ec8aefc762
Read openssl error and log
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-12-06 21:27:57 +01:00
674930da7f
Move ExpiredTokenException to the correct namespace
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-30 19:30:45 +01:00
34f5f4091e
Catch more occurences where ExpiredTokenException can be thrown
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-21 14:37:08 +02:00
b3a92a4e39
Expired PK tokens should not fall back to legacy tokens
...
Fixes #11919
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-21 14:34:29 +02:00
19f84f7b54
Add tests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-02 19:50:54 +02:00
d9febae5b2
Update all the publickey tokens if needed on web login
...
* On weblogin check if we have invalid public key tokens
* If so update them all with the new token
This ensures that your marked as invalid tokens work again if you once
login on the web.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-02 19:50:54 +02:00
00e99af586
Mark token as invalid if the password doesn't match
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-02 19:50:44 +02:00
ee73f6c416
Merge pull request #11240 from nextcloud/feature/noid/consider-openssl-settings-from-config.php
...
Consider openssl settings from config.php
2018-09-25 18:04:20 +02:00
f258e65f13
Also adjust the expiration of PublicKeyTokenProvider
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-09-20 09:54:27 +02:00
5e6187926f
Copy the expiration from 480864b3e3 to getTokenById
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-09-19 17:55:48 +02:00
90a9a1ecc6
Consider openssl settings from config.php
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-09-16 11:51:15 +02:00
47b46fa69d
Expire tokens hardening
...
Just to be sure that the field is also not 0
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-09-07 10:01:31 +02:00
82959ca93e
Comments
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-19 07:46:43 +02:00
970dea9264
Add getProvider helper function
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-18 22:11:55 +02:00
df34571d1d
Use constant for token version
...
And don't set the version in the constructor. That would possible cause
to many updates.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-18 22:11:55 +02:00
9e7a95fe58
Add more tests
...
* Add a lot of tests
* Fixes related to those tests
* Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-18 22:11:55 +02:00
1999f7ce7b
Generate the new publicKey tokens by default!
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-18 22:11:55 +02:00
f168ecfa7a
Actually convert the token
...
* When getting the token
* When rotating the token
* Also store the encrypted password as base64 to avoid weird binary
stuff
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-18 22:11:55 +02:00
d03d16a936
Add publickey provider to manager
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-18 22:11:55 +02:00
4bbc21cb21
SetPassword on PublicKeyTokens
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-18 22:11:55 +02:00
4c0d710479
Just pass uid to the Token stuff
...
We don't have user objects in the code everywhere
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-18 22:11:54 +02:00
1f17010e0b
Add first tests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-18 22:11:54 +02:00
02e0af1287
Initial PKT implementation
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-18 22:11:54 +02:00
3dd5f3d5f6
Abstract the Provider via a manager
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-18 22:11:53 +02:00
480864b3e3
Make the token expiration also work for autocasting 0
...
Some bad databases don't respect the default null apprently.
Now even if they cast it to 0 it should work just fine.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-08 16:20:43 +02:00
6b7cf46727
Certain tokens can expire
...
However due to the nature of what we store in the token (encrypted
passwords etc). We can't just delete the tokens because that would make
the oauth refresh useless.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-17 16:10:19 +02:00
aba255997a
Allow the rotation of tokens
...
This for example will allow rotating the apptoken for oauth
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-16 19:27:19 +02:00
4ea2daf04d
Refix scope
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-15 11:41:27 +02:00
466297829e
Fix tests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-15 10:56:40 +02:00
47388e1cfe
Make the Token Auth code strict
...
In preparation for #9441
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-15 10:32:30 +02:00
610c66520b
Move over TokenMapper
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-10 19:47:43 +02:00
eb51f06a3b
Use ::class statement instead of string
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-29 12:03:47 +01:00
5ca9a7d6bc
Loss of performance on Login after upgrade from NC10 + LDAP to NC 12 + LDAP #6732
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-11-27 09:22:44 +01:00
0eebff152a
Update license headers
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 16:56:19 +01:00
38bb6e1477
Fix duplicate session token after remembered login
...
On a remembered login session, we create a new session token
in the database with the values of the old one. As we actually
don't need the old session token anymore, we can delete it right
away.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-09-20 21:39:31 +02:00
fc22a2cb07
Fix auth provider
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-02 09:48:16 +02:00
a76d4ef04e
Fix clob comparison
...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-02 09:48:15 +02:00
5f227bd93b
More phpstorm inspection fixes
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-07-24 11:39:29 +02:00
4e42f059ed
Minor typos
...
Signed-off-by: Marcel Waldvogel <marcel.waldvogel@uni-konstanz.de>
2017-07-21 09:50:44 +02:00
77827ebf11
Rename table back to lowercase
...
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 20:49:09 +02:00
1eb7f4956b
delete auth token when client gets deleted
...
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-05-18 20:49:07 +02:00
53b8330e6d
Defining App "cron" for "Invalidating tokens older than" message #27167 ( #27201 )
...
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-19 22:51:47 -06:00
2183a1f3e6
copy remember-me value when renewing a session token
...
On renew, a session token is duplicated. For some reason we did
not copy over the remember-me attribute value. Hence, the new token
was deleted too early in the background job and remember-me did
not work properly.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-11-27 14:19:57 +01:00
73dfe1835a
use lower loglevel for token cleanup messages
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-17 10:42:12 +01:00
e77432783b
Add test for setting up fake fs
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 15:24:32 +01:00
e5bc80b31d
Adds TokenProvider and Mapper tests
...
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-16 15:24:31 +01:00
4c3d18a9fc
explicit types
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 15:24:29 +01:00
a4ea20a259
cast to int
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 15:24:29 +01:00
c5df58ec69
phpdoc
...
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 15:24:28 +01:00
7e9e5db496
fix setscope
...
Signed-off-by: Robin Appelman <icewind@owncloud.com>
2016-11-16 15:24:28 +01:00
Daniel Kesselberg
Roeland Jago Douma
Morris Jobke
Joas Schilling
Flávio Gomes da Silva Lisboa
Christoph Wurst
Marcel Waldvogel
Lukas Reschke
Bjoern Schiessle
Martin
Robin Appelman
Robin Appelman