nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Roeland Jago Douma	cd457cc68b	Always renew apppasswords on login Else you can end up that you renewed your password (LDAP for example). But they still don't work because you did not use them before you logged in. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	5 years ago
Christoph Wurst	99d525eb36	Convert 2FA token type to string The IConfig service is documented to handle its data as strings, hence this changes the code a bit to ensure we store keys as string and convert them back when reading. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	5 years ago
Joas Schilling	49ff48fcd3	Use PSR logger in authentication Signed-off-by: Joas Schilling <coding@schilljs.com>	5 years ago
Christoph Wurst	d9015a8c94	Format code to a single space around binary operators Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	5 years ago
Roeland Jago Douma	76a7600e2e	Allow configuring the activity update interval of token On some systems with a lot of users this creates a lot of extra DB writes. Being able to increase this interval helps there. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	5 years ago
Christoph Wurst	adf100a42f	Fix undefined class property access after upgrade from 19 to 20 The serialized data in 19 has one property less and this was not considered in the code. Hence adding a fallback. Moreover I'm changing the deserialization into an array instead of object, as that is the safer option. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	5 years ago
Lionel Elie Mamane	2c8e7912f3	adapt testGetLoginCredentialsInvalidTokenLoginCredentials() unit test to uid != loginname Signed-off-by: Lionel Elie Mamane <lionel@mamane.lu>	5 years ago
Morris Jobke	234b510652	Change PHPDoc type hint from PHPUnit_Framework_MockObject_MockObject to \PHPUnit\Framework\MockObject\MockObject Signed-off-by: Morris Jobke <hey@morrisjobke.de>	5 years ago
Christoph Wurst	68794ebc92	Emit an event for every disabled 2FA provider during cleanup Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	3474afa938	Clean up auth tokens when user is deleted Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Julius Härtl	2eadf9d567	Do not create remember me cookie Signed-off-by: Julius Härtl <jus@bitgrid.net>	6 years ago
Christoph Wurst	caff1023ea	Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	14c996d982	Use elseif instead of else if Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	afbd9c4e6e	Unify function spacing to PSR2 recommendation Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	2a529e453a	Use a blank line after the opening tag Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	85e369cddb	Fix multiline comments Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	c4998efcfc	Migrate to PSR1 coding style Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Roeland Jago Douma	84f3d2ddeb	[POC] Event for failed login attempts Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
Christoph Wurst	2ee65f177e	Use the shorter phpunit syntax for mocked return values Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	74936c49ea	Remove unused imports Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Joas Schilling	9935c71ec3	Check the user on remote wipe Signed-off-by: Joas Schilling <coding@schilljs.com>	6 years ago
Christoph Wurst	60d4b45e89	Clean up 2FA provider registry when a user is deleted Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Roeland Jago Douma	3a7cf40aaa	Mode to modern phpunit Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
Roeland Jago Douma	c007ca624f	Make phpunit8 compatible Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
Christoph Wurst	0299ea0a96	Handle token insert conflicts Env-based SAML uses the "Apache auth" mechanism to log users in. In this code path, we first delete all existin auth tokens from the database, before a new one is inserted. This is problematic for concurrent requests as they might reach the same code at the same time, hence both trying to insert a new row wit the same token (the session ID). This also bubbles up and disables user_saml. As the token might still be OK (both request will insert the same data), we can actually just check if the UIDs of the conflict row is the same as the one we want to insert right now. In that case let's just use the existing entry and carry on. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Roeland Jago Douma	68748d4f85	Some php-cs fixes * Order the imports * No leading slash on imports * Empty line before namespace * One line per import * Empty after imports * Emmpty line at bottom of file Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
Roeland Jago Douma	210a0554a2	Use the actual password to update the tokens Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
Christoph Wurst	a1ef939c06	Use Symfony's new contract Event class instead of the deprecated one Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Joas Schilling	565838da9c	Update unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>	7 years ago
Christoph Wurst	d058ef2b6c	Make it possible to wipe all tokens/devices of a user Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	7 years ago
Christoph Wurst	1c261675ad	Refactor: move remote wipe token logic to RW service Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	7 years ago
Christoph Wurst	c50fe2a9c9	Send emails when remote wipe starts/finishes Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	7 years ago
Christoph Wurst	aa6622ccef	Decouple remote wipe notifcation channels with events Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	7 years ago
Roeland Jago Douma	579162d7b9	Allow 2FA to be setup on first login Once 2FA is enforced for a user and they have no 2FA setup yet this will now prompt them with a setup screen. Given that providers are enabled that allow setup then. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl> Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	7 years ago
Christoph Wurst	170582d4f5	Add a login chain to reduce the complexity of LoginController::tryLogin Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	7 years ago
Joas Schilling	bb352fb667	Use the defined func()->count() instead of manual counting Signed-off-by: Joas Schilling <coding@schilljs.com>	7 years ago
Roeland Jago Douma	674930da7f	Move ExpiredTokenException to the correct namespace Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	7 years ago
Christoph Wurst	83e994c11f	Make it possible to enforce mandatory 2FA for groups Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	7 years ago
Roeland Jago Douma	19f84f7b54	Add tests Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	7 years ago
Roeland Jago Douma	956fe1b867	Generate backups code notification if not enable but 2fa is Generate a notification to generate backup codes if you enable an other 2FA provider but backup codes are not yet generated. * Add event listner * Insert background job * Background job tests and emits notification every 2 weeks * If the backup codes are generated the next run will remove the job Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	7 years ago
Christoph Wurst	259c0ce11d	Add mandatory 2FA service/class Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	7 years ago
Christoph Wurst	7586b19e52	Only allow 2FA state changs if providers support the operation Ref https://github.com/nextcloud/server/issues/11019. Add `twofactorauth:cleanup` command Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	7 years ago
Daniel Kesselberg	6bdcec67ab	Add openssl to mock Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	7 years ago
Christoph Wurst	5c70aa2a22	Remove unused import Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	7 years ago
Christoph Wurst	1124b87bc0	Fix 2FA being enforced if only backup codes provider is active Fixes https://github.com/nextcloud/server/issues/10634. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	7 years ago
Christoph Wurst	8db66d5dfb	Fix double-inserts of the same provider state Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	7 years ago
Christoph Wurst	85bc5edb5e	Add integration/unit test for the double-insert of same values Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	7 years ago
Christoph Wurst	d8197f2b97	Rename providerset method to get primary providers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	7 years ago
Christoph Wurst	c6e47e8a51	Fix login redirection if only one 2FA provider is active Fixes https://github.com/nextcloud/server/issues/10500. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	8 years ago
Christoph Wurst	d248a0bd1e	Fix 2FA provider registry population on login If the 2FA provider registry has not been populated yet, we have to make sure all available providers are loaded and queried on login. Otherwise previously active 2FA providers aren't detected as enabled. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	8 years ago

1 2 3

108 Commits (5cd1880daa048a685da689c7f41a2e50486494de)