upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-02-24 02:11:51 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions 15
74593 commits 675 branches 1186 tags 6.7 GiB
Commit graph

294 commits

Author SHA1 Message Date
Arthur Schiwon
95f7613581 fix(Token): take over scope in token refresh with login by cookie 
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-07-22 06:54:44 +00:00
Arthur Schiwon
0ba9f046e7 fix(Session): avoid race conditions on clustered setups 
- re-stablishes old behaviour with cache to return null instead of throwing
  an InvalidTokenException when the token is cached as non-existing
- token invalidation and re-generation are bundled in a DB transaction now

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-07-11 07:29:09 +00:00
Arthur Schiwon
f0494ec17a fix(Session): avoid password confirmation on SSO 
SSO backends like SAML and OIDC tried a trick to suppress password
confirmations as they are not possible by design. At least for SAML it was
not reliable when existing user backends where used as user repositories.

Now we are setting a special scope with the token, and also make sure that
the scope is taken over when tokens are regenerated.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-06-11 20:19:18 +02:00
Côme Chilliet
20e378d5e5
Merge pull request #44564 from nextcloud/automated/noid/stable29-update-psalm-baseline 
[stable29] Update psalm-baseline.xml
 2024-05-06 19:31:16 +02:00
Côme Chilliet
82e593b83b
chore: Fix small psalm errors related to documented return types 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-05-06 18:21:38 +02:00
Joas Schilling
487dfb62d3 fix(session): Avoid race condition for cache::get() vs. cache::hasKey() 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2024-05-06 06:15:27 +00:00
Côme Chilliet
0b332ceac2 fix: Apply new coding standard to all files 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-04-04 11:45:22 +02:00
Benjamin Gaussorgues
d1189f923c
feat(perf): add cache for authtoken lookup 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2024-02-28 15:04:04 +01:00
Vincent Petry
839ddaa354
feat: rename users to account or person 
Replace translated text in most locations

Signed-off-by: Vincent Petry <vincent@nextcloud.com>
 2024-02-13 21:06:30 +01:00
Côme Chilliet
8bcc2d352e chore: Fix missing template parameter for IEventListener 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-01-30 10:57:15 +01:00
Côme Chilliet
a526a382bf
Import OCP IToken as OCPIToken to avoid a name clash in lib/private 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-01-11 15:45:14 +01:00
Côme Chilliet
37a6e15f87 Use OCP version of IToken in AppPasswordCreatedEvent 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-01-11 14:02:15 +01:00
Côme Chilliet
8fc39aeb1c Use IToken from OCP instead of OC 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-01-11 14:02:15 +01:00
Côme Chilliet
95ea6188dc Suppress or fix psalm errors related to InvalidTokenException 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-01-11 14:02:15 +01:00
Côme Chilliet
eee9f1eec4 Always catch OCP versions of authentication exceptions 
And always throw OC versions for BC

