Commit Graph

122 Commits

Author SHA1 Message Date
Joas Schilling 9212089151
Use the new method in the old one to remove duplicate code
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-27 08:56:51 +02:00
Joas Schilling 9e6ac3de70
Allow to create a user for a specific backend
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-26 15:07:11 +02:00
Joas Schilling ac0c21f4a7
Trigger change when a user is enabled/disabled
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-25 17:20:35 +02:00
Joas Schilling a3922bbcdc
Better validation of allowed user names
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-18 14:29:34 +02:00
Roeland Jago Douma f40b9fa9bd Merge pull request #4330 from nextcloud/activities-for-password-mail-change
Add activities when email or password is changed
2017-04-14 08:16:43 +02:00
Morris Jobke d36751ee38 Merge pull request #2424 from nextcloud/fix-login-controller-test-consolidate-login
Fix login controller test and consolidate login
2017-04-13 12:16:38 -05:00
Morris Jobke ac05d6dd67
Improve PHPDoc
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-13 12:16:12 -05:00
Joas Schilling 1110b51aa3
Allow to read the old email on the hook as well
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:34:02 +02:00
Joas Schilling 7ad791efb4
Dont create a log entry on email login
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-07 10:15:20 +02:00
Arthur Schiwon fbadb37b9b
use known LockdownManager
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-04-06 15:27:30 +02:00
Arthur Schiwon 0a463e55ae
Save correct login name
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-04-06 15:22:43 +02:00
Arthur Schiwon daf9d23547
don't regenerate Session ID twice, also fixes tests
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-04-06 15:22:43 +02:00
Arthur Schiwon 50844e8c47
regenerate session id on successful login, fixes integration test
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-04-06 15:22:43 +02:00
Arthur Schiwon 7b3fdfeeaa
do login routine only once when done via LoginController
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-04-06 15:22:42 +02:00
Robin Appelman baec42e80a
Save the scope of an auth token in the session
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-04-05 17:58:33 +02:00
Robin Appelman 0aeb595784
user ids are strings
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-03-30 12:24:46 +02:00
Morris Jobke d197f609a8 Merge pull request #3889 from nextcloud/downstream-26950
Sharing dialog: make autocomplete sorting case insensitive
2017-03-23 23:45:28 -06:00
Morris Jobke dbaebc53b0
fix sorting in the backend
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-23 15:41:25 -06:00
Joas Schilling 257fbd85eb Merge pull request #3929 from nextcloud/downstream-27068
cache loadUser if not exists
2017-03-20 12:44:54 +01:00
Vincent Petry aacfef463c
Add tests for database user backend caching
Add comment, closeCursor in user DB query

Invalidate user in cache after successful creation

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-20 02:03:03 -06:00
Jörn Friedrich Dreyer 592c04a9db
cache loadUser if not exists
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-20 02:01:41 -06:00
Felix Rupp e7dc1f4326
Add postLogout hook to finish sessions from external session managers (#27048)
* Add postLogout hook to finish sessions from external session managers like CAS

* Add postLogout hook to finish sessions from external session managers like CAS

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-19 23:00:12 -06:00
Lukas Reschke d134dea508
Don't call function in constructor
The constructor is iniitiated already very early in base.php, thus requiring this here will break the setup and some more. For now we probably have to live with a static function call here thus.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-16 21:59:47 +01:00
Lukas Reschke 085891a15d
Escape like parameters in database user backend
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-03-15 22:46:40 +01:00
Morris Jobke a5ba1f7803
Remove legacy class OC_Group and OC_User
* basically a straight replacement of the wrapped code at the calling code parts

