nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Christoph Wurst	5bf3d1bb38	Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	0299ea0a96	Handle token insert conflicts Env-based SAML uses the "Apache auth" mechanism to log users in. In this code path, we first delete all existin auth tokens from the database, before a new one is inserted. This is problematic for concurrent requests as they might reach the same code at the same time, hence both trying to insert a new row wit the same token (the session ID). This also bubbles up and disables user_saml. As the token might still be OK (both request will insert the same data), we can actually just check if the UIDs of the conflict row is the same as the one we want to insert right now. In that case let's just use the existing entry and carry on. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Roeland Jago Douma	5122629bb0	Make renewSessionToken return the new token Avoids directly getting the token again. We just inserted it so it and have all the info. So that query is just a waste. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
Morris Jobke	4ae17427c5	Error with exception on SSL error Signed-off-by: Morris Jobke <hey@morrisjobke.de>	7 years ago
Roeland Jago Douma	f03eb7ec3c	Remote wipe support This allows a user to mark a token for remote wipe. Clients that support this can then wipe the device properly. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	7 years ago
Roeland Jago Douma	674930da7f	Move ExpiredTokenException to the correct namespace Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	7 years ago
Roeland Jago Douma	34f5f4091e	Catch more occurences where ExpiredTokenException can be thrown Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	7 years ago
Roeland Jago Douma	b3a92a4e39	Expired PK tokens should not fall back to legacy tokens Fixes #11919 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	7 years ago
Roeland Jago Douma	d9febae5b2	Update all the publickey tokens if needed on web login * On weblogin check if we have invalid public key tokens * If so update them all with the new token This ensures that your marked as invalid tokens work again if you once login on the web. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	7 years ago
Roeland Jago Douma	00e99af586	Mark token as invalid if the password doesn't match Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	7 years ago
Roeland Jago Douma	82959ca93e	Comments Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	970dea9264	Add getProvider helper function Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	9e7a95fe58	Add more tests * Add a lot of tests * Fixes related to those tests * Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	1999f7ce7b	Generate the new publicKey tokens by default! Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	f168ecfa7a	Actually convert the token * When getting the token * When rotating the token * Also store the encrypted password as base64 to avoid weird binary stuff Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	d03d16a936	Add publickey provider to manager Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	4c0d710479	Just pass uid to the Token stuff We don't have user objects in the code everywhere Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	02e0af1287	Initial PKT implementation Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	3dd5f3d5f6	Abstract the Provider via a manager Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	6b7cf46727	Certain tokens can expire However due to the nature of what we store in the token (encrypted passwords etc). We can't just delete the tokens because that would make the oauth refresh useless. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	aba255997a	Allow the rotation of tokens This for example will allow rotating the apptoken for oauth Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	466297829e	Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	47388e1cfe	Make the Token Auth code strict In preparation for #9441 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Morris Jobke	0eebff152a	Update license headers Signed-off-by: Morris Jobke <hey@morrisjobke.de>	8 years ago
Marcel Waldvogel	4e42f059ed	Minor typos Signed-off-by: Marcel Waldvogel <marcel.waldvogel@uni-konstanz.de>	9 years ago
Robin Appelman	1afccde16a	allow configuring filesystem access Signed-off-by: Robin Appelman <icewind@owncloud.com>	9 years ago
Christoph Wurst	4da6b20e76	document what the method does Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	9 years ago
Lukas Reschke	9d6e01ef40	Add missing tests and fix PHPDoc Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Christoph Wurst	d907666232	bring back remember-me * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	9 years ago
Christoph Wurst	e90f00791d	add invalidateOldTokens to IProvider interface	10 years ago
Joas Schilling	ba87db3fcc	Fix others	10 years ago
Christoph Wurst	b805908dca	update session token password on user password change	10 years ago
Christoph Wurst	0c0a216f42	store last check timestamp in token instead of session	10 years ago
Christoph Wurst	c4149c59c2	use token last_activity instead of session value	10 years ago
Christoph Wurst	c58d8159d7	Create session tokens for apache auth users	10 years ago
Lukas Reschke	aba539703c	Update license headers	10 years ago
Christoph Wurst	ad10485cec	when generating browser/device token, save the login name for later password checks	10 years ago
Christoph Wurst	74277c25be	add button to invalidate browser sessions/device tokens	10 years ago
Christoph Wurst	6495534bcd	add button to add new device tokens	10 years ago
Christoph Wurst	0626578739	add method to query all user auth tokens	10 years ago
Christoph Wurst	98b465a8b9	a single token provider suffices	10 years ago
Christoph Wurst	46bdf6ea2b	fix PHPDoc and other minor issues	10 years ago
Christoph Wurst	fdc2cd7554	Add token auth for OCS APIs	10 years ago
Christoph Wurst	d8cde414bd	token based auth * Add InvalidTokenException * add DefaultTokenMapper and use it to check if a auth token exists * create new token for the browser session if none exists hash stored token; save user agent * encrypt login password when creating the token	10 years ago
Christoph Wurst	e93bf80b29	throw SessionNotAvailableException if session_id returns empty string	10 years ago
Thomas Müller	682821c71e	Happy new year!	10 years ago
Jenkins for ownCloud	b585d87d9d	Update license headers	11 years ago
Vincent Petry	ce94a998dd	Use storage id + appframework for ext storage CRUD - Added StorageConfig class to replace ugly arrays - Implemented StorageService and StorageController for Global and User storages - Async status checking for storages (from Xenopathic) - Auto-generate id for external storage configs (not the same as storage_id) - Refactor JS classes for external storage settings, this mostly moves/encapsulated existing global event handlers into the MountConfigListView class. - Added some JS unit tests for the external storage UI	11 years ago

19 Commits (3e720942e58f99b038616d95e00a01ac9dd2f490)