-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow restricting of app password permissions #719
Conversation
@icewind1991, thanks for your PR! By analyzing the annotation information on this pull request, we identified @ChristophWurst, @nickvergessen, @blizzz and @DeepDiver1975 to be potential reviewers |
|
||
public function setScope($scope) { | ||
if (is_string($scope)) { | ||
$this->scope = $scope; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
shouldn't you use the parent method instead to mark the property as updated? AFAIK app framework entities remember which properties are dirty and only updates those.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
fixed
@icewind1991 Please add documentation:
|
} | ||
|
||
public function put($file, array $data) { | ||
throw new \OC\ForbiddenException('This request is not allowed to access the filesystem'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OCP\Files\ForbiddenException?
@icewind1991 Any progress on this? |
Limited the scope of this PR to only restricting filesystem access for now. We can look into a better way of handling restricting apps or other things separately, imo fs access is the most important thing to be able to restrict |
9f0c5ba
to
73919c8
Compare
ready for review |
@@ -353,6 +375,26 @@ | |||
}); | |||
}, | |||
|
|||
_onSetTokenScope: function (event) { | |||
var $target = $(event.target); | |||
console.log($target); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Debug?
|
||
var scope = token.get('scope'); | ||
scope.filesystem = $target.is(":checked"); | ||
console.log(scope); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Debug?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
removed both
Signed-off-by: Robin Appelman <icewind@owncloud.com>
Signed-off-by: Robin Appelman <icewind@owncloud.com>
Signed-off-by: Robin Appelman <icewind@owncloud.com>
Signed-off-by: Robin Appelman <icewind@owncloud.com>
Signed-off-by: Robin Appelman <robin@icewind.nl>
Signed-off-by: Robin Appelman <robin@icewind.nl>
Signed-off-by: Robin Appelman <robin@icewind.nl>
Signed-off-by: Robin Appelman <robin@icewind.nl>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Signed-off-by: Robin Appelman <robin@icewind.nl>
Signed-off-by: Robin Appelman <robin@icewind.nl>
8593e3d
to
e633f2f
Compare
@LukasReschke @rullzer please review |
LETS DO THIS 👍 |
Awesome stuff 👍 :) |
Well done!! |
This adds the option to configure app tokens to limit the permissions it provides.
Currently it only allows to deny filesystem access from a token. Restricting access to apps is possible already in the backend but neesd a ui.
Restricted app passwords reduce the risk that you take by giving a (3rdparty) client, you no longer need to give access to all your files to the cal/carddav sync app you use.
cc @ChristophWurst @LukasReschke