sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
76,139 Commits
627 Branches
1167 Tags
9.1 GiB
Commit Graph

301 Commits (86459aa5dace0d4065bfb23705dcc44fa6c18fe3)

Author SHA1 Message Date
Arthur Schiwon 99182aac37
fix(Token): take over scope in token refresh with login by cookie 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-07-19 15:53:46 +07:00
Arthur Schiwon 6a783d9b08
fix(Session): avoid race conditions on clustered setups 
- re-stablishes old behaviour with cache to return null instead of throwing
  an InvalidTokenException when the token is cached as non-existing
- token invalidation and re-generation are bundled in a DB transaction now

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-07-10 13:28:33 +07:00
Joas Schilling 8130968a35
feat(notifications): Migrate server INotifiers to new exceptions 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-06-25 11:56:24 +07:00
Arthur Schiwon f6d6efef3a
refactor(Token): introduce scope constants 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-06-05 19:01:14 +07:00
Arthur Schiwon 340939e688
fix(Session): avoid password confirmation on SSO 
SSO backends like SAML and OIDC tried a trick to suppress password
confirmations as they are not possible by design. At least for SAML it was
not reliable when existing user backends where used as user repositories.

Now we are setting a special scope with the token, and also make sure that
the scope is taken over when tokens are regenerated.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-06-05 19:01:13 +07:00
Daniel fca38e12c8
Merge pull request #45411 from nextcloud/fix/auth/selective-token-activity-update 
fix(auth): Update authtoken activity selectively
 2024-05-29 12:05:45 +07:00
Andy Scherzinger dae7c159f7
chore: Add SPDX header 
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
 2024-05-24 13:11:22 +07:00
Christoph Wurst bcc02a3c71
fix(auth): Update authtoken activity selectively 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2024-05-21 07:55:01 +07:00
Christoph Wurst fe7217d2d3
Merge pull request #45026 from nextcloud/fix/token-update 
Avoid updating the same oc_authtoken row twice
 2024-05-16 12:00:32 +07:00
Julius Härtl 04780ae30a fix: Always set last activity if we update the row of an authtoken anyways 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2024-04-29 15:20:17 +07:00
Joas Schilling bc4a102f52
fix(session): Avoid race condition for cache::get() vs. cache::hasKey() 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-04-29 12:45:44 +07:00
Ferdinand Thiessen e8452d9ef1
fix(deps): Bump web-auth/webauthn-lib from 3.3.9 to 4.8.5 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-04-16 11:48:13 +07:00
Côme Chilliet ab6afe0111 fix: Fix new psalm errors from update 
Not sure about the SimpleContainer modification, let’s see what CI says
 about that.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-04-08 11:29:09 +07:00
Côme Chilliet ec5133b739 fix: Apply new coding standard to all files 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-04-02 14:16:21 +07:00
Benjamin Gaussorgues d1189f923c
feat(perf): add cache for authtoken lookup 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-02-28 15:04:04 +07:00
Vincent Petry 839ddaa354
feat: rename users to account or person 
Replace translated text in most locations

Signed-off-by: Vincent Petry <vincent@nextcloud.com>
 2024-02-13 21:06:30 +07:00
Côme Chilliet 8bcc2d352e chore: Fix missing template parameter for IEventListener 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-01-30 10:57:15 +07:00
Côme Chilliet a526a382bf
Import OCP IToken as OCPIToken to avoid a name clash in lib/private 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-01-11 15:45:14 +07:00
Côme Chilliet 37a6e15f87 Use OCP version of IToken in AppPasswordCreatedEvent 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-01-11 14:02:15 +07:00
Côme Chilliet 8fc39aeb1c Use IToken from OCP instead of OC 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-01-11 14:02:15 +07:00
Côme Chilliet 95ea6188dc Suppress or fix psalm errors related to InvalidTokenException 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-01-11 14:02:15 +07:00
Côme Chilliet eee9f1eec4 Always catch OCP versions of authentication exceptions 
And always throw OC versions for BC

