Skip to content

Apppassword onetime #1913

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
tobiasKaminsky wants to merge 6 commits into
base: master
Choose a base branch
from
Open

Apppassword onetime #1913

tobiasKaminsky wants to merge 6 commits into from
+110 −0

Conversation

@tobiasKaminsky
Copy link
Member

@tobiasKaminsky tobiasKaminsky commented Dec 18, 2025

No description provided.

@github-actions
Copy link
Contributor

github-actions bot commented Dec 18, 2025

SpotBugs

CategoryBaseNew
Bad practice3434
Correctness3434
Dodgy code2626
Internationalization66
Malicious code vulnerability4949
Multithreaded correctness1111
Performance88
Total168168

@tobiasKaminsky
wip
546ee32 
Signed-off-by: tobiasKaminsky <tobias@kaminsky.me>
@tobiasKaminsky
wip
203625d 
Signed-off-by: tobiasKaminsky <tobias@kaminsky.me>
@github-actions
Copy link
Contributor

github-actions bot commented Jan 5, 2026

SpotBugs

CategoryBaseNew
Bad practice3434
Correctness3434
Dodgy code2626
Internationalization66
Malicious code vulnerability4949
Multithreaded correctness1111
Performance88
Total168168

@tobiasKaminsky
Rename .java to .kt
cd26272 
Signed-off-by: tobiasKaminsky <tobias@kaminsky.me>
@tobiasKaminsky
wip
ec9858c 
Signed-off-by: tobiasKaminsky <tobias@kaminsky.me>
@github-actions
Copy link
Contributor

github-actions bot commented Jan 5, 2026

SpotBugs

CategoryBaseNew
Bad practice3434
Correctness3434
Dodgy code2626
Internationalization66
Malicious code vulnerability4949
Multithreaded correctness1111
Performance88
Total168168

@tobiasKaminsky
test only on NC33+
dcad035 
Signed-off-by: tobiasKaminsky <tobias@kaminsky.me>
@github-actions
Copy link
Contributor

github-actions bot commented Jan 5, 2026

SpotBugs

CategoryBaseNew
Bad practice3434
Correctness3434
Dodgy code2626
Internationalization66
Malicious code vulnerability4949
Multithreaded correctness1111
Performance88
Total168168

@tobiasKaminsky
Test only on next version
fd8a174 
Signed-off-by: tobiasKaminsky <tobias@kaminsky.me>
@github-actions
Copy link
Contributor

github-actions bot commented Jan 7, 2026

SpotBugs

CategoryBaseNew
Bad practice3434
Correctness3434
Dodgy code2626
Internationalization66
Malicious code vulnerability4949
Multithreaded correctness1111
Performance88
Total168168

@nextcloud-android-bot
Copy link
Collaborator

nextcloud-android-bot commented Jan 7, 2026

stable-IT test failed: https://www.kaminsky.me/nc-dev/android-library-integrationTests/4823-IT-stable-09-43/debug/

@nextcloud-android-bot
Copy link
Collaborator

nextcloud-android-bot commented Jan 7, 2026

master-IT test failed: https://www.kaminsky.me/nc-dev/android-library-integrationTests/4823-IT-master-09-43/debug/

ZetaTom
ZetaTom reviewed Jan 8, 2026
View reviewed changes
Copy link
Contributor

@ZetaTom ZetaTom left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Works fine on my machine, except for the test case.

...ava/com/nextcloud/android/lib/resources/users/GenerateOneTimeAppPasswordRemoteOperationIT.kt
@Test
fun generateAppPassword() {
// only on NC34+
testOnlyOnServer(NextcloudVersion.nextcloud_34)
Copy link
Contributor

@ZetaTom ZetaTom Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Comment in GenerateOneTimeAppPasswordRemoteOperation.kt says that this feature is available from Nextcloud 33.

...ava/com/nextcloud/android/lib/resources/users/GenerateOneTimeAppPasswordRemoteOperationIT.kt
Copy link
Contributor

@ZetaTom ZetaTom Jan 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure if this test case would work as expected.

As far as I understand, GenerateOneTimeAppPasswordRemoteOperation should only return an app password when authenticated using a one time password. However, nextcloudClient doesn't use a one time password, but a regular authenticated login instead. This means that any call to GenerateOneTimeAppPasswordRemoteOperation will fail and subsequently cause this test case to also fail.

On my machine the remote operation always returns a 403 Forbidden.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ZetaTom ZetaTom ZetaTom left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@tobiasKaminsky @nextcloud-android-bot @ZetaTom