Joas Schilling
a76d4ef04e
Fix clob comparison
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-02 09:48:15 +02:00
Roeland Jago Douma
5f227bd93b
More phpstorm inspection fixes
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-07-24 11:39:29 +02:00
Marcel Waldvogel
4e42f059ed
Minor typos
...
Signed-off-by: Marcel Waldvogel <marcel.waldvogel@uni-konstanz.de>
2017-07-21 09:50:44 +02:00
Lukas Reschke
77827ebf11
Rename table back to lowercase
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 20:49:09 +02:00
Bjoern Schiessle
1eb7f4956b
delete auth token when client gets deleted
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-05-18 20:49:07 +02:00
Roeland Jago Douma
e5bc80b31d
Adds TokenProvider and Mapper tests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-16 15:24:31 +01:00
Robin Appelman
1afccde16a
allow configuring filesystem access
...
Signed-off-by: Robin Appelman <icewind@owncloud.com>
2016-11-16 15:24:27 +01:00
Robin Appelman
b4e27d35f5
app password scope wip
...
Signed-off-by: Robin Appelman <icewind@owncloud.com>
2016-11-16 15:24:27 +01:00
Robin Appelman
2389e0f250
read lockdown scope from token
...
Signed-off-by: Robin Appelman <icewind@owncloud.com>
2016-11-16 15:24:27 +01:00
Christoph Wurst
d907666232
bring back remember-me
...
* try to reuse the old session token for remember me login
* decrypt/encrypt token password and set the session id accordingly
* create remember-me cookies only if checkbox is checked and 2fa solved
* adjust db token cleanup to store remembered tokens longer
* adjust unit tests
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-11-02 13:39:16 +01:00
Joas Schilling
ba87db3fcc
Fix others
2016-07-21 18:13:57 +02:00
Vincent Petry
3db5de95bd
Merge pull request #25172 from owncloud/token-login-validation
...
Token login validation
2016-06-22 13:58:56 +02:00
Christoph Wurst
b0f2878f6e
close cursor after loading a token
2016-06-17 16:13:28 +02:00
Christoph Wurst
0c0a216f42
store last check timestamp in token instead of session
2016-06-17 15:42:28 +02:00
Lukas Reschke
aba539703c
Update license headers
2016-05-26 19:57:24 +02:00
Christoph Wurst
ad10485cec
when generating browser/device token, save the login name for later password checks
2016-05-24 11:49:15 +02:00
Christoph Wurst
74277c25be
add button to invalidate browser sessions/device tokens
2016-05-23 09:11:12 +02:00
Christoph Wurst
0626578739
add method to query all user auth tokens
2016-05-18 18:25:37 +02:00
Christoph Wurst
af707fba41
use the query builder instead of raw sql statements
2016-05-11 13:36:46 +02:00
Christoph Wurst
8d48502187
Add index on 'last_activity'
...
add token type column and delete only temporary tokens in the background job
debounce token updates; fix wrong class import
2016-05-11 13:36:46 +02:00
Christoph Wurst
3ab922601a
Check if session token is valid and log user out if the check fails
...
* Update last_activity timestamp of the session token
* Check user backend credentials once in 5 minutes
2016-05-11 13:36:46 +02:00
Christoph Wurst
2fa5e0a24e
invalidate (delete) session token on logout
...
add 'last_activity' column to session tokens and delete old ones via a background job
2016-05-11 13:36:46 +02:00
Christoph Wurst
d8cde414bd
token based auth
...
* Add InvalidTokenException
* add DefaultTokenMapper and use it to check if a auth token exists
* create new token for the browser session if none exists
hash stored token; save user agent
* encrypt login password when creating the token
2016-05-11 13:36:46 +02:00