Commit graph

17 commits

Author SHA1 Message Date
Roeland Jago Douma
24b12385d0
Strict 2FA
* make OCP\Authentication\TwoFactorAuth strict
* scalar types
* return types

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-03-26 11:31:02 +02:00
Roeland Jago Douma
eddd135f14
Dispatch event on twofactor failure and success
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2018-01-25 13:25:09 +01:00
Morris Jobke
0eebff152a
Update license headers
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-11-06 16:56:19 +01:00
Morris Jobke
0b652648cc Merge pull request #6177 from nextcloud/properly-add-slo-url
Properly allow \OCP\Authentication\IApacheBackend to specify logout URL
2017-08-26 18:50:52 +02:00
Christoph Wurst
6676232a56
Allow 2FA providers to specify their custom CSP
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-08-26 13:48:08 +02:00
Lukas Reschke
a04feff9a7
Properly allow \OCP\Authentication\IApacheBackend to specify logout URL
Any `\OCP\Authentication\IApacheBackend` previously had to implement `getLogoutAttribute` which returns a string.
This string is directly injected into the logout `<a>` tag, so returning something like `href="foo"` would result
in `<a href="foo">`.

This is rather error prone and also in Nextcloud 12 broken as the logout entry has been moved with
054e161eb5 inside the navigation manager where one cannot simply inject attributes.

Thus this feature is broken in Nextcloud 12 which effectively leads to the bug described at nextcloud/user_saml#112,
people cannot logout anymore when using SAML using SLO. Basically in case of SAML you have a SLO url which redirects
you to the IdP and properly logs you out there as well.

Instead of monkey patching the Navigation manager I decided to instead change `\OCP\Authentication\IApacheBackend` to
use `\OCP\Authentication\IApacheBackend::getLogoutUrl` instead where it can return a string with the appropriate logout
URL. Since this functionality is only prominently used in the SAML plugin. Any custom app would need a small change but
I'm not aware of any and there's simply no way to fix this properly otherwise.

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-08-18 12:22:44 +02:00
Morris Jobke
6bc2be991e Thows exception if password not available
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2017-05-12 12:53:29 -05:00
Christoph Wurst
3316a9d294
fix @since annotations (9.1->12)
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-01-11 19:20:11 +01:00
Christoph Wurst
730442cd8f
add @since annotations and document methods
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-01-11 19:20:10 +01:00
Christoph Wurst
a6dca9e7a0
add login credential store
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-01-11 19:20:09 +01:00
Christoph Wurst
243c9c0941
fix coding style and increase code coverage
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2017-01-11 11:01:54 +01:00
Cornelius Kölbel
ee8c617a6d
Update TwoFactorException.php
Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-01-11 11:01:54 +01:00
Cornelius Kölbel
e077e01bf2
Add a TwoFactorException
A Two Factor third party App may throw a TwoFactorException()
with a more detailed error message in case the authentication fails.
The 2FA Controller will then display the message of this Exception
to the user.

Working on #26593

Signed-off-by: Lukas Reschke <lukas@statuscode.ch>
2017-01-11 11:01:52 +01:00
Joas Schilling
ba87db3fcc
Fix others 2016-07-21 18:13:57 +02:00
Lukas Reschke
aba539703c
Update license headers 2016-05-26 19:57:24 +02:00
Christoph Wurst
dfb4d426c2
Add two factor auth to core 2016-05-23 11:21:10 +02:00
Roeland Douma
499f0e487d Move \OCP\Authentication to PSR-4 (#24632) 2016-05-17 10:29:23 +02:00