0
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2025-03-16 01:05:24 +00:00
Commit graph

434 commits

Author SHA1 Message Date
Christoph Wurst
14719110b9 chore: Replace \OC::$server->query with \OCP\Server::get in /lib
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-07-06 15:21:22 +02:00
Côme Chilliet
b2f01b72fe
Merge pull request from nextcloud/feat/add-enabled-user-backend
Add IProvideEnabledStateBackend interface
2023-07-03 10:19:32 +02:00
Côme Chilliet
1603cdc8d2
Fix since annotations and add boolean return type for setUserEnabled
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-06-20 15:10:39 +02:00
Robin Appelman
9f1d497a0b
Merge pull request from fsamapoor/replace_strpos_calls_in_lib_private
Refactors "strpos" calls in  lib/private to improve code readability.
2023-06-01 23:10:00 +02:00
Joas Schilling
ef93bb926c
fix(dav): Fix avatar size in system address book
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-05-26 10:03:58 +02:00
Côme Chilliet
285c42ab14
Fix user tests, avoid setting enabled state to the same value
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-05-23 17:18:19 +02:00
Côme Chilliet
3af1ab2b2a
Add user enabled state backend feature
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-05-23 11:25:03 +02:00
Faraz Samapoor
e7cc7653b8 Refactors "strpos" calls in lib/private to improve code readability.
Signed-off-by: Faraz Samapoor <fsamapoor@gmail.com>
2023-05-15 15:17:19 +03:30
Christoph Wurst
1381c4c157
feat(users): Store and load a user's manager
Co-Authored-By: hamza221 <hamzamahjoubi221@gmail.com>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2023-05-12 13:56:48 +02:00
Christopher Ng
4ecae83385 fix(user): Can change display name
Signed-off-by: Christopher Ng <chrng8@gmail.com>
2023-05-04 11:14:49 -07:00
Joas Schilling
b91957e3df
fix(dav): Abort requests with 429 instead of waiting
Signed-off-by: Joas Schilling <coding@schilljs.com>
2023-05-03 22:43:36 +02:00
Côme Chilliet
346344c153
Update version number in since and deprecated annotations
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-04-27 12:04:32 +02:00
Côme Chilliet
3c2b126eba
Make code clearer and bump @ deprecated annotations
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-04-27 12:00:07 +02:00
Carl Schwan
a4c599c1c9
Split new method in a new group backend interface
Better for backward compatibility, also move new interfaces to nc 26

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2023-04-27 12:00:01 +02:00
Carl Schwan
35dc223500
Optimize retrieving display name when searching for users in a group
This is recurrent scenario that we are searching for users and then for
each users we fetch the displayName. This is inefficient, so instead try
to do one query to fetch everything (e.g. Database backend) or use the
already existing DisplayNameCache helper.

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2023-04-27 11:57:45 +02:00
Côme Chilliet
426c0341ff
Use typed version of IConfig::getSystemValue as much as possible
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-04-05 12:50:08 +02:00
Julius Härtl
c7c1133c15
Merge pull request from nextcloud/create-user-transaction 2023-03-15 15:13:50 +01:00
Arthur Schiwon
a30d7c51d3
Merge pull request from nextcloud/h1-dav-brute-force-protection
chore: use local variable for remote address
2023-03-15 15:11:53 +01:00
Thomas Citharel
f7e65b1751 Create the database user in a transaction
In OC\User\Manager::createUserFromBackend the newly created user is read
using getUserObject($uid, $backend) but that can cause causal read
issues (wrote in DB primary, not yet in secondary).

In OC\User\Database user backend the user cache is unset after the
insert, so it can't be used by getRealUID() (which is called by
getUserObject()).

To avoid that we make sure the user cache is repopulated in a
transaction.

