Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Distinguish 'done' from 'configuring' in 2FA #35555

Closed
wants to merge 12 commits into from

Conversation

michielbdejong
Copy link
Contributor

Summary

When there is a token in the session for which the user is still setting up 2FA, setting self::SESSION_UID_DONE ("two_factor_auth_passed") is a misnomer.

AFAICT, everything works fine if you set nothing into the session and just return 'false' from this if-statement, but in case there is some code (now or in the future) that needs to know if the user is configuring 2FA, to play it safe I would suggest storing self::SESSION_UID_CONFIGURING ("two_factor_auth_configuring") into the session.

TODO

  • add tests
  • test manually
  • consider removing this session variable once configuration is successfully completed

Checklist

@szaimen szaimen added the 3. to review Waiting for reviews label Dec 2, 2022
@szaimen szaimen added this to the Nextcloud 26 milestone Dec 2, 2022
@szaimen szaimen requested review from st3iny and miaulalala December 2, 2022 10:42
@st3iny
Copy link
Member

st3iny commented Dec 2, 2022

Test need to be fixed:

There was 1 failure:
--
264 |  
265 | 1) Test\Authentication\TwoFactorAuth\ManagerTest::testNeedsSecondFactorSessionAuthFailDBPass
266 | Expectation failed for method name is "set" when invoked 1 time(s)
267 | Parameter 0 for invocation OCP\ISession::set('two_factor_auth_configuring', 'user') does not match expected value.
268 | Failed asserting that two strings are equal.
269 | --- Expected
270 | +++ Actual
271 | @@ @@
272 | -'two_factor_auth_passed'
273 | +'two_factor_auth_configuring'
274 |  
275 | /drone/src/lib/private/Authentication/TwoFactorAuth/Manager.php:363
276 | /drone/src/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php:679

@szaimen szaimen added 2. developing Work in progress and removed 3. to review Waiting for reviews labels Dec 3, 2022
@michielbdejong
Copy link
Contributor Author

  • performance tests Errors during submodule fetch - will investigate
  • Will sign off latest commit so DCO passes
  • Cypress Default cloud background is not rendered seems unrelated?
  • continuous-integration/drone/pr integration-contacts-menu test is failing, seems unrelated?

@st3iny
Copy link
Member

st3iny commented Jan 9, 2023

  • performance tests Errors during submodule fetch - will investigate
  • Will sign off latest commit so DCO passes
  • Cypress Default cloud background is not rendered seems unrelated?
  • continuous-integration/drone/pr integration-contacts-menu test is failing, seems unrelated?

Failures seem to be unrelated. Please fix DCO and we should be good to go.

@michielbdejong
Copy link
Contributor Author

DCO fixed

@miaulalala
Copy link
Contributor

Drone failure is

--- Failed scenarios:
--
1366 |  
1367 | /drone/src/build/integration/features/contacts-menu.feature:27

@miaulalala
Copy link
Contributor

Something is wrong with the submodule 3rd party reference hash. can you rebase on the current master?

@miaulalala
Copy link
Contributor

/rebase

@mickenordin
Copy link
Contributor

Any news on getting this merged?

@michielbdejong
Copy link
Contributor Author

I think the rebase was successful and now all we're waiting for is for someone to actually click "merge", right?
CC @ChristophWurst @st3iny @miaulalala

@miaulalala
Copy link
Contributor

Unfortunately the rebase wasn't successful. Can you do it @michielbdejong or do you need some help?

@michielbdejong michielbdejong force-pushed the patch-1 branch 2 times, most recently from fff6ec5 to 81ba258 Compare April 10, 2023 14:45
@mrvahedi68
Copy link

@miaulalala Tests passing now.

Stephan and others added 12 commits April 19, 2023 16:03
…rrent implementation uses php 7.4, which is no longer compatible with the required PHP version of the server. I upped this to PHP 8.1

List of changes:
- Upped PHP Version to 8.1
- Added Apache Webserver so the Container works "out of the box" after docker-compose up -d
- Mounting whole project as volume to /var/www/html in docker-compose.yml (and set WORKDIR to /var/www/html)

Tested in a Docker for Windows environment.

Signed-off-by: MohammadReza vahedi <34796044+mrvahedi68@users.noreply.github.com>
* Autostart apache2
* Apply occ installation on start
* Autostart Xdebug on request
* Add DevContainer Xdebug profile

Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: MohammadReza vahedi <34796044+mrvahedi68@users.noreply.github.com>
Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: MohammadReza vahedi <34796044+mrvahedi68@users.noreply.github.com>
* Add gnupg2 to be able to sign commits
* Make sure /var/www/html always belongs to www-data
* Add Git-History plugin
* Introduce dedicated entrypoint script
* Store Postgres database data in volume to be persistent
* Cleaner check if NC is already installed in setup.sh
* Add composer to DevContainer

Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: MohammadReza vahedi <34796044+mrvahedi68@users.noreply.github.com>
* Use dedicated DevContainer user to run Apache (ensure file permissions)
* Install NVM for node

Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: MohammadReza vahedi <34796044+mrvahedi68@users.noreply.github.com>
Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: MohammadReza vahedi <34796044+mrvahedi68@users.noreply.github.com>
Signed-off-by: GitHub <noreply@github.com>
Signed-off-by: MohammadReza vahedi <34796044+mrvahedi68@users.noreply.github.com>
Signed-off-by: MohammadReza vahedi <34796044+mrvahedi68@users.noreply.github.com>
Signed-off-by: MohammadReza vahedi <34796044+mrvahedi68@users.noreply.github.com>
Signed-off-by: MohammadReza vahedi <34796044+mrvahedi68@users.noreply.github.com>
When there is a token in the session for which the user is still [setting up 2FA](https://raw.githubusercontent.com/nextcloud/twofactor_totp/master/screenshots/settings.png), setting `self::SESSION_UID_DONE` ("two_factor_auth_passed") is a misnomer.

AFAICT, everything works fine if you set nothing into the session and just return 'false' from this if-statement, but in case there is some code (now or in the future) that needs to know if the user is configuring 2FA, to play it safe I would suggest storing `self::SESSION_UID_CONFIGURING` ("two_factor_auth_configuring") into the session.

Signed-off-by: Michiel de Jong <michiel@unhosted.org>
Signed-off-by: MohammadReza vahedi <34796044+mrvahedi68@users.noreply.github.com>
Signed-off-by: MohammadReza vahedi <34796044+mrvahedi68@users.noreply.github.com>
@michielbdejong
Copy link
Contributor Author

@miaulalala what is the status of this PR, is it going to be merged now?

@miaulalala
Copy link
Contributor

@miaulalala what is the status of this PR, is it going to be merged now?

Just checking if the changes to the .devcontainer can stay, otherwise looks good. in the meantime, can you update your branch to the latest master?

Copy link
Contributor

@miaulalala miaulalala left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Unfortunately the .devconatiner changes have to go to keep everything tidy.

If you would like to keep the changes, you can open a second PR to update the devcontainer to 8.1 - would be nice to have that in, but not in this PR :)

@michielbdejong
Copy link
Contributor Author

superseded by #39411

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
2. developing Work in progress
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Confusing variable name in 2FA
8 participants