nextcloud-server

Commit Graph

Author	SHA1	Message	Date
provokateurin	83fbc64c99	fix(IResult): Use more accurate conditional return type for fetchAll Signed-off-by: provokateurin <kate@provokateurin.de>	2 weeks ago
provokateurin	f12cecb684	feat(rector): Enable SafeDeclareStrictTypesRector Signed-off-by: provokateurin <kate@provokateurin.de>	3 weeks ago
Carl Schwan	3979c493f9	refactor: Apply second batch of comments Signed-off-by: Carl Schwan <carl.schwan@nextcloud.com>	3 weeks ago
Carl Schwan	65e769a861	refactor: Apply comments Signed-off-by: Carl Schwan <carl.schwan@nextcloud.com>	3 weeks ago
Carl Schwan	7b6078875b	refactor: Run rector on lib/private Signed-off-by: Carl Schwan <carl.schwan@nextcloud.com>	3 weeks ago
Côme Chilliet	1f5e6cbbb4	feat: Add SetupCheck to warn about missing second factor provider Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	4 weeks ago
Joas Schilling	6c20e3e103	fix(onetime): Allow longer duration via app config Signed-off-by: Joas Schilling <coding@schilljs.com>	2 months ago
Joas Schilling	6b121c37da	feat: Allow to create one-time app passwords that only allow loading an app-password Signed-off-by: Joas Schilling <coding@schilljs.com>	2 months ago
Carl Schwan	693a2263cc	fix(entity): Do not call getId when inserting and $id is null Otherwise this breaks some existing code, in particular PublicKeyToken Signed-off-by: Carl Schwan <carlschwan@kde.org>	2 months ago
Carl Schwan	7c1a8a4060	feat: Adapt a bit the snowflake ids API - Rename setId() -> generateId() in SnowflakeAwareEntity Signed-off-by: Carl Schwan <carlschwan@kde.org>	2 months ago
Anna Larch	5f797ebc32	refactor: move existing usages of snoflake IDs SnowflakeAwareEntity Signed-off-by: Anna Larch <anna@nextcloud.com>	2 months ago
Côme Chilliet	4e83d20837	feat(login): Add rememberme checkbox Only present if allowed by configuration. Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	4 months ago
Côme Chilliet	28b48eec39	chore: Improve typing and codestyle in LoginData Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	4 months ago
Louis Chmn	ed4a1708f2	feat(EphemeralSessions): Introduce lax period Signed-off-by: Louis Chmn <louis@chmn.me>	4 months ago
Carl Schwan	c4e6fbdae7	fix(query-builder): Don't catch UniqueConstraintViolationException UniqueConstraintViolationException is no longer throw directly but instead is now wrapped inside a \OCP\DB\Exception. So check the exception reason. Signed-off-by: Carl Schwan <carl.schwan@nextclound.com>	6 months ago
Julien Veyssier	3d36834284	feat(auth): include the token entity in TokenInvalidatedEvent Signed-off-by: Julien Veyssier <julien-nc@posteo.net>	6 months ago
Julien Veyssier	4a35837741	feat(auth): adjust PublicKeyTokenProviderTest Signed-off-by: Julien Veyssier <julien-nc@posteo.net>	6 months ago
Julien Veyssier	3da919c783	feat(auth): dispatch new TokenInvalidatedEvent when PublicKeyTokenProvider::invalidateToken is called Signed-off-by: Julien Veyssier <julien-nc@posteo.net>	6 months ago
Julien Veyssier	8ffd30bbf9	feat(auth): dispatch new TokenInvalidatedEvent when PublicKeyTokenProvider::invalidateTokenById is called Signed-off-by: Julien Veyssier <julien-nc@posteo.net>	6 months ago
Ferdinand Thiessen	ac545cc478	fix(SetUserTimezoneCommand): only write user login timezone if not yet set Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	6 months ago
Ferdinand Thiessen	5981b7eb51	chore: apply new CSFixer rules Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de> # Conflicts: # apps/settings/lib/SetupChecks/PhpOpcacheSetup.php	8 months ago
Ferdinand Thiessen	a243e9cfbb	fix(webauthn): do not require bcmath or gmp - not needed anymore The extensions are not required anymore but only recommended for performance. See also: https://github.com/web-auth/webauthn-framework/issues/213 Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	12 months ago
Julius Knorr	777cd941dc	fix: Do not build encrypted password if there is none Signed-off-by: Julius Knorr <jus@bitgrid.net>	12 months ago
Ferdinand Thiessen	3c4feff028	fix: Move login via email logic to local backend Backends can decide which names they accept for login, e.g. with user_ldap you can configure arbitrary login fields. This was a hacky approach to allow login via email, so instead this is now only handled by the local user backend. This also fixes some other related problems: Other logic relys on `backend::get()` which was not handling email, so e.g. password policy could not block users logged in via email if they use out-dated passwords. Similar for other integrations, as the user backend was not consistent with what is a login name and what not. Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de> Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com> Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	1 year ago
Louis Chemineau	68f86b3066	fix(login): Support subfolder install for ephemeral sessions Signed-off-by: Louis Chemineau <louis@chmn.me>	1 year ago
Louis Chemineau	c6293204a2	feat: Close sessions created for login flow v2 Sessions created during the login flow v2 should be short lived to not leave an unexpected opened session in the browser. This commit add a property to the session object to track its origin, and will close it as soon as possible, i.e., on the first non public page request. Signed-off-by: Louis Chemineau <louis@chmn.me>	1 year ago
