sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
83,893 Commits
632 Branches
1167 Tags
8.6 GiB
Commit Graph

172 Commits (jtr/fix-public-exceptions-http-codes)

Author SHA1 Message Date
Daniel Calviño Sánchez 4fcadd630b fix: Throw specific LoginException when the user is disabled 
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
 2025-07-10 15:09:25 +07:00
Ferdinand Thiessen 5981b7eb51
chore: apply new CSFixer rules 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>

# Conflicts:
#	apps/settings/lib/SetupChecks/PhpOpcacheSetup.php
 2025-07-01 16:26:50 +07:00
Samuel Bizien Filippi a14cade3ac feat(core): add cookie_domain config option 
Signed-off-by: Samuel Bizien Filippi <samuel.bizien-filippi@finances.gouv.fr>
 2025-06-16 15:33:48 +07:00
Christoph Wurst 5003467f98
fix(session): Only mark sessions of permanent tokens as app passwords 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2025-04-03 10:08:15 +07:00
Cleopatra Enjeck M. 32e46a8b3a fix: use mb_strtolower to convert login name 
Signed-off-by: Cleopatra Enjeck M. <patrathewhiz@gmail.com>
 2025-03-05 05:00:24 +07:00
Cleopatra Enjeck M. a6d6a1fa9e fix: Improve string comparison 
Signed-off-by: Cleopatra Enjeck M. <patrathewhiz@gmail.com>
 2025-03-05 05:00:24 +07:00
Cleopatra Enjeck M. 6690a28cc0 fix: Use case insensitive check when validating login name 
Signed-off-by: Cleopatra Enjeck M. <patrathewhiz@gmail.com>
 2025-03-05 05:00:24 +07:00
dependabot[bot] bb598c8451
chore(deps): Bump nextcloud/coding-standard in /vendor-bin/cs-fixer 
Bumps [nextcloud/coding-standard](https://github.com/nextcloud/coding-standard) from 1.3.1 to 1.3.2.
- [Release notes](https://github.com/nextcloud/coding-standard/releases)
- [Changelog](https://github.com/nextcloud/coding-standard/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nextcloud/coding-standard/compare/v1.3.1...v1.3.2)

---
updated-dependencies:
- dependency-name: nextcloud/coding-standard
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-10-19 07:57:35 +07:00
Fabian Dreßler 1d6cce8a25 fix: update last_login timestamp for token based-logins 
fixes #31075 and maybe #32953

Signed-off-by: Fabian Dreßler <nudelsalat@clouz.de>
 2024-09-06 14:11:41 +07:00
Arthur Schiwon 6a783d9b08
fix(Session): avoid race conditions on clustered setups 
- re-stablishes old behaviour with cache to return null instead of throwing
  an InvalidTokenException when the token is cached as non-existing
- token invalidation and re-generation are bundled in a DB transaction now

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-07-10 13:28:33 +07:00
John Molakvoæ cc7e6e5e4c
Merge branch 'master' into refactor/OC-Server-getCsrfTokenManager 
Signed-off-by: John Molakvoæ <skjnldsv@users.noreply.github.com>
 2024-05-30 14:29:21 +07:00
Daniel fca38e12c8
Merge pull request #45411 from nextcloud/fix/auth/selective-token-activity-update 
fix(auth): Update authtoken activity selectively
 2024-05-29 12:05:45 +07:00
Andy Scherzinger dae7c159f7
chore: Add SPDX header 
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
 2024-05-24 13:11:22 +07:00
Christoph Wurst bcc02a3c71
fix(auth): Update authtoken activity selectively 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2024-05-21 07:55:01 +07:00
Christoph Wurst 21ee7f59bd
fix(session): Do not update authtoken last_check for passwordless 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2024-04-26 16:05:18 +07:00
Côme Chilliet ec5133b739 fix: Apply new coding standard to all files 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-04-02 14:16:21 +07:00
Julius Härtl e330efe5a0
fix: Implement option to temporarily set the user session 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2024-03-19 13:48:23 +07:00
Andrew Summers 0047789580 Refactor `OC\Server::getTwoFactorAuthManager` 
Signed-off-by: Andrew Summers <18727110+summersab@users.noreply.github.com>
 2024-03-15 13:12:51 +07:00
Vincent Petry 839ddaa354
feat: rename users to account or person 
Replace translated text in most locations

Signed-off-by: Vincent Petry <vincent@nextcloud.com>
 2024-02-13 21:06:30 +07:00
Côme Chilliet b2e9e0fa0d chore: Replace OC::$server->getL10N by OCP\Util::getL10N in lib and some apps 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-02-05 11:16:04 +07:00
Christoph Wurst 7f2fdd8843
fix(auth): Fix logging in with email, password and login name mismatch 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2024-01-19 19:29:41 +07:00
Git'Fellow 72e0618f20
fix(session): Avoid two useless authtoken DB queries for every anonymous request 
Co-Authored-By: Christoph Wurst <christoph@winzerhof-wurst.at>
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2024-01-17 09:17:23 +07:00
Côme Chilliet eee9f1eec4 Always catch OCP versions of authentication exceptions 
And always throw OC versions for BC