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-09 17:35:09 -06:00
blizzz 19fc68cbdc Merge pull request #2606 from temparus/master
Add preLoginValidation hook
2017-02-15 21:47:47 +01:00
Morris Jobke dfaaebd765 Merge pull request #3417 from nextcloud/push-notification
Push notification
2017-02-10 16:00:47 -06:00
Joas Schilling 7c47f822a1
Save the used token id in the session so it can be used later on
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-02-09 15:02:59 +01:00
Robin Appelman fa49c4a13b
Add a single public api for resolving a cloud id to a user and remote and back
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-02-08 15:17:02 +01:00
Sandro Lutz 9b6f99ab08 Update license header
Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
2017-02-07 01:25:39 +01:00
Sandro Lutz fa1d607bfa Merge remote-tracking branch 'nextcloud/master'
Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
2017-02-07 00:15:30 +01:00
Sandro Lutz 6feff0ceba Add check if UserManager is of type PublicEmitter before calling preLogin hook
Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
2017-02-01 21:53:50 +01:00
Sandro Lutz e30d28f7eb Change where preLogin hook gets called
Signed-off-by: Sandro Lutz <sandro.lutz@temparus.ch>
2017-02-01 21:53:42 +01:00
Morris Jobke a4ad8af6e3
Add proper default value for datadir
* better safe than sorry
* fixes #3091

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-01-19 19:49:41 -06:00
Bjoern Schiessle cdf01feba7
add action to existing brute force protection
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-01-18 15:25:16 +01:00
Loki3000 8ab16f87ac spaces added 2017-01-10 16:44:14 +03:00
Loki3000 5c77923360 allowed '0' uid 2017-01-10 16:39:10 +03:00
Loki3000 b0ff59d42f remove non required db requests 2017-01-10 13:09:33 +03:00
Loki3000 135198bf0d Default value for null user
For guest users on every request executes query:
SELECT `uid`, `displayname` FROM `users` WHERE LOWER(`uid`) = LOWER(null)
as I see, uid can't be equal to null by design.
2017-01-09 23:34:23 +03:00
Joas Schilling 5aa388bbe2
Make sure the loginname is set when logging in via cookie
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-01-05 12:17:30 +01:00
Vincent Petry 91cd57e55b
Get user home folder before deletion
After the deletion getHome() will fail because the user doesn't exist
any more, so we need to fetch that value earlier.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-12-23 12:42:31 +01:00
Roeland Jago Douma e368a745aa
Set last-login-check on basic auth
Else the last-login-check fails hard because the session value is not
set and thus defaults to 0.

* Started with tests

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-12-05 20:57:15 +01:00
Christoph Wurst 9b808c4014 do not remember session tokens by default
We have to respect the value of the remember-me checkbox. Due to an error
in the source code the default value for the session token was to remember
it.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-11-27 14:03:28 +01:00
Robin Appelman 0e88b519d1
fix warning with token login
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 16:33:56 +01:00
Robin Appelman 2389e0f250
read lockdown scope from token
Signed-off-by: Robin Appelman <icewind@owncloud.com>
2016-11-16 15:24:27 +01:00
Robin Appelman b56f2c9ed0
basic lockdown logic
Signed-off-by: Robin Appelman <icewind@owncloud.com>
2016-11-16 15:24:23 +01:00
Roeland Jago Douma f07d75a4dd
@since 9.2.0 to @since 11.0.0
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-15 18:51:52 +01:00
Thomas Müller 506ccdbd8d
Introduce an event for first time login based on the last login time stamp
Use firstLogin event to trigger creation of default calendar and default address book

Delay login of admin user after setup so that firstLogin event can properly be processed for the admin

Fixing tests ...

Skeleton files are not copied over -> only 3 cache entries are remaining

Use updateLastLoginTimestamp to properly setup lastLogin value for a test user
2016-11-14 14:50:10 +01:00
Christoph Wurst 6f86e468d4
inject ISecureRandom into user session and use injected config too
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-11-02 13:39:16 +01:00
Christoph Wurst d907666232
bring back remember-me
* try to reuse the old session token for remember me login
* decrypt/encrypt token password and set the session id accordingly
* create remember-me cookies only if checkbox is checked and 2fa solved
* adjust db token cleanup to store remembered tokens longer
* adjust unit tests

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-11-02 13:39:16 +01:00