nextcloud

mirror of https://github.com/nextcloud/server.git synced 2026-02-03 20:41:22 -05:00

Author	SHA1	Message	Date
Anna Larch	08f869dda9	fix: broken password reset form Signed-off-by: Anna Larch <anna@nextcloud.com>	2025-05-26 19:22:07 +02:00
provokateurin	82fb8f8508	refactor: Extend rector to core/ Signed-off-by: provokateurin <kate@provokateurin.de>	2025-05-15 00:16:54 +02:00
Daniel Kesselberg	af6de04e9e	style: update codestyle for coding-standard 1.2.3 Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2024-08-25 19:34:58 +02:00
provokateurin	bc5c0262af	refactor(core): Make all attribute arguments named Signed-off-by: provokateurin <kate@provokateurin.de>	2024-07-27 22:36:18 +02:00
provokateurin	c57c3c1573	refactor(core): Replace security annotations with respective attributes Signed-off-by: provokateurin <kate@provokateurin.de>	2024-07-26 07:30:45 +02:00
Andy Scherzinger	e07a190641	chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>	2024-05-27 14:53:40 +02:00
fenn-cs	2792d8b3f5	feat: Limit email input on auth pages to 255 chars Excessively long emails reported make server unresponsive. We could at some point, consider adding a configuration for sysadmins to bypass this setting on their instance if they want. Signed-off-by: fenn-cs <fenn25.fn@gmail.com>	2024-03-21 10:34:55 +01:00
provokateurin	2c51933b6b	refactor(core): Switch to attribute based routing Signed-off-by: provokateurin <kate@provokateurin.de>	2024-02-21 12:07:50 +01:00
Vincent Petry	839ddaa354	feat: rename users to account or person Replace translated text in most locations Signed-off-by: Vincent Petry <vincent@nextcloud.com>	2024-02-13 21:06:30 +01:00
provokateurin	b64ab5fba8	refactor: Migrate IgnoreOpenAPI attributes to OpenAPI Signed-off-by: provokateurin <kate@provokateurin.de>	2024-01-18 16:14:17 +01:00
Joas Schilling	aa5f037af7	chore: apply changes from Nextcloud coding standards 1.1.1 Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2023-11-23 10:36:13 +01:00
jld3103	1be836273d	core: Add OpenAPI spec Signed-off-by: jld3103 <jld3103yt@gmail.com>	2023-07-13 07:24:15 +02:00
Faraz Samapoor	d64aa85b04	Applies agreed-upon indentation convention to the changed controllers. Based on https://github.com/nextcloud/server/pull/38636#discussion_r1218167753 Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>	2023-06-16 19:29:40 +02:00
Faraz Samapoor	4bf610ebaf	Refactors controllers by using PHP8's constructor property promotion. Signed-off-by: Faraz Samapoor <f.samapoor@gmail.com>	2023-06-16 19:29:40 +02:00
Joas Schilling	7ee81b6555	fix(lostpassword): Also rate limit the setPassword endpoint Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-05-15 09:21:07 +02:00
Josh Richards	9899b12478	Trim user earlier Signed-off-by: Josh Richards <josh.t.richards@gmail.com>	2023-04-04 10:03:15 -04:00
Josh Richards	203b9131ec	Trim the user/email provided for password resets Signed-off-by: Josh Richards <josh.t.richards@gmail.com>	2023-03-30 11:59:13 -04:00
Joas Schilling	704eb3aa6c	Add bruteforce protection to password reset page Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-02-02 06:13:49 +01:00
Joas Schilling	b4a29644cc	Add a const for the max user password length Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-01-04 11:23:43 +01:00
Joas Schilling	9cfaf27142	Also limit the password length on reset Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-01-03 16:36:01 +01:00
Côme Chilliet	71ee292650	Add rate limiting on lost password emails Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2022-10-18 14:49:02 +00:00
NoSleep82	b03aedf128	Update core/Controller/LostController.php Co-authored-by: John Molakvoæ <skjnldsv@users.noreply.github.com> Signed-off-by: NoSleep82 <52562874+NoSleep82@users.noreply.github.com>	2022-08-21 13:16:23 +02:00
NoSleep82	61548c520b	Update LostController.php i would be useful to know who is trying to reset the password (misspelled username or email, ex user or some sort of attack) Signed-off-by: NoSleep82 <52562874+NoSleep82@users.noreply.github.com>	2022-08-19 18:30:32 +02:00
Thomas Citharel	abe5ff3654	Make LostController use IInitialState and LoggerInterface Signed-off-by: Thomas Citharel <tcit@tcit.fr>	2022-06-10 16:41:41 +02:00
Thomas Citharel	44e13848a1	Add password reset typed events These hooks are only used in the Encryption app from what I can see. Signed-off-by: Thomas Citharel <tcit@tcit.fr>	2022-06-10 16:41:41 +02:00
Carl Schwan	b70c6a128f	Update core to PHP 7.4 standard - Typed properties - Port to LoggerInterface Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2022-05-20 22:18:06 +02:00
Pytal	3a94d7c2ea	Merge pull request #28794 from nextcloud/fix/noid/guest-activation-pwd-reset-disabled allow using of disabled password reset mechanism for special cases	2021-09-14 18:29:10 -07:00
