Commit Graph

304 Commits

Author SHA1 Message Date
Daniel Kesselberg af6de04e9e style: update codestyle for coding-standard 1.2.3
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2024-08-25 19:34:58 +02:00
S1m 9189bc290b feat(webauthn): Add user verification to webauthn challenges
Require user verification if all tokens are registered
with UV flag, else discourage it

Signed-off-by: S1m <git@sgougeon.fr>
Signed-off-by: Richard Steinmetz <richard@steinmetz.cloud>
2024-08-15 11:03:10 +02:00
Christoph Wurst 5100e3152d feat(auth): Clean-up unused auth tokens and wipe tokens
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2024-08-13 12:39:11 +02:00
Arthur Schiwon 99182aac37 fix(Token): take over scope in token refresh with login by cookie
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2024-07-19 15:53:46 +02:00
Arthur Schiwon 6a783d9b08 fix(Session): avoid race conditions on clustered setups
- re-stablishes old behaviour with cache to return null instead of throwing
  an InvalidTokenException when the token is cached as non-existing
- token invalidation and re-generation are bundled in a DB transaction now

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2024-07-10 13:28:33 +02:00
Joas Schilling 8130968a35 feat(notifications): Migrate server INotifiers to new exceptions
Signed-off-by: Joas Schilling <coding@schilljs.com>
2024-06-25 11:56:24 +02:00
Arthur Schiwon f6d6efef3a refactor(Token): introduce scope constants
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2024-06-05 19:01:14 +02:00
Arthur Schiwon 340939e688 fix(Session): avoid password confirmation on SSO
SSO backends like SAML and OIDC tried a trick to suppress password
confirmations as they are not possible by design. At least for SAML it was
not reliable when existing user backends where used as user repositories.

Now we are setting a special scope with the token, and also make sure that
the scope is taken over when tokens are regenerated.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2024-06-05 19:01:13 +02:00
Daniel fca38e12c8 Merge pull request #45411 from nextcloud/fix/auth/selective-token-activity-update
fix(auth): Update authtoken activity selectively
2024-05-29 12:05:45 +02:00
Andy Scherzinger dae7c159f7 chore: Add SPDX header
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
2024-05-24 13:11:22 +02:00
Christoph Wurst bcc02a3c71 fix(auth): Update authtoken activity selectively
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2024-05-21 07:55:01 +02:00
Christoph Wurst fe7217d2d3 Merge pull request #45026 from nextcloud/fix/token-update
Avoid updating the same oc_authtoken row twice
2024-05-16 12:00:32 +02:00
Julius Härtl 04780ae30a fix: Always set last activity if we update the row of an authtoken anyways
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2024-04-29 15:20:17 +02:00
Joas Schilling bc4a102f52 fix(session): Avoid race condition for cache::get() vs. cache::hasKey()
Signed-off-by: Joas Schilling <coding@schilljs.com>
2024-04-29 12:45:44 +02:00
Ferdinand Thiessen e8452d9ef1 fix(deps): Bump web-auth/webauthn-lib from 3.3.9 to 4.8.5
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
2024-04-16 11:48:13 +02:00
Côme Chilliet ab6afe0111 fix: Fix new psalm errors from update
Not sure about the SimpleContainer modification, let’s see what CI says
 about that.

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2024-04-08 11:29:09 +02:00
Côme Chilliet ec5133b739 fix: Apply new coding standard to all files
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2024-04-02 14:16:21 +02:00
Benjamin Gaussorgues d1189f923c feat(perf): add cache for authtoken lookup
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2024-02-28 15:04:04 +01:00
Vincent Petry 839ddaa354 feat: rename users to account or person
Replace translated text in most locations

Signed-off-by: Vincent Petry <vincent@nextcloud.com>
2024-02-13 21:06:30 +01:00
Côme Chilliet 8bcc2d352e chore: Fix missing template parameter for IEventListener
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2024-01-30 10:57:15 +01:00
Côme Chilliet a526a382bf Import OCP IToken as OCPIToken to avoid a name clash in lib/private
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2024-01-11 15:45:14 +01:00
Côme Chilliet 37a6e15f87 Use OCP version of IToken in AppPasswordCreatedEvent
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2024-01-11 14:02:15 +01:00
Côme Chilliet 8fc39aeb1c Use IToken from OCP instead of OC
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2024-01-11 14:02:15 +01:00
Côme Chilliet 95ea6188dc Suppress or fix psalm errors related to InvalidTokenException
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2024-01-11 14:02:15 +01:00
Côme Chilliet eee9f1eec4 Always catch OCP versions of authentication exceptions
And always throw OC versions for BC

