Commit graph

72 commits

Author SHA1 Message Date
Daniel Kesselberg
90a9a1ecc6
Consider openssl settings from config.php
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2018-09-16 11:51:15 +02:00
Roeland Jago Douma
47b46fa69d
Expire tokens hardening
Just to be sure that the field is also not 0

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-09-07 10:01:31 +02:00
Roeland Jago Douma
82959ca93e
Comments
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-19 07:46:43 +02:00
Roeland Jago Douma
970dea9264
Add getProvider helper function
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-18 22:11:55 +02:00
Roeland Jago Douma
df34571d1d
Use constant for token version
And don't set the version in the constructor. That would possible cause
to many updates.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-18 22:11:55 +02:00
Roeland Jago Douma
9e7a95fe58
Add more tests
* Add a lot of tests
* Fixes related to those tests
* Fix tests

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-18 22:11:55 +02:00
Roeland Jago Douma
1999f7ce7b
Generate the new publicKey tokens by default!
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-18 22:11:55 +02:00
Roeland Jago Douma
f168ecfa7a
Actually convert the token
* When getting the token
* When rotating the token

* Also store the encrypted password as base64 to avoid weird binary
stuff

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-18 22:11:55 +02:00
Roeland Jago Douma
d03d16a936
Add publickey provider to manager
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-18 22:11:55 +02:00
Roeland Jago Douma
4bbc21cb21
SetPassword on PublicKeyTokens
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-18 22:11:55 +02:00
Roeland Jago Douma
4c0d710479
Just pass uid to the Token stuff
We don't have user objects in the code everywhere

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-18 22:11:54 +02:00
Roeland Jago Douma
1f17010e0b
Add first tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-18 22:11:54 +02:00
Roeland Jago Douma
02e0af1287
Initial PKT implementation
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-18 22:11:54 +02:00
Roeland Jago Douma
3dd5f3d5f6
Abstract the Provider via a manager
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-18 22:11:53 +02:00
Roeland Jago Douma
480864b3e3
Make the token expiration also work for autocasting 0
Some bad databases don't respect the default null apprently.
Now even if they cast it to 0 it should work just fine.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-06-08 16:20:43 +02:00
Roeland Jago Douma
6b7cf46727
Certain tokens can expire
However due to the nature of what we store in the token (encrypted
passwords etc). We can't just delete the tokens because that would make
the oauth refresh useless.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-17 16:10:19 +02:00
Roeland Jago Douma
aba255997a
Allow the rotation of tokens
This for example will allow rotating the apptoken for oauth

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-16 19:27:19 +02:00
Roeland Jago Douma
4ea2daf04d
Refix scope
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-15 11:41:27 +02:00
Roeland Jago Douma
466297829e
Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-15 10:56:40 +02:00
Roeland Jago Douma
47388e1cfe
Make the Token Auth code strict
In preparation for #9441

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-15 10:32:30 +02:00
Roeland Jago Douma
610c66520b
Move over TokenMapper
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-10 19:47:43 +02:00
Morris Jobke
eb51f06a3b
Use ::class statement instead of string
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2018-01-29 12:03:47 +01:00
Flávio Gomes da Silva Lisboa
5ca9a7d6bc
Loss of performance on Login after upgrade from NC10 + LDAP to NC 12 + LDAP #6732
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-11-27 09:22:44 +01:00
Morris Jobke
0eebff152a
Update license headers
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 16:56:19 +01:00
Christoph Wurst
38bb6e1477
Fix duplicate session token after remembered login
On a remembered login session, we create a new session token
in the database with the values of the old one. As we actually
don't need the old session token anymore, we can delete it right
away.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-09-20 21:39:31 +02:00
Joas Schilling
fc22a2cb07
Fix auth provider
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-02 09:48:16 +02:00
Joas Schilling
a76d4ef04e
Fix clob comparison
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-08-02 09:48:15 +02:00
Roeland Jago Douma
5f227bd93b
More phpstorm inspection fixes
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-07-24 11:39:29 +02:00
Marcel Waldvogel
4e42f059ed Minor typos
Signed-off-by: Marcel Waldvogel <marcel.waldvogel@uni-konstanz.de>
2017-07-21 09:50:44 +02:00
Lukas Reschke
77827ebf11
Rename table back to lowercase
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 20:49:09 +02:00
Bjoern Schiessle
1eb7f4956b
delete auth token when client gets deleted
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
2017-05-18 20:49:07 +02:00
Martin
53b8330e6d
Defining App "cron" for "Invalidating tokens older than" message #27167 (#27201)
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-19 22:51:47 -06:00
Christoph Wurst
2183a1f3e6 copy remember-me value when renewing a session token
On renew, a session token is duplicated. For some reason we did
not copy over the remember-me attribute value. Hence, the new token
was deleted too early in the background job and remember-me did
not work properly.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-11-27 14:19:57 +01:00
Robin Appelman
73dfe1835a
use lower loglevel for token cleanup messages
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-17 10:42:12 +01:00
Robin Appelman
e77432783b
Add test for setting up fake fs
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 15:24:32 +01:00
Roeland Jago Douma
e5bc80b31d
Adds TokenProvider and Mapper tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-11-16 15:24:31 +01:00
Robin Appelman
4c3d18a9fc
explicit types
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 15:24:29 +01:00
Robin Appelman
a4ea20a259
cast to int
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 15:24:29 +01:00
Robin Appelman
c5df58ec69
phpdoc
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-11-16 15:24:28 +01:00
Robin Appelman
7e9e5db496
fix setscope
Signed-off-by: Robin Appelman <icewind@owncloud.com>
2016-11-16 15:24:28 +01:00
Robin Appelman
1afccde16a
allow configuring filesystem access
Signed-off-by: Robin Appelman <icewind@owncloud.com>
2016-11-16 15:24:27 +01:00
Robin Appelman
b4e27d35f5
app password scope wip
Signed-off-by: Robin Appelman <icewind@owncloud.com>
2016-11-16 15:24:27 +01:00
Robin Appelman
2389e0f250
read lockdown scope from token
Signed-off-by: Robin Appelman <icewind@owncloud.com>
2016-11-16 15:24:27 +01:00
Christoph Wurst
4da6b20e76 document what the method does
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-11-02 17:42:46 +01:00
Lukas Reschke
9d6e01ef40
Add missing tests and fix PHPDoc
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-02 13:39:17 +01:00
Christoph Wurst
d907666232
bring back remember-me
* try to reuse the old session token for remember me login
* decrypt/encrypt token password and set the session id accordingly
* create remember-me cookies only if checkbox is checked and 2fa solved
* adjust db token cleanup to store remembered tokens longer
* adjust unit tests

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-11-02 13:39:16 +01:00
Christoph Wurst
e90f00791d add invalidateOldTokens to IProvider interface 2016-08-02 12:08:13 +02:00
Joas Schilling
ba87db3fcc
Fix others 2016-07-21 18:13:57 +02:00
Vincent Petry
3db5de95bd Merge pull request #25172 from owncloud/token-login-validation
Token login validation
2016-06-22 13:58:56 +02:00
Christoph Wurst
b805908dca
update session token password on user password change 2016-06-21 10:24:25 +02:00