aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/Authentication
Commit message (Collapse)AuthorAgeFilesLines
...
* Improve docblock annotations for tokens and their exceptionsCôme Chilliet2023-10-233-2/+5
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Use more precise typing for setScope method parameterCôme Chilliet2023-10-231-2/+2
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Make sure that OC interfaces returns OC interfaces for backward compatibilityCôme Chilliet2023-10-232-0/+26
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Move Exceptions used in OCP to OCPCôme Chilliet2023-10-233-33/+12
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Align PublicKeyToken with interface changesCôme Chilliet2023-10-231-10/+6
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Move IToken and IProvider::getToken to OCPCôme Chilliet2023-10-201-104/+2
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* fix(twofactor): avoid error in pgsql for duplicate entryBenjamin Gaussorgues2023-10-061-20/+17
| | | | Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
* Fix typoLucas Azevedo2023-08-251-1/+1
| | | | Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>
* Fixes from static analysisLucas Azevedo2023-08-251-3/+3
| | | | Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com> Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>
* Add last-used-before optionLucas Azevedo2023-08-254-0/+24
| | | | Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>
* docs: remove superfluous phpdocsDaniel Kesselberg2023-08-101-9/+1
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* fix!: Remove legacy event dispatching Symfony's GenericEvent from 2FA ManagerJoas Schilling2023-07-271-14/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* chore: Replace \OC::$server->query with \OCP\Server::get in /libChristoph Wurst2023-07-061-2/+2
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix event names of 2FA related typed eventsJoas Schilling2023-07-033-3/+13
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Merge branch 'master' into enh/type-iconfig-getter-callsCôme Chilliet2023-04-201-51/+55
|\ | | | | Signed-off-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
| * fix(auth): Run token statements in atomic transactionChristoph Wurst2023-04-121-51/+55
| | | | | | | | | | | | All or nothing Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Use typed version of IConfig::getSystemValue as much as possibleCôme Chilliet2023-04-052-6/+6
|/ | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Fix types for reading and writing config valuesjld31032023-04-051-2/+2
| | | | Signed-off-by: jld3103 <jld3103yt@gmail.com>
* Merge pull request #36033 from ↵Côme Chilliet2023-03-151-1/+11
|\ | | | | | | | | nextcloud/invalidateTokensWhenDeletingOAuthClientMaster [master] invalidate existing tokens when deleting an oauth client
| * public interface to invalidate tokens of userArtur Neumann2023-03-141-1/+11
| | | | | | | | Signed-off-by: Artur Neumann <artur@jankaritech.com>
* | Don't try to hash a nonexisting passwordEmber 'n0emis' Keske2023-03-131-1/+1
|/ | | | | | Allows to log-in via a passwordless authentication provider, eg SSO Signed-off-by: Ember 'n0emis' Keske <git@n0emis.eu>
* fix(authentication): Handle null or empty string password hashJoas Schilling2023-02-101-1/+1
| | | | | | | | This can happen when the auth.storeCryptedPassword config is used, which previously errored with: Hasher::verify(): Argument #2 ($hash) must be of type string, null given Signed-off-by: Joas Schilling <coding@schilljs.com>
* Merge pull request #36621 from ↵Joas Schilling2023-02-101-1/+30
|\ | | | | | | | | nextcloud/perf/noid/only-check-for-token-when-it-can-actually-be fix(performance): Only search for auth tokens when the provided login…
| * fix(authentication): Check minimum length when creating app tokensJoas Schilling2023-02-091-2/+10
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
| * fix(performance): Only search for auth tokens when the provided login is ↵Joas Schilling2023-02-081-1/+22
| | | | | | | | | | | | long enough Signed-off-by: Joas Schilling <coding@schilljs.com>
* | fix(authtoken): Store only one hash for authtokens with the current password ↵Julius Härtl2023-02-092-1/+50
|/ | | | | | per user Signed-off-by: Julius Härtl <jus@bitgrid.net>
* composer run cs:fixCôme Chilliet2023-01-2042-44/+0
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Merge pull request #36001 from nextcloud/validate-user-tzVincent Petry2023-01-111-1/+5
