c1f4191a77
emit changeUser only if there really was a change (quota, displayname)
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-06-01 13:08:23 +02:00
7927aed991
Adjust token name
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 20:49:11 +02:00
668fe7df51
UserManager can now count disabled users
...
Users page takes advantage of that
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-04-29 00:59:09 -03:00
9212089151
Use the new method in the old one to remove duplicate code
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-27 08:56:51 +02:00
ac0c21f4a7
Trigger change when a user is enabled/disabled
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-25 17:20:35 +02:00
ada615eb86
Use the correct Dummy and Backend class
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-20 12:48:51 +02:00
a3922bbcdc
Better validation of allowed user names
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-18 14:29:34 +02:00
baec42e80a
Save the scope of an auth token in the session
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-04-05 17:58:33 +02:00
aacfef463c
Add tests for database user backend caching
...
Add comment, closeCursor in user DB query
Invalidate user in cache after successful creation
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-20 02:03:03 -06:00
6acfea61d0
Fix tests
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-01-05 12:17:30 +01:00
91cd57e55b
Get user home folder before deletion
...
After the deletion getHome() will fail because the user doesn't exist
any more, so we need to fetch that value earlier.
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-12-23 12:42:31 +01:00
7b4265ab59
Improve OC\User\User coverage
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-12-20 11:47:08 +01:00
e368a745aa
Set last-login-check on basic auth
...
Else the last-login-check fails hard because the session value is not
set and thus defaults to 0.
* Started with tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-12-05 20:57:15 +01:00
6543182d13
fix parameter order
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-11-28 10:00:53 +01:00
9b808c4014
do not remember session tokens by default
...
We have to respect the value of the remember-me checkbox. Due to an error
in the source code the default value for the session token was to remember
it.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-11-27 14:03:28 +01:00
9d6e01ef40
Add missing tests and fix PHPDoc
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-02 13:39:17 +01:00
6f86e468d4
inject ISecureRandom into user session and use injected config too
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-11-02 13:39:16 +01:00
d907666232
bring back remember-me
...
* try to reuse the old session token for remember me login
* decrypt/encrypt token password and set the session id accordingly
* create remember-me cookies only if checkbox is checked and 2fa solved
* adjust db token cleanup to store remembered tokens longer
* adjust unit tests
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-11-02 13:39:16 +01:00
f722640a32
Proper DI of config
...
* Fixed comments
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-28 10:13:35 +02:00
f8352fcb8d
introduce callForSeenUsers and countSeenUsers ( #26361 )
...
* introduce callForSeenUsers and countSeenUsers
* add tests
* oracle should support not null on clob
* since 9.2.0
2016-10-28 08:44:05 +02:00
593d52fe91
Fix and cleanup SessionTest
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-25 09:34:27 +02:00
6d1e858aa4
Fix logClientIn for non-existing users ( #26292 )
...
The check for two factor enforcement would return true for non-existing
users. This fix makes it return false in order to be able to perform
the regular login which will then fail and return false.
This prevents throwing PasswordLoginForbidden for non-existing users.
2016-10-25 09:34:27 +02:00
90db361827
Add test to ensure token times are updated
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-10-11 11:06:24 +02:00
25ed6714c7
dont update the auth token twice
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-10-11 11:05:25 +02:00
4d1acfd4ef
Only trigger postDelete hooks when the user was deleted...
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-09-29 15:40:53 +02:00
f6ff60f4cb
Make sure that comments, notifications and preferences are deleted
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-09-29 15:40:53 +02:00
d616984879
Fix getMock User
2016-09-13 09:09:53 +02:00
6c93fe08f5
dont get bruteforce delay twice
2016-08-29 13:36:49 +02:00
c1589f163c
Mitigate race condition
2016-07-20 23:09:27 +02:00
ba4f12baa0
Implement brute force protection
...
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.
It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
2016-07-20 22:08:56 +02:00
f2d091a963
Fix failing tests after db split
2016-07-13 09:26:19 +02:00
179a355b2c
Merge remote-tracking branch 'upstream/master' into master-sync-upstream
2016-07-01 11:36:35 +02:00
1710de8afb
Login hooks ( #25260 )
...
* fix login hooks
* adjust user session tests
* fix login return value of successful token logins
* trigger preLogin hook earlier; extract method 'loginWithPassword'
* call postLogin hook earlier; add PHPDoc
2016-06-27 22:16:22 +02:00
6670d37658
Merge remote-tracking branch 'upstream/master' into master-sync-upstream
2016-06-27 18:23:00 +02:00
2a990a0db5
verify user password on change
2016-06-27 14:08:11 +02:00
89198e62e8
check login name when authenticating with client token
2016-06-24 13:57:09 +02:00
3db5de95bd
Merge pull request #25172 from owncloud/token-login-validation
...
Token login validation
2016-06-22 13:58:56 +02:00
b805908dca
update session token password on user password change
2016-06-21 10:24:25 +02:00
56199eba37
fix unit test warning/errors
2016-06-20 10:41:23 +02:00
8ef5431e7a
fix user session tests
2016-06-20 09:10:11 +02:00
82b50d126c
add PasswordLoginForbiddenException
2016-06-17 11:02:07 +02:00
465807490d
create session token only for clients that support cookies
2016-06-13 19:44:05 +02:00
ec929f07f2
When creating a session token, make sure it's the login password and not a device token
2016-06-08 13:31:55 +02:00
c58d8159d7
Create session tokens for apache auth users
2016-05-31 17:07:49 +02:00
28ce7dd262
do not allow client password logins if token auth is enforced or 2FA is enabled
2016-05-24 17:54:02 +02:00
ad10485cec
when generating browser/device token, save the login name for later password checks
2016-05-24 11:49:15 +02:00
c20cdc2213
invalidate user session if the user is disabled
2016-05-23 10:32:16 +02:00
94ad54ec9b
Move tests/ to PSR-4 ( #24731 )
...
* Move a-b to PSR-4
* Move c-d to PSR-4
* Move e+g to PSR-4
* Move h-l to PSR-4
* Move m-r to PSR-4
* Move s-u to PSR-4
* Move files/ to PSR-4
* Move remaining tests to PSR-4
* Remove Test\ from old autoloader
2016-05-20 15:38:20 +02:00
Arthur Schiwon
Lukas Reschke
Joas Schilling
Robin Appelman
Vincent Petry
Roeland Jago Douma
Christoph Wurst
Jörn Friedrich Dreyer
Lukas Reschke
Christoph Wurst
Bjoern Schiessle
Christoph Wurst
Joas Schilling