Commit Graph

17 Commits

Author SHA1 Message Date
Morris Jobke 79d9841bce Replace hardcoded status headers with calls to http_response_code()
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-06-26 16:14:15 +02:00
Morris Jobke a1232f46ca Remove unused methods and constants from legacy OC_API
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-03-12 18:03:25 +01:00
Roeland Jago Douma 87e10f9e6a OC_OCS_Response is deprecated
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-09-21 17:56:00 +02:00
Morris Jobke cd02b2205e Use public methods for OC_App::isShipped
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-08-01 18:57:00 +02:00
Jörn Friedrich Dreyer fff6d6e3e8 Refactor auth methods
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-26 01:08:53 -03:00
Christoph Wurst 6af2efb679 prevent infinite redirect loops if the there is no 2fa provider to pass
This fixes infinite loops that are caused whenever a user is about to solve a 2FA
challenge, but the provider app is disabled at the same time. Since the session
value usually indicates that the challenge needs to be solved before we grant access
we have to remove that value instead in this special case.
2016-08-24 10:49:23 +02:00
Joas Schilling 0215b004da Update with robin 2016-07-21 18:13:58 +02:00
Joas Schilling ba87db3fcc Fix others 2016-07-21 18:13:57 +02:00
Lukas Reschke ba4f12baa0 Implement brute force protection
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.

It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
2016-07-20 22:08:56 +02:00
Thomas Müller f20c617154 Allow login by email address via webdav as well - fixes #24791 2016-06-09 12:08:49 +02:00
Christoph Wurst 3ec6f4e165 block OCS if 2FA challenge needs to be solved first 2016-06-01 11:19:49 +02:00
Lukas Reschke aba539703c Update license headers 2016-05-26 19:57:24 +02:00
Christoph Wurst 46bdf6ea2b fix PHPDoc and other minor issues 2016-05-11 13:36:46 +02:00
Christoph Wurst 699289cd26 pass in $request on OCS api 2016-05-11 13:36:46 +02:00
Christoph Wurst fdc2cd7554 Add token auth for OCS APIs 2016-05-11 13:36:46 +02:00
Roeland Jago Douma 9b875db8b8 OCS API should catch LoginExceptions
Catching the login exception and returning false (login failed). Makes
the OCS API properly return data instead of printing the exception page.
2016-05-02 09:31:22 +02:00
Roeland Jago Douma 368be8894c Move non PSR-4 files from lib/private root to legacy
As discussed we move all old style classes (OC_FOO_BAR) to legacy.
Then from there we can evaluate the need to convert them back or if they
can be fully deprecated/deleted.
2016-04-30 11:32:22 +02:00