Skip to content

feat: Two Factor API#49443

Merged
SebastianKrupinski merged 1 commit intomasterfrom
feat/issue-994-two-factor-api
Jan 18, 2025
Merged

feat: Two Factor API#49443
SebastianKrupinski merged 1 commit intomasterfrom
feat/issue-994-two-factor-api

Conversation

@SebastianKrupinski
Copy link
Contributor

@SebastianKrupinski SebastianKrupinski commented Nov 23, 2024
edited
Loading

Ability to check/enable/disable configured 2FA with API endpoint

Request State

GET /twofactor/state?user=user1

Request Disable

POST /twofactor/disable

{
  "user": "user1",
  "providers": [
    "backup_codes",
    "totp"
  ]
}

Request Enable

POST /twofactor/enable

{
  "user": "user2",
  "providers": [
    "backup_codes",
    "totp"
  ]
}

@SebastianKrupinski SebastianKrupinski added the 2. developing Work in progress label Nov 23, 2024
@SebastianKrupinski SebastianKrupinski self-assigned this Nov 23, 2024
@SebastianKrupinski SebastianKrupinski marked this pull request as draft November 23, 2024 00:12
nickvergessen
nickvergessen reviewed Dec 2, 2024
View reviewed changes
nickvergessen
nickvergessen reviewed Dec 2, 2024
View reviewed changes
nickvergessen
nickvergessen previously requested changes Dec 15, 2024
View reviewed changes
@SebastianKrupinski SebastianKrupinski force-pushed the feat/issue-994-two-factor-api branch 2 times, most recently from c40f0c2 to 462afd8 Compare December 28, 2024 10:10
@SebastianKrupinski SebastianKrupinski marked this pull request as ready for review December 28, 2024 10:37
@provokateurin
Copy link
Member

provokateurin commented Dec 28, 2024

All the endpoints are only intended to be used by admins?
This PR lacks context that explains for what feature this is needed.

@SebastianKrupinski
Copy link
Contributor Author

SebastianKrupinski commented Dec 28, 2024

All the endpoints are only intended to be used by admins? This PR lacks context that explains for what feature this is needed.

Apologies, didn't realize I did not link the issue ticket. I've updated the description.

@SebastianKrupinski SebastianKrupinski force-pushed the feat/issue-994-two-factor-api branch from 462afd8 to 3e2659b Compare December 31, 2024 01:13
provokateurin
provokateurin approved these changes Jan 6, 2025
View reviewed changes
Copy link
Member

@provokateurin provokateurin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fine by me

ChristophWurst
ChristophWurst reviewed Jan 7, 2025
View reviewed changes
Copy link
Member

@ChristophWurst ChristophWurst left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good otherwise

core/Controller/TwoFactorApiController.php Outdated
*
* 200: user/provider states
*/
#[ApiRoute(verb: 'POST', url: '/state', root: '/twofactor')]
Copy link
Member

@ChristophWurst ChristophWurst Jan 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This should be a GET

Copy link
Contributor Author

@SebastianKrupinski SebastianKrupinski Jan 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey,

The reason this is a POST is because its pretty messy to send an array of user names in a GET url.

This command retrieves the states for specific users not just one user.

POST /twofactor/state

{
"users": ["admin", "user1", "user2"]
}

Copy link
Member

@provokateurin provokateurin Jan 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is possible using this syntax: ?user[]=a&user[]=b, but indeed very ugly. Not sure what is better here 😅

Copy link
Member

@ChristophWurst ChristophWurst Jan 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

GET is the right verb here. If the arguments make the URL ugly so be it.

As an alternative you could drop the bulk operation aspect. It's not a concept I've seen with any other Nextcloud APIs. If there is only one user, like with the occ command, the URL will become "pretty" again.

Copy link
Member

@provokateurin provokateurin Jan 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed, if there is no need to query multiple users at once then it is much better to only implement it for a single user.

Copy link
Contributor Author

@SebastianKrupinski SebastianKrupinski Jan 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well the idea behind the bulk operation was that an external system can check the state of 2fa on a 100+ accounts at the same time instead of doing 100 requests.

But if you insist on this being a GET then having this as an array makes it ugly. I'll change it.

ChristophWurst
ChristophWurst requested changes Jan 15, 2025
View reviewed changes
core/Controller/TwoFactorApiController.php Outdated
*
* 200: user/provider states
*/
#[ApiRoute(verb: 'POST', url: '/state', root: '/twofactor')]
Copy link
Member

@ChristophWurst ChristophWurst Jan 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

POST is still used here.

Copy link
Contributor Author

@SebastianKrupinski SebastianKrupinski Jan 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes, its because I didn't see you comments before asking for a review.

@SebastianKrupinski SebastianKrupinski force-pushed the feat/issue-994-two-factor-api branch from 3e2659b to 900130c Compare January 15, 2025 20:14
ChristophWurst
ChristophWurst approved these changes Jan 16, 2025
View reviewed changes
@SebastianKrupinski
feat: Two Factor API
332fa63 
Signed-off-by: SebastianKrupinski <[email protected]>
@SebastianKrupinski SebastianKrupinski force-pushed the feat/issue-994-two-factor-api branch from 68f0716 to 332fa63 Compare January 16, 2025 13:32
@SebastianKrupinski SebastianKrupinski merged commit 307f983 into master Jan 18, 2025
188 checks passed
@SebastianKrupinski SebastianKrupinski deleted the feat/issue-994-two-factor-api branch January 18, 2025 19:03
@Altahrim Altahrim mentioned this pull request Jan 21, 2025
Merged
@AndyScherzinger AndyScherzinger added this to the Nextcloud 31 milestone Jan 28, 2025
@AndyScherzinger AndyScherzinger removed the 2. developing Work in progress label Jan 28, 2025
@AndyScherzinger AndyScherzinger added enhancement 4. to release Ready to be released and/or waiting for tests to finish 🍀 2025-Spring labels Jan 28, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@provokateurin provokateurin provokateurin approved these changes

@ChristophWurst ChristophWurst ChristophWurst approved these changes

@nickvergessen nickvergessen Awaiting requested review from nickvergessen

Assignees

@SebastianKrupinski SebastianKrupinski

Labels

4. to release Ready to be released and/or waiting for tests to finish enhancement 🍀 2025-Spring

Projects

None yet

Milestone

Nextcloud 31

Development

Successfully merging this pull request may close these issues.

5 participants

@SebastianKrupinski @provokateurin @nickvergessen @ChristophWurst @AndyScherzinger