nextcloud-server

Commit Graph

Author	SHA1	Message	Date
Benjamin Gaussorgues	d1189f923c	feat(perf): add cache for authtoken lookup Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2 years ago
Alexander Piskun	26d343d33a	AppAPI: allowed to bypass Two-Factor Signed-off-by: Alexander Piskun <bigcat88@icloud.com>	2 years ago
Joas Schilling	aa5f037af7	chore: apply changes from Nextcloud coding standards 1.1.1 Signed-off-by: Joas Schilling <coding@schilljs.com> Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>	2 years ago
Lucas Azevedo	771a7b92cc	Add tests for occ user:auth-tokens:delete Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>	2 years ago
Côme Chilliet	f57c12b14e	Fix various deprecation warnings in tests on PHP 8.3 Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	2 years ago
Joas Schilling	dac31ad101	fix!: Remove legacy event dispatching Symfony's GenericEvent from 2FA Manager Signed-off-by: Joas Schilling <coding@schilljs.com>	2 years ago
Joas Schilling	05aa39d777	Fix event names of 2FA related typed events Signed-off-by: Joas Schilling <coding@schilljs.com>	3 years ago
Côme Chilliet	8d5165e8dc	Adapt tests to config value typing Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	3 years ago
Artur Neumann	37cfccabc1	unit tests for Manager::invalidateTokensOfUser Signed-off-by: Artur Neumann <artur@jankaritech.com>	3 years ago
Joas Schilling	a81d8ecef5	Fix unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>	3 years ago
Côme Chilliet	f5c361cf44	composer run cs:fix Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	3 years ago
Marcel Klehr	adfe367106	PublickKeyTokenProvider: Fix password update routine with password hash Signed-off-by: Marcel Klehr <mklehr@gmx.net>	3 years ago
Christoph Wurst	9d0e79f10d	Fix PublicKeyTokenProviderTest import and mock * IDBConnection import missing * Atomic doesn't need a mock Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	3 years ago
Julius Härtl	2a684f6741	Fix some phpunit test warnings Signed-off-by: Julius Härtl <jus@bitgrid.net>	3 years ago
Julius Härtl	298d2b9b58	Skip general login with email for non-valid addresses and LDAP Signed-off-by: Julius Härtl <jus@bitgrid.net>	3 years ago
Christoph Wurst	c5922e67d3	Run session token renewals in a database transaction The session token renewal does 1) Read the old token 2) Write a new token 3) Delete the old token If two processes succeed to read the old token there can be two new tokens because the queries were not run in a transaction. This is particularly problematic on clustered DBs where 1) would go to a read node and 2) and 3) go to a write node. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	3 years ago
Carl Schwan	702445ba3b	Handle one time password better Signed-off-by: Carl Schwan <carl@carlschwan.eu>	3 years ago
Carl Schwan	1c23c029af	Handler large passwords For passwords bigger than 250 characters, use a bigger key since the performance impact is minor (around one second to encrypt the password). For passwords bigger than 470 characters, give up earlier and throw exeception recommanding admin to either enable the previously enabled configuration or use smaller passwords. Signed-off-by: Carl Schwan <carl@carlschwan.eu>	4 years ago
Carl Schwan	cdf3b60555	Handle one time passwords This adds an option to disable storing passwords in the database. This might be desirable when using single use token as passwords or very large passwords. Signed-off-by: Carl Schwan <carl@carlschwan.eu>	4 years ago
Joas Schilling	7b3e2217de	Fix user agent trimming on installation Signed-off-by: Joas Schilling <coding@schilljs.com>	4 years ago
Joas Schilling	d683e0d3d1	Automatically cut the token name on the first level Signed-off-by: Joas Schilling <coding@schilljs.com>	4 years ago
Joas Schilling	343476f54f	Fix unit tests Signed-off-by: Joas Schilling <coding@schilljs.com>	4 years ago
Carl Schwan	01e2a26749	Fix unit tests Signed-off-by: Carl Schwan <carl@carlschwan.eu>	4 years ago
Joas Schilling	3e20cffc86	More test fixing Signed-off-by: Joas Schilling <coding@schilljs.com>	4 years ago
Joas Schilling	c6ae53096c	More test fixing Signed-off-by: Joas Schilling <coding@schilljs.com>	4 years ago
Joas Schilling	9f00179037	More unit test adjustments Signed-off-by: Joas Schilling <coding@schilljs.com>	4 years ago
Côme Chilliet	bc3acfc957	Fix test class names Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	4 years ago
