Commit Graph

188 Commits

Author SHA1 Message Date
Christoph Wurst 3174012adf Add event dispatcher to OCP
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-06-25 10:02:27 +02:00
Christoph Wurst 170582d4f5 Add a login chain to reduce the complexity of LoginController::tryLogin
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-05-07 18:04:36 +02:00
Arthur Schiwon 96bab4f969 remove obsolete use statements
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-04-24 16:24:53 +02:00
Leon Klingele 9a5ca231bf lib/private/User: do not change user properties if value has not changed 2019-04-11 11:20:41 +02:00
Leon Klingele 3eb0d4f1a4 lib/private/User,apps/user_ldap/lib/User: always pass old value to User::triggerChange 2019-04-11 11:20:41 +02:00
Leon Klingele f420647add lib/private/User: do not change user properties if value has not changed
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-04-11 10:11:05 +02:00
Morris Jobke 36618b111f Pass old value to user triggerChange hook
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2019-04-11 10:03:38 +02:00
Roeland Jago Douma 969fc45032 Do not allow invalid users to be created
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-03-14 10:22:31 +01:00
Joas Schilling 01b4db62fb Add dispatcher events to User and Group objects
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-03-01 20:56:59 +01:00
Christoph Wurst ad5a658e0c Add isTokenLogin argument to post login hook/event
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-01-23 19:47:47 +01:00
Roeland Jago Douma 6980ecf7ab Throttle with correct metadata
Fixes #13202

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-01-04 21:45:44 +01:00
Roeland Jago Douma 03fe2b3b81 Use a case insensitive search for email
Fixes #7084
Now entering wrongly cased email (roeland@ instead of Roeland@) for
password reset etc. Will also work.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-12-20 14:19:35 +01:00
Roeland Jago Douma c2beb36bfc Bearer tokens are app token
Fixes #12498

This means that we set that it is a proper app token once it is
validated. This will allow the 2FA middleware to just run the same
check.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-20 09:23:57 +01:00
Joas Schilling bb352fb667 Use the defined func()->count() instead of manual counting
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-11-08 15:44:45 +01:00
Roeland Jago Douma 1fd640b40b Expose the backend of IUser
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-02 13:44:45 +01:00
Roeland Jago Douma 2223d19997 Error out early on an expired token
Fixes #12131

If we hit an expired token there is no need to continue checking. Since
we know it is a token.

We also should not register this with the bruteforce throttler as it is
actually a valid token. Just expired. Instead the authentication should
fail. And buisness continues as usual.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-30 19:30:45 +01:00
Morris Jobke b458ed9c82 Properly escape column name in "createFunction" call
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-10-16 15:24:02 +02:00
Georg Ehrke 2db26d87c4 filter null values for UserManager::getByEmail
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2018-10-15 13:27:58 +02:00
Roeland Jago Douma 0c9a3de68f Just update password hash without validating
Fixes #11097

If your password hash changed (becuse your are on 7.2 and we moved to
ARGON2). Then we shold not 'set a new password' but just update the
hash. As else we invoke the password policy again which might lock out
users.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-03 00:37:20 +02:00
Roeland Jago Douma d9febae5b2 Update all the publickey tokens if needed on web login
* On weblogin check if we have invalid public key tokens
* If so update them all with the new token

This ensures that your marked as invalid tokens work again if you once
login on the web.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-02 19:50:54 +02:00
Roeland Jago Douma 00e99af586 Mark token as invalid if the password doesn't match
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-02 19:50:44 +02:00
Roeland Jago Douma 9a7265babf Make authenticated cookies lax
This protects our cookies a bit more. It makes sure that when a 3rdparty
websites embededs a public alendar for example. That all the users see
this in anonymous mode there.

It adds a small helper function.

