Christoph Wurst
82b50d126c
add PasswordLoginForbiddenException
2016-06-17 11:02:07 +02:00
Christoph Wurst
465807490d
create session token only for clients that support cookies
2016-06-13 19:44:05 +02:00
Christoph Wurst
331d88bcab
create session token on all APIs
2016-06-13 15:38:34 +02:00
Vincent Petry
6ba18934e6
Merge pull request #25000 from owncloud/fix-email-login-dav
...
Allow login by email address via webdav as well
2016-06-09 16:28:06 +02:00
Thomas Müller
f20c617154
Allow login by email address via webdav as well - fixes #24791
2016-06-09 12:08:49 +02:00
Christoph Wurst
46e26f6b49
catch sessionnotavailable exception if memory session is used
2016-06-08 15:03:15 +02:00
Christoph Wurst
ec929f07f2
When creating a session token, make sure it's the login password and not a device token
2016-06-08 13:31:55 +02:00
Christoph Wurst
c58d8159d7
Create session tokens for apache auth users
2016-05-31 17:07:49 +02:00
Lukas Reschke
aba539703c
Update license headers
2016-05-26 19:57:24 +02:00
Christoph Wurst
a922957f76
add default token auth config on install, upgrade and add it to sample config
2016-05-24 18:02:52 +02:00
Christoph Wurst
28ce7dd262
do not allow client password logins if token auth is enforced or 2FA is enabled
2016-05-24 17:54:02 +02:00
Christoph Wurst
ad10485cec
when generating browser/device token, save the login name for later password checks
2016-05-24 11:49:15 +02:00
Christoph Wurst
4128b853e5
login explicitly
2016-05-24 09:48:02 +02:00
Vincent Petry
5a8af2f0be
Merge pull request #24729 from owncloud/try-token-login-first
...
try token login first
2016-05-23 20:50:57 +02:00
Vincent Petry
4f6670d759
Merge pull request #24658 from owncloud/invalidate-disabled-user-session
...
invalidate user session if the user was disabled
2016-05-23 20:50:25 +02:00
Christoph Wurst
dfb4d426c2
Add two factor auth to core
2016-05-23 11:21:10 +02:00
Christoph Wurst
c20cdc2213
invalidate user session if the user is disabled
2016-05-23 10:32:16 +02:00
Christoph Wurst
11dc97da43
try token login first
2016-05-20 10:52:39 +02:00
Christoph Wurst
f824f3e5f3
don't allow token login for disabled users
2016-05-18 21:10:37 +02:00
Christoph Wurst
98b465a8b9
a single token provider suffices
2016-05-18 09:20:48 +02:00
Christoph Wurst
0486d750aa
use the UID for creating the session token, not the login name
2016-05-11 13:36:46 +02:00
Christoph Wurst
69dafd727d
delete the token in case an exception is thrown when decrypting the password
2016-05-11 13:36:46 +02:00
Christoph Wurst
46bdf6ea2b
fix PHPDoc and other minor issues
2016-05-11 13:36:46 +02:00
Christoph Wurst
a9b500c03b
catch possible SessionNotAvailableExceptions
2016-05-11 13:36:46 +02:00
Christoph Wurst
f0f8bdd495
PHPDoc and other minor fixes
2016-05-11 13:36:46 +02:00
Christoph Wurst
699289cd26
pass in $request on OCS api
2016-05-11 13:36:46 +02:00
Christoph Wurst
168ccf90a6
try apache auth too
2016-05-11 13:36:46 +02:00
Christoph Wurst
8cc5f6036f
Fix existing tests
2016-05-11 13:36:46 +02:00
Christoph Wurst
7aa16e1559
fix setup
2016-05-11 13:36:46 +02:00
Christoph Wurst
7e7d5a2ef2
Add fallback to allow user:token basic auth
2016-05-11 13:36:46 +02:00
Christoph Wurst
fdc2cd7554
Add token auth for OCS APIs
2016-05-11 13:36:46 +02:00
Christoph Wurst
8d48502187
Add index on 'last_activity'
...
add token type column and delete only temporary tokens in the background job
debounce token updates; fix wrong class import
2016-05-11 13:36:46 +02:00
Christoph Wurst
53636c73d6
Add controller to generate client tokens
2016-05-11 13:36:46 +02:00
Christoph Wurst
3ab922601a
Check if session token is valid and log user out if the check fails
...
* Update last_activity timestamp of the session token
* Check user backend credentials once in 5 minutes
2016-05-11 13:36:46 +02:00
Christoph Wurst
2fa5e0a24e
invalidate (delete) session token on logout
...
add 'last_activity' column to session tokens and delete old ones via a background job
2016-05-11 13:36:46 +02:00
Christoph Wurst
d8cde414bd
token based auth
...
* Add InvalidTokenException
* add DefaultTokenMapper and use it to check if a auth token exists
* create new token for the browser session if none exists
hash stored token; save user agent
* encrypt login password when creating the token
2016-05-11 13:36:46 +02:00
Roeland Jago Douma
9504500e5f
Move \OC\User to PSR-4
2016-05-10 19:53:36 +02:00