Commit Graph

158 Commits

Author SHA1 Message Date
Arthur Schiwon 38a90130ce
move log constants to ILogger
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-04-26 10:45:52 +02:00
Roeland Jago Douma 81f71cb1f9
Numeric only uids are no fun
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-04-24 14:23:50 +02:00
Roeland Jago Douma 074a0e0665
Cast retrieved DB fields to string
Fixes #9279

If a pure numerical user is in the DB the value might be casted to a int
when returned. Cast it all to a string so we don't break the strict
typing.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-04-24 12:48:52 +02:00
Morris Jobke 38961a725f
Merge pull request #8833 from nextcloud/feature/noid/add_ldap_user_hooks
add anounce- and (pre/|post)RevokeUser signals for non-native backends
2018-04-11 00:44:39 +02:00
John Molakvoæ (skjnldsv) eae55761de
Properly return boolean on enable state
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-04-09 11:26:26 +02:00
Roeland Jago Douma 8edbeb159e
Use the uid_lower column
This can use a proper index

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-04-06 13:42:52 +02:00
Arthur Schiwon 373a1d5391
more consistent naming
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-04-05 12:46:15 +02:00
Arthur Schiwon 2ebf26e444
admin_audit and dav listen to announce and revoke signals
also place them in doc

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-04-05 12:38:43 +02:00
Morris Jobke 9c4d562808
Merge pull request #9063 from nextcloud/fix-callForSeenUsers
Move on with the next user if we found the user on one user back-end
2018-04-04 15:01:04 +02:00
Bjoern Schiessle 6795b35cdf
Move on with the next user if we found the user on one user back-end
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-04-03 17:00:18 +02:00
Roeland Jago Douma 471272d456
Move to ABackend
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-03-22 16:32:05 +01:00
Roeland Jago Douma cbd2be583a
Move Database backend over to new User/Backend interfaces
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-03-22 16:32:05 +01:00
Daniel Calviño Sánchez 0b96a71a68 Fix configuration values matched in user searches
Due to a misplaced closing parenthesis the condition of the left join
clause was just "userid = uid"; the other conditions were passed as
additional parameters to "leftJoin", and thus they were ignored.
Therefore, the result set contained every preference of each user
instead of only the email, so the "WHERE configvalue LIKE XXX" matched
any configuration value of the user.

Besides the closing parenthesis this commit also fixes the literal
values. Although "Literal" objects represent literal values they must be
created through "IExpressionBuilder::literal()" to be properly quoted;
otherwise it is just a plain string, which is treated as a column name.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-03-14 23:31:42 +01:00
Morris Jobke de56915605
Merge pull request #7419 from Abijeet/feature-7175
Fixes #7175 - Allow to search for email address in user management
2018-03-06 21:53:37 +01:00
Morris Jobke d3d045dd5c
Remove unused import statements
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-02-14 16:55:43 +01:00
Morris Jobke a661f043e1
Remove unneeded semicolon and parentheses
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-26 23:46:40 +01:00
Morris Jobke 16a558871c
Use proper code flow instead of not needed else branch
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-25 23:01:03 +01:00
Roeland Jago Douma ef127a30ec
Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-23 10:35:37 +01:00
Roeland Jago Douma 0660e57b1f
Don't polute log when loggin into dav with email
* We first try the email as username but this fails
* Then we get the uid from the email and try again

We should not log the first attempt since it polutes the log with failed
login attempts while the login actually is valid.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-23 09:41:44 +01:00
Arthur Schiwon 4f3d52a364
never translate login names when requiring with a user id
where appropriate, the preLoginNameUsedAsUserName hook should be thrown.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-03 13:25:00 +01:00
Robin Appelman aad01894e3
refactor user searching
add additional user searching tests

Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-12-20 15:51:37 +01:00
Abijeet ec28c54dbc Adds search by email function on the users screen.
Fixes #7175.

- Updated the query to fetch the users in users > everyone tab.
- Updated the query to fetch the users in users > admin tab.
- Tested to ensure that the disabled users are also being fetched.
- Added test cases.