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2023-03-15 11:07:07 +00:00
Daniel Kesselberg
f751d2d891
chore: use local variable for remote address
Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
2023-03-10 18:04:34 +01:00
Julius Härtl
3287eddbbc fix: Recalculate storage statistics on updating the quota
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2023-03-06 22:46:07 +00:00
Robin Appelman
853ec60f3e also cache backend for user in memory instead of always going to redis
Signed-off-by: Robin Appelman <robin@icewind.nl>
2023-02-10 12:25:23 +01:00
Côme Chilliet
5aed587e25
Fix setQuota on User on 32bits
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-02-07 11:23:30 +01:00
Côme Chilliet
f5c361cf44
composer run cs:fix
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2023-01-20 11:45:08 +01:00
Simon L
7271ec7acf spaces are allowed in userids
Signed-off-by: Simon L <szaimen@e.mail.de>
2023-01-10 13:25:27 +01:00
Côme Chilliet
f6ff717b56
Merge pull request from nextcloud/fix/clean-ldap-access-factory-usage
Make sure to use AccessFactory to create Access instances and use DI
2022-12-20 16:48:07 +01:00
Joas Schilling
256fbe9d77
Validate if the user part of a "cloud id" can even be a valid user id
Signed-off-by: Joas Schilling <coding@schilljs.com>
2022-12-09 22:40:46 +01:00
Roeland Jago Douma
77df92cabf
feat: add event for failed logins
Apps might also like to know about failed logins.
This adds that event.
The private interface changes are backwards compatible so all should be fine.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2022-11-24 21:24:21 +01:00
Julius Härtl
de3099b4d6
Remove potential mismatching dav session data during login
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2022-11-22 08:47:01 +01:00
Côme Chilliet
341dda1de6
Merge branch 'master' into fix/clean-ldap-access-factory-usage
Signed-off-by: Côme Chilliet <91878298+come-nc@users.noreply.github.com>
2022-11-21 16:05:17 +01:00
Côme Chilliet
c79a6b3f62
Fix errors from PHP 8.2 testing
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2022-11-14 17:08:21 +01:00
Christoph Wurst
e2d3409a34
Fix unsuccessful token login logged as error
The condition of a non-existent login token can happen for concurrent
requests. Admins can not do anything about this. So this is to be
expected to happen occasionally. This event is only bad if none of the
requests is able to re-acquire a session. Luckily this happens rarely.

If a login loop persists an admin can still lower the log level to find
this info. But a default error log level will no longer write those
infos about the failed cookie login of one request.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2022-11-07 15:08:48 +01:00
Côme Chilliet
556e3c84e6
Fix return type for countUsers method
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2022-10-25 10:20:09 +02:00
Arthur Schiwon
8e8acf2d90
LDAP to no register new users when outside of fair use or over limits
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2022-10-18 12:57:43 +02:00
Joas Schilling
144514e49e
Fix avatar cleanup on user delete
Signed-off-by: Joas Schilling <coding@schilljs.com>
2022-09-19 21:36:50 +02:00
Vincent Petry
25888a3d42
Merge pull request from nextcloud/login-email-filter
dont try email login if the provider username is not a valid email
2022-09-16 14:54:24 +02:00
Maxence Lange
381eb046b5
Merge pull request from nextcloud/fix/noid/rtrim-cloud-id
rtrim cloudId url earlier
2022-09-15 10:46:39 -01:00
Robin Appelman
1fbb951691
dont try email login if the provider username is not a valid email
Signed-off-by: Robin Appelman <robin@icewind.nl>
2022-09-14 14:04:13 +02:00
Louis Chemineau
6c11944679 I dug into it again, and the issue is much simpler than I previously though.
- LDAP has an email address with capital letters
- NC store this address in lower case
- When the user logs in, we compare the [stored email with the new lower case email](https://github.com/nextcloud/server/blob/master/lib/private/AllConfig.php#L259-L261) before storing it. Here, both email will be the same, so we won't store the new email address with upper case letters. Which is what we want.
- We then [compare emails as they are before triggering an event](https://github.com/nextcloud/server/blob/master/lib/private/User/User.php#L202-L204), they won't match, so the user will receive an email signaling an email change every time he logs in.

The fix is to compare the old email with the new lower case email before sending the event.

