nextcloud

mirror of https://github.com/nextcloud/server.git synced 2026-05-25 02:34:12 -04:00

Author	SHA1	Message	Date
Daniel Calviño Sánchez	b39c5d8393	fix: Handle exception when clearing previously removed two factor tokens If a token was already removed from the database but not from the configuration clearing the tokens will try to remove it again from the database, which caused a DoesNotExistException to be thrown. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>	2024-11-05 10:48:33 +00:00
Daniel Calviño Sánchez	56fc4341fb	fix: Clear pending two factor tokens also from configuration Otherwise as the tokens were removed from the database but not from the configuration the next time that the tokens were cleared the previous tokens were still got from the configuration, and trying to remove them again from the database ended in a DoesNotExistException being thrown. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>	2024-11-05 10:48:33 +00:00
yemkareems	73c5327102	fix: missing crypto added Signed-off-by: yemkareems <yemkareems@gmail.com>	2024-10-28 19:17:30 +05:30
yemkareems	b06486e6d5	fix: crypto made inline for constructor and decrypt error handled in exception Signed-off-by: yemkareems <yemkareems@gmail.com> [skip ci]	2024-10-28 12:34:37 +00:00
yemkareems	67f758e633	fix: crypto made inline for constructor and decrypt error handled in exception Signed-off-by: yemkareems <yemkareems@gmail.com>	2024-10-28 12:34:36 +00:00
yemkareems	eec9a7ca40	fix: use Icrypto in place of Cypto Signed-off-by: yemkareems <yemkareems@gmail.com>	2024-10-28 12:34:36 +00:00
yemkareems	e253479d83	fix: crypto type made not nullable and tests run using ICrypto Signed-off-by: yemkareems <yemkareems@gmail.com>	2024-10-28 12:34:36 +00:00
yemkareems	be581d7ce8	fix: encrypt and store password, decrypt and retrieve the same Signed-off-by: yemkareems <yemkareems@gmail.com>	2024-10-28 12:34:36 +00:00
provokateurin	c42ec8d0d2	fix(UserTrait): Fix backend initialization Signed-off-by: provokateurin <kate@provokateurin.de>	2024-10-17 17:59:20 +02:00
Ferdinand Thiessen	229deb0497	fix: Make user removal more resilient Currently there is a problem if an exception is thrown in `User::delete`, because at that point the user is already removed from the backend, but not all data is deleted. There is no way to recover from this state, as the user is gone no information is available anymore. This means the data is still available on the server but can not removed by any API anymore. The solution here is to first set a flag and backup the user home, this can be used to recover failed user deletions in a way the delete can be re-tried. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	2024-10-15 16:43:19 +02:00
Arthur Schiwon	79dcb5ae76	fix(Token): take over scope in token refresh with login by cookie Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2024-07-22 06:53:35 +00:00
Arthur Schiwon	f5866137ad	fix(Session): avoid race conditions on clustered setups - re-stablishes old behaviour with cache to return null instead of throwing an InvalidTokenException when the token is cached as non-existing - token invalidation and re-generation are bundled in a DB transaction now Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2024-07-11 07:27:29 +00:00
Arthur Schiwon	86a496d589	fix(Session): avoid password confirmation on SSO SSO backends like SAML and OIDC tried a trick to suppress password confirmations as they are not possible by design. At least for SAML it was not reliable when existing user backends where used as user repositories. Now we are setting a special scope with the token, and also make sure that the scope is taken over when tokens are regenerated. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2024-06-12 11:14:25 +02:00
Joas Schilling	f09f4ec8db	fix(session): Avoid race condition for cache::get() vs. cache::hasKey() Signed-off-by: Joas Schilling <coding@schilljs.com>	2024-05-06 12:08:41 +02:00
Benjamin Gaussorgues	db00cd54ba	feat(perf): add cache for authtoken lookup Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2024-03-25 08:37:00 +00:00
Côme Chilliet	4acb4a5f4c	Import OCP IToken as OCPIToken to avoid a name clash in lib/private Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2024-01-11 18:01:01 +00:00
Côme Chilliet	6893aa1f6b	Use OCP version of IToken in AppPasswordCreatedEvent Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2024-01-11 18:01:00 +00:00
Côme Chilliet	9e75c75f86	Use IToken from OCP instead of OC Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2024-01-11 18:01:00 +00:00
Côme Chilliet	63fbf90570	Suppress or fix psalm errors related to InvalidTokenException Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2024-01-11 18:01:00 +00:00
Côme Chilliet	360e7ffcca	Always catch OCP versions of authentication exceptions And always throw OC versions for BC Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2024-01-11 18:00:59 +00:00
Alexander Piskun	1d0b10b12c	AppAPI: allowed to bypass Two-Factor Signed-off-by: Alexander Piskun <bigcat88@icloud.com>	2023-12-29 08:44:13 +00:00
