averello/nextcloud-server-mirror
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-06-29 12:24:50 +02:00
Code Issues Packages Projects Releases Wiki Activity
76,735 Commits 1,008 Branches 1,229 Tags
d92bf388b1c553ecd6bfb2a7400b990dcafe9c54
Commit Graph

163 Commits

Author SHA1 Message Date
Arthur Schiwon 6a783d9b08 fix(Session): avoid race conditions on clustered setups 
- re-stablishes old behaviour with cache to return null instead of throwing
  an InvalidTokenException when the token is cached as non-existing
- token invalidation and re-generation are bundled in a DB transaction now

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
 2024-07-10 13:28:33 +02:00
John Molakvoæ cc7e6e5e4c Merge branch 'master' into refactor/OC-Server-getCsrfTokenManager 
Signed-off-by: John Molakvoæ <skjnldsv@users.noreply.github.com>
 2024-05-30 14:29:21 +02:00
Daniel fca38e12c8 Merge pull request #45411 from nextcloud/fix/auth/selective-token-activity-update 
fix(auth): Update authtoken activity selectively
 2024-05-29 12:05:45 +02:00
Andy Scherzinger dae7c159f7 chore: Add SPDX header 
Signed-off-by: Andy Scherzinger <info@andy-scherzinger.de>
 2024-05-24 13:11:22 +02:00
Christoph Wurst bcc02a3c71 fix(auth): Update authtoken activity selectively 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2024-05-21 07:55:01 +02:00
Christoph Wurst 21ee7f59bd fix(session): Do not update authtoken last_check for passwordless 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2024-04-26 16:05:18 +02:00
Côme Chilliet ec5133b739 fix: Apply new coding standard to all files 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-04-02 14:16:21 +02:00
Julius Härtl e330efe5a0 fix: Implement option to temporarily set the user session 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2024-03-19 13:48:23 +01:00
Andrew Summers 0047789580 Refactor OC\Server::getTwoFactorAuthManager 
Signed-off-by: Andrew Summers <18727110+summersab@users.noreply.github.com>
 2024-03-15 13:12:51 +01:00
Vincent Petry 839ddaa354 feat: rename users to account or person 
Replace translated text in most locations

Signed-off-by: Vincent Petry <vincent@nextcloud.com>
 2024-02-13 21:06:30 +01:00
Côme Chilliet b2e9e0fa0d chore: Replace OC::$server->getL10N by OCP\Util::getL10N in lib and some apps 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-02-05 11:16:04 +01:00
Christoph Wurst 7f2fdd8843 fix(auth): Fix logging in with email, password and login name mismatch 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2024-01-19 19:29:41 +01:00
Git'Fellow 72e0618f20 fix(session): Avoid two useless authtoken DB queries for every anonymous request 
Co-Authored-By: Christoph Wurst <christoph@winzerhof-wurst.at>
Signed-off-by: Git'Fellow <12234510+solracsf@users.noreply.github.com>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2024-01-17 09:17:23 +01:00
Côme Chilliet eee9f1eec4 Always catch OCP versions of authentication exceptions 
And always throw OC versions for BC

Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2024-01-11 14:02:15 +01:00
Julius Härtl a3a343ce41 perf: Use more performant way to obtain and check the email as a login name with token login 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2023-11-30 20:51:47 +01:00
Joas Schilling aa5f037af7 chore: apply changes from Nextcloud coding standards 1.1.1 
Signed-off-by: Joas Schilling <coding@schilljs.com>
Signed-off-by: Benjamin Gaussorgues <benjamin.gaussorgues@nextcloud.com>
 2023-11-23 10:36:13 +01:00
Patrick Fischer b2103556b5 Lower log level about invalid session token 2023-11-06 14:51:13 +01:00
Christoph Wurst 4f183bb604 fix(session): Log why session renewal failed 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-10-11 08:36:13 +02:00
Christoph Wurst f398d0b5a3 fix: Log critical session renewal and logout paths 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-10-09 13:21:10 +02:00
Christoph Wurst 83a30dfbdf fix(user): Log affected user of app token login name mismatch 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2023-10-06 08:51:50 +02:00
Andrew Summers 1470a7294b Refactor OC\Server::getCsrfTokenManager 
Signed-off-by: Andrew Summers <18727110+summersab@users.noreply.github.com>
 2023-08-29 21:28:51 -05:00
Joas Schilling 25309bcb45 techdebt(DI): Use public IThrottler interface which exists since Nextcloud 25 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-08-28 15:50:45 +02:00
Joas Schilling 3962cd0aa8 fix!: Move getEventDispatcher usage to IEventDispatcher 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-07-28 14:11:22 +02:00
Faraz Samapoor e7cc7653b8 Refactors "strpos" calls in lib/private to improve code readability. 
Signed-off-by: Faraz Samapoor <fsamapoor@gmail.com>
 2023-05-15 15:17:19 +03:30
Joas Schilling b91957e3df fix(dav): Abort requests with 429 instead of waiting 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2023-05-03 22:43:36 +02:00
Côme Chilliet 426c0341ff Use typed version of IConfig::getSystemValue as much as possible 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2023-04-05 12:50:08 +02:00
Daniel Kesselberg f751d2d891 chore: use local variable for remote address 
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
 2023-03-10 18:04:34 +01:00
Roeland Jago Douma 77df92cabf feat: add event for failed logins 
Apps might also like to know about failed logins.
This adds that event.
The private interface changes are backwards compatible so all should be fine.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2022-11-24 21:24:21 +01:00
Julius Härtl de3099b4d6 Remove potential mismatching dav session data during login 
Signed-off-by: Julius Härtl <jus@bitgrid.net>
 2022-11-22 08:47:01 +01:00
Côme Chilliet c79a6b3f62 Fix errors from PHP 8.2 testing 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-11-14 17:08:21 +01:00
Christoph Wurst e2d3409a34 Fix unsuccessful token login logged as error 
The condition of a non-existent login token can happen for concurrent
requests. Admins can not do anything about this. So this is to be
expected to happen occasionally. This event is only bad if none of the
requests is able to re-acquire a session. Luckily this happens rarely.