Signed-off-by: Louis Chemineau <louis@chmn.me>
2022-09-06 13:18:07 +00:00
Vincent Petry
253c0641b1
Merge pull request from nextcloud/fix/33572/add-user
Fix creation of new user and display the correct error message
2022-09-01 17:07:13 +02:00
Maxence Lange
c37bad1ce4 rtrim url earlier
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2022-09-01 11:32:14 -01:00
blizzz
2020c15303
Merge pull request from nextcloud/enh/noid/cloud-id-cli
filter index.php from cloudId
2022-09-01 13:35:50 +02:00
Maxence Lange
c4bdc1cfbc filter index.php from cloudId
Signed-off-by: Maxence Lange <maxence@artificial-owl.com>
2022-08-31 18:33:09 -01:00
Christoph Wurst
0184fbe86b
Log if cookie login failed with token mismatch or session unavailability
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2022-08-31 14:55:51 +02:00
Christopher Ng
d59585974e Fix creation of new user and display the correct error message
Signed-off-by: Christopher Ng <chrng8@gmail.com>
2022-08-22 19:13:11 +00:00
Carl Schwan
8004aa7721
Make DisplayNameCache return null if user doesn't exists
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2022-08-16 14:10:05 +02:00
Carl Schwan
51b9847fad
Merge branch 'master' into display-name-cache-public
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2022-08-15 15:28:30 +02:00
Robin Appelman
9e34a21129
only update last login timestamp with minute percision
Signed-off-by: Robin Appelman <robin@icewind.nl>
2022-07-20 16:43:42 +02:00
Carl Schwan
d5c23dbb9f Move CappedMemoryCache to OCP
This is an helpful helper that should be used in more place than just
server and this is already the case with groupfodlers, deck, user_oidc
and more using it, so let's make it public

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2022-07-14 15:54:31 +02:00
Carl Schwan
16b5e6bc7f
Merge pull request from nextcloud/cleanup/avatar-code
Cleanup avatar related code
2022-07-11 11:56:39 +02:00
Carl Schwan
ec5cbdeb7f Make Color class public
Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2022-07-05 14:44:44 +02:00
Christopher Ng
c0868f93f1 Do not save invalid display name to the database
Signed-off-by: Christopher Ng <chrng8@gmail.com>
2022-06-28 18:03:15 +00:00
Carl Schwan
812016d626 Cleanup avatar related code
- Move event listener to new event handling
- Add typing almost everywhere
- Fix inconsistent interface parameter

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2022-06-22 16:11:42 +02:00
Joas Schilling
6e3d668436
Keep non default protocol in cloud id
When there is no protocol on the cloud id, we assume it's https://
But this means that when an http:// server currently sends an OCM
invite to another server, the protocol is striped and the remote
instance will try to talk back to https:// which might not be available.

Signed-off-by: Joas Schilling <coding@schilljs.com>
2022-06-09 15:23:05 +02:00
Carl Schwan
9ec0cb0a90 Fix psalm issues related to the user backend
- Reflect the actual return value returned by the implementation in the
  the interface. E.g. IUser|bool -> IUser|false
- Remove $hasLoggedIn parameter from private countUser implementation.
  Replace the two call with the equivalent countSeenUser
- getBackend is nuallable, add this to the interface
- Use backend interface to make psalm happy about call to undefined
  methods. Also helps with getting rid at some point of the old
  implementActions

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2022-05-20 17:14:58 +02:00
Robin Appelman
6d6662ec68
expose displayname cache trough a public interface
Signed-off-by: Robin Appelman <robin@icewind.nl>
2022-05-18 03:47:34 +02:00
Louis Chemineau
8a2cf5bb68 Do not dispatch postSetPassword when setPassword fails
Also Improve error message when setPassword fails

Signed-off-by: Louis Chemineau <louis@chmn.me>
2022-05-05 17:21:23 +02:00
Vincent Petry
ff385dc679
Merge pull request from nextcloud/directory-content-lazy-owner
use a lazy user for the file owner when listing a directory
2022-04-25 11:44:44 +02:00
Robin Appelman
7a6c724a81 Use a lazy user for the file owner when listing a directory
Only getUID and getDisplayName are called on the file owner objects anyway
and we can get this information often without DB request

Signed-off-by: Robin Appelman <robin@icewind.nl>
2022-04-22 17:02:37 +02:00
Robin Appelman
674c0bec2c
cache display names in local memory before external memcache
Signed-off-by: Robin Appelman <robin@icewind.nl>
2022-04-22 13:02:30 +02:00
Carl Schwan
ed4c1e584f Update cache when display name change
This improve the correctness of the data

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2022-04-22 10:29:18 +02:00
Carl Schwan
4333c215cb Cache display name
This should saves some query in the share backend when displaying the
owner and it's not important if the display name is 10 minutes outdated
as it is very rare that this gets changed.

