one-time passwords (e.g. for public file shares)#61722
Conversation
adbd854 to
ae1bd6a
Compare
ae1bd6a to
5035daf
Compare
5035daf to
99f7621
Compare
edb4db5 to
27730a7
Compare
bc04d3a to
9a9f4d3
Compare
|
I am now done with the backend portion, so from my side, this PR is ready for review. :) The only thing missing, is documentation, but I would want to wait for feedback before working on that. Let me know if there is anything you require from me. For manual testing, I recommend to use the frontend branch instead, which is based offf of this branch (see #61733). Here are curl commands to create an OTP protected share on a Nextcloud instance running at http://nextcloud.local with user=admin and password=admin (requires the otp_provider_debug and otp_provider_email apps to be enabled): For email: curl http://nextcloud.local/ocs/v2.php/apps/files_sharing/api/v1/shares -u 'admin:admin' -H 'Content-Type: application/json' -H "Accept: application/json" -H "OCS-APIRequest: true" --data '{"path": "/Nextcloud_Server_Administration_Manual.pdf", "attributes": "[]", "shareType": 3, "otpProvider": "email", "otpRecipient": "your@email.address"}'For debug (OTPs will be written to Nextcloud logs): curl http://nextcloud.local/ocs/v2.php/apps/files_sharing/api/v1/shares -u 'admin:admin' -H 'Content-Type: application/json' -H "Accept: application/json" -H "OCS-APIRequest: true" --data '{"path": "/Nextcloud_Server_Administration_Manual.pdf", "attributes": "[]", "shareType": 3, "otpProvider": "debug", "otpRecipient": "foobar"}'If the file |
f79b8ba to
702cee9
Compare
|
@susnux I hope it's ok to tag you (I wasn't sure if the update messages above would reach you otherwise). |
d1d74e7 to
5783ad1
Compare
d1d74e7 to
f1e9faa
Compare
…rd protected in IShare->isPasswordProtected()
…ge (if available)
f1e9faa to
bfaac2e
Compare
Summary
This PR adds one-time password management to Nextcloud server and integrates them with the files_sharing app.
(the actual form in the screenshot is part of #61733)
Notes
make build-js-production).IShare->isPasswordProtected()(Refactor: Centralize logic for checking if a share is password protected #61946)TODO
Architecture and Rationale
General concepts
OTPs (one-time password) are short-lived, single use credentials sent to users via an (according to a given threat model) trusted channel (e.g. a specific email address).
OTP Providers define a method of sending OTPs to users.
OTP Recipients are valid address definitions within the scope of an OTP provider that can be sent OTPs.
Core/Server Changes
Generic
One-time passwords are implemented with generic interfaces so that they can be used by other parts of Nextcloud than sharing.
The core functionality for one-time passwords is implemented within the \OCP and \OC namespaces. OTPs are stored within a new database table
one_time_passwordand have a providerID, a recipient string, an expiration date and a password. The idea here is, that the OTP configuration (i.e. provider+recipient) can be long lived, while the credentials (password+expiration date) are (re-)generated per use.Management of OTPs is implemented in
\OC\OneTimePassword\Manager(implementing the injectable interface at\OCP\OneTimePassword\IManager).\OCP\Security\PasswordContexthas been extended by anOTPcase to allow the creation of password policies specifically for OTPs.Events are used to allow apps to register OTP providers. They need to hook into the
GetOneTimePasswordProvidersand theSendOneTimePasswordevents to provider their functionality. Providers also need to implement the interface\OCP\OneTimePassword\IOneTimePasswordProvider, which defines methods that allow theManagerto select providers and provide information about them.Sharing specific
Shares (see
\OCP\Share\IShare) have been extended with anone_time_passwordfield.The
\OC\Share20\Managerhas been adjusted to prioritize OTPs when checking the authentication for a share.The template
publicshareauth.phphas been adjusted to receive and display OTP related information (used in #61733 to show the OTP specific password form).files_sharing Changes
The
ShareAPIControllerhas been extended to allow creating and updating OTP protected shares and returning the otp configuration when fetching shares. OTPs and passwords are mutually exclusive and an error will be returned when attempting to create a share with both.The
ShareControllerhas been extended to supply template responses for public shares with otp related information.A new
ShareOTPControllerhas been implemented that allows users to request OTPs for a share.OTP Providers
An OTP provider, which allows sending OTPs via email has been implemented as (core) app:
otp_provider_email. It can be disabled or restricted by administrators to disallow this functionality.UI changes
The authentication page for public shares has been updated to accommodate OTPs (see screenshot).
When an OTP is required for a share, the authentication form will change to present a button for requesting an OTP in addition to the normal password field. It will also display a different title above the password field.
Password authentication page for OTP protected shares
The email template for sending OTPs to users is located in
apps/otp_provider_email/lib/listener/SendOneTimePasswordEventListener.phpand uses Nextclouds usual Mailer interface for templating emails.Example OTP email sent to users
The logo is not displayed, because I'm testing with a local Nextcloud instance at a non-public URL.
The custom permissions in the sidebar sharing tab (files->sidebar->sharing->custom permissions) has been adjusted to allow choosing between no password protection, setting a normal password and configuring an OTP. The descriptions of the OTP are defined and localized by the OTP provider.
New UI for selecting an authentication method during share creation
Previous UI for selecting an auth method for comparison
Checklist
3. to review, feature component)stable32)AI (if applicable)