Commit graph

124 commits

Author SHA1 Message Date
Joas Schilling
13dd62f7b0 Make sure that remote shares use the correct uid casing 2015-10-06 15:16:19 +02:00
Morris Jobke
b945d71384 update licence headers via script 2015-10-05 21:15:52 +02:00
Lukas Reschke
36ce254ffd Move dummy backend to Tests namespace 2015-09-22 11:01:11 +02:00
Lukas Reschke
3d2ee95f1e Remove last occurence of forcessl
This shoudl have been adjusted as well, now it's consistent with `setMagicInCookie`. While it does not have a security impact directly some automated scanners reported this all the time.
2015-08-26 14:29:36 +02:00
RealRancor
e62c375749 Fixed "Remote IP:" syntax on failed logins 2015-07-09 10:04:51 +02:00
Thomas Müller
d3ac73c0c9 Remove OC_Log 2015-07-03 18:00:16 +02:00
Lukas Reschke
a793b98fd0 Fix indentation 2015-06-27 20:37:07 +02:00
Lukas Reschke
af01958f3e Add missing annotations for parameters 2015-06-27 20:35:47 +02:00
Morris Jobke
f63915d0c8 update license headers and authors 2015-06-25 14:13:49 +02:00
Robin Appelman
0497534a6e more type hints 2015-06-02 14:07:55 +02:00
Joas Schilling
8efc8c0a96 Reduce the complexity of the search queries in the backends to a minimum 2015-05-18 16:39:21 +02:00
Morris Jobke
e837927ad5 fix followup issues with unneeded parameters 2015-04-18 17:02:39 +02:00
Jörn Friedrich Dreyer
b069f33a72 throw exception when backends don't provide a user instead of creating legacy local storages 2015-04-10 09:12:37 +02:00
Jenkins for ownCloud
b585d87d9d Update license headers 2015-03-26 11:44:36 +01:00
Lukas Reschke
e77d2ff2b4 Remove outdated comment 2015-03-13 16:19:52 +01:00
Lukas Reschke
bf9030e874 Drop example user backend
We already provide an interface for application developers, this file is outdated and thus should get removed.

Addresses No. 3 from https://github.com/owncloud/core/issues/14847
2015-03-13 16:12:32 +01:00
Morris Jobke
0d9f149dd9 Merge pull request #14867 from owncloud/drop-OC_User_HTTP
Remove OC_User_HTTP
2015-03-13 15:53:22 +01:00
Lukas Reschke
38fec9b095 Can also be null
If the user does not exist this returns null and can lead to nasty bugs since the IDE is not indicating this...
2015-03-13 14:01:24 +01:00
Lukas Reschke
93a303970f Remove OC_User_HTTP
Addresses No. 1 from https://github.com/owncloud/core/issues/14847
2015-03-13 12:26:33 +01:00
Lukas Reschke
bbd5f28415 Let users configure security headers in their Webserver
Doing this in the PHP code is not the right approach for multiple reasons:

1. A bug in the PHP code prevents them from being added to the response.
2. They are only added when something is served via PHP and not in other cases (that makes for example the newest IE UXSS which is not yet patched by Microsoft exploitable on ownCloud)
3. Some headers such as the Strict-Transport-Security might require custom modifications by administrators. This was not possible before and lead to buggy situations.

This pull request moves those headers out of the PHP code and adds a security check to the admin settings performed via JS.
2015-03-02 19:07:46 +01:00
Morris Jobke
06aef4e8b1 Revert "Updating license headers"
This reverts commit 6a1a4880f0.
2015-02-26 11:37:37 +01:00
Robin McCorkell
695f43a1ed Merge pull request #10735 from owncloud/use_remote_addr
Use getRemoteAddress which supports reverse proxies
2015-02-25 13:24:39 +00:00
Lukas Reschke
276824299c Merge pull request #13340 from owncloud/use-http-only
Use "HTTPOnly" for cookies when logging out
2015-02-24 13:50:49 +01:00
Lukas Reschke
165afb004b Use getRemoteAddress which supports reverse proxies
Breaking change for 8.1 wiki (Security > Administrators):

The log format for failed logins has changed and uses now the remote address and is considering reverse proxies for such scenarios when configured correctly.
2015-02-24 11:49:40 +01:00
Jenkins for ownCloud
6a1a4880f0 Updating license headers 2015-02-23 12:13:59 +01:00
Robin Appelman
8eda661761 Throw an exception when login is canceled by an app 2015-01-22 14:13:17 +01:00
Lukas Reschke
a2e355a7fe Use "HTTPOnly" for cookies when logging out
This has no other reason than preventing some insane automated scanners from reporting this as security bug (which it obviously isn't as the cookie contains nothing of value)

