d29d978900
chore: Fix CreateSessionTokenCommandTest and add test for ephemeral session
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com >
2026-06-15 16:48:13 +02:00
e5b1799079
chore: add missing Override attribute to test files
...
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de >
2026-04-28 21:29:28 +02:00
c96ece0bcb
refactor: Add more typing
...
- repairs job
- database
- redis
And remove Helpertest which was unused outside of some tests.
Signed-off-by: Carl Schwan <carl.schwan@nextcloud.com >
2026-02-06 13:55:39 +01:00
4d47fdaa85
chore: Run rector with new rules for fetch
...
Signed-off-by: Carl Schwan <carl.schwan@nextcloud.com >
2025-11-18 17:45:57 +01:00
4e83d20837
feat(login): Add rememberme checkbox
...
Only present if allowed by configuration.
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com >
2025-11-13 13:25:59 +00:00
d6d6747a73
refactor: apply rector rules for PHPUnit 10
...
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de >
2025-10-27 21:56:04 +01:00
9b2fff5931
refactor(querybuilder): Port away from qb::execute() in tests/
...
Replace by either executeStatement or executeQuery
Signed-off-by: Carl Schwan <carl.schwan@nextclound.com >
2025-09-02 11:55:58 +02:00
c4e6fbdae7
fix(query-builder): Don't catch UniqueConstraintViolationException
...
UniqueConstraintViolationException is no longer throw directly but
instead is now wrapped inside a \OCP\DB\Exception. So check the
exception reason.
Signed-off-by: Carl Schwan <carl.schwan@nextclound.com >
2025-09-02 11:55:58 +02:00
4a35837741
feat(auth): adjust PublicKeyTokenProviderTest
...
Signed-off-by: Julien Veyssier <julien-nc@posteo.net >
2025-08-21 12:42:44 +02:00
ac545cc478
fix(SetUserTimezoneCommand): only write user login timezone if not yet set
...
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de >
2025-08-18 12:40:42 +02:00
aa15f9d16d
chore: run rector
...
Signed-off-by: Robin Appelman <robin@icewind.nl >
2025-07-01 22:45:52 +02:00
5981b7eb51
chore: apply new CSFixer rules
...
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de >
# Conflicts:
# apps/settings/lib/SetupChecks/PhpOpcacheSetup.php
2025-07-01 16:26:50 +02:00
3561937816
chore: run rector on tests with new rule
...
Signed-off-by: Robin Appelman <robin@icewind.nl >
2025-06-12 18:38:29 +02:00
29e39c0a2e
chore: run rector on tests
...
Signed-off-by: Robin Appelman <robin@icewind.nl >
2025-06-12 18:31:58 +02:00
5f9117b939
test: Fix coding standards
...
Signed-off-by: Joas Schilling <coding@schilljs.com >
2025-05-15 08:48:13 +02:00
53b116b8a5
test: Remove more withConsecutive
...
Signed-off-by: Joas Schilling <coding@schilljs.com >
2025-05-15 08:18:26 +02:00
bb6b462690
Merge pull request #51130 from nextcloud/fix/credential-passwordless-auth
...
fix: Do not build encrypted password if there is none
2025-03-07 16:49:18 +01:00
777cd941dc
fix: Do not build encrypted password if there is none
...
Signed-off-by: Julius Knorr <jus@bitgrid.net >
2025-03-06 09:31:29 +01:00
3c4feff028
fix: Move login via email logic to local backend
...
Backends can decide which names they accept for login,
e.g. with user_ldap you can configure arbitrary login fields.
This was a hacky approach to allow login via email,
so instead this is now only handled by the local user backend.
This also fixes some other related problems:
Other logic relys on `backend::get()` which was not handling email,
so e.g. password policy could not block users logged in via email
if they use out-dated passwords.
Similar for other integrations, as the user backend was not consistent with
what is a login name and what not.
Co-authored-by: Ferdinand Thiessen <opensource@fthiessen.de >
Co-authored-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com >
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de >
2025-03-03 18:02:07 +01:00
5ea5b2de84
fix: Handle exception when clearing previously removed two factor tokens
...
If a token was already removed from the database but not from the
configuration clearing the tokens will try to remove it again from the
database, which caused a DoesNotExistException to be thrown.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com >
2024-11-05 11:14:05 +01:00
381a2aa627
fix: Clear pending two factor tokens also from configuration
...
Otherwise as the tokens were removed from the database but not from the
configuration the next time that the tokens were cleared the previous
tokens were still got from the configuration, and trying to remove them
again from the database ended in a DoesNotExistException being thrown.
Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com >
2024-11-05 11:14:04 +01:00
a74ef8237d
fix: crypto type made not nullable and tests run using ICrypto
...
Signed-off-by: yemkareems <yemkareems@gmail.com >
2024-10-28 15:04:11 +05:30
505dfd65fd
fix: encrypt and store password, decrypt and retrieve the same
...
Signed-off-by: yemkareems <yemkareems@gmail.com >
2024-10-28 11:22:36 +05:30
9836e9b164
chore(deps): Update nextcloud/coding-standard to v1.3.1
...
