aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/Authentication/Token
Commit message (Collapse)AuthorAgeFilesLines
...
* Make the token expiration also work for autocasting 0Roeland Jago Douma2018-06-081-1/+1
| | | | | | | Some bad databases don't respect the default null apprently. Now even if they cast it to 0 it should work just fine. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Certain tokens can expireRoeland Jago Douma2018-05-175-5/+43
| | | | | | | | However due to the nature of what we store in the token (encrypted passwords etc). We can't just delete the tokens because that would make the oauth refresh useless. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Allow the rotation of tokensRoeland Jago Douma2018-05-164-2/+63
| | | | | | This for example will allow rotating the apptoken for oauth Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Refix scopeRoeland Jago Douma2018-05-152-3/+5
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Fix testsRoeland Jago Douma2018-05-154-17/+29
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Make the Token Auth code strictRoeland Jago Douma2018-05-155-90/+94
| | | | | | In preparation for #9441 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Move over TokenMapperRoeland Jago Douma2018-05-101-1/+2
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Use ::class statement instead of stringMorris Jobke2018-01-291-1/+1
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Loss of performance on Login after upgrade from NC10 + LDAP to NC 12 + LDAP ↵Flávio Gomes da Silva Lisboa2017-11-271-0/+1
| | | | | | #6732 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Update license headersMorris Jobke2017-11-065-0/+15
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Fix duplicate session token after remembered loginChristoph Wurst2017-09-201-0/+1
| | | | | | | | | On a remembered login session, we create a new session token in the database with the values of the old one. As we actually don't need the old session token anymore, we can delete it right away. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix auth providerJoas Schilling2017-08-021-1/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Fix clob comparisonJoas Schilling2017-08-021-1/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* More phpstorm inspection fixesRoeland Jago Douma2017-07-241-2/+1
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Minor typosMarcel Waldvogel2017-07-213-3/+3
| | | | Signed-off-by: Marcel Waldvogel <marcel.waldvogel@uni-konstanz.de>
* Rename table back to lowercaseLukas Reschke2017-05-181-8/+8
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* delete auth token when client gets deletedBjoern Schiessle2017-05-181-7/+19
| | | | Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
* Defining App "cron" for "Invalidating tokens older than" message #27167 (#27201)Martin2017-03-191-2/+2
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* copy remember-me value when renewing a session tokenChristoph Wurst2016-11-271-0/+1
| | | | | | | | | On renew, a session token is duplicated. For some reason we did not copy over the remember-me attribute value. Hence, the new token was deleted too early in the background job and remember-me did not work properly. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* use lower loglevel for token cleanup messagesRobin Appelman2016-11-171-2/+2
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* Add test for setting up fake fsRobin Appelman2016-11-161-1/+1
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* Adds TokenProvider and Mapper testsRoeland Jago Douma2016-11-161-7/+5
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* explicit typesRobin Appelman2016-11-161-5/+11
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* cast to intRobin Appelman2016-11-161-2/+2
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* phpdocRobin Appelman2016-11-161-2/+1
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* fix setscopeRobin Appelman2016-11-161-2/+2
| | | | Signed-off-by: Robin Appelman <icewind@owncloud.com>
* allow configuring filesystem accessRobin Appelman2016-11-165-7/+71
| | | | Signed-off-by: Robin Appelman <icewind@owncloud.com>
* app password scope wipRobin Appelman2016-11-163-2/+19
| | | | Signed-off-by: Robin Appelman <icewind@owncloud.com>
* read lockdown scope from tokenRobin Appelman2016-11-163-2/+19
| | | | Signed-off-by: Robin Appelman <icewind@owncloud.com>
* document what the method doesChristoph Wurst2016-11-021-0/+2
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add missing tests and fix PHPDocLukas Reschke2016-11-022-1/+9
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* bring back remember-meChristoph Wurst2016-11-025-12/+56
| | | | | | | | | | * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* add invalidateOldTokens to IProvider interfaceChristoph Wurst2016-08-022-3/+7
|
* Fix othersJoas Schilling2016-07-216-6/+12
|
* Merge pull request #25172 from owncloud/token-login-validationVincent Petry2016-06-225-29/+66
|\ | | | | Token login validation
| * store last check timestamp in token instead of sessionChristoph Wurst2016-06-175-24/+58
| |
| * use token last_activity instead of session valueChristoph Wurst2016-06-172-5/+8
| |
* | update session token password on user password changeChristoph Wurst2016-06-212-0/+27
| |
* | close cursor after loading a tokenChristoph Wurst2016-06-171-0/+1
|/
* do not generate device token if 2FA is enable for userChristoph Wurst2016-06-071-0/+1
|
* Create session tokens for apache auth usersChristoph Wurst2016-05-313-5/+14
|
* Update license headersLukas Reschke2016-05-266-6/+0
|
* when generating browser/device token, save the login name for later password ↵Christoph Wurst2016-05-245-6/+32
| | | | checks
* add button to invalidate browser sessions/device tokensChristoph Wurst2016-05-235-6/+37
|
* add button to add new device tokensChristoph Wurst2016-05-232-1/+4
|
* list user's auth tokens on the personal settings pageChristoph Wurst2016-05-231-1/+11
|
* add method to query all user auth tokensChristoph Wurst2016-05-183-0/+54
|
* a single token provider sufficesChristoph Wurst2016-05-184-10/+62
|
* don't spam the log file with failed token validation entriesChristoph Wurst2016-05-131-3/+1
|
* delete the token in case an exception is thrown when decrypting the passwordChristoph Wurst2016-05-111-1/+8
|
generated by cgit v1.2.3 (git 2.39.1) at 2025-06-12 06:39:32 +0000