Commit Graph

55 Commits

Author SHA1 Message Date
Roeland Jago Douma cd457cc68b Always renew apppasswords on login
Else you can end up that you renewed your password (LDAP for example).
But they still don't work because you did not use them before you logged
in.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2021-02-10 19:02:37 +01:00
Joas Schilling 49ff48fcd3
Use PSR logger in authentication
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-10-12 22:07:04 +02:00
Christoph Wurst d9015a8c94
Format code to a single space around binary operators
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-10-05 20:25:24 +02:00
Roeland Jago Douma 76a7600e2e
Allow configuring the activity update interval of token
On some systems with a lot of users this creates a lot of extra DB
writes.
Being able to increase this interval helps there.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-10-04 09:31:41 +02:00
Morris Jobke 234b510652
Change PHPDoc type hint from PHPUnit_Framework_MockObject_MockObject to \PHPUnit\Framework\MockObject\MockObject
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-08-12 13:55:19 +02:00
Christoph Wurst caff1023ea
Format control structures, classes, methods and function
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.

This also removes and empty lines from method/function bodies at the
beginning and end.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 14:19:56 +02:00
Christoph Wurst afbd9c4e6e
Unify function spacing to PSR2 recommendation
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 13:54:22 +02:00
Christoph Wurst 2a529e453a
Use a blank line after the opening tag
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 11:50:14 +02:00
Christoph Wurst 463b388589
Merge pull request #20170 from nextcloud/techdebt/remove-unused-imports
Remove unused imports
2020-03-27 17:14:08 +01:00
Christoph Wurst 2ee65f177e
Use the shorter phpunit syntax for mocked return values
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-25 22:21:27 +01:00
Christoph Wurst 74936c49ea
Remove unused imports
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-25 22:08:08 +01:00
Joas Schilling 9935c71ec3
Check the user on remote wipe
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-03-16 09:29:28 +01:00
Roeland Jago Douma 3a7cf40aaa
Mode to modern phpunit
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-27 15:27:18 +01:00
Roeland Jago Douma c007ca624f
Make phpunit8 compatible
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-27 13:34:41 +01:00
Christoph Wurst 0299ea0a96
Handle token insert conflicts
Env-based SAML uses the "Apache auth" mechanism to log users in. In this
code path, we first delete all existin auth tokens from the database,
before a new one is inserted. This is problematic for concurrent
requests as they might reach the same code at the same time, hence both
trying to insert a new row wit the same token (the session ID). This
also bubbles up and disables user_saml.

As the token might still be OK (both request will insert the same data),
we can actually just check if the UIDs of the conflict row is the same
as the one we want to insert right now. In that case let's just use the
existing entry and carry on.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-11-26 12:07:12 +01:00
Roeland Jago Douma 68748d4f85
Some php-cs fixes
* Order the imports
* No leading slash on imports
* Empty line before namespace
* One line per import
* Empty after imports
* Emmpty line at bottom of file

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-22 20:52:10 +01:00
Christoph Wurst d058ef2b6c
Make it possible to wipe all tokens/devices of a user
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-07-09 13:57:04 +02:00
Christoph Wurst 1c261675ad
Refactor: move remote wipe token logic to RW service
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-07-09 13:39:27 +02:00
Christoph Wurst aa6622ccef Decouple remote wipe notifcation channels with events
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-06-27 17:16:18 +02:00
Joas Schilling bb352fb667
Use the defined func()->count() instead of manual counting
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-11-08 15:44:45 +01:00
Roeland Jago Douma 674930da7f
Move ExpiredTokenException to the correct namespace
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-30 19:30:45 +01:00
Roeland Jago Douma 19f84f7b54
Add tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-02 19:50:54 +02:00
Daniel Kesselberg 6bdcec67ab
Add openssl to mock
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-09-16 12:38:08 +02:00
Roeland Jago Douma df34571d1d
Use constant for token version
And don't set the version in the constructor. That would possible cause
to many updates.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-18 22:11:55 +02:00
Roeland Jago Douma 9e7a95fe58
Add more tests
* Add a lot of tests
* Fixes related to those tests
* Fix tests

