sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
74,118 Commits
620 Branches
1167 Tags
9.0 GiB
Commit Graph

290 Commits (a3490738d77fda5be12108c4e458922bd2450a69)

Author SHA1 Message Date
Ferdinand Thiessen e8452d9ef1
fix(deps): Bump web-auth/webauthn-lib from 3.3.9 to 4.8.5 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
 2024-04-16 11:48:13 +07:00
Côme Chilliet ab6afe0111 fix: Fix new psalm errors from update 
Not sure about the SimpleContainer modification, let’s see what CI says
 about that.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-04-08 11:29:09 +07:00
Côme Chilliet ec5133b739 fix: Apply new coding standard to all files 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-04-02 14:16:21 +07:00
Benjamin Gaussorgues d1189f923c
feat(perf): add cache for authtoken lookup 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-02-28 15:04:04 +07:00
Vincent Petry 839ddaa354
feat: rename users to account or person 
Replace translated text in most locations

Signed-off-by: Vincent Petry <vincent@nextcloud.com>
 2024-02-13 21:06:30 +07:00
Côme Chilliet 8bcc2d352e chore: Fix missing template parameter for IEventListener 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-01-30 10:57:15 +07:00
Côme Chilliet a526a382bf
Import OCP IToken as OCPIToken to avoid a name clash in lib/private 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-01-11 15:45:14 +07:00
Côme Chilliet 37a6e15f87 Use OCP version of IToken in AppPasswordCreatedEvent 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-01-11 14:02:15 +07:00
Côme Chilliet 8fc39aeb1c Use IToken from OCP instead of OC 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-01-11 14:02:15 +07:00
Côme Chilliet 95ea6188dc Suppress or fix psalm errors related to InvalidTokenException 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-01-11 14:02:15 +07:00
Côme Chilliet eee9f1eec4 Always catch OCP versions of authentication exceptions 
And always throw OC versions for BC

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-01-11 14:02:15 +07:00
Alexander Piskun 26d343d33a
AppAPI: allowed to bypass Two-Factor 
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
 2023-12-28 20:59:02 +07:00
Joas Schilling aa5f037af7
chore: apply changes from Nextcloud coding standards 1.1.1 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2023-11-23 10:36:13 +07:00
Christoph Wurst a5422a3998
fix: Show error message when CSRF check fails at login 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-11-08 15:18:34 +07:00
Côme Chilliet d8b42c6131
Allow passing null to PublicKeyToken::setScope, fixes tests 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-10-23 15:52:07 +07:00
Côme Chilliet 33a24134a7
Improve docblock annotations for tokens and their exceptions 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-10-23 15:20:04 +07:00
Côme Chilliet 58a57a714e
Use more precise typing for setScope method parameter 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-10-23 15:19:38 +07:00
Côme Chilliet 1bdf952fde
Make sure that OC interfaces returns OC interfaces for backward compatibility 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-10-23 11:08:23 +07:00
Côme Chilliet b82e25ea7a
Move Exceptions used in OCP to OCP 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-10-23 10:26:25 +07:00
Côme Chilliet 356f0291a2
Align PublicKeyToken with interface changes 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-10-23 09:41:32 +07:00
Côme Chilliet f94fb33062
Move IToken and IProvider::getToken to OCP 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-10-20 17:51:33 +07:00
Benjamin Gaussorgues 4361019f2f
fix(twofactor): avoid error in pgsql for duplicate entry 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2023-10-06 11:23:23 +07:00
Lucas Azevedo 2a36acfc2b Fix typo 
Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>
 2023-08-25 11:20:34 +07:00
Lucas Azevedo c93b1634d3
Fixes from static analysis 
Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com>
Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>
 2023-08-25 10:41:46 +07:00
Lucas Azevedo fe9b9c1955 Add last-used-before option 
Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>
 2023-08-25 02:07:57 +07:00
Daniel Kesselberg 32303b6ed5 docs: remove superfluous phpdocs 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2023-08-10 15:01:56 +07:00
Joas Schilling dac31ad101
fix!: Remove legacy event dispatching Symfony's GenericEvent from 2FA Manager 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-07-27 09:57:52 +07:00
Christoph Wurst 14719110b9 chore: Replace \OC::$server->query with \OCP\Server::get in /lib 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-07-06 15:21:22 +07:00
Joas Schilling 05aa39d777
Fix event names of 2FA related typed events 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-07-03 14:25:01 +07:00
Côme Chilliet b294edad80
Merge branch 'master' into enh/type-iconfig-getter-calls 
Signed-off-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
 2023-04-20 16:52:38 +07:00
Christoph Wurst 5eb768ac5e
fix(auth): Run token statements in atomic transaction 
All or nothing