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
2022-04-22 10:22:15 +02:00
Côme Chilliet
6be7aa112f
Migrate from ILogger to LoggerInterface in lib/private
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2022-03-24 16:21:25 +01:00
Joas Schilling
18bafefb00
Merge pull request from nextcloud/techdebt/noid/use-cache-also-for-userbackend-getpassword
Use the cache also for UserBackend::getPassword
2022-03-02 11:41:32 +01:00
Joas Schilling
b90e657ac7
Delay loading user preferences until we need them
Signed-off-by: Joas Schilling <coding@schilljs.com>
2022-02-28 13:49:12 +01:00
Joas Schilling
86de1d569f
Only setupFS when we have to copy the skeleton
Signed-off-by: Joas Schilling <coding@schilljs.com>
2022-02-25 15:55:06 +01:00
Joas Schilling
25caf4a42c
Update cache when setting the password
Signed-off-by: Joas Schilling <coding@schilljs.com>
2022-02-18 09:47:18 +01:00
Joas Schilling
23ef02fbe2
Use the cache also for UserBackend::getPassword
Signed-off-by: Joas Schilling <coding@schilljs.com>
2022-02-16 18:00:47 +01:00
Marek-Wojtowicz
f76a915096 Update Session.php
The http headers according to rfc 2616 is iso-8859-1. This patch fixes the behavior when non-ascii characters are present in the header.

Signed-off-by: Marek Wójtowicz <Marek.Wojtowicz@agh.edu.pl>
2022-01-12 23:07:28 +01:00
Joas Schilling
78e90b69ba
Don't check the configvalue for lastLogin which is never null
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-12-10 16:26:13 +01:00
Joas Schilling
c0ba89ecc9
Remove default token which is deprecated since Nextcloud 13
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-12-01 18:41:31 +01:00
Côme Chilliet
008b79d808
Fix type errors
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
2021-11-23 09:28:58 +01:00
Joas Schilling
ccfaddf781
Fix missing token update
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-11-12 14:43:23 +01:00
Joas Schilling
b578a1e8b5
Fair use of push notifications
We want to keep offering our push notification service for free, but large
users overload our infrastructure. For this reason we have to rate-limit the
use of push notifications. If you need this feature, consider setting up your
own push server or using Nextcloud Enterprise.

Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-10-23 00:54:50 +02:00
Joas Schilling
1b8ebf2cf1
Use cached user backend info for password login
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-09-14 08:40:19 +02:00
Arthur Schiwon
4461b9e870
enable the user to set a primary (notification) email address (backend)
- specific getters and setters on IUser and implementation
- new notify_email field in provisioning API

Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2021-09-09 19:23:04 +02:00
Julius Härtl
95987d903d
Merge pull request from nextcloud/fix/hash-key
Hash cache key
2021-08-18 15:18:58 +02:00
Christopher Ng
60ecc432a4 Hash cache key
Signed-off-by: Christopher Ng <chrng8@gmail.com>
2021-08-17 21:55:01 +00:00
Christoph Wurst
a143337791
Emit an error log when the app token login name does not match
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2021-08-13 10:31:51 +02:00
Julien Veyssier
416d10f76c refs add app config to disable unlimited quota and to set max quota
avoid unlimited quota as default_quota fallback value if unlimited quota is not allowed
avoid getting/setting/displaying unlimited default quota if not allowed
implement tests for unlimited quota restrictions