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-01-11 14:02:15 +07:00
Alexander Piskun 26d343d33a
AppAPI: allowed to bypass Two-Factor 
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
 2023-12-28 20:59:02 +07:00
Joas Schilling aa5f037af7
chore: apply changes from Nextcloud coding standards 1.1.1 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2023-11-23 10:36:13 +07:00
Christoph Wurst a5422a3998
fix: Show error message when CSRF check fails at login 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-11-08 15:18:34 +07:00
Côme Chilliet d8b42c6131
Allow passing null to PublicKeyToken::setScope, fixes tests 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-10-23 15:52:07 +07:00
Côme Chilliet 33a24134a7
Improve docblock annotations for tokens and their exceptions 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-10-23 15:20:04 +07:00
Côme Chilliet 58a57a714e
Use more precise typing for setScope method parameter 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-10-23 15:19:38 +07:00
Côme Chilliet 1bdf952fde
Make sure that OC interfaces returns OC interfaces for backward compatibility 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-10-23 11:08:23 +07:00
Côme Chilliet b82e25ea7a
Move Exceptions used in OCP to OCP 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-10-23 10:26:25 +07:00
Côme Chilliet 356f0291a2
Align PublicKeyToken with interface changes 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-10-23 09:41:32 +07:00
Côme Chilliet f94fb33062
Move IToken and IProvider::getToken to OCP 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-10-20 17:51:33 +07:00
Benjamin Gaussorgues 4361019f2f
fix(twofactor): avoid error in pgsql for duplicate entry 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2023-10-06 11:23:23 +07:00
Lucas Azevedo 2a36acfc2b Fix typo 
Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>
 2023-08-25 11:20:34 +07:00
Lucas Azevedo c93b1634d3
Fixes from static analysis 
Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com>
Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>
 2023-08-25 10:41:46 +07:00
Lucas Azevedo fe9b9c1955 Add last-used-before option 
Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>
 2023-08-25 02:07:57 +07:00
Daniel Kesselberg 32303b6ed5 docs: remove superfluous phpdocs 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2023-08-10 15:01:56 +07:00
Joas Schilling dac31ad101
fix!: Remove legacy event dispatching Symfony's GenericEvent from 2FA Manager 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-07-27 09:57:52 +07:00
Christoph Wurst 14719110b9 chore: Replace \OC::$server->query with \OCP\Server::get in /lib 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-07-06 15:21:22 +07:00
Joas Schilling 05aa39d777
Fix event names of 2FA related typed events 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-07-03 14:25:01 +07:00
Côme Chilliet b294edad80
Merge branch 'master' into enh/type-iconfig-getter-calls 
Signed-off-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
 2023-04-20 16:52:38 +07:00
Christoph Wurst 5eb768ac5e
fix(auth): Run token statements in atomic transaction 
All or nothing

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-04-12 15:55:42 +07:00
Côme Chilliet 426c0341ff
Use typed version of IConfig::getSystemValue as much as possible 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-04-05 12:50:08 +07:00
jld3103 d9f8522003
Fix types for reading and writing config values 
Signed-off-by: jld3103 <jld3103yt@gmail.com>
 2023-04-05 09:08:56 +07:00
Côme Chilliet 8568c11d24
Merge pull request #36033 from nextcloud/invalidateTokensWhenDeletingOAuthClientMaster 
[master] invalidate existing tokens when deleting an oauth client
 2023-03-15 11:09:51 +07:00
Artur Neumann f634badf12
public interface to invalidate tokens of user 
Signed-off-by: Artur Neumann <artur@jankaritech.com>
 2023-03-14 17:13:29 +07:00
Ember 'n0emis' Keske 6881d2f2f1
Don't try to hash a nonexisting password 
Allows to log-in via a passwordless authentication provider, eg SSO

Signed-off-by: Ember 'n0emis' Keske <git@n0emis.eu>
 2023-03-13 10:32:53 +07:00
Joas Schilling 6417ea0265
fix(authentication): Handle null or empty string password hash 
This can happen when the auth.storeCryptedPassword config is used,
which previously errored with:
Hasher::verify(): Argument #2 ($hash) must be of type string, null given

Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-02-10 09:18:50 +07:00
Joas Schilling e47d56ac36
Merge pull request #36621 from nextcloud/perf/noid/only-check-for-token-when-it-can-actually-be 
fix(performance): Only search for auth tokens when the provided login…
 2023-02-10 01:29:30 +07:00
Julius Härtl 580feecdbf
fix(authtoken): Store only one hash for authtokens with the current password per user 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2023-02-09 13:44:00 +07:00