summaryrefslogtreecommitdiffstats
path: root/lib/private/Authentication
Commit message (Collapse)AuthorAgeFilesLines
* Move ExpiredTokenException to the correct namespaceRoeland Jago Douma2018-10-305-2/+6
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Catch more occurences where ExpiredTokenException can be thrownRoeland Jago Douma2018-10-211-1/+5
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Expired PK tokens should not fall back to legacy tokensRoeland Jago Douma2018-10-211-0/+2
| | | | | | Fixes #11919 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Make it possible to enforce mandatory 2FA for groupsChristoph Wurst2018-10-153-6/+158
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add testsRoeland Jago Douma2018-10-021-1/+4
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Update all the publickey tokens if needed on web loginRoeland Jago Douma2018-10-025-1/+48
| | | | | | | | | | * On weblogin check if we have invalid public key tokens * If so update them all with the new token This ensures that your marked as invalid tokens work again if you once login on the web. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Mark token as invalid if the password doesn't matchRoeland Jago Douma2018-10-025-0/+40
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Emit event on enablign or disabling of 2FA providerRoeland Jago Douma2018-10-011-1/+15
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add mandatory 2FA service/classChristoph Wurst2018-09-302-2/+60
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Merge pull request #11240 from ↵Morris Jobke2018-09-251-2/+2
|\ | | | | | | | | nextcloud/feature/noid/consider-openssl-settings-from-config.php Consider openssl settings from config.php
| * Consider openssl settings from config.phpDaniel Kesselberg2018-09-161-2/+2
| | | | | | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* | Only allow 2FA state changs if providers support the operationChristoph Wurst2018-09-255-25/+149
| | | | | | | | | | | | | | | | Ref https://github.com/nextcloud/server/issues/11019. Add `twofactorauth:cleanup` command Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Also adjust the expiration of PublicKeyTokenProviderJoas Schilling2018-09-201-2/+2
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | Copy the expiration from 480864b3e32d88361b17b70d238f986f64579757 to ↵Joas Schilling2018-09-191-1/+1
|/ | | | | | getTokenById Signed-off-by: Joas Schilling <coding@schilljs.com>
* Expire tokens hardeningRoeland Jago Douma2018-09-071-1/+1
| | | | | | Just to be sure that the field is also not 0 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Fix handlng of concurrent inserts of the 2FA provider registry DAOChristoph Wurst2018-08-311-20/+9
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix 2FA being enforced if only backup codes provider is activeChristoph Wurst2018-08-101-4/+9
| | | | | | Fixes https://github.com/nextcloud/server/issues/10634. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix double-inserts of the same provider stateChristoph Wurst2018-08-091-6/+19
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Rename providerset method to get primary providersChristoph Wurst2018-08-081-1/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix login redirection if only one 2FA provider is activeChristoph Wurst2018-08-081-0/+11
| | | | | | Fixes https://github.com/nextcloud/server/issues/10500. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix 2FA provider registry population on loginChristoph Wurst2018-08-081-1/+3
| | | | | | | | If the 2FA provider registry has not been populated yet, we have to make sure all available providers are loaded and queried on login. Otherwise previously active 2FA providers aren't detected as enabled. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix duplicate inserts in the 2fa provider registry DAOChristoph Wurst2018-07-311-10/+18
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Make new classes strict and fix license headerChristoph Wurst2018-06-252-0/+2
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Make 2FA providers statefulChristoph Wurst2018-06-205-72/+391
| | | | | | | | | | | This adds persistence to the Nextcloud server 2FA logic so that the server knows which 2FA providers are enabled for a specific user at any time, even when the provider is not available. The `IStatefulProvider` interface was added as tagging interface for providers that are compatible with this new API. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* CommentsRoeland Jago Douma2018-06-195-6/+20
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add getProvider helper functionRoeland Jago Douma2018-06-181-35/+17
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Use constant for token versionRoeland Jago Douma2018-06-186-20/+22
| | | | | | | And don't set the version in the constructor. That would possible cause to many updates. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add more testsRoeland Jago Douma2018-06-183-3/+14
| | | | | | | | * Add a lot of tests * Fixes related to those tests * Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Generate the new publicKey tokens by default!Roeland Jago Douma2018-06-181-2/+1
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Actually convert the tokenRoeland Jago Douma2018-06-183-40/+94
| | | | | | | | | | * When getting the token * When rotating the token * Also store the encrypted password as base64 to avoid weird binary stuff Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add publickey provider to managerRoeland Jago Douma2018-06-181-47/+52
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* SetPassword on PublicKeyTokensRoeland Jago Douma2018-06-181-2/+12
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Just pass uid to the Token stuffRoeland Jago Douma2018-06-186-52/+26
| | | | | | We don't have user objects in the code everywhere Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add first testsRoeland Jago Douma2018-06-181-1/+10
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Initial PKT implementationRoeland Jago Douma2018-06-186-11/+672
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Abstract the Provider via a managerRoeland Jago Douma2018-06-181-0/+210
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Make the token expiration also work for autocasting 0Roeland Jago Douma2018-06-081-1/+1
| | | | | | | Some bad databases don't respect the default null apprently. Now even if they cast it to 0 it should work just fine. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Certain tokens can expireRoeland Jago Douma2018-05-176-5/+84
| | | | | | | | However due to the nature of what we store in the token (encrypted passwords etc). We can't just delete the tokens because that would make the oauth refresh useless. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Allow the rotation of tokensRoeland Jago Douma2018-05-164-2/+63
| | | | | | This for example will allow rotating the apptoken for oauth Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Refix scopeRoeland Jago Douma2018-05-152-3/+5
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Fix testsRoeland Jago Douma2018-05-154-17/+29
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Make the Token Auth code strictRoeland Jago Douma2018-05-155-90/+94
| | | | | | In preparation for #9441 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Move over TokenMapperRoeland Jago Douma2018-05-101-1/+2
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Use ::class statement instead of stringMorris Jobke2018-01-291-1/+1
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Dispatch event on twofactor failure and successRoeland Jago Douma2018-01-251-13/+30
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Loss of performance on Login after upgrade from NC10 + LDAP to NC 12 + LDAP ↵Flávio Gomes da Silva Lisboa2017-11-271-0/+1
| | | | | | #6732 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Update license headersMorris Jobke2017-11-068-5/+20
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Fix duplicate session token after remembered loginChristoph Wurst2017-09-201-0/+1
| | | | | | | | | On a remembered login session, we create a new session token in the database with the values of the old one. As we actually don't need the old session token anymore, we can delete it right away. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix AppPassword 2FA authRoeland Jago Douma2017-09-121-1/+5
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Fix login with basic authRoeland Jago Douma2017-09-051-1/+0
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-27 02:25:30 +0000