nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Roeland Jago Douma	e5bc80b31d	Adds TokenProvider and Mapper tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	9 years ago
Robin Appelman	4c3d18a9fc	explicit types Signed-off-by: Robin Appelman <robin@icewind.nl>	9 years ago
Robin Appelman	a4ea20a259	cast to int Signed-off-by: Robin Appelman <robin@icewind.nl>	9 years ago
Robin Appelman	c5df58ec69	phpdoc Signed-off-by: Robin Appelman <robin@icewind.nl>	9 years ago
Robin Appelman	7e9e5db496	fix setscope Signed-off-by: Robin Appelman <icewind@owncloud.com>	9 years ago
Robin Appelman	1afccde16a	allow configuring filesystem access Signed-off-by: Robin Appelman <icewind@owncloud.com>	9 years ago
Robin Appelman	b4e27d35f5	app password scope wip Signed-off-by: Robin Appelman <icewind@owncloud.com>	9 years ago
Robin Appelman	2389e0f250	read lockdown scope from token Signed-off-by: Robin Appelman <icewind@owncloud.com>	9 years ago
Christoph Wurst	4da6b20e76	document what the method does Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	9 years ago
Lukas Reschke	9d6e01ef40	Add missing tests and fix PHPDoc Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Lukas Reschke	271f2a4cff	Fix typ in constant name Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Lukas Reschke	b269ed5a7b	Fix invalid PHPDocs Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Christoph Wurst	d907666232	bring back remember-me * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	9 years ago
Christoph Wurst	8acb734854	add 2fa backup codes app * add backup codes app unit tests * add integration tests for the backup codes app	9 years ago
Christoph Wurst	6af2efb679	prevent infinite redirect loops if the there is no 2fa provider to pass This fixes infinite loops that are caused whenever a user is about to solve a 2FA challenge, but the provider app is disabled at the same time. Since the session value usually indicates that the challenge needs to be solved before we grant access we have to remove that value instead in this special case.	9 years ago
Christoph Wurst	e90f00791d	add invalidateOldTokens to IProvider interface	10 years ago
Robin Appelman	681ac9f19f	Check if an app provide two-factor-auth providers before we try to use them	10 years ago
Joas Schilling	ba87db3fcc	Fix others	10 years ago
Christoph Wurst	b805908dca	update session token password on user password change	10 years ago
Christoph Wurst	b0f2878f6e	close cursor after loading a token	10 years ago
Christoph Wurst	0c0a216f42	store last check timestamp in token instead of session	10 years ago
Christoph Wurst	c4149c59c2	use token last_activity instead of session value	10 years ago
Christoph Wurst	82b50d126c	add PasswordLoginForbiddenException	10 years ago
Christoph Wurst	a40d64ff7f	load 2FA provider apps before querying classes	10 years ago
Christoph Wurst	5daa9a5417	fail hard if 2fa provider can not be loaded (#25061 )	10 years ago
blizzz	51fd2602a7	Revert "Downstream 2016-06-08"	10 years ago
Christoph Wurst	60e15e934c	do not generate device token if 2FA is enable for user	10 years ago
Christoph Wurst	8f7a4aaa4d	do not generate device token if 2FA is enable for user	10 years ago
Christoph Wurst	c58d8159d7	Create session tokens for apache auth users	10 years ago
Lukas Reschke	aba539703c	Update license headers	10 years ago
Christoph Wurst	ad10485cec	when generating browser/device token, save the login name for later password checks	10 years ago
Christoph Wurst	847bbc51b6	add OCC command to enable/disable 2FA for a user	10 years ago
Christoph Wurst	dfb4d426c2	Add two factor auth to core	10 years ago
Christoph Wurst	74277c25be	add button to invalidate browser sessions/device tokens	10 years ago
Christoph Wurst	6495534bcd	add button to add new device tokens	10 years ago
Christoph Wurst	12431aa399	list user's auth tokens on the personal settings page	10 years ago
Christoph Wurst	0626578739	add method to query all user auth tokens	10 years ago
Christoph Wurst	98b465a8b9	a single token provider suffices	10 years ago
Christoph Wurst	ed01305e29	don't spam the log file with failed token validation entries	10 years ago
Christoph Wurst	69dafd727d	delete the token in case an exception is thrown when decrypting the password	10 years ago
Christoph Wurst	af707fba41	use the query builder instead of raw sql statements	10 years ago
Christoph Wurst	46bdf6ea2b	fix PHPDoc and other minor issues	10 years ago
Christoph Wurst	f0f8bdd495	PHPDoc and other minor fixes	10 years ago
Christoph Wurst	fdc2cd7554	Add token auth for OCS APIs	10 years ago
Christoph Wurst	8d48502187	Add index on 'last_activity' add token type column and delete only temporary tokens in the background job debounce token updates; fix wrong class import	10 years ago
Christoph Wurst	3ab922601a	Check if session token is valid and log user out if the check fails * Update last_activity timestamp of the session token * Check user backend credentials once in 5 minutes	10 years ago
Christoph Wurst	2fa5e0a24e	invalidate (delete) session token on logout add 'last_activity' column to session tokens and delete old ones via a background job	10 years ago
Christoph Wurst	d8cde414bd	token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token	10 years ago

49 Commits (311531ecce497663960877fc536ba94deff27bc0)