Signed-off-by: provokateurin <kate@provokateurin.de >
2024-09-19 14:21:20 +02:00
49dd79eabb
refactor: Add void return type to PHPUnit test methods
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at >
2024-09-15 22:32:31 +02:00
af6de04e9e
style: update codestyle for coding-standard 1.2.3
...
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de >
2024-08-25 19:34:58 +02:00
5100e3152d
feat(auth): Clean-up unused auth tokens and wipe tokens
...
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at >
2024-08-13 12:39:11 +02:00
f6d6efef3a
refactor(Token): introduce scope constants
...
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de >
2024-06-05 19:01:14 +02:00
1f7e2ba599
chore: Add SPDX header
...
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de >
2024-05-13 17:41:36 +02:00
f9ce6bfdff
Refactor OC\Server::getHasher
...
Signed-off-by: Andrew Summers <18727110+summersab@users.noreply.github.com >
2024-03-15 13:04:27 +01:00
d1189f923c
feat(perf): add cache for authtoken lookup
...
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com >
2024-02-28 15:04:04 +01:00
26d343d33a
AppAPI: allowed to bypass Two-Factor
...
Signed-off-by: Alexander Piskun <bigcat88@icloud.com >
2023-12-28 20:59:02 +03:00
aa5f037af7
chore: apply changes from Nextcloud coding standards 1.1.1
...
Signed-off-by: Joas Schilling <coding@schilljs.com >
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com >
2023-11-23 10:36:13 +01:00
771a7b92cc
Add tests for occ user:auth-tokens:delete
...
Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com >
2023-08-25 02:27:41 -03:00
f57c12b14e
Fix various deprecation warnings in tests on PHP 8.3
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com >
2023-08-14 18:13:12 +02:00
dac31ad101
fix!: Remove legacy event dispatching Symfony's GenericEvent from 2FA Manager
...
Signed-off-by: Joas Schilling <coding@schilljs.com >
2023-07-27 09:57:52 +02:00
05aa39d777
Fix event names of 2FA related typed events
...
Signed-off-by: Joas Schilling <coding@schilljs.com >
2023-07-03 14:25:01 +02:00
8d5165e8dc
Adapt tests to config value typing
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com >
2023-04-05 17:42:14 +02:00
37cfccabc1
unit tests for Manager::invalidateTokensOfUser
...
Signed-off-by: Artur Neumann <artur@jankaritech.com >
2023-03-14 17:13:30 +01:00
a81d8ecef5
Fix unit tests
...
Signed-off-by: Joas Schilling <coding@schilljs.com >
2023-02-09 16:15:47 +01:00
f5c361cf44
composer run cs:fix
...
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com >
2023-01-20 11:45:08 +01:00
adfe367106
PublickKeyTokenProvider: Fix password update routine with password hash
...
Signed-off-by: Marcel Klehr <mklehr@gmx.net >
2023-01-04 08:30:53 +01:00
9d0e79f10d
Fix PublicKeyTokenProviderTest import and mock
...
* IDBConnection import missing
* Atomic doesn't need a mock
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at >
2022-11-10 15:40:35 +01:00
298d2b9b58
Skip general login with email for non-valid addresses and LDAP
...
Signed-off-by: Julius Härtl <jus@bitgrid.net >
2022-10-26 12:30:25 +02:00
c5922e67d3
Run session token renewals in a database transaction
...
The session token renewal does
1) Read the old token
2) Write a new token
3) Delete the old token
If two processes succeed to read the old token there can be two new tokens because
the queries were not run in a transaction. This is particularly problematic on
clustered DBs where 1) would go to a read node and 2) and 3) go to a write node.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at >
2022-10-18 08:28:22 +02:00
9919116716
Merge pull request #31499 from nextcloud/bugfix/empty-secret
...
Add fallback routines for empty secret cases
2022-10-17 16:02:58 +02:00
702445ba3b
Handle one time password better
...
Signed-off-by: Carl Schwan <carl@carlschwan.eu >
2022-07-28 14:26:25 +02:00
1c23c029af
Handler large passwords
...
For passwords bigger than 250 characters, use a bigger key since the
performance impact is minor (around one second to encrypt the password).
For passwords bigger than 470 characters, give up earlier and throw
exeception recommanding admin to either enable the previously enabled
configuration or use smaller passwords.
Signed-off-by: Carl Schwan <carl@carlschwan.eu >
2022-07-05 11:37:14 +02:00
cdf3b60555
Handle one time passwords
...
This adds an option to disable storing passwords in the database. This
might be desirable when using single use token as passwords or very
large passwords.
Signed-off-by: Carl Schwan <carl@carlschwan.eu >
2022-07-05 11:25:44 +02:00
7b3e2217de
Fix user agent trimming on installation
...
Signed-off-by: Joas Schilling <coding@schilljs.com >
2022-05-09 08:36:34 +02:00
Côme Chilliet
Ferdinand Thiessen
Carl Schwan
Carl Schwan
Julien Veyssier
Robin Appelman
Joas Schilling
Julius Knorr
Daniel Calviño Sánchez
yemkareems
provokateurin
Christoph Wurst
Daniel Kesselberg
Arthur Schiwon
Andy Scherzinger
Andrew Summers
Benjamin Gaussorgues
Alexander Piskun
Lucas Azevedo
Artur Neumann
Marcel Klehr
Carl Schwan