Do not delete invalid AppToken #11043

rullzer · 2018-09-04T05:40:53Z

When an apptoken is still valid in the DB but the password validation fails we should mark it as such. That way we can on next (successful) login update all the tokens that are marked as invalid.

For https://github.com/orgs/nextcloud/projects/22

This should make changing the password in LDAP possible for example.

TODO:

Add field to mark apppassword as outdated to DB
If the password fails to verify mark the apptoken as outdated (do not delete it)
On successfull login update outdated tokens

rullzer self-assigned this Sep 4, 2018

rullzer added enhancement 1. to develop Accepted and waiting to be taken care of labels Sep 4, 2018

rullzer added this to the Nextcloud 15 milestone Sep 4, 2018

nextcloud-bot added the feature: authentication label Sep 4, 2018

This comment has been minimized.

Sign in to view

nextcloud-bot added the bug label Sep 4, 2018

rullzer mentioned this issue Sep 26, 2018

Apptoken v3: imrpove token handling on external password change #11390

Merged

2 tasks

MorrisJobke removed the 1. to develop Accepted and waiting to be taken care of label Oct 2, 2018

MorrisJobke closed this as completed in #11390 Oct 2, 2018

GTVolk mentioned this issue Dec 19, 2023

[Snyk] Security upgrade puppeteer from 20.4.0 to 21.3.7 DevVault/nextcloud#19

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Do not delete invalid AppToken #11043

Do not delete invalid AppToken #11043

rullzer commented Sep 4, 2018 •

edited by MorrisJobke

Loading

This comment has been minimized.

Do not delete invalid AppToken #11043

Do not delete invalid AppToken #11043

Comments

rullzer commented Sep 4, 2018 • edited by MorrisJobke Loading

This comment has been minimized.

rullzer commented Sep 4, 2018 •

edited by MorrisJobke

Loading