Arthur Schiwon	a843d3c5db	allow using of disabled password reset mechanism for special cases - LostController has three endpoints - door opener email() still rejects - resetform(), reachable from mail, checks the token first and may report that password reset is disabled - setPassword() got its check removed as it is behind CSFR anyway and still requires a valid token - this allows special cases like activating a freshly created guest account Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2021-09-10 22:48:16 +02:00
Arthur Schiwon	6857136f06	fixes missing prefix to validate password reset token - also fixes the test which missed asserting the presence of it Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2021-09-10 19:06:50 +02:00
Arthur Schiwon	a20de15b43	add a job to clean up expired verification tokens Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2021-09-09 14:03:35 +02:00
Arthur Schiwon	19cc757531	move verification token logic out of lost password controller - to make it reusable - needed for local email verification Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2021-09-09 14:03:29 +02:00
Gary Kim	b78f3a57d1	Migrate HintException to OCP Signed-off-by: Gary Kim <gary@garykim.dev>	2021-06-30 15:28:02 -04:00
John Molakvoæ (skjnldsv)	215aef3cbd	Update php licenses Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	2021-06-04 22:02:41 +02:00
Joas Schilling	6ed4aaeeea	Send emails on password reset to the displayname Signed-off-by: Joas Schilling <coding@schilljs.com>	2021-02-18 12:38:43 +01:00
Christoph Wurst	d9015a8c94	Format code to a single space around binary operators Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-10-05 20:25:24 +02:00
Christoph Wurst	caff1023ea	Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-10 14:19:56 +02:00
Christoph Wurst	afbd9c4e6e	Unify function spacing to PSR2 recommendation Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-09 13:54:22 +02:00
Christoph Wurst	2fbad1ed72	Fix (array) indent style to always use one tab Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-09 10:16:08 +02:00
Christoph Wurst	1a9330cd69	Update the license headers for Nextcloud 19 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-03-31 14:52:54 +02:00
Christoph Wurst	b80ebc9674	Use the short array syntax, everywhere Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-03-26 16:34:56 +01:00
Christoph Wurst	5bf3d1bb38	Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2019-12-05 15:38:45 +01:00
Roeland Jago Douma	68748d4f85	Some php-cs fixes * Order the imports * No leading slash on imports * Empty line before namespace * One line per import * Empty after imports * Emmpty line at bottom of file Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-11-22 20:52:10 +01:00
Daniel Kesselberg	e32b2c4b76	Stop if there is no encrypted token Fix Argument 1 passed to OC\Security\Crypto::decrypt() must be of the type string, null given Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2019-08-18 19:58:50 +02:00
Roeland Jago Douma	436f7b92d5	Merge pull request #16544 from nextcloud/bugfix/16540 Add missing password reset page to vue	2019-07-31 11:02:20 +02:00
Julius Härtl	3b0d13944a	Move actual password reset to vue Signed-off-by: Julius Härtl <jus@bitgrid.net>	2019-07-31 09:19:07 +02:00
Roeland Jago Douma	b6dd2ebd39	Use proper exception in lostController There is no need to log the expcetion of most of the stuff here. We should properly log them but an exception is excessive. This moves it to a proper exception which we can catch and then log. The other exceptions will still be fully logged. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-07-27 20:12:16 +02:00
Daniel Kesselberg	d57540ac84	Return first value from $users Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2019-07-09 19:29:14 +02:00
Roeland Jago Douma	ac8a6e2244	Clean pending 2FA authentication on password reset When a password is reste we should make sure that all users are properly logged in. Pending states should be cleared. For example a session where the 2FA code is not entered yet should be cleared. The token is now removed so the session will be killed the next time this is checked (within 5 minutes). Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-01-29 13:08:56 +01:00
Roeland Jago Douma	d0397f9b53	Generic message on password reset There is no need to inform the user if the account existed or not. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-01-15 15:53:43 +01:00
blizzz	ef97ef72f6	Merge pull request #10743 from danielkesselberg/bugfix/noid/allow-password-reset-for-duplicate-email Enable password reset for user with same email address when only one is active	2018-09-13 10:48:30 +02:00

1 2

87 commits