nextcloud

mirror of https://github.com/nextcloud/server.git synced 2026-04-24 15:53:36 -04:00

Author	SHA1	Message	Date
Christoph Wurst	2a529e453a	Use a blank line after the opening tag Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-09 11:50:14 +02:00
Christoph Wurst	41b5e5923a	Use exactly one empty line after the namespace declaration For PSR2 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-09 11:48:10 +02:00
Christoph Wurst	2fbad1ed72	Fix (array) indent style to always use one tab Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-09 10:16:08 +02:00
Christoph Wurst	85e369cddb	Fix multiline comments Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-04-08 22:24:54 +02:00
Roeland Jago Douma	19ca921676	Merge pull request #20241 from nextcloud/fix/license-headers-19 Update the license headers for Nextcloud 19	2020-04-01 12:44:21 +02:00
Roeland Jago Douma	590849e4d7	Merge pull request #19858 from nextcloud/feature/webauthn Add WebAuthn support	2020-03-31 22:55:13 +02:00
Roeland Jago Douma	53db05a1f6	Start with webauthn Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: npmbuildbot[bot] <npmbuildbot[bot]@users.noreply.github.com>	2020-03-31 22:17:07 +02:00
Roeland Jago Douma	f04f34b94b	Make password nullable in LoginData Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2020-03-31 21:52:01 +02:00
Roeland Jago Douma	84f3d2ddeb	[POC] Event for failed login attempts Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2020-03-31 21:41:02 +02:00
Christoph Wurst	1a9330cd69	Update the license headers for Nextcloud 19 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-03-31 14:52:54 +02:00
Christoph Wurst	74936c49ea	Remove unused imports Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-03-25 22:08:08 +01:00
Roeland Jago Douma	3b26bfe879	Merge pull request #20127 from nextcloud/bugfix/noid/check-user-on-remote-wipe Check the user on remote wipe	2020-03-24 20:26:52 +01:00
Joas Schilling	dc7913efcd	Fix recursive calls in logging via server methods Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-03-18 18:59:49 +01:00
Joas Schilling	9935c71ec3	Check the user on remote wipe Signed-off-by: Joas Schilling <coding@schilljs.com>	2020-03-16 09:29:28 +01:00
Christoph Wurst	1f7cb027a4	Merge pull request #19820 from nextcloud/fix/mismatching-docblock-return-type Fix mismatching docblock return types	2020-03-09 17:43:17 +01:00
Christoph Wurst	df9e2b828a	Fix mismatching docblock return types Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-03-06 16:38:25 +01:00
Christoph Wurst	5fc4c91a76	Fix mismatching doc block parameter types Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-03-06 16:28:42 +01:00
Christoph Wurst	6127c288e8	Fix license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-01-13 14:23:49 +01:00
Christoph Wurst	60d4b45e89	Clean up 2FA provider registry when a user is deleted Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2020-01-08 10:51:44 +01:00
Christoph Wurst	5bf3d1bb38	Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2019-12-05 15:38:45 +01:00
Roeland Jago Douma	b371e735cf	Throw an invalid token exception is token is marked outdated This avoids hitting the backend with multiple requests for the same token. And will help avoid quick LDAP lockouts. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-12-02 18:57:13 +01:00
Christoph Wurst	0299ea0a96	Handle token insert conflicts Env-based SAML uses the "Apache auth" mechanism to log users in. In this code path, we first delete all existin auth tokens from the database, before a new one is inserted. This is problematic for concurrent requests as they might reach the same code at the same time, hence both trying to insert a new row wit the same token (the session ID). This also bubbles up and disables user_saml. As the token might still be OK (both request will insert the same data), we can actually just check if the UIDs of the conflict row is the same as the one we want to insert right now. In that case let's just use the existing entry and carry on. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2019-11-26 12:07:12 +01:00
Christoph Wurst	128a460d7b	Add return type hint to credential store and make it strict Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2019-11-25 15:59:55 +01:00
Roeland Jago Douma	68748d4f85	Some php-cs fixes * Order the imports * No leading slash on imports * Empty line before namespace * One line per import * Empty after imports * Emmpty line at bottom of file Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-11-22 20:52:10 +01:00
