Commit graph

66 commits

Author SHA1 Message Date
Roeland Jago Douma
03fe2b3b81
Use a case insensitive search for email
Fixes #7084
Now entering wrongly cased email (roeland@ instead of Roeland@) for
password reset etc. Will also work.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-12-20 14:19:35 +01:00
Georg Ehrke
2db26d87c4
filter null values for UserManager::getByEmail
Signed-off-by: Georg Ehrke <developer@georgehrke.com>
2018-10-15 13:27:58 +02:00
Roeland Jago Douma
19f84f7b54
Add tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-02 19:50:54 +02:00
Roeland Jago Douma
00e99af586
Mark token as invalid if the password doesn't match
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-10-02 19:50:44 +02:00
John Molakvoæ (skjnldsv)
ad6e548411
Added case example to tests
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-05-26 12:07:49 +02:00
Roeland Jago Douma
991d9b5c3a
Fix session tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-05-15 11:32:25 +02:00
John Molakvoæ (skjnldsv)
8b9bd37e4e
Fixed tests
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2018-04-09 15:13:11 +02:00
Morris Jobke
de56915605
Merge pull request #7419 from Abijeet/feature-7175
Fixes #7175 - Allow to search for email address in user management
2018-03-06 21:53:37 +01:00
Roeland Jago Douma
8160d0bc2a
Merge pull request #8036 from nextcloud/phpunit6
Require PHPUnit 6.5 or higher
2018-01-25 14:50:46 +01:00
Joas Schilling
870023365c
Fix "Undefined method setExpectedException()"
Signed-off-by: Joas Schilling <coding@schilljs.com>
2018-01-24 18:10:16 +01:00
Roeland Jago Douma
ef127a30ec
Fix tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-23 10:35:37 +01:00
Arthur Schiwon
4f3d52a364
never translate login names when requiring with a user id
where appropriate, the preLoginNameUsedAsUserName hook should be thrown.

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-03 13:25:00 +01:00
Arthur Schiwon
2fde21e318
extend tests for status quo
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2018-01-03 13:24:56 +01:00
Robin Appelman
aad01894e3
refactor user searching
add additional user searching tests

Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-12-20 15:51:37 +01:00
Abijeet
ec28c54dbc Adds search by email function on the users screen.
Fixes #7175.

- Updated the query to fetch the users in users > everyone tab.
- Updated the query to fetch the users in users > admin tab.
- Tested to ensure that the disabled users are also being fetched.
- Added test cases.

Signed-off-by: Abijeet <abijeetpatro@gmail.com>
2017-12-16 17:18:05 +05:30
Morris Jobke
43e498844e
Use ::class in test mocks
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-10-24 17:45:32 +02:00
Lukas Reschke
ed8a98eaa1
Prevent SQL error message in case of error
`\OC\User\Database::createUser` can throw a PHP exception in case the UID is longer than
permitted in the database. This is against it's PHPDocs and we should cast this to `false`,
so that the regular error handling triggers in.

The easiest way to reproduce is on MySQL:

1. Create user `aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa` in admin panel
2. Create user `aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa` in admin panel again
3. See SQL exception as error message

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-17 12:08:40 +02:00
Roeland Jago Douma
1ea7f14f0a
Fix SessionTest
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2017-08-09 16:13:54 +02:00
Arthur Schiwon
999455c1aa
emit changeUser only if there really was a change (quota, displayname)
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-06-01 11:34:17 +02:00
Lukas Reschke
7927aed991
Adjust token name
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-05-18 20:49:11 +02:00
Arthur Schiwon
668fe7df51
UserManager can now count disabled users
Users page takes advantage of that

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2017-04-29 00:59:09 -03:00
Joas Schilling
9212089151
Use the new method in the old one to remove duplicate code
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-27 08:56:51 +02:00
Joas Schilling
ac0c21f4a7
Trigger change when a user is enabled/disabled
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-25 17:20:35 +02:00
Joas Schilling
ada615eb86
Use the correct Dummy and Backend class
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-20 12:48:51 +02:00
Joas Schilling
a3922bbcdc
Better validation of allowed user names
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-04-18 14:29:34 +02:00
Robin Appelman
baec42e80a
Save the scope of an auth token in the session
Signed-off-by: Robin Appelman <robin@icewind.nl>
2017-04-05 17:58:33 +02:00
Vincent Petry
aacfef463c
Add tests for database user backend caching
Add comment, closeCursor in user DB query

