aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/Authentication/Token
Commit message (Collapse)AuthorAgeFilesLines
* fix: Adjust Entity typesfeat/add-datetime-qbmapper-supportFerdinand Thiessen2024-10-171-7/+8
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* chore(db): Correctly apply query typesGit'Fellow2024-10-171-7/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | fix: psalm fix: error fix: add batch fix: fatal error fix: add batch chore: add batch chore: add batch fix: psalm fix: typo fix: psalm fix: return bool fix: revert Manager
* chore: Add proper deprecation dates where missingFerdinand Thiessen2024-09-201-1/+1
| | | | Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
* style: update codestyle for coding-standard 1.2.3Daniel Kesselberg2024-08-252-11/+11
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* feat(auth): Clean-up unused auth tokens and wipe tokensChristoph Wurst2024-08-132-9/+21
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* fix(Token): take over scope in token refresh with login by cookieArthur Schiwon2024-07-193-6/+19
| | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* fix(Session): avoid race conditions on clustered setupsArthur Schiwon2024-07-101-1/+1
| | | | | | | | - re-stablishes old behaviour with cache to return null instead of throwing an InvalidTokenException when the token is cached as non-existing - token invalidation and re-generation are bundled in a DB transaction now Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* refactor(Token): introduce scope constantsArthur Schiwon2024-06-051-1/+2
| | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* fix(Session): avoid password confirmation on SSOArthur Schiwon2024-06-051-0/+1
| | | | | | | | | | | SSO backends like SAML and OIDC tried a trick to suppress password confirmations as they are not possible by design. At least for SAML it was not reliable when existing user backends where used as user repositories. Now we are setting a special scope with the token, and also make sure that the scope is taken over when tokens are regenerated. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* Merge pull request #45411 from ↵Daniel2024-05-291-2/+0
|\ | | | | | | | | nextcloud/fix/auth/selective-token-activity-update fix(auth): Update authtoken activity selectively
| * fix(auth): Update authtoken activity selectivelyChristoph Wurst2024-05-211-2/+0
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | chore: Add SPDX headerAndy Scherzinger2024-05-2410-211/+22
|/ | | | Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
* Merge pull request #45026 from nextcloud/fix/token-updateChristoph Wurst2024-05-161-0/+2
|\ | | | | Avoid updating the same oc_authtoken row twice
| * fix: Always set last activity if we update the row of an authtoken anywaysJulius Härtl2024-04-291-0/+2
| | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* | fix(session): Avoid race condition for cache::get() vs. cache::hasKey()Joas Schilling2024-04-291-6/+6
|/ | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* fix: Apply new coding standard to all filesCôme Chilliet2024-04-022-2/+2
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* feat(perf): add cache for authtoken lookupBenjamin Gaussorgues2024-02-282-63/+78
| | | | Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
* Import OCP IToken as OCPIToken to avoid a name clash in lib/privateCôme Chilliet2024-01-113-65/+65
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Use IToken from OCP instead of OCCôme Chilliet2024-01-113-0/+3
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Suppress or fix psalm errors related to InvalidTokenExceptionCôme Chilliet2024-01-112-4/+6
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Always catch OCP versions of authentication exceptionsCôme Chilliet2024-01-112-8/+9
| | | | | | And always throw OC versions for BC Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* chore: apply changes from Nextcloud coding standards 1.1.1Joas Schilling2023-11-234-37/+37
| | | | | Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
* Allow passing null to PublicKeyToken::setScope, fixes testsCôme Chilliet2023-10-231-2/+2
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Improve docblock annotations for tokens and their exceptionsCôme Chilliet2023-10-231-0/+3
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Use more precise typing for setScope method parameterCôme Chilliet2023-10-231-2/+2
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Align PublicKeyToken with interface changesCôme Chilliet2023-10-231-10/+6
