Conversation
Signed-off-by: Jonas <[email protected]>
Signed-off-by: Jonas <[email protected]>
|
Welcome! |
kesselb
left a comment
There was a problem hiding this comment.
Thank you for picking this up 👍
I'm sorry for all those remarks. Please wait for another review for a second opinion. I only know the authentication in general. Probably there are better ways than my suggestions (especially for the tokens).
| $token = $this->config->getUserKeys($userId, 'login_token')[0]; | ||
| $token = str_replace('/', 'A', $token); | ||
|
|
||
| if($token === $token) { |
|
|
||
| if($this->config->getUserValue($user, 'core', 'initial') === 'true') { | ||
| $token = $this->config->getUserKeys($user, 'login_token')[0]; | ||
| $token = str_replace('/', 'A', $token); |
There was a problem hiding this comment.
Is this about making the value a get parameter? If so please use urlencode.
| if($this->config->getUserValue($userId, 'core', 'initial') === 'true') | ||
|
|
||
| $token = $this->config->getUserKeys($userId, 'login_token')[0]; | ||
| $token = str_replace('/', 'A', $token); | ||
|
|
||
| if($token === $token) { | ||
| return true; | ||
| } |
There was a problem hiding this comment.
That change makes it possible to overtake any account if you know the userId and the user has not changed the password yet.
| $this->accountManager->updateUser($targetUser, $userAccount); | ||
| } | ||
| break; | ||
| case 'initial': |
There was a problem hiding this comment.
Please create a constant like AccountManager::PROPERTY_INITIAL
| $permittedFields[] = AccountManager::PROPERTY_WEBSITE; | ||
| $permittedFields[] = AccountManager::PROPERTY_TWITTER; | ||
| $permittedFields[] = 'quota'; | ||
| $permittedFields[] = 'initial'; |
There was a problem hiding this comment.
Could you find something more specific? Perhaps forcePasswordReset? initial is very generic.
| } | ||
|
|
||
| if($this->config->getUserValue($user, 'core', 'initial') === 'true') { | ||
| $token = $this->config->getUserKeys($user, 'login_token')[0]; |
There was a problem hiding this comment.
OK. The right way to do this:
Take the password reset token logic from NewUserMailHelper. Perhaps we need to find a better way for this. A generatePasswordResetToken method. If the user login and initial is set generate a password reset token and forward the user.
| ]); | ||
| } | ||
| } else { | ||
| //Password was provided by the admin |
There was a problem hiding this comment.
Case 1: No password, No email = failure
Case 2: No password, Email given = username and password reset link is mailed to user
Case 3: Password given, Email given = username is mailed to user
Case 4: Password given, No email = password reset forced after login
At least that must be documented somewhere. I'm against any more magic here. I don't think the behaviour is guessable or intuitive even without this pr. We should explain what Nextcloud is actually are going to do and/or give the admin a change to pick the action.
There was a problem hiding this comment.
Also Password given, No email is what I usually do for developing 🤣 Need to test something with a different user. Create user with password and no email, Login => Forced password reset 😠
I know that's unusual but this PR is a behavioural change. I'm sure there is someone out there happy with the current approach. People will complain about this change if there is no way to turn it off.
For example: A self-service for account creation. People are able to create a user account for Nextcloud with a internal tool. Password is only visible to user. With this change they have to reset their password again for a account just created seconds ago.
|
As there is no feedback since a while I will close this PR. If you are still willing to get this in, please address the potential comments and rebase to latest master. Then, feel free to re-open. |
|
hi @ein-giga-self |
Added a functionality that forces users to reset their password on first login, if the initial password was set by the admin