Commit graph

12 commits

Author SHA1 Message Date
Roeland Jago Douma
5c718b13b8
We should properly check for 'true' instaed of the bool 2016-08-01 08:52:50 +02:00
Roeland Jago Douma
f7f5216aa3
Dark hackery to not always disable CSRF for OCS controllers 2016-07-29 15:49:27 +02:00
Joas Schilling
ba87db3fcc
Fix others 2016-07-21 18:13:57 +02:00
Lukas Reschke
c385423d10 Merge pull request #479 from nextcloud/add-bruteforce-throttler
Implement brute force protection
2016-07-21 00:31:02 +02:00
Lukas Reschke
ba4f12baa0
Implement brute force protection
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.

It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
2016-07-20 22:08:56 +02:00
Lukas Reschke
a299fa38a9
[master] Port Same-Site Cookies to master
Fixes https://github.com/nextcloud/server/issues/50
2016-07-20 18:37:57 +02:00
Christoph Wurst
82b50d126c
add PasswordLoginForbiddenException 2016-06-17 11:02:07 +02:00
Christoph Wurst
331d88bcab
create session token on all APIs 2016-06-13 15:38:34 +02:00
Christoph Wurst
9997c431c3
use client login method on CORS routes 2016-06-08 15:18:53 +02:00
Lukas Reschke
aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Roeland Jago Douma
4eebccd81f
Fix inconsistent nameing of AppFramework 2016-04-22 16:00:00 +02:00
Roeland Jago Douma
1d33a5ef13
Move \OC\AppFramework to PSR-4
* Also moved the autoloader setup a bit up since we need it in initpaths
2016-04-22 15:28:09 +02:00