aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/Authentication/Token/DefaultTokenProvider.php
Commit message (Collapse)AuthorAgeFilesLines
* Remove default token which is deprecated since Nextcloud 13Joas Schilling2021-12-011-343/+0
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Type the autentication provider passwords as nullable stringsChristoph Wurst2021-10-131-11/+2
| | | | | | | | For historic reasons we couldn't add a nullable type hint before nullable type hints were supported by our target php versions. This is now possible. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Tokens without password should not trigger changed password invalidationJulius Härtl2021-10-071-1/+1
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Update php licensesJohn Molakvoæ (skjnldsv)2021-06-041-1/+0
| | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* Use PSR logger in authenticationJoas Schilling2020-10-121-3/+3
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Improve traces of invalid token exceptionsChristoph Wurst2020-05-271-7/+7
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Format control structures, classes, methods and functionChristoph Wurst2020-04-101-1/+0
| | | | | | | | | | | | | | | To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix recursive calls in logging via server methodsJoas Schilling2020-03-181-9/+2
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Update license headersChristoph Wurst2019-12-051-3/+7
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Make renewSessionToken return the new tokenRoeland Jago Douma2019-10-091-1/+4
| | | | | | | Avoids directly getting the token again. We just inserted it so it and have all the info. So that query is just a waste. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Move ExpiredTokenException to the correct namespaceRoeland Jago Douma2018-10-301-0/+1
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Update all the publickey tokens if needed on web loginRoeland Jago Douma2018-10-021-1/+3
| | | | | | | | | | * On weblogin check if we have invalid public key tokens * If so update them all with the new token This ensures that your marked as invalid tokens work again if you once login on the web. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Mark token as invalid if the password doesn't matchRoeland Jago Douma2018-10-021-0/+10
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Copy the expiration from 480864b3e32d88361b17b70d238f986f64579757 to ↵Joas Schilling2018-09-191-1/+1
| | | | | | getTokenById Signed-off-by: Joas Schilling <coding@schilljs.com>
* CommentsRoeland Jago Douma2018-06-191-2/+1
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Use constant for token versionRoeland Jago Douma2018-06-181-0/+1
| | | | | | | And don't set the version in the constructor. That would possible cause to many updates. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Just pass uid to the Token stuffRoeland Jago Douma2018-06-181-19/+4
| | | | | | We don't have user objects in the code everywhere Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Make the token expiration also work for autocasting 0Roeland Jago Douma2018-06-081-1/+1
| | | | | | | Some bad databases don't respect the default null apprently. Now even if they cast it to 0 it should work just fine. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Certain tokens can expireRoeland Jago Douma2018-05-171-2/+16
| | | | | | | | However due to the nature of what we store in the token (encrypted passwords etc). We can't just delete the tokens because that would make the oauth refresh useless. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Allow the rotation of tokensRoeland Jago Douma2018-05-161-0/+22
| | | | | | This for example will allow rotating the apptoken for oauth Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Fix testsRoeland Jago Douma2018-05-151-2/+2
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Make the Token Auth code strictRoeland Jago Douma2018-05-151-14/+21
| | | | | | In preparation for #9441 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Loss of performance on Login after upgrade from NC10 + LDAP to NC 12 + LDAP ↵Flávio Gomes da Silva Lisboa2017-11-271-0/+1
| | | | | | #6732 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Update license headersMorris Jobke2017-11-061-0/+4
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Fix duplicate session token after remembered loginChristoph Wurst2017-09-201-0/+1
| | | | | | | | | On a remembered login session, we create a new session token in the database with the values of the old one. As we actually don't need the old session token anymore, we can delete it right away. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Minor typosMarcel Waldvogel2017-07-211-1/+1
| | | | Signed-off-by: Marcel Waldvogel <marcel.waldvogel@uni-konstanz.de>
* Defining App "cron" for "Invalidating tokens older than" message #27167 (#27201)Martin2017-03-191-2/+2
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* copy remember-me value when renewing a session tokenChristoph Wurst2016-11-271-0/+1
| | | | | | | | | On renew, a session token is duplicated. For some reason we did not copy over the remember-me attribute value. Hence, the new token was deleted too early in the background job and remember-me did not work properly. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* use lower loglevel for token cleanup messagesRobin Appelman2016-11-171-2/+2
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* allow configuring filesystem accessRobin Appelman2016-11-161-1/+16
| | | | Signed-off-by: Robin Appelman <icewind@owncloud.com>
* Add missing tests and fix PHPDocLukas Reschke2016-11-021-1/+8
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* bring back remember-meChristoph Wurst2016-11-021-3/+29
| | | | | | | | | | * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix othersJoas Schilling2016-07-211-1/+2
|
* Merge pull request #25172 from owncloud/token-login-validationVincent Petry2016-06-221-19/+19
|\ | | | | Token login validation
| * store last check timestamp in token instead of sessionChristoph Wurst2016-06-171-15/+12
| |
| * use token last_activity instead of session valueChristoph Wurst2016-06-171-4/+7
| |
* | update session token password on user password changeChristoph Wurst2016-06-211-0/+17
|/
* Create session tokens for apache auth usersChristoph Wurst2016-05-311-3/+11
|
* Update license headersLukas Reschke2016-05-261-1/+0
|
* when generating browser/device token, save the login name for later password ↵Christoph Wurst2016-05-241-2/+4
| | | | checks
* add button to invalidate browser sessions/device tokensChristoph Wurst2016-05-231-0/+10
|
* add button to add new device tokensChristoph Wurst2016-05-231-0/+2
|
* add method to query all user auth tokensChristoph Wurst2016-05-181-0/+14
|
* a single token provider sufficesChristoph Wurst2016-05-181-7/+9
|
* don't spam the log file with failed token validation entriesChristoph Wurst2016-05-131-3/+1
|
* delete the token in case an exception is thrown when decrypting the passwordChristoph Wurst2016-05-111-1/+8
|
* fix PHPDoc and other minor issuesChristoph Wurst2016-05-111-3/+8
|
* PHPDoc and other minor fixesChristoph Wurst2016-05-111-6/+12
|
* Add token auth for OCS APIsChristoph Wurst2016-05-111-3/+7
|
* Add index on 'last_activity'Christoph Wurst2016-05-111-1/+3
| | | | | | add token type column and delete only temporary tokens in the background job debounce token updates; fix wrong class import
generated by cgit v1.2.3 (git 2.39.1) at 2025-06-05 21:49:42 +0000