Roeland Jago Douma	5122629bb0	Make renewSessionToken return the new token Avoids directly getting the token again. We just inserted it so it and have all the info. So that query is just a waste. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-10-09 10:10:37 +02:00
Roeland Jago Douma	3fccc7dc47	Cache the public key tokens Sometimes (esp with token auth) we query the same token multiple times. While this is properly indexed and fast it is still a bit of a waste. Right now it is doing very stupid caching. Which gets invalidate on any update. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-10-08 13:57:36 +02:00
Roeland Jago Douma	210a0554a2	Use the actual password to update the tokens Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-09-18 19:50:58 +02:00
Daniel Kesselberg	ee76b0fbd2	Add uid to delete temp token query Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2019-09-18 16:52:42 +02:00
Christoph Wurst	a1ef939c06	Use Symfony's new contract Event class instead of the deprecated one Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2019-09-12 14:44:55 +02:00
Daniel Kesselberg	608f4d3ee9	Pass $configargs to openssl_pkey_export Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2019-07-21 22:21:59 +02:00
Morris Jobke	4ae17427c5	Error with exception on SSL error Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2019-07-18 18:50:44 +02:00
Joas Schilling	565838da9c	Update unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>	2019-07-16 13:32:44 +02:00
Joas Schilling	64f67818bc	Fix new core notifier Signed-off-by: Joas Schilling <coding@schilljs.com>	2019-07-15 15:14:58 +02:00
Christoph Wurst	d058ef2b6c	Make it possible to wipe all tokens/devices of a user Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2019-07-09 13:57:04 +02:00
Christoph Wurst	1c261675ad	Refactor: move remote wipe token logic to RW service Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2019-07-09 13:39:27 +02:00
Christoph Wurst	c50fe2a9c9	Send emails when remote wipe starts/finishes Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2019-07-02 21:59:23 +02:00
Christoph Wurst	aa6622ccef	Decouple remote wipe notifcation channels with events Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2019-06-27 17:16:18 +02:00
Roeland Jago Douma	f03eb7ec3c	Remote wipe support This allows a user to mark a token for remote wipe. Clients that support this can then wipe the device properly. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2019-05-20 20:50:27 +02:00
Roeland Jago Douma	579162d7b9	Allow 2FA to be setup on first login Once 2FA is enforced for a user and they have no 2FA setup yet this will now prompt them with a setup screen. Given that providers are enabled that allow setup then. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2019-05-17 10:11:53 +02:00
Christoph Wurst	170582d4f5	Add a login chain to reduce the complexity of LoginController::tryLogin Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2019-05-07 18:04:36 +02:00
Daniel Kesselberg	34e849d702	Add interface INamedToken Remove $token instanceof DefaultToken \|\| $token instanceof PublicKeyToken Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2019-02-02 20:21:57 +01:00
Roeland Jago Douma	ac8a6e2244	Clean pending 2FA authentication on password reset When a password is reste we should make sure that all users are properly logged in. Pending states should be cleared. For example a session where the 2FA code is not entered yet should be cleared. The token is now removed so the session will be killed the next time this is checked (within 5 minutes). Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2019-01-29 13:08:56 +01:00
Daniel Kesselberg	ec8aefc762	Read openssl error and log Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2018-12-06 21:27:57 +01:00
Roeland Jago Douma	674930da7f	Move ExpiredTokenException to the correct namespace Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-10-30 19:30:45 +01:00
Roeland Jago Douma	34f5f4091e	Catch more occurences where ExpiredTokenException can be thrown Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-10-21 14:37:08 +02:00
Roeland Jago Douma	b3a92a4e39	Expired PK tokens should not fall back to legacy tokens Fixes #11919 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-10-21 14:34:29 +02:00
Christoph Wurst	83e994c11f	Make it possible to enforce mandatory 2FA for groups Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2018-10-15 08:22:52 +02:00
Roeland Jago Douma	19f84f7b54	Add tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-10-02 19:50:54 +02:00
