Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Safer auth settings #57

Merged
merged 2 commits into from
Sep 26, 2024
Merged

Safer auth settings #57

merged 2 commits into from
Sep 26, 2024

Conversation

julien-nc
Copy link
Member

Sorry for the long PR. I didn't feel like making 5 PRs 😁

Tested with OAuth and manually set personal token.

  • Use Php 8 new stuff, use method attributes instead of annotations for controller methods
  • Restrict OAuth URL to the one set by the admin
  • Ask for password confirmation for sensitive values in admin and user settings
  • Update npm pkgs (necessary to install @nextcloud/password-confirmation)
  • Fix incorrect search result when the user didn't define any instance URL and uses the one defined by the admin

@julien-nc julien-nc added the enhancement New feature or request label Aug 19, 2024
@marcelklehr
Copy link
Member

rebase please 😇

@julien-nc
bump min NC version to 27, use php 8 attr declaration, use method att…
2a3fb31 
…ributes instead of annotations

fix: use correct zammad URL in many places in the backend
use password confirmation for sensitive perso/admin setting values
fix search result zammad URL if the user uses the admin defined URL

Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
@julien-nc
run cs:fix
3b2378f 
Signed-off-by: Julien Veyssier <julien-nc@posteo.net>
@julien-nc
Copy link
Member Author

Rebased. Only thing I kinda reverted is the version for some pkgs in package.json.
npm update does not update to an upper major anyway. We can use 8.x-like versions again if you prefer or if there is a strong reason 😁 .

marcelklehr
marcelklehr reviewed Sep 26, 2024
View reviewed changes
package.json
"@nextcloud/vue": "8.x",
"@nextcloud/password-confirmation": "^5.1.1",
"@nextcloud/router": "^3.0.1",
"@nextcloud/vue": "^8.16.0",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will not update to 8.17, though, will it?

@marcelklehr marcelklehr merged commit ed1d003 into main Sep 26, 2024
20 checks passed
@marcelklehr marcelklehr deleted the fix/noid/safer-auth-settings branch September 26, 2024 10:26
@julien-nc julien-nc mentioned this pull request Oct 15, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marcelklehr marcelklehr marcelklehr approved these changes

Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@julien-nc @marcelklehr