summaryrefslogtreecommitdiffstats
path: root/lib/private/Authentication
Commit message (Collapse)AuthorAgeFilesLines
* Properly cleanup entries of WebAuthn on user deletionMorris Jobke2021-06-182-0/+63
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Update php licensesJohn Molakvoæ (skjnldsv)2021-06-0469-162/+115
| | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* better cleanup of user files on user deletionRobin Appelman2021-04-271-0/+73
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* Move 2fa backupscode to new registrationRoeland Jago Douma2021-04-201-1/+1
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Move 2FA registration to IBootstrapRoeland Jago Douma2021-04-201-1/+17
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Use correct getSystemValue typeJ0WI2021-04-121-1/+1
| | | | Signed-off-by: J0WI <J0WI@users.noreply.github.com>
* Add real events for enabled 2fa providers for usersRoeland Jago Douma2021-03-221-4/+16
| | | | | | | * Shiny new events * Listener to still emit the old event Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Merge pull request #25544 from nextcloud/refactor/app-password-created-eventChristoph Wurst2021-03-021-0/+43
|\ | | | | Move app_password_created to a typed event
| * Move app_password_created to a typed eventChristoph Wurst2021-02-091-0/+43
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Always renew apppasswords on loginRoeland Jago Douma2021-02-101-5/+0
|/ | | | | | | | Else you can end up that you renewed your password (LDAP for example). But they still don't work because you did not use them before you logged in. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Convert 2FA token type to stringChristoph Wurst2021-01-221-3/+3
| | | | | | | | The IConfig service is documented to handle its data as strings, hence this changes the code a bit to ensure we store keys as string and convert them back when reading. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Update all license headers for Nextcloud 21Christoph Wurst2020-12-1611-1/+11
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Type the authentication listenersChristoph Wurst2020-10-157-0/+21
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Use PSR logger in authenticationJoas Schilling2020-10-1211-60/+54
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Type some of the core mappersChristoph Wurst2020-10-124-1/+10
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Format code to a single space around binary operatorsChristoph Wurst2020-10-052-2/+2
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Allow configuring the activity update interval of tokenRoeland Jago Douma2020-10-041-1/+5
| | | | | | | | On some systems with a lot of users this creates a lot of extra DB writes. Being able to increase this interval helps there. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Merge pull request #22641 from ↵Roeland Jago Douma2020-09-081-2/+7
|\ | | | | | | | | nextcloud/fix/credentials-store-upgrade-property-undefined Fix undefined class property access after upgrade from 19 to 20
| * Fix undefined class property access after upgrade from 19 to 20Christoph Wurst2020-09-071-2/+7
| | | | | | | | | | | | | | | | | | The serialized data in 19 has one property less and this was not considered in the code. Hence adding a fallback. Moreover I'm changing the deserialization into an array instead of object, as that is the safer option. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Update license headers for Nextcloud 20 (again)Christoph Wurst2020-09-072-1/+3
|/ | | | | | | There are still lots of outdated headers, so time for another round of updates. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix app password updating out of boundsRoeland Jago Douma2020-09-032-0/+55
| | | | | | | | | | | | | | When your password changes out of bounds your Nextcloud tokens will become invalid. There is no real way around that. However we should make sure that if you successfully log in again your passwords are all updates * Added event listener to the PostLoggedInEvent so that we can act on it - Only if it is not a token login * Make sure that we actually reset the invalid state when we update a token. Else it keeps being marked invalid and thus not used. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Merge pull request #21288 from lmamane/masterRoeland Jago Douma2020-08-281-1/+1
|\ | | | | Return correct loginname in credentials
| * Return correct loginname in credentials,Lionel Elie Mamane2020-08-201-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | even when token is invalid or has no password. Returning the uid as loginname is wrong, and leads to problems when these differ. E.g. the getapppassword API was creating app token with the uid as loginname. In a scenario with external authentication (such as LDAP), these tokens were then invalidated next time their underlying password was checked, and systematically ceased to function. Co-authored-by: kesselb <mail@danielkesselberg.de> for: switch to consistent camelCase Signed-off-by: Lionel Elie Mamane <lionel@mamane.lu>
* | Update the license headers for Nextcloud 20Christoph Wurst2020-08-242-2/+4
|/ | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Use matching parameter names form interfaces and implementationsMorris Jobke2020-08-192-7/+7
| | | | | | Found by Psalm 3.14.1 Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Merge pull request #21344 from nextcloud/fix/twofactor-cleanup-eventMorris Jobke2020-08-132-10/+34
|\ | | | | Emit an event for every disabled 2FA provider during cleanup
| * Emit an event for every disabled 2FA provider during cleanupChristoph Wurst2020-06-162-10/+34
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Discourage webauthn user interactionRoeland Jago Douma2020-07-161-2/+7
|/ | | | | | | | | | Else people might have the feeling this is also doing 2FA. And since it is only prefered it can be ignored and hacked around. Once we have proper 2FA with webauthn in one go this probably needs to be revisted. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Clean up auth tokens when user is deletedChristoph Wurst2020-06-151-0/+72
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Improve traces of invalid token exceptionsChristoph Wurst2020-05-273-17/+20
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Remember the webauthn name of devicesRoeland Jago Douma2020-05-071-1/+3
| | | | | | | Fixes #20289 we should not reset to default once we have logged in with the device. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Update license headers for 19Christoph Wurst2020-04-2912-8/+22
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Do not create remember me cookieJulius Härtl2020-04-231-2/+6
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Add visibility to all constantsChristoph Wurst2020-04-106-13/+13
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add visibility to all methods and position of static keywordChristoph Wurst2020-04-102-3/+3
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Format control structures, classes, methods and functionChristoph Wurst2020-04-1054-69/+3
| | | | | | | | | | | | | | | To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Use elseif instead of else ifChristoph Wurst2020-04-104-4/+4
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Unify function spacing to PSR2 recommendationChristoph Wurst2020-04-092-2/+2
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Use a blank line after the opening tagChristoph Wurst2020-04-097-0/+7
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Use exactly one empty line after the namespace declarationChristoph Wurst2020-04-091-1/+0
| | | | | | For PSR2 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix (array) indent style to always use one tabChristoph Wurst2020-04-091-2/+2
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix multiline commentsChristoph Wurst2020-04-083-4/+0
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Merge pull request #20241 from nextcloud/fix/license-headers-19Roeland Jago Douma2020-04-011-0/+1
|\ | | | | Update the license headers for Nextcloud 19
| * Update the license headers for Nextcloud 19Christoph Wurst2020-03-311-0/+1
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Merge pull request #19858 from nextcloud/feature/webauthnRoeland Jago Douma2020-03-318-13/+711
|\ \ | | | | | | Add WebAuthn support
| * | Start with webauthnRoeland Jago Douma2020-03-317-11/+709
| | | | | | | | | | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>
| * | Make password nullable in LoginDataRoeland Jago Douma2020-03-311-2/+2
| |/ | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* / [POC] Event for failed login attemptsRoeland Jago Douma2020-03-313-3/+122
|/ | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Remove unused importsChristoph Wurst2020-03-256-7/+0
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Merge pull request #20127 from nextcloud/bugfix/noid/check-user-on-remote-wipeRoeland Jago Douma2020-03-241-7/+3
|\ | | | | Check the user on remote wipe
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-26 19:10:17 +0000