nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Christoph Wurst	5bf3d1bb38	Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Roeland Jago Douma	b371e735cf	Throw an invalid token exception is token is marked outdated This avoids hitting the backend with multiple requests for the same token. And will help avoid quick LDAP lockouts. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
Roeland Jago Douma	5122629bb0	Make renewSessionToken return the new token Avoids directly getting the token again. We just inserted it so it and have all the info. So that query is just a waste. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
Roeland Jago Douma	3fccc7dc47	Cache the public key tokens Sometimes (esp with token auth) we query the same token multiple times. While this is properly indexed and fast it is still a bit of a waste. Right now it is doing very stupid caching. Which gets invalidate on any update. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
Daniel Kesselberg	608f4d3ee9	Pass $configargs to openssl_pkey_export Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	7 years ago
Morris Jobke	4ae17427c5	Error with exception on SSL error Signed-off-by: Morris Jobke <hey@morrisjobke.de>	7 years ago
Roeland Jago Douma	f03eb7ec3c	Remote wipe support This allows a user to mark a token for remote wipe. Clients that support this can then wipe the device properly. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	7 years ago
Daniel Kesselberg	ec8aefc762	Read openssl error and log Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	7 years ago
Roeland Jago Douma	674930da7f	Move ExpiredTokenException to the correct namespace Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	7 years ago
Roeland Jago Douma	d9febae5b2	Update all the publickey tokens if needed on web login * On weblogin check if we have invalid public key tokens * If so update them all with the new token This ensures that your marked as invalid tokens work again if you once login on the web. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	7 years ago
Roeland Jago Douma	00e99af586	Mark token as invalid if the password doesn't match Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	7 years ago
Joas Schilling	f258e65f13	Also adjust the expiration of PublicKeyTokenProvider Signed-off-by: Joas Schilling <coding@schilljs.com>	7 years ago
Daniel Kesselberg	90a9a1ecc6	Consider openssl settings from config.php Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	7 years ago
Roeland Jago Douma	47b46fa69d	Expire tokens hardening Just to be sure that the field is also not 0 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	7 years ago
Roeland Jago Douma	82959ca93e	Comments Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	df34571d1d	Use constant for token version And don't set the version in the constructor. That would possible cause to many updates. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	9e7a95fe58	Add more tests * Add a lot of tests * Fixes related to those tests * Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	f168ecfa7a	Actually convert the token * When getting the token * When rotating the token * Also store the encrypted password as base64 to avoid weird binary stuff Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	4bbc21cb21	SetPassword on PublicKeyTokens Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	4c0d710479	Just pass uid to the Token stuff We don't have user objects in the code everywhere Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	1f17010e0b	Add first tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	02e0af1287	Initial PKT implementation Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	480864b3e3	Make the token expiration also work for autocasting 0 Some bad databases don't respect the default null apprently. Now even if they cast it to 0 it should work just fine. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	6b7cf46727	Certain tokens can expire However due to the nature of what we store in the token (encrypted passwords etc). We can't just delete the tokens because that would make the oauth refresh useless. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	aba255997a	Allow the rotation of tokens This for example will allow rotating the apptoken for oauth Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	466297829e	Fix tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Roeland Jago Douma	47388e1cfe	Make the Token Auth code strict In preparation for #9441 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago
Flávio Gomes da Silva Lisboa	5ca9a7d6bc	Loss of performance on Login after upgrade from NC10 + LDAP to NC 12 + LDAP #6732 Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	8 years ago
Morris Jobke	0eebff152a	Update license headers Signed-off-by: Morris Jobke <hey@morrisjobke.de>	8 years ago
Christoph Wurst	38bb6e1477	Fix duplicate session token after remembered login On a remembered login session, we create a new session token in the database with the values of the old one. As we actually don't need the old session token anymore, we can delete it right away. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	8 years ago
Marcel Waldvogel	4e42f059ed	Minor typos Signed-off-by: Marcel Waldvogel <marcel.waldvogel@uni-konstanz.de>	9 years ago
Martin	53b8330e6d	Defining App "cron" for "Invalidating tokens older than" message #27167 (#27201 ) Signed-off-by: Morris Jobke <hey@morrisjobke.de>	9 years ago
Christoph Wurst	2183a1f3e6	copy remember-me value when renewing a session token On renew, a session token is duplicated. For some reason we did not copy over the remember-me attribute value. Hence, the new token was deleted too early in the background job and remember-me did not work properly. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	9 years ago
Robin Appelman	73dfe1835a	use lower loglevel for token cleanup messages Signed-off-by: Robin Appelman <robin@icewind.nl>	9 years ago
Robin Appelman	1afccde16a	allow configuring filesystem access Signed-off-by: Robin Appelman <icewind@owncloud.com>	9 years ago
Lukas Reschke	9d6e01ef40	Add missing tests and fix PHPDoc Signed-off-by: Lukas Reschke <lukas@statuscode.ch>	9 years ago
Christoph Wurst	d907666232	bring back remember-me * try to reuse the old session token for remember me login * decrypt/encrypt token password and set the session id accordingly * create remember-me cookies only if checkbox is checked and 2fa solved * adjust db token cleanup to store remembered tokens longer * adjust unit tests Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	9 years ago
Joas Schilling	ba87db3fcc	Fix others	10 years ago
Christoph Wurst	b805908dca	update session token password on user password change	10 years ago
Christoph Wurst	0c0a216f42	store last check timestamp in token instead of session	10 years ago
Christoph Wurst	c4149c59c2	use token last_activity instead of session value	10 years ago
Christoph Wurst	c58d8159d7	Create session tokens for apache auth users	10 years ago
Lukas Reschke	aba539703c	Update license headers	10 years ago
Christoph Wurst	ad10485cec	when generating browser/device token, save the login name for later password checks	10 years ago
Christoph Wurst	74277c25be	add button to invalidate browser sessions/device tokens	10 years ago
Christoph Wurst	6495534bcd	add button to add new device tokens	10 years ago
Christoph Wurst	0626578739	add method to query all user auth tokens	10 years ago
Christoph Wurst	98b465a8b9	a single token provider suffices	10 years ago
Christoph Wurst	ed01305e29	don't spam the log file with failed token validation entries	10 years ago
Christoph Wurst	69dafd727d	delete the token in case an exception is thrown when decrypting the password	10 years ago

23 Commits (3e720942e58f99b038616d95e00a01ac9dd2f490)