Andy Scherzinger
1f7e2ba599
chore: Add SPDX header
...
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
2024-05-13 17:41:36 +02:00
Christoph Wurst
22dc27810e
fix(auth): Keep redirect URL during 2FA setup and challenge
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2024-04-19 10:24:26 +02:00
Côme Chilliet
ec5133b739
fix: Apply new coding standard to all files
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2024-04-02 14:16:21 +02:00
Ferdinand Thiessen
3fede00732
feat(login): Clear login form (password) after IDLE timeout
...
For security reasons it is recommended to stop the login process at a defined time,
this could prevent password leaks by e.g. user forgetting that they entered their password on public devices.
Enforced e.g. by the BSI ORP.4.A13 rule.
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-03-25 12:22:53 +01:00
Eduardo Morales
685145714a
chore: update logincontroller tests
...
Signed-off-by: Eduardo Morales <emoral435@gmail.com>
2024-03-10 11:36:42 -05:00
Louis Chemineau
72f7b80153
Revert change in TwoFactorAuth CleanupTest.php
...
Signed-off-by: Louis Chemineau <louis@chmn.me>
2024-03-06 16:46:35 +01:00
Louis Chemineau
fcdc8b47f2
fix(files_versions): Improve files version listing
...
Signed-off-by: Louis Chemineau <louis@chmn.me>
2024-03-06 10:15:31 +01:00
Anupam Kumar
ce24923f4c
add generate-password option and flow fixes
...
Signed-off-by: Anupam Kumar <kyteinsky@gmail.com>
2024-02-24 04:56:52 +05:30
Anupam Kumar
a92c507cb6
new user password email option, improved on #29368
...
Signed-off-by: Anupam Kumar <kyteinsky@gmail.com>
2024-02-24 04:56:52 +05:30
Philip Gatzka
b587ec39f4
Enable adding E-Mail addresses to new user accounts using the CLI
...
Signed-off-by: Philip Gatzka <philip.gatzka@mailbox.org>
2024-02-24 04:56:52 +05:30
provokateurin
6243a9471d
feat(core): Add OCS endpoint for confirming the user password
...
Signed-off-by: provokateurin <kate@provokateurin.de>
2024-02-20 14:28:00 +01:00
John Molakvoæ
4a509dfe8e
fix: phpunit
...
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
2024-02-13 21:06:31 +01:00
Maxence Lange
f7d0c74b10
lazy AppConfig
...
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2024-01-15 15:45:13 -01:00
Joas Schilling
2ee5c7a8f9
fix(tests): Fix remaining tests
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2024-01-09 15:58:02 +01:00
Louis Chemineau
db11313152
Fix tests after slow logout fix
...
Signed-off-by: Louis Chemineau <louis@chmn.me>
2024-01-08 19:09:48 +01:00
Gaspard d'Hautefeuille
85911cbab2
Cancel PR #37405 , remove regression code
...
Signed-off-by: Gaspard d'Hautefeuille <github@dhautefeuille.eu>
2024-01-05 04:20:26 +01:00
Joas Schilling
aa5f037af7
chore: apply changes from Nextcloud coding standards 1.1.1
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2023-11-23 10:36:13 +01:00
Ferdinand Thiessen
154a9989a7
Merge pull request #39852 from nextcloud/pragmaHeader
...
Stop sending deprecated Pragma header
2023-10-18 03:30:21 +02:00
Côme Chilliet
ee39a47e84
Fix Dynamic property timeFactory in ClientFlowLoginControllerTest
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-10-09 10:30:54 +02:00
Julien Veyssier
807f173dec
make oauth2 authorization code expire after 10 minutes
...
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
2023-10-05 14:24:02 +02:00
Côme Chilliet
0c421975bd
Remove last calls to deprecated at matcher in tests/Core
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-09-18 10:21:21 +02:00
Joas Schilling
6f520f2304
Merge pull request #40026 from lhsazevedo/auth-token-commands
...
feat: Add auth token list and delete commands
2023-08-29 08:57:07 +02:00
Joas Schilling
25309bcb45
techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-08-28 15:50:45 +02:00
Git'Fellow
066f6ef16c
Stop sending deprecated Pragma header
...
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
2023-08-28 15:11:22 +02:00
Lucas Azevedo
771a7b92cc
Add tests for occ user:auth-tokens:delete
...
Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>
2023-08-25 02:27:41 -03:00
John Molakvoæ
266fb31180
fix(tests): preview phpunit
...