Christoph Wurst	7dd7256cfe	Prevent duplicate auth token activity updates The auth token activity logic works as follows * Read auth token * Compare last activity time stamp to current time * Update auth token activity if it's older than x seconds This works fine in isolation but with concurrency that means that occasionally the same token is read simultaneously by two processes and both of these processes will trigger an update of the same row. Affectively the second update doesn't add much value. It might set the time stamp to the exact same time stamp or one a few seconds later. But the last activity is no precise science, we don't need this accuracy. This patch changes the UPDATE query to include the expected value in a comparison with the current data. This results in an affected row when the data in the DB still has an old time stamp, but won't affect a row if the time stamp is (nearly) up to date. This is a micro optimization and will possibly not show any significant performance improvement. Yet in setups with a DB cluster it means that the write node has to send fewer changes to the read nodes due to the lower number of actual changes. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	4 years ago
Joas Schilling	4ed296db9f	Fix Authentication test Signed-off-by: Joas Schilling <coding@schilljs.com>	5 years ago
Roeland Jago Douma	5ee9e1f784	Move 2FA registration to IBootstrap Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	5 years ago
Roeland Jago Douma	b5ffca00f7	Fix unit test * Fix namespace * Fix test Was broken after https://github.com/nextcloud/server/pull/26529 Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	5 years ago
Roeland Jago Douma	3c5cf825b3	Add real events for enabled 2fa providers for users * Shiny new events * Listener to still emit the old event Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	5 years ago
Roeland Jago Douma	cd457cc68b	Always renew apppasswords on login Else you can end up that you renewed your password (LDAP for example). But they still don't work because you did not use them before you logged in. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	5 years ago
Christoph Wurst	99d525eb36	Convert 2FA token type to string The IConfig service is documented to handle its data as strings, hence this changes the code a bit to ensure we store keys as string and convert them back when reading. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	5 years ago
Joas Schilling	49ff48fcd3	Use PSR logger in authentication Signed-off-by: Joas Schilling <coding@schilljs.com>	5 years ago
Christoph Wurst	d9015a8c94	Format code to a single space around binary operators Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	5 years ago
Roeland Jago Douma	76a7600e2e	Allow configuring the activity update interval of token On some systems with a lot of users this creates a lot of extra DB writes. Being able to increase this interval helps there. Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	5 years ago
Christoph Wurst	adf100a42f	Fix undefined class property access after upgrade from 19 to 20 The serialized data in 19 has one property less and this was not considered in the code. Hence adding a fallback. Moreover I'm changing the deserialization into an array instead of object, as that is the safer option. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	5 years ago
Lionel Elie Mamane	2c8e7912f3	adapt testGetLoginCredentialsInvalidTokenLoginCredentials() unit test to uid != loginname Signed-off-by: Lionel Elie Mamane <lionel@mamane.lu>	5 years ago
Morris Jobke	234b510652	Change PHPDoc type hint from PHPUnit_Framework_MockObject_MockObject to \PHPUnit\Framework\MockObject\MockObject Signed-off-by: Morris Jobke <hey@morrisjobke.de>	5 years ago
Christoph Wurst	68794ebc92	Emit an event for every disabled 2FA provider during cleanup Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	3474afa938	Clean up auth tokens when user is deleted Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Julius Härtl	2eadf9d567	Do not create remember me cookie Signed-off-by: Julius Härtl <jus@bitgrid.net>	6 years ago
Christoph Wurst	caff1023ea	Format control structures, classes, methods and function To continue this formatting madness, here's a tiny patch that adds unified formatting for control structures like if and loops as well as classes, their methods and anonymous functions. This basically forces the constructs to start on the same line. This is not exactly what PSR2 wants, but I think we can have a few exceptions with "our" style. The starting of braces on the same line is pracrically standard for our code. This also removes and empty lines from method/function bodies at the beginning and end. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	14c996d982	Use elseif instead of else if Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	afbd9c4e6e	Unify function spacing to PSR2 recommendation Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	2a529e453a	Use a blank line after the opening tag Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	85e369cddb	Fix multiline comments Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Christoph Wurst	c4998efcfc	Migrate to PSR1 coding style Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	6 years ago
Roeland Jago Douma	84f3d2ddeb	[POC] Event for failed login attempts Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>	6 years ago

1 2 3

140 Commits (ba94de2510b3858f10d60f0230a58b1252346372)