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-01-11 14:02:15 +07:00
Julius Härtl a3a343ce41
perf: Use more performant way to obtain and check the email as a login name with token login 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2023-11-30 20:51:47 +07:00
Joas Schilling aa5f037af7
chore: apply changes from Nextcloud coding standards 1.1.1 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2023-11-23 10:36:13 +07:00
Patrick Fischer b2103556b5
Lower log level about invalid session token 2023-11-06 14:51:13 +07:00
Christoph Wurst 4f183bb604
fix(session): Log why session renewal failed 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-10-11 08:36:13 +07:00
Christoph Wurst f398d0b5a3
fix: Log critical session renewal and logout paths 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-10-09 13:21:10 +07:00
Christoph Wurst 83a30dfbdf
fix(user): Log affected user of app token login name mismatch 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-10-06 08:51:50 +07:00
Andrew Summers 1470a7294b
Refactor `OC\Server::getCsrfTokenManager` 
Signed-off-by: Andrew Summers <18727110+summersab@users.noreply.github.com>
 2023-08-29 21:28:51 +07:00
Joas Schilling 25309bcb45
techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-08-28 15:50:45 +07:00
Joas Schilling 3962cd0aa8
fix!: Move getEventDispatcher usage to IEventDispatcher 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-07-28 14:11:22 +07:00
Faraz Samapoor e7cc7653b8 Refactors "strpos" calls in lib/private to improve code readability. 
Signed-off-by: Faraz Samapoor <fsamapoor@gmail.com>
 2023-05-15 15:17:19 +07:00
Joas Schilling b91957e3df
fix(dav): Abort requests with 429 instead of waiting 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-05-03 22:43:36 +07:00
Côme Chilliet 426c0341ff
Use typed version of IConfig::getSystemValue as much as possible 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-04-05 12:50:08 +07:00
Daniel Kesselberg f751d2d891
chore: use local variable for remote address 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2023-03-10 18:04:34 +07:00
Roeland Jago Douma 77df92cabf
feat: add event for failed logins 
Apps might also like to know about failed logins.
This adds that event.
The private interface changes are backwards compatible so all should be fine.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2022-11-24 21:24:21 +07:00
Julius Härtl de3099b4d6
Remove potential mismatching dav session data during login 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-11-22 08:47:01 +07:00
Côme Chilliet c79a6b3f62
Fix errors from PHP 8.2 testing 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-11-14 17:08:21 +07:00
Christoph Wurst e2d3409a34
Fix unsuccessful token login logged as error 
The condition of a non-existent login token can happen for concurrent
requests. Admins can not do anything about this. So this is to be
expected to happen occasionally. This event is only bad if none of the
requests is able to re-acquire a session. Luckily this happens rarely.

If a login loop persists an admin can still lower the log level to find
this info. But a default error log level will no longer write those
infos about the failed cookie login of one request.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2022-11-07 15:08:48 +07:00
Robin Appelman 1fbb951691
dont try email login if the provider username is not a valid email 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2022-09-14 14:04:13 +07:00
Christoph Wurst 0184fbe86b
Log if cookie login failed with token mismatch or session unavailability 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2022-08-31 14:55:51 +07:00
Carl Schwan 9ec0cb0a90 Fix psalm issues related to the user backend 
- Reflect the actual return value returned by the implementation in the
  the interface. E.g. IUser|bool -> IUser|false
- Remove $hasLoggedIn parameter from private countUser implementation.
  Replace the two call with the equivalent countSeenUser
- getBackend is nuallable, add this to the interface
- Use backend interface to make psalm happy about call to undefined
  methods. Also helps with getting rid at some point of the old
  implementActions

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-05-20 17:14:58 +07:00
Côme Chilliet 6be7aa112f
Migrate from ILogger to LoggerInterface in lib/private 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-03-24 16:21:25 +07:00
Joas Schilling 86de1d569f
Only setupFS when we have to copy the skeleton 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-02-25 15:55:06 +07:00
Marek-Wojtowicz f76a915096 Update Session.php 
The http headers according to rfc 2616 is iso-8859-1. This patch fixes the behavior when non-ascii characters are present in the header.

Signed-off-by: Marek Wójtowicz <Marek.Wojtowicz@agh.edu.pl>
 2022-01-12 23:07:28 +07:00
Joas Schilling c0ba89ecc9
Remove default token which is deprecated since Nextcloud 13 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-12-01 18:41:31 +07:00
Joas Schilling ccfaddf781
Fix missing token update 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-11-12 14:43:23 +07:00
Christoph Wurst a143337791
Emit an error log when the app token login name does not match 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-08-13 10:31:51 +07:00
John Molakvoæ (skjnldsv) 215aef3cbd
Update php licenses 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2021-06-04 22:02:41 +07:00