aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/Authentication
Commit message (Collapse)AuthorAgeFilesLines
* Format control structures, classes, methods and functionChristoph Wurst2020-04-1054-69/+3
| | | | | | | | | | | | | | | To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Use elseif instead of else ifChristoph Wurst2020-04-104-4/+4
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Unify function spacing to PSR2 recommendationChristoph Wurst2020-04-092-2/+2
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Use a blank line after the opening tagChristoph Wurst2020-04-097-0/+7
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Use exactly one empty line after the namespace declarationChristoph Wurst2020-04-091-1/+0
| | | | | | For PSR2 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix (array) indent style to always use one tabChristoph Wurst2020-04-091-2/+2
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix multiline commentsChristoph Wurst2020-04-083-4/+0
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Merge pull request #20241 from nextcloud/fix/license-headers-19Roeland Jago Douma2020-04-011-0/+1
|\ | | | | Update the license headers for Nextcloud 19
| * Update the license headers for Nextcloud 19Christoph Wurst2020-03-311-0/+1
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Merge pull request #19858 from nextcloud/feature/webauthnRoeland Jago Douma2020-03-318-13/+711
|\ \ | | | | | | Add WebAuthn support
| * | Start with webauthnRoeland Jago Douma2020-03-317-11/+709
| | | | | | | | | | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>
| * | Make password nullable in LoginDataRoeland Jago Douma2020-03-311-2/+2
| |/ | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* / [POC] Event for failed login attemptsRoeland Jago Douma2020-03-313-3/+122
|/ | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Remove unused importsChristoph Wurst2020-03-256-7/+0
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Merge pull request #20127 from nextcloud/bugfix/noid/check-user-on-remote-wipeRoeland Jago Douma2020-03-241-7/+3
|\ | | | | Check the user on remote wipe
| * Check the user on remote wipeJoas Schilling2020-03-161-7/+3
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | Fix recursive calls in logging via server methodsJoas Schilling2020-03-181-9/+2
|/ | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Merge pull request #19820 from nextcloud/fix/mismatching-docblock-return-typeChristoph Wurst2020-03-091-1/+1
|\ | | | | Fix mismatching docblock return types
| * Fix mismatching docblock return typesChristoph Wurst2020-03-061-1/+1
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Fix mismatching doc block parameter typesChristoph Wurst2020-03-061-1/+1
|/ | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix license headersChristoph Wurst2020-01-131-2/+3
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Clean up 2FA provider registry when a user is deletedChristoph Wurst2020-01-083-0/+66
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Update license headersChristoph Wurst2019-12-0556-137/+209
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Throw an invalid token exception is token is marked outdatedRoeland Jago Douma2019-12-022-0/+40
| | | | | | | This avoids hitting the backend with multiple requests for the same token. And will help avoid quick LDAP lockouts. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Handle token insert conflictsChristoph Wurst2019-11-261-9/+24
| | | | | | | | | | | | | | | | Env-based SAML uses the "Apache auth" mechanism to log users in. In this code path, we first delete all existin auth tokens from the database, before a new one is inserted. This is problematic for concurrent requests as they might reach the same code at the same time, hence both trying to insert a new row wit the same token (the session ID). This also bubbles up and disables user_saml. As the token might still be OK (both request will insert the same data), we can actually just check if the UIDs of the conflict row is the same as the one we want to insert right now. In that case let's just use the existing entry and carry on. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add return type hint to credential store and make it strictChristoph Wurst2019-11-251-3/+4
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Some php-cs fixesRoeland Jago Douma2019-11-224-2/+4
| | | | | | | | | | | * Order the imports * No leading slash on imports * Empty line before namespace * One line per import * Empty after imports * Emmpty line at bottom of file Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Make renewSessionToken return the new tokenRoeland Jago Douma2019-10-094-7/+14
| | | | | | | Avoids directly getting the token again. We just inserted it so it and have all the info. So that query is just a waste. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Cache the public key tokensRoeland Jago Douma2019-10-081-5/+42
| | | | | | | | | | Sometimes (esp with token auth) we query the same token multiple times. While this is properly indexed and fast it is still a bit of a waste. Right now it is doing very stupid caching. Which gets invalidate on any update. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Use the actual password to update the tokensRoeland Jago Douma2019-09-181-1/+1
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add uid to delete temp token queryDaniel Kesselberg2019-09-181-1/+2
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Use Symfony's new contract Event class instead of the deprecated oneChristoph Wurst2019-09-121-4/+3
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Pass $configargs to openssl_pkey_exportDaniel Kesselberg2019-07-211-1/+4
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Error with exception on SSL errorMorris Jobke2019-07-183-0/+13
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Update unit testsJoas Schilling2019-07-161-1/+1
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Fix new core notifierJoas Schilling2019-07-151-1/+20
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Make it possible to wipe all tokens/devices of a userChristoph Wurst2019-07-091-6/+36
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Refactor: move remote wipe token logic to RW serviceChristoph Wurst2019-07-092-1/+20
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Send emails when remote wipe starts/finishesChristoph Wurst2019-07-021-0/+171
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Decouple remote wipe notifcation channels with eventsChristoph Wurst2019-06-276-47/+269
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Remote wipe supportRoeland Jago Douma2019-05-209-1/+319
| | | | | | | | This allows a user to mark a token for remote wipe. Clients that support this can then wipe the device properly. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Allow 2FA to be setup on first loginRoeland Jago Douma2019-05-172-3/+32
| | | | | | | | | Once 2FA is enforced for a user and they have no 2FA setup yet this will now prompt them with a setup screen. Given that providers are enabled that allow setup then. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add a login chain to reduce the complexity of LoginController::tryLoginChristoph Wurst2019-05-0716-0/+1051
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add interface INamedTokenDaniel Kesselberg2019-02-023-4/+44
| | | | | | Remove $token instanceof DefaultToken || $token instanceof PublicKeyToken Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Clean pending 2FA authentication on password resetRoeland Jago Douma2019-01-291-0/+9
| | | | | | | | | | | When a password is reste we should make sure that all users are properly logged in. Pending states should be cleared. For example a session where the 2FA code is not entered yet should be cleared. The token is now removed so the session will be killed the next time this is checked (within 5 minutes). Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Read openssl error and logDaniel Kesselberg2018-12-061-1/+11
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* Move ExpiredTokenException to the correct namespaceRoeland Jago Douma2018-10-305-2/+6
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Catch more occurences where ExpiredTokenException can be thrownRoeland Jago Douma2018-10-211-1/+5
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Expired PK tokens should not fall back to legacy tokensRoeland Jago Douma2018-10-211-0/+2
| | | | | | Fixes #11919 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Make it possible to enforce mandatory 2FA for groupsChristoph Wurst2018-10-153-6/+158
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-05 06:18:46 +0000