In the future we can think about protecting other cookies like this as
well. But for now this is sufficient to not have the user logged in at
all when doing 3rdparty requests.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-09-28 16:44:37 +02:00
Roeland Jago Douma ac4735a4f2 Update the scope of the lockdownmanager
We have the token anyway. So better the scope as well.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-08-14 09:45:52 +02:00
Robin Appelman 3392302d22 make table name configurable for db user backend
Signed-off-by: Robin Appelman <robin@icewind.nl>
2018-06-19 14:14:44 +02:00
Morris Jobke 8646f01320 Merge pull request #9881 from nextcloud/user-db-backend-querybuilder
use query builder in all places in the db user backend
2018-06-19 14:12:22 +02:00
Robin Appelman 4187d2cdb3 use query builder in all places in the db user backend
Signed-off-by: Robin Appelman <robin@icewind.nl>
2018-06-15 14:16:10 +02:00
Roeland Jago Douma 8c47a632e0 Allow updating the token on session regeneration
Sometimes when we force a session regeneration we want to update the
current token for this session.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-14 08:09:36 +02:00
John Molakvoæ (skjnldsv) 0bfe3da664 Ignore case when sorting users
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-05-26 12:01:13 +02:00
John Molakvoæ (skjnldsv) c55cf79453 Added total count for subadmins
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-05-24 17:52:15 +02:00
John Molakvoæ (skjnldsv) 10c135ca34 Added disabled count per groups
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-05-24 17:52:15 +02:00
Arthur Schiwon 38a90130ce move log constants to ILogger
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-04-26 10:45:52 +02:00
Roeland Jago Douma 81f71cb1f9 Numeric only uids are no fun
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-04-24 14:23:50 +02:00
Roeland Jago Douma 074a0e0665 Cast retrieved DB fields to string
Fixes #9279

If a pure numerical user is in the DB the value might be casted to a int
when returned. Cast it all to a string so we don't break the strict
typing.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-04-24 12:48:52 +02:00
Morris Jobke 38961a725f Merge pull request #8833 from nextcloud/feature/noid/add_ldap_user_hooks
add anounce- and (pre/|post)RevokeUser signals for non-native backends
2018-04-11 00:44:39 +02:00
John Molakvoæ (skjnldsv) eae55761de Properly return boolean on enable state
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-04-09 11:26:26 +02:00
Roeland Jago Douma 8edbeb159e Use the uid_lower column
This can use a proper index

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-04-06 13:42:52 +02:00
Arthur Schiwon 373a1d5391 more consistent naming
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-04-05 12:46:15 +02:00
Arthur Schiwon 2ebf26e444 admin_audit and dav listen to announce and revoke signals
also place them in doc

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-04-05 12:38:43 +02:00
Morris Jobke 9c4d562808 Merge pull request #9063 from nextcloud/fix-callForSeenUsers
Move on with the next user if we found the user on one user back-end
2018-04-04 15:01:04 +02:00
Bjoern Schiessle 6795b35cdf Move on with the next user if we found the user on one user back-end
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-04-03 17:00:18 +02:00
Roeland Jago Douma 471272d456 Move to ABackend
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-03-22 16:32:05 +01:00
Roeland Jago Douma cbd2be583a Move Database backend over to new User/Backend interfaces
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-03-22 16:32:05 +01:00
Daniel Calviño Sánchez 0b96a71a68 Fix configuration values matched in user searches
Due to a misplaced closing parenthesis the condition of the left join
clause was just "userid = uid"; the other conditions were passed as
additional parameters to "leftJoin", and thus they were ignored.
Therefore, the result set contained every preference of each user
instead of only the email, so the "WHERE configvalue LIKE XXX" matched
any configuration value of the user.

Besides the closing parenthesis this commit also fixes the literal
values. Although "Literal" objects represent literal values they must be
created through "IExpressionBuilder::literal()" to be properly quoted;
otherwise it is just a plain string, which is treated as a column name.

Signed-off-by: Daniel Calviño Sánchez <danxuliu@gmail.com>
2018-03-14 23:31:42 +01:00
Morris Jobke de56915605 Merge pull request #7419 from Abijeet/feature-7175
Fixes #7175 - Allow to search for email address in user management
2018-03-06 21:53:37 +01:00
Morris Jobke d3d045dd5c Remove unused import statements
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-02-14 16:55:43 +01:00
Morris Jobke a661f043e1 Remove unneeded semicolon and parentheses
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-26 23:46:40 +01:00
Morris Jobke 16a558871c Use proper code flow instead of not needed else branch
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-25 23:01:03 +01:00
Roeland Jago Douma ef127a30ec Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-23 10:35:37 +01:00
Roeland Jago Douma 0660e57b1f Don't polute log when loggin into dav with email
* We first try the email as username but this fails
* Then we get the uid from the email and try again

We should not log the first attempt since it polutes the log with failed
login attempts while the login actually is valid.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-23 09:41:44 +01:00
Arthur Schiwon 4f3d52a364 never translate login names when requiring with a user id
where appropriate, the preLoginNameUsedAsUserName hook should be thrown.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-03 13:25:00 +01:00