Joas Schilling	aa5f037af7	chore: apply changes from Nextcloud coding standards 1.1.1 Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2023-11-23 10:36:13 +01:00
Christoph Wurst	a5422a3998	fix: Show error message when CSRF check fails at login Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-11-08 15:18:34 +01:00
Côme Chilliet	d8b42c6131	Allow passing null to PublicKeyToken::setScope, fixes tests Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-10-23 15:52:07 +02:00
Côme Chilliet	33a24134a7	Improve docblock annotations for tokens and their exceptions Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-10-23 15:20:04 +02:00
Côme Chilliet	58a57a714e	Use more precise typing for setScope method parameter Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-10-23 15:19:38 +02:00
Côme Chilliet	1bdf952fde	Make sure that OC interfaces returns OC interfaces for backward compatibility Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-10-23 11:08:23 +02:00
Côme Chilliet	b82e25ea7a	Move Exceptions used in OCP to OCP Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-10-23 10:26:25 +02:00
Côme Chilliet	356f0291a2	Align PublicKeyToken with interface changes Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-10-23 09:41:32 +02:00
Côme Chilliet	f94fb33062	Move IToken and IProvider::getToken to OCP Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-10-20 17:51:33 +02:00
Benjamin Gaussorgues	4361019f2f	fix(twofactor): avoid error in pgsql for duplicate entry Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2023-10-06 11:23:23 +02:00
Lucas Azevedo	2a36acfc2b	Fix typo Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>	2023-08-25 11:20:34 -03:00
Lucas Azevedo	c93b1634d3	Fixes from static analysis Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com> Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>	2023-08-25 10:41:46 -03:00
Lucas Azevedo	fe9b9c1955	Add last-used-before option Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>	2023-08-25 02:07:57 -03:00
Daniel Kesselberg	32303b6ed5	docs: remove superfluous phpdocs Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2023-08-10 15:01:56 +02:00
Joas Schilling	dac31ad101	fix!: Remove legacy event dispatching Symfony's GenericEvent from 2FA Manager Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-07-27 09:57:52 +02:00
Christoph Wurst	14719110b9	chore: Replace \OC::$server->query with \OCP\Server::get in /lib Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-07-06 15:21:22 +02:00
Joas Schilling	05aa39d777	Fix event names of 2FA related typed events Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-07-03 14:25:01 +02:00
Côme Chilliet	b294edad80	Merge branch 'master' into enh/type-iconfig-getter-calls Signed-off-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>	2023-04-20 16:52:38 +02:00
Christoph Wurst	5eb768ac5e	fix(auth): Run token statements in atomic transaction All or nothing Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-04-12 15:55:42 +02:00
Côme Chilliet	426c0341ff	Use typed version of IConfig::getSystemValue as much as possible Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-04-05 12:50:08 +02:00
jld3103	d9f8522003	Fix types for reading and writing config values Signed-off-by: jld3103 <jld3103yt@gmail.com>	2023-04-05 09:08:56 +02:00
Côme Chilliet	8568c11d24	Merge pull request #36033 from nextcloud/invalidateTokensWhenDeletingOAuthClientMaster [master] invalidate existing tokens when deleting an oauth client	2023-03-15 11:09:51 +01:00
Artur Neumann	f634badf12	public interface to invalidate tokens of user Signed-off-by: Artur Neumann <artur@jankaritech.com>	2023-03-14 17:13:29 +01:00
Ember 'n0emis' Keske	6881d2f2f1	Don't try to hash a nonexisting password Allows to log-in via a passwordless authentication provider, eg SSO Signed-off-by: Ember 'n0emis' Keske <git@n0emis.eu>	2023-03-13 10:32:53 +01:00
Joas Schilling	6417ea0265	fix(authentication): Handle null or empty string password hash This can happen when the auth.storeCryptedPassword config is used, which previously errored with: Hasher::verify(): Argument #2 ($hash) must be of type string, null given Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-02-10 09:18:50 +01:00
Joas Schilling	e47d56ac36	Merge pull request #36621 from nextcloud/perf/noid/only-check-for-token-when-it-can-actually-be fix(performance): Only search for auth tokens when the provided login…	2023-02-10 01:29:30 +01:00
Julius Härtl	580feecdbf	fix(authtoken): Store only one hash for authtokens with the current password per user Signed-off-by: Julius Härtl <jus@bitgrid.net>	2023-02-09 13:44:00 +01:00
Joas Schilling	7a85a1596e	fix(authentication): Check minimum length when creating app tokens Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-02-09 09:58:35 +01:00
Joas Schilling	03a585ab4f	fix(performance): Only search for auth tokens when the provided login is long enough Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-02-08 22:45:23 +01:00

1 2 3 4 5 ...

299 commits