Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(login): Clear login form (password) after IDLE timeout #44438

Merged
merged 2 commits into from
Mar 25, 2024
Merged

feat(login): Clear login form (password) after IDLE timeout #44438

merged 2 commits into from
Mar 25, 2024

Conversation

susnux
Copy link
Contributor

@susnux susnux commented Mar 23, 2024
edited
Loading

Summary

For security reasons it is recommended to stop the login process at a defined time, this could prevent password leaks by e.g. user forgetting that they entered their password on public devices.

Enforced e.g. by the BSI ORP.4.A13 rule.

(I would really like to provide a screencast but currently I am under wayland and pipewire segfaults when recording...)

Checklist

@susnux susnux added this to the Nextcloud 29 milestone Mar 23, 2024
@susnux susnux force-pushed the feat/login-form-timeout branch 2 times, most recently from 4a38ea6 to 6ceecfa Compare March 23, 2024 14:03
@susnux susnux force-pushed the feat/login-form-timeout branch from 6ceecfa to fb53411 Compare March 23, 2024 17:33
@Altahrim Altahrim mentioned this pull request Mar 25, 2024
Merged
@ChristophWurst ChristophWurst added 4. to release Ready to be released and/or waiting for tests to finish and removed 3. to review Waiting for reviews labels Mar 25, 2024
@susnux
feat(login): Clear login form (password) after IDLE timeout
3fede00 
For security reasons it is recommended to stop the login process at a defined time,
this could prevent password leaks by e.g. user forgetting that they entered their password on public devices.

Enforced e.g. by the BSI ORP.4.A13 rule.

Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
@susnux
chore: Compile assets
d224914 
Signed-off-by: Ferdinand Thiessen <opensource@fthiessen.de>
@susnux susnux force-pushed the feat/login-form-timeout branch from fb53411 to d224914 Compare March 25, 2024 12:38
@susnux susnux merged commit 7d51b6f into master Mar 25, 2024
167 checks passed
@susnux susnux deleted the feat/login-form-timeout branch March 25, 2024 20:03
@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented May 1, 2024

Hello there,
Thank you so much for taking the time and effort to create a pull request to our Nextcloud project.

We hope that the review process is going smooth and is helpful for you. We want to ensure your pull request is reviewed to your satisfaction. If you have a moment, our community management team would very much appreciate your feedback on your experience with this PR review process.

Your feedback is valuable to us as we continuously strive to improve our community developer experience. Please take a moment to complete our short survey by clicking on the following link: https://cloud.nextcloud.com/apps/forms/s/i9Ago4EQRZ7TWxjfmeEpPkf6

Thank you for contributing to Nextcloud and we hope to hear from you soon!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nfebe nfebe nfebe approved these changes

@skjnldsv skjnldsv skjnldsv approved these changes

@emoral435 emoral435 emoral435 approved these changes

@ChristophWurst ChristophWurst Awaiting requested review from ChristophWurst

@Pytal Pytal Awaiting requested review from Pytal

Assignees
No one assigned
Labels
4. to release Ready to be released and/or waiting for tests to finish enhancement feature: authentication feedback-requested security
Projects
None yet
Milestone
Nextcloud 29
Development

Successfully merging this pull request may close these issues.
5 participants
@susnux @nfebe @skjnldsv @emoral435 @ChristophWurst