nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Faraz Samapoor	e7cc7653b8	Refactors "strpos" calls in lib/private to improve code readability. Signed-off-by: Faraz Samapoor <fsamapoor@gmail.com>	3 years ago
Joas Schilling	b91957e3df	fix(dav): Abort requests with 429 instead of waiting Signed-off-by: Joas Schilling <coding@schilljs.com>	3 years ago
Côme Chilliet	426c0341ff	Use typed version of IConfig::getSystemValue as much as possible Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	3 years ago
Daniel Kesselberg	f751d2d891	chore: use local variable for remote address Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	3 years ago
Roeland Jago Douma	77df92cabf	feat: add event for failed logins Apps might also like to know about failed logins. This adds that event. The private interface changes are backwards compatible so all should be fine. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	3 years ago
Julius Härtl	de3099b4d6	Remove potential mismatching dav session data during login Signed-off-by: Julius Härtl <jus@bitgrid.net>	3 years ago
Côme Chilliet	c79a6b3f62	Fix errors from PHP 8.2 testing Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	3 years ago
Christoph Wurst	e2d3409a34	Fix unsuccessful token login logged as error The condition of a non-existent login token can happen for concurrent requests. Admins can not do anything about this. So this is to be expected to happen occasionally. This event is only bad if none of the requests is able to re-acquire a session. Luckily this happens rarely. If a login loop persists an admin can still lower the log level to find this info. But a default error log level will no longer write those infos about the failed cookie login of one request. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	3 years ago
Robin Appelman	1fbb951691	dont try email login if the provider username is not a valid email Signed-off-by: Robin Appelman <robin@icewind.nl>	3 years ago
Christoph Wurst	0184fbe86b	Log if cookie login failed with token mismatch or session unavailability Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	3 years ago
Carl Schwan	9ec0cb0a90	Fix psalm issues related to the user backend - Reflect the actual return value returned by the implementation in the the interface. E.g. IUser\|bool -> IUser\|false - Remove $hasLoggedIn parameter from private countUser implementation. Replace the two call with the equivalent countSeenUser - getBackend is nuallable, add this to the interface - Use backend interface to make psalm happy about call to undefined methods. Also helps with getting rid at some point of the old implementActions Signed-off-by: Carl Schwan <carl@carlschwan.eu>	4 years ago
Côme Chilliet	6be7aa112f	Migrate from ILogger to LoggerInterface in lib/private Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	4 years ago
Joas Schilling	86de1d569f	Only setupFS when we have to copy the skeleton Signed-off-by: Joas Schilling <coding@schilljs.com>	4 years ago
Marek-Wojtowicz	f76a915096	Update Session.php The http headers according to rfc 2616 is iso-8859-1. This patch fixes the behavior when non-ascii characters are present in the header. Signed-off-by: Marek Wójtowicz <Marek.Wojtowicz@agh.edu.pl>	4 years ago
Joas Schilling	c0ba89ecc9	Remove default token which is deprecated since Nextcloud 13 Signed-off-by: Joas Schilling <coding@schilljs.com>	4 years ago
Joas Schilling	ccfaddf781	Fix missing token update Signed-off-by: Joas Schilling <coding@schilljs.com>	4 years ago
Christoph Wurst	a143337791	Emit an error log when the app token login name does not match Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	4 years ago
John Molakvoæ (skjnldsv)	215aef3cbd	Update php licenses Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>	5 years ago
Joas Schilling	521bb30541	Throw "401 Unauthenticated" when authentication is provided but invalid E.g. with an AppToken that has been revoked Signed-off-by: Joas Schilling <coding@schilljs.com>	5 years ago
Lionel Elie Mamane	f99f463834	token login: emit preLogin event with LoginName to bring it in line with normal (non-token) login. Signed-off-by: Lionel Elie Mamane <lionel@mamane.lu>	5 years ago
Christoph Wurst	d89a75be0b	Update all license headers for Nextcloud 21 Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	5 years ago
Morris Jobke	5cc348ae72	Fix typo Signed-off-by: Morris Jobke <hey@morrisjobke.de>	5 years ago
Roeland Jago Douma	48b4b83b5a	Remember me is not an app_password While technically they are stored the same. This session variable is used to indicate that a user is using an app password to authenticate. Like from a client. Or when having it generated automatically. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	5 years ago
Roeland Jago Douma	e93823cba0	Bearer must be in the start of the auth header Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	5 years ago
Christoph Wurst	1f7f93a695	Update license headers for Nextcloud 20 (again) There are still lots of outdated headers, so time for another round of updates. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	5 years ago
