Allow SSO authentication to provide a user secret #24837
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Allow Authentication\IApacheBackend to return a per-user secret. This secret is used in lieu of a passwort to initialize the session. This allows an SSO backend to support per-user encrypted files. Signed-off-by: Peter Meier <[email protected]>
This was referenced Dec 24, 2020
MorrisJobke
approved these changes
May 26, 2021
Member
MorrisJobke
left a comment
MorrisJobke
left a comment
There was a problem hiding this comment.
Makes sense to pass it here. 👍
Member
|
moving to 23 since we are in feature freeze. CI is unhappy also. |
Contributor
|
@immerda Can you rebase and try to make CI happy ? |
MichaIng
added a commit
that referenced
this pull request
Jul 12, 2021
Implementing PR #24837 from immerda Signed-off-by: MichaIng <[email protected]>
MichaIng
added a commit
that referenced
this pull request
Jul 13, 2021
Implementing PR #24837 from immerda Signed-off-by: MichaIng <[email protected]>
juliusknorr
requested changes
Jul 21, 2021
| * Optionally returns a stable per-user secret. This secret is for | ||
| * instance used to secure file encryption keys. | ||
| * @return string|null | ||
| * @since 21.0.0 |
Member
There was a problem hiding this comment.
Suggested change
| * @since 21.0.0 | |
| * @since 23.0.0 |
Member
There was a problem hiding this comment.
Actually we could move this to a separate interface like IProvideUserSecretBackend to avoid breaking existing implementations on new Nextcloud releases. With that we could also avoid the null return value and check in OC_User and do a check there if the interface is implemented by the backend.
Member
There was a problem hiding this comment.
To avoid confusion, the PR has been redone here as immerda seems to be not maintaining it here. The version string has been adjusted already, I'll do the same with pw => password. About the new interface, you need to tell me more in detail how to do that, over there, I guess this means a new script?
Member
There was a problem hiding this comment.
Ah indeed, I already wondered, because I though I already reviewed something similar but was not seeing my comments on this one 👍
| $userSession->createSessionToken($request, $uid, $uid); | ||
| $secret = $backend->getCurrentUserSecret(); | ||
| $userSession->createSessionToken($request, $uid, $uid, $secret); | ||
| $pw = $secret === null ? '' : $secret; |
Member
There was a problem hiding this comment.
Suggested change
| $pw = $secret === null ? '' : $secret; | |
| $password = $secret === null ? '' : $secret; |
| [ | ||
| 'uid' => $uid, | ||
| 'password' => '', | ||
| 'password' => $pw, |
Member
There was a problem hiding this comment.
Suggested change
| 'password' => $pw, | |
| 'password' => $password, |
MichaIng
added a commit
that referenced
this pull request
Jul 21, 2021
Implementing PR #24837 from immerda Signed-off-by: MichaIng <[email protected]>
Author
|
Thanks @juliushaertl for the review and @MichaIng for pushing this further. The train is moving, so let's all move with it to #27929 |
MichaIng
added a commit
that referenced
this pull request
Jul 23, 2021
Implementing PR #24837 from immerda Signed-off-by: MichaIng <[email protected]>
MichaIng
added a commit
that referenced
this pull request
Jul 23, 2021
Implementing PR #24837 from immerda Signed-off-by: MichaIng <[email protected]>
MichaIng
added a commit
that referenced
this pull request
Jul 23, 2021
Implementing PR #24837 from immerda Signed-off-by: MichaIng <[email protected]>
MichaIng
added a commit
that referenced
this pull request
Aug 11, 2021
Implementing PR #24837 from immerda Signed-off-by: MichaIng <[email protected]>
MichaIng
added a commit
that referenced
this pull request
Aug 17, 2021
Implementing PR #24837 from immerda Signed-off-by: MichaIng <[email protected]>
MichaIng
added a commit
that referenced
this pull request
Aug 18, 2021
Implementing PR #24837 from immerda Signed-off-by: MichaIng <[email protected]>
MichaIng
added a commit
that referenced
this pull request
Sep 10, 2021
Implementing PR #24837 from immerda Signed-off-by: MichaIng <[email protected]>
MichaIng
added a commit
that referenced
this pull request
Sep 22, 2021
Implementing PR #24837 from immerda Signed-off-by: MichaIng <[email protected]>
MichaIng
added a commit
that referenced
this pull request
Oct 17, 2021
Implementing PR #24837 from immerda Signed-off-by: MichaIng <[email protected]>
MichaIng
added a commit
that referenced
this pull request
Nov 27, 2021
Implementing PR #24837 from immerda Signed-off-by: MichaIng <[email protected]>
MichaIng
added a commit
that referenced
this pull request
Nov 27, 2021
Implementing PR #24837 from immerda Signed-off-by: MichaIng <[email protected]>
MichaIng
added a commit
that referenced
this pull request
Dec 20, 2021
Implementing PR #24837 from immerda Signed-off-by: MichaIng <[email protected]>
MichaIng
added a commit
that referenced
this pull request
Jan 3, 2022
Implementing PR #24837 from immerda Signed-off-by: MichaIng <[email protected]>
MichaIng
added a commit
that referenced
this pull request
Jan 20, 2022
Implementing PR #24837 from immerda Signed-off-by: MichaIng <[email protected]>
MichaIng
added a commit
that referenced
this pull request
Feb 4, 2022
Implementing PR #24837 from immerda Signed-off-by: MichaIng <[email protected]>
MichaIng
added a commit
that referenced
this pull request
Apr 12, 2022
Implementing PR #24837 from immerda Signed-off-by: MichaIng <[email protected]>
MichaIng
added a commit
that referenced
this pull request
Jun 1, 2022
Implementing PR #24837 from immerda Signed-off-by: MichaIng <[email protected]>
MichaIng
added a commit
that referenced
this pull request
Jul 12, 2022
Implementing PR #24837 from immerda Signed-off-by: MichaIng <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Allow Authentication\IApacheBackend to return a per-user secret. This
secret is used in lieu of a passwort to initialize the session.
This allows an SSO backend to support per-user encrypted files.