|\ | | | | Validate user timezone given from login data before saving it
| * Validate user timezone given from login data before saving itThomas Citharel2023-01-041-1/+5
| | | | | | | | | | | | Follow-up to #36000 Signed-off-by: Thomas Citharel <tcit@tcit.fr>
* | fix(authentication): Update the token when the hash is null or can not be ↵Joas Schilling2023-01-091-4/+21
| | | | | | | | | | | | verified Signed-off-by: Joas Schilling <coding@schilljs.com>
* | fix(authentication): Only hash the new password when neededJoas Schilling2023-01-091-2/+6
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | fix(authentication): Invert the logic to the original intentionJoas Schilling2023-01-091-2/+3
| | | | | | | | | | | | | | We need to store the new authentication details when the hash did **not** verify the old password. Signed-off-by: Joas Schilling <coding@schilljs.com>
* | fix(authentication): Only verify each hash onceJoas Schilling2023-01-091-2/+4
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | Merge pull request #33898 from nextcloud/fix/authtoken-password-updateJulius Härtl2023-01-052-4/+22
|\ \ | | | | | | PublickKeyTokenProvider: Fix password update routine with password hash
| * | PublickKeyTokenProvider: Fix password update routine with password hashMarcel Klehr2023-01-042-4/+22
| |/ | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
* / Add a const for the max user password lengthJoas Schilling2023-01-041-1/+2
|/ | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Do not setup a session when not required on WebDAV requestsJulius Härtl2022-12-211-1/+2
| | | | | | | | | | If basic auth is used on WebDAV endpoints, we will not setup a session by default but instead set a test cookie. Clients which handle session cookies properly will send back the cookie then on the second request and a session will be initialized which can be resued for authentication. Signed-off-by: Julius Härtl <jus@bitgrid.net>
* feat: add event for failed loginsRoeland Jago Douma2022-11-243-5/+13
| | | | | | | | Apps might also like to know about failed logins. This adds that event. The private interface changes are backwards compatible so all should be fine. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Skip general login with email for non-valid addresses and LDAPJulius Härtl2022-10-261-0/+12
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Merge pull request #34554 from nextcloud/fix/psalm-twofactor-registryCarl Schwan2022-10-182-4/+4
|\ | | | | Fix wrong types in phpdoc for twofactor registry
| * Fix the type of the return array in a few more placesCarl Schwan2022-10-182-4/+4
| | | | | | | | Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* | Run session token renewals in a database transactionChristoph Wurst2022-10-181-23/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | The session token renewal does 1) Read the old token 2) Write a new token 3) Delete the old token If two processes succeed to read the old token there can be two new tokens because the queries were not run in a transaction. This is particularly problematic on clustered DBs where 1) would go to a read node and 2) and 3) go to a write node. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Merge pull request #31499 from nextcloud/bugfix/empty-secretCarl Schwan2022-10-171-5/+24
|\ \ | |/ |/| Add fallback routines for empty secret cases
| * Mark method as deprecatedCarl Schwan2022-09-131-1/+1
| | | | | | | | Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com> Signed-off-by: Carl Schwan <carl@carlschwan.eu>
| * Rotate token after fallbackJulius Härtl2022-03-101-2/+8
| | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
| * Add fallback routines for empty secret casesJulius Härtl2022-03-101-3/+16
| | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* | Pass logger to passwordless auth WebAuthn libChristoph Wurst2022-10-031-1/+4
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Add back TokenCleanupJob to invalidate old temporary tokensThomas Citharel2022-08-251-0/+41
| | | | | | | | Signed-off-by: Thomas Citharel <tcit@tcit.fr>
* | Do not update passwords if nothing changedJulius Härtl2022-08-091-3/+6
| | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* | Merge pull request #33225 from nextcloud/fix/handle-one-time-passwordsCarl Schwan2022-07-291-1/+1
|\ \ | | | | | | Handle one time password better
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-13 07:10:55 +0000