Commit Graph

194 Commits

Author SHA1 Message Date
Carl Schwan c4e6fbdae7 fix(query-builder): Don't catch UniqueConstraintViolationException
UniqueConstraintViolationException is no longer throw directly but
instead is now wrapped inside a \OCP\DB\Exception. So check the
exception reason.

Signed-off-by: Carl Schwan <carl.schwan@nextclound.com>
2025-09-02 11:55:58 +02:00
Julien Veyssier 3d36834284 feat(auth): include the token entity in TokenInvalidatedEvent
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
2025-08-21 12:42:44 +02:00
Julien Veyssier 4a35837741 feat(auth): adjust PublicKeyTokenProviderTest
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
2025-08-21 12:42:44 +02:00
Julien Veyssier 3da919c783 feat(auth): dispatch new TokenInvalidatedEvent when PublicKeyTokenProvider::invalidateToken is called
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
2025-08-21 12:42:44 +02:00
Julien Veyssier 8ffd30bbf9 feat(auth): dispatch new TokenInvalidatedEvent when PublicKeyTokenProvider::invalidateTokenById is called
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
2025-08-21 12:42:43 +02:00
Ferdinand Thiessen 5981b7eb51 chore: apply new CSFixer rules
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>

# Conflicts:
#	apps/settings/lib/SetupChecks/PhpOpcacheSetup.php
2025-07-01 16:26:50 +02:00
Ferdinand Thiessen 0e54c2bd43 fix: Adjust Entity types
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-10-17 18:31:44 +02:00
Git'Fellow c254855222 chore(db): Correctly apply query types
fix: psalm

fix: error

fix: add batch

fix: fatal error

fix: add batch

chore: add batch

chore: add batch

fix: psalm

fix: typo

fix: psalm

fix: return bool

fix: revert Manager
2024-10-17 09:21:07 +02:00
Ferdinand Thiessen a8f46af20f chore: Add proper deprecation dates where missing
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-09-20 00:46:03 +02:00
Daniel Kesselberg af6de04e9e style: update codestyle for coding-standard 1.2.3
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2024-08-25 19:34:58 +02:00
Christoph Wurst 5100e3152d feat(auth): Clean-up unused auth tokens and wipe tokens
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2024-08-13 12:39:11 +02:00
Arthur Schiwon 99182aac37 fix(Token): take over scope in token refresh with login by cookie
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2024-07-19 15:53:46 +02:00
Arthur Schiwon 6a783d9b08 fix(Session): avoid race conditions on clustered setups
- re-stablishes old behaviour with cache to return null instead of throwing
  an InvalidTokenException when the token is cached as non-existing
- token invalidation and re-generation are bundled in a DB transaction now

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2024-07-10 13:28:33 +02:00
Arthur Schiwon f6d6efef3a refactor(Token): introduce scope constants
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2024-06-05 19:01:14 +02:00
Arthur Schiwon 340939e688 fix(Session): avoid password confirmation on SSO
SSO backends like SAML and OIDC tried a trick to suppress password
confirmations as they are not possible by design. At least for SAML it was
not reliable when existing user backends where used as user repositories.

Now we are setting a special scope with the token, and also make sure that
the scope is taken over when tokens are regenerated.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2024-06-05 19:01:13 +02:00
Daniel fca38e12c8 Merge pull request #45411 from nextcloud/fix/auth/selective-token-activity-update
fix(auth): Update authtoken activity selectively
2024-05-29 12:05:45 +02:00
Andy Scherzinger dae7c159f7 chore: Add SPDX header
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
2024-05-24 13:11:22 +02:00
Christoph Wurst bcc02a3c71 fix(auth): Update authtoken activity selectively
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2024-05-21 07:55:01 +02:00
Christoph Wurst fe7217d2d3 Merge pull request #45026 from nextcloud/fix/token-update
Avoid updating the same oc_authtoken row twice
2024-05-16 12:00:32 +02:00
Julius Härtl 04780ae30a fix: Always set last activity if we update the row of an authtoken anyways
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2024-04-29 15:20:17 +02:00
Joas Schilling bc4a102f52 fix(session): Avoid race condition for cache::get() vs. cache::hasKey()
Signed-off-by: Joas Schilling <coding@schilljs.com>
2024-04-29 12:45:44 +02:00
Côme Chilliet ec5133b739 fix: Apply new coding standard to all files
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2024-04-02 14:16:21 +02:00
Benjamin Gaussorgues d1189f923c feat(perf): add cache for authtoken lookup
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2024-02-28 15:04:04 +01:00
Côme Chilliet a526a382bf Import OCP IToken as OCPIToken to avoid a name clash in lib/private
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2024-01-11 15:45:14 +01:00
Côme Chilliet 8fc39aeb1c Use IToken from OCP instead of OC
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2024-01-11 14:02:15 +01:00
Côme Chilliet 95ea6188dc Suppress or fix psalm errors related to InvalidTokenException
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2024-01-11 14:02:15 +01:00
Côme Chilliet eee9f1eec4 Always catch OCP versions of authentication exceptions
And always throw OC versions for BC

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2024-01-11 14:02:15 +01:00
Joas Schilling aa5f037af7 chore: apply changes from Nextcloud coding standards 1.1.1
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2023-11-23 10:36:13 +01:00
Côme Chilliet d8b42c6131 Allow passing null to PublicKeyToken::setScope, fixes tests
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-10-23 15:52:07 +02:00
Côme Chilliet 33a24134a7 Improve docblock annotations for tokens and their exceptions
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-10-23 15:20:04 +02:00
Côme Chilliet 58a57a714e Use more precise typing for setScope method parameter
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-10-23 15:19:38 +02:00
Côme Chilliet 356f0291a2 Align PublicKeyToken with interface changes
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-10-23 09:41:32 +02:00
Côme Chilliet f94fb33062 Move IToken and IProvider::getToken to OCP
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-10-20 17:51:33 +02:00
Lucas Azevedo 2a36acfc2b Fix typo
Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>
2023-08-25 11:20:34 -03:00
Lucas Azevedo c93b1634d3 Fixes from static analysis
Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com>
Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>
2023-08-25 10:41:46 -03:00
Lucas Azevedo fe9b9c1955 Add last-used-before option
Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>
2023-08-25 02:07:57 -03:00
Côme Chilliet b294edad80 Merge branch 'master' into enh/type-iconfig-getter-calls
Signed-off-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
2023-04-20 16:52:38 +02:00
Christoph Wurst 5eb768ac5e fix(auth): Run token statements in atomic transaction
All or nothing

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-04-12 15:55:42 +02:00
Côme Chilliet 426c0341ff Use typed version of IConfig::getSystemValue as much as possible
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-04-05 12:50:08 +02:00
Côme Chilliet 8568c11d24 Merge pull request #36033 from nextcloud/invalidateTokensWhenDeletingOAuthClientMaster
[master] invalidate existing tokens when deleting an oauth client
2023-03-15 11:09:51 +01:00
Artur Neumann f634badf12 public interface to invalidate tokens of user
Signed-off-by: Artur Neumann <artur@jankaritech.com>
2023-03-14 17:13:29 +01:00
Ember 'n0emis' Keske 6881d2f2f1 Don't try to hash a nonexisting password
Allows to log-in via a passwordless authentication provider, eg SSO

Signed-off-by: Ember 'n0emis' Keske <git@n0emis.eu>
2023-03-13 10:32:53 +01:00
Joas Schilling 6417ea0265 fix(authentication): Handle null or empty string password hash
This can happen when the auth.storeCryptedPassword config is used,
which previously errored with:
Hasher::verify(): Argument #2 ($hash) must be of type string, null given

Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-02-10 09:18:50 +01:00
Joas Schilling e47d56ac36 Merge pull request #36621 from nextcloud/perf/noid/only-check-for-token-when-it-can-actually-be
fix(performance): Only search for auth tokens when the provided login…
2023-02-10 01:29:30 +01:00
Julius Härtl 580feecdbf fix(authtoken): Store only one hash for authtokens with the current password per user
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2023-02-09 13:44:00 +01:00
Joas Schilling 7a85a1596e fix(authentication): Check minimum length when creating app tokens
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-02-09 09:58:35 +01:00
Joas Schilling 03a585ab4f fix(performance): Only search for auth tokens when the provided login is long enough
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-02-08 22:45:23 +01:00
Côme Chilliet f5c361cf44 composer run cs:fix
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-01-20 11:45:08 +01:00
Joas Schilling 2fb4dac7ad fix(authentication): Update the token when the hash is null or can not be verified
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-01-09 16:32:36 +01:00
Joas Schilling 28b18d561c fix(authentication): Only hash the new password when needed
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-01-09 15:58:26 +01:00