aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/Authentication
Commit message (Collapse)AuthorAgeFilesLines
* Merge branch 'master' into enh/type-iconfig-getter-callsCôme Chilliet2023-04-201-51/+55
|\ | | | | Signed-off-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
| * fix(auth): Run token statements in atomic transactionChristoph Wurst2023-04-121-51/+55
| | | | | | | | | | | | All or nothing Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Use typed version of IConfig::getSystemValue as much as possibleCôme Chilliet2023-04-052-6/+6
|/ | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Fix types for reading and writing config valuesjld31032023-04-051-2/+2
| | | | Signed-off-by: jld3103 <jld3103yt@gmail.com>
* Merge pull request #36033 from ↵Côme Chilliet2023-03-151-1/+11
|\ | | | | | | | | nextcloud/invalidateTokensWhenDeletingOAuthClientMaster [master] invalidate existing tokens when deleting an oauth client
| * public interface to invalidate tokens of userArtur Neumann2023-03-141-1/+11
| | | | | | | | Signed-off-by: Artur Neumann <artur@jankaritech.com>
* | Don't try to hash a nonexisting passwordEmber 'n0emis' Keske2023-03-131-1/+1
|/ | | | | | Allows to log-in via a passwordless authentication provider, eg SSO Signed-off-by: Ember 'n0emis' Keske <git@n0emis.eu>
* fix(authentication): Handle null or empty string password hashJoas Schilling2023-02-101-1/+1
| | | | | | | | This can happen when the auth.storeCryptedPassword config is used, which previously errored with: Hasher::verify(): Argument #2 ($hash) must be of type string, null given Signed-off-by: Joas Schilling <coding@schilljs.com>
* Merge pull request #36621 from ↵Joas Schilling2023-02-101-1/+30
|\ | | | | | | | | nextcloud/perf/noid/only-check-for-token-when-it-can-actually-be fix(performance): Only search for auth tokens when the provided login…
| * fix(authentication): Check minimum length when creating app tokensJoas Schilling2023-02-091-2/+10
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
| * fix(performance): Only search for auth tokens when the provided login is ↵Joas Schilling2023-02-081-1/+22
| | | | | | | | | | | | long enough Signed-off-by: Joas Schilling <coding@schilljs.com>
* | fix(authtoken): Store only one hash for authtokens with the current password ↵Julius Härtl2023-02-092-1/+50
|/ | | | | | per user Signed-off-by: Julius Härtl <jus@bitgrid.net>
* composer run cs:fixCôme Chilliet2023-01-2042-44/+0
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Merge pull request #36001 from nextcloud/validate-user-tzVincent Petry2023-01-111-1/+5
|\ | | | | Validate user timezone given from login data before saving it
| * Validate user timezone given from login data before saving itThomas Citharel2023-01-041-1/+5
| | | | | | | | | | | | Follow-up to #36000 Signed-off-by: Thomas Citharel <tcit@tcit.fr>
* | fix(authentication): Update the token when the hash is null or can not be ↵Joas Schilling2023-01-091-4/+21
| | | | | | | | | | | | verified Signed-off-by: Joas Schilling <coding@schilljs.com>
* | fix(authentication): Only hash the new password when neededJoas Schilling2023-01-091-2/+6
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | fix(authentication): Invert the logic to the original intentionJoas Schilling2023-01-091-2/+3
| | | | | | | | | | | | | | We need to store the new authentication details when the hash did **not** verify the old password. Signed-off-by: Joas Schilling <coding@schilljs.com>
* | fix(authentication): Only verify each hash onceJoas Schilling2023-01-091-2/+4
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | Merge pull request #33898 from nextcloud/fix/authtoken-password-updateJulius Härtl2023-01-052-4/+22
|\ \ | | | | | | PublickKeyTokenProvider: Fix password update routine with password hash
| * | PublickKeyTokenProvider: Fix password update routine with password hashMarcel Klehr2023-01-042-4/+22
| |/ | | | | | | Signed-off-by: Marcel Klehr <mklehr@gmx.net>
* / Add a const for the max user password lengthJoas Schilling2023-01-041-1/+2
|/ | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Do not setup a session when not required on WebDAV requestsJulius Härtl2022-12-211-1/+2
| | | | | | | | | | If basic auth is used on WebDAV endpoints, we will not setup a session by default but instead set a test cookie. Clients which handle session cookies properly will send back the cookie then on the second request and a session will be initialized which can be resued for authentication. Signed-off-by: Julius Härtl <jus@bitgrid.net>
* feat: add event for failed loginsRoeland Jago Douma2022-11-243-5/+13
| | | | | | | | Apps might also like to know about failed logins. This adds that event. The private interface changes are backwards compatible so all should be fine. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Skip general login with email for non-valid addresses and LDAPJulius Härtl2022-10-261-0/+12
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Merge pull request #34554 from nextcloud/fix/psalm-twofactor-registryCarl Schwan2022-10-182-4/+4