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Move IToken and IProvider::getToken to OCPCôme Chilliet2023-10-201-104/+2
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Fix typoLucas Azevedo2023-08-251-1/+1
| | | | Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>
* Fixes from static analysisLucas Azevedo2023-08-251-3/+3
| | | | Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com> Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>
* Add last-used-before optionLucas Azevedo2023-08-254-0/+24
| | | | Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>
* Merge branch 'master' into enh/type-iconfig-getter-callsCôme Chilliet2023-04-201-51/+55
|\ | | | | Signed-off-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
| * fix(auth): Run token statements in atomic transactionChristoph Wurst2023-04-121-51/+55
| | | | | | | | | | | | All or nothing Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Use typed version of IConfig::getSystemValue as much as possibleCôme Chilliet2023-04-051-5/+5
|/ | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Merge pull request #36033 from ↵Côme Chilliet2023-03-151-1/+11
|\ | | | | | | | | nextcloud/invalidateTokensWhenDeletingOAuthClientMaster [master] invalidate existing tokens when deleting an oauth client
| * public interface to invalidate tokens of userArtur Neumann2023-03-141-1/+11
| | | | | | | | Signed-off-by: Artur Neumann <artur@jankaritech.com>
* | Don't try to hash a nonexisting passwordEmber 'n0emis' Keske2023-03-131-1/+1
|/ | | | | | Allows to log-in via a passwordless authentication provider, eg SSO Signed-off-by: Ember 'n0emis' Keske <git@n0emis.eu>
* fix(authentication): Handle null or empty string password hashJoas Schilling2023-02-101-1/+1
| | | | | | | | This can happen when the auth.storeCryptedPassword config is used, which previously errored with: Hasher::verify(): Argument #2 ($hash) must be of type string, null given Signed-off-by: Joas Schilling <coding@schilljs.com>
* Merge pull request #36621 from ↵Joas Schilling2023-02-101-1/+30
|\ | | | | | | | | nextcloud/perf/noid/only-check-for-token-when-it-can-actually-be fix(performance): Only search for auth tokens when the provided login…
| * fix(authentication): Check minimum length when creating app tokensJoas Schilling2023-02-091-2/+10
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
| * fix(performance): Only search for auth tokens when the provided login is ↵Joas Schilling2023-02-081-1/+22
| | | | | | | | | | | | long enough Signed-off-by: Joas Schilling <coding@schilljs.com>
* | fix(authtoken): Store only one hash for authtokens with the current password ↵Julius Härtl2023-02-092-1/+50
|/ | | | | | per user Signed-off-by: Julius Härtl <jus@bitgrid.net>
* composer run cs:fixCôme Chilliet2023-01-204-5/+0
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix(authentication): Update the token when the hash is null or can not be ↵Joas Schilling2023-01-091-4/+21
| | | | | | verified Signed-off-by: Joas Schilling <coding@schilljs.com>
* fix(authentication): Only hash the new password when neededJoas Schilling2023-01-091-2/+6
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* fix(authentication): Invert the logic to the original intentionJoas Schilling2023-01-091-2/+3
| | | | | | | We need to store the new authentication details when the hash did **not** verify the old password. Signed-off-by: Joas Schilling <coding@schilljs.com>
* fix(authentication): Only verify each hash onceJoas Schilling2023-01-091-2/+4
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Merge pull request #33898 from nextcloud/fix/authtoken-password-updateJulius Härtl2023-01-052-4/+22
|\ | | | | PublickKeyTokenProvider: Fix password update routine with password hash
| * PublickKeyTokenProvider: Fix password update routine with password hashMarcel Klehr2023-01-042-4/+22
| | | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
* | Add a const for the max user password lengthJoas Schilling2023-01-041-1/+2
|/ | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Run session token renewals in a database transactionChristoph Wurst2022-10-181-23/+32
| | | | | | | | | | | | | The session token renewal does 1) Read the old token 2) Write a new token 3) Delete the old token If two processes succeed to read the old token there can be two new tokens because the queries were not run in a transaction. This is particularly problematic on clustered DBs where 1) would go to a read node and 2) and 3) go to a write node. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-17 01:17:04 +0000