Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SetupController#run(): prevent admin auto-login after autoconfig-only setup #29423

Closed
wants to merge 1 commit into from
Closed

SetupController#run(): prevent admin auto-login after autoconfig-only setup #29423

wants to merge 1 commit into from

Conversation

Al2Klimov
Copy link
Contributor

No description provided.

@Al2Klimov
Copy link
Contributor Author

Tests

Before

I

create a complete autoconfig.php.

Bildschirmaufnahme 2021-10-24 um 11 04 09

Random FSB guy

opens my site first.

Bildschirmaufnahme 2021-10-24 um 11 12 45

Congrats, the Russians are coming.. errm, admin.

After

Bildschirmaufnahme 2021-10-24 um 12 05 37

@Al2Klimov
Copy link
Contributor Author

Allowed edit by maintainers. Shall I resolve the conflicts as well? Does anybody care for this?

@Al2Klimov Al2Klimov mentioned this pull request Mar 25, 2023
Merged
4 tasks
@szaimen szaimen added the 3. to review Waiting for reviews label Mar 25, 2023
@szaimen szaimen requested review from ChristophWurst, a team, ArtificialOwl, icewind1991 and come-nc and removed request for a team March 25, 2023 01:46
@szaimen szaimen added this to the Nextcloud 27 milestone Mar 25, 2023
@come-nc
Copy link
Contributor

come-nc commented Mar 28, 2023

Pointer: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/automatic_configuration.html#automatic-setup (I never heard of autoconfig.php before 🙊 )

Isn’t the autologin on purpose? Where/when is the admin password defined in the autoconfig process?

@come-nc
Copy link
Contributor

come-nc commented Mar 28, 2023

Pointer: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/automatic_configuration.html#automatic-setup (I never heard of autoconfig.php before speak_no_evil )

Isn’t the autologin on purpose? Where/when is the admin password defined in the autoconfig process?

Doc says «Any unspecified parameters appear on the “Finish setup” screen when you first launch Nextcloud.», isn’t the autologin for this finish setup step?

@Al2Klimov
Copy link
Contributor Author

For an incomplete autoconfig – yes.

In case of a complete autoconfig no more user input is needed, so NC -see OP 2nd GIF- doesn’t even show a finish setup page, but proceeds. So I'm done with setup once I've created a complete autoconfig and closed VIm. As I'm done I may take a coffee break. If during this coffee break someone opens my NC before me, they're admin. That's not fair.

Where/when is the admin password defined in the autoconfig process?

If e.g. I say so e.g. via Ansible, it has a password generator btw.. See OP 1st GIF.

@come-nc
Copy link
Contributor

come-nc commented Mar 30, 2023

In case of a complete autoconfig no more user input is needed, so NC -see OP 2nd GIF- doesn’t even show a finish setup page, but proceeds. So I'm done with setup once I've created a complete autoconfig and closed VIm. As I'm done I may take a coffee break. If during this coffee break someone opens my NC before me, they're admin. That's not fair.

Well you actually did not setup anything until Nextcloud is opened, no? This is when the autoconfig is applied. I would take the coffee after checking Nextcloud loads 😛

But yeah I understand the idea, if no more data is needed end the session and force the admin to log in with the configured password from autoconfig.

@Al2Klimov
Copy link
Contributor Author

Well you actually did not setup anything until Nextcloud is opened, no? This is when the autoconfig is applied. I would take the coffee after checking Nextcloud loads 😛

In my Ansible I actually worked this around via curl after autoconfig placement.

This was referenced May 3, 2023
Merged
Closed
Merged
@blizzz blizzz mentioned this pull request May 17, 2023
Merged
@blizzz blizzz modified the milestones: Nextcloud 27, Nextcloud 28 May 23, 2023
@skjnldsv skjnldsv mentioned this pull request Nov 1, 2023
Merged
This was referenced Nov 6, 2023
Merged
Merged
This was referenced Nov 14, 2023
Merged
Merged
@blizzz blizzz removed this from the Nextcloud 28 milestone Nov 23, 2023
@blizzz blizzz added this to the Nextcloud 29 milestone Nov 23, 2023
@Al2Klimov @AndyScherzinger
SetupController#run(): prevent admin auto-login after autoconfig-only…
2452aaf 
… setup

Signed-off-by: Alexander A. Klimov <grandmaster@al2klimov.de>
@skjnldsv
Copy link
Member

As this sounds like a nice feature, the requests for this are quite low. Currently there a no plans to implement such a feature. Thus I will close this ticket for now. This does not mean we don't want this feature, but it is simply not on our roadmap for the near future. If somebody wants to implement this feature nevertheless we are happy to assist and help out.

@skjnldsv skjnldsv closed this Feb 27, 2024
@Al2Klimov
Copy link
Contributor Author

But I already implemented it(?)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ChristophWurst ChristophWurst Awaiting requested review from ChristophWurst

@ArtificialOwl ArtificialOwl Awaiting requested review from ArtificialOwl ArtificialOwl was automatically assigned from nextcloud/server-backend

@icewind1991 icewind1991 Awaiting requested review from icewind1991 icewind1991 was automatically assigned from nextcloud/server-backend

@come-nc come-nc Awaiting requested review from come-nc come-nc was automatically assigned from nextcloud/server-backend

Assignees
No one assigned
Labels
enhancement feature: install and update
Projects
None yet
Milestone
Nextcloud 29
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@Al2Klimov @come-nc @skjnldsv @blizzz @szaimen