Arthur Schiwon f0494ec17a fix(Session): avoid password confirmation on SSO ... SSO backends like SAML and OIDC tried a trick to suppress password confirmations as they are not possible by design. At least for SAML it was not reliable when existing user backends where used as user repositories. Now we are setting a special scope with the token, and also make sure that the scope is taken over when tokens are regenerated. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>		2024-06-11 20:19:18 +02:00
..
Exceptions	feat(appframework): Expose programmatic rate limiter	2023-09-20 20:25:27 +02:00
BruteForceMiddleware.php	techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25	2023-08-28 15:50:45 +02:00
CORSMiddleware.php	chore: apply changes from Nextcloud coding standards 1.1.1	2023-11-23 10:36:13 +01:00
CSPMiddleware.php	chore: apply changes from Nextcloud coding standards 1.1.1	2023-11-23 10:36:13 +01:00
FeaturePolicyMiddleware.php	composer run cs:fix	2023-01-20 11:45:08 +01:00
PasswordConfirmationMiddleware.php	fix(Session): avoid password confirmation on SSO	2024-06-11 20:19:18 +02:00
RateLimitingMiddleware.php	fix: add check for app_api_system session flag to bypass rate limit	2024-03-18 20:09:15 +02:00
ReloadExecutionMiddleware.php	feat(security): Add PHP \Attribute for remaining security annotations	2023-04-25 14:50:32 +02:00
SameSiteCookieMiddleware.php	chore: apply changes from Nextcloud coding standards 1.1.1	2023-11-23 10:36:13 +01:00
SecurityMiddleware.php	feat: rename users to account or person	2024-02-13 21:06:30 +01:00