[backend] Support one-time passwords (e.g. for public file shares)#61722
Draft
theCalcaholic wants to merge 14 commits into
Draft
[backend] Support one-time passwords (e.g. for public file shares)#61722theCalcaholic wants to merge 14 commits into
theCalcaholic wants to merge 14 commits into
Conversation
adbd854 to
ae1bd6a
Compare
ae1bd6a to
5035daf
Compare
5035daf to
99f7621
Compare
18 tasks
99f7621 to
9a60a4a
Compare
….g. for shares) Signed-off-by: Tobias Knöppler <tobias@knoeppler.org>
Signed-off-by: Tobias Knöppler <tobias@knoeppler.org>
…bugging (logs) and email Signed-off-by: Tobias Knöppler <tobias@knoeppler.org>
…for authentication of shares Signed-off-by: Tobias Knöppler <tobias@knoeppler.org>
Signed-off-by: Tobias Knöppler <tobias@knoeppler.org>
9a60a4a to
062d4bd
Compare
…ord protected + some syntax errors Signed-off-by: Tobias Knöppler <tobias@knoeppler.org>
Signed-off-by: Tobias Knöppler <tobias@knoeppler.org>
Signed-off-by: Tobias Knöppler <tobias@knoeppler.org>
Signed-off-by: Tobias Knöppler <tobias@knoeppler.org>
Signed-off-by: Tobias Knöppler <tobias@knoeppler.org>
Signed-off-by: Tobias Knöppler <tobias@knoeppler.org>
Signed-off-by: Tobias Knöppler <tobias@knoeppler.org>
Signed-off-by: Tobias Knöppler <tobias@knoeppler.org>
…persistence with OTPs Signed-off-by: Tobias Knöppler <tobias@knoeppler.org>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This are the backend facing changes only. The frontend PR can be found at #61733. This PR needs to be merged before the frontend PR.
Work in-progress
This PR is functional but still in progress. I would very much appreciate architecture and implementation specific feedback while I'm working on polishing and the missing UI portion for OTP protected share creation.
Summary
This PR adds one-time password management to Nextcloud server and integrates them with the files_sharing app.
(the actual form in the screenshot is part of #61733)
TODO
Architecture and Rationale
General concepts
OTPs (one-time password) are short-lived, single use credentials sent to users via an (according to a given threat model) trusted channel (e.g. a specific email address).
OTP Providers define a method of sending OTPs to users.
OTP Recipients are valid address definitions within the scope of an OTP provider that can be sent OTPs.
Core/Server Changes
Generic
One-time passwords are implemented with generic interfaces so that they can be used by other parts of Nextcloud than sharing.
The core functionality for one-time passwords is implemented within the \OCP and \OC namespaces. OTPs are stored within a new database table
one_time_passwordand have a providerID, a recipient string, an expiration date and a password. The idea here is, that the OTP configuration (i.e. provider+recipient) can be long lived, while the credentials (password+expiration date) are (re-)generated per use.Management of OTPs is implemented in
\OC\OneTimePassword\Manager(implementing the injectable interface at\OCP\OneTimePassword\IManager).\OCP\Security\PasswordContexthas been extended by anOTPcase to allow the creation of password policies specifically for OTPs.Events are used to allow apps to register OTP providers. They need to hook into the
GetOneTimePasswordProvidersand theSendOneTimePasswordevents to provider their functionality. Providers also need to implement the interface\OCP\OneTimePassword\IOneTimePasswordProvider, which defines methods that allow theManagerto select providers and provide information about them.Sharing specific
Shares (see
\OCP\Share\IShare) have been extended with anone_time_passwordfield.The
\OC\Share20\Managerhas been adjusted to prioritize OTPs when checking the authentication for a share.The template
publicshareauth.phphas been adjusted to receive and display OTP related information (used in #61733 to show the OTP specific password form).files_sharing Changes
The
ShareAPIControllerhas been extended to allow creating and updating OTP protected shares and returning the otp configuration when fetching shares. OTPs and passwords are mutually exclusive and an error will be returned when attempting to create a share with both.The
ShareControllerhas been extended to supply template responses for public shares with otp related information.A new
ShareOTPControllerhas been implemented that allows users to request OTPs for a share.OTP Providers
Two OTP providers have been implemented as (core) apps: debug and email. The former allows logging OTPs to the Nextcloud Logs and the latter allows sending OTPs via email.
Checklist
3. to review, feature component)stable32)AI (if applicable)