Signed-off-by: Abijeet <abijeetpatro@gmail.com>
2017-12-16 17:18:05 +05:30
Morris Jobke eb0f3ebf75
Fix search in user managent when no group is selected
* also allows to search by displayname

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-14 17:32:03 +01:00
Morris Jobke 31c5c2a592
Change @georgehrke's email
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 20:38:59 +01:00
Morris Jobke 0eebff152a
Update license headers
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 16:56:19 +01:00
Christoph Wurst 87aeae21e3
Fix failing csp/nonce check due to timed out session
The CSP nonce is based on the CSRF token. This token does not change,
unless you log in (or out). In case of the session data being lost,
e.g. because php gets rid of old sessions, a new CSRF token is gen-
erated. While this is fine in theory, it actually caused some annoying
problems where the browser restored a tab and Nextcloud js was blocked
due to an outdated nonce.
The main problem here is that, while processing the request, we write
out security headers relatively early. At that point the CSRF token
is known/generated and transformed into a CSP nonce. During this request,
however, we also log the user in because the session information was
lost. At that point we also refresh the CSRF token, which eventually
causes the browser to block any scripts as the nonce in the header
does not match the one which is used to include scripts.
This patch adds a flag to indicate whether the CSRF token should be
refreshed or not. It is assumed that refreshing is only necessary
if we want to re-generate the session id too. To my knowledge, this
case only happens on fresh logins, not when we recover from a deleted
session file.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-09-04 17:29:26 +02:00
Lukas Reschke ed8a98eaa1
Prevent SQL error message in case of error
`\OC\User\Database::createUser` can throw a PHP exception in case the UID is longer than
permitted in the database. This is against it's PHPDocs and we should cast this to `false`,
so that the regular error handling triggers in.

The easiest way to reproduce is on MySQL:

1. Create user `aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa` in admin panel
2. Create user `aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa` in admin panel again
3. See SQL exception as error message

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-17 12:08:40 +02:00
Joas Schilling 20f8d1094a
Can not insert auto increment on oracle
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-02 09:48:16 +02:00
Robin Appelman 5185a3c0c9
null users dont exist
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-07-13 15:53:14 +02:00
Joas Schilling b726204f91
Create users in non default backends first
Most of the time, when people have multiple backends or add a
custom backend, they want to create the users there and not in
the default backend. But since that is registered first, users
were always created there.

Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-06-20 19:59:41 +02:00
Arthur Schiwon 999455c1aa
emit changeUser only if there really was a change (quota, displayname)
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-06-01 11:34:17 +02:00
Lukas Reschke 5f71805c35
Add basic implementation for OAuth 2.0 Authorization Code Flow
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 20:49:03 +02:00
Christoph Wurst 0a43c259c4
Fix encryption + remembered login due to missing login hook
The encryption app relies on the post_login hook to initialize its keys.
Since we do not emit it on a remembered login, the keys were always un-
initialized and the user was asked to log out and in again.
This patch *translates* the postRememberedLogin hook to a post_login
hook.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-05-16 08:41:11 +02:00
Joas Schilling 975e572a3d
Remove account data on user deletion
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-05-15 13:31:31 +02:00
Robin Appelman 2b0da0f218
handle permissions errors when copying the skeleton for a read only user
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-05-05 14:44:51 +02:00
Arthur Schiwon 668fe7df51
UserManager can now count disabled users
Users page takes advantage of that

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-04-29 00:59:09 -03:00
Joas Schilling 9212089151
Use the new method in the old one to remove duplicate code
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-27 08:56:51 +02:00
Joas Schilling 9e6ac3de70
Allow to create a user for a specific backend
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-26 15:07:11 +02:00
Joas Schilling ac0c21f4a7
Trigger change when a user is enabled/disabled
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-25 17:20:35 +02:00
Joas Schilling a3922bbcdc
Better validation of allowed user names
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-18 14:29:34 +02:00
Roeland Jago Douma f40b9fa9bd Merge pull request #4330 from nextcloud/activities-for-password-mail-change
Add activities when email or password is changed
2017-04-14 08:16:43 +02:00
Morris Jobke d36751ee38 Merge pull request #2424 from nextcloud/fix-login-controller-test-consolidate-login
Fix login controller test and consolidate login
2017-04-13 12:16:38 -05:00
Morris Jobke ac05d6dd67
Improve PHPDoc
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-04-13 12:16:12 -05:00
Joas Schilling 1110b51aa3
Allow to read the old email on the hook as well
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-13 12:34:02 +02:00
Joas Schilling 7ad791efb4
Dont create a log entry on email login
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-07 10:15:20 +02:00
Arthur Schiwon fbadb37b9b
use known LockdownManager
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-04-06 15:27:30 +02:00
Arthur Schiwon 0a463e55ae
Save correct login name
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-04-06 15:22:43 +02:00
Arthur Schiwon daf9d23547
don't regenerate Session ID twice, also fixes tests
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-04-06 15:22:43 +02:00
Arthur Schiwon 50844e8c47
regenerate session id on successful login, fixes integration test
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-04-06 15:22:43 +02:00
Arthur Schiwon 7b3fdfeeaa
do login routine only once when done via LoginController
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-04-06 15:22:42 +02:00