nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Côme Chilliet	f5c361cf44	composer run cs:fix Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	3 years ago
Joas Schilling	2fb4dac7ad	fix(authentication): Update the token when the hash is null or can not be verified Signed-off-by: Joas Schilling <coding@schilljs.com>	3 years ago
Joas Schilling	28b18d561c	fix(authentication): Only hash the new password when needed Signed-off-by: Joas Schilling <coding@schilljs.com>	3 years ago
Joas Schilling	c5bb19641c	fix(authentication): Invert the logic to the original intention We need to store the new authentication details when the hash did not verify the old password. Signed-off-by: Joas Schilling <coding@schilljs.com>	3 years ago
Joas Schilling	55d8aec759	fix(authentication): Only verify each hash once Signed-off-by: Joas Schilling <coding@schilljs.com>	3 years ago
Thomas Citharel	6b7da88b0b	Validate user timezone given from login data before saving it Follow-up to #36000 Signed-off-by: Thomas Citharel <tcit@tcit.fr>	3 years ago
Joas Schilling	b4a29644cc	Add a const for the max user password length Signed-off-by: Joas Schilling <coding@schilljs.com>	3 years ago
Marcel Klehr	adfe367106	PublickKeyTokenProvider: Fix password update routine with password hash Signed-off-by: Marcel Klehr <mklehr@gmx.net>	3 years ago
Julius Härtl	6abb37317f	Do not setup a session when not required on WebDAV requests If basic auth is used on WebDAV endpoints, we will not setup a session by default but instead set a test cookie. Clients which handle session cookies properly will send back the cookie then on the second request and a session will be initialized which can be resued for authentication. Signed-off-by: Julius Härtl <jus@bitgrid.net>	3 years ago
Roeland Jago Douma	77df92cabf	feat: add event for failed logins Apps might also like to know about failed logins. This adds that event. The private interface changes are backwards compatible so all should be fine. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	3 years ago
Julius Härtl	298d2b9b58	Skip general login with email for non-valid addresses and LDAP Signed-off-by: Julius Härtl <jus@bitgrid.net>	3 years ago
Carl Schwan	419828c791	Fix the type of the return array in a few more places Signed-off-by: Carl Schwan <carl@carlschwan.eu>	3 years ago
Christoph Wurst	c5922e67d3	Run session token renewals in a database transaction The session token renewal does 1) Read the old token 2) Write a new token 3) Delete the old token If two processes succeed to read the old token there can be two new tokens because the queries were not run in a transaction. This is particularly problematic on clustered DBs where 1) would go to a read node and 2) and 3) go to a write node. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	3 years ago
Christoph Wurst	eff877af03	Pass logger to passwordless auth WebAuthn lib Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	3 years ago
Carl Schwan	ef31396727	Mark method as deprecated Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com> Signed-off-by: Carl Schwan <carl@carlschwan.eu>	3 years ago
Thomas Citharel	3ce1996d5e	Add back TokenCleanupJob to invalidate old temporary tokens Signed-off-by: Thomas Citharel <tcit@tcit.fr>	3 years ago
Julius Härtl	9d1ec582ba	Do not update passwords if nothing changed Signed-off-by: Julius Härtl <jus@bitgrid.net>	3 years ago
Carl Schwan	702445ba3b	Handle one time password better Signed-off-by: Carl Schwan <carl@carlschwan.eu>	3 years ago
luz paz	368f83095d	Fix typos in lib/private subdirectory Found via `codespell -q 3 -S l10n -L jus ./lib/private` Signed-off-by: luz paz <luzpaz@github.com>	3 years ago
Carl Schwan	d5c23dbb9f	Move CappedMemoryCache to OCP This is an helpful helper that should be used in more place than just server and this is already the case with groupfodlers, deck, user_oidc and more using it, so let's make it public Signed-off-by: Carl Schwan <carl@carlschwan.eu>	4 years ago
Carl Schwan	1c23c029af	Handler large passwords For passwords bigger than 250 characters, use a bigger key since the performance impact is minor (around one second to encrypt the password). For passwords bigger than 470 characters, give up earlier and throw exeception recommanding admin to either enable the previously enabled configuration or use smaller passwords. Signed-off-by: Carl Schwan <carl@carlschwan.eu>	4 years ago
Carl Schwan	cdf3b60555	Handle one time passwords This adds an option to disable storing passwords in the database. This might be desirable when using single use token as passwords or very large passwords. Signed-off-by: Carl Schwan <carl@carlschwan.eu>	4 years ago
Robin Appelman	db3093a46f	delete files before cleaning cache when cleaning user files otherwise, when using object store, we loose track of which files the user owns before we can delete them Signed-off-by: Robin Appelman <robin@icewind.nl>	4 years ago
Christoph Wurst	90c31cfddc	Fix replacing external storage password during debug log Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	4 years ago