|\ | | | | Fix wrong types in phpdoc for twofactor registry
| * Fix the type of the return array in a few more placesCarl Schwan2022-10-182-4/+4
| | | | | | | | Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* | Run session token renewals in a database transactionChristoph Wurst2022-10-181-23/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | The session token renewal does 1) Read the old token 2) Write a new token 3) Delete the old token If two processes succeed to read the old token there can be two new tokens because the queries were not run in a transaction. This is particularly problematic on clustered DBs where 1) would go to a read node and 2) and 3) go to a write node. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Merge pull request #31499 from nextcloud/bugfix/empty-secretCarl Schwan2022-10-171-5/+24
|\ \ | |/ |/| Add fallback routines for empty secret cases
| * Mark method as deprecatedCarl Schwan2022-09-131-1/+1
| | | | | | | | Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com> Signed-off-by: Carl Schwan <carl@carlschwan.eu>
| * Rotate token after fallbackJulius Härtl2022-03-101-2/+8
| | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
| * Add fallback routines for empty secret casesJulius Härtl2022-03-101-3/+16
| | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* | Pass logger to passwordless auth WebAuthn libChristoph Wurst2022-10-031-1/+4
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Add back TokenCleanupJob to invalidate old temporary tokensThomas Citharel2022-08-251-0/+41
| | | | | | | | Signed-off-by: Thomas Citharel <tcit@tcit.fr>
* | Do not update passwords if nothing changedJulius Härtl2022-08-091-3/+6
| | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* | Merge pull request #33225 from nextcloud/fix/handle-one-time-passwordsCarl Schwan2022-07-291-1/+1
|\ \ | | | | | | Handle one time password better
| * | Handle one time password betterCarl Schwan2022-07-281-1/+1
| | | | | | | | | | | | Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* | | Fix typos in lib/private subdirectoryluz paz2022-07-271-1/+1
| | | | | | | | | | | | | | | | | | Found via `codespell -q 3 -S l10n -L jus ./lib/private` Signed-off-by: luz paz <luzpaz@github.com>
* | | Merge pull request #30510 from nextcloud/user-cleanup-storage-before-cacheVincent Petry2022-07-261-1/+1
|\ \ \ | | | | | | | | delete files before cleaning cache when cleaning user files
| * | | delete files before cleaning cache when cleaning user filesRobin Appelman2022-06-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | otherwise, when using object store, we loose track of which files the user owns before we can delete them Signed-off-by: Robin Appelman <robin@icewind.nl>
* | | | Move CappedMemoryCache to OCPCarl Schwan2022-07-141-1/+1
| |/ / |/| | | | | | | | | | | | | | | | | | | | This is an helpful helper that should be used in more place than just server and this is already the case with groupfodlers, deck, user_oidc and more using it, so let's make it public Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* | | Handler large passwordsCarl Schwan2022-07-051-1/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For passwords bigger than 250 characters, use a bigger key since the performance impact is minor (around one second to encrypt the password). For passwords bigger than 470 characters, give up earlier and throw exeception recommanding admin to either enable the previously enabled configuration or use smaller passwords. Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* | | Handle one time passwordsCarl Schwan2022-07-051-1/+1
|/ / | | | | | | | | | | | | | | This adds an option to disable storing passwords in the database. This might be desirable when using single use token as passwords or very large passwords. Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* | Fix replacing external storage password during debug logChristoph Wurst2022-06-011-1/+1
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Merge pull request #32357 from nextcloud/user-delete-remove-wrappersJulius Härtl2022-05-161-0/+8
|\ \ | | | | | | remove storage wrappers when deleting the user storage
| * | remove storage wrappers when deleting the user storageRobin Appelman2022-05-121-0/+8
| | | | | | | | | | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* | | Fix user agent trimming on installationJoas Schilling2022-05-091-1/+1
|/ / | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | Log why the login token can't be used for credentialsChristoph Wurst2022-04-041-3/+3
| | | | | | | | | | | | And always pass the exception object to the logger. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Automatically cut the token name on the first levelJoas Schilling2022-03-232-3/+3
| | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* | Limit the length of app password namesJoas Schilling2022-03-232-0/+8
|/ | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-02 18:57:10 +0000