Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

AppAPI: allow to bypass Two-Factor #42479

Merged
merged 1 commit into from
Dec 29, 2023
Merged

AppAPI: allow to bypass Two-Factor #42479

merged 1 commit into from
Dec 29, 2023

Conversation

bigcat88
Copy link
Member

@bigcat88 bigcat88 commented Dec 25, 2023

  • Resolves: AppAPI with TwoFactor Auth enabled

Summary

AppAPI must support passing two-factor authentication so that ExApps can work in such systems.
By design they should do so.

Original issue where it was discovered(we just completely forgot about two-factor auth):
nextcloud/app_api#181

Since the context_chat was already released we should provide a fix for this situation.
Also the backport to stable28 branch is required, as this is a bug that blocks all Apps developed for AppAPI to work in most production systems.
If possible, also a backport to stable27 branch will be nice.

Ref:

Checklist

if ($this->session->exists('app_password') || $this->twoFactorManager->isTwoFactorAuthenticated($user)) {
if ($this->session->exists('app_password')
|| $this->session->exists('app_api')
|| $this->twoFactorManager->isTwoFactorAuthenticated($user)) {

Check notice

Code scanning / Psalm

PossiblyNullArgument Note

Argument 1 of OC\Authentication\TwoFactorAuth\Manager::isTwoFactorAuthenticated cannot be null, possibly null value provided
@bigcat88 bigcat88 changed the title AppAPI: allowed to bypass Two-Factor AppAPI: allow to bypass Two-Factor Dec 25, 2023
@AndyScherzinger AndyScherzinger requested review from sorbaugh and removed request for AndyScherzinger December 25, 2023 21:20
@bigcat88 bigcat88 added the bug label Dec 26, 2023
bigcat88 added a commit to nextcloud/app_api that referenced this pull request Dec 27, 2023
Copy link
Member

@ChristophWurst ChristophWurst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good but didn't test

Please squash your commits into one

@juliusknorr
Copy link
Member

juliusknorr commented Dec 28, 2023

CI failure seems related, please fix and squash in this PR

Time: 00:26.907, Memory: 193.03 MB

There was 1 failure:

1) Test\Authentication\TwoFactorAuth\ManagerTest::testNeedsSecondFactorSessionAuth
Expectation failed for method name is "get" when invoked 1 time(s)
Parameter 0 for invocation OCP\ISession::get('app_api') does not match expected value.
Failed asserting that two strings are equal.
--- Expected
+++ Actual
@@ @@
-'two_factor_auth_passed'
+'app_api'

/drone/src/lib/private/Authentication/TwoFactorAuth/Manager.php:322
/drone/src/tests/lib/Authentication/TwoFactorAuth/ManagerTest.php:640

--

@bigcat88 bigcat88 force-pushed the appapi-twofactor branch 2 times, most recently from ce4c53b to 489b816 Compare December 28, 2023 14:36
Signed-off-by: Alexander Piskun <bigcat88@icloud.com>
@bigcat88 bigcat88 merged commit cdc2723 into master Dec 29, 2023
50 checks passed
@bigcat88 bigcat88 deleted the appapi-twofactor branch December 29, 2023 08:29
@bigcat88
Copy link
Member Author

/backport to stable28

@bigcat88
Copy link
Member Author

/backport to stable27

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
3. to review Waiting for reviews bug
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants