| Age | Commit message (Collapse) | Author |
|---|
|
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
|
* Shiny new events
* Listener to still emit the old event
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
The IConfig service is documented to handle its data as strings, hence
this changes the code a bit to ensure we store keys as string and
convert them back when reading.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
|
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Remove unused imports
|
|
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
Once 2FA is enforced for a user and they have no 2FA setup yet this will
now prompt them with a setup screen. Given that providers are enabled
that allow setup then.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Ref https://github.com/nextcloud/server/issues/11019.
Add `twofactorauth:cleanup` command
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Fixes https://github.com/nextcloud/server/issues/10634.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
If the 2FA provider registry has not been populated yet, we have to make
sure all available providers are loaded and queried on login. Otherwise
previously active 2FA providers aren't detected as enabled.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
This adds persistence to the Nextcloud server 2FA logic so that the server
knows which 2FA providers are enabled for a specific user at any time, even
when the provider is not available.
The `IStatefulProvider` interface was added as tagging interface for providers
that are compatible with this new API.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Signed-off-by: Julius Härtl <jus@bitgrid.net>
|
|
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
* Store the auth state in the session so we don't have to query it every
time.
* Added some tests
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
|
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
* try to reuse the old session token for remember me login
* decrypt/encrypt token password and set the session id accordingly
* create remember-me cookies only if checkbox is checked and 2fa solved
* adjust db token cleanup to store remembered tokens longer
* adjust unit tests
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
|
|
* add backup codes app unit tests
* add integration tests for the backup codes app
|
|
This fixes infinite loops that are caused whenever a user is about to solve a 2FA
challenge, but the provider app is disabled at the same time. Since the session
value usually indicates that the challenge needs to be solved before we grant access
we have to remove that value instead in this special case.
|
|
|
|
|
|
|
|
|
