nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Git'Fellow	c254855222	chore(db): Correctly apply query types fix: psalm fix: error fix: add batch fix: fatal error fix: add batch chore: add batch chore: add batch fix: psalm fix: typo fix: psalm fix: return bool fix: revert Manager	1 year ago
Christoph Wurst	5100e3152d	feat(auth): Clean-up unused auth tokens and wipe tokens Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	1 year ago
Andy Scherzinger	dae7c159f7	chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>	2 years ago
Benjamin Gaussorgues	d1189f923c	feat(perf): add cache for authtoken lookup Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2 years ago
Lucas Azevedo	2a36acfc2b	Fix typo Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>	2 years ago
Lucas Azevedo	c93b1634d3	Fixes from static analysis Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com> Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>	2 years ago
Lucas Azevedo	fe9b9c1955	Add last-used-before option Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>	2 years ago
Julius Härtl	580feecdbf	fix(authtoken): Store only one hash for authtokens with the current password per user Signed-off-by: Julius Härtl <jus@bitgrid.net>	3 years ago
Joas Schilling	c0ba89ecc9	Remove default token which is deprecated since Nextcloud 13 Signed-off-by: Joas Schilling <coding@schilljs.com>	4 years ago
Christoph Wurst	7dd7256cfe	Prevent duplicate auth token activity updates The auth token activity logic works as follows * Read auth token * Compare last activity time stamp to current time * Update auth token activity if it's older than x seconds This works fine in isolation but with concurrency that means that occasionally the same token is read simultaneously by two processes and both of these processes will trigger an update of the same row. Affectively the second update doesn't add much value. It might set the time stamp to the exact same time stamp or one a few seconds later. But the last activity is no precise science, we don't need this accuracy. This patch changes the UPDATE query to include the expected value in a comparison with the current data. This results in an affected row when the data in the DB still has an old time stamp, but won't affect a row if the time stamp is (nearly) up to date. This is a micro optimization and will possibly not show any significant performance improvement. Yet in setups with a DB cluster it means that the write node has to send fewer changes to the read nodes due to the lower number of actual changes. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	4 years ago
John Molakvoæ (skjnldsv)	215aef3cbd	Update php licenses Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	5 years ago
Christoph Wurst	d89a75be0b	Update all license headers for Nextcloud 21 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	5 years ago
Christoph Wurst	2664c7f75f	Type some of the core mappers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	5 years ago
Christoph Wurst	caff1023ea	Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	5bf3d1bb38	Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Daniel Kesselberg	ee76b0fbd2	Add uid to delete temp token query Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	6 years ago
Roeland Jago Douma	d9febae5b2	Update all the publickey tokens if needed on web login * On weblogin check if we have invalid public key tokens * If so update them all with the new token This ensures that your marked as invalid tokens work again if you once login on the web. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	7 years ago
Roeland Jago Douma	82959ca93e	Comments Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	df34571d1d	Use constant for token version And don't set the version in the constructor. That would possible cause to many updates. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	9e7a95fe58	Add more tests * Add a lot of tests * Fixes related to those tests * Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	f168ecfa7a	Actually convert the token * When getting the token * When rotating the token * Also store the encrypted password as base64 to avoid weird binary stuff Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	4c0d710479	Just pass uid to the Token stuff We don't have user objects in the code everywhere Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	02e0af1287	Initial PKT implementation Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	6b7cf46727	Certain tokens can expire However due to the nature of what we store in the token (encrypted passwords etc). We can't just delete the tokens because that would make the oauth refresh useless. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	47388e1cfe	Make the Token Auth code strict In preparation for #9441 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	610c66520b	Move over TokenMapper Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Morris Jobke	0eebff152a	Update license headers Signed-off-by: Morris Jobke <hey@morrisjobke.de>	8 years ago
Joas Schilling	fc22a2cb07	Fix auth provider Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Joas Schilling	a76d4ef04e	Fix clob comparison Signed-off-by: Joas Schilling <coding@schilljs.com>	9 years ago
Roeland Jago Douma	5f227bd93b	More phpstorm inspection fixes Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	9 years ago
Marcel Waldvogel	4e42f059ed	Minor typos Signed-off-by: Marcel Waldvogel <marcel.waldvogel@uni-konstanz.de>	9 years ago
Lukas Reschke	77827ebf11	Rename table back to lowercase Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Bjoern Schiessle	1eb7f4956b	delete auth token when client gets deleted Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>	9 years ago
Roeland Jago Douma	e5bc80b31d	Adds TokenProvider and Mapper tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	9 years ago
Robin Appelman	1afccde16a	allow configuring filesystem access Signed-off-by: Robin Appelman <icewind@owncloud.com>	9 years ago
Robin Appelman	b4e27d35f5	app password scope wip Signed-off-by: Robin Appelman <icewind@owncloud.com>	9 years ago
Robin Appelman	2389e0f250	read lockdown scope from token Signed-off-by: Robin Appelman <icewind@owncloud.com>	9 years ago
Christoph Wurst	d907666232	bring back remember-me * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	9 years ago
Joas Schilling	ba87db3fcc	Fix others	10 years ago
Christoph Wurst	b0f2878f6e	close cursor after loading a token	10 years ago
Christoph Wurst	0c0a216f42	store last check timestamp in token instead of session	10 years ago
Lukas Reschke	aba539703c	Update license headers	10 years ago
Christoph Wurst	ad10485cec	when generating browser/device token, save the login name for later password checks	10 years ago
Christoph Wurst	74277c25be	add button to invalidate browser sessions/device tokens	10 years ago
Christoph Wurst	0626578739	add method to query all user auth tokens	10 years ago
Christoph Wurst	af707fba41	use the query builder instead of raw sql statements	10 years ago
Christoph Wurst	8d48502187	Add index on 'last_activity' add token type column and delete only temporary tokens in the background job debounce token updates; fix wrong class import	10 years ago
Christoph Wurst	3ab922601a	Check if session token is valid and log user out if the check fails * Update last_activity timestamp of the session token * Check user backend credentials once in 5 minutes	10 years ago
Christoph Wurst	2fa5e0a24e	invalidate (delete) session token on logout add 'last_activity' column to session tokens and delete old ones via a background job	10 years ago
Christoph Wurst	d8cde414bd	token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token	10 years ago

23 Commits (addParameterTypingVersionsMapper)