aboutsummaryrefslogtreecommitdiffstats
path: root/lib/private/User
Commit message (Collapse)AuthorAgeFilesLines
* Add dispatcher events to User and Group objectsJoas Schilling2019-03-012-25/+37
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Add isTokenLogin argument to post login hook/eventChristoph Wurst2019-01-231-2/+7
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Throttle with correct metadataRoeland Jago Douma2019-01-041-1/+1
| | | | | | Fixes #13202 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Use a case insensitive search for emailRoeland Jago Douma2018-12-201-1/+1
| | | | | | | | Fixes #7084 Now entering wrongly cased email (roeland@ instead of Roeland@) for password reset etc. Will also work. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Bearer tokens are app tokenRoeland Jago Douma2018-11-201-0/+4
| | | | | | | | | | Fixes #12498 This means that we set that it is a proper app token once it is validated. This will allow the 2FA middleware to just run the same check. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Use the defined func()->count() instead of manual countingJoas Schilling2018-11-081-2/+2
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Expose the backend of IUserRoeland Jago Douma2018-11-021-0/+4
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Error out early on an expired tokenRoeland Jago Douma2018-10-301-1/+11
| | | | | | | | | | | | | Fixes #12131 If we hit an expired token there is no need to continue checking. Since we know it is a token. We also should not register this with the bruteforce throttler as it is actually a valid token. Just expired. Instead the authentication should fail. And buisness continues as usual. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Properly escape column name in "createFunction" callMorris Jobke2018-10-161-2/+2
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* filter null values for UserManager::getByEmailGeorg Ehrke2018-10-151-1/+5
| | | | Signed-off-by: Georg Ehrke <developer@georgehrke.com>
* Just update password hash without validatingRoeland Jago Douma2018-10-031-8/+12
| | | | | | | | | | | Fixes #11097 If your password hash changed (becuse your are on 7.2 and we moved to ARGON2). Then we shold not 'set a new password' but just update the hash. As else we invoke the password policy again which might lock out users. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Update all the publickey tokens if needed on web loginRoeland Jago Douma2018-10-021-0/+4
| | | | | | | | | | * On weblogin check if we have invalid public key tokens * If so update them all with the new token This ensures that your marked as invalid tokens work again if you once login on the web. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Mark token as invalid if the password doesn't matchRoeland Jago Douma2018-10-021-3/+10
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Make authenticated cookies laxRoeland Jago Douma2018-09-281-4/+31
| | | | | | | | | | | | | | This protects our cookies a bit more. It makes sure that when a 3rdparty websites embededs a public alendar for example. That all the users see this in anonymous mode there. It adds a small helper function. In the future we can think about protecting other cookies like this as well. But for now this is sufficient to not have the user logged in at all when doing 3rdparty requests. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Update the scope of the lockdownmanagerRoeland Jago Douma2018-08-141-0/+3
| | | | | | We have the token anyway. So better the scope as well. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* make table name configurable for db user backendRobin Appelman2018-06-191-9/+13
| | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* Merge pull request #9881 from nextcloud/user-db-backend-querybuilderMorris Jobke2018-06-191-13/+26
|\ | | | | use query builder in all places in the db user backend
| * use query builder in all places in the db user backendRobin Appelman2018-06-151-13/+26
| | | | | | | | Signed-off-by: Robin Appelman <robin@icewind.nl>
* | Allow updating the token on session regenerationRoeland Jago Douma2018-06-141-0/+2
|/ | | | | | | Sometimes when we force a session regeneration we want to update the current token for this session. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Ignore case when sorting usersJohn Molakvoæ (skjnldsv)2018-05-261-2/+2
| | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* Added total count for subadminsJohn Molakvoæ (skjnldsv)2018-05-241-0/+19
| | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* Added disabled count per groupsJohn Molakvoæ (skjnldsv)2018-05-241-6/+42
| | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* move log constants to ILoggerArthur Schiwon2018-04-261-1/+2
| | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* Numeric only uids are no funRoeland Jago Douma2018-04-241-1/+4
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Cast retrieved DB fields to stringRoeland Jago Douma2018-04-241-4/+4
| | | | | | | | | | Fixes #9279 If a pure numerical user is in the DB the value might be casted to a int when returned. Cast it all to a string so we don't break the strict typing. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Merge pull request #8833 from nextcloud/feature/noid/add_ldap_user_hooksMorris Jobke2018-04-112-0/+6
|\ | | | | add anounce- and (pre/|post)RevokeUser signals for non-native backends
| * more consistent namingArthur Schiwon2018-04-052-6/+6
| | | | | | | | Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
| * admin_audit and dav listen to announce and revoke signalsArthur Schiwon2018-04-052-0/+6
| | | | | | | | | | | | also place them in doc Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* | Properly return boolean on enable stateJohn Molakvoæ (skjnldsv)2018-04-091-3/+2
| | | | | | | | Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
* | Use the uid_lower columnRoeland Jago Douma2018-04-061-24/+65
|/ | | | | | This can use a proper index Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Merge pull request #9063 from nextcloud/fix-callForSeenUsersMorris Jobke2018-04-041-1/+2
|\ | | | | Move on with the next user if we found the user on one user back-end
| * Move on with the next user if we found the user on one user back-endBjoern Schiessle2018-04-031-1/+2
| | | | | | | | Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
* | Move to ABackendRoeland Jago Douma2018-03-221-2/+2
| | | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Move Database backend over to new User/Backend interfacesRoeland Jago Douma2018-03-221-16/+30
| | | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Fix configuration values matched in user searchesDaniel Calviño Sánchez2018-03-141-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Due to a misplaced closing parenthesis the condition of the left join clause was just "userid = uid"; the other conditions were passed as additional parameters to "leftJoin", and thus they were ignored. Therefore, the result set contained every preference of each user instead of only the email, so the "WHERE configvalue LIKE XXX" matched any configuration value of the user. Besides the closing parenthesis this commit also fixes the literal values. Although "Literal" objects represent literal values they must be created through "IExpressionBuilder::literal()" to be properly quoted; otherwise it is just a plain string, which is treated as a column name. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
* | Merge pull request #7419 from Abijeet/feature-7175Morris Jobke2018-03-061-35/+44
|\ \ | |/ |/| Fixes #7175 - Allow to search for email address in user management
| * refactor user searchingRobin Appelman2017-12-201-44/+44
| | | | | | | | | | | | add additional user searching tests Signed-off-by: Robin Appelman <robin@icewind.nl>
| * Adds search by email function on the users screen.Abijeet2017-12-161-2/+11
| | | | | | | | | | | | | | | | | | | | | | Fixes #7175. - Updated the query to fetch the users in users > everyone tab. - Updated the query to fetch the users in users > admin tab. - Tested to ensure that the disabled users are also being fetched. - Added test cases. Signed-off-by: Abijeet <abijeetpatro@gmail.com>
* | Remove unused import statementsMorris Jobke2018-02-141-1/+0
| | | | | | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* | Remove unneeded semicolon and parenthesesMorris Jobke2018-01-261-1/+1
| | | | | | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* | Use proper code flow instead of not needed else branchMorris Jobke2018-01-251-11/+11
| | | | | | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* | Fix testsRoeland Jago Douma2018-01-231-3/+3
| | | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Don't polute log when loggin into dav with emailRoeland Jago Douma2018-01-231-10/+21
| | | | | | | | | | | | | | | | | | | | * We first try the email as username but this fails * Then we get the uid from the email and try again We should not log the first attempt since it polutes the log with failed login attempts while the login actually is valid. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | never translate login names when requiring with a user idArthur Schiwon2018-01-031-10/+0
|/ | | | | | where appropriate, the preLoginNameUsedAsUserName hook should be thrown. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
* Fix search in user managent when no group is selectedMorris Jobke2017-11-141-0/+2
| | | | | | * also allows to search by displayname Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Change @georgehrke's emailMorris Jobke2017-11-061-1/+1
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Update license headersMorris Jobke2017-11-065-5/+11
| | | | Signed-off-by: Morris Jobke <hey@morrisjobke.de>
* Fix failing csp/nonce check due to timed out sessionChristoph Wurst2017-09-041-5/+8
| | | | | | | | | | | | | | | | | | | | | | | The CSP nonce is based on the CSRF token. This token does not change, unless you log in (or out). In case of the session data being lost, e.g. because php gets rid of old sessions, a new CSRF token is gen- erated. While this is fine in theory, it actually caused some annoying problems where the browser restored a tab and Nextcloud js was blocked due to an outdated nonce. The main problem here is that, while processing the request, we write out security headers relatively early. At that point the CSRF token is known/generated and transformed into a CSP nonce. During this request, however, we also log the user in because the session information was lost. At that point we also refresh the CSRF token, which eventually causes the browser to block any scripts as the nonce in the header does not match the one which is used to include scripts. This patch adds a flag to indicate whether the CSRF token should be refreshed or not. It is assumed that refreshing is only necessary if we want to re-generate the session id too. To my knowledge, this case only happens on fresh logins, not when we recover from a deleted session file. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Prevent SQL error message in case of errorLukas Reschke2017-08-172-2/+9
| | | | | | | | | | | | | | `\OC\User\Database::createUser` can throw a PHP exception in case the UID is longer than permitted in the database. This is against it's PHPDocs and we should cast this to `false`, so that the regular error handling triggers in. The easiest way to reproduce is on MySQL: 1. Create user `aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa` in admin panel 2. Create user `aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa` in admin panel again 3. See SQL exception as error message Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Can not insert auto increment on oracleJoas Schilling2017-08-021-1/+2
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-29 18:04:30 +0000