Lionel Elie Mamane	ac8b40b8b1	Return correct loginname in credentials, even when token is invalid or has no password. Returning the uid as loginname is wrong, and leads to problems when these differ. E.g. the getapppassword API was creating app token with the uid as loginname. In a scenario with external authentication (such as LDAP), these tokens were then invalidated next time their underlying password was checked, and systematically ceased to function. Co-authored-by: kesselb <mail@danielkesselberg.de> for: switch to consistent camelCase Signed-off-by: Lionel Elie Mamane <lionel@mamane.lu>	5 years ago
Christoph Wurst	5b92f35fe2	Log why a token is not valid during password check Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	caff1023ea	Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	14c996d982	Use elseif instead of else if Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	44577e4345	Remove trailing and in between spaces Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	85e369cddb	Fix multiline comments Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	c4998efcfc	Migrate to PSR1 coding style Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Roeland Jago Douma	84f3d2ddeb	[POC] Event for failed login attempts Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
Christoph Wurst	b80ebc9674	Use the short array syntax, everywhere Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	df9e2b828a	Fix mismatching docblock return types Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	d808f9c053	Add typed events for all user hooks and legacy events Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	5bf3d1bb38	Update license headers Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	535000aac6	Make the post login event public Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Roeland Jago Douma	5122629bb0	Make renewSessionToken return the new token Avoids directly getting the token again. We just inserted it so it and have all the info. So that query is just a waste. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago
Greta Doci	0a874c51af	Disable app token creation for impersonated people, ref #15539 Signed-off-by: Greta Doci <gretadoci@gmail.com>	6 years ago
Roeland Jago Douma	ba60fafb9a	Add proper PostLoginEvent This can be used by othr mechanisms to listen for this event in a lazy fashion. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	7 years ago
Christoph Wurst	ad5a658e0c	Add isTokenLogin argument to post login hook/event Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	7 years ago
Roeland Jago Douma	6980ecf7ab	Throttle with correct metadata Fixes #13202 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	7 years ago
Roeland Jago Douma	c2beb36bfc	Bearer tokens are app token Fixes #12498 This means that we set that it is a proper app token once it is validated. This will allow the 2FA middleware to just run the same check. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	7 years ago
Roeland Jago Douma	2223d19997	Error out early on an expired token Fixes #12131 If we hit an expired token there is no need to continue checking. Since we know it is a token. We also should not register this with the bruteforce throttler as it is actually a valid token. Just expired. Instead the authentication should fail. And buisness continues as usual. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	7 years ago
Roeland Jago Douma	d9febae5b2	Update all the publickey tokens if needed on web login * On weblogin check if we have invalid public key tokens * If so update them all with the new token This ensures that your marked as invalid tokens work again if you once login on the web. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	7 years ago
Roeland Jago Douma	00e99af586	Mark token as invalid if the password doesn't match Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	7 years ago
Roeland Jago Douma	9a7265babf	Make authenticated cookies lax This protects our cookies a bit more. It makes sure that when a 3rdparty websites embededs a public alendar for example. That all the users see this in anonymous mode there. It adds a small helper function. In the future we can think about protecting other cookies like this as well. But for now this is sufficient to not have the user logged in at all when doing 3rdparty requests. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	7 years ago
Roeland Jago Douma	ac4735a4f2	Update the scope of the lockdownmanager We have the token anyway. So better the scope as well. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	7 years ago
Roeland Jago Douma	8c47a632e0	Allow updating the token on session regeneration Sometimes when we force a session regeneration we want to update the current token for this session. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	8 years ago

1 2 3

140 Commits (b00a9a6eaeeafce11e0141199f37d8a105050cce)