daenamnu/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/all-in-one.git synced 2026-05-28 06:20:14 +00:00
Code Issues Packages Projects Releases Wiki Activity
8,191 Commits 90 Branches 272 Tags
bbafd6ff8c4bd6d757d52d14b44e44a5ec7c41ed
Commit Graph

23 Commits

Author SHA1 Message Date
copilot-swe-agent[bot]
bbafd6ff8c revert: remove borgRestorePassword clearing and rate limiting (to be addressed in separate PRs) 
Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/d7eb7ba7-23d8-4082-8255-09f1338de24b

Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>
 2026-05-12 10:02:28 +00:00
Simon L.
adcc41f401 Revert "revert: address PR review comments - remove borgRestorePassword clearing and GetTryLogin HTML redirect" 
This reverts commit 68bb93a2c8.
 2026-05-12 11:58:34 +02:00
copilot-swe-agent[bot]
68bb93a2c8 revert: address PR review comments - remove borgRestorePassword clearing and GetTryLogin HTML redirect 
Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/55bc79a5-dea6-4bcf-9d13-030209b54382

Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>
 2026-05-12 09:55:20 +00:00
copilot-swe-agent[bot]
a415c76ad2 security: null-check currentScript, handle apcu_inc failure, use apcu_fetch success param 
Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/f1016d36-0771-46e0-992c-95ce22594414

Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>
 2026-05-04 10:09:07 +00:00
copilot-swe-agent[bot]
79e05f33cd security: enforce APCu availability, fix fixed-window rate limiting, tighten URL validation 
Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/f1016d36-0771-46e0-992c-95ce22594414

Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>
 2026-05-04 10:06:14 +00:00
copilot-swe-agent[bot]
ef58220c09 security: use persistent HMAC key, validate clean-history target, improve comments 
Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/f1016d36-0771-46e0-992c-95ce22594414

Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>
 2026-05-04 10:03:53 +00:00
copilot-swe-agent[bot]
6a9e55a8de security: address second round of code-review comments 
Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/f1016d36-0771-46e0-992c-95ce22594414

Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>
 2026-05-04 10:01:09 +00:00
copilot-swe-agent[bot]
8356d0dadc security: address code-review comments on rate-limit and clean-history script 
Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/f1016d36-0771-46e0-992c-95ce22594414

Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>
 2026-05-04 09:58:46 +00:00
copilot-swe-agent[bot]
3e72f06d32 security: fix brute-force protection, token history leak, streaming XSS, borg password persistence, and missing cache headers 
Agent-Logs-Url: https://github.com/nextcloud/all-in-one/sessions/f1016d36-0771-46e0-992c-95ce22594414

Co-authored-by: szaimen <42591237+szaimen@users.noreply.github.com>
 2026-05-04 09:56:38 +00:00
Pablo Zmdl
b67b3bbe15 Also punish failed logins via GET and URL-token 
Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
 2026-04-07 15:08:01 +02:00
Pablo Zmdl
bc968d18e6 Punish failed login attempts with a delay 
This is a very simple means against bots, until we find the time to discuss
and implement something better.

Signed-off-by: Pablo Zmdl <pablo@nextcloud.com>
 2026-04-07 14:52:55 +02:00
Simon L.
eba86c3ad1 add declare(strict_types=1); to all php files 
Signed-off-by: Simon L. <szaimen@e.mail.de>
 2026-02-03 13:25:53 +01:00
Lorenzo Moscati
10529a597c Added suggested changes 
Signed-off-by: Lorenzo Moscati <lorenzo@moscati.page>
 2025-11-04 15:10:41 +01:00
Lorenzo Moscati
21fbb58c96 Rewrite all AIO interface paths to be relative 
Signed-off-by: Lorenzo Moscati <lorenzo@moscati.page>
 2025-11-04 15:09:29 +01:00
Jean-Yves
496ec9ba17 update constructor 
Signed-off-by: Jean-Yves <7360784+docjyJ@users.noreply.github.com>
 2024-10-07 10:12:43 +02:00
hunhejj
5ec3fd2d3d Reword the error message shown when the password is incorrect 
Signed-off-by: hunhejj <hunhejj@gmail.com>
 2024-01-19 14:41:22 +01:00
Simon L
9954641e02 fix the login form 
Signed-off-by: Simon L <szaimen@e.mail.de>
 2023-04-01 13:33:11 +02:00
Simon L
f272979c43 address review by making $args an array 
Signed-off-by: Simon L <szaimen@e.mail.de>
 2023-01-02 15:46:58 +01:00
Simon L
8089ab83cf add types for missing ones 
Signed-off-by: Simon L <szaimen@e.mail.de>
 2023-01-02 13:17:41 +01:00
szaimen
3118ecf385 rework session deduplication 
Signed-off-by: szaimen <szaimen@e.mail.de>
 2022-10-16 18:12:50 +02:00
szaimen
f6fc87354d block the login in the controller as well 
Signed-off-by: szaimen <szaimen@e.mail.de>
 2022-01-14 11:39:39 +01:00
szaimen
f07413a182 remove the username for the aio interface 
Signed-off-by: szaimen <szaimen@e.mail.de>
 2021-12-07 18:01:20 +01:00
Nextcloud Team
2295a33590 Initial import 2021-11-30 11:20:42 +01:00