Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RFC: Support password-less public key token #32624

Closed
wants to merge 1 commit into from
Closed

RFC: Support password-less public key token #32624

wants to merge 1 commit into from

Conversation

CarlSchwan
Copy link
Member

The idea is that we would add a mode in which Nextcloud doesn't stores
encrypted user password in the database. This would be opt-in and
disable some Nextcloud features (e.g. external storages)

Todos:

  • Replace true condition with system config

Test plan:

  • Login in webui and desktop client
  • Apply this patch
  • User is still logged in in both webui and desktop client

@CarlSchwan
Support password-less public key token
287df4a 
The idea is that we would add a mode in which Nextcloud doesn't stores
encrypted user password in the database. This would be opt-in and
disable some Nextcloud features (e.g. external storages)

Todos:

- Replace true condition with system config

Test plan:

- Login in webui and desktop client
- Apply this patch
- User is still logged in in both webui and desktop client

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
@CarlSchwan CarlSchwan added the 2. developing Work in progress label May 27, 2022
@CarlSchwan CarlSchwan requested a review from ChristophWurst May 27, 2022 09:58
@CarlSchwan CarlSchwan self-assigned this May 27, 2022
CarlSchwan
CarlSchwan commented May 27, 2022
View reviewed changes
lib/private/Authentication/Token/PublicKeyTokenProvider.php
$dbToken->setPublicKey($publicKey);
$dbToken->setPrivateKey($this->encrypt($privateKey, $token));
$dbToken->setPublicKey($publicKey);
$dbToken->setPrivateKey($this->encrypt($privateKey, $token));
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TODO does it make sense to not store the private key and public anymore if we don't store the passwords?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

probably not

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Relevant: #30894 #30895

@CarlSchwan CarlSchwan mentioned this pull request Jun 21, 2022
Closed
@CarlSchwan
Copy link
Member Author

I merged another PR that does implement it

@CarlSchwan CarlSchwan closed this Aug 1, 2022
@come-nc
Copy link
Contributor

come-nc commented Dec 13, 2022

I merged another PR that does implement it

#33225

@ChristophWurst ChristophWurst deleted the feat/support-passwordless-token-setting branch December 13, 2022 15:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ChristophWurst ChristophWurst Awaiting requested review from ChristophWurst

Assignees

@CarlSchwan CarlSchwan

Labels
2. developing Work in progress
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@CarlSchwan @come-nc @ChristophWurst