wbrawner/server
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
33877 commits 157 branches 562 tags 714 MiB
Commit graph

16 commits

Author SHA1 Message Date
Lukas Reschke
c1589f163c
Mitigate race condition 2016-07-20 23:09:27 +02:00
Lukas Reschke
ba4f12baa0
Implement brute force protection 
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.

It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
 2016-07-20 22:08:56 +02:00
Christoph Wurst
1710de8afb Login hooks (#25260) 
* fix login hooks

* adjust user session tests

* fix login return value of successful token logins

* trigger preLogin hook earlier; extract method 'loginWithPassword'

* call postLogin hook earlier; add PHPDoc
 2016-06-27 22:16:22 +02:00
Christoph Wurst
89198e62e8 check login name when authenticating with client token 2016-06-24 13:57:09 +02:00
Vincent Petry
3db5de95bd Merge pull request #25172 from owncloud/token-login-validation 
Token login validation
 2016-06-22 13:58:56 +02:00
Christoph Wurst
b805908dca
update session token password on user password change 2016-06-21 10:24:25 +02:00
Christoph Wurst
56199eba37
fix unit test warning/errors 2016-06-20 10:41:23 +02:00
Christoph Wurst
8ef5431e7a
fix user session tests 2016-06-20 09:10:11 +02:00
Christoph Wurst
82b50d126c
add PasswordLoginForbiddenException 2016-06-17 11:02:07 +02:00
Christoph Wurst
465807490d
create session token only for clients that support cookies 2016-06-13 19:44:05 +02:00
Christoph Wurst
ec929f07f2
When creating a session token, make sure it's the login password and not a device token 2016-06-08 13:31:55 +02:00
Christoph Wurst
c58d8159d7
Create session tokens for apache auth users 2016-05-31 17:07:49 +02:00
Christoph Wurst
28ce7dd262
do not allow client password logins if token auth is enforced or 2FA is enabled 2016-05-24 17:54:02 +02:00
Christoph Wurst
ad10485cec
when generating browser/device token, save the login name for later password checks 2016-05-24 11:49:15 +02:00
Christoph Wurst
c20cdc2213
invalidate user session if the user is disabled 2016-05-23 10:32:16 +02:00
Joas Schilling
94ad54ec9b Move tests/ to PSR-4 (#24731) 
* Move a-b to PSR-4

* Move c-d to PSR-4

* Move e+g to PSR-4

* Move h-l to PSR-4

* Move m-r to PSR-4

* Move s-u to PSR-4

* Move files/ to PSR-4

* Move remaining tests to PSR-4

* Remove Test\ from old autoloader
 2016-05-20 15:38:20 +02:00
Renamed from tests/lib/user/session.php (Browse further)