mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
39,692 Commits 349 Branches 696 Tags 1.6 GiB
Commit Graph

68 Commits

Author SHA1 Message Date
Joas Schilling c9430fbb77
Fix auth provider 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-08-03 16:40:17 +02:00
Joas Schilling 5d7cab245f
Fix clob comparison 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-08-03 16:39:41 +02:00
Lukas Reschke 7976927628 Merge pull request #4894 from nextcloud/generic-security-activities 
Change 2FA activities to more generic security activities
 2017-05-19 00:50:44 +02:00
Christoph Wurst 0928b5f621
Change 2FA activities to more generic security activities 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2017-05-18 22:10:57 +02:00
Lukas Reschke 77827ebf11
Rename table back to lowercase 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-05-18 20:49:09 +02:00
Bjoern Schiessle 1eb7f4956b
delete auth token when client gets deleted 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2017-05-18 20:49:07 +02:00
Martin 53b8330e6d
Defining App "cron" for "Invalidating tokens older than" message #27167 (#27201) 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-03-19 22:51:47 -06:00
Christoph Wurst 21d3fe5883
do not hard-require the token provider 
The provider might need DB access and therefore depenedency
resolution fails on the setup page where we cannot inject
the db implementation.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2017-01-11 19:20:11 +01:00
Christoph Wurst 6f74ecd94a
use login hook credentials as fallback 
If no session token is available, we can use the credentials provided
by the login hook.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2017-01-11 19:20:11 +01:00
Christoph Wurst 3316a9d294
fix @since annotations (9.1->12) 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2017-01-11 19:20:11 +01:00
Christoph Wurst 46adb3eced
replace session implementation if it changes at runtime 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2017-01-11 19:20:11 +01:00
Christoph Wurst a6dca9e7a0
add login credential store 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2017-01-11 19:20:09 +01:00
Christoph Wurst ed4017dfb4
fix minor issues 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2016-12-19 11:59:48 +01:00
Christoph Wurst 7ae9442f3d
Publish, parse and filter 2FA activities 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2016-12-19 11:59:47 +01:00
Lukas Reschke 0cc771ce19 Merge pull request #2353 from nextcloud/renew-session-token-remember 
copy remember-me value when renewing a session token
 2016-11-28 14:04:13 +01:00
Christoph Wurst 2f36920ddf fix undefined index error when the backup codes provider is not active 
In users have not created backup codes yet the app is not enabled for that user
and therefore we got an undefined index error because the code assumed it was
always there. It now properly returns null.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2016-11-28 08:48:57 +01:00
Christoph Wurst 2183a1f3e6 copy remember-me value when renewing a session token 
On renew, a session token is duplicated. For some reason we did
not copy over the remember-me attribute value. Hence, the new token
was deleted too early in the background job and remember-me did
not work properly.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2016-11-27 14:19:57 +01:00
Robin Appelman 73dfe1835a
use lower loglevel for token cleanup messages 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2016-11-17 10:42:12 +01:00
Robin Appelman e77432783b
Add test for setting up fake fs 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2016-11-16 15:24:32 +01:00
Roeland Jago Douma e5bc80b31d
Adds TokenProvider and Mapper tests 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-11-16 15:24:31 +01:00
Robin Appelman 4c3d18a9fc
explicit types 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2016-11-16 15:24:29 +01:00
Robin Appelman a4ea20a259
cast to int 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2016-11-16 15:24:29 +01:00
Robin Appelman c5df58ec69
phpdoc 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2016-11-16 15:24:28 +01:00
Robin Appelman 7e9e5db496
fix setscope 
Signed-off-by: Robin Appelman <icewind@owncloud.com>
 2016-11-16 15:24:28 +01:00
Robin Appelman 1afccde16a
allow configuring filesystem access 
Signed-off-by: Robin Appelman <icewind@owncloud.com>
 2016-11-16 15:24:27 +01:00
Robin Appelman b4e27d35f5
app password scope wip 
Signed-off-by: Robin Appelman <icewind@owncloud.com>
 2016-11-16 15:24:27 +01:00
Robin Appelman 2389e0f250
read lockdown scope from token 
Signed-off-by: Robin Appelman <icewind@owncloud.com>
 2016-11-16 15:24:27 +01:00
Christoph Wurst 4da6b20e76 document what the method does 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2016-11-02 17:42:46 +01:00
Lukas Reschke 9d6e01ef40
Add missing tests and fix PHPDoc 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-11-02 13:39:17 +01:00
Lukas Reschke 271f2a4cff
Fix typ in constant name 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-11-02 13:39:17 +01:00
Lukas Reschke b269ed5a7b
Fix invalid PHPDocs 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-11-02 13:39:17 +01:00
Christoph Wurst d907666232
bring back remember-me 
* try to reuse the old session token for remember me login
* decrypt/encrypt token password and set the session id accordingly
* create remember-me cookies only if checkbox is checked and 2fa solved
* adjust db token cleanup to store remembered tokens longer
* adjust unit tests

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2016-11-02 13:39:16 +01:00
Christoph Wurst 8acb734854
add 2fa backup codes app 
* add backup codes app unit tests
* add integration tests for the backup codes app
 2016-09-05 08:51:13 +02:00
Christoph Wurst 6af2efb679
prevent infinite redirect loops if the there is no 2fa provider to pass 
This fixes infinite loops that are caused whenever a user is about to solve a 2FA
challenge, but the provider app is disabled at the same time. Since the session
value usually indicates that the challenge needs to be solved before we grant access
we have to remove that value instead in this special case.
 2016-08-24 10:49:23 +02:00
Christoph Wurst e90f00791d add invalidateOldTokens to IProvider interface 2016-08-02 12:08:13 +02:00
Robin Appelman 681ac9f19f Check if an app provide two-factor-auth providers before we try to use them 2016-07-23 13:26:57 +02:00
Joas Schilling ba87db3fcc
Fix others 2016-07-21 18:13:57 +02:00
Vincent Petry 3db5de95bd Merge pull request #25172 from owncloud/token-login-validation 
Token login validation
 2016-06-22 13:58:56 +02:00
Christoph Wurst b805908dca
update session token password on user password change 2016-06-21 10:24:25 +02:00
Vincent Petry 88b9f5a357 Merge pull request #25162 from owncloud/password-login-forbidden-hint 
Password login forbidden hint
 2016-06-20 17:05:20 +02:00
Christoph Wurst b0f2878f6e
close cursor after loading a token 2016-06-17 16:13:28 +02:00
Christoph Wurst 0c0a216f42
store last check timestamp in token instead of session 2016-06-17 15:42:28 +02:00
Christoph Wurst c4149c59c2
use token last_activity instead of session value 2016-06-17 15:42:28 +02:00
Christoph Wurst 82b50d126c
add PasswordLoginForbiddenException 2016-06-17 11:02:07 +02:00
Christoph Wurst a40d64ff7f
load 2FA provider apps before querying classes 2016-06-16 10:12:16 +02:00
Christoph Wurst 5daa9a5417 fail hard if 2fa provider can not be loaded (#25061) 2016-06-13 12:46:45 +02:00
Christoph Wurst 8f7a4aaa4d
do not generate device token if 2FA is enable for user 2016-06-07 09:09:51 +02:00
Christoph Wurst c58d8159d7
Create session tokens for apache auth users 2016-05-31 17:07:49 +02:00
Lukas Reschke aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Christoph Wurst ad10485cec
when generating browser/device token, save the login name for later password checks 2016-05-24 11:49:15 +02:00