Login credential store #2044
Login credential store #2044
Conversation
|
@ChristophWurst, thanks for your PR! By analyzing the history of the files in this pull request, we identified @rullzer, @BernhardPosselt and @DeepDiver1975 to be potential reviewers. |
@LukasReschke can we expect them to send the credentials on every request? There is nothing like remember-me for clients anyway … |
| * @param string $user | ||
| * @param string $password | ||
| */ | ||
| public function __construct($uid, $user, $password) { |
There was a problem hiding this comment.
uid + user is confusing, isuser displayname? then call it so.
There was a problem hiding this comment.
it's whatever users use to log in. depends on the setup. maybe loginName fits better
ChristophWurst
force-pushed
the
login-credential-store
branch
from
dd5dceb
to
b109404
Compare
| @@ -241,6 +243,13 @@ public function __construct($webRoot, \OC\Config $config) { | |||
| }); | |||
| return $groupManager; | |||
| }); | |||
| $this->registerService(Store::class, function(Server $c) { | |||
| $session = $c->getSession(); | |||
There was a problem hiding this comment.
this needs to be added to "setSession" then:
https://github.com/nextcloud/server/pull/1943/files#diff-0a830b0354b26e84f08f705b5356a05bR949
Otherwise when it was called too early once, it always has the already closed session....
ChristophWurst
force-pushed
the
login-credential-store
branch
from
ec13862
to
2efbb0a
Compare
ChristophWurst
force-pushed
the
login-credential-store
branch
from
2efbb0a
to
88599e3
Compare
ChristophWurst
added
3. to review
ChristophWurst
force-pushed
the
login-credential-store
branch
4 times, most recently
from
cc309c9
to
cca6897
Compare
ChristophWurst
added
2. developing
ChristophWurst
force-pushed
the
login-credential-store
branch
from
e62d22b
to
c10bfe2
Compare
| @@ -18,7 +18,6 @@ | |||
| <user>user-encryption</user> | |||
| <admin>admin-encryption</admin> | |||
| </documentation> | |||
| <rememberlogin>false</rememberlogin> | |||
There was a problem hiding this comment.
cc @nextcloud/encryption
There was a problem hiding this comment.
Awesome stuff. I did not yet manage to break it but then again my external/encryption setups are not that exciting.
Lets get this in!
@icewind1991 @schiessle have a look please!
|
@rullzer did you somehow remove some of my commits? E.g. I don't see the changes for external storages any more? 😕 |
|
I hope not. Let me try again later... |
|
Shit seems I messed up. @ChristophWurst talk to me on IRC see if we can recover it on your git. |
rullzer
force-pushed
the
login-credential-store
branch
from
7a1198a
to
17399b3
Compare
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
…ial store Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
If no session token is available, we can use the credentials provided by the login hook. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
The provider might need DB access and therefore depenedency resolution fails on the setup page where we cannot inject the db implementation. Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
rullzer
force-pushed
the
login-credential-store
branch
from
17399b3
to
140555b
Compare
Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>
Current coverage is 54.05% (diff: 87.27%)@@ master #2044 diff @@
==========================================
Files 1302 1304 +2
Lines 80061 80448 +387
Methods 7902 7983 +81
Messages 0 0
Branches 1245 1245
==========================================
+ Hits 43171 43487 +316
- Misses 36890 36961 +71
Partials 0 0
|
|
@icewind1991 @LukasReschke @nickvergessen @rullzer please review :-) |
Since NC 10 we use session tokens for every connected browser and allow devices to use an app-specific password. Those tokens store the encrypted login password, which we can now use to authenticate external storages. In addition, this functionality is useful for other apps like Mail, where we want to create an account automatically, see nextcloud/mail#28.
This way we can allow remember-me logins for all users regardless of enabled apps. Until now, remember-me was disabled as soon as external storage support was enabled because the login password was stored in the session.
TODO:
Provide credentials for legacy clients too (those that log in with username:password)remember-me is not used thereNext steps/PRs:
Tested:
There is a working POC consumer in nextcloud/mail#28.
@LukasReschke as discussed
Fix #2732