Login credential store

[ChristophWurst]

Since NC 10 we use session tokens for every connected browser and allow devices to use an app-specific password. Those tokens store the encrypted login password, which we can now use to authenticate external storages. In addition, this functionality is useful for other apps like Mail, where we want to create an account automatically, see nextcloud/mail#28.
This way we can allow remember-me logins for all users regardless of enabled apps. Until now, remember-me was disabled as soon as external storage support was enabled because the login password was stored in the session.

TODO:

• Provide credentials for legacy clients too (those that log in with username:password) remember-me is not used there
• Tests
• Use login hook password as fallback if there's neither a device password nor a session token.
• Manual testing

Next steps/PRs:

• Migrate external storages to use this store too

Tested:

• External storage (webdav) using login credentials, stored in session setting and the web ui ☑️
• External storage (webdav) using login credentials, stored in session setting via command line using username:password ☑️
• External storage (webdav) using login credentials, stored in session setting via command line using username:app-password ☑️

There is a working POC consumer in nextcloud/mail#28.

@LukasReschke as discussed

Fix #2732

[mention-bot]

@ChristophWurst, thanks for your PR! By analyzing the history of the files in this pull request, we identified @rullzer, @BernhardPosselt and @DeepDiver1975 to be potential reviewers.

[ChristophWurst]

Provide credentials for legacy clients too (those that log in with username:password)

@LukasReschke can we expect them to send the credentials on every request? There is nothing like remember-me for clients anyway …

[nickvergessen]

uid + user is confusing, isuser displayname? then call it so.

[ChristophWurst]

it's whatever users use to log in. depends on the setup. maybe loginName fits better

[nickvergessen]

this needs to be added to "setSession" then:
https://github.com/nextcloud/server/pull/1943/files#diff-0a830b0354b26e84f08f705b5356a05bR949

Otherwise when it was called too early once, it always has the already closed session....

[ChristophWurst]

done

[ChristophWurst]

cc @nextcloud/encryption

[rullzer]

@schiessle ^^

[rullzer]

Awesome stuff. I did not yet manage to break it but then again my external/encryption setups are not that exciting.

Lets get this in!

@icewind1991 @schiessle have a look please!

[ChristophWurst]

@rullzer did you somehow remove some of my commits? E.g. I don't see the changes for external storages any more? 😕

[rullzer]

I hope not. Let me try again later...

[rullzer]

Shit seems I messed up. @ChristophWurst talk to me on IRC see if we can recover it on your git.

[codecov-io]

Current coverage is 54.05% (diff: 87.27%)

Merging #2044 into master will increase coverage by 0.13%

@@             master      #2044   diff @@
==========================================
  Files          1302       1304     +2   
  Lines         80061      80448   +387   
  Methods        7902       7983    +81   
  Messages          0          0          
  Branches       1245       1245          
==========================================
+ Hits          43171      43487   +316   
- Misses        36890      36961    +71   
  Partials          0          0          

Diff Coverage	File Path
••••• 50%	...xternal/lib/Lib/Auth/Password/SessionCredentials.php
••••• 50%	lib/private/Server.php
••••••••• 96%	new ...ib/private/Authentication/LoginCredentials/Store.php
•••••••••• 100%	new ...vate/Authentication/LoginCredentials/Credentials.php
•••••••••• 100%	lib/private/legacy/util.php
•••••••••• 100%	core/templates/login.php
•••••••••• 100%	core/Controller/LoginController.php
•••••••••• 100%	...ate/AppFramework/DependencyInjection/DIContainer.php

Powered by Codecov. Last update fab82e9...3ee5c7e

all fixed

[ChristophWurst]

@icewind1991 @LukasReschke @nickvergessen @rullzer please review :-)

[MorrisJobke]

Tested and works 👍