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-01-11 14:02:15 +01:00
Alexander Piskun
26d343d33a
AppAPI: allowed to bypass Two-Factor 
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
 2023-12-28 20:59:02 +03:00
Joas Schilling
aa5f037af7
chore: apply changes from Nextcloud coding standards 1.1.1 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2023-11-23 10:36:13 +01:00
Christoph Wurst
a5422a3998
fix: Show error message when CSRF check fails at login 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-11-08 15:18:34 +01:00
Côme Chilliet
d8b42c6131
Allow passing null to PublicKeyToken::setScope, fixes tests 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-10-23 15:52:07 +02:00
Côme Chilliet
33a24134a7
Improve docblock annotations for tokens and their exceptions 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-10-23 15:20:04 +02:00
Côme Chilliet
58a57a714e
Use more precise typing for setScope method parameter 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-10-23 15:19:38 +02:00
Côme Chilliet
1bdf952fde
Make sure that OC interfaces returns OC interfaces for backward compatibility 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-10-23 11:08:23 +02:00
Côme Chilliet
b82e25ea7a
Move Exceptions used in OCP to OCP 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-10-23 10:26:25 +02:00
Côme Chilliet
356f0291a2
Align PublicKeyToken with interface changes 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-10-23 09:41:32 +02:00
Côme Chilliet
f94fb33062
Move IToken and IProvider::getToken to OCP 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-10-20 17:51:33 +02:00
Benjamin Gaussorgues
4361019f2f
fix(twofactor): avoid error in pgsql for duplicate entry 
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2023-10-06 11:23:23 +02:00
Lucas Azevedo
2a36acfc2b Fix typo 
Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>
 2023-08-25 11:20:34 -03:00
Lucas Azevedo
c93b1634d3
Fixes from static analysis 
Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com>
Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>
 2023-08-25 10:41:46 -03:00
Lucas Azevedo
fe9b9c1955 Add last-used-before option 
Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>
 2023-08-25 02:07:57 -03:00
Daniel Kesselberg
32303b6ed5 docs: remove superfluous phpdocs 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2023-08-10 15:01:56 +02:00
Joas Schilling
dac31ad101
fix!: Remove legacy event dispatching Symfony's GenericEvent from 2FA Manager 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-07-27 09:57:52 +02:00
Christoph Wurst
14719110b9 chore: Replace \OC::$server->query with \OCP\Server::get in /lib 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-07-06 15:21:22 +02:00
Joas Schilling
05aa39d777
Fix event names of 2FA related typed events 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-07-03 14:25:01 +02:00
Côme Chilliet
b294edad80
Merge branch 'master' into enh/type-iconfig-getter-calls 
Signed-off-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
 2023-04-20 16:52:38 +02:00
Christoph Wurst
5eb768ac5e
fix(auth): Run token statements in atomic transaction 
All or nothing

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-04-12 15:55:42 +02:00
Côme Chilliet
426c0341ff
Use typed version of IConfig::getSystemValue as much as possible 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-04-05 12:50:08 +02:00
jld3103
d9f8522003
Fix types for reading and writing config values 
Signed-off-by: jld3103 <jld3103yt@gmail.com>
 2023-04-05 09:08:56 +02:00
Côme Chilliet
8568c11d24
Merge pull request #36033 from nextcloud/invalidateTokensWhenDeletingOAuthClientMaster 
[master] invalidate existing tokens when deleting an oauth client
 2023-03-15 11:09:51 +01:00
Artur Neumann
f634badf12
public interface to invalidate tokens of user 
Signed-off-by: Artur Neumann <artur@jankaritech.com>
 2023-03-14 17:13:29 +01:00
Ember 'n0emis' Keske
6881d2f2f1
Don't try to hash a nonexisting password 
Allows to log-in via a passwordless authentication provider, eg SSO

Signed-off-by: Ember 'n0emis' Keske <git@n0emis.eu>
 2023-03-13 10:32:53 +01:00
Joas Schilling
6417ea0265
fix(authentication): Handle null or empty string password hash 
This can happen when the auth.storeCryptedPassword config is used,
which previously errored with:
Hasher::verify(): Argument #2 ($hash) must be of type string, null given

Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-02-10 09:18:50 +01:00
Joas Schilling
e47d56ac36
Merge pull request #36621 from nextcloud/perf/noid/only-check-for-token-when-it-can-actually-be 
fix(performance): Only search for auth tokens when the provided login…
 2023-02-10 01:29:30 +01:00
Julius Härtl
580feecdbf
fix(authtoken): Store only one hash for authtokens with the current password per user 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2023-02-09 13:44:00 +01:00
Joas Schilling
7a85a1596e
fix(authentication): Check minimum length when creating app tokens 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-02-09 09:58:35 +01:00
Joas Schilling
03a585ab4f
fix(performance): Only search for auth tokens when the provided login is long enough 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-02-08 22:45:23 +01:00
Côme Chilliet
f5c361cf44
composer run cs:fix 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-01-20 11:45:08 +01:00
Vincent Petry
c2165b84e6
Merge pull request #36001 from nextcloud/validate-user-tz 
Validate user timezone given from login data before saving it
 2023-01-11 19:53:37 +01:00
Joas Schilling
2fb4dac7ad
fix(authentication): Update the token when the hash is null or can not be verified 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-01-09 16:32:36 +01:00
Joas Schilling
28b18d561c
fix(authentication): Only hash the new password when needed 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-01-09 15:58:26 +01:00
Joas Schilling
c5bb19641c
fix(authentication): Invert the logic to the original intention 
We need to store the new authentication details when the hash did **not** verify
the old password.

Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-01-09 15:13:08 +01:00