aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/User/Session.php
Commit message (Collapse)AuthorAgeFilesLines
* chore(deps): Bump nextcloud/coding-standard in /vendor-bin/cs-fixerdependabot/composer/vendor-bin/cs-fixer/nextcloud/coding-standard-1.3.2dependabot[bot]2024-10-191-7/+7
| | | | | | | | | | | | | | | | | Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 1.3.1 to 1.3.2. - [Release notes](https://github.com/nextcloud/coding-standard/releases) - [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md) - [Commits](https://github.com/nextcloud/coding-standard/compare/v1.3.1...v1.3.2) --- updated-dependencies: - dependency-name: nextcloud/coding-standard dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Signed-off-by: provokateurin <kate@provokateurin.de>
* fix: update last_login timestamp for token based-loginsFabian Dreßler2024-09-061-0/+1
| | | | | | fixes #31075 and maybe #32953 Signed-off-by: Fabian Dreßler <nudelsalat@clouz.de>
* fix(Session): avoid race conditions on clustered setupsArthur Schiwon2024-07-101-44/+17
| | | | | | | | - re-stablishes old behaviour with cache to return null instead of throwing an InvalidTokenException when the token is cached as non-existing - token invalidation and re-generation are bundled in a DB transaction now Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* Merge branch 'master' into refactor/OC-Server-getCsrfTokenManagerJohn Molakvoæ2024-05-301-74/+108
|\ | | | | Signed-off-by: John Molakvoæ <skjnldsv@users.noreply.github.com>
| * Merge pull request #45411 from ↵Daniel2024-05-291-0/+4
| |\ | | | | | | | | | | | | nextcloud/fix/auth/selective-token-activity-update fix(auth): Update authtoken activity selectively
| | * fix(auth): Update authtoken activity selectivelyChristoph Wurst2024-05-211-0/+4
| | | | | | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
| * | chore: Add SPDX headerAndy Scherzinger2024-05-241-35/+3
| |/ | | | | | | Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
| * fix(session): Do not update authtoken last_check for passwordlessChristoph Wurst2024-04-261-2/+0
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
| * fix: Apply new coding standard to all filesCôme Chilliet2024-04-021-1/+1
| | | | | | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
| * fix: Implement option to temporarily set the user sessionJulius Härtl2024-03-191-0/+9
| | | | | | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
| * Refactor `OC\Server::getTwoFactorAuthManager`Andrew Summers2024-03-151-1/+2
| | | | | | | | Signed-off-by: Andrew Summers <18727110+summersab@users.noreply.github.com>
| * feat: rename users to account or personVincent Petry2024-02-131-1/+1
| | | | | | | | | | | | Replace translated text in most locations Signed-off-by: Vincent Petry <vincent@nextcloud.com>
| * chore: Replace OC::$server->getL10N by OCP\Util::getL10N in lib and some appsCôme Chilliet2024-02-051-2/+2
| | | | | | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
| * fix(auth): Fix logging in with email, password and login name mismatchChristoph Wurst2024-01-191-13/+24
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
| * fix(session): Avoid two useless authtoken DB queries for every anonymous requestGit'Fellow2024-01-171-2/+5
| | | | | | | | | | | | Co-Authored-By: Christoph Wurst <christoph@winzerhof-wurst.at> Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
| * Always catch OCP versions of authentication exceptionsCôme Chilliet2024-01-111-2/+2
| | | | | | | | | | | | And always throw OC versions for BC Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
| * perf: Use more performant way to obtain and check the email as a login name ↵Julius Härtl2023-11-301-2/+11
| | | | | | | | | | | | with token login Signed-off-by: Julius Härtl <jus@bitgrid.net>
| * chore: apply changes from Nextcloud coding standards 1.1.1Joas Schilling2023-11-231-12/+12
| | | | | | | | | | Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
| * Lower log level about invalid session tokenPatrick Fischer2023-11-061-1/+1
| |
| * fix(session): Log why session renewal failedChristoph Wurst2023-10-111-1/+2
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
| * fix: Log critical session renewal and logout pathsChristoph Wurst2023-10-091-5/+33
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
| * fix(user): Log affected user of app token login name mismatchChristoph Wurst2023-10-061-0/+2
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Refactor `OC\Server::getCsrfTokenManager`Andrew Summers2023-08-291-1/+2
|/ | | | Signed-off-by: Andrew Summers <18727110+summersab@users.noreply.github.com>
* techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25Joas Schilling2023-08-281-4/+4
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* fix!: Move getEventDispatcher usage to IEventDispatcherJoas Schilling2023-07-281-2/+4
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Refactors "strpos" calls in lib/private to improve code readability.Faraz Samapoor2023-05-151-1/+1
