4d6b4b71c7
fix: Authorization header can be an empty string
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2024-06-28 14:42:36 +07:00
67a0e01382
fix(dav): Try basic auth for ajax WebDAV requests
...
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-06-18 10:47:11 +07:00
9d4b944098
chore: Add SPDX header
...
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
2024-05-27 20:11:22 +07:00
91127edcc8
fix(dav): fallback realm for HTTP authentication
...
By default, the name of the Nextcloud instance is an empty string, until changed by the admin. This leads to an empty realm sent with the WWW-Authenticate header, while the realm is mandatory for Basic HTTP authentication. Some clients have issues with an empty realm, e.g. Thunderbird cannot store passwords in this case.
This commit applies "Nextcloud" as fallback for the realm, in case the name of the Nextcloud instance is not set.
Solves: https://help.nextcloud.com/t/thunderbird-dont-save-caldav-password-because-of-missing-httprealm-or-formsubmiturl/93233
Signed-off-by: MichaIng <micha@dietpi.com>
2024-02-14 16:49:39 +07:00
aa5f037af7
chore: apply changes from Nextcloud coding standards 1.1.1
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2023-11-23 10:36:13 +07:00
25309bcb45
techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-08-28 15:50:45 +07:00
dac31ad101
fix!: Remove legacy event dispatching Symfony's GenericEvent from 2FA Manager
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-07-27 09:57:52 +07:00
b91957e3df
fix(dav): Abort requests with 429 instead of waiting
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-05-03 22:43:36 +07:00
7b413a41eb
perf(dav): Do not call general setupFS on ever dav auth
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2023-02-09 10:19:37 +07:00
f7be76125f
Fix more psalm issues
...
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2022-05-16 11:05:54 +07:00
829490ab7a
Cleanup dav
...
- Remove unused class AppEnabledPlugin
- Add more type hinting when possible
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2022-05-05 22:03:59 +07:00
e2531f8503
Migrate dav application from ILogger to LoggerInterface
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2022-05-02 10:52:43 +07:00
c80ba69b7a
dont setup full fs after dav auth
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2022-03-24 17:00:57 +07:00
5cd5245ca8
Fix dav application tests and code for PHP 8.1
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2021-11-23 09:29:01 +07:00
215aef3cbd
Update php licenses
...
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2021-06-04 22:02:41 +07:00
d89a75be0b
Update all license headers for Nextcloud 21
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-12-16 18:48:22 +07:00
28f8eb5dba
Add visibility to all constants
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 16:54:27 +07:00
1584c9ae9c
Add visibility to all methods and position of static keyword
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 16:51:06 +07:00
caff1023ea
Format control structures, classes, methods and function
...
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.
This also removes and empty lines from method/function bodies at the
beginning and end.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 14:19:56 +07:00
5bf3d1bb38
Update license headers
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-12-05 15:38:45 +07:00
68748d4f85
Some php-cs fixes
...
* Order the imports
* No leading slash on imports
* Empty line before namespace
* One line per import
* Empty after imports
* Emmpty line at bottom of file
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-22 20:52:10 +07:00
0efd29f41f
first check if the user is already logged in and then try to authenticate via apache, this way we suppress wrong audit log messages about failed login attempts
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-10-30 22:14:52 +07:00
e2974f1133
Simplify return statement
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-02-13 21:55:24 +07:00
0eebff152a
Update license headers
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 16:56:19 +07:00
df3909a7c3
Use Bearer backend for SabreDAV
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 20:49:10 +07:00
5f71805c35
Add basic implementation for OAuth 2.0 Authorization Code Flow
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 20:49:03 +07:00
1729e4471f
Update comments to Nextcloud
...
* based on PR by @Ardinis
* see #4311
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-11 23:16:27 +07:00
33fb86f68b
Fix detection of the new iOS app
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-02-10 10:10:21 +07:00
b56f2c9ed0
basic lockdown logic
...
Signed-off-by: Robin Appelman <icewind@owncloud.com>
2016-11-16 15:24:23 +07:00
6af2efb679
prevent infinite redirect loops if the there is no 2fa provider to pass
...
This fixes infinite loops that are caused whenever a user is about to solve a 2FA
challenge, but the provider app is disabled at the same time. Since the session
value usually indicates that the challenge needs to be solved before we grant access
we have to remove that value instead in this special case.
2016-08-24 10:49:23 +07:00
813f0a0f40
Fix apps/
2016-07-21 18:13:57 +07:00
ba4f12baa0
Implement brute force protection
...
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.
It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
2016-07-20 22:08:56 +07:00
2c988ecbf4
Use the themed Defaults everywhere
2016-07-15 09:17:30 +07:00
5a8cfab68f
throw PasswordLoginForbidden on DAV
2016-06-17 11:30:24 +07:00
82b50d126c
add PasswordLoginForbiddenException
2016-06-17 11:02:07 +07:00
331d88bcab
create session token on all APIs
2016-06-13 15:38:34 +07:00
67c3a97401
Merge pull request #25046 from owncloud/fix-the-realm
...
Use the correct realm for basic authentication
2016-06-10 10:41:46 +07:00
cf06b17df1
Use the correct realm for basic authentication - fixes #23427
2016-06-09 13:53:32 +07:00
f20c617154
Allow login by email address via webdav as well - fixes #24791
2016-06-09 12:08:49 +07:00
da03a85c3c
block DAV if 2FA challenge needs to be solved first
2016-06-01 10:42:38 +07:00
aba539703c
Update license headers
2016-05-26 19:57:24 +07:00
28ce7dd262
do not allow client password logins if token auth is enforced or 2FA is enabled
2016-05-24 17:54:02 +07:00
ad10485cec
when generating browser/device token, save the login name for later password checks
2016-05-24 11:49:15 +07:00
dfb4d426c2
Add two factor auth to core
2016-05-23 11:21:10 +07:00
dd9ee10bc0
Move dav app to PSR-4 ( #24527 )
...
* Move Application to correct namespace and PSR-4 it
* Move dav app to PSR-4
2016-05-12 09:42:40 +07:00
Julius Härtl
Ferdinand Thiessen
Andy Scherzinger
MichaIng
Joas Schilling
Carl Schwan
Côme Chilliet
Robin Appelman
John Molakvoæ (skjnldsv)
Christoph Wurst
Roeland Jago Douma
Bjoern Schiessle
Morris Jobke
Lukas Reschke
Robin Appelman
Christoph Wurst
Vincent Petry
Thomas Müller
Lukas Reschke
Joas Schilling