Robin Appelman	5d69343efa	remove storage wrappers when deleting the user storage Signed-off-by: Robin Appelman <robin@icewind.nl>	4 years ago
Joas Schilling	7b3e2217de	Fix user agent trimming on installation Signed-off-by: Joas Schilling <coding@schilljs.com>	4 years ago
Christoph Wurst	69f5f014b3	Log why the login token can't be used for credentials And always pass the exception object to the logger. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	4 years ago
Joas Schilling	d683e0d3d1	Automatically cut the token name on the first level Signed-off-by: Joas Schilling <coding@schilljs.com>	4 years ago
Joas Schilling	a0c7798c7d	Limit the length of app password names Signed-off-by: Joas Schilling <coding@schilljs.com>	4 years ago
Julius Härtl	553cb499b2	Rotate token after fallback Signed-off-by: Julius Härtl <jus@bitgrid.net>	4 years ago
Julius Härtl	81f8719cc0	Add fallback routines for empty secret cases Signed-off-by: Julius Härtl <jus@bitgrid.net>	4 years ago
Joas Schilling	397b9098e8	Also cache non-existing to reuse it Signed-off-by: Joas Schilling <coding@schilljs.com>	4 years ago
Joas Schilling	c0ba89ecc9	Remove default token which is deprecated since Nextcloud 13 Signed-off-by: Joas Schilling <coding@schilljs.com>	4 years ago
Joas Schilling	660e550260	Only check the twofactor state once per request Signed-off-by: Joas Schilling <coding@schilljs.com>	4 years ago
Côme Chilliet	113756db30	Fix ArrayAccess and JsonSerializable return types First round of modifications for PHP 8.1 Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	4 years ago
Christoph Wurst	7dd7256cfe	Prevent duplicate auth token activity updates The auth token activity logic works as follows * Read auth token * Compare last activity time stamp to current time * Update auth token activity if it's older than x seconds This works fine in isolation but with concurrency that means that occasionally the same token is read simultaneously by two processes and both of these processes will trigger an update of the same row. Affectively the second update doesn't add much value. It might set the time stamp to the exact same time stamp or one a few seconds later. But the last activity is no precise science, we don't need this accuracy. This patch changes the UPDATE query to include the expected value in a comparison with the current data. This results in an affected row when the data in the DB still has an old time stamp, but won't affect a row if the time stamp is (nearly) up to date. This is a micro optimization and will possibly not show any significant performance improvement. Yet in setups with a DB cluster it means that the write node has to send fewer changes to the read nodes due to the lower number of actual changes. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	4 years ago
Christoph Wurst	01b8291c76	Type the autentication provider passwords as nullable strings For historic reasons we couldn't add a nullable type hint before nullable type hints were supported by our target php versions. This is now possible. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	4 years ago
Julius Härtl	508fe1899c	Tokens without password should not trigger changed password invalidation Signed-off-by: Julius Härtl <jus@bitgrid.net>	4 years ago
Tobias Assmann	ee049a159b	prevent the invalidation of pw based authn tokens on a pw less login Signed-off-by: Tobias Assmann <tobias.assmann@ecsec.de>	5 years ago
Tobias Assmann	669bd4d718	add spaces around operators Signed-off-by: Tobias Assmann <tobias.assmann@ecsec.de>	5 years ago
Tobias Assmann	1f1ae97824	draft to prevent the invalidation of pw based authn tokens on a pw less login Signed-off-by: Tobias Assmann <tobias.assmann@ecsec.de>	5 years ago
Morris Jobke	dbed0ce680	Properly cleanup entries of WebAuthn on user deletion Signed-off-by: Morris Jobke <hey@morrisjobke.de>	5 years ago
John Molakvoæ (skjnldsv)	215aef3cbd	Update php licenses Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	5 years ago
Robin Appelman	ed2d02d5f1	better cleanup of user files on user deletion Signed-off-by: Robin Appelman <robin@icewind.nl>	5 years ago
Roeland Jago Douma	a34085e1a2	Move 2fa backupscode to new registration Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	5 years ago
Roeland Jago Douma	5ee9e1f784	Move 2FA registration to IBootstrap Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	5 years ago
J0WI	74a7c2eefc	Use correct getSystemValue type Signed-off-by: J0WI <J0WI@users.noreply.github.com>	5 years ago
Roeland Jago Douma	3c5cf825b3	Add real events for enabled 2fa providers for users * Shiny new events * Listener to still emit the old event Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	5 years ago
Roeland Jago Douma	cd457cc68b	Always renew apppasswords on login Else you can end up that you renewed your password (LDAP for example). But they still don't work because you did not use them before you logged in. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	5 years ago
Christoph Wurst	f8808e260d	Move app_password_created to a typed event Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	5 years ago

1 2 3 4 5

249 Commits (43589312ccbdf977bb6d89eae3bec28bde2dceff)