aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/Authentication
Commit message (Collapse)AuthorAgeFilesLines
...
| * | Start with webauthnRoeland Jago Douma2020-03-317-11/+709
| | | | | | | | | | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>
| * | Make password nullable in LoginDataRoeland Jago Douma2020-03-311-2/+2
| |/ | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* / [POC] Event for failed login attemptsRoeland Jago Douma2020-03-313-3/+122
|/ | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Remove unused importsChristoph Wurst2020-03-256-7/+0
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Merge pull request #20127 from nextcloud/bugfix/noid/check-user-on-remote-wipeRoeland Jago Douma2020-03-241-7/+3
|\ | | | | Check the user on remote wipe
| * Check the user on remote wipeJoas Schilling2020-03-161-7/+3
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | Fix recursive calls in logging via server methodsJoas Schilling2020-03-181-9/+2
|/ | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Merge pull request #19820 from nextcloud/fix/mismatching-docblock-return-typeChristoph Wurst2020-03-091-1/+1
|\ | | | | Fix mismatching docblock return types
| * Fix mismatching docblock return typesChristoph Wurst2020-03-061-1/+1
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Fix mismatching doc block parameter typesChristoph Wurst2020-03-061-1/+1
|/ | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix license headersChristoph Wurst2020-01-131-2/+3
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Clean up 2FA provider registry when a user is deletedChristoph Wurst2020-01-083-0/+66
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Update license headersChristoph Wurst2019-12-0556-137/+209
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Throw an invalid token exception is token is marked outdatedRoeland Jago Douma2019-12-022-0/+40
| | | | | | | This avoids hitting the backend with multiple requests for the same token. And will help avoid quick LDAP lockouts. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Handle token insert conflictsChristoph Wurst2019-11-261-9/+24
| | | | | | | | | | | | | | | | Env-based SAML uses the "Apache auth" mechanism to log users in. In this code path, we first delete all existin auth tokens from the database, before a new one is inserted. This is problematic for concurrent requests as they might reach the same code at the same time, hence both trying to insert a new row wit the same token (the session ID). This also bubbles up and disables user_saml. As the token might still be OK (both request will insert the same data), we can actually just check if the UIDs of the conflict row is the same as the one we want to insert right now. In that case let's just use the existing entry and carry on. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add return type hint to credential store and make it strictChristoph Wurst2019-11-251-3/+4
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Some php-cs fixesRoeland Jago Douma2019-11-224-2/+4
| | | | | | | | | | | * Order the imports * No leading slash on imports * Empty line before namespace * One line per import * Empty after imports * Emmpty line at bottom of file Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Make renewSessionToken return the new tokenRoeland Jago Douma2019-10-094-7/+14
| | | | | | | Avoids directly getting the token again. We just inserted it so it and have all the info. So that query is just a waste. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Cache the public key tokensRoeland Jago Douma2019-10-081-5/+42
| | | | | | | | | | Sometimes (esp with token auth) we query the same token multiple times. While this is properly indexed and fast it is still a bit of a waste. Right now it is doing very stupid caching. Which gets invalidate on any update. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Use the actual password to update the tokensRoeland Jago Douma2019-09-181-1/+1
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add uid to delete temp token queryDaniel Kesselberg2019-09-181-1/+2
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Use Symfony's new contract Event class instead of the deprecated oneChristoph Wurst2019-09-121-4/+3
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Pass $configargs to openssl_pkey_exportDaniel Kesselberg2019-07-211-1/+4
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Error with exception on SSL errorMorris Jobke2019-07-183-0/+13
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Update unit testsJoas Schilling2019-07-161-1/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Fix new core notifierJoas Schilling2019-07-151-1/+20
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Make it possible to wipe all tokens/devices of a userChristoph Wurst2019-07-091-6/+36
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Refactor: move remote wipe token logic to RW serviceChristoph Wurst2019-07-092-1/+20
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Send emails when remote wipe starts/finishesChristoph Wurst2019-07-021-0/+171
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Decouple remote wipe notifcation channels with eventsChristoph Wurst2019-06-276-47/+269
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Remote wipe supportRoeland Jago Douma2019-05-209-1/+319
| | | | | | | | This allows a user to mark a token for remote wipe. Clients that support this can then wipe the device properly. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Allow 2FA to be setup on first loginRoeland Jago Douma2019-05-172-3/+32
| | | | | | | | | Once 2FA is enforced for a user and they have no 2FA setup yet this will now prompt them with a setup screen. Given that providers are enabled that allow setup then. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add a login chain to reduce the complexity of LoginController::tryLoginChristoph Wurst2019-05-0716-0/+1051
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add interface INamedTokenDaniel Kesselberg2019-02-023-4/+44
| | | | | | Remove $token instanceof DefaultToken || $token instanceof PublicKeyToken Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Clean pending 2FA authentication on password resetRoeland Jago Douma2019-01-291-0/+9
| | | | | | | | | | | When a password is reste we should make sure that all users are properly logged in. Pending states should be cleared. For example a session where the 2FA code is not entered yet should be cleared. The token is now removed so the session will be killed the next time this is checked (within 5 minutes). Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Read openssl error and logDaniel Kesselberg2018-12-061-1/+11
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Move ExpiredTokenException to the correct namespaceRoeland Jago Douma2018-10-305-2/+6
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Catch more occurences where ExpiredTokenException can be thrownRoeland Jago Douma2018-10-211-1/+5
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Expired PK tokens should not fall back to legacy tokensRoeland Jago Douma2018-10-211-0/+2
| | | | | | Fixes #11919 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Make it possible to enforce mandatory 2FA for groupsChristoph Wurst2018-10-153-6/+158
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add testsRoeland Jago Douma2018-10-021-1/+4
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Update all the publickey tokens if needed on web loginRoeland Jago Douma2018-10-025-1/+48
| | | | | | | | | | * On weblogin check if we have invalid public key tokens * If so update them all with the new token This ensures that your marked as invalid tokens work again if you once login on the web. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Mark token as invalid if the password doesn't matchRoeland Jago Douma2018-10-025-0/+40
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Emit event on enablign or disabling of 2FA providerRoeland Jago Douma2018-10-011-1/+15
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add mandatory 2FA service/classChristoph Wurst2018-09-302-2/+60
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Merge pull request #11240 from ↵Morris Jobke2018-09-251-2/+2
|\ | | | | | | | | nextcloud/feature/noid/consider-openssl-settings-from-config.php Consider openssl settings from config.php
| * Consider openssl settings from config.phpDaniel Kesselberg2018-09-161-2/+2
| | | | | | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* | Only allow 2FA state changs if providers support the operationChristoph Wurst2018-09-255-25/+149
| | | | | | | | | | | | | | | | Ref https://github.com/nextcloud/server/issues/11019. Add `twofactorauth:cleanup` command Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Also adjust the expiration of PublicKeyTokenProviderJoas Schilling2018-09-201-2/+2
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | Copy the expiration from 480864b3e32d88361b17b70d238f986f64579757 to ↵Joas Schilling2018-09-191-1/+1
|/ | | | | | getTokenById Signed-off-by: Joas Schilling <coding@schilljs.com>
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-01 01:17:52 +0000