aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/Authentication
Commit message (Collapse)AuthorAgeFilesLines
* Send emails when remote wipe starts/finishesChristoph Wurst2019-07-021-0/+171
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Decouple remote wipe notifcation channels with eventsChristoph Wurst2019-06-276-47/+269
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Remote wipe supportRoeland Jago Douma2019-05-209-1/+319
| | | | | | | | This allows a user to mark a token for remote wipe. Clients that support this can then wipe the device properly. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Allow 2FA to be setup on first loginRoeland Jago Douma2019-05-172-3/+32
| | | | | | | | | Once 2FA is enforced for a user and they have no 2FA setup yet this will now prompt them with a setup screen. Given that providers are enabled that allow setup then. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add a login chain to reduce the complexity of LoginController::tryLoginChristoph Wurst2019-05-0716-0/+1051
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add interface INamedTokenDaniel Kesselberg2019-02-023-4/+44
| | | | | | Remove $token instanceof DefaultToken || $token instanceof PublicKeyToken Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Clean pending 2FA authentication on password resetRoeland Jago Douma2019-01-291-0/+9
| | | | | | | | | | | When a password is reste we should make sure that all users are properly logged in. Pending states should be cleared. For example a session where the 2FA code is not entered yet should be cleared. The token is now removed so the session will be killed the next time this is checked (within 5 minutes). Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Read openssl error and logDaniel Kesselberg2018-12-061-1/+11
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Move ExpiredTokenException to the correct namespaceRoeland Jago Douma2018-10-305-2/+6
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Catch more occurences where ExpiredTokenException can be thrownRoeland Jago Douma2018-10-211-1/+5
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Expired PK tokens should not fall back to legacy tokensRoeland Jago Douma2018-10-211-0/+2
| | | | | | Fixes #11919 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Make it possible to enforce mandatory 2FA for groupsChristoph Wurst2018-10-153-6/+158
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add testsRoeland Jago Douma2018-10-021-1/+4
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Update all the publickey tokens if needed on web loginRoeland Jago Douma2018-10-025-1/+48
| | | | | | | | | | * On weblogin check if we have invalid public key tokens * If so update them all with the new token This ensures that your marked as invalid tokens work again if you once login on the web. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Mark token as invalid if the password doesn't matchRoeland Jago Douma2018-10-025-0/+40
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Emit event on enablign or disabling of 2FA providerRoeland Jago Douma2018-10-011-1/+15
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add mandatory 2FA service/classChristoph Wurst2018-09-302-2/+60
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Merge pull request #11240 from ↵Morris Jobke2018-09-251-2/+2
|\ | | | | | | | | nextcloud/feature/noid/consider-openssl-settings-from-config.php Consider openssl settings from config.php
| * Consider openssl settings from config.phpDaniel Kesselberg2018-09-161-2/+2
| | | | | | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* | Only allow 2FA state changs if providers support the operationChristoph Wurst2018-09-255-25/+149
| | | | | | | | | | | | | | | | Ref https://github.com/nextcloud/server/issues/11019. Add `twofactorauth:cleanup` command Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Also adjust the expiration of PublicKeyTokenProviderJoas Schilling2018-09-201-2/+2
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | Copy the expiration from 480864b3e32d88361b17b70d238f986f64579757 to ↵Joas Schilling2018-09-191-1/+1
|/ | | | | | getTokenById Signed-off-by: Joas Schilling <coding@schilljs.com>
* Expire tokens hardeningRoeland Jago Douma2018-09-071-1/+1
| | | | | | Just to be sure that the field is also not 0 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Fix handlng of concurrent inserts of the 2FA provider registry DAOChristoph Wurst2018-08-311-20/+9
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix 2FA being enforced if only backup codes provider is activeChristoph Wurst2018-08-101-4/+9
| | | | | | Fixes https://github.com/nextcloud/server/issues/10634. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix double-inserts of the same provider stateChristoph Wurst2018-08-091-6/+19
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Rename providerset method to get primary providersChristoph Wurst2018-08-081-1/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix login redirection if only one 2FA provider is activeChristoph Wurst2018-08-081-0/+11
| | | | | | Fixes https://github.com/nextcloud/server/issues/10500. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix 2FA provider registry population on loginChristoph Wurst2018-08-081-1/+3
| | | | | | | | If the 2FA provider registry has not been populated yet, we have to make sure all available providers are loaded and queried on login. Otherwise previously active 2FA providers aren't detected as enabled. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix duplicate inserts in the 2fa provider registry DAOChristoph Wurst2018-07-311-10/+18
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Make new classes strict and fix license headerChristoph Wurst2018-06-252-0/+2
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Make 2FA providers statefulChristoph Wurst2018-06-205-72/+391
| | | | | | | | | | | This adds persistence to the Nextcloud server 2FA logic so that the server knows which 2FA providers are enabled for a specific user at any time, even when the provider is not available. The `IStatefulProvider` interface was added as tagging interface for providers that are compatible with this new API. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* CommentsRoeland Jago Douma2018-06-195-6/+20
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add getProvider helper functionRoeland Jago Douma2018-06-181-35/+17
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Use constant for token versionRoeland Jago Douma2018-06-186-20/+22
| | | | | | | And don't set the version in the constructor. That would possible cause to many updates. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add more testsRoeland Jago Douma2018-06-183-3/+14
| | | | | | | | * Add a lot of tests * Fixes related to those tests * Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Generate the new publicKey tokens by default!Roeland Jago Douma2018-06-181-2/+1
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Actually convert the tokenRoeland Jago Douma2018-06-183-40/+94
| | | | | | | | | | * When getting the token * When rotating the token * Also store the encrypted password as base64 to avoid weird binary stuff Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add publickey provider to managerRoeland Jago Douma2018-06-181-47/+52
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* SetPassword on PublicKeyTokensRoeland Jago Douma2018-06-181-2/+12
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Just pass uid to the Token stuffRoeland Jago Douma2018-06-186-52/+26
| | | | | | We don't have user objects in the code everywhere Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add first testsRoeland Jago Douma2018-06-181-1/+10
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Initial PKT implementationRoeland Jago Douma2018-06-186-11/+672
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Abstract the Provider via a managerRoeland Jago Douma2018-06-181-0/+210
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Make the token expiration also work for autocasting 0Roeland Jago Douma2018-06-081-1/+1
| | | | | | | Some bad databases don't respect the default null apprently. Now even if they cast it to 0 it should work just fine. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Certain tokens can expireRoeland Jago Douma2018-05-176-5/+84
| | | | | | | | However due to the nature of what we store in the token (encrypted passwords etc). We can't just delete the tokens because that would make the oauth refresh useless. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Allow the rotation of tokensRoeland Jago Douma2018-05-164-2/+63
| | | | | | This for example will allow rotating the apptoken for oauth Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Refix scopeRoeland Jago Douma2018-05-152-3/+5
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Fix testsRoeland Jago Douma2018-05-154-17/+29
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Make the Token Auth code strictRoeland Jago Douma2018-05-155-90/+94
| | | | | | In preparation for #9441 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-14 18:53:51 +0000