-
-
Notifications
You must be signed in to change notification settings - Fork 4.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Force reset password #18914
Force reset password #18914
Conversation
Signed-off-by: Jonas <jonas.blaesche@uni-konstanz.de>
Signed-off-by: Jonas <jonas.blaesche@uni-konstanz.de>
da9edff
to
1536696
Compare
Welcome! |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for picking this up 👍
I'm sorry for all those remarks. Please wait for another review for a second opinion. I only know the authentication in general. Probably there are better ways than my suggestions (especially for the tokens).
$token = $this->config->getUserKeys($userId, 'login_token')[0]; | ||
$token = str_replace('/', 'A', $token); | ||
|
||
if($token === $token) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
😕
|
||
if($this->config->getUserValue($user, 'core', 'initial') === 'true') { | ||
$token = $this->config->getUserKeys($user, 'login_token')[0]; | ||
$token = str_replace('/', 'A', $token); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this about making the value a get parameter? If so please use urlencode
.
if($this->config->getUserValue($userId, 'core', 'initial') === 'true') | ||
|
||
$token = $this->config->getUserKeys($userId, 'login_token')[0]; | ||
$token = str_replace('/', 'A', $token); | ||
|
||
if($token === $token) { | ||
return true; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That change makes it possible to overtake any account if you know the userId and the user has not changed the password yet.
@@ -594,6 +598,9 @@ public function editUser(string $userId, string $key, string $value): DataRespon | |||
$this->accountManager->updateUser($targetUser, $userAccount); | |||
} | |||
break; | |||
case 'initial': |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please create a constant like AccountManager::PROPERTY_INITIAL
@@ -520,6 +523,7 @@ public function editUser(string $userId, string $key, string $value): DataRespon | |||
$permittedFields[] = AccountManager::PROPERTY_WEBSITE; | |||
$permittedFields[] = AccountManager::PROPERTY_TWITTER; | |||
$permittedFields[] = 'quota'; | |||
$permittedFields[] = 'initial'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you find something more specific? Perhaps forcePasswordReset
? initial
is very generic.
@@ -306,6 +306,13 @@ public function tryLogin(string $user, | |||
$result->getErrorMessage() | |||
); | |||
} | |||
|
|||
if($this->config->getUserValue($user, 'core', 'initial') === 'true') { | |||
$token = $this->config->getUserKeys($user, 'login_token')[0]; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK. The right way to do this:
Take the password reset token logic from NewUserMailHelper
. Perhaps we need to find a better way for this. A generatePasswordResetToken method. If the user login and initial
is set generate a password reset token and forward the user.
@@ -349,6 +349,9 @@ public function addUser(string $userid, | |||
'app' => 'ocs_api', | |||
]); | |||
} | |||
} else { | |||
//Password was provided by the admin |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Case 1: No password, No email = failure
Case 2: No password, Email given = username and password reset link is mailed to user
Case 3: Password given, Email given = username is mailed to user
Case 4: Password given, No email = password reset forced after login
At least that must be documented somewhere. I'm against any more magic here. I don't think the behaviour is guessable or intuitive even without this pr. We should explain what Nextcloud is actually are going to do and/or give the admin a change to pick the action.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Also Password given, No email is what I usually do for developing 🤣 Need to test something with a different user. Create user with password and no email, Login => Forced password reset 😠
I know that's unusual but this PR is a behavioural change. I'm sure there is someone out there happy with the current approach. People will complain about this change if there is no way to turn it off.
For example: A self-service for account creation. People are able to create a user account for Nextcloud with a internal tool. Password is only visible to user. With this change they have to reset their password again for a account just created seconds ago.
As there is no feedback since a while I will close this PR. If you are still willing to get this in, please address the potential comments and rebase to latest master. Then, feel free to re-open. |
hi @ein-giga-self |
Added a functionality that forces users to reset their password on first login, if the initial password was set by the admin