summaryrefslogtreecommitdiffstats
path: root/lib/private/Authentication/Token
Commit message (Collapse)AuthorAgeFilesLines
* Format control structures, classes, methods and functionChristoph Wurst2020-04-1010-14/+1
| | | | | | | | | | | | | | | To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Use exactly one empty line after the namespace declarationChristoph Wurst2020-04-091-1/+0
| | | | | | For PSR2 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Update the license headers for Nextcloud 19Christoph Wurst2020-03-311-0/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Remove unused importsChristoph Wurst2020-03-251-1/+0
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Merge pull request #20127 from nextcloud/bugfix/noid/check-user-on-remote-wipeRoeland Jago Douma2020-03-241-7/+3
|\ | | | | Check the user on remote wipe
| * Check the user on remote wipeJoas Schilling2020-03-161-7/+3
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | Fix recursive calls in logging via server methodsJoas Schilling2020-03-181-9/+2
|/ | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Update license headersChristoph Wurst2019-12-0513-36/+79
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Throw an invalid token exception is token is marked outdatedRoeland Jago Douma2019-12-021-0/+11
| | | | | | | This avoids hitting the backend with multiple requests for the same token. And will help avoid quick LDAP lockouts. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Handle token insert conflictsChristoph Wurst2019-11-261-9/+24
| | | | | | | | | | | | | | | | Env-based SAML uses the "Apache auth" mechanism to log users in. In this code path, we first delete all existin auth tokens from the database, before a new one is inserted. This is problematic for concurrent requests as they might reach the same code at the same time, hence both trying to insert a new row wit the same token (the session ID). This also bubbles up and disables user_saml. As the token might still be OK (both request will insert the same data), we can actually just check if the UIDs of the conflict row is the same as the one we want to insert right now. In that case let's just use the existing entry and carry on. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Some php-cs fixesRoeland Jago Douma2019-11-221-1/+1
| | | | | | | | | | | * Order the imports * No leading slash on imports * Empty line before namespace * One line per import * Empty after imports * Emmpty line at bottom of file Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Make renewSessionToken return the new tokenRoeland Jago Douma2019-10-094-7/+14
| | | | | | | Avoids directly getting the token again. We just inserted it so it and have all the info. So that query is just a waste. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Cache the public key tokensRoeland Jago Douma2019-10-081-5/+42
| | | | | | | | | | Sometimes (esp with token auth) we query the same token multiple times. While this is properly indexed and fast it is still a bit of a waste. Right now it is doing very stupid caching. Which gets invalidate on any update. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add uid to delete temp token queryDaniel Kesselberg2019-09-181-1/+2
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Pass $configargs to openssl_pkey_exportDaniel Kesselberg2019-07-211-1/+4
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Error with exception on SSL errorMorris Jobke2019-07-183-0/+13
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Make it possible to wipe all tokens/devices of a userChristoph Wurst2019-07-091-6/+36
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Refactor: move remote wipe token logic to RW serviceChristoph Wurst2019-07-092-1/+20
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Decouple remote wipe notifcation channels with eventsChristoph Wurst2019-06-271-47/+12
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Remote wipe supportRoeland Jago Douma2019-05-207-1/+201
| | | | | | | | This allows a user to mark a token for remote wipe. Clients that support this can then wipe the device properly. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add interface INamedTokenDaniel Kesselberg2019-02-023-4/+44
| | | | | | Remove $token instanceof DefaultToken || $token instanceof PublicKeyToken Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Read openssl error and logDaniel Kesselberg2018-12-061-1/+11
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Move ExpiredTokenException to the correct namespaceRoeland Jago Douma2018-10-304-0/+4
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Catch more occurences where ExpiredTokenException can be thrownRoeland Jago Douma2018-10-211-1/+5
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Expired PK tokens should not fall back to legacy tokensRoeland Jago Douma2018-10-211-0/+2
| | | | | | Fixes #11919 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add testsRoeland Jago Douma2018-10-021-1/+4
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Update all the publickey tokens if needed on web loginRoeland Jago Douma2018-10-025-1/+48
| | | | | | | | | | * On weblogin check if we have invalid public key tokens * If so update them all with the new token This ensures that your marked as invalid tokens work again if you once login on the web. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Mark token as invalid if the password doesn't matchRoeland Jago Douma2018-10-025-0/+40
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Merge pull request #11240 from ↵Morris Jobke2018-09-251-2/+2
|\ | | | | | | | | nextcloud/feature/noid/consider-openssl-settings-from-config.php Consider openssl settings from config.php
| * Consider openssl settings from config.phpDaniel Kesselberg2018-09-161-2/+2
| | | | | | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* | Also adjust the expiration of PublicKeyTokenProviderJoas Schilling2018-09-201-2/+2
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | Copy the expiration from 480864b3e32d88361b17b70d238f986f64579757 to ↵Joas Schilling2018-09-191-1/+1
|/ | | | | | getTokenById Signed-off-by: Joas Schilling <coding@schilljs.com>
* Expire tokens hardeningRoeland Jago Douma2018-09-071-1/+1
| | | | | | Just to be sure that the field is also not 0 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* CommentsRoeland Jago Douma2018-06-195-6/+20
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add getProvider helper functionRoeland Jago Douma2018-06-181-35/+17
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Use constant for token versionRoeland Jago Douma2018-06-186-20/+22
| | | | | | | And don't set the version in the constructor. That would possible cause to many updates. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add more testsRoeland Jago Douma2018-06-183-3/+14
| | | | | | | | * Add a lot of tests * Fixes related to those tests * Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Generate the new publicKey tokens by default!Roeland Jago Douma2018-06-181-2/+1
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Actually convert the tokenRoeland Jago Douma2018-06-183-40/+94
| | | | | | | | | | * When getting the token * When rotating the token * Also store the encrypted password as base64 to avoid weird binary stuff Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add publickey provider to managerRoeland Jago Douma2018-06-181-47/+52
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* SetPassword on PublicKeyTokensRoeland Jago Douma2018-06-181-2/+12
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Just pass uid to the Token stuffRoeland Jago Douma2018-06-186-52/+26
| | | | | | We don't have user objects in the code everywhere Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add first testsRoeland Jago Douma2018-06-181-1/+10
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Initial PKT implementationRoeland Jago Douma2018-06-186-11/+672
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Abstract the Provider via a managerRoeland Jago Douma2018-06-181-0/+210
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Make the token expiration also work for autocasting 0Roeland Jago Douma2018-06-081-1/+1
| | | | | | | Some bad databases don't respect the default null apprently. Now even if they cast it to 0 it should work just fine. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Certain tokens can expireRoeland Jago Douma2018-05-175-5/+43
| | | | | | | | However due to the nature of what we store in the token (encrypted passwords etc). We can't just delete the tokens because that would make the oauth refresh useless. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Allow the rotation of tokensRoeland Jago Douma2018-05-164-2/+63
| | | | | | This for example will allow rotating the apptoken for oauth Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Refix scopeRoeland Jago Douma2018-05-152-3/+5
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Fix testsRoeland Jago Douma2018-05-154-17/+29
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-26 06:20:40 +0000