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2024-01-11 14:02:15 +01:00
Alexander Piskun 26d343d33a AppAPI: allowed to bypass Two-Factor
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
2023-12-28 20:59:02 +03:00
Joas Schilling aa5f037af7 chore: apply changes from Nextcloud coding standards 1.1.1
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2023-11-23 10:36:13 +01:00
Christoph Wurst a5422a3998 fix: Show error message when CSRF check fails at login
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-11-08 15:18:34 +01:00
Côme Chilliet d8b42c6131 Allow passing null to PublicKeyToken::setScope, fixes tests
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-10-23 15:52:07 +02:00
Côme Chilliet 33a24134a7 Improve docblock annotations for tokens and their exceptions
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-10-23 15:20:04 +02:00
Côme Chilliet 58a57a714e Use more precise typing for setScope method parameter
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-10-23 15:19:38 +02:00
Côme Chilliet 1bdf952fde Make sure that OC interfaces returns OC interfaces for backward compatibility
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-10-23 11:08:23 +02:00
Côme Chilliet b82e25ea7a Move Exceptions used in OCP to OCP
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-10-23 10:26:25 +02:00
Côme Chilliet 356f0291a2 Align PublicKeyToken with interface changes
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-10-23 09:41:32 +02:00
Côme Chilliet f94fb33062 Move IToken and IProvider::getToken to OCP
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-10-20 17:51:33 +02:00
Benjamin Gaussorgues 4361019f2f fix(twofactor): avoid error in pgsql for duplicate entry
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
2023-10-06 11:23:23 +02:00
Lucas Azevedo 2a36acfc2b Fix typo
Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>
2023-08-25 11:20:34 -03:00
Lucas Azevedo c93b1634d3 Fixes from static analysis
Co-authored-by: Joas Schilling <213943+nickvergessen@users.noreply.github.com>
Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>
2023-08-25 10:41:46 -03:00
Lucas Azevedo fe9b9c1955 Add last-used-before option
Signed-off-by: Lucas Azevedo <lhs_azevedo@hotmail.com>
2023-08-25 02:07:57 -03:00
Daniel Kesselberg 32303b6ed5 docs: remove superfluous phpdocs
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2023-08-10 15:01:56 +02:00
Joas Schilling dac31ad101 fix!: Remove legacy event dispatching Symfony's GenericEvent from 2FA Manager
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-07-27 09:57:52 +02:00
Christoph Wurst 14719110b9 chore: Replace \OC::$server->query with \OCP\Server::get in /lib
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-07-06 15:21:22 +02:00
Joas Schilling 05aa39d777 Fix event names of 2FA related typed events
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-07-03 14:25:01 +02:00
Côme Chilliet b294edad80 Merge branch 'master' into enh/type-iconfig-getter-calls
Signed-off-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
2023-04-20 16:52:38 +02:00
Christoph Wurst 5eb768ac5e fix(auth): Run token statements in atomic transaction
All or nothing

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-04-12 15:55:42 +02:00
Côme Chilliet 426c0341ff Use typed version of IConfig::getSystemValue as much as possible
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-04-05 12:50:08 +02:00
jld3103 d9f8522003 Fix types for reading and writing config values
Signed-off-by: jld3103 <jld3103yt@gmail.com>
2023-04-05 09:08:56 +02:00
Côme Chilliet 8568c11d24 Merge pull request #36033 from nextcloud/invalidateTokensWhenDeletingOAuthClientMaster
[master] invalidate existing tokens when deleting an oauth client
2023-03-15 11:09:51 +01:00
Artur Neumann f634badf12 public interface to invalidate tokens of user
Signed-off-by: Artur Neumann <artur@jankaritech.com>
2023-03-14 17:13:29 +01:00
Ember 'n0emis' Keske 6881d2f2f1 Don't try to hash a nonexisting password
Allows to log-in via a passwordless authentication provider, eg SSO

Signed-off-by: Ember 'n0emis' Keske <git@n0emis.eu>
2023-03-13 10:32:53 +01:00