Invalidate user in cache after successful creation

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-03-20 02:03:03 -06:00
Joas Schilling
6acfea61d0
Fix tests
Signed-off-by: Joas Schilling <coding@schilljs.com>
2017-01-05 12:17:30 +01:00
Vincent Petry
91cd57e55b
Get user home folder before deletion
After the deletion getHome() will fail because the user doesn't exist
any more, so we need to fetch that value earlier.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-12-23 12:42:31 +01:00
Roeland Jago Douma
7b4265ab59
Improve OC\User\User coverage
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-12-20 11:47:08 +01:00
Roeland Jago Douma
e368a745aa
Set last-login-check on basic auth
Else the last-login-check fails hard because the session value is not
set and thus defaults to 0.

* Started with tests

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-12-05 20:57:15 +01:00
Christoph Wurst
6543182d13 fix parameter order
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-11-28 10:00:53 +01:00
Christoph Wurst
9b808c4014 do not remember session tokens by default
We have to respect the value of the remember-me checkbox. Due to an error
in the source code the default value for the session token was to remember
it.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-11-27 14:03:28 +01:00
Lukas Reschke
9d6e01ef40
Add missing tests and fix PHPDoc
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2016-11-02 13:39:17 +01:00
Christoph Wurst
6f86e468d4
inject ISecureRandom into user session and use injected config too
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-11-02 13:39:16 +01:00
Christoph Wurst
d907666232
bring back remember-me
* try to reuse the old session token for remember me login
* decrypt/encrypt token password and set the session id accordingly
* create remember-me cookies only if checkbox is checked and 2fa solved
* adjust db token cleanup to store remembered tokens longer
* adjust unit tests

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2016-11-02 13:39:16 +01:00
Roeland Jago Douma
f722640a32
Proper DI of config
* Fixed comments

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-28 10:13:35 +02:00
Jörn Friedrich Dreyer
f8352fcb8d
introduce callForSeenUsers and countSeenUsers (#26361)
* introduce callForSeenUsers and countSeenUsers

* add tests

* oracle should support not null on clob

* since 9.2.0
2016-10-28 08:44:05 +02:00
Roeland Jago Douma
593d52fe91
Fix and cleanup SessionTest
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2016-10-25 09:34:27 +02:00
Vincent Petry
6d1e858aa4
Fix logClientIn for non-existing users (#26292)
The check for two factor enforcement would return true for non-existing
users. This fix makes it return false in order to be able to perform
the regular login which will then fail and return false.

This prevents throwing PasswordLoginForbidden for non-existing users.
2016-10-25 09:34:27 +02:00
Robin Appelman
90db361827
Add test to ensure token times are updated
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-10-11 11:06:24 +02:00
Robin Appelman
25ed6714c7
dont update the auth token twice
Signed-off-by: Robin Appelman <robin@icewind.nl>
2016-10-11 11:05:25 +02:00
Joas Schilling
4d1acfd4ef
Only trigger postDelete hooks when the user was deleted...
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-09-29 15:40:53 +02:00
Joas Schilling
f6ff60f4cb
Make sure that comments, notifications and preferences are deleted
Signed-off-by: Joas Schilling <coding@schilljs.com>
2016-09-29 15:40:53 +02:00
Roeland Jago Douma
d616984879
Fix getMock User 2016-09-13 09:09:53 +02:00
Robin Appelman
6c93fe08f5 dont get bruteforce delay twice 2016-08-29 13:36:49 +02:00
Lukas Reschke
c1589f163c
Mitigate race condition 2016-07-20 23:09:27 +02:00
Lukas Reschke
ba4f12baa0
Implement brute force protection
Class Throttler implements the bruteforce protection for security actions in
Nextcloud.

It is working by logging invalid login attempts to the database and slowing
down all login attempts from the same subnet. The max delay is 30 seconds and
the starting delay are 200 milliseconds. (after the first failed login)
2016-07-20 22:08:56 +02:00
Roeland Jago Douma
f2d091a963
Fix failing tests after db split 2016-07-13 09:26:19 +02:00
Lukas Reschke
179a355b2c Merge remote-tracking branch 'upstream/master' into master-sync-upstream 2016-07-01 11:36:35 +02:00