Signed-off-by: Julien Veyssier <eneiluj@posteo.net>
Signed-off-by: npmbuildbot-nextcloud[bot] <npmbuildbot-nextcloud[bot]@users.noreply.github.com>
2021-07-29 19:31:36 +00:00
Julius Härtl
f43c2b45d8
Directly return cloud id from user
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2021-07-14 09:52:15 +02:00
Gary Kim
b78f3a57d1
Migrate HintException to OCP
Signed-off-by: Gary Kim <gary@garykim.dev>
2021-06-30 15:28:02 -04:00
John Molakvoæ (skjnldsv)
215aef3cbd
Update php licenses
Signed-off-by: John Molakvoæ (skjnldsv) <skjnldsv@protonmail.com>
2021-06-04 22:02:41 +02:00
John Molakvoæ
d0cf20cc51
Merge pull request from nextcloud/user-delete-cleanup-files
better cleanup of user files on user deletion
2021-06-02 17:02:00 +02:00
Robin Appelman
ed2d02d5f1
better cleanup of user files on user deletion
Signed-off-by: Robin Appelman <robin@icewind.nl>
2021-04-27 20:29:51 +02:00
Joas Schilling
521bb30541
Throw "401 Unauthenticated" when authentication is provided but invalid
E.g. with an AppToken that has been revoked

Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-04-22 15:28:43 +02:00
Joas Schilling
0d46fafd41
Merge pull request from nextcloud/bugfix/noid/improve-matching-of-phonebook-searches
Improve search results when only phonebook-matches can we autocompleted
2021-03-17 15:22:03 +01:00
Joas Schilling
3379e69ecc
Fix parameter types in docs
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-03-17 09:51:31 +01:00
Joas Schilling
9a189bc710
Improve search results when only phonebook-matches can we autocompleted
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-03-17 09:51:31 +01:00
Robin Appelman
dd477d30f9
dont allow creating users with __groupfolders as uid
Fixes https://github.com/nextcloud/groupfolders/issues/338

Signed-off-by: Robin Appelman <robin@icewind.nl>
2021-03-16 19:03:10 +01:00
Roeland Jago Douma
618805b14f Fix RedundantPropertyInitializationCheck
For 

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2021-03-09 09:49:45 +01:00
Lionel Elie Mamane
f99f463834 token login: emit preLogin event with LoginName
to bring it in line with normal (non-token) login.

Signed-off-by: Lionel Elie Mamane <lionel@mamane.lu>
2021-02-19 22:27:46 +01:00
Joas Schilling
645f83121e
Cache the user backend info for 300s
Signed-off-by: Joas Schilling <coding@schilljs.com>
2021-02-15 10:36:08 +01:00
Christoph Wurst
81302f78e5
Merge pull request from nextcloud/dependabot/composer/doctrine/dbal-3.0.0
Bump doctrine/dbal from 2.12.0 to 3.0.0
2021-01-08 14:58:43 +01:00
Christoph Wurst
8b64e92b92
Bump doctrine/dbal from 2.12.0 to 3.0.0
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2021-01-08 11:45:19 +01:00
Robin Appelman
c374bbf14d
allow authenticating using urlencoded passwords
this allows authenticating with passwords that contain non ascii-characters in contexts that otherwise do not allow it (http basic)

Signed-off-by: Robin Appelman <robin@icewind.nl>
2021-01-07 10:43:43 +01:00
Christoph Wurst
d89a75be0b
Update all license headers for Nextcloud 21
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-12-16 18:48:22 +01:00
Morris Jobke
5cc348ae72
Fix typo
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-12-04 12:51:45 +01:00
Roeland Jago Douma
48b4b83b5a
Remember me is not an app_password
While technically they are stored the same. This session variable is
used to indicate that a user is using an app password to authenticate.
Like from a client. Or when having it generated automatically.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-12-04 12:40:28 +01:00
Morris Jobke
d87705a894
Allow subscription to indicate that a userlimit is reached
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-12-02 15:20:03 +01:00
Morris Jobke
9bf76d2bad
Streamline user creation and deletion events
CreateUserEvent was the only one that didn't matched the naming scheme of BeforePASTTENSEEvent and PASTTENSEEvent. The event wasn't used at all so this just removes it again as there is BeforeUserCreatedEvent that is also available since 18.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-23 23:59:52 +01:00
Roeland Jago Douma
e93823cba0
Bearer must be in the start of the auth header
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-11-06 08:32:50 +01:00
Morris Jobke
fd3d7c394a
Deprecate old user manager events for user creation
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-11-04 21:19:16 +01:00
Christoph Wurst
7e72866811
Type the \OCP\IUserManager::callForSeenUsers closure with Psalm
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-10-28 19:21:00 +01:00
Christoph Wurst
d9015a8c94
Format code to a single space around binary operators
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-10-05 20:25:24 +02:00
Robin Appelman
674db6da88
add event to allow apps to overwrite user quota
Signed-off-by: Robin Appelman <robin@icewind.nl>
2020-09-17 16:32:48 +02:00
Christoph Wurst
1f7f93a695
Update license headers for Nextcloud 20 (again)
There are still lots of outdated headers, so time for another round of
updates.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-09-07 14:37:44 +02:00
Lionel Elie Mamane
ac8b40b8b1
Return correct loginname in credentials,
even when token is invalid or has no password.

