averello/nextcloud-server-mirror
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-02-27 18:37:17 +01:00
Code Issues Packages Projects Releases Wiki Activity
45,813 Commits 689 Branches 1,186 Tags
d855c38e078f2cd0bec86d5a20fc2f448799433b
Commit Graph

38 Commits

Author SHA1 Message Date
blizzz
ef97ef72f6 Merge pull request #10743 from danielkesselberg/bugfix/noid/allow-password-reset-for-duplicate-email 
Enable password reset for user with same email address when only one is active
 2018-09-13 10:48:30 +02:00
Morris Jobke
cf3f4888cc Change password expiration time from 12h to 7d 
We use the same logic for creating accounts without a password and there the 12h is a bit short. Users don't expect that the signup link needs to be clicked within 12h - 7d should be a more expected behavior.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2018-08-31 13:31:03 +02:00
Daniel Kesselberg
031fdfb1fc Enable password reset for user with same email address when only one is active 
When two or more user share the same email address its not possible to
reset password by email. Even when only one account is active.

This pr reduce list of users returned by getByEmail by disabled users.

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2018-08-19 16:32:46 +02:00
Bjoern Schiessle
dfec66ca02 only warn about data lose on password reset if per-user keys are used 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2018-08-15 15:08:34 +02:00
Robin Appelman
8ed50d4b63 prefill userid for login after password reset 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2018-06-21 15:18:07 +02:00
Rémy Jacquin
04e1cab5ee Fix translation bug on lost password page 
Fix nextcloud/password_policy#26

Signed-off-by: Rémy Jacquin <remy@remyj.fr>
 2018-05-20 12:51:50 +02:00
Joas Schilling
339e320064 Fix existing usages 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2018-02-15 12:18:51 +01:00
Arthur Schiwon
4f3d52a364 never translate login names when requiring with a user id 
where appropriate, the preLoginNameUsedAsUserName hook should be thrown.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2018-01-03 13:25:00 +01:00
Morris Jobke
0eebff152a Update license headers 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-11-06 16:56:19 +01:00
Joas Schilling
3119fd41ce Set the data from the template 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-10-18 15:12:03 +02:00
Joas Schilling
8b37fe7f65 Set the subject with the email template to allow theming 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-10-18 15:12:03 +02:00
Joas Schilling
6dbb64c4a2 Merge setMetaData into constructor 
This ensures that the meta data is set in the beginning

Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-09-04 15:07:41 +02:00
Joas Schilling
6a130d01e7 Also for reset password 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-08-24 18:02:37 +02:00
Joas Schilling
d5c6d56170 No password reset for disabled users 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-08-18 13:21:53 +02:00
Morris Jobke
188b87e03b Cleanup legacy user class from unused methods 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-07-24 12:17:53 +02:00
Joas Schilling
0828df5ed4 Disable the API endpoints as well 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-05-11 17:03:57 +02:00
Joas Schilling
3d671cc536 Merge pull request #4443 from nextcloud/cleanup-unused-imports 
Remove unused use statements
 2017-04-24 11:47:37 +02:00
Morris Jobke
c54a59d51e Remove unused use statements 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-04-22 19:23:31 -05:00
Lukas Reschke
d0d34d308a Add at most 10 password reset requests per 5 minutes and IP range 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-04-22 08:12:54 +02:00
Morris Jobke
16c4755e03 Rename renderHTML to renderHtml 
* fixes #4383
* improves consistency

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-04-19 15:46:41 -05:00
Lukas Reschke
727688ebd9 Adjust existing bruteforce protection code 
- Moves code to annotation
- Adds the `throttle()` call on the responses on existing annotations

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-04-14 13:42:40 +02:00
Lukas Reschke
81d3732bf5 Merge pull request #4308 from nextcloud/lost-password-email 
Update email template for lost password email
 2017-04-13 20:02:15 +02:00
Lukas Reschke
66835476b5 Add support for ratelimiting via annotations 
This allows adding rate limiting via annotations to controllers, as one example:

```
@UserRateThrottle(limit=5, period=100)
@AnonRateThrottle(limit=1, period=100)
```

Would mean that logged-in users can access the page 5 times within 100 seconds, and anonymous users 1 time within 100 seconds. If only an AnonRateThrottle is specified that one will also be applied to logged-in users.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-04-13 12:00:16 +02:00
Morris Jobke
1f962f9115 Update email template for lost password email 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-04-12 15:19:53 -05:00
Morris Jobke
5b4adf66e5 Move OC_Defaults to OCP\Defaults 
* currently there are two ways to access default values:
  OCP\Defaults or OC_Defaults (which is extended by
  OCA\Theming\ThemingDefaults)
* our code used a mixture of both of them, which made
  it hard to work on theme values
* this extended the public interface with the missing
  methods and uses them everywhere to only rely on the
  public interface

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-04-09 21:43:01 -05:00
Joas Schilling
4bae7ef96d Allow to reset the password with the email as an input 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-03-28 21:17:37 +02:00
Bjoern Schiessle
927d3865a0 add brute force protection to password reset to make it harder to guess user logins 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2017-01-19 10:12:45 +01:00
Bjoern Schiessle
fcda3a20f4 create new encryption keys on password reset and backup the old one 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2017-01-10 17:04:32 +01:00
Bjoern Schiessle
16bbd3fd7c fix password reset if encryption is enabled 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2016-12-08 12:08:05 +01:00
Lukas Reschke
6d686c213b [WIP] Use mail for encrypting the password reset token as well 2016-11-03 14:27:26 +01:00
Joas Schilling
877cb06bfe Use magic DI for core controllers 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2016-09-30 10:00:26 +02:00
Roeland Jago Douma
f6423f74e3 Minor cleanup in core Controllers 2016-08-29 21:52:09 +02:00
Joas Schilling
736e884e9a Move the reset token to core app 2016-08-23 15:01:38 +02:00
Joas Schilling
ba87db3fcc Fix others 2016-07-21 18:13:57 +02:00
Joas Schilling
2c988ecbf4 Use the themed Defaults everywhere 2016-07-15 09:17:30 +02:00
Lukas Reschke
aba539703c Update license headers 2016-05-26 19:57:24 +02:00
Julius Haertl
8ee2cb47d0 Show error messages if a password reset link is invalid or expired 
- Moved token validation to method checkPasswordResetToken
- Render error with message from exceptions
 2016-05-23 16:48:10 +02:00
Lukas Reschke
a4b19a5b1e Rename files to be PSR-4 compliant 2016-04-06 11:00:52 +02:00