| | | | Signed-off-by: Faraz Samapoor <fsamapoor@gmail.com>
* fix(dav): Abort requests with 429 instead of waitingJoas Schilling2023-05-031-2/+2
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Use typed version of IConfig::getSystemValue as much as possibleCôme Chilliet2023-04-051-3/+3
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* chore: use local variable for remote addressDaniel Kesselberg2023-03-101-10/+16
| | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* feat: add event for failed loginsRoeland Jago Douma2022-11-241-1/+1
| | | | | | | | Apps might also like to know about failed logins. This adds that event. The private interface changes are backwards compatible so all should be fine. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Remove potential mismatching dav session data during loginJulius Härtl2022-11-221-0/+1
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Fix errors from PHP 8.2 testingCôme Chilliet2022-11-141-3/+1
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Fix unsuccessful token login logged as errorChristoph Wurst2022-11-071-1/+1
| | | | | | | | | | | | | The condition of a non-existent login token can happen for concurrent requests. Admins can not do anything about this. So this is to be expected to happen occasionally. This event is only bad if none of the requests is able to re-acquire a session. Luckily this happens rarely. If a login loop persists an admin can still lower the log level to find this info. But a default error log level will no longer write those infos about the failed cookie login of one request. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* dont try email login if the provider username is not a valid emailRobin Appelman2022-09-141-0/+3
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* Log if cookie login failed with token mismatch or session unavailabilityChristoph Wurst2022-08-311-0/+8
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix psalm issues related to the user backendCarl Schwan2022-05-201-5/+5
| | | | | | | | | | | | | - Reflect the actual return value returned by the implementation in the the interface. E.g. IUser|bool -> IUser|false - Remove $hasLoggedIn parameter from private countUser implementation. Replace the two call with the equivalent countSeenUser - getBackend is nuallable, add this to the interface - Use backend interface to make psalm happy about call to undefined methods. Also helps with getting rid at some point of the old implementActions Signed-off-by: Carl Schwan <carl@carlschwan.eu>
* Migrate from ILogger to LoggerInterface in lib/privateCôme Chilliet2022-03-241-18/+6
| | | | Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
* Only setupFS when we have to copy the skeletonJoas Schilling2022-02-251-4/+4
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Update Session.phpMarek-Wojtowicz2022-01-121-1/+1
| | | | | | The http headers according to rfc 2616 is iso-8859-1. This patch fixes the behavior when non-ascii characters are present in the header. Signed-off-by: Marek Wójtowicz <Marek.Wojtowicz@agh.edu.pl>
* Remove default token which is deprecated since Nextcloud 13Joas Schilling2021-12-011-2/+2
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Fix missing token updateJoas Schilling2021-11-121-0/+2
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Emit an error log when the app token login name does not matchChristoph Wurst2021-08-131-1/+6
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Update php licensesJohn Molakvoæ (skjnldsv)2021-06-041-1/+0
| | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* Throw "401 Unauthenticated" when authentication is provided but invalidJoas Schilling2021-04-221-0/+2
| | | | | | E.g. with an AppToken that has been revoked Signed-off-by: Joas Schilling <coding@schilljs.com>
* token login: emit preLogin event with LoginNameLionel Elie Mamane2021-02-191-1/+1
| | | | | | to bring it in line with normal (non-token) login. Signed-off-by: Lionel Elie Mamane <lionel@mamane.lu>
* Update all license headers for Nextcloud 21Christoph Wurst2020-12-161-1/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix typo Morris Jobke2020-12-041-1/+1
| | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Remember me is not an app_passwordRoeland Jago Douma2020-12-041-2/+12
| | | | | | | | While technically they are stored the same. This session variable is used to indicate that a user is using an app password to authenticate. Like from a client. Or when having it generated automatically. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Bearer must be in the start of the auth headerRoeland Jago Douma2020-11-061-3/+3
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Update license headers for Nextcloud 20 (again)Christoph Wurst2020-09-071-0/+1
| | | | | | | There are still lots of outdated headers, so time for another round of updates. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
generated by cgit v1.2.3 (git 2.39.1) at 2025-08-04 20:18:46 +0000