Age | Commit message (Collapse) | Author |
|
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
|
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
|
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
|
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
|
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
|
Signed-off-by: Côme Chilliet <come.chilliet@nextcloud.com>
|
|
The auth token activity logic works as follows
* Read auth token
* Compare last activity time stamp to current time
* Update auth token activity if it's older than x seconds
This works fine in isolation but with concurrency that means that
occasionally the same token is read simultaneously by two processes and
both of these processes will trigger an update of the same row.
Affectively the second update doesn't add much value. It might set the
time stamp to the exact same time stamp or one a few seconds later. But
the last activity is no precise science, we don't need this accuracy.
This patch changes the UPDATE query to include the expected value in a
comparison with the current data. This results in an affected row when
the data in the DB still has an old time stamp, but won't affect a row
if the time stamp is (nearly) up to date.
This is a micro optimization and will possibly not show any significant
performance improvement. Yet in setups with a DB cluster it means that
the write node has to send fewer changes to the read nodes due to the
lower number of actual changes.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
|
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
* Fix namespace
* Fix test
Was broken after https://github.com/nextcloud/server/pull/26529
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
* Shiny new events
* Listener to still emit the old event
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
Else you can end up that you renewed your password (LDAP for example).
But they still don't work because you did not use them before you logged
in.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
The IConfig service is documented to handle its data as strings, hence
this changes the code a bit to ensure we store keys as string and
convert them back when reading.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
|
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
On some systems with a lot of users this creates a lot of extra DB
writes.
Being able to increase this interval helps there.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
The serialized data in 19 has one property less and this was not
considered in the code. Hence adding a fallback. Moreover I'm changing
the deserialization into an array instead of object, as that is the
safer option.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
!= loginname
Signed-off-by: Lionel Elie Mamane <lionel@mamane.lu>
|
|
Emit an event for every disabled 2FA provider during cleanup
|
|
\PHPUnit\Framework\MockObject\MockObject
Signed-off-by: Morris Jobke <hey@morrisjobke.de>
|
|
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Signed-off-by: Julius Härtl <jus@bitgrid.net>
|
|
To continue this formatting madness, here's a tiny patch that adds
unified formatting for control structures like if and loops as well as
classes, their methods and anonymous functions. This basically forces
the constructs to start on the same line. This is not exactly what PSR2
wants, but I think we can have a few exceptions with "our" style. The
starting of braces on the same line is pracrically standard for our
code.
This also removes and empty lines from method/function bodies at the
beginning and end.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
Remove unused imports
|
|
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
|
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
Env-based SAML uses the "Apache auth" mechanism to log users in. In this
code path, we first delete all existin auth tokens from the database,
before a new one is inserted. This is problematic for concurrent
requests as they might reach the same code at the same time, hence both
trying to insert a new row wit the same token (the session ID). This
also bubbles up and disables user_saml.
As the token might still be OK (both request will insert the same data),
we can actually just check if the UIDs of the conflict row is the same
as the one we want to insert right now. In that case let's just use the
existing entry and carry on.
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
* Order the imports
* No leading slash on imports
* Empty line before namespace
* One line per import
* Empty after imports
* Emmpty line at bottom of file
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
|
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Once 2FA is enforced for a user and they have no 2FA setup yet this will
now prompt them with a setup screen. Given that providers are enabled
that allow setup then.
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|
|
Signed-off-by: Joas Schilling <coding@schilljs.com>
|
|
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
|
|
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
|