2a36acfc2b
Fix typo
...
Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>
2023-08-25 11:20:34 +07:00
c93b1634d3
Fixes from static analysis
...
Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com>
Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>
2023-08-25 10:41:46 +07:00
fe9b9c1955
Add last-used-before option
...
Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>
2023-08-25 02:07:57 +07:00
32303b6ed5
docs: remove superfluous phpdocs
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2023-08-10 15:01:56 +07:00
dac31ad101
fix!: Remove legacy event dispatching Symfony's GenericEvent from 2FA Manager
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-07-27 09:57:52 +07:00
14719110b9
chore: Replace \OC::$server->query with \OCP\Server::get in /lib
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-07-06 15:21:22 +07:00
05aa39d777
Fix event names of 2FA related typed events
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-07-03 14:25:01 +07:00
b294edad80
Merge branch 'master' into enh/type-iconfig-getter-calls
...
Signed-off-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
2023-04-20 16:52:38 +07:00
5eb768ac5e
fix(auth): Run token statements in atomic transaction
...
All or nothing
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-04-12 15:55:42 +07:00
426c0341ff
Use typed version of IConfig::getSystemValue as much as possible
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-04-05 12:50:08 +07:00
d9f8522003
Fix types for reading and writing config values
...
Signed-off-by: jld3103 <jld3103yt@gmail.com>
2023-04-05 09:08:56 +07:00
8568c11d24
Merge pull request #36033 from nextcloud/invalidateTokensWhenDeletingOAuthClientMaster
...
[master] invalidate existing tokens when deleting an oauth client
2023-03-15 11:09:51 +07:00
f634badf12
public interface to invalidate tokens of user
...
Signed-off-by: Artur Neumann <artur@jankaritech.com>
2023-03-14 17:13:29 +07:00
6881d2f2f1
Don't try to hash a nonexisting password
...
Allows to log-in via a passwordless authentication provider, eg SSO
Signed-off-by: Ember 'n0emis' Keske <git@n0emis.eu>
2023-03-13 10:32:53 +07:00
6417ea0265
fix(authentication): Handle null or empty string password hash
...
This can happen when the auth.storeCryptedPassword config is used,
which previously errored with:
Hasher::verify(): Argument #2 ($hash) must be of type string, null given
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-02-10 09:18:50 +07:00
e47d56ac36
Merge pull request #36621 from nextcloud/perf/noid/only-check-for-token-when-it-can-actually-be
...
fix(performance): Only search for auth tokens when the provided login…
2023-02-10 01:29:30 +07:00
580feecdbf
fix(authtoken): Store only one hash for authtokens with the current password per user
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2023-02-09 13:44:00 +07:00
7a85a1596e
fix(authentication): Check minimum length when creating app tokens
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-02-09 09:58:35 +07:00
03a585ab4f
fix(performance): Only search for auth tokens when the provided login is long enough
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-02-08 22:45:23 +07:00
f5c361cf44
composer run cs:fix
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-01-20 11:45:08 +07:00
c2165b84e6
Merge pull request #36001 from nextcloud/validate-user-tz
...
Validate user timezone given from login data before saving it
2023-01-11 19:53:37 +07:00
2fb4dac7ad
fix(authentication): Update the token when the hash is null or can not be verified
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-01-09 16:32:36 +07:00
28b18d561c
fix(authentication): Only hash the new password when needed
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-01-09 15:58:26 +07:00
c5bb19641c
fix(authentication): Invert the logic to the original intention
...
We need to store the new authentication details when the hash did **not** verify
the old password.
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-01-09 15:13:08 +07:00
55d8aec759
fix(authentication): Only verify each hash once
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-01-09 14:53:12 +07:00
18164ae516
Merge pull request #33898 from nextcloud/fix/authtoken-password-update
...
PublickKeyTokenProvider: Fix password update routine with password hash
2023-01-05 08:01:47 +07:00
6b7da88b0b
Validate user timezone given from login data before saving it
...
Follow-up to #36000
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2023-01-04 18:13:25 +07:00
b4a29644cc
Add a const for the max user password length
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-01-04 11:23:43 +07:00
adfe367106
PublickKeyTokenProvider: Fix password update routine with password hash
...
Signed-off-by: Marcel Klehr <mklehr@gmx.net>
2023-01-04 08:30:53 +07:00
6abb37317f
Do not setup a session when not required on WebDAV requests
...
