mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
43,646 Commits 349 Branches 696 Tags 1.6 GiB
Commit Graph

33 Commits

Author SHA1 Message Date
Roeland Jago Douma 466297829e
Fix tests 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-05-15 10:56:40 +02:00
Roeland Jago Douma 47388e1cfe
Make the Token Auth code strict 
In preparation for #9441

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-05-15 10:32:30 +02:00
Flávio Gomes da Silva Lisboa 5ca9a7d6bc
Loss of performance on Login after upgrade from NC10 + LDAP to NC 12 + LDAP #6732 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-11-27 09:22:44 +01:00
Morris Jobke 0eebff152a
Update license headers 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-11-06 16:56:19 +01:00
Christoph Wurst 38bb6e1477
Fix duplicate session token after remembered login 
On a remembered login session, we create a new session token
in the database with the values of the old one. As we actually
don't need the old session token anymore, we can delete it right
away.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2017-09-20 21:39:31 +02:00
Marcel Waldvogel 4e42f059ed Minor typos 
Signed-off-by: Marcel Waldvogel <marcel.waldvogel@uni-konstanz.de>
 2017-07-21 09:50:44 +02:00
Martin 53b8330e6d
Defining App "cron" for "Invalidating tokens older than" message #27167 (#27201) 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-03-19 22:51:47 -06:00
Christoph Wurst 2183a1f3e6 copy remember-me value when renewing a session token 
On renew, a session token is duplicated. For some reason we did
not copy over the remember-me attribute value. Hence, the new token
was deleted too early in the background job and remember-me did
not work properly.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2016-11-27 14:19:57 +01:00
Robin Appelman 73dfe1835a
use lower loglevel for token cleanup messages 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2016-11-17 10:42:12 +01:00
Robin Appelman 1afccde16a
allow configuring filesystem access 
Signed-off-by: Robin Appelman <icewind@owncloud.com>
 2016-11-16 15:24:27 +01:00
Lukas Reschke 9d6e01ef40
Add missing tests and fix PHPDoc 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2016-11-02 13:39:17 +01:00
Christoph Wurst d907666232
bring back remember-me 
* try to reuse the old session token for remember me login
* decrypt/encrypt token password and set the session id accordingly
* create remember-me cookies only if checkbox is checked and 2fa solved
* adjust db token cleanup to store remembered tokens longer
* adjust unit tests

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2016-11-02 13:39:16 +01:00
Joas Schilling ba87db3fcc
Fix others 2016-07-21 18:13:57 +02:00
Vincent Petry 3db5de95bd Merge pull request #25172 from owncloud/token-login-validation 
Token login validation
 2016-06-22 13:58:56 +02:00
Christoph Wurst b805908dca
update session token password on user password change 2016-06-21 10:24:25 +02:00
Christoph Wurst 0c0a216f42
store last check timestamp in token instead of session 2016-06-17 15:42:28 +02:00
Christoph Wurst c4149c59c2
use token last_activity instead of session value 2016-06-17 15:42:28 +02:00
Christoph Wurst c58d8159d7
Create session tokens for apache auth users 2016-05-31 17:07:49 +02:00
Lukas Reschke aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Christoph Wurst ad10485cec
when generating browser/device token, save the login name for later password checks 2016-05-24 11:49:15 +02:00
Christoph Wurst 74277c25be
add button to invalidate browser sessions/device tokens 2016-05-23 09:11:12 +02:00
Christoph Wurst 6495534bcd
add button to add new device tokens 2016-05-23 09:11:12 +02:00
Christoph Wurst 0626578739
add method to query all user auth tokens 2016-05-18 18:25:37 +02:00
Christoph Wurst 98b465a8b9
a single token provider suffices 2016-05-18 09:20:48 +02:00
Christoph Wurst ed01305e29
don't spam the log file with failed token validation entries 2016-05-13 09:53:50 +02:00
Christoph Wurst 69dafd727d
delete the token in case an exception is thrown when decrypting the password 2016-05-11 13:36:46 +02:00
Christoph Wurst 46bdf6ea2b
fix PHPDoc and other minor issues 2016-05-11 13:36:46 +02:00
Christoph Wurst f0f8bdd495
PHPDoc and other minor fixes 2016-05-11 13:36:46 +02:00
Christoph Wurst fdc2cd7554
Add token auth for OCS APIs 2016-05-11 13:36:46 +02:00
Christoph Wurst 8d48502187
Add index on 'last_activity' 
add token type column and delete only temporary tokens in the background job

debounce token updates; fix wrong class import
 2016-05-11 13:36:46 +02:00
Christoph Wurst 3ab922601a
Check if session token is valid and log user out if the check fails 
* Update last_activity timestamp of the session token
* Check user backend credentials once in 5 minutes
 2016-05-11 13:36:46 +02:00
Christoph Wurst 2fa5e0a24e
invalidate (delete) session token on logout 
add 'last_activity' column to session tokens and delete old ones via a background job
 2016-05-11 13:36:46 +02:00
Christoph Wurst d8cde414bd
token based auth 
* Add InvalidTokenException
* add DefaultTokenMapper and use it to check if a auth token exists
* create new token for the browser session if none exists
hash stored token; save user agent
* encrypt login password when creating the token
 2016-05-11 13:36:46 +02:00