Roeland Jago Douma	d9febae5b2	Update all the publickey tokens if needed on web login * On weblogin check if we have invalid public key tokens * If so update them all with the new token This ensures that your marked as invalid tokens work again if you once login on the web. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-10-02 19:50:54 +02:00
Roeland Jago Douma	00e99af586	Mark token as invalid if the password doesn't match Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-10-02 19:50:44 +02:00
Roeland Jago Douma	a95154642d	Emit event on enablign or disabling of 2FA provider Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-10-01 15:35:24 +02:00
Christoph Wurst	259c0ce11d	Add mandatory 2FA service/class Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2018-09-30 11:47:29 +02:00
Morris Jobke	ee73f6c416	Merge pull request #11240 from nextcloud/feature/noid/consider-openssl-settings-from-config.php Consider openssl settings from config.php	2018-09-25 18:04:20 +02:00
Christoph Wurst	7586b19e52	Only allow 2FA state changs if providers support the operation Ref https://github.com/nextcloud/server/issues/11019. Add `twofactorauth:cleanup` command Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2018-09-25 09:54:20 +02:00
Joas Schilling	f258e65f13	Also adjust the expiration of PublicKeyTokenProvider Signed-off-by: Joas Schilling <coding@schilljs.com>	2018-09-20 09:54:27 +02:00
Joas Schilling	5e6187926f	Copy the expiration from `480864b3e3` to getTokenById Signed-off-by: Joas Schilling <coding@schilljs.com>	2018-09-19 17:55:48 +02:00
Daniel Kesselberg	90a9a1ecc6	Consider openssl settings from config.php Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2018-09-16 11:51:15 +02:00
Roeland Jago Douma	47b46fa69d	Expire tokens hardening Just to be sure that the field is also not 0 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-09-07 10:01:31 +02:00
Christoph Wurst	fb98db7da7	Fix handlng of concurrent inserts of the 2FA provider registry DAO Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2018-08-31 11:46:27 +02:00
Christoph Wurst	1124b87bc0	Fix 2FA being enforced if only backup codes provider is active Fixes https://github.com/nextcloud/server/issues/10634. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2018-08-10 09:26:40 +02:00
Christoph Wurst	8db66d5dfb	Fix double-inserts of the same provider state Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2018-08-09 13:56:04 +02:00
Christoph Wurst	d8197f2b97	Rename providerset method to get primary providers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2018-08-08 20:28:21 +02:00
Christoph Wurst	c6e47e8a51	Fix login redirection if only one 2FA provider is active Fixes https://github.com/nextcloud/server/issues/10500. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2018-08-08 15:25:59 +02:00
Christoph Wurst	d248a0bd1e	Fix 2FA provider registry population on login If the 2FA provider registry has not been populated yet, we have to make sure all available providers are loaded and queried on login. Otherwise previously active 2FA providers aren't detected as enabled. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2018-08-08 06:57:52 +02:00
Christoph Wurst	fc149bab3c	Fix duplicate inserts in the 2fa provider registry DAO Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2018-07-31 06:43:44 +02:00
Christoph Wurst	7be465febe	Make new classes strict and fix license header Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2018-06-25 07:38:52 +02:00
Christoph Wurst	13d93f5b25	Make 2FA providers stateful This adds persistence to the Nextcloud server 2FA logic so that the server knows which 2FA providers are enabled for a specific user at any time, even when the provider is not available. The `IStatefulProvider` interface was added as tagging interface for providers that are compatible with this new API. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2018-06-20 08:30:26 +02:00
Roeland Jago Douma	82959ca93e	Comments Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-06-19 07:46:43 +02:00
Roeland Jago Douma	970dea9264	Add getProvider helper function Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-06-18 22:11:55 +02:00
Roeland Jago Douma	df34571d1d	Use constant for token version And don't set the version in the constructor. That would possible cause to many updates. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-06-18 22:11:55 +02:00
Roeland Jago Douma	9e7a95fe58	Add more tests * Add a lot of tests * Fixes related to those tests * Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-06-18 22:11:55 +02:00
Roeland Jago Douma	1999f7ce7b	Generate the new publicKey tokens by default! Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-06-18 22:11:55 +02:00
