Commit graph

17 commits

Author SHA1 Message Date
Morris Jobke
79d9841bce
Replace hardcoded status headers with calls to http_response_code()
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-06-26 16:14:15 +02:00
Morris Jobke
a1232f46ca
Remove unused methods and constants from legacy OC_API
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-03-12 18:03:25 +01:00
Roeland Jago Douma
87e10f9e6a
OC_OCS_Response is deprecated
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-09-21 17:56:00 +02:00
Morris Jobke
cd02b2205e Use public methods for OC_App::isShipped
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-08-01 18:57:00 +02:00
Jörn Friedrich Dreyer
fff6d6e3e8
Refactor auth methods
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-26 01:08:53 -03:00
Christoph Wurst
6af2efb679
prevent infinite redirect loops if the there is no 2fa provider to pass
This fixes infinite loops that are caused whenever a user is about to solve a 2FA
challenge, but the provider app is disabled at the same time. Since the session
value usually indicates that the challenge needs to be solved before we grant access
we have to remove that value instead in this special case.
2016-08-24 10:49:23 +02:00
Joas Schilling
0215b004da
Update with robin 2016-07-21 18:13:58 +02:00
Joas Schilling
ba87db3fcc
Fix others 2016-07-21 18:13:57 +02:00
Lukas Reschke
ba4f12baa0
Implement brute force protection
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.

It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
2016-07-20 22:08:56 +02:00
Thomas Müller
f20c617154
Allow login by email address via webdav as well - fixes #24791 2016-06-09 12:08:49 +02:00
Christoph Wurst
3ec6f4e165
block OCS if 2FA challenge needs to be solved first 2016-06-01 11:19:49 +02:00
Lukas Reschke
aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Christoph Wurst
46bdf6ea2b
fix PHPDoc and other minor issues 2016-05-11 13:36:46 +02:00
Christoph Wurst
699289cd26
pass in $request on OCS api 2016-05-11 13:36:46 +02:00
Christoph Wurst
fdc2cd7554
Add token auth for OCS APIs 2016-05-11 13:36:46 +02:00
Roeland Jago Douma
9b875db8b8
OCS API should catch LoginExceptions
Catching the login exception and returning false (login failed). Makes
the OCS API properly return data instead of printing the exception page.
2016-05-02 09:31:22 +02:00
Roeland Jago Douma
368be8894c
Move non PSR-4 files from lib/private root to legacy
As discussed we move all old style classes (OC_FOO_BAR) to legacy.
Then from there we can evaluate the need to convert them back or if they
can be fully deprecated/deleted.
2016-04-30 11:32:22 +02:00
Renamed from lib/private/api.php (Browse further)