Daniel Calviño Sánchez	5ea5b2de84	fix: Handle exception when clearing previously removed two factor tokens If a token was already removed from the database but not from the configuration clearing the tokens will try to remove it again from the database, which caused a DoesNotExistException to be thrown. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>	1 year ago
Daniel Calviño Sánchez	381a2aa627	fix: Clear pending two factor tokens also from configuration Otherwise as the tokens were removed from the database but not from the configuration the next time that the tokens were cleared the previous tokens were still got from the configuration, and trying to remove them again from the database ended in a DoesNotExistException being thrown. Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>	1 year ago
yemkareems	34b07ace95	fix: crypto made inline for constructor and decrypt error handled in exception Signed-off-by: yemkareems <yemkareems@gmail.com>	1 year ago
yemkareems	3fd16de636	fix: crypto made inline for constructor and decrypt error handled in exception Signed-off-by: yemkareems <yemkareems@gmail.com>	1 year ago
yemkareems	79b1122749	fix: use Icrypto in place of Cypto Signed-off-by: yemkareems <yemkareems@gmail.com>	1 year ago
yemkareems	a74ef8237d	fix: crypto type made not nullable and tests run using ICrypto Signed-off-by: yemkareems <yemkareems@gmail.com>	1 year ago
yemkareems	505dfd65fd	fix: encrypt and store password, decrypt and retrieve the same Signed-off-by: yemkareems <yemkareems@gmail.com>	1 year ago
Git'Fellow	a1681b0756	chore(db): Apply query prepared statements Fix: psalm fix: bad file fix: bug chore: add batch chore: add batch chore: add batch fix: psalm	1 year ago
Ferdinand Thiessen	0e54c2bd43	fix: Adjust Entity types Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	1 year ago
Git'Fellow	c254855222	chore(db): Correctly apply query types fix: psalm fix: error fix: add batch fix: fatal error fix: add batch chore: add batch chore: add batch fix: psalm fix: typo fix: psalm fix: return bool fix: revert Manager	1 year ago
Ferdinand Thiessen	16833aff86	fix: Make user removal more resilient Currently there is a problem if an exception is thrown in `User::delete`, because at that point the user is already removed from the backend, but not all data is deleted. There is no way to recover from this state, as the user is gone no information is available anymore. This means the data is still available on the server but can not removed by any API anymore. The solution here is to first set a flag and backup the user home, this can be used to recover failed user deletions in a way the delete can be re-tried. Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	1 year ago
Ferdinand Thiessen	a8f46af20f	chore: Add proper deprecation dates where missing Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>	1 year ago
provokateurin	9836e9b164	chore(deps): Update nextcloud/coding-standard to v1.3.1 Signed-off-by: provokateurin <kate@provokateurin.de>	1 year ago
Côme Chilliet	7ed583cb8e	chore: Migrate cleanAppId and getAppPath calls to IAppManager from OC_App Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>	1 year ago
Daniel Kesselberg	af6de04e9e	style: update codestyle for coding-standard 1.2.3 Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>	2 years ago
S1m	9189bc290b	feat(webauthn): Add user verification to webauthn challenges Require user verification if all tokens are registered with UV flag, else discourage it Signed-off-by: S1m <git@sgougeon.fr> Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>	2 years ago
Christoph Wurst	5100e3152d	feat(auth): Clean-up unused auth tokens and wipe tokens Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2 years ago
Arthur Schiwon	99182aac37	fix(Token): take over scope in token refresh with login by cookie Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2 years ago
Arthur Schiwon	6a783d9b08	fix(Session): avoid race conditions on clustered setups - re-stablishes old behaviour with cache to return null instead of throwing an InvalidTokenException when the token is cached as non-existing - token invalidation and re-generation are bundled in a DB transaction now Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2 years ago
Joas Schilling	8130968a35	feat(notifications): Migrate server INotifiers to new exceptions Signed-off-by: Joas Schilling <coding@schilljs.com>	2 years ago
Arthur Schiwon	f6d6efef3a	refactor(Token): introduce scope constants Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2 years ago
Arthur Schiwon	340939e688	fix(Session): avoid password confirmation on SSO SSO backends like SAML and OIDC tried a trick to suppress password confirmations as they are not possible by design. At least for SAML it was not reliable when existing user backends where used as user repositories. Now we are setting a special scope with the token, and also make sure that the scope is taken over when tokens are regenerated. Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>	2 years ago
Andy Scherzinger	dae7c159f7	chore: Add SPDX header Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>	2 years ago
Christoph Wurst	bcc02a3c71	fix(auth): Update authtoken activity selectively Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>	2 years ago

1 2 3 4 5 ...

346 Commits (c73b4e6dddfd06fbb70834e8cf11e108cdaefc13)