summaryrefslogtreecommitdiffstats
path: root/core/Controller/ClientFlowLoginController.php
Commit message (Collapse)AuthorAgeFilesLines
* Fix bug with proxiesMario Danic2018-01-151-1/+12
| | | | Signed-off-by: Mario Danic <mario@lovelyhq.com>
* Clear login token once apppassword is generatedRoeland Jago Douma2018-01-041-0/+3
| | | | | | | | | | | | | Fixes #7697 When using the new login flow a token will be generated since we login. However after that we generate yet another token to return (as we should). However we should kill the current session token as we are done with it. And will never use it again. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Fix flowMario Danic2017-11-091-1/+10
| | | | Signed-off-by: Mario Danic <mario@lovelyhq.com>
* Theming: theme flow redirection pageJulius Härtl2017-11-081-1/+1
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Update license headersMorris Jobke2017-11-061-0/+5
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Fix undefined index oauthStateMorris Jobke2017-09-061-0/+1
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Add tests for ClientFlowLoginControllerLukas Reschke2017-05-181-6/+4
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Add OAuth state to sessionLukas Reschke2017-05-181-24/+18
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* use name of oauth app to identify auth tokenBjoern Schiessle2017-05-181-2/+10
| | | | Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
* show error page if no valid client identifier is given and if it is not a ↵Bjoern Schiessle2017-05-181-5/+24
| | | | | | API request Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
* Remove special charactersLukas Reschke2017-05-181-1/+1
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Add basic implementation for OAuth 2.0 Authorization Code FlowLukas Reschke2017-05-181-20/+72
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Update login flow redirectionMario Danic2017-05-041-1/+1
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* AppToken to 72 charsRoeland Jago Douma2017-04-251-1/+1
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Do not remove the state token to earlyRoeland Jago Douma2017-04-251-1/+3
| | | | | | | we should check the stateToken before we remove it. Else the check will always fail. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add new auth flowLukas Reschke2017-04-251-0/+236
This implements the basics for the new app-password based authentication flow for our clients. The current implementation tries to keep it as simple as possible and works the following way: 1. Unauthenticated client opens `/index.php/login/flow` 2. User will be asked whether they want to grant access to the client 3. If accepted the user has the chance to do so using existing App Token or automatically generate an app password. If the user chooses to use an existing app token then that one will simply be redirected to the `nc://` protocol handler. While we can improve on that in the future, I think keeping this smaller at the moment has its advantages. Also, in the near future we have to think about an automatic migration endpoint so there's that anyways :-) If the user chooses to use the regular login the following happens: 1. A session state token is written to the session 2. User is redirected to the login page 3. If successfully authenticated they will be redirected to a page redirecting to the POST controller 4. The POST controller will check if the CSRF token as well as the state token is correct, if yes the user will be redirected to the `nc://` protocol handler. This approach is quite simple but also allows to be extended in the future. One could for example allow external websites to consume this authentication endpoint as well. Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-25 13:51:16 +0000