fix: 2fa check on controllers which are annotated as @PublicPage an…#41123
Merged
DeepDiver1975 merged 1 commit intomasterfrom Dec 1, 2023
Merged
fix: 2fa check on controllers which are annotated as @PublicPage an…#41123DeepDiver1975 merged 1 commit intomasterfrom
@PublicPage an…#41123DeepDiver1975 merged 1 commit intomasterfrom
Conversation
DeepDiver1975
force-pushed
the
fix/2fa-hybrid-controller-methods
branch
from
f3f78a1 to
3437599
Compare
|
Kudos, SonarCloud Quality Gate passed! |
…d also used authenticated
DeepDiver1975
force-pushed
the
fix/2fa-hybrid-controller-methods
branch
from
3437599 to
f0c1de7
Compare
Member
Author
|
@phil-davis no idea if we want to implement an acceptance test for this .... |
Member
Author
|
failing drone is unrelated - docker images not found ..... as usual .... |
jvillafanez
approved these changes
Dec 1, 2023
Member
|
We might need to retest all the 2fa flows to ensure everything works. I've quickly checked with 2fa enforcement (without encryption) and it seems to work well. |
Member
Author
|
The pure 2fa flow is untouched as this is "only" about the controller annotations. I wonder if this needs to be added to webdav as well which does not got through the controller layer ..... |
Contributor
|
LGTM - files_texteditor and twofactor_totp work together correctly. |
delete-merged-branch
bot
deleted the
fix/2fa-hybrid-controller-methods
branch
pako81
pushed a commit
to owncloud/docs
that referenced
this pull request
Dec 13, 2023
DeepDiver1975
added a commit
that referenced
this pull request
Dec 13, 2023
…d also used authenticated (#41123)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
…d also used authenticated
Description
Some controllers define methods which are publicly accessible and accessible for authenticated users the same time.
e.g. https://github.com/owncloud/files_texteditor/blob/3b00b6ea0b4d89bc91c5fdd68d459337f079399f/controller/filehandlingcontroller.php#L105
In such situations the 2fa handling was bypassed because of the
@PublicPageannotation.Types of changes
Checklist: