Commit Graph

12 Commits

Author SHA1 Message Date
Joas Schilling ba87db3fcc Fix others 2016-07-21 18:13:57 +02:00
Lukas Reschke ba4f12baa0 Implement brute force protection
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.

It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
2016-07-20 22:08:56 +02:00
Christoph Wurst 8f7a4aaa4d do not generate device token if 2FA is enable for user 2016-06-07 09:09:51 +02:00
Lukas Reschke aba539703c Update license headers 2016-05-26 19:57:24 +02:00
Christoph Wurst ad10485cec when generating browser/device token, save the login name for later password checks 2016-05-24 11:49:15 +02:00
Christoph Wurst a0ccebfdcb generate device token for UID, not login name
fixes #24785
2016-05-24 09:49:40 +02:00
Christoph Wurst 46bdf6ea2b fix PHPDoc and other minor issues 2016-05-11 13:36:46 +02:00
Christoph Wurst f0f8bdd495 PHPDoc and other minor fixes 2016-05-11 13:36:46 +02:00
Christoph Wurst fbb5768587 add unit tests for all new classes 2016-05-11 13:36:46 +02:00
Christoph Wurst fdc2cd7554 Add token auth for OCS APIs 2016-05-11 13:36:46 +02:00
Christoph Wurst 8d48502187 Add index on 'last_activity'
add token type column and delete only temporary tokens in the background job

debounce token updates; fix wrong class import
2016-05-11 13:36:46 +02:00
Christoph Wurst 53636c73d6 Add controller to generate client tokens 2016-05-11 13:36:46 +02:00