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-18 22:11:55 +02:00
Roeland Jago Douma 4bbc21cb21
SetPassword on PublicKeyTokens
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-18 22:11:55 +02:00
Roeland Jago Douma 4c0d710479
Just pass uid to the Token stuff
We don't have user objects in the code everywhere

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-18 22:11:54 +02:00
Roeland Jago Douma 1f17010e0b
Add first tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-18 22:11:54 +02:00
Roeland Jago Douma 6b7cf46727
Certain tokens can expire
However due to the nature of what we store in the token (encrypted
passwords etc). We can't just delete the tokens because that would make
the oauth refresh useless.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-17 16:10:19 +02:00
Roeland Jago Douma aba255997a
Allow the rotation of tokens
This for example will allow rotating the apptoken for oauth

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-16 19:27:19 +02:00
Roeland Jago Douma 466297829e
Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-15 10:56:40 +02:00
Lukas Reschke 9ac878b6cb
Adjust tests for added lastCheck time
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-11-27 09:25:03 +01:00
Christoph Wurst 38bb6e1477
Fix duplicate session token after remembered login
On a remembered login session, we create a new session token
in the database with the values of the old one. As we actually
don't need the old session token anymore, we can delete it right
away.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-09-20 21:39:31 +02:00
Lukas Reschke 59e968977c
Add test for DefaultTokenMapper
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 20:49:09 +02:00
Lukas Reschke 77827ebf11
Rename table back to lowercase
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 20:49:09 +02:00
Bjoern Schiessle 1eb7f4956b
delete auth token when client gets deleted
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-05-18 20:49:07 +02:00
Joas Schilling d2d9f74707
Fix warning with undefined method
Trying to configure method "getRemember" which cannot be configured
because it does not exist, has not been specified, is final, or is
static

Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-20 12:37:59 +02:00
Christoph Wurst e782f90d98
DefaultTokenProviderTest mocked/asserted the wrong method
It's 'getRemember' instead of 'getRememberMe', hence some warnings
were generated by phpunit.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-02-28 10:26:19 +01:00
Christoph Wurst 2183a1f3e6 copy remember-me value when renewing a session token
On renew, a session token is duplicated. For some reason we did
not copy over the remember-me attribute value. Hence, the new token
was deleted too early in the background job and remember-me did
not work properly.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-11-27 14:19:57 +01:00
Robin Appelman e633f2f8df
add test
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 15:24:33 +01:00
Roeland Jago Douma e5bc80b31d
Adds TokenProvider and Mapper tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-16 15:24:31 +01:00
Robin Appelman 91851c37be
add tests
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 15:24:30 +01:00
Robin Appelman 4c3d18a9fc
explicit types
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 15:24:29 +01:00
Lukas Reschke 9d6e01ef40
Add missing tests and fix PHPDoc
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-02 13:39:17 +01:00
Christoph Wurst d907666232
bring back remember-me
* try to reuse the old session token for remember me login
* decrypt/encrypt token password and set the session id accordingly
* create remember-me cookies only if checkbox is checked and 2fa solved
* adjust db token cleanup to store remembered tokens longer
* adjust unit tests

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-11-02 13:39:16 +01:00
Roeland Jago Douma 4d3b92e687
Fix getMock Authentication 2016-09-06 09:29:27 +02:00
Vincent Petry 3db5de95bd Merge pull request #25172 from owncloud/token-login-validation
Token login validation
2016-06-22 13:58:56 +02:00
Christoph Wurst b805908dca
update session token password on user password change 2016-06-21 10:24:25 +02:00
Christoph Wurst fb36fd495b
fix DefaultTokenMapperTest 2016-06-20 09:25:15 +02:00
Christoph Wurst 5c68084823
fix default token provider tests 2016-06-20 09:17:19 +02:00