nextcloud

Commit Graph

Author	SHA1	Message	Date
provokateurin	2c51933b6b	refactor(core): Switch to attribute based routing Signed-off-by: provokateurin <kate@provokateurin.de>	3 months ago
Vincent Petry	839ddaa354	feat: rename users to account or person Replace translated text in most locations Signed-off-by: Vincent Petry <vincent@nextcloud.com>	4 months ago
provokateurin	b64ab5fba8	refactor: Migrate IgnoreOpenAPI attributes to OpenAPI Signed-off-by: provokateurin <kate@provokateurin.de>	5 months ago
Joas Schilling	aa5f037af7	chore: apply changes from Nextcloud coding standards 1.1.1 Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	6 months ago
jld3103	1be836273d	core: Add OpenAPI spec Signed-off-by: jld3103 <jld3103yt@gmail.com>	11 months ago
Faraz Samapoor	d64aa85b04	Applies agreed-upon indentation convention to the changed controllers. Based on https://github.com/nextcloud/server/pull/38636#discussion_r1218167753 Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>	12 months ago
Faraz Samapoor	4bf610ebaf	Refactors controllers by using PHP8's constructor property promotion. Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>	12 months ago
Joas Schilling	7ee81b6555	fix(lostpassword): Also rate limit the setPassword endpoint Signed-off-by: Joas Schilling <coding@schilljs.com>	1 year ago
Josh Richards	9899b12478	Trim user earlier Signed-off-by: Josh Richards <josh.t.richards@gmail.com>	1 year ago
Josh Richards	203b9131ec	Trim the user/email provided for password resets Signed-off-by: Josh Richards <josh.t.richards@gmail.com>	1 year ago
Joas Schilling	704eb3aa6c	Add bruteforce protection to password reset page Signed-off-by: Joas Schilling <coding@schilljs.com>	1 year ago
Joas Schilling	b4a29644cc	Add a const for the max user password length Signed-off-by: Joas Schilling <coding@schilljs.com>	1 year ago
Joas Schilling	9cfaf27142	Also limit the password length on reset Signed-off-by: Joas Schilling <coding@schilljs.com>	1 year ago
Côme Chilliet	71ee292650	Add rate limiting on lost password emails Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2 years ago
NoSleep82	b03aedf128	Update core/Controller/LostController.php Co-authored-by: John Molakvoæ <skjnldsv@users.noreply.github.com> Signed-off-by: NoSleep82 <52562874+NoSleep82@users.noreply.github.com>	2 years ago
NoSleep82	61548c520b	Update LostController.php i would be useful to know who is trying to reset the password (misspelled username or email, ex user or some sort of attack) Signed-off-by: NoSleep82 <52562874+NoSleep82@users.noreply.github.com>	2 years ago
Thomas Citharel	abe5ff3654	Make LostController use IInitialState and LoggerInterface Signed-off-by: Thomas Citharel <tcit@tcit.fr>	2 years ago
Thomas Citharel	44e13848a1	Add password reset typed events These hooks are only used in the Encryption app from what I can see. Signed-off-by: Thomas Citharel <tcit@tcit.fr>	2 years ago
Carl Schwan	b70c6a128f	Update core to PHP 7.4 standard - Typed properties - Port to LoggerInterface Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2 years ago
Pytal	3a94d7c2ea	Merge pull request #28794 from nextcloud/fix/noid/guest-activation-pwd-reset-disabled allow using of disabled password reset mechanism for special cases	3 years ago
Arthur Schiwon	a843d3c5db	allow using of disabled password reset mechanism for special cases - LostController has three endpoints - door opener email() still rejects - resetform(), reachable from mail, checks the token first and may report that password reset is disabled - setPassword() got its check removed as it is behind CSFR anyway and still requires a valid token - this allows special cases like activating a freshly created guest account Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	3 years ago
Arthur Schiwon	6857136f06	fixes missing prefix to validate password reset token - also fixes the test which missed asserting the presence of it Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	3 years ago
Arthur Schiwon	a20de15b43	add a job to clean up expired verification tokens Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	3 years ago
Arthur Schiwon	19cc757531	move verification token logic out of lost password controller - to make it reusable - needed for local email verification Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	3 years ago
Gary Kim	b78f3a57d1	Migrate HintException to OCP Signed-off-by: Gary Kim <gary@garykim.dev>	3 years ago
John Molakvoæ (skjnldsv)	215aef3cbd	Update php licenses Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	3 years ago
