Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Possibility to set up 2FA on login #12268

Closed
ChristophWurst opened this issue Nov 5, 2018 · 4 comments · Fixed by #15304
Closed

Possibility to set up 2FA on login #12268

ChristophWurst opened this issue Nov 5, 2018 · 4 comments · Fixed by #15304
Assignees
@rullzer @ChristophWurst
Labels
2. developing Work in progress enhancement feature: authentication security
Milestone
Nextcloud 17

Comments

@ChristophWurst
Copy link
Member

Originally discussed in #11021 and brought up in #12249, it would be a UX enhancement if we could allow users setting up their 2FA on login in case it was enforced by admins.

This will require some dedicated setup pages that are accessible even when 2FA is enforced, hence require a restructuring of how 2FA providers works and communicate with the server.
@ChristophWurst ChristophWurst added enhancement 1. to develop Accepted and waiting to be taken care of feature: authentication labels Nov 5, 2018
@schiessle schiessle mentioned this issue Nov 5, 2018
Closed
@nextcloud nextcloud deleted a comment from nextcloud-bot Nov 5, 2018
@nextcloud-bot nextcloud-bot mentioned this issue Nov 5, 2018
Closed
@MorrisJobke MorrisJobke mentioned this issue Jan 7, 2019
Closed
@ChristophWurst ChristophWurst mentioned this issue Jan 28, 2019
Closed
@rullzer
Copy link
Member

rullzer commented Feb 5, 2019

Now that we have the new provider interfaces probably

  • New interface that exposes this possibility ( ILoginConfiguration or whatever)
  • This should do similar stuff to the admin page so I guess we can reuse parts

Maybe we should add a special controller to help out?

@ChristophWurst
Copy link
Member Author

I would say we need a (tagging) interface for providers that support this, so the server knows whether the user can't log in or is able to do the registration. Then we need a selection screen for the case of more than one provider. And then we can let the provider render a template like on the challenge and settings pages. The interface would look like this

namespace OCP\Authentication\TwoFactorAuth;

interface ISelfRegistrationProvider {
    public function getTemplate(): \OCP\Template;
}

… and in order to allow the client-side to talk to the server-side controllers we can add a new controller method annotation like @NoTwoFactorRequired that does not block requests. Provider apps can use this to create their settings controller for the registration.

Is there anything else we need?

@rullzer
Copy link
Member

rullzer commented Feb 12, 2019

I think that is indeed it!

@ChristophWurst ChristophWurst added this to the Nextcloud 17 milestone Feb 12, 2019
@ChristophWurst
Copy link
Member Author

Let's aim to do this for 17 then ;)

@ChristophWurst ChristophWurst self-assigned this Mar 13, 2019
@rummatee rummatee mentioned this issue Mar 24, 2019
Closed
@ChristophWurst ChristophWurst added 2. developing Work in progress and removed 1. to develop Accepted and waiting to be taken care of labels May 8, 2019
@rullzer rullzer mentioned this issue May 8, 2019
Merged
1 task
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@rullzer rullzer

@ChristophWurst ChristophWurst

Labels
2. developing Work in progress enhancement feature: authentication security
Projects
None yet
Milestone
Nextcloud 17
Development

Successfully merging a pull request may close this issue.

2FA setup during login nextcloud/server
3 participants
@rullzer @MorrisJobke @ChristophWurst