summaryrefslogtreecommitdiffstats
path: root/lib/private/User
Commit message (Collapse)AuthorAgeFilesLines
* Format control structures, classes, methods and functionChristoph Wurst2020-04-106-28/+21
| | | | | | | | | | | | | | | To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Use elseif instead of else ifChristoph Wurst2020-04-102-2/+2
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Merge pull request #20391 from nextcloud/refactor/spaces-cleanupChristoph Wurst2020-04-093-3/+3
|\ | | | | Remove all extra whitespace PSR2 does not like
| * Remove trailing and in between spacesChristoph Wurst2020-04-093-3/+3
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Merge pull request #20384 from nextcloud/techdebt/lowercase-keywordsChristoph Wurst2020-04-091-1/+1
|\ \ | |/ |/| Use php keywords in lowercase
| * Use php keywords in lowercaseChristoph Wurst2020-04-091-1/+1
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Unify function spacing to PSR2 recommendationChristoph Wurst2020-04-092-4/+4
|/ | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix (array) indent style to always use one tabChristoph Wurst2020-04-091-7/+7
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix multiline commentsChristoph Wurst2020-04-082-23/+21
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Merge pull request #20241 from nextcloud/fix/license-headers-19Roeland Jago Douma2020-04-012-0/+2
|\ | | | | Update the license headers for Nextcloud 19
| * Update the license headers for Nextcloud 19Christoph Wurst2020-03-312-0/+2
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | [POC] Event for failed login attemptsRoeland Jago Douma2020-03-311-1/+7
|/ | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Merge pull request #20170 from nextcloud/techdebt/remove-unused-importsChristoph Wurst2020-03-271-1/+0
|\ | | | | Remove unused imports
| * Remove unused importsChristoph Wurst2020-03-251-1/+0
| | | | | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* | Use the short array syntax, everywhereChristoph Wurst2020-03-264-20/+20
|/ | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix mismatching docblock return typesChristoph Wurst2020-03-061-1/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add typed events for all user hooks and legacy eventsChristoph Wurst2019-12-111-3/+3
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Update license headersChristoph Wurst2019-12-057-11/+21
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Prevent creating users with existing filesJoas Schilling2019-12-041-7/+19
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Add typed create user eventsChristoph Wurst2019-12-031-5/+17
| | | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at> Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add typed events for password_policyChristoph Wurst2019-11-271-8/+7
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Some php-cs fixesRoeland Jago Douma2019-11-224-6/+6
| | | | | | | | | | | * Order the imports * No leading slash on imports * Empty line before namespace * One line per import * Empty after imports * Emmpty line at bottom of file Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Make the post login event publicChristoph Wurst2019-11-202-67/+3
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Make sure limit is never negativeRoeland Jago Douma2019-10-281-0/+10
| | | | | | | | | There were some cases where a negative limit could be passed in. Which would happily make the query explode. This is just a quick hack to make sure it never is negative. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Make renewSessionToken return the new tokenRoeland Jago Douma2019-10-091-2/+1
| | | | | | | Avoids directly getting the token again. We just inserted it so it and have all the info. So that query is just a waste. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Disable app token creation for impersonated people, ref #15539Greta Doci2019-09-151-0/+23
| | | | Signed-off-by: Greta Doci <gretadoci@gmail.com>
* Get the proper UIDRoeland Jago Douma2019-08-132-1/+17
| | | | | | | | | | | | | | | | | | | | | Some user backends (like the database backend) allow us to obtain a user case insensitive. However the UID itself is case sensitive. Example: * create a user User1 * login as User1 - This results the data/User1 folder to be created etc * now have some code somewhere that obtains the userFolder (from IRootFolder) but pas in 'uSER1' as uid - The code will check if that is a valid user. And in this case it is since User1 and uSER1 both map to the same user - However the the UID in the user object is used for the folder a new folder fill be create data/uSER1 With this PR this is avoided now. Since we obtain the real UID casing in the backend before creating the user object. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add proper PostLoginEventRoeland Jago Douma2019-07-292-1/+77
| | | | | | | This can be used by othr mechanisms to listen for this event in a lazy fashion. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add event dispatcher to OCPChristoph Wurst2019-06-251-3/+3
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add a login chain to reduce the complexity of LoginController::tryLoginChristoph Wurst2019-05-071-1/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* remove obsolete use statementsArthur Schiwon2019-04-241-2/+0
| | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* lib/private/User: do not change user properties if value has not changedLeon Klingele2019-04-111-1/+1
|
* lib/private/User,apps/user_ldap/lib/User: always pass old value to ↵Leon Klingele2019-04-111-1/+2
| | | | User::triggerChange
* lib/private/User: do not change user properties if value has not changedLeon Klingele2019-04-111-6/+6
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Pass old value to user triggerChange hookMorris Jobke2019-04-111-4/+4
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Do not allow invalid users to be createdRoeland Jago Douma2019-03-141-0/+14
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add dispatcher events to User and Group objectsJoas Schilling2019-03-012-25/+37
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Add isTokenLogin argument to post login hook/eventChristoph Wurst2019-01-231-2/+7
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Throttle with correct metadataRoeland Jago Douma2019-01-041-1/+1
| | | | | | Fixes #13202 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Use a case insensitive search for emailRoeland Jago Douma2018-12-201-1/+1
| | | | | | | | Fixes #7084 Now entering wrongly cased email (roeland@ instead of Roeland@) for password reset etc. Will also work. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Bearer tokens are app tokenRoeland Jago Douma2018-11-201-0/+4
| | | | | | | | | | Fixes #12498 This means that we set that it is a proper app token once it is validated. This will allow the 2FA middleware to just run the same check. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Use the defined func()->count() instead of manual countingJoas Schilling2018-11-081-2/+2
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Expose the backend of IUserRoeland Jago Douma2018-11-021-0/+4
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Error out early on an expired tokenRoeland Jago Douma2018-10-301-1/+11
| | | | | | | | | | | | | Fixes #12131 If we hit an expired token there is no need to continue checking. Since we know it is a token. We also should not register this with the bruteforce throttler as it is actually a valid token. Just expired. Instead the authentication should fail. And buisness continues as usual. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Properly escape column name in "createFunction" callMorris Jobke2018-10-161-2/+2
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* filter null values for UserManager::getByEmailGeorg Ehrke2018-10-151-1/+5
| | | | Signed-off-by: Georg Ehrke <developer@georgehrke.com>
* Just update password hash without validatingRoeland Jago Douma2018-10-031-8/+12
| | | | | | | | | | | Fixes #11097 If your password hash changed (becuse your are on 7.2 and we moved to ARGON2). Then we shold not 'set a new password' but just update the hash. As else we invoke the password policy again which might lock out users. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Update all the publickey tokens if needed on web loginRoeland Jago Douma2018-10-021-0/+4
| | | | | | | | | | * On weblogin check if we have invalid public key tokens * If so update them all with the new token This ensures that your marked as invalid tokens work again if you once login on the web. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Mark token as invalid if the password doesn't matchRoeland Jago Douma2018-10-021-3/+10
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Make authenticated cookies laxRoeland Jago Douma2018-09-281-4/+31
| | | | | | | | | | | | | | This protects our cookies a bit more. It makes sure that when a 3rdparty websites embededs a public alendar for example. That all the users see this in anonymous mode there. It adds a small helper function. In the future we can think about protecting other cookies like this as well. But for now this is sufficient to not have the user logged in at all when doing 3rdparty requests. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-11 00:29:51 +0000