Joas Schilling	6ed4aaeeea	Send emails on password reset to the displayname Signed-off-by: Joas Schilling <coding@schilljs.com>	3 years ago
Christoph Wurst	d9015a8c94	Format code to a single space around binary operators Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	4 years ago
Christoph Wurst	caff1023ea	Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	4 years ago
Christoph Wurst	afbd9c4e6e	Unify function spacing to PSR2 recommendation Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	4 years ago
Christoph Wurst	2fbad1ed72	Fix (array) indent style to always use one tab Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	4 years ago
Christoph Wurst	1a9330cd69	Update the license headers for Nextcloud 19 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	4 years ago
Christoph Wurst	b80ebc9674	Use the short array syntax, everywhere Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	4 years ago
Christoph Wurst	5bf3d1bb38	Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	5 years ago
Roeland Jago Douma	68748d4f85	Some php-cs fixes * Order the imports * No leading slash on imports * Empty line before namespace * One line per import * Empty after imports * Emmpty line at bottom of file Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	5 years ago
Daniel Kesselberg	e32b2c4b76	Stop if there is no encrypted token Fix Argument 1 passed to OC\Security\Crypto::decrypt() must be of the type string, null given Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	5 years ago
Roeland Jago Douma	436f7b92d5	Merge pull request #16544 from nextcloud/bugfix/16540 Add missing password reset page to vue	5 years ago
Julius Härtl	3b0d13944a	Move actual password reset to vue Signed-off-by: Julius Härtl <jus@bitgrid.net>	5 years ago
Roeland Jago Douma	b6dd2ebd39	Use proper exception in lostController There is no need to log the expcetion of most of the stuff here. We should properly log them but an exception is excessive. This moves it to a proper exception which we can catch and then log. The other exceptions will still be fully logged. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	5 years ago
Daniel Kesselberg	d57540ac84	Return first value from $users Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	5 years ago
Roeland Jago Douma	ac8a6e2244	Clean pending 2FA authentication on password reset When a password is reste we should make sure that all users are properly logged in. Pending states should be cleared. For example a session where the 2FA code is not entered yet should be cleared. The token is now removed so the session will be killed the next time this is checked (within 5 minutes). Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	5 years ago
Roeland Jago Douma	d0397f9b53	Generic message on password reset There is no need to inform the user if the account existed or not. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	5 years ago
blizzz	ef97ef72f6	Merge pull request #10743 from danielkesselberg/bugfix/noid/allow-password-reset-for-duplicate-email Enable password reset for user with same email address when only one is active	6 years ago
Morris Jobke	cf3f4888cc	Change password expiration time from 12h to 7d We use the same logic for creating accounts without a password and there the 12h is a bit short. Users don't expect that the signup link needs to be clicked within 12h - 7d should be a more expected behavior. Signed-off-by: Morris Jobke <hey@morrisjobke.de>	6 years ago
Daniel Kesselberg	031fdfb1fc	Enable password reset for user with same email address when only one is active When two or more user share the same email address its not possible to reset password by email. Even when only one account is active. This pr reduce list of users returned by getByEmail by disabled users. Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	6 years ago
Bjoern Schiessle	dfec66ca02	only warn about data lose on password reset if per-user keys are used Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	6 years ago
Robin Appelman	8ed50d4b63	prefill userid for login after password reset Signed-off-by: Robin Appelman <robin@icewind.nl>	6 years ago
Rémy Jacquin	04e1cab5ee	Fix translation bug on lost password page Fix nextcloud/password_policy#26 Signed-off-by: Rémy Jacquin <remy@remyj.fr>	6 years ago
Joas Schilling	339e320064	Fix existing usages Signed-off-by: Joas Schilling <coding@schilljs.com>	6 years ago
Arthur Schiwon	4f3d52a364	never translate login names when requiring with a user id where appropriate, the preLoginNameUsedAsUserName hook should be thrown. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	7 years ago

1 2

80 Commits (2c51933b6bc5e8f2633114e9acc493fb72a314d7)