Returning the uid as loginname is wrong, and leads to problems when
these differ. E.g. the getapppassword API was creating app token with
the uid as loginname. In a scenario with external authentication (such
as LDAP), these tokens were then invalidated next time their underlying
password was checked, and systematically ceased to function.

Co-authored-by: kesselb <mail@danielkesselberg.de>
for: switch to consistent camelCase

Signed-off-by: Lionel Elie Mamane <lionel@mamane.lu>
2020-08-20 16:02:22 +02:00
Morris Jobke
fedf9c69d9
Use matching parameter names form interfaces and implementations
Found by Psalm 3.14.1

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-08-19 18:16:35 +02:00
Morris Jobke
4a7d7e446f
User.php: rename of old dispatcher to legacyDispatcher
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-07-30 10:21:08 +02:00
Morris Jobke
36ee37ec0a
Migrate OC_Group post_removeFromGroup hook to actual event object
Ref 

This adds a BeforeUserRemovedEvent to the LDAP backend because it was missing. It's not really before, but we don't have the before state.

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
2020-07-30 10:21:08 +02:00
Christoph Wurst
5b92f35fe2
Log why a token is not valid during password check
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-05-27 09:58:44 +02:00
Christoph Wurst
cb057829f7
Update license headers for 19
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-29 11:57:22 +02:00
Julius Härtl
d74e9045ac
Delete avatar if a user is deleted
Signed-off-by: Julius Härtl <jus@bitgrid.net>
2020-04-24 16:27:17 +02:00
Roeland Jago Douma
cbcf072b23
Revert "Make sure MySQL is not saying 'this' = 'this ' is true" 2020-04-15 23:49:16 +02:00
Joas Schilling
16e9bf2309
Make sure MySQL is not saying 'this' = 'this ' is true
Signed-off-by: Joas Schilling <coding@schilljs.com>
2020-04-15 09:14:12 +02:00
Christoph Wurst
734c62bee0
Format code according to PSR2
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 16:56:50 +02:00
Christoph Wurst
28f8eb5dba
Add visibility to all constants
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 16:54:27 +02:00
Christoph Wurst
caff1023ea
Format control structures, classes, methods and function
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.

