aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/Authentication
Commit message (Collapse)AuthorAgeFilesLines
...
* Update all license headers for Nextcloud 21Christoph Wurst2020-12-1611-1/+11
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Type the authentication listenersChristoph Wurst2020-10-157-0/+21
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Use PSR logger in authenticationJoas Schilling2020-10-1211-60/+54
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Type some of the core mappersChristoph Wurst2020-10-124-1/+10
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Format code to a single space around binary operatorsChristoph Wurst2020-10-052-2/+2
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Allow configuring the activity update interval of tokenRoeland Jago Douma2020-10-041-1/+5
| | | | | | | | On some systems with a lot of users this creates a lot of extra DB writes. Being able to increase this interval helps there. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Merge pull request #22641 from ↵Roeland Jago Douma2020-09-081-2/+7
|\ | | | | | | | | nextcloud/fix/credentials-store-upgrade-property-undefined Fix undefined class property access after upgrade from 19 to 20
| * Fix undefined class property access after upgrade from 19 to 20Christoph Wurst2020-09-071-2/+7
| | | | | | | | | | | | | | | | | | The serialized data in 19 has one property less and this was not considered in the code. Hence adding a fallback. Moreover I'm changing the deserialization into an array instead of object, as that is the safer option. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Update license headers for Nextcloud 20 (again)Christoph Wurst2020-09-072-1/+3
|/ | | | | | | There are still lots of outdated headers, so time for another round of updates. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix app password updating out of boundsRoeland Jago Douma2020-09-032-0/+55
| | | | | | | | | | | | | | When your password changes out of bounds your Nextcloud tokens will become invalid. There is no real way around that. However we should make sure that if you successfully log in again your passwords are all updates * Added event listener to the PostLoggedInEvent so that we can act on it - Only if it is not a token login * Make sure that we actually reset the invalid state when we update a token. Else it keeps being marked invalid and thus not used. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Merge pull request #21288 from lmamane/masterRoeland Jago Douma2020-08-281-1/+1
|\ | | | | Return correct loginname in credentials
| * Return correct loginname in credentials,Lionel Elie Mamane2020-08-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | even when token is invalid or has no password. Returning the uid as loginname is wrong, and leads to problems when these differ. E.g. the getapppassword API was creating app token with the uid as loginname. In a scenario with external authentication (such as LDAP), these tokens were then invalidated next time their underlying password was checked, and systematically ceased to function. Co-authored-by: kesselb <mail@danielkesselberg.de> for: switch to consistent camelCase Signed-off-by: Lionel Elie Mamane <lionel@mamane.lu>
* | Update the license headers for Nextcloud 20Christoph Wurst2020-08-242-2/+4
|/ | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Use matching parameter names form interfaces and implementationsMorris Jobke2020-08-192-7/+7
| | | | | | Found by Psalm 3.14.1 Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Merge pull request #21344 from nextcloud/fix/twofactor-cleanup-eventMorris Jobke2020-08-132-10/+34
|\ | | | | Emit an event for every disabled 2FA provider during cleanup
| * Emit an event for every disabled 2FA provider during cleanupChristoph Wurst2020-06-162-10/+34
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Discourage webauthn user interactionRoeland Jago Douma2020-07-161-2/+7
|/ | | | | | | | | | Else people might have the feeling this is also doing 2FA. And since it is only prefered it can be ignored and hacked around. Once we have proper 2FA with webauthn in one go this probably needs to be revisted. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Clean up auth tokens when user is deletedChristoph Wurst2020-06-151-0/+72
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Improve traces of invalid token exceptionsChristoph Wurst2020-05-273-17/+20
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Remember the webauthn name of devicesRoeland Jago Douma2020-05-071-1/+3
| | | | | | | Fixes #20289 we should not reset to default once we have logged in with the device. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Update license headers for 19Christoph Wurst2020-04-2912-8/+22
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Do not create remember me cookieJulius Härtl2020-04-231-2/+6
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Add visibility to all constantsChristoph Wurst2020-04-106-13/+13
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add visibility to all methods and position of static keywordChristoph Wurst2020-04-102-3/+3
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Format control structures, classes, methods and functionChristoph Wurst2020-04-1054-69/+3
| | | | | | | | | | | | | | | To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Use elseif instead of else ifChristoph Wurst2020-04-104-4/+4
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Unify function spacing to PSR2 recommendationChristoph Wurst2020-04-092-2/+2
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Use a blank line after the opening tagChristoph Wurst2020-04-097-0/+7
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Use exactly one empty line after the namespace declarationChristoph Wurst2020-04-091-1/+0
| | | | | | For PSR2 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix (array) indent style to always use one tabChristoph Wurst2020-04-091-2/+2
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix multiline commentsChristoph Wurst2020-04-083-4/+0
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Merge pull request #20241 from nextcloud/fix/license-headers-19Roeland Jago Douma2020-04-011-0/+1
|\ | | | | Update the license headers for Nextcloud 19
| * Update the license headers for Nextcloud 19Christoph Wurst2020-03-311-0/+1
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Merge pull request #19858 from nextcloud/feature/webauthnRoeland Jago Douma2020-03-318-13/+711
|\ \ | | | | | | Add WebAuthn support
| * | Start with webauthnRoeland Jago Douma2020-03-317-11/+709
| | | | | | | | | | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>
| * | Make password nullable in LoginDataRoeland Jago Douma2020-03-311-2/+2
| |/ | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* / [POC] Event for failed login attemptsRoeland Jago Douma2020-03-313-3/+122
|/ | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Remove unused importsChristoph Wurst2020-03-256-7/+0
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Merge pull request #20127 from nextcloud/bugfix/noid/check-user-on-remote-wipeRoeland Jago Douma2020-03-241-7/+3
|\ | | | | Check the user on remote wipe
| * Check the user on remote wipeJoas Schilling2020-03-161-7/+3
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | Fix recursive calls in logging via server methodsJoas Schilling2020-03-181-9/+2
|/ | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Merge pull request #19820 from nextcloud/fix/mismatching-docblock-return-typeChristoph Wurst2020-03-091-1/+1
|\ | | | | Fix mismatching docblock return types
| * Fix mismatching docblock return typesChristoph Wurst2020-03-061-1/+1
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Fix mismatching doc block parameter typesChristoph Wurst2020-03-061-1/+1
|/ | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix license headersChristoph Wurst2020-01-131-2/+3
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Clean up 2FA provider registry when a user is deletedChristoph Wurst2020-01-083-0/+66
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Update license headersChristoph Wurst2019-12-0556-137/+209
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Throw an invalid token exception is token is marked outdatedRoeland Jago Douma2019-12-022-0/+40
| | | | | | | This avoids hitting the backend with multiple requests for the same token. And will help avoid quick LDAP lockouts. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Handle token insert conflictsChristoph Wurst2019-11-261-9/+24
| | | | | | | | | | | | | | | | Env-based SAML uses the "Apache auth" mechanism to log users in. In this code path, we first delete all existin auth tokens from the database, before a new one is inserted. This is problematic for concurrent requests as they might reach the same code at the same time, hence both trying to insert a new row wit the same token (the session ID). This also bubbles up and disables user_saml. As the token might still be OK (both request will insert the same data), we can actually just check if the UIDs of the conflict row is the same as the one we want to insert right now. In that case let's just use the existing entry and carry on. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add return type hint to credential store and make it strictChristoph Wurst2019-11-251-3/+4
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-04 10:55:52 +0000