Roeland Jago Douma	f168ecfa7a	Actually convert the token * When getting the token * When rotating the token * Also store the encrypted password as base64 to avoid weird binary stuff Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-06-18 22:11:55 +02:00
Roeland Jago Douma	d03d16a936	Add publickey provider to manager Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-06-18 22:11:55 +02:00
Roeland Jago Douma	4bbc21cb21	SetPassword on PublicKeyTokens Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-06-18 22:11:55 +02:00
Roeland Jago Douma	4c0d710479	Just pass uid to the Token stuff We don't have user objects in the code everywhere Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-06-18 22:11:54 +02:00
Roeland Jago Douma	1f17010e0b	Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-06-18 22:11:54 +02:00
Roeland Jago Douma	02e0af1287	Initial PKT implementation Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-06-18 22:11:54 +02:00
Roeland Jago Douma	3dd5f3d5f6	Abstract the Provider via a manager Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-06-18 22:11:53 +02:00
Roeland Jago Douma	480864b3e3	Make the token expiration also work for autocasting 0 Some bad databases don't respect the default null apprently. Now even if they cast it to 0 it should work just fine. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-06-08 16:20:43 +02:00
Roeland Jago Douma	6b7cf46727	Certain tokens can expire However due to the nature of what we store in the token (encrypted passwords etc). We can't just delete the tokens because that would make the oauth refresh useless. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-05-17 16:10:19 +02:00
Roeland Jago Douma	aba255997a	Allow the rotation of tokens This for example will allow rotating the apptoken for oauth Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-05-16 19:27:19 +02:00
Roeland Jago Douma	4ea2daf04d	Refix scope Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-05-15 11:41:27 +02:00
Roeland Jago Douma	466297829e	Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-05-15 10:56:40 +02:00
Roeland Jago Douma	47388e1cfe	Make the Token Auth code strict In preparation for #9441 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-05-15 10:32:30 +02:00
Roeland Jago Douma	610c66520b	Move over TokenMapper Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-05-10 19:47:43 +02:00
Morris Jobke	eb51f06a3b	Use ::class statement instead of string Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2018-01-29 12:03:47 +01:00
Roeland Jago Douma	eddd135f14	Dispatch event on twofactor failure and success Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2018-01-25 13:25:09 +01:00
Flávio Gomes da Silva Lisboa	5ca9a7d6bc	Loss of performance on Login after upgrade from NC10 + LDAP to NC 12 + LDAP #6732 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	2017-11-27 09:22:44 +01:00
Morris Jobke	0eebff152a	Update license headers Signed-off-by: Morris Jobke <hey@morrisjobke.de>	2017-11-06 16:56:19 +01:00
Christoph Wurst	38bb6e1477	Fix duplicate session token after remembered login On a remembered login session, we create a new session token in the database with the values of the old one. As we actually don't need the old session token anymore, we can delete it right away. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2017-09-20 21:39:31 +02:00
Roeland Jago Douma	9163cf9241	Fix AppPassword 2FA auth Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-09-12 22:28:43 +02:00
Roeland Jago Douma	b96485b6bd	Fix login with basic auth Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-09-05 12:24:41 +02:00
Roeland Jago Douma	84b7022118	Improve 2FA * Store the auth state in the session so we don't have to query it every time. * Added some tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-08-29 20:27:36 +02:00
Joas Schilling	fc22a2cb07	Fix auth provider Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-08-02 09:48:16 +02:00
Joas Schilling	a76d4ef04e	Fix clob comparison Signed-off-by: Joas Schilling <coding@schilljs.com>	2017-08-02 09:48:15 +02:00
Roeland Jago Douma	5f227bd93b	More phpstorm inspection fixes Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	2017-07-24 11:39:29 +02:00
Marcel Waldvogel	4e42f059ed	Minor typos Signed-off-by: Marcel Waldvogel <marcel.waldvogel@uni-konstanz.de>	2017-07-21 09:50:44 +02:00
Lukas Reschke	7976927628	Merge pull request #4894 from nextcloud/generic-security-activities Change 2FA activities to more generic security activities	2017-05-19 00:50:44 +02:00
Christoph Wurst	0928b5f621	Change 2FA activities to more generic security activities Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2017-05-18 22:10:57 +02:00

1 2 3 4 5

214 commits