twofactor_email "works" if enabled with Nextcloud 30 [NOT A BUG]

[mmccarn]

twofactor_email (still) works for me in Nextcloud 30 after being enabled manually.

sudo -u www-data php /var/www/nextcloud/occ app:enable twofactor_email

As before, I can:

• Enter my username & password
• Request a two factor code by email
• Receive the code
• Complete the login

IMPORTANT

I am NOT claiming that the app provides provable security (which I think is why it is not certified with NC after v28), only that the flow works and allows logins.

[nursoda]

Actually, I expect twofactor_email to work unchanged (when manually enabled as "untested app") as long as there are no real big breaking changes in nextcloud server and its OCA / OCP frameworks. There are however some security concerns with these frameworks that have been addresses. Thus, a rebuild is necessary. That rebuild rendered several other security issues with development dependencies. I tried to fix them but was not able to. I thought that this is due to older framework components, so I had the app rebased on twofactor_totp as v3. Unfortunately, my dev did not finish the job so far as that I could release it. I tried to fix it myself which obviously wasn't a good idea since I failed after putting several days work in it. I had to do other stuff since then and so, that's the current status. I'm working on it and I got offered both financial support (to hire a dev) and a hand with development. I'll try to do it with the guys a asked beforehand first but will use these resources if we don't succeed. Thanks for such offers, greatly appreciated. Even more, I'd be honored if somebody would like to co-maintain.

But beware that neither Nextcloud nor this app will ever meet the criteria of 'provable security'. This is a formal thing. To do that on a highly asynchronous system as Nextcloud seems not viable to me.

[BluePixel4k]

I'm working on it and I got offered both financial support (to hire a dev) and a hand with development. I'll try to do it with the guys a asked beforehand first but will use these resources if we don't succeed.

@nursoda What is the current status? :)

[bcutter]

I'm working on it and I got offered both financial support (to hire a dev) and a hand with development. I'll try to do it with the guys a asked beforehand first but will use these resources if we don't succeed.

@nursoda What is the current status? :)

Copy that @nursoda ⚠️ It's been a while...

[SimJoSt]

In this comment of the issue to support newer versions of Nextcloud #376 (comment) it was mentioned, that development will continue in a new repository of a new organisation: https://github.com/datenschutz-individuell/twofactor_email
To track the development status for newer Nextcloud versions the following issue exists: datenschutz-individuell/twofactor_email#2