Signed-off-by: John Molakvoæ <skjnldsv@protonmail.com>
2023-08-17 18:58:21 +02:00
jld3103
1be836273d
core: Add OpenAPI spec
...
Signed-off-by: jld3103 <jld3103yt@gmail.com>
2023-07-13 07:24:15 +02:00
Faraz Samapoor
fd0e2f711a
Fixes testcase error.
...
Signed-off-by: Faraz Samapoor <fsa@adlas.at>
2023-06-24 23:14:23 +02:00
Joas Schilling
33385d7ecb
fix(tests): Adjust unit tests
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-05-15 16:12:14 +02:00
Ferdinand Thiessen
dc9d8c42bb
fix: Adjust console formatter code to match with Symfony type hints
...
Symfony has added type hints on the `OutputFormatterInterface`,
so we must adjust our type hints to match with Symfony.
Signed-off-by: Ferdinand Thiessen <rpm@fthiessen.de>
2023-04-17 18:35:10 +02:00
Joshua Trees
a4032a3800
Add some tests for input trimming in LostController.php
...
Signed-off-by: Joshua Trees <me@jtrees.io>
2023-04-05 12:15:38 +02:00
Git'Fellow
346054f854
Fix tests
...
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
2023-03-28 09:41:04 +02:00
Joas Schilling
59578817f5
Merge pull request #36489 from nextcloud/bugfix/noid/brute-force-protection-password-reset
...
Add bruteforce protection to password reset page
2023-02-06 22:12:25 +01:00
Joas Schilling
875e6cf7e6
fix(CI): Adjust expected result
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-02-06 11:26:38 +01:00
Christoph Wurst
88d116ba84
fix(client-login-flow): Handle missing stateToken gracefully
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-02-06 09:42:15 +01:00
Côme Chilliet
003cc2b45a
Fix tests failures (number of calls differed with last rebase)
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-01-24 09:38:20 +01:00
Carl Schwan
a23cd7b961
Fix a bunch of deprecation in the phpunit for core
...
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2023-01-24 09:34:09 +01:00
Joas Schilling
1c099c7f17
Fix broken user:setting command unit test
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-01-23 07:01:22 +01:00
Côme Chilliet
f5c361cf44
composer run cs:fix
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-01-20 11:45:08 +01:00
Christoph Wurst
20fcfb5739
feat(app framework)!: Inject services into controller methods
...
Usually Nextcloud DI goes through constructor injection. This has the
implication that each instance of a class builds the full DI tree. That
is the injected services, their services, etc. Occasionally there is a
service that is only needed for one controller method. Then the DI tree
is build regardless if used or not.
If services are injected into the method, we only build the DI tree if
that method gets executed.
This is also how Laravel allows injection.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-01-18 14:00:38 +01:00
Christoph Wurst
f22101d421
Fix login loop if login CSRF fails and user is not logged in
...
If CSRF fails but the user is logged in that they probably logged in in
another tab. This is fine. We can just redirect.
If CSRF fails and the user is also not logged in then something is
fishy. E.g. because Nextcloud contantly regenrates the session and the
CSRF token and the user is stuck in an endless login loop.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-01-18 09:39:17 +01:00
Christoph Wurst
138deec333
chore: Make the LoginController strict
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2022-12-15 10:52:28 +01:00
Julius Härtl
8629d8e44f
Check share attributes on preview endpoints
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2022-10-25 11:35:31 +02:00
Côme Chilliet
1cb0c2ac52
Fix LostController test
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2022-10-18 14:49:02 +00:00
Joas Schilling
67ecd72972
Fix unit tests
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2022-08-31 20:54:39 +02:00
Arthur Schiwon
b3b6f2d581
fix Controller tests
...
- added pageTitle in code was missing in expectations
- fixed warnings of superflouos parameter
- fixed wrong type of mock
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2022-07-22 22:15:41 +02:00
Thomas Citharel
abe5ff3654
Make LostController use IInitialState and LoggerInterface
...
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2022-06-10 16:41:41 +02:00
Thomas Citharel
6283d14fa6
Modernize the LostControllerTest test
...
Remove some depreciated at() calls
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2022-06-10 16:41:41 +02:00
Thomas Citharel
44e13848a1
Add password reset typed events
...
These hooks are only used in the Encryption app from what I can see.
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2022-06-10 16:41:41 +02:00
Carl Schwan
b70c6a128f
Update core to PHP 7.4 standard
...
- Typed properties
- Port to LoggerInterface
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2022-05-20 22:18:06 +02:00