This also removes and empty lines from method/function bodies at the
beginning and end.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 14:19:56 +02:00
Christoph Wurst
14c996d982
Use elseif instead of else if
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-10 10:35:09 +02:00
Christoph Wurst
008e6d7e84
Merge pull request from nextcloud/refactor/spaces-cleanup
Remove all extra whitespace PSR2 does not like
2020-04-09 20:39:37 +02:00
Christoph Wurst
64510932b8
Merge pull request from nextcloud/techdebt/lowercase-keywords
Use php keywords in lowercase
2020-04-09 16:25:14 +02:00
Christoph Wurst
44577e4345
Remove trailing and in between spaces
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 16:07:47 +02:00
Christoph Wurst
36b3bc8148
Use php keywords in lowercase
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 14:04:56 +02:00
Christoph Wurst
afbd9c4e6e
Unify function spacing to PSR2 recommendation
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 13:54:22 +02:00
Christoph Wurst
2fbad1ed72
Fix (array) indent style to always use one tab
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-09 10:16:08 +02:00
Christoph Wurst
85e369cddb
Fix multiline comments
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-04-08 22:24:54 +02:00
Roeland Jago Douma
19ca921676
Merge pull request from nextcloud/fix/license-headers-19
Update the license headers for Nextcloud 19
2020-04-01 12:44:21 +02:00
Roeland Jago Douma
84f3d2ddeb
[POC] Event for failed login attempts
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2020-03-31 21:41:02 +02:00
Christoph Wurst
1a9330cd69
Update the license headers for Nextcloud 19
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-31 14:52:54 +02:00
Christoph Wurst
463b388589
Merge pull request from nextcloud/techdebt/remove-unused-imports
Remove unused imports
2020-03-27 17:14:08 +01:00
Christoph Wurst
b80ebc9674
Use the short array syntax, everywhere
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-26 16:34:56 +01:00
Christoph Wurst
74936c49ea
Remove unused imports
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-25 22:08:08 +01:00
Christoph Wurst
df9e2b828a
Fix mismatching docblock return types
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2020-03-06 16:38:25 +01:00
Christoph Wurst
d808f9c053
Add typed events for all user hooks and legacy events
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-12-11 10:00:24 +01:00
Christoph Wurst
5bf3d1bb38
Update license headers
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-12-05 15:38:45 +01:00
Joas Schilling
dd53fad898
Prevent creating users with existing files
Signed-off-by: Joas Schilling <coding@schilljs.com>
2019-12-04 15:21:50 +01:00
Christoph Wurst
cc80339b39
Add typed create user events
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-12-03 08:03:57 +01:00
Christoph Wurst
1a886b1472
Add typed events for password_policy
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-11-27 09:56:12 +01:00
Roeland Jago Douma
68748d4f85
Some php-cs fixes
* Order the imports
* No leading slash on imports
* Empty line before namespace
* One line per import
* Empty after imports
* Emmpty line at bottom of file

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-11-22 20:52:10 +01:00
Christoph Wurst
535000aac6
Make the post login event public
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-11-20 18:43:09 +01:00
Roeland Jago Douma
dd185e383d
Make sure limit is never negative
There were some cases where a negative limit could be passed in. Which
would happily make the query explode.

This is just a quick hack to make sure it never is negative.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-10-28 13:07:43 +01:00
Roeland Jago Douma
5122629bb0
Make renewSessionToken return the new token
Avoids directly getting the token again. We just inserted it so it and
have all the info. So that query is just a waste.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-10-09 10:10:37 +02:00
Greta Doci
0a874c51af
Disable app token creation for impersonated people, ref
Signed-off-by: Greta Doci <gretadoci@gmail.com>
2019-09-15 12:04:27 +02:00
Roeland Jago Douma
145eee91fe
Get the proper UID
Some user backends (like the database backend) allow us to obtain a user
case insensitive. However the UID itself is case sensitive.

Example:
* create a user User1
* login as User1
  - This results the data/User1 folder to be created etc
* now have some code somewhere that obtains the userFolder (from
IRootFolder) but pas in 'uSER1' as uid
  - The code will check if that is a valid user. And in this case it is
  since User1 and uSER1 both map to the same user
  - However the the UID in the user object is used for the folder a new
  folder fill be create data/uSER1

With this PR this is avoided now. Since we obtain the real UID casing in
the backend before creating the user object.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-08-13 09:33:46 +02:00
Roeland Jago Douma
ba60fafb9a
Add proper PostLoginEvent
This can be used by othr mechanisms to listen for this event in a lazy
fashion.

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
2019-07-29 16:31:40 +02:00
Christoph Wurst
3174012adf Add event dispatcher to OCP
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-06-25 10:02:27 +02:00
Christoph Wurst
170582d4f5
Add a login chain to reduce the complexity of LoginController::tryLogin
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
2019-05-07 18:04:36 +02:00
Arthur Schiwon
96bab4f969
remove obsolete use statements
Signed-off-by: Arthur Schiwon <blizzz@arthur-schiwon.de>
2019-04-24 16:24:53 +02:00
Leon Klingele
9a5ca231bf
lib/private/User: do not change user properties if value has not changed 2019-04-11 11:20:41 +02:00