·
11 commits
to main
since this release
0.1.0 - 2026-06-25
Added
- Initial release: an advanced OATH second-factor provider for Nextcloud.
- TOTP (RFC 6238), HOTP (RFC 4226) and OCRA (RFC 6287) tokens, with a self-contained OCRA implementation verified against the RFC 6287 test vectors.
- Per-token configuration: hash algorithm (SHA-1/224/256/384/512), digit count, period or counter, OCRA suite, and an optional predetermined secret.
- Secret length chosen by byte-strength presets; pasted custom Base32 secrets validated for a clean byte boundary.
- Secrets encrypted at rest with the Nextcloud instance key (
ICrypto). - Strict RFC compliance UI guard for interoperable defaults.
- QR code with a centered issuer icon (FreeOTP style) and a hardened reveal of an existing secret and QR (forced password confirmation, 60-second auto-hide).
- Admin management: bulk provisioning, CSV paste import and CSV export, admin-locked tokens, managed and excluded groups, disable selected tokens, invert and shift-range selection, and live status banners.
- Import of existing tokens from the bundled
twofactor_totpapp. - HOTP resynchronisation with two consecutive codes, at the login prompt and in personal settings.
- Login setup and personal settings UI, plus a login challenge for TOTP, HOTP and OCRA.
- Admin deactivation via
occ twofactorauth:disable <uid> oath(IDeactivatableByAdmin). - Documentation (README, design, security, compatibility, admin guide, development) with screenshots, and internationalisation scaffolding (Transifex config,
l10n/).