Skip to content

RFC: Support password-less public key token#32624

Closed
CarlSchwan wants to merge 1 commit intomasterfrom
feat/support-passwordless-token-setting
Closed

RFC: Support password-less public key token#32624
CarlSchwan wants to merge 1 commit intomasterfrom
feat/support-passwordless-token-setting

Conversation

@CarlSchwan
Copy link
Member

@CarlSchwan CarlSchwan commented May 27, 2022

The idea is that we would add a mode in which Nextcloud doesn't stores
encrypted user password in the database. This would be opt-in and
disable some Nextcloud features (e.g. external storages)

Todos:

  • Replace true condition with system config

Test plan:

  • Login in webui and desktop client
  • Apply this patch
  • User is still logged in in both webui and desktop client

@CarlSchwan
Support password-less public key token
287df4a 
The idea is that we would add a mode in which Nextcloud doesn't stores
encrypted user password in the database. This would be opt-in and
disable some Nextcloud features (e.g. external storages)

Todos:

- Replace true condition with system config

Test plan:

- Login in webui and desktop client
- Apply this patch
- User is still logged in in both webui and desktop client

Signed-off-by: Carl Schwan <carl@carlschwan.eu>
@CarlSchwan CarlSchwan added the 2. developing Work in progress label May 27, 2022
@CarlSchwan CarlSchwan requested a review from ChristophWurst May 27, 2022 09:58
@CarlSchwan CarlSchwan self-assigned this May 27, 2022
CarlSchwan
CarlSchwan commented May 27, 2022
View reviewed changes
lib/private/Authentication/Token/PublicKeyTokenProvider.php
$dbToken->setPublicKey($publicKey);
$dbToken->setPrivateKey($this->encrypt($privateKey, $token));
$dbToken->setPublicKey($publicKey);
$dbToken->setPrivateKey($this->encrypt($privateKey, $token));
Copy link
Member Author

@CarlSchwan CarlSchwan May 27, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TODO does it make sense to not store the private key and public anymore if we don't store the passwords?

Copy link
Member

@ChristophWurst ChristophWurst Jun 27, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

probably not

Copy link
Member

@ChristophWurst ChristophWurst Jun 29, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Relevant: #30894 #30895

@CarlSchwan CarlSchwan mentioned this pull request Jun 21, 2022
Closed
@CarlSchwan
Copy link
Member Author

CarlSchwan commented Aug 1, 2022

I merged another PR that does implement it

@CarlSchwan CarlSchwan closed this Aug 1, 2022
@come-nc
Copy link
Contributor

come-nc commented Dec 13, 2022

I merged another PR that does implement it

#33225

@ChristophWurst ChristophWurst deleted the feat/support-passwordless-token-setting branch December 13, 2022 15:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ChristophWurst ChristophWurst Awaiting requested review from ChristophWurst

Assignees

@CarlSchwan CarlSchwan

Labels

2. developing Work in progress

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@CarlSchwan @come-nc @ChristophWurst