Commit graph

24 commits

Author SHA1 Message Date
Vincent Petry
3db5de95bd Merge pull request #25172 from owncloud/token-login-validation
Token login validation
2016-06-22 13:58:56 +02:00
Christoph Wurst
b805908dca
update session token password on user password change 2016-06-21 10:24:25 +02:00
Christoph Wurst
b0f2878f6e
close cursor after loading a token 2016-06-17 16:13:28 +02:00
Christoph Wurst
0c0a216f42
store last check timestamp in token instead of session 2016-06-17 15:42:28 +02:00
Christoph Wurst
c4149c59c2
use token last_activity instead of session value 2016-06-17 15:42:28 +02:00
Christoph Wurst
8f7a4aaa4d
do not generate device token if 2FA is enable for user 2016-06-07 09:09:51 +02:00
Christoph Wurst
c58d8159d7
Create session tokens for apache auth users 2016-05-31 17:07:49 +02:00
Lukas Reschke
aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Christoph Wurst
ad10485cec
when generating browser/device token, save the login name for later password checks 2016-05-24 11:49:15 +02:00
Christoph Wurst
74277c25be
add button to invalidate browser sessions/device tokens 2016-05-23 09:11:12 +02:00
Christoph Wurst
6495534bcd
add button to add new device tokens 2016-05-23 09:11:12 +02:00
Christoph Wurst
12431aa399
list user's auth tokens on the personal settings page 2016-05-23 09:11:12 +02:00
Christoph Wurst
0626578739
add method to query all user auth tokens 2016-05-18 18:25:37 +02:00
Christoph Wurst
98b465a8b9
a single token provider suffices 2016-05-18 09:20:48 +02:00
Christoph Wurst
ed01305e29
don't spam the log file with failed token validation entries 2016-05-13 09:53:50 +02:00
Christoph Wurst
69dafd727d
delete the token in case an exception is thrown when decrypting the password 2016-05-11 13:36:46 +02:00
Christoph Wurst
af707fba41
use the query builder instead of raw sql statements 2016-05-11 13:36:46 +02:00
Christoph Wurst
46bdf6ea2b
fix PHPDoc and other minor issues 2016-05-11 13:36:46 +02:00
Christoph Wurst
f0f8bdd495
PHPDoc and other minor fixes 2016-05-11 13:36:46 +02:00
Christoph Wurst
fdc2cd7554
Add token auth for OCS APIs 2016-05-11 13:36:46 +02:00
Christoph Wurst
8d48502187
Add index on 'last_activity'
add token type column and delete only temporary tokens in the background job

debounce token updates; fix wrong class import
2016-05-11 13:36:46 +02:00
Christoph Wurst
3ab922601a
Check if session token is valid and log user out if the check fails
* Update last_activity timestamp of the session token
* Check user backend credentials once in 5 minutes
2016-05-11 13:36:46 +02:00
Christoph Wurst
2fa5e0a24e
invalidate (delete) session token on logout
add 'last_activity' column to session tokens and delete old ones via a background job
2016-05-11 13:36:46 +02:00
Christoph Wurst
d8cde414bd
token based auth
* Add InvalidTokenException
* add DefaultTokenMapper and use it to check if a auth token exists
* create new token for the browser session if none exists
hash stored token; save user agent
* encrypt login password when creating the token
2016-05-11 13:36:46 +02:00