nextcloud

mirror of https://github.com/nextcloud/server.git synced 2026-02-16 09:19:43 -05:00

Author	SHA1	Message	Date
Christoph Wurst	5100e3152d	feat(auth): Clean-up unused auth tokens and wipe tokens Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2024-08-13 12:39:11 +02:00
Arthur Schiwon	99182aac37	fix(Token): take over scope in token refresh with login by cookie Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2024-07-19 15:53:46 +02:00
Arthur Schiwon	6a783d9b08	fix(Session): avoid race conditions on clustered setups - re-stablishes old behaviour with cache to return null instead of throwing an InvalidTokenException when the token is cached as non-existing - token invalidation and re-generation are bundled in a DB transaction now Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2024-07-10 13:28:33 +02:00
Arthur Schiwon	f6d6efef3a	refactor(Token): introduce scope constants Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2024-06-05 19:01:14 +02:00
Arthur Schiwon	340939e688	fix(Session): avoid password confirmation on SSO SSO backends like SAML and OIDC tried a trick to suppress password confirmations as they are not possible by design. At least for SAML it was not reliable when existing user backends where used as user repositories. Now we are setting a special scope with the token, and also make sure that the scope is taken over when tokens are regenerated. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2024-06-05 19:01:13 +02:00
Daniel	fca38e12c8	Merge pull request #45411 from nextcloud/fix/auth/selective-token-activity-update fix(auth): Update authtoken activity selectively	2024-05-29 12:05:45 +02:00
Andy Scherzinger	dae7c159f7	chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>	2024-05-24 13:11:22 +02:00
Christoph Wurst	bcc02a3c71	fix(auth): Update authtoken activity selectively Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2024-05-21 07:55:01 +02:00
Christoph Wurst	fe7217d2d3	Merge pull request #45026 from nextcloud/fix/token-update Avoid updating the same oc_authtoken row twice	2024-05-16 12:00:32 +02:00
Julius Härtl	04780ae30a	fix: Always set last activity if we update the row of an authtoken anyways Signed-off-by: Julius Härtl <jus@bitgrid.net>	2024-04-29 15:20:17 +02:00
Joas Schilling	bc4a102f52	fix(session): Avoid race condition for cache::get() vs. cache::hasKey() Signed-off-by: Joas Schilling <coding@schilljs.com>	2024-04-29 12:45:44 +02:00
Côme Chilliet	ec5133b739	fix: Apply new coding standard to all files Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2024-04-02 14:16:21 +02:00
Benjamin Gaussorgues	d1189f923c	feat(perf): add cache for authtoken lookup Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2024-02-28 15:04:04 +01:00
Côme Chilliet	a526a382bf	Import OCP IToken as OCPIToken to avoid a name clash in lib/private Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2024-01-11 15:45:14 +01:00
Côme Chilliet	8fc39aeb1c	Use IToken from OCP instead of OC Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2024-01-11 14:02:15 +01:00
Côme Chilliet	95ea6188dc	Suppress or fix psalm errors related to InvalidTokenException Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2024-01-11 14:02:15 +01:00
Côme Chilliet	eee9f1eec4	Always catch OCP versions of authentication exceptions And always throw OC versions for BC Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2024-01-11 14:02:15 +01:00
Joas Schilling	aa5f037af7	chore: apply changes from Nextcloud coding standards 1.1.1 Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2023-11-23 10:36:13 +01:00
Côme Chilliet	d8b42c6131	Allow passing null to PublicKeyToken::setScope, fixes tests Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-10-23 15:52:07 +02:00
Côme Chilliet	33a24134a7	Improve docblock annotations for tokens and their exceptions Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-10-23 15:20:04 +02:00
Côme Chilliet	58a57a714e	Use more precise typing for setScope method parameter Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-10-23 15:19:38 +02:00
Côme Chilliet	356f0291a2	Align PublicKeyToken with interface changes Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-10-23 09:41:32 +02:00
Côme Chilliet	f94fb33062	Move IToken and IProvider::getToken to OCP Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-10-20 17:51:33 +02:00
Lucas Azevedo	2a36acfc2b	Fix typo Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>	2023-08-25 11:20:34 -03:00
Lucas Azevedo	c93b1634d3	Fixes from static analysis Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com> Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>	2023-08-25 10:41:46 -03:00
Lucas Azevedo	fe9b9c1955	Add last-used-before option Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>	2023-08-25 02:07:57 -03:00