If a login loop persists an admin can still lower the log level to find
this info. But a default error log level will no longer write those
infos about the failed cookie login of one request.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2022-11-07 15:08:48 +01:00
Robin Appelman 1fbb951691 dont try email login if the provider username is not a valid email 
Signed-off-by: Robin Appelman <robin@icewind.nl>
 2022-09-14 14:04:13 +02:00
Christoph Wurst 0184fbe86b Log if cookie login failed with token mismatch or session unavailability 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2022-08-31 14:55:51 +02:00
Carl Schwan 9ec0cb0a90 Fix psalm issues related to the user backend 
- Reflect the actual return value returned by the implementation in the
  the interface. E.g. IUser|bool -> IUser|false
- Remove $hasLoggedIn parameter from private countUser implementation.
  Replace the two call with the equivalent countSeenUser
- getBackend is nuallable, add this to the interface
- Use backend interface to make psalm happy about call to undefined
  methods. Also helps with getting rid at some point of the old
  implementActions

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
 2022-05-20 17:14:58 +02:00
Côme Chilliet 6be7aa112f Migrate from ILogger to LoggerInterface in lib/private 
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
 2022-03-24 16:21:25 +01:00
Joas Schilling 86de1d569f Only setupFS when we have to copy the skeleton 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2022-02-25 15:55:06 +01:00
Marek-Wojtowicz f76a915096 Update Session.php 
The http headers according to rfc 2616 is iso-8859-1. This patch fixes the behavior when non-ascii characters are present in the header.

Signed-off-by: Marek Wójtowicz <Marek.Wojtowicz@agh.edu.pl>
 2022-01-12 23:07:28 +01:00
Joas Schilling c0ba89ecc9 Remove default token which is deprecated since Nextcloud 13 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-12-01 18:41:31 +01:00
Joas Schilling ccfaddf781 Fix missing token update 
Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-11-12 14:43:23 +01:00
Christoph Wurst a143337791 Emit an error log when the app token login name does not match 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2021-08-13 10:31:51 +02:00
John Molakvoæ (skjnldsv) 215aef3cbd Update php licenses 
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
 2021-06-04 22:02:41 +02:00
Joas Schilling 521bb30541 Throw "401 Unauthenticated" when authentication is provided but invalid 
E.g. with an AppToken that has been revoked

Signed-off-by: Joas Schilling <coding@schilljs.com>
 2021-04-22 15:28:43 +02:00
Lionel Elie Mamane f99f463834 token login: emit preLogin event with LoginName 
to bring it in line with normal (non-token) login.

Signed-off-by: Lionel Elie Mamane <lionel@mamane.lu>
 2021-02-19 22:27:46 +01:00
Christoph Wurst d89a75be0b Update all license headers for Nextcloud 21 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-12-16 18:48:22 +01:00
Morris Jobke 5cc348ae72 Fix typo 
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
 2020-12-04 12:51:45 +01:00
Roeland Jago Douma 48b4b83b5a Remember me is not an app_password 
While technically they are stored the same. This session variable is
used to indicate that a user is using an app password to authenticate.
Like from a client. Or when having it generated automatically.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-12-04 12:40:28 +01:00
Roeland Jago Douma e93823cba0 Bearer must be in the start of the auth header 
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
 2020-11-06 08:32:50 +01:00
Christoph Wurst 1f7f93a695 Update license headers for Nextcloud 20 (again) 
There are still lots of outdated headers, so time for another round of
updates.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-09-07 14:37:44 +02:00
Lionel Elie Mamane ac8b40b8b1 Return correct loginname in credentials, 
even when token is invalid or has no password.

Returning the uid as loginname is wrong, and leads to problems when
these differ. E.g. the getapppassword API was creating app token with
the uid as loginname. In a scenario with external authentication (such
as LDAP), these tokens were then invalidated next time their underlying
password was checked, and systematically ceased to function.

Co-authored-by: kesselb <mail@danielkesselberg.de>
for: switch to consistent camelCase

Signed-off-by: Lionel Elie Mamane <lionel@mamane.lu>
 2020-08-20 16:02:22 +02:00
Christoph Wurst 5b92f35fe2 Log why a token is not valid during password check 
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
 2020-05-27 09:58:44 +02:00