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-04-12 15:55:42 +07:00
Côme Chilliet 426c0341ff
Use typed version of IConfig::getSystemValue as much as possible 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-04-05 12:50:08 +07:00
jld3103 d9f8522003
Fix types for reading and writing config values 
Signed-off-by: jld3103 <jld3103yt@gmail.com>
 2023-04-05 09:08:56 +07:00
Côme Chilliet 8568c11d24
Merge pull request #36033 from nextcloud/invalidateTokensWhenDeletingOAuthClientMaster 
[master] invalidate existing tokens when deleting an oauth client
 2023-03-15 11:09:51 +07:00
Artur Neumann f634badf12
public interface to invalidate tokens of user 
Signed-off-by: Artur Neumann <artur@jankaritech.com>
 2023-03-14 17:13:29 +07:00
Ember 'n0emis' Keske 6881d2f2f1
Don't try to hash a nonexisting password 
Allows to log-in via a passwordless authentication provider, eg SSO

Signed-off-by: Ember 'n0emis' Keske <git@n0emis.eu>
 2023-03-13 10:32:53 +07:00
Joas Schilling 6417ea0265
fix(authentication): Handle null or empty string password hash 
This can happen when the auth.storeCryptedPassword config is used,
which previously errored with:
Hasher::verify(): Argument #2 ($hash) must be of type string, null given

Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-02-10 09:18:50 +07:00
Joas Schilling e47d56ac36
Merge pull request #36621 from nextcloud/perf/noid/only-check-for-token-when-it-can-actually-be 
fix(performance): Only search for auth tokens when the provided login…
 2023-02-10 01:29:30 +07:00
Julius Härtl 580feecdbf
fix(authtoken): Store only one hash for authtokens with the current password per user 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2023-02-09 13:44:00 +07:00
Joas Schilling 7a85a1596e
fix(authentication): Check minimum length when creating app tokens 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-02-09 09:58:35 +07:00
Joas Schilling 03a585ab4f
fix(performance): Only search for auth tokens when the provided login is long enough 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-02-08 22:45:23 +07:00
Côme Chilliet f5c361cf44
composer run cs:fix 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-20 11:45:08 +07:00
Vincent Petry c2165b84e6
Merge pull request #36001 from nextcloud/validate-user-tz 
Validate user timezone given from login data before saving it
 2023-01-11 19:53:37 +07:00
Joas Schilling 2fb4dac7ad
fix(authentication): Update the token when the hash is null or can not be verified 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-01-09 16:32:36 +07:00
Joas Schilling 28b18d561c
fix(authentication): Only hash the new password when needed 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-01-09 15:58:26 +07:00
Joas Schilling c5bb19641c
fix(authentication): Invert the logic to the original intention 
We need to store the new authentication details when the hash did **not** verify
the old password.

Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-01-09 15:13:08 +07:00
Joas Schilling 55d8aec759
fix(authentication): Only verify each hash once 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-01-09 14:53:12 +07:00
Julius Härtl 18164ae516
Merge pull request #33898 from nextcloud/fix/authtoken-password-update 
PublickKeyTokenProvider: Fix password update routine with password hash
 2023-01-05 08:01:47 +07:00
Thomas Citharel 6b7da88b0b
Validate user timezone given from login data before saving it 
Follow-up to #36000

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
 2023-01-04 18:13:25 +07:00
Joas Schilling b4a29644cc
Add a const for the max user password length 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-01-04 11:23:43 +07:00