Thus it generally results in an happier Lukas and hopefully less reports to our support and security mail addresses...
2015-01-14 11:20:53 +01:00
Robin Appelman
857695ec87 Return false if the login is canceled in a hook 2015-01-13 13:25:20 +01:00
Morris Jobke
5d296aa6b1 Merge pull request #12969 from owncloud/clarify-docs
Clarify return values
2014-12-22 10:01:39 +01:00
Lukas Reschke
f671b232cc Merge pull request #12923 from owncloud/ultra-slim-version-of-incognito-mode
Add ultra-slim hack for incognito mode
2014-12-19 14:54:11 +01:00
Lukas Reschke
dbbf568192 Fix typo 2014-12-19 14:36:00 +01:00
Lukas Reschke
a022e65285 Clarify return values
This function returns `null` when no user is logged-in.
2014-12-19 14:17:40 +01:00
Morris Jobke
6da33e1ea7 introduce names for user backends - IUserBackend
* LDAP with multiple servers also proved backendName
2014-12-19 10:17:17 +01:00
Robin McCorkell
619dcae7af Merge pull request #12901 from owncloud/move-ldap-check-to-manager
Move the Null-Byte LDAP check to the user manager
2014-12-18 00:28:00 +00:00
Lukas Reschke
e3230b5bc2 Add ultra-slim hack for incognito mode
As discussed at https://github.com/owncloud/core/pull/12912#issuecomment-67391155
2014-12-17 21:53:43 +01:00
Bernhard Posselt
236632702c add a isLoggedIn method to the usersession and deprecate the isLoggedIn method on the api 2014-12-17 17:40:52 +01:00
Lukas Reschke
f6820406b6 Move the Null-Byte LDAP check to the user manager
The existing method is deprecated and just a wrapper around the manager method. Since in the future other code paths might call this function instead we need to perform that check here.

Related to http://owncloud.org/security/advisory/?id=oc-sa-2014-020
2014-12-17 12:47:00 +01:00
Lukas Reschke
d0716d2c7d Use public interface 2014-12-11 12:29:58 +01:00
Lukas Reschke
5dc6406b70 Add filter for 'backend' to user REST route
This adds a "backend" type filter to the index REST route which is a pre-requisite for https://github.com/owncloud/core/issues/12620

For example when calling `index.php/settings/users/users?offset=0&limit=10&gid=&pattern=&backend=OC_User_Database` only users within the backend `OC_User_Database` would be shown. (requires sending a CSRF token as well)

Depends upon https://github.com/owncloud/core/pull/12711
2014-12-10 12:07:34 +01:00
Lukas Reschke
5398bbdc00 Merge pull request #12711 from owncloud/add-backend-to-rest-index
Expose backend type via REST API
2014-12-10 11:56:45 +01:00
Lukas Reschke
4c13918bd8 Expose backend type via REST API
This change will expose the user backend via the REST API which is a pre-requisite for https://github.com/owncloud/core/issues/12620.

For example:
````json
[{"name":"9707A09E-CA9A-4ABE-A66A-3F632F16C409","displayname":"Document Conversion User Account","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/9707A09E-CA9A-4ABE-A66A-3F632F16C409","lastLogin":0,"backend":"OCA\\user_ldap\\USER_LDAP"},{"name":"ED86733E-745C-4E4D-90CB-278A9737DB3C","displayname":"Hacker","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/ED86733E-745C-4E4D-90CB-278A9737DB3C","lastLogin":0,"backend":"OCA\\user_ldap\\USER_LDAP"},{"name":"71CDF45B-E125-450D-983C-D9192F36EC88","displayname":"admin","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/71CDF45B-E125-450D-983C-D9192F36EC88","lastLogin":0,"backend":"OCA\\user_ldap\\USER_LDAP"},{"name":"admin","displayname":"admin","groups":["admin"],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/admin","lastLogin":"1418057287","backend":"OC_User_Database"},{"name":"test","displayname":"test","groups":[],"subadmin":[],"quota":"default","storageLocation":"\/Users\/lreschke\/Programming\/core\/data\/test","lastLogin":0,"backend":"OC_User_Database"}]
```
2014-12-09 12:04:19 +01:00
Morris Jobke
0d4f0ab871 reduce OC_Preferences, OC_Config and \OCP\Config usage
* files_encryption
* files_versions
* files_trashbin
* tests
* status.php
* core
* server container
2014-12-08 22:42:37 +01:00
Morris Jobke
a9e411e076 migrate \OC\AllConfig to \OCP\IConfig 2014-12-08 22:29:43 +01:00
Lukas Reschke
fe7d9a7ca0 Add REST route for user & group management
First step of a somewhat testable user management. - I know, the JSON returns are in an ugly format but the JS expects it that way. So let's keep it that way until we have time to fix the JS in the future.
2014-12-08 12:11:01 +01:00
Joas Schilling
0ed86c0993 Move OC_USER_BACKEND_* constants to OC_User_Backend class 2014-11-27 13:47:32 +01:00
Thomas Müller
5097d4dc05 remove deprecated \OC:$session 2014-11-26 15:32:47 +01:00
michag86
7e70c4ee95 removal of wrong/double implemented check
Check already implemented in core/settings/ajax/changedisplayname.php
2014-11-13 13:02:02 +01:00
Lukas Reschke
d383c45c13 Merge pull request #12003 from owncloud/password-migration
Use new hashing API for OC_User_Database
2014-11-06 22:43:57 +01:00
Robin Appelman
c21d1da01a Support displaynames for dummy user backend 2014-11-06 18:31:40 +01:00
Lukas Reschke
c4d7483a0a Use new hashing API for OC_User_Database
This will use the new Hashing API for OC_User_Database and migrate old passwords upon initial login of the user.
2014-11-06 15:42:06 +01:00