upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-05-28 04:32:30 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 25
87597 commits 985 branches 1211 tags 9.7 GiB
Commit graph

67 commits

Author SHA1 Message Date
Julien Veyssier
59b3d7a5b2 fix(oauth): rotate the auth token only if the access token rotation was successful 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2026-04-22 11:23:47 +02:00
Julien Veyssier
c639dfdbfc fix(oauth): make the throttling reason more specific 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2026-04-22 11:23:47 +02:00
Julien Veyssier
72c4d0f72a fix(oauth): wrap token rotation in a transaction, only rotate if the token hasn't been modified since we have read it 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2026-04-22 11:23:47 +02:00
Kate
bce67a250f
Merge pull request #59764 from nextcloud/fix/add-missing-password-required 
fix: Add missing PasswordConfirmationRequired attributes
 2026-04-21 15:41:15 +02:00
Côme Chilliet
cfd5f04116
fix: Add missing PasswordConfirmationRequired attributes 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2026-04-21 10:21:07 +02:00
Côme Chilliet
135a8128d4
fix(oauth2): Add missing urlencode for failure redirection 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2026-04-21 09:34:48 +02:00
Côme Chilliet
5c1b58c380
fix(oauth2): Do not store the code in throttle metadata 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2026-03-19 14:40:12 +01:00
provokateurin
1b4722c330
fix(oauth2): Limit allowed grant_type values in getToken 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2025-08-25 13:40:35 +02:00
Richard Steinmetz
246da73a36
fix(oauth2): retain support for legacy ownCloud clients 
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
 2025-04-01 11:25:52 +02:00
Côme Chilliet
75f8bb51ed fix: Rename config option to skipAuthPickerApplications to match what it does 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-01-07 10:34:30 +01:00
Côme Chilliet
e7be008dc1 feat(oauth2): Skip page before login as well for authorized applications 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2025-01-07 10:34:30 +01:00
provokateurin
085d4c9364
refactor(OpenAPI): Adjust scopes to match previous behavior 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2025-01-06 14:30:40 +01:00
provokateurin
381077028a
refactor(apps): Use constructor property promotion when possible 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-10-21 12:37:59 +02:00
Côme Chilliet
1a4978c4ea
chore: Apply rector configuration to apps folder 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-09-20 17:51:00 +02:00
provokateurin
9836e9b164
chore(deps): Update nextcloud/coding-standard to v1.3.1 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-09-19 14:21:20 +02:00
Julien Veyssier
034917b790
fix(oauth2): store hashed secret instead of encrypted 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2024-09-02 14:38:39 +02:00
Artur Neumann
cc44ec54ad invalidate oauth2 tokens only for seen users 
Signed-off-by: Artur Neumann <artur@jankaritech.com>
 2024-08-16 10:33:52 +02:00
provokateurin
d8adbce1be refactor(oauth2): Replace security annotations with respective attributes 
Signed-off-by: provokateurin <kate@provokateurin.de>
 2024-07-29 16:45:54 +02:00
Andy Scherzinger
cc1686dba9
chore: Add SPDX header 
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
 2024-05-31 10:38:47 +02:00
Côme Chilliet
eee9f1eec4 Always catch OCP versions of authentication exceptions 
And always throw OC versions for BC

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-01-11 14:02:15 +01:00
Joas Schilling
aa5f037af7
chore: apply changes from Nextcloud coding standards 1.1.1 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2023-11-23 10:36:13 +01:00
Julien Veyssier
d56950a6c9
adjust phpdoc types in OauthApiController 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-10-05 14:24:03 +02:00
Julien Veyssier
c6da99474e
rename oauth2_access_token's created_at to code_created_at 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-10-05 14:24:02 +02:00
Julien Veyssier
779e1d51ac
delete oauth access token when receiving a code that has expired 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-10-05 14:24:02 +02:00
Julien Veyssier
1ab45bad5d
refuse oauth authorization code if a token has already been delivered (active token) 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-10-05 14:24:02 +02:00
Julien Veyssier
7bba410997
cleanup access tokens that are still in authorization state and that have expired 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-10-05 14:24:02 +02:00
Julien Veyssier
2995b0948f
add tests for oauth2 authorization code expiration 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-10-05 14:24:02 +02:00
Julien Veyssier
807f173dec
make oauth2 authorization code expire after 10 minutes 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-10-05 14:24:02 +02:00
Joas Schilling
25309bcb45
techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-08-28 15:50:45 +02:00
jld3103
1c19c567fe
oauth2: Add OpenAPI spec 
Signed-off-by: jld3103 <jld3103yt@gmail.com>
 2023-07-12 07:32:30 +02:00
Julien Veyssier
629adc318f add bruteforce protection in OauthApiController 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-06-19 11:18:06 +02:00
Julien Veyssier
18c742a901
encrypt oauth2 client secrets 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
 2023-06-07 11:36:08 +02:00
Artur Neumann
f634badf12
public interface to invalidate tokens of user 
Signed-off-by: Artur Neumann <artur@jankaritech.com>
 2023-03-14 17:13:29 +01:00
Artur Neumann
21be557e2a
invalidate existing tokens when deleting an oauth client 
Signed-off-by: Artur Neumann <artur@jankaritech.com>
 2023-03-14 17:13:23 +01:00
luz paz
9d26671f05 Fix typos in apps/ subdirectory 
Found via `codespell -q 3 -S l10n,./apps/files_external/3rdparty -L adn,ba,boxs,keypair,jus,optionel,ressource,tabel ./apps/`

Signed-off-by: luz paz <luzpaz@github.com>
Signed-off-by: nextcloud-command <nextcloud-command@users.noreply.github.com>
 2022-09-05 12:59:54 +00:00
Joas Schilling
c6ae53096c
More test fixing 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-12-01 22:17:19 +01:00
J0WI
3b656446af Introduce ISecureRandom::CHAR_ALPHANUMERIC 
Signed-off-by: J0WI <J0WI@users.noreply.github.com>
 2021-07-08 15:11:31 +02:00
John Molakvoæ (skjnldsv)
215aef3cbd
Update php licenses 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2021-06-04 22:02:41 +02:00
Christoph Wurst
cb057829f7
Update license headers for 19 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-29 11:57:22 +02:00
Christoph Wurst
28f8eb5dba
Add visibility to all constants 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-10 16:54:27 +02:00
Christoph Wurst
caff1023ea
Format control structures, classes, methods and function 
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.

This also removes and empty lines from method/function bodies at the
beginning and end.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-10 14:19:56 +02:00
Christoph Wurst
44577e4345
Remove trailing and in between spaces 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-04-09 16:07:47 +02:00
Christoph Wurst
1a9330cd69
Update the license headers for Nextcloud 19 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-03-31 14:52:54 +02:00
Daniel Kesselberg
509af24bc9
Fix invalid instantiation of TemplateResponse if client not found 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2020-03-15 11:55:07 +01:00
Christoph Wurst
5bf3d1bb38
Update license headers 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2019-12-05 15:38:45 +01:00
Roeland Jago Douma
68748d4f85
Some php-cs fixes 
* Order the imports
* No leading slash on imports
* Empty line before namespace
* One line per import
* Empty after imports
* Emmpty line at bottom of file

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2019-11-22 20:52:10 +01:00
Roeland Jago Douma
9e2bb5ef36 Move oauth admin settings to initialstate 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>
 2019-09-28 13:30:34 +00:00
Roeland Jago Douma
b9ac258870
Strict controllers 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-12-07 13:43:22 +01:00
Roeland Jago Douma
1e6711305a
Fail gracefull if an unkown oauth2 client tries to authenticate 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-12-06 21:14:34 +01:00
Roeland Jago Douma
674930da7f
Move ExpiredTokenException to the correct namespace 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-10-30 19:30:45 +01:00