Côme Chilliet	b294edad80	Merge branch 'master' into enh/type-iconfig-getter-calls Signed-off-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>	2023-04-20 16:52:38 +02:00
Christoph Wurst	5eb768ac5e	fix(auth): Run token statements in atomic transaction All or nothing Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2023-04-12 15:55:42 +02:00
Côme Chilliet	426c0341ff	Use typed version of IConfig::getSystemValue as much as possible Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-04-05 12:50:08 +02:00
Côme Chilliet	8568c11d24	Merge pull request #36033 from nextcloud/invalidateTokensWhenDeletingOAuthClientMaster [master] invalidate existing tokens when deleting an oauth client	2023-03-15 11:09:51 +01:00
Artur Neumann	f634badf12	public interface to invalidate tokens of user Signed-off-by: Artur Neumann <artur@jankaritech.com>	2023-03-14 17:13:29 +01:00
Ember 'n0emis' Keske	6881d2f2f1	Don't try to hash a nonexisting password Allows to log-in via a passwordless authentication provider, eg SSO Signed-off-by: Ember 'n0emis' Keske <git@n0emis.eu>	2023-03-13 10:32:53 +01:00
Joas Schilling	6417ea0265	fix(authentication): Handle null or empty string password hash This can happen when the auth.storeCryptedPassword config is used, which previously errored with: Hasher::verify(): Argument #2 ($hash) must be of type string, null given Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-02-10 09:18:50 +01:00
Joas Schilling	e47d56ac36	Merge pull request #36621 from nextcloud/perf/noid/only-check-for-token-when-it-can-actually-be fix(performance): Only search for auth tokens when the provided login…	2023-02-10 01:29:30 +01:00
Julius Härtl	580feecdbf	fix(authtoken): Store only one hash for authtokens with the current password per user Signed-off-by: Julius Härtl <jus@bitgrid.net>	2023-02-09 13:44:00 +01:00
Joas Schilling	7a85a1596e	fix(authentication): Check minimum length when creating app tokens Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-02-09 09:58:35 +01:00
Joas Schilling	03a585ab4f	fix(performance): Only search for auth tokens when the provided login is long enough Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-02-08 22:45:23 +01:00
Côme Chilliet	f5c361cf44	composer run cs:fix Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2023-01-20 11:45:08 +01:00
Joas Schilling	2fb4dac7ad	fix(authentication): Update the token when the hash is null or can not be verified Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-01-09 16:32:36 +01:00
Joas Schilling	28b18d561c	fix(authentication): Only hash the new password when needed Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-01-09 15:58:26 +01:00
Joas Schilling	c5bb19641c	fix(authentication): Invert the logic to the original intention We need to store the new authentication details when the hash did not verify the old password. Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-01-09 15:13:08 +01:00
Joas Schilling	55d8aec759	fix(authentication): Only verify each hash once Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-01-09 14:53:12 +01:00
Julius Härtl	18164ae516	Merge pull request #33898 from nextcloud/fix/authtoken-password-update PublickKeyTokenProvider: Fix password update routine with password hash	2023-01-05 08:01:47 +01:00
Joas Schilling	b4a29644cc	Add a const for the max user password length Signed-off-by: Joas Schilling <coding@schilljs.com>	2023-01-04 11:23:43 +01:00
Marcel Klehr	adfe367106	PublickKeyTokenProvider: Fix password update routine with password hash Signed-off-by: Marcel Klehr <mklehr@gmx.net>	2023-01-04 08:30:53 +01:00
Christoph Wurst	c5922e67d3	Run session token renewals in a database transaction The session token renewal does 1) Read the old token 2) Write a new token 3) Delete the old token If two processes succeed to read the old token there can be two new tokens because the queries were not run in a transaction. This is particularly problematic on clustered DBs where 1) would go to a read node and 2) and 3) go to a write node. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2022-10-18 08:28:22 +02:00
Carl Schwan	9919116716	Merge pull request #31499 from nextcloud/bugfix/empty-secret Add fallback routines for empty secret cases	2022-10-17 16:02:58 +02:00
Carl Schwan	ef31396727	Mark method as deprecated Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com> Signed-off-by: Carl Schwan <carl@carlschwan.eu>	2022-09-13 13:06:54 +02:00
Thomas Citharel	3ce1996d5e	Add back TokenCleanupJob to invalidate old temporary tokens Signed-off-by: Thomas Citharel <tcit@tcit.fr>	2022-08-25 11:31:21 +02:00
Julius Härtl	9d1ec582ba	Do not update passwords if nothing changed Signed-off-by: Julius Härtl <jus@bitgrid.net>	2022-08-09 09:35:44 +02:00

1 2 3 4

184 commits