than it's worth having it.
2014-05-04 13:56:21 +02:00
Lukas Reschke
e88731a477
Some more PHPDoc fixes
2014-04-21 15:44:54 +02:00
Thomas Müller
6ff96b34ad
Merge branch 'master' into load-apps-proper-master
...
Conflicts:
apps/files/ajax/rawlist.php
cron.php
ocs/v1.php
2014-03-21 14:05:08 +01:00
Lukas Reschke
69325c5eeb
Move session_regenerate_id to login()
2014-02-21 08:11:07 +01:00
Lukas Reschke
0241ddc759
Merge pull request #6519 from nhirokinet/master
...
Security Update: session fixation
2014-02-20 14:28:26 +01:00
Scrutinizer Auto-Fixer
adaee6a5a1
Scrutinizer Auto-Fixes
...
This patch was automatically generated as part of the following inspection:
https://scrutinizer-ci.com/g/owncloud/core/inspections/cdfecc4e-a37e-4233-8025-f0d7252a8720
Enabled analysis tools:
- PHP Analyzer
- JSHint
- PHP Copy/Paste Detector
- PHP PDepend
2014-02-19 09:31:54 +01:00
Thomas Müller
9fac95c2ab
Merge branch 'master' into scrutinizer_documentation_patches
...
Conflicts:
lib/private/appconfig.php
2014-02-14 23:03:27 +01:00
Jörn Friedrich Dreyer
2a6a9a8cef
polish documentation based on scrutinizer patches
2014-02-06 17:02:21 +01:00
Thomas Müller
79fc4f3126
Within OC:init() the minimum set of apps is loaded - which is filesystem, authentication and logging
2014-02-06 11:34:27 +01:00
Robin Appelman
8d6a3a00b4
Revert "Use Cache->clear to cleanup the filecache for removed users"
...
This reverts commit 5a5b6f187e
.
2014-02-03 16:29:04 +01:00
Robin Appelman
5a5b6f187e
Use Cache->clear to cleanup the filecache for removed users
2014-01-22 13:00:45 +01:00
Robin Appelman
374e3475c9
Also remove the user's home storage from the storage table when deleting a user
2014-01-21 23:58:48 +01:00
Thomas Müller
22bd69f75c
set login name within apache auth backend
2014-01-09 10:28:24 +01:00
nhirokinet
c2e2c59ca7
Update user.php to fix duplicate session-duplicate
2013-12-22 01:31:04 +09:00
Bjoern Schiessle
6deda1b9f6
return false if user is in incognito mode
2013-11-27 16:52:30 +01:00
blizzz
4f15282bc9
Merge pull request #6058 from owncloud/ldap2avatar
...
Set Avatar for LDAP users automatically (if a picture is available)
2013-11-26 12:05:32 -08:00
Bjoern Schiessle
7e4f50d4e3
add incognito mode, allows to hide my user ID. For example, this is useful to access public resources while a user is still logged in
2013-11-22 13:55:38 +01:00
Arthur Schiwon
8ccac86c98
Enable user backends to provide avatar images
2013-11-22 13:25:20 +01:00
Bjoern Schiessle
db0fa6c529
use getHome() to delete users data
2013-10-29 18:01:37 +01:00
Bjoern Schiessle
f021dad204
remove user from cache if he was deleted successfully
2013-10-29 15:50:33 +01:00
Andreas Fischer
06f9b7b862
Fix logout link HTML.
...
<a id="logout" href=/projects/owncloud/core/index.php?logout=true>
2013-10-14 22:31:13 +02:00
Victor Dubiniuk
77f43c357c
User::delete should return bool
2013-10-07 22:30:15 +03:00
Andreas Fischer
47ed6a5135
Move backend finding into its own method.
2013-10-07 12:26:25 +02:00
Thomas Müller
131d82e41e
move call to print_unescaped() to template
2013-10-07 11:49:43 +02:00