If basic auth is used on WebDAV endpoints, we will not setup a session
by default but instead set a test cookie. Clients which handle session
cookies properly will send back the cookie then on the second request
and a session will be initialized which can be resued for
authentication.
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2022-12-21 21:17:16 +07:00
77df92cabf
feat: add event for failed logins
...
Apps might also like to know about failed logins.
This adds that event.
The private interface changes are backwards compatible so all should be fine.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2022-11-24 21:24:21 +07:00
298d2b9b58
Skip general login with email for non-valid addresses and LDAP
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2022-10-26 12:30:25 +07:00
00c2c620ac
Merge pull request #34554 from nextcloud/fix/psalm-twofactor-registry
...
Fix wrong types in phpdoc for twofactor registry
2022-10-18 14:42:43 +07:00
419828c791
Fix the type of the return array in a few more places
...
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2022-10-18 13:22:50 +07:00
c5922e67d3
Run session token renewals in a database transaction
...
The session token renewal does
1) Read the old token
2) Write a new token
3) Delete the old token
If two processes succeed to read the old token there can be two new tokens because
the queries were not run in a transaction. This is particularly problematic on
clustered DBs where 1) would go to a read node and 2) and 3) go to a write node.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2022-10-18 08:28:22 +07:00
9919116716
Merge pull request #31499 from nextcloud/bugfix/empty-secret
...
Add fallback routines for empty secret cases
2022-10-17 16:02:58 +07:00
eff877af03
Pass logger to passwordless auth WebAuthn lib
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2022-10-03 15:03:23 +07:00
ef31396727
Mark method as deprecated
...
Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com>
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2022-09-13 13:06:54 +07:00
3ce1996d5e
Add back TokenCleanupJob to invalidate old temporary tokens
...
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2022-08-25 11:31:21 +07:00
9d1ec582ba
Do not update passwords if nothing changed
...
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2022-08-09 09:35:44 +07:00
952acd4d27
Merge pull request #33225 from nextcloud/fix/handle-one-time-passwords
...
Handle one time password better
2022-07-29 12:26:52 +07:00
702445ba3b
Handle one time password better
...
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2022-07-28 14:26:25 +07:00
368f83095d
Fix typos in lib/private subdirectory
...
Found via `codespell -q 3 -S l10n -L jus ./lib/private`
Signed-off-by: luz paz <luzpaz@github.com>
2022-07-27 08:52:17 +07:00
cb9f3423e2
Merge pull request #30510 from nextcloud/user-cleanup-storage-before-cache
...
delete files before cleaning cache when cleaning user files
2022-07-26 23:08:04 +07:00
d5c23dbb9f
Move CappedMemoryCache to OCP
...
This is an helpful helper that should be used in more place than just
server and this is already the case with groupfodlers, deck, user_oidc
and more using it, so let's make it public
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2022-07-14 15:54:31 +07:00
1c23c029af
Handler large passwords
...
For passwords bigger than 250 characters, use a bigger key since the
performance impact is minor (around one second to encrypt the password).
For passwords bigger than 470 characters, give up earlier and throw
exeception recommanding admin to either enable the previously enabled
configuration or use smaller passwords.
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2022-07-05 11:37:14 +07:00
cdf3b60555
Handle one time passwords
...
This adds an option to disable storing passwords in the database. This
might be desirable when using single use token as passwords or very
large passwords.
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2022-07-05 11:25:44 +07:00
db3093a46f
delete files before cleaning cache when cleaning user files
...
otherwise, when using object store, we loose track of which files the user owns before we can delete them
Signed-off-by: Robin Appelman <robin@icewind.nl>
2022-06-13 08:51:22 +07:00
90c31cfddc
Fix replacing external storage password during debug log
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2022-06-01 10:31:19 +07:00
778db45631
Merge pull request #32357 from nextcloud/user-delete-remove-wrappers
...
remove storage wrappers when deleting the user storage
2022-05-16 19:08:35 +07:00
Lucas Azevedo
Daniel Kesselberg
Joas Schilling
Christoph Wurst
Côme Chilliet
Côme Chilliet
jld3103
Artur Neumann
Ember 'n0emis' Keske
Joas Schilling
Julius Härtl
Vincent Petry
Thomas Citharel
Marcel Klehr
Roeland Jago Douma
Carl Schwan
luz paz
Robin Appelman