averello/nextcloud-server-mirror
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-03-08 18:28:16 +01:00
Code Issues Packages Projects Releases Wiki Activity
50,449 Commits 732 Branches 1,186 Tags
4f31b7b9cc2dac060194de2c769b149a2ac861ba
Commit Graph

31 Commits

Author SHA1 Message Date
Roeland Jago Douma
df34571d1d Use constant for token version 
And don't set the version in the constructor. That would possible cause
to many updates.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-06-18 22:11:55 +02:00
Roeland Jago Douma
4c0d710479 Just pass uid to the Token stuff 
We don't have user objects in the code everywhere

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-06-18 22:11:54 +02:00
Roeland Jago Douma
02e0af1287 Initial PKT implementation 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-06-18 22:11:54 +02:00
Roeland Jago Douma
6b7cf46727 Certain tokens can expire 
However due to the nature of what we store in the token (encrypted
passwords etc). We can't just delete the tokens because that would make
the oauth refresh useless.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-05-17 16:10:19 +02:00
Roeland Jago Douma
47388e1cfe Make the Token Auth code strict 
In preparation for #9441

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-05-15 10:32:30 +02:00
Roeland Jago Douma
610c66520b Move over TokenMapper 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2018-05-10 19:47:43 +02:00
Morris Jobke
0eebff152a Update license headers 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2017-11-06 16:56:19 +01:00
Joas Schilling
fc22a2cb07 Fix auth provider 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-08-02 09:48:16 +02:00
Joas Schilling
a76d4ef04e Fix clob comparison 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2017-08-02 09:48:15 +02:00
Roeland Jago Douma
5f227bd93b More phpstorm inspection fixes 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2017-07-24 11:39:29 +02:00
Marcel Waldvogel
4e42f059ed Minor typos 
Signed-off-by: Marcel Waldvogel <marcel.waldvogel@uni-konstanz.de>
 2017-07-21 09:50:44 +02:00
Lukas Reschke
77827ebf11 Rename table back to lowercase 
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
 2017-05-18 20:49:09 +02:00
Bjoern Schiessle
1eb7f4956b delete auth token when client gets deleted 
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
 2017-05-18 20:49:07 +02:00
Roeland Jago Douma
e5bc80b31d Adds TokenProvider and Mapper tests 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2016-11-16 15:24:31 +01:00
Robin Appelman
1afccde16a allow configuring filesystem access 
Signed-off-by: Robin Appelman <icewind@owncloud.com>
 2016-11-16 15:24:27 +01:00
Robin Appelman
b4e27d35f5 app password scope wip 
Signed-off-by: Robin Appelman <icewind@owncloud.com>
 2016-11-16 15:24:27 +01:00
Robin Appelman
2389e0f250 read lockdown scope from token 
Signed-off-by: Robin Appelman <icewind@owncloud.com>
 2016-11-16 15:24:27 +01:00
Christoph Wurst
d907666232 bring back remember-me 
* try to reuse the old session token for remember me login
* decrypt/encrypt token password and set the session id accordingly
* create remember-me cookies only if checkbox is checked and 2fa solved
* adjust db token cleanup to store remembered tokens longer
* adjust unit tests

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2016-11-02 13:39:16 +01:00
Joas Schilling
ba87db3fcc Fix others 2016-07-21 18:13:57 +02:00
Vincent Petry
3db5de95bd Merge pull request #25172 from owncloud/token-login-validation 
Token login validation
 2016-06-22 13:58:56 +02:00
Christoph Wurst
b0f2878f6e close cursor after loading a token 2016-06-17 16:13:28 +02:00
Christoph Wurst
0c0a216f42 store last check timestamp in token instead of session 2016-06-17 15:42:28 +02:00
Lukas Reschke
aba539703c Update license headers 2016-05-26 19:57:24 +02:00
Christoph Wurst
ad10485cec when generating browser/device token, save the login name for later password checks 2016-05-24 11:49:15 +02:00
Christoph Wurst
74277c25be add button to invalidate browser sessions/device tokens 2016-05-23 09:11:12 +02:00
Christoph Wurst
0626578739 add method to query all user auth tokens 2016-05-18 18:25:37 +02:00
Christoph Wurst
af707fba41 use the query builder instead of raw sql statements 2016-05-11 13:36:46 +02:00
Christoph Wurst
8d48502187 Add index on 'last_activity' 
add token type column and delete only temporary tokens in the background job

debounce token updates; fix wrong class import
 2016-05-11 13:36:46 +02:00
Christoph Wurst
3ab922601a Check if session token is valid and log user out if the check fails 
* Update last_activity timestamp of the session token
* Check user backend credentials once in 5 minutes
 2016-05-11 13:36:46 +02:00
Christoph Wurst
2fa5e0a24e invalidate (delete) session token on logout 
add 'last_activity' column to session tokens and delete old ones via a background job
 2016-05-11 13:36:46 +02:00
Christoph Wurst
d8cde414bd token based auth 
* Add InvalidTokenException
* add DefaultTokenMapper and use it to check if a auth token exists
* create new token for the browser session if none exists
hash stored token; save user agent
* encrypt login password when creating the token
 2016-05-11 13:36:46 +02:00