Commit Graph

13 Commits

Author SHA1 Message Date
Daniel Kesselberg af6de04e9e style: update codestyle for coding-standard 1.2.3
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2024-08-25 19:34:58 +02:00
provokateurin e5dcdfb9e0 feat(Security): Warn about using annotations instead of attributes
Signed-off-by: provokateurin <kate@provokateurin.de>
2024-07-18 11:25:32 +02:00
Arthur Schiwon f6d6efef3a refactor(Token): introduce scope constants
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2024-06-05 19:01:14 +02:00
Arthur Schiwon 340939e688 fix(Session): avoid password confirmation on SSO
SSO backends like SAML and OIDC tried a trick to suppress password
confirmations as they are not possible by design. At least for SAML it was
not reliable when existing user backends where used as user repositories.

Now we are setting a special scope with the token, and also make sure that
the scope is taken over when tokens are regenerated.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2024-06-05 19:01:13 +02:00
Andy Scherzinger dae7c159f7 chore: Add SPDX header
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
2024-05-24 13:11:22 +02:00
Joas Schilling aa5f037af7 chore: apply changes from Nextcloud coding standards 1.1.1
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2023-11-23 10:36:13 +01:00
Joas Schilling ecb8b55c5c feat(security): Add PHP \Attribute for remaining security annotations
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-04-25 14:50:32 +02:00
John Molakvoæ (skjnldsv) 215aef3cbd Update php licenses
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2021-06-04 22:02:41 +02:00
Christoph Wurst 5bf3d1bb38 Update license headers
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-12-05 15:38:45 +01:00
Roeland Jago Douma 68748d4f85 Some php-cs fixes
* Order the imports
* No leading slash on imports
* Empty line before namespace
* One line per import
* Empty after imports
* Emmpty line at bottom of file

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-22 20:52:10 +01:00
Roeland Jago Douma 603b672a11 Update password confirmation middleware
If the userbackend doesn't allow validating the password for a given uid
then there is no need to perform this check.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-11-02 13:44:45 +01:00
Bjoern Schiessle 85d9f06cb8 add global site selector as user back-end which doesn't support password confirmation
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2018-10-27 15:43:51 +02:00
Roeland Jago Douma 57050146f6 Move passwordconfirmation to its own midleware
Add tests

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-02 21:58:14 +01:00