Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Registration API #77
This PR implements a basic registration API as an OCS endpoint as discussed in #41
I've included the commit from #76 here, since a lot of refactoring has been done based on this and I think it might easier to review the changes together.
Example usage is documented here for now with some basic curl commands:
Took a quick look over it. Looks good in general. Will have a more detailed look and test tomorrow.
Hi @juliushaertl I looked over the changes and most looked good, and with the design of "pending" status it should be feasible if we want to incorporate admina approval feature in the future.
Some notes while I was reading the code:
Client secret is held only by the client app, and is used to uniquely identify the client app making the registration request.
Q: Why is there need for a client secret at all? why not just check the registration status by Token?
Different behavior of
@pellaeon Thanks for your feedback. I really appreciate it.
Exactly. The token should not be exposed anywhere else than in the email. Otherwise that would allow users to verify their address without receiving an email.
A new token will be generated and sent to the users email. See https://github.com/pellaeon/registration/pull/77/files#diff-b9e15819672f6817a033ecc447a6e2a2R153
I have not thought about that kind of attack vector until now. But I guess we could at least add the AnonRateThrottle rate limit annotation that Nextcloud has introduced here. At the moment there is no check if there already is a pending registration for the username, but i'll add that as well. I need to think a bit more about this, maybe we need some kind of expiration, as you said.
I'll try to finish documentation of the API and the unit tests later today.
Sorry for the delay. I've added unit tests at least for the new code parts. @pellaeon It might make sense to enable travis ci or some similar ci service on the repo, so we can see if some patches break the unit tests in the future.
The API documentation can be found here: https://gist.github.com/juliushaertl/5a1d1132e7370b5ad38fbd6da3cae5b8
Hey @juliushaertl , I encountered this error while upgrading the plugin:
Might be some problems with my Doctrine or MariaDB, I'm looking into it, please let me know if you have a hint.
Oops, I forgot I had sqlite3 instead of MariaDB on my test server. So it's probably this problem: https://stackoverflow.com/questions/3170634/how-to-solve-cannot-add-a-not-null-column-with-default-value-null-in-sqlite3
Since sqlite3 is only used for testing purposes, I think the user may just drop the existing table and re-enable the plugin.