aboutsummaryrefslogtreecommitdiffstats
path: root/tests/lib/Authentication
Commit message (Collapse)AuthorAgeFilesLines
...
* Make phpunit8 compatibleRoeland Jago Douma2019-11-2731-31/+31
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Handle token insert conflictsChristoph Wurst2019-11-261-10/+44
| | | | | | | | | | | | | | | | Env-based SAML uses the "Apache auth" mechanism to log users in. In this code path, we first delete all existin auth tokens from the database, before a new one is inserted. This is problematic for concurrent requests as they might reach the same code at the same time, hence both trying to insert a new row wit the same token (the session ID). This also bubbles up and disables user_saml. As the token might still be OK (both request will insert the same data), we can actually just check if the UIDs of the conflict row is the same as the one we want to insert right now. In that case let's just use the existing entry and carry on. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Some php-cs fixesRoeland Jago Douma2019-11-225-6/+6
| | | | | | | | | | | * Order the imports * No leading slash on imports * Empty line before namespace * One line per import * Empty after imports * Emmpty line at bottom of file Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Use the actual password to update the tokensRoeland Jago Douma2019-09-181-2/+2
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Use Symfony's new contract Event class instead of the deprecated oneChristoph Wurst2019-09-121-8/+8
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Update unit testsJoas Schilling2019-07-161-2/+2
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Make it possible to wipe all tokens/devices of a userChristoph Wurst2019-07-091-0/+38
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Refactor: move remote wipe token logic to RW serviceChristoph Wurst2019-07-091-0/+30
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Send emails when remote wipe starts/finishesChristoph Wurst2019-07-021-0/+241
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Decouple remote wipe notifcation channels with eventsChristoph Wurst2019-06-275-0/+513
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Allow 2FA to be setup on first loginRoeland Jago Douma2019-05-172-0/+199
| | | | | | | | | Once 2FA is enforced for a user and they have no 2FA setup yet this will now prompt them with a setup screen. Given that providers are enabled that allow setup then. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add a login chain to reduce the complexity of LoginController::tryLoginChristoph Wurst2019-05-0713-0/+1254
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Use the defined func()->count() instead of manual countingJoas Schilling2018-11-082-2/+2
| | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Move ExpiredTokenException to the correct namespaceRoeland Jago Douma2018-10-302-5/+2
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Make it possible to enforce mandatory 2FA for groupsChristoph Wurst2018-10-153-34/+216
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add testsRoeland Jago Douma2018-10-024-6/+157
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Generate backups code notification if not enable but 2fa isRoeland Jago Douma2018-10-011-1/+27
| | | | | | | | | | | | Generate a notification to generate backup codes if you enable an other 2FA provider but backup codes are not yet generated. * Add event listner * Insert background job * Background job tests and emits notification every 2 weeks * If the backup codes are generated the next run will remove the job Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add mandatory 2FA service/classChristoph Wurst2018-09-302-0/+114
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Merge pull request #11240 from ↵Morris Jobke2018-09-251-0/+1
|\ | | | | | | | | nextcloud/feature/noid/consider-openssl-settings-from-config.php Consider openssl settings from config.php
| * Add openssl to mockDaniel Kesselberg2018-09-161-0/+1
| | | | | | | | Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
* | Only allow 2FA state changs if providers support the operationChristoph Wurst2018-09-254-28/+176
|/ | | | | | | | Ref https://github.com/nextcloud/server/issues/11019. Add `twofactorauth:cleanup` command Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Remove unused importChristoph Wurst2018-08-101-1/+0
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix 2FA being enforced if only backup codes provider is activeChristoph Wurst2018-08-101-0/+27
| | | | | | Fixes https://github.com/nextcloud/server/issues/10634. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix double-inserts of the same provider stateChristoph Wurst2018-08-091-2/+2
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Add integration/unit test for the double-insert of same valuesChristoph Wurst2018-08-091-0/+19
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Rename providerset method to get primary providersChristoph Wurst2018-08-081-1/+1
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix login redirection if only one 2FA provider is activeChristoph Wurst2018-08-081-0/+18
| | | | | | Fixes https://github.com/nextcloud/server/issues/10500. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix 2FA provider registry population on loginChristoph Wurst2018-08-081-3/+79
| | | | | | | | If the 2FA provider registry has not been populated yet, we have to make sure all available providers are loaded and queried on login. Otherwise previously active 2FA providers aren't detected as enabled. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix duplicate inserts in the 2fa provider registry DAOChristoph Wurst2018-07-311-0/+19
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Make new classes strict and fix license headerChristoph Wurst2018-06-253-4/+22
| | | | Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Make 2FA providers statefulChristoph Wurst2018-06-205-136/+451
| | | | | | | | | | | This adds persistence to the Nextcloud server 2FA logic so that the server knows which 2FA providers are enabled for a specific user at any time, even when the provider is not available. The `IStatefulProvider` interface was added as tagging interface for providers that are compatible with this new API. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Use constant for token versionRoeland Jago Douma2018-06-183-0/+5
| | | | | | | And don't set the version in the constructor. That would possible cause to many updates. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add more testsRoeland Jago Douma2018-06-184-31/+492
| | | | | | | | * Add a lot of tests * Fixes related to those tests * Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* SetPassword on PublicKeyTokensRoeland Jago Douma2018-06-182-12/+19
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Just pass uid to the Token stuffRoeland Jago Douma2018-06-181-24/+4
| | | | | | We don't have user objects in the code everywhere Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add first testsRoeland Jago Douma2018-06-183-0/+775
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Certain tokens can expireRoeland Jago Douma2018-05-171-0/+75
| | | | | | | | However due to the nature of what we store in the token (encrypted passwords etc). We can't just delete the tokens because that would make the oauth refresh useless. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Allow the rotation of tokensRoeland Jago Douma2018-05-161-0/+42
| | | | | | This for example will allow rotating the apptoken for oauth Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Fix testsRoeland Jago Douma2018-05-152-13/+3
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Add all parameters to returnValueMapJulius Härtl2018-01-311-2/+2
| | | | Signed-off-by: Julius Härtl <jus@bitgrid.net>
* Merge pull request #7916 from nextcloud/2fa_logMorris Jobke2018-01-251-4/+11
|\ | | | | Add 2FA to logfile
| * Fix testsRoeland Jago Douma2018-01-251-4/+11
| | | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* | Fix risky tests without assertionsJoas Schilling2018-01-251-0/+1
|/ | | | Signed-off-by: Joas Schilling <coding@schilljs.com>
* Adjust tests for added lastCheck timeLukas Reschke2017-11-271-0/+1
| | | | Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
* Fix duplicate session token after remembered loginChristoph Wurst2017-09-201-0/+8
| | | | | | | | | On a remembered login session, we create a new session token in the database with the values of the old one. As we actually don't need the old session token anymore, we can delete it right away. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
* Fix AppPassword 2FA authRoeland Jago Douma2017-09-121-1/+16
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Fix login with basic authRoeland Jago Douma2017-09-051-1/+5
| | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Improve 2FARoeland Jago Douma2017-08-291-17/+189
| | | | | | | | * Store the auth state in the session so we don't have to query it every time. * Added some tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
* Merge pull request #4894 from nextcloud/generic-security-activitiesLukas Reschke2017-05-191-4/+4
|\ | | | | Change 2FA activities to more generic security activities
| * Fix testsRoeland Jago Douma2017-05-181-4/+4
| | | | | | | | Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
generated by cgit v1.2.3 